Skip to main content
Innovation, Cybersecurity, and Technology (H) Committee

Mission

The mission of the Innovation, Cybersecurity, and Technology (H) Committee is to: 1)  provide a forum for state insurance regulators to learn and have discussions regarding: cybersecurity, innovation, data security and privacy protections, and emerging technology issues; 2) monitor developments in these areas that affect the state insurance regulatory framework; 3) maintain an understanding of evolving practices and use of innovation technologies by insurers and producers in respective lines of business; 4) coordinate NAIC efforts regarding innovation, cybersecurity and privacy, and technology across other committees; and 5) make recommendations and develop regulatory, statutory or guidance updates, as appropriate.

InsurTech, Innovation & Technology Contacts

2022 Adopted Charges

  1. The Innovation, Cybersecurity, and Technology (H) Committee will:
    1. Provide forums, resources, and materials for the discussion of insurance sector developments in cybersecurity and data privacy to educate state insurance regulators on how these developments affect consumer protection, insurer and producer oversight, marketplace dynamics, and the state-based insurance regulatory framework.
    2. Discuss emerging issues related to cybersecurity, including cybersecurity event reporting, and consumer data privacy protections. Monitor and advise on the cybersecurity insurance market, including rating, underwriting, claims, product development, and loss control. Report on the cyber insurance market, including data reported within the Cybersecurity Insurance and Identity Theft Coverage Supplement.
    3. Coordinate with various subject matter expert (SME) groups on insurer and producer internal cybersecurity. Discuss emerging developments; best practices for risk management, internal control, and governance; and how state insurance regulators can best address industry cyber risks and challenges. Work with the Center for Insurance Policy and Research (CIPR) to analyze cybersecurity related information from various data sources.
    4. Provide forums, resources, and materials for the discussion of innovation and technology developments in the insurance sector, including the collection and use of data by insurers, producers, and state insurance regulators; as well as new products, services, and distribution platforms. Educate state insurance regulators on how these developments affect consumer protection, data privacy, insurer and producer oversight, marketplace dynamics, and the state-based insurance regulatory framework.
    5. Discuss emerging technologies and innovations related to insurance; and insurers, producers, state insurance regulators, licensees, or vendors; and the potential implications of these technologies for the state-based insurance regulatory structure—including reviewing new products and technologies affecting the insurance sector, and associated regulatory implications.
    6. Consider and coordinate the development of regulatory guidance and examination standards related to innovation, cybersecurity, data privacy, the use of big data and artificial intelligence (AI) including machine learning (ML) in the business of insurance, and technology, including drafting and revising model laws, white papers, and other recommendations as appropriate. Consider best practices related to cybersecurity event tracking and coordination among state insurance regulators, and produce guidance related to regulatory response to cybersecurity events to promote consistent response efforts across state insurance departments.
    7. Track the implementation of and issues related to all model laws pertaining to innovation, technology, data privacy, and cybersecurity including the Insurance Data Security Model Law (#668), the NAIC Insurance Information and Privacy and Privacy Protection Model Act (#670), the Privacy of Consumer Financial and Health Information Regulation (#672), and the Unfair Trade Practices Act (#880) rebating language and providing assistance to state insurance regulators as needed.
    8. Coordinate with other NAIC committees and task forces, as appropriate, and evaluate and recommend certifications, continuing education, and training for regulatory staff related to technology, innovation, cybersecurity, and data privacy.
    9. Follow the work of federal, state, and international governmental bodies to avoid conflicting standards and practices.
  2. The Big Data and Artificial Intelligence (H) Working Group will:
    1. Research the use of big data and artificial intelligence (AI) including machine learning (ML) in the business of insurance and evaluate existing regulatory frameworks for overseeing and monitoring their use. Present findings and recommendations to the Innovation, Cybersecurity, and Technology (H) Committee including potential recommendations for the development of model governance for the use of big data and AI including ML for the insurance industry.
    2. Review current audit and certification programs and/or frameworks that could be used to oversee insurers’ use of consumer and non-insurance data, and models using intelligent algorithms, including AI. If appropriate, issue recommendations and coordinate with the appropriate subject matter expert (SME) committees on the development of or modifications to model laws, regulations, handbooks, and regulatory guidance, regarding data analysis, marketing, rating, underwriting and claims, regulation of data vendors and brokers, regulatory reporting requirements, and consumer disclosure requirements.
    3. Assess data and regulatory tools needed for state insurance regulators to appropriately monitor the marketplace, and evaluate the use of big data, algorithms, and machine learning, including AI/ML in underwriting, rating, claims and marketing practices. This assessment shall include a review of currently available data and tools, as well as recommendations for development of additional data and tools, as appropriate. Based on this assessment, propose a means to include these tools in existing and/or new regulatory oversight and monitoring processes to promote consistent oversight and monitoring efforts across state insurance departments.
  3. The Speed to Market (H) Working Group will:
    1. Consider proposed System for Electronic Rates and Forms Filing (SERFF) features or functionality presented to the Working Group by the SERFF Advisory Board (SAB), likely originating from the SERFF Product Steering Committee (PSC). Upon approval and acquisition of any needed funding, direct the SAB to implement the project. Receive periodic reports from the SAB, as needed.
    2. Provide feedback and recommendations concerning the SERFF modernization when requested by the Executive (EX) Committee and any group assigned oversight of the SERFF modernization by the Executive (EX) Committee.
    3. Discuss and oversee the implementation and ongoing maintenance/enhancement of speed to market operational efficiencies related to product filing needs, efficiencies, and effective consumer protection. This includes the following activities:
      1. Provide a forum to gather information from the states and the industry regarding tools, policies, and resolutions to assist with common filing issues. Provide oversight in evaluating product filing efficiency issues for state insurance regulators and the industry, particularly regarding uniformity.
      2. Use SERFF data to develop, refine, implement, collect, and distribute common filing metrics that provide a tool to measure the success of the speed to market modernization efforts, as measured by nationwide and individual state speed to market compliance, with an emphasis on monitoring state regulatory and insurer responsibilities for speed to market for insurance products.
      3. Facilitate proposed changes to the product coding matrices (PCMs) and the uniform transmittal document (UTD) on an annual basis, including the review, approval, and notification of changes. Monitor, assist with and report on state implementation of any PCM changes.
      4. Facilitate the review and revision of the Product Filing Review Handbook, which contains an overview of all the operational efficiency tools and describes best practices for industry filers and state reviewers regarding the rate and form filing and review process. Develop and implement a communication plan to inform the states about the Product Filing Review Handbook.
    4. Provide direction to NAIC staff regarding SERFF functionality, implementation, development, and enhancements. Direct NAIC staff to provide individual state speed to market reports to each commissioner at each national meeting. Receive periodic reports from NAIC staff, as needed.
    5. Conduct the following activities, as desired, by the Interstate Insurance Product Regulation Commission (Compact):
      1. Provide support to the Compact as the speed to market vehicle for asset-based insurance products, encouraging the states’ participation in, and the industry’s usage of, the Compact.
      2. Receive periodic reports from the Compact, as needed.
  4. The E-Commerce (H) Working Group will:
    1. Examine e-commerce laws and regulations; survey states regarding federal Uniform Electronic Transactions Act (UETA) exceptions; and work toward meaningful, unified recommendations. The Working Group will also examine whether a model bulletin would be appropriate for addressing some of the identified issues and draft a proposed bulletin if determined appropriate.
  5. The Cybersecurity (H) Working Group will:
    1. Monitor cybersecurity trends such as vulnerabilities, risk management, governance practices and breaches with the potential to affect the insurance industry.
    2. Interact with and support state insurance departments responding to insurance industry cybersecurity events.
    3. Promote communication across state insurance departments regarding cybersecurity risks and events.
    4. Oversee the development of a regulatory cybersecurity response guidance document to assist state insurance regulators in the investigation of insurance cyber events.
    5. Coordinate NAIC committee cybersecurity work including cybersecurity guidance developed by the Market Conduct Examination Guidelines (D) Working Group and the Information Technology Examination (E) Working Group.
    6. Advise on the development of cybersecurity training for state insurance regulators.
    7. Work with the Center for Insurance Policy and Research (CIPR) to analyze publicly available cybersecurity related information.
    8. Support the states with implementation efforts related to the adoption of Insurance Data Security Model Law (#668).
    9. Engage with federal and international supervisors and agencies on efforts to manage and evaluate cybersecurity risk.

There are no call materials at this time.

Related NAIC Publications

Contacts

Media Inquiries
(816) 783-8909
news@naic.org


Scott Morris
Chief Technology Officer
Phone: 816-783-8073

Denise Matthews
Director, Property & Casualty Regulatory Services
Phone: 816-783-8007

Please see the current Committee List for a complete list of committee members.