Innovation Cybersecurity and Technology (H) Committee

The mission of the Innovation, Cybersecurity, and Technology (H) Committee is to: 1) provide a forum for state insurance regulators to learn and have discussions regarding: cybersecurity, innovation, data security and privacy protections, and emerging technology issues; 2) monitor developments in these areas that affect the state insurance regulatory framework; 3) maintain an understanding of evolving practices and use of innovation technologies by insurers and producers in respective lines of business; 4) coordinate NAIC efforts regarding innovation, cybersecurity and privacy, and technology across other committees; and 5) make recommendations and develop regulatory, statutory or guidance updates, as appropriate.

InsurTech, Innovation & Technology Contacts

Collaboration Forum Resource Center

2023 Adopted Charges

The Innovation, Cybersecurity, and Technology (H) Committee will:
1. Provide forums, resources, and materials for the discussion of insurance sector developments in cybersecurity and data privacy to educate state insurance regulators on how these developments affect consumer protection, insurer and producer oversight, marketplace dynamics, and the state-based insurance regulatory framework.
2. Discuss emerging issues related to cybersecurity, including cybersecurity event reporting and consumer data privacy protections. Monitor and advise on the cybersecurity insurance market, including rating, underwriting, claims, product development, and loss control. Report on the cyber insurance market, including data reported within the Cybersecurity Insurance and Identity Theft Coverage Supplement.
3. Coordinate with various subject matter expert (SME) groups on insurer and producer internal cybersecurity. Discuss emerging developments; best practices for risk management, internal control, and governance; and how state insurance regulators can best address industry cyber risks and challenges. Work with the Center for Insurance Policy and Research (CIPR) to analyze cybersecurity-related information from various data sources.
4. Provide forums, resources, and materials for the discussion of innovation and technology developments in the insurance sector, including the collection and use of data by insurers, producers, and state insurance regulators, as well as new products, services, and distribution platforms. Educate state insurance regulators on how these developments affect consumer protection, data privacy, insurer and producer oversight, marketplace dynamics, and the state-based insurance regulatory framework.
5. Discuss emerging technologies and innovations related to insurance and insurers, producers, state insurance regulators, licensees, or vendors, as well as the potential implications of these technologies for the state-based insurance regulatory structure—including reviewing new products and technologies affecting the insurance sector and their associated regulatory implications.
6. Consider and coordinate the development of regulatory guidance and examination standards related to innovation, cybersecurity, data privacy, the use of big data and artificial intelligence (AI) including machine learning (ML) in the business of insurance, and technology, including drafting and revising model laws, white papers, and other recommendations as appropriate. Consider best practices related to cybersecurity event tracking and coordination among state insurance regulators, and produce guidance related to regulatory response to cybersecurity events to promote consistent response efforts across state insurance departments.
7. Track the implementation of and issues related to all model laws pertaining to innovation, technology, data privacy, and cybersecurity, including the Insurance Data Security Model Law (#668), the NAIC Insurance Information and Privacy Protection Model Act (#670), the Privacy of Consumer Financial and Health Information Regulation (#672), and the Unfair Trade Practices Act (#880) rebating language and providing assistance to state insurance regulators as needed.
8. Coordinate with other NAIC committees and task forces, as appropriate, and evaluate and recommend certifications, continuing education (CE), and training for regulatory staff related to technology, innovation, cybersecurity, and data privacy.
9. Follow the work of federal, state, and international governmental bodies to avoid conflicting standards and practices.
The Big Data and Artificial Intelligence (H) Working Group will:
1. Research the use of big data and AI including ML in the business of insurance, and evaluate existing regulatory frameworks for overseeing and monitoring their use. Present findings and recommendations to the Innovation, Cybersecurity, and Technology (H) Committee including potential recommendations for development of model governance for the use of big data and AI including ML for the insurance industry.
2. Review current audit and certification programs and/or frameworks that could be used to oversee insurers’ use of consumer and non-insurance data and models using intelligent algorithms including AI and in alignment with the NAIC AI Principles. If appropriate, issue recommendations and coordinate with the appropriate SME committees on the development of or modifications to model laws, regulations, handbooks, and regulatory guidance regarding data analysis, marketing, rating, underwriting and claims, regulation of data and model vendors, regulatory reporting requirements, and consumer disclosure requirements.
3. Assess data and regulatory tools needed for state insurance regulators to appropriately monitor the marketplace, and evaluate the use of big data, algorithms, and ML, including AI/ML in underwriting, rating, claims, and marketing practices This assessment shall include a review of currently available data and tools, as well as recommendations for development of additional data and tools, as appropriate. Based on this assessment, propose a means to include these tools in existing and/or new regulatory oversight and monitoring processes to promote consistent oversight and monitoring efforts across state insurance departments.
The Cybersecurity (H) Working Group will:
1. Monitor cybersecurity trends such as vulnerabilities, risk management, governance practices, and breaches with the potential to affect the insurance industry.
2. Interact with and support state insurance departments responding to insurance industry cybersecurity events.
3. Promote communication across state insurance departments regarding cybersecurity risks and events.
4. Oversee the development of a regulatory cybersecurity response guidance document to assist state insurance regulators in the investigation of insurance cyber events.
5. Monitor federal and international activities on cybersecurity engaging on efforts to manage and evaluate cybersecurity risk.
6. Coordinate NAIC committee cybersecurity work, including cybersecurity guidance developed by the Market Conduct Examination Guidelines (D) Working Group and the Information Technology (IT) Examination (E) Working Group.
7. Advise on the development of cybersecurity training for state insurance regulators.
8. Work with the CIPR to receive updates on cybersecurity research efforts, by the CIPR and others, and to analyze publicly available cybersecurity-related information.
9. Support the states with implementation efforts related to the adoption of Model #668.
The E-Commerce (H) Working Group will:
1. Examine e-commerce laws and regulations and work toward meaningful, unified recommendations. The Working Group will also examine whether a model bulletin would be appropriate for addressing some of the identified issues and draft a proposed bulletin if determined appropriate.
The Innovation in Technology and Regulation (H) Working Group will:
1. Develop forums, resources, and materials for discussing innovation and technology regarding companies, producers, state insurance regulators, and licensees relevant to the state-based insurance regulatory structure, including new products, services, business models, and distribution mechanisms.
2. In conjunction with NAIC staff, explore developing a forum that provides insurers or third parties working with insurers the opportunity to confidentially brief state insurance regulators regarding innovation and technology applications, tests, use cases, and results.
3. Identify and discuss regulatory models or programs that may assist state insurance regulators to identify and better understand innovation taking place within the insurance industry.
4. Monitor innovation work occurring in other NAIC letter committees, task forces, and working groups, and identify areas of possible coordination for the Innovation, Cybersecurity, and Technology (H) Committee.
The Privacy Protections (H) Working Group will:
1. Use state insurance privacy protections regarding the collection, data ownership and use rights, and disclosure of information gathered in connection with insurance transactions to draft a new Privacy Protections Model Act to replace NAIC models, such as Model #670 and Model #672.
2. Develop a research paper on state insurance privacy protections regarding the collection, data ownership and use rights, and disclosure of information gathered in connection with insurance transactions that states can use to support their implementation efforts related to the adoption of the new Privacy Protections Model Act (#674).

Calendar

Innovation, Cybersecurity, and Technology (H) Committee
Sunday, August 13, 2023
2:00 PM - 3:30 PM PT

Ballroom 1 - Level 5 - Seattle Convention Center

Agenda 8/2/23

Summary 8/14/23

Minutes

See all Current Exposure Drafts

H Cmte Structure and Charge Revisions

______________________________________________________________________________________________________

Exposure Draft of the Model Bulletin on the Use of Algorithms, Predictive Models, and Artificial Intelligence Systems by Insurers 7/17/2023

Written comments will be accepted through Tuesday, September 5, 2023 and should be summited to Miguel Romero (maromero@naic.org).

In addition, the H Committee will hear comments from in-person attendees during the meeting of the Committee at the NAIC’s Summer National Meeting on Sunday, August 13, 2023 at 2:00 p.m. PT. Persons who wish to comment in person are requested to notify Miguel Romero (maromero@naic.org) by Wednesday, August 9 at 5:00 p.m. ET of their desire to speak and their affiliation, in order to properly allocate time among speakers. If time permits, individuals who did not provide prior notice of their desire to comment will be invited to do so when all other speakers have concluded their remarks.

Related NAIC Publications

Minutes for recent national meetings are available for meeting attendees via an event app within 10 days after a meeting concludes. On the NAIC.org website, free access to meeting minutes is available 30 days after a meeting concludes. They are posted to the interactive agenda for each meeting tab on the meetings page. The Proceedings of the NAIC are made available after the minutes are adopted at each subsequent meeting and may be accessed via the NAIC Publications page.

Contacts

Media Inquiries
(816) 783-8909
news@naic.org

Miguel Romero
Director, P&C Regulatory Services
816-783-8479

Scott Morris
Chief Technology Officer
816-783-8073

Please see the current Committee List for a complete list of committee members.

Insurance Departments

Search NAIC

Recommended

Contacts