The mission of the Innovation, Cybersecurity, and Technology (H) Committee is to: 1) provide a forum for state insurance regulators to learn and have discussions regarding: cybersecurity, innovation, data security and privacy protections, and emerging technology issues; 2) monitor developments in these areas that affect the state insurance regulatory framework; 3) maintain an understanding of evolving practices and use of innovation technologies by insurers and producers in respective lines of business; 4) coordinate NAIC efforts regarding innovation, cybersecurity and privacy, and technology across other committees; and 5) make recommendations and develop regulatory, statutory or guidance updates, as appropriate.
2023 Adopted Charges
- The Innovation, Cybersecurity, and Technology (H) Committee will:
- Provide forums, resources, and materials for the discussion of insurance sector developments in cybersecurity and data privacy to educate state insurance regulators on how these developments affect consumer protection, insurer and producer oversight, marketplace dynamics, and the state-based insurance regulatory framework.
- Discuss emerging issues related to cybersecurity, including cybersecurity event reporting and consumer data privacy protections. Monitor and advise on the cybersecurity insurance market, including rating, underwriting, claims, product development, and loss control. Report on the cyber insurance market, including data reported within the Cybersecurity Insurance and Identity Theft Coverage Supplement.
- Coordinate with various subject matter expert (SME) groups on insurer and producer internal cybersecurity. Discuss emerging developments; best practices for risk management, internal control, and governance; and how state insurance regulators can best address industry cyber risks and challenges. Work with the Center for Insurance Policy and Research (CIPR) to analyze cybersecurity-related information from various data sources.
- Provide forums, resources, and materials for the discussion of innovation and technology developments in the insurance sector, including the collection and use of data by insurers, producers, and state insurance regulators, as well as new products, services, and distribution platforms. Educate state insurance regulators on how these developments affect consumer protection, data privacy, insurer and producer oversight, marketplace dynamics, and the state-based insurance regulatory framework.
- Discuss emerging technologies and innovations related to insurance and insurers, producers, state insurance regulators, licensees, or vendors, as well as the potential implications of these technologies for the state-based insurance regulatory structure—including reviewing new products and technologies affecting the insurance sector and their associated regulatory implications.
- Consider and coordinate the development of regulatory guidance and examination standards related to innovation, cybersecurity, data privacy, the use of big data and artificial intelligence (AI) including machine learning (ML) in the business of insurance, and technology, including drafting and revising model laws, white papers, and other recommendations as appropriate. Consider best practices related to cybersecurity event tracking and coordination among state insurance regulators, and produce guidance related to regulatory response to cybersecurity events to promote consistent response efforts across state insurance departments.
- Track the implementation of and issues related to all model laws pertaining to innovation, technology, data privacy, and cybersecurity, including the Insurance Data Security Model Law (#668), the NAIC Insurance Information and Privacy Protection Model Act (#670), the Privacy of Consumer Financial and Health Information Regulation (#672), and the Unfair Trade Practices Act (#880) rebating language and providing assistance to state insurance regulators as needed.
- Coordinate with other NAIC committees and task forces, as appropriate, and evaluate and recommend certifications, continuing education (CE), and training for regulatory staff related to technology, innovation, cybersecurity, and data privacy.
- Follow the work of federal, state, and international governmental bodies to avoid conflicting standards and practices.
- The Big Data and Artificial Intelligence (H) Working Group will:
- Research the use of big data and AI including ML in the business of insurance, and evaluate existing regulatory frameworks for overseeing and monitoring their use. Present findings and recommendations to the Innovation, Cybersecurity, and Technology (H) Committee including potential recommendations for development of model governance for the use of big data and AI including ML for the insurance industry.
- Review current audit and certification programs and/or frameworks that could be used to oversee insurers’ use of consumer and non-insurance data and models using intelligent algorithms including AI and in alignment with the NAIC AI Principles. If appropriate, issue recommendations and coordinate with the appropriate SME committees on the development of or modifications to model laws, regulations, handbooks, and regulatory guidance regarding data analysis, marketing, rating, underwriting and claims, regulation of data and model vendors, regulatory reporting requirements, and consumer disclosure requirements.
- Assess data and regulatory tools needed for state insurance regulators to appropriately monitor the marketplace, and evaluate the use of big data, algorithms, and ML, including AI/ML in underwriting, rating, claims, and marketing practices This assessment shall include a review of currently available data and tools, as well as recommendations for development of additional data and tools, as appropriate. Based on this assessment, propose a means to include these tools in existing and/or new regulatory oversight and monitoring processes to promote consistent oversight and monitoring efforts across state insurance departments.
- The Cybersecurity (H) Working Group will:
- Monitor cybersecurity trends such as vulnerabilities, risk management, governance practices, and breaches with the potential to affect the insurance industry.
- Interact with and support state insurance departments responding to insurance industry cybersecurity events.
- Promote communication across state insurance departments regarding cybersecurity risks and events.
- Oversee the development of a regulatory cybersecurity response guidance document to assist state insurance regulators in the investigation of insurance cyber events.
- Monitor federal and international activities on cybersecurity engaging on efforts to manage and evaluate cybersecurity risk.
- Coordinate NAIC committee cybersecurity work, including cybersecurity guidance developed by the Market Conduct Examination Guidelines (D) Working Group and the Information Technology (IT) Examination (E) Working Group.
- Advise on the development of cybersecurity training for state insurance regulators.
- Work with the CIPR to receive updates on cybersecurity research efforts, by the CIPR and others, and to analyze publicly available cybersecurity-related information.
- Support the states with implementation efforts related to the adoption of Model #668.
- The E-Commerce (H) Working Group will:
- Examine e-commerce laws and regulations and work toward meaningful, unified recommendations. The Working Group will also examine whether a model bulletin would be appropriate for addressing some of the identified issues and draft a proposed bulletin if determined appropriate.
- The Innovation in Technology and Regulation (H) Working Group will:
- Develop forums, resources, and materials for discussing innovation and technology regarding companies, producers, state insurance regulators, and licensees relevant to the state-based insurance regulatory structure, including new products, services, business models, and distribution mechanisms.
- In conjunction with NAIC staff, explore developing a forum that provides insurers or third parties working with insurers the opportunity to confidentially brief state insurance regulators regarding innovation and technology applications, tests, use cases, and results.
- Identify and discuss regulatory models or programs that may assist state insurance regulators to identify and better understand innovation taking place within the insurance industry.
- Monitor innovation work occurring in other NAIC letter committees, task forces, and working groups, and identify areas of possible coordination for the Innovation, Cybersecurity, and Technology (H) Committee.
- The Privacy Protections (H) Working Group will:
- Use state insurance privacy protections regarding the collection, data ownership and use rights, and disclosure of information gathered in connection with insurance transactions to draft a new Privacy Protections Model Act to replace NAIC models, such as Model #670 and Model #672.
- Develop a research paper on state insurance privacy protections regarding the collection, data ownership and use rights, and disclosure of information gathered in connection with insurance transactions that states can use to support their implementation efforts related to the adoption of the new Privacy Protections Model Act (#674).
Innovation, Cybersecurity, and Technology (H) Committee
Friday, December 01, 2023
2:00 PM - 3:30 PM ET
Bonnet Creek IV-XII - Level 1 - Bonnet Creek