Skip to main content
Featured Topics
Featured Insights
View All Services
View All Industries
About Us Overview
    • Home
    • Insights
    • US NAIC Fall 2024 National Meeting Highlights: Innovation, Cybersecurity, and Technology (H) Committee
      December 16, 2024

      US NAIC Fall 2024 National Meeting Highlights: Innovation, Cybersecurity, and Technology (H) Committee

      Authors:
      Generate PDF
      Share

      On November 19, 2024, the Innovation, Cybersecurity, and Technology (H) Committee (“H Committee”) met at the Fall 2024 US National Meeting of the National Association of Insurance Commissioners (“NAIC”), chaired by Kevin Gaffney, Commissioner of the Vermont Department of Financial Regulation. The following are highlights from the meeting.

      Task Force and Working Group Reports

      After adopting its Summer National Meeting minutes, the H Committee noted that it had received written reports1 on the recent activities of its downstream groups, including the Big Data and Artificial Intelligence (H) Working Group; the Privacy Protections (H) Working Group; and the Cybersecurity (H) Working Group.

      Additionally, the H Committee received presentations on the proposed Data Call Study Group as well as from the Privacy Protections (H) Working Group and the Cybersecurity (H) Working Group on their recent activities. The presentations noted the following:

      Data Call Study Group: Jon Godfread, Commissioner of the North Dakota Insurance Department, explained that the proposed Data Call Study Group (the “DCSG”) is intended to address a need for enhanced data to help governors, legislators and regulators to make more informed public policy decisions, as well as the related need for a national standard for data to help parties communicate about data consistently. He noted that, in 2025, the DCSG will review the three primary NAIC data collection systems from 2024, in order to identify challenges insurers face with data calls—those three systems are the Financial Data Repository, the Market Conduct Annual Statement, and regulatory data collections. Godfread said the goals of the DCSG include: (i) to improve the existing process for data calls; (ii) to establish and use consistent data definitions; (iii) to establish a standard data filing deadline; (iv) to minimize the need for ad hoc data calls; and (v) to coordinate as much as possible with other states when ad hoc data calls are needed. Modernizing the data call collection process, he explained, will permit significant cost savings for regulators and industry and permit enhanced regulatory oversight.

      Godfread described how the work of the DCSG would be completed in several phases:

      • In Phase 1A, regulators and NAIC staff will inventory data definitions and data collected and stored by the NAIC.
      • In Phase 1B, industry representatives will be invited to present to the DCSG to assist in shaping data filing rules. Before commencing Phase 2, the DCSG will identify the best committee structure for next steps, potentially reallocating responsibility for Phase 2 to a different NAIC body.
      • In Phase 2, regulators will engineer solutions based on the findings of Phase 1, and will train and support regulators and industry players on the framework that is to come.
      • In Phase 3, regulators will establish a data governance framework to address the process for keeping data—and the new system—current, conduct ongoing reviews of the new system, and regularly solicit and address feedback from stakeholders.

      Godfread requested volunteer regulators to assist with inventorying data definitions and establishing new definitions following their gap assessment, and reiterated that, after the draft list of definitions from the gap assessment is developed, representatives from industry will be invited to help finalize that list.

      Godfread then invited questions and comments. In response, an NAIC-funded consumer representative acknowledged that “definitions are important,” but urged the H Committee “not to continue years of study and education and definitions,” and instead to “take action.”

      Privacy Protections (H) Working Group: Elizabeth Kelleher Dwyer, Director of the Rhode Island Department of Business Regulation, reported that the Privacy Protections (H) Working Group (the “Privacy Working Group”) met on November 17. During that meeting, the Privacy Working Group approved a requested extension of time to revise the NAIC Privacy of Consumer Financial and Health Information Regulation (#672) (“Model #672”), and requested comments on Article III of the Chair Draft Amendments to Model #672, which were due November 25.2

      Following Ms. Dwyer’s presentation, the H Committee adopted a motion to extend the deadline for completion of Model #672 until December 31, 2025.

      Cybersecurity (H) Working Group: Cindy Amann, NAIC Executive Liaison at the Missouri Department of Commerce and Insurance, reported that the Cybersecurity (H) Working Group (the “Cybersecurity Working Group”) met several times in 2024 to discuss development of a cybersecurity event response notice portal that would allow regulators to centrally receive cybersecurity event responses that regulated entities submit in response to an event, and on November 18 adopted a motion to authorize the CWG to work with NAIC staff to explore creation of the portal. Read more about the Cybersecurity Working Group’s discussions at the Fall 2024 National Meeting.

      Following the presentations, the H Committee adopted the reports of the Big Data and Artificial Intelligence (H) Working Group, the Privacy Working Group, and the Cybersecurity Working Group.

      Adoption of 2025 Charges

      The H Committee adopted its 2025 proposed charges. Before adoption, Commissioner Gaffney highlighted some key modifications to the charges, intended to shift greater focus and resources to advancing AI discussions. These changes include disbanding the Technology, Innovation, and InsurTech (H) Working Group and the E-Commerce (H) Working Group.

      AI Presentations

      The H Committee also heard two presentations regarding responsible use of AI and AI governance and regulatory tools, which are described in further detail below.

      • Use of Artificial Intelligence to Mitigate Wildfire Risk: Kate Stillwell, co-founder of FireBreak Risk, discussed how FireBreak Risk uses an AI engine to convert photos and videos (taken by policyholders of their homes) into data on property attributes, such as whether a home has been “hardened” to reduce its vulnerability to wildfire, which data insurers can then use to assess and mitigate risk. Stillwell noted that she expects the technology could eventually be used in connection with other types of risk as well, such as flood and wind.
      • Presentation from InsurTech Coalition Members on Responsible Use of AI: The H Committee also received a presentation from the InsurTech Coalition, which supports public policy that enables innovation, including fostering an environment in which innovation can thrive responsibly.
        • First, Jennifer Crutchfield, Deputy General Counsel at Clearcover, discussed her company’s AI applications, including a “claims representative copilot” generative AI program, which assists claims representatives by providing summaries of claims, answering specific questions about claims, and drafting correspondence to claimants. Crutchfield also described her company’s “Digital Statement Collection Bot” which automates some information-gathering. Crutchfield explained that Clearcover informs consumers about the AI-based nature of the collection bot and gives consumers the choice to opt in or out.
        • Second, Scott Fischer, General Counsel at Lemonade, gave a presentation on Lemonade’s AI model governance framework and its alignment with the NAIC Model Bulletin on the Use of Artificial Intelligence Systems by Insurers (the “Model Bulletin”), adopted December 2023. Although highly prescriptive regulations had existed guiding insurers on their use of models, including with respect to setting and filing rates, Lemonade determined that—given the features and complexity of AI models—having an internal governance system in place specifically for AI models would help adhere to key principles, such as ensuring that similar risks and claims would be treated similarly. He explained that Lemonade established (i) a “responsibility committee” making high-level decisions with respect to AI models; (ii) a “working group” handling day-to-day issues; and (iii) to operationalize their governance, a checklist of questions which Lemonade requires its scientists to consider and explain before deploying a model, culminating with a “model card” analogous to a “nutrition label” for each AI model; i.e., a standardized, written explanation of an AI model, understandable to non-specialists.

      To view additional updates from the US NAIC Fall 2024 National Meeting, visit our meeting highlights page.

       

      1These reports appear as Attachments One, Two and Three to the H Committee meeting minutes, beginning on page 7.
      2The public comments received by the Privacy Working Group are available online.

      Authors

      Related Content

      Stay Up To Date With Our Insights

      See how we use a multidisciplinary, integrated approach to meet our clients' needs.
      Subscribe

      Follow us

      © 2025 Mayer Brown

       

       

      Mayer Brown is a global legal services provider comprising associated legal practices that are separate entities, including Mayer Brown LLP (Illinois, USA), Mayer Brown International LLP (England & Wales), Mayer Brown Hong Kong LLP (a Hong Kong limited liability partnership) and Tauil & Chequer Advogados (a Brazilian law partnership) (collectively, the “Mayer Brown Practices”). The Mayer Brown Practices are established in various jurisdictions and may be a legal person or a partnership. PK Wong & Nair LLC (“PKWN”) is the constituent Singapore law practice of our licensed joint law venture in Singapore, Mayer Brown PK Wong & Nair Pte. Ltd. Mayer Brown Hong Kong LLP operates in temporary association with Johnson Stokes & Master (“JSM”). More information about the individual Mayer Brown Practices, PKWN and the association between Mayer Brown Hong Kong LLP and JSM (including how information may be shared) can be found in the Legal Notices section of our website.

      “Mayer Brown” and the Mayer Brown logo are trademarks of Mayer Brown.

      Attorney Advertising. Prior results do not guarantee a similar outcome.