Data Analytics, Law, and Ethics

By Hernan L. Medina

With winds picking up along Florida’s coast, the forecast for a tropical storm was rapidly becoming more serious. That developing storm—soon to be known as Hurricane Hermine—was closely tracked by AIR Worldwide, a leading provider of predictive models, which issued an alert to insurers. Using its exposure database and hundreds of probability-weighted storm scenarios, AIR was able to provide information about exposures and anticipated property damages. In previous storms, early warnings and related information helped insurers plan how to deploy resources and handle storm claims more effectively. Just nine hours later, on September 2, 2016, Hurricane Hermine made landfall about 23 miles south of Tallahassee, Florida.

CData Analytics, Law and Ethics

There’s no question that insurers are increasingly using predictive models in their operations and rely on models to help plan for catastrophes. Insurers can also use models in pricing and rating policies to help derive rates that are not excessive and not unfairly discriminatory. And they’re using data and analytics to identify bodily injury claims that have the potential to become severe—and to ensure claimants get appropriate medical treatment to speed their recovery.

Do ethics matter?

As new models and sources of data are brought into insurance processes, it’s important to keep in mind applicable laws and regulations, as well as ethical principles and professional codes of conduct. Further, many insurance professionals belong to organizations that require codes of conduct for their members, such as the Chartered Property Casualty Underwriters (CPCU) Society, Casualty Actuarial Society (CAS), and National Association of Public Insurance Adjusters (NAPIA).

A framework can be useful for systematic consideration of issues related to law, regulation, ethics, and professional codes of conduct arising when data sources or predictive models are being considered. The components of such a framework involve:

  • examining characteristics of the new data source or model
  • reviewing the applicable code of professional conduct
  • consulting with a company’s compliance and law departments about applicable laws and regulations
  • consideration of ethical and legal implications from using a new source of data or predictive model
  • deciding what data elements or model features can be used, which may be used with some modification, and which would be preferable not to use
  • documenting, implementing, and monitoring

Although the items above are presented as a list, they aren’t necessarily sequential. Rather, they provide a framework of related considerations. In considering one item, a company would need also to factor information from other items. Lists of questions to explore for each of these items should follow. The first step in the process is to examine the new source of data or model. This consists of looking for the types of things that might cause concern for stakeholders—those who will use or be affected by the new data source or model. For example, legislators or regulators may be concerned about the impact of a new rating plan on citizens in their state or about rates that might provide different treatment solely based on sex or marital status, such as Montana statute MCA 49-2-309, which states: “It is an unlawful discriminatory practice…to discriminate solely on the basis of sex or marital status in the issuance or operation of any type of insurance policy….”

Key questions to ask

Other stakeholders may include company employees, agents, brokers, customers, regulators, consumer groups, and perhaps other groups. For example, underwriters might be concerned when an underwriting score is introduced. Will it be used as a replacement or as an aid to their professional judgment? Agents and brokers may be concerned as well. Will their long-term customers have high or low underwriting scores? What is the effect on customers? If the new model has a large impact on a large number of customers, it could result in complaints to regulators and involvement from consumer groups. It’s important to consider as many potential questions from as many stakeholders as possible. This should allow a company to be prepared to reply when questions arise.

Members of professional organizations such as the CPCU Society or the CAS can review an organization’s code of conduct to help understand ethical issues. Black’s Law Dictionary (fifth edition) defines ethics in this way: “Of or relating to moral action, conduct, motive or character; as, ethical emotion; also, treating of moral feelings, duties or conduct; containing precepts of morality; moral. Professionally right or befitting; conforming to professional standards of conduct.”

Sometimes there is more than one right course of action. For example, Canon 4 of the CPCU Code of Professional Conduct states that “insurance professionals should be diligent in the performance of their occupational duties and should continually strive to improve the functioning of the insurance mechanism.” Thus, to the extent that new data sources or predictive models can help reduce the risk of adverse selection, it’s a CPCU’s professional duty to seek to improve insurance operations. On the other hand, Canon 3 holds that “insurance professionals should obey all laws and regulations, and should avoid any conduct or activity that would cause unjust harm to others.” Thus, it’s also a CPCU’s professional duty to ensure the new data source or predictive model remains in compliance with applicable laws and regulations and not to “cause unjust harm to others.”

Letter of the law

This leads to another key item in the framework: a company’s compliance and law experts. Many companies, including ISO, have compliance, filings, government relations, or law departments. Employees and attorneys in such departments continually monitor bills and regulations introduced in state legislatures, state regulatory agencies, and the federal government for potential implications related to property/casualty insurance. Find out who are the experts on insurance law, regulation, and compliance within a company. Discuss with them the new data source or predictive model at a project’s start, and keep in touch with them throughout the project. They can advise about applicable laws and regulations. They also have regular contact with regulatory agencies and legislators and should have an understanding of related issues of concern.

Once a team has been advised of applicable laws and regulations, make sure everyone understands their implications. Are there any features of the new data source or predictive model that can’t be used? Are there any features that could be used with some modification? Beyond any legal obligations, are you in compliance with your company’s code of business conduct and ethics? If you belong to a professional organization, are you in compliance with its professional code of conduct?

After considering those issues, plans for using the new data source or predictive model may have changed. The next step is once again to check with the experts in a company’s compliance or law department to explain any modifications. Even if changes are few, it can be prudent to meet with them and discuss the issues.

Finally, it’s important to document all issues and decisions—along with the reasons for those decisions. As a new data source or predictive model rolls into production, questions may arise from regulators or other stakeholders. Having good documentation will make it easier to answer those questions. Add to the documentation any questions received and their corresponding answers. Often, regulators from different states ask similar questions. Being able to refer quickly to an answer provided for another regulator can save valuable time.


Adam Wesson

Hernan L. Medina, CPCU, is senior principal data scientist at ISO Solutions, a Verisk Analytics (Nasdaq:VRSK) business.