Last month, the New York State Department of Financial Services (the “DFS” or “Department”) became the first US regulator to impose specific, substantive requirements on the use of “unconventional sources or types of external data” in financial services. The new requirements are set forth in Insurance Circular Letter No. 1 (2019) (the “Circular Letter ”),1 a guidance document that applies to “insurers authorized to write life insurance in New York.”

The Circular Letter tackles two frequently cited concerns regarding the use of external data2 in financial services—the risk of unlawful discrimination and a lack of data transparency. Although many government publications3 have raised potential concerns about these issues, the Circular Letter stands out in two key respects. First, it uses unusually strong language to warn insurers about the “significant potential negative impact” that external data use may have on “the availability and affordability of life insurance for protected classes.” Furthermore, in addition to describing concerns about unlawful discrimination and data transparency, the Circular Letter imposes specific requirements governing how insurers must mitigate these risks. Although the financial services industry often desires clear compliance guidance from its regulators, in this case, some may find the guidance to be too explicit and challenging to satisfy.

The Circular Letter applies only to life insurers operating in New York. However, since New York is the second largest life insurance market in the United States, this will encompass a lot of companies. Moreover, given widespread concerns over the use of large, frequently unregulated data sets in financial services, the Circular Letter may pave the way for similar guidance from other regulators. A more detailed discussion follows.


In response to reports about the use of unconventional sources or types of external data in insurance underwriting, the DFS conducted an investigation into New York life insurers’ underwriting guidelines and practices. This investigation revealed that external data used by New York life insurers includes geographical data (e.g., community-level mortality, addiction and smoking data), homeownership data, credit information, education attainment, licensures, and court data. The Department’s investigation also revealed models and algorithms that “purport to make predictions” about consumer health based on factors that are not intuitively connected to health, including retail purchase history; social media, internet and mobile device usage; and how the consumer appears in photographs.

The investigation prompted the DFS to flag two principle issues. First, the DFS is concerned that insurers may lack a sufficient rationale for using these data to underwrite life insurance and that doing so may violate applicable anti-discrimination law.4 Second, the DFS indicated that the use of external data “is often accompanied by a lack of transparency for consumers.”

Despite concerns about unlawful discrimination and a lack of transparency, the DFS acknowledges the potential benefits of using external data for underwriting insurance. The Circular Letter notes that innovation and technology can help improve access to financial services and that, in the insurance industry, using external data can simplify and speed up the underwriting process and may help insurers price life insurance more accurately. In light of these potential benefits, the Circular Letter does not prohibit the use of external data in insurance underwriting but rather advises insurers on how they should manage some of the related risks.

Guidance for Avoiding Unlawful Discrimination

To address concerns about potential unlawful discrimination, the Circular Letter sets forth two guiding principles for New York insurers that use external data in underwriting.

First, insurers using external data must independently confirm that the sources of such data do not “collect or utilize prohibited criteria.” The Circular Letter stresses that insurers may not use a vendor’s claim of non-discrimination or the proprietary nature of a third-party process to justify failing to independently determine compliance with anti-discrimination laws. This requirement will create practical challenges for both life insurers and external data providers. Among other things, independently verifying the absence of prohibited criteria will require insurers to evaluate (or retain third-party service providers to evaluate) very large volumes of data. This will likely involve significant time and expense. Furthermore, to facilitate compliance with the Circular Letter, external data providers will need to give third parties access to proprietary information. It’s possible that some companies will opt out of doing business in New York to avoid having to make their trade secrets so widely available.

Second, insurers should not use external data unless they can establish that it is not “unfairly discriminatory” in violation of applicable law. To do this, the Circular Letter says that an insurer must consider whether:

  1. The use of the external data is supported by generally accepted actuarial principles, or actual or reasonably anticipated experience; and
  2. There is a valid explanation or rationale for how and why the external data differentiates mortality risk.

In other words, insurers using external data should be confident that the use of the data is demonstrably predictive of mortality risk and that they can explain how and why this is the case. The Circular Letter emphasizes that the second part of the inquiry “is particularly important where there is no demonstrable causal link between the [external data] and increased mortality” and the use of the external data has a disparate impact on protected classes. This appears to mean that when external data is not intuitively related to increased mortality risk,5 and disproportionately disfavors protected classes, the insurer needs to be able to explain why the use of the data is justified.

The Circular Letter also states that external data that “purport to predict health status based on a single or limited number of unconventional criteria also raise significant concerns . . . .” This statement suggests that life insurance underwriting based on a small number of unusual or counterintuitive factors is likely to attract scrutiny.


The Circular Letter explains that the New York Insurance Law requires insurers to notify consumers of their right to receive the “specific reason or reasons for a declination, rate differential, or other adverse underwriting decision.”6 According to the Circular Letter, if an insurer uses external data to underwrite insurance, the reason(s) provided to the consumer for any adverse action “must include details about all information” underlying the decision, including the specific source of the information.7 Satisfying this requirement may present a significant challenge when an insurer underwrites using complex algorithms and large volumes of external data.

Finally, the Circular Letter states that an insurer “may not rely on the proprietary nature of a third-party vendor’s algorithmic processes to justify the lack of specificity related to an adverse underwriting action.” In other words, as is the case with an insurer’s obligation to ensure that external data does not include prohibited criteria, the DFS’s position is that insurers are directly liable for failures to adequately disclose the reasons for adverse actions, even when the reasons are based on third-party data or analytics.


The DFS’s two focal points—unlawful discrimination and transparency—are familiar themes for institutions that use external data and artificial intelligence in consumer-facing decision-making. However, the Circular Letter presents the most pointed guidance issued to date for addressing these issues. Compliance questions and practical challenges are sure to arise as institutions seek to implement the Circular Letter’s requirements.

1 The Circular Letter is available here.

2 The Circular Letter defines “external data” as “any data or information sources not directly related to the medical condition of the applicant that is used – in whole or in part – to supplement traditional medical underwriting, as a proxy for traditional medical underwriting, or to establish ‘lifestyle indicators’ that may contribute to an underwriting assessment of an applicant for life insurance coverage.” The Circular Letter uses the terms “external data,” “external data sources,” “external tools or data sources,” “external data sources, algorithms or predictive models” and “underwriting ratings or guidelines that are derived, in whole or in part, from external data sources.” For ease of reference, we refer to these collectively as “external data.”

3 See, e.g., GAO, “Agencies Should Provide Clarification on Lenders’ Use of Alternative Data” (Dec. 2018); FDIC, “On the Rise of the FinTechs—Credit Scoring using Digital Footprints” (Sept. 2018); GAO, “Additional Steps by Regulators Could Better Protect Consumers and Aid Regulatory Oversight” (March 2018); Fed. Reserve Sys., “Keeping Fintech Fair: Thinking About Fair Lending and UDAP Risks” (Dec. 2017); CFPB, “Request for Information Regarding Use of Alternative Data and Modeling Techniques in the Credit Process” (Feb. 2017); OCC, Fed. Reserve Sys., FDIC, “Community Reinvestment Act; Interagency Questions and Answers Regarding Community Reinvestment; Guidance,” 81 Fed. Reg. 48506 (July 2016); FTC, “Big Data: A Tool for Inclusion or Exclusion?” (Jan. 2016); Exec. Office of the President, “Big Data: Seizing Opportunities, Preserving Values” (May 2014).

4 The Circular Letter states that the New York Insurance Law, Executive Law and General Business Law, as well as the “federal Civil Rights Act,” prohibit using “race, color, creed, national origin, status as a victim of domestic violence, past lawful travel in any manner,” sexual orientation or inclusion in any other protected class in underwriting. Under New York Insurance Law, insurers also cannot make coverage decisions solely on the basis of disability, impairment or disease, except as permitted by law or regulation. Even when permitted, such decisions must also be based on sound actuarial principles or actual or reasonably anticipated experience.

5 For instance, it may not be immediately clear how a consumer’s retail purchases or social media use relates to the consumer’s expected mortality.

6 The Circular Letter states that this would include the “inability of an applicant to use an expedited, accelerated, or algorithmic underwriting process in lieu of a traditional medical underwriting.”

7 The Circular Letter also says that failure to disclose the “material elements” of an accelerated or algorithmic underwriting process and the related external data may be an unfair trade practice under Article 24 of the New York Insurance Law.