Industry Sector | Insurance |
Impacted Business Function | Model Risk Management |
Key Stakeholder Group | Enterprise Data Governance, Risk Management |
Companies today need to ensure compliance as new state-level regulatory rules come into effect. Mishandling customer data under privacy regulations can lead to multi-million-dollar penalties. Regulatory compliance isn’t optional; it exposes the organization to legal penalties, financial loss, operational risk, and reputational damage. Data Governance makes this exercise repeatable, auditable, and defensible. The Colorado Division of Insurance (CDI) mandated ECDIS compliance for life insurers with regulations that became effective in November 2023.
Insurance companies are required to comply with the Colorado regulation known as ECDIS. This regulation establishes the governance and risk management requirements for life insurers that use external consumer data and information sources (ECDIS), as well as algorithms and predictive models that use ECDIS. This regulation shall apply to all life insurers authorized to do business in the state of Colorado.
The regulation required documenting up-to-date inventory, including version control, of all utilized ECDIS, as well as algorithms and predictive models that use ECDIS, including a detailed description of each ECDIS, algorithm, and predictive model, their clearly stated purpose(s), and the outputs generated through their use.
We initially had a requirement to stage Risk Models in a centralized metadata platform. At first, the goal was straightforward. Create an inventory of all risk models and identify their responsible stewards. However, when we were also asked to capture the datasets consumed by these models, I realized this was more than just documenting model assets. This pointed to a deeper need for understanding how everything connects. Every model was supposed to be traced to its consuming data source and its corresponding datasets with an appropriate data dictionary and glossary.
Data Governance is frequently limited to documenting and ingesting metadata. In this use case, the purpose of housing the metadata is realized only where the metadata enables concrete actions toward meeting regulatory requirements.
A centralized platform must handle metadata, versioning, model lineage, and reporting. Scalability for future models, business lines, and regulatory requirements is key. Without clear maintenance processes, the inventory quickly becomes outdated.
Setting up centralized Model Risk Management requires coordination across Risk, Finance, IT, Analytics, and Business Units. Defining model owners, validators, and approvers is critical but can be politically sensitive, requiring clear roles, transparent communication, and leadership support to ensure accountability.
Capturing the traceability of data sources, datasets, and fields for any model is inherently challenging.. This makes it difficult to document accurate data lineage, which is critical for complying with regulatory policies such as ECDIS. ECDIS, algorithms and predictive models that use ECDIS are designed,
developed, used, and monitored in a manner that achieves effective oversight and management.
The challenge lies in accurately identifying supplementary data fields that support underlying factors or other insurance practices. These may include customer lifestyle indicators such as credit scores, locations, and purchasing habits. The goal is to pinpoint ECDIS-relevant data fields and flag the associated models and algorithms within the central repository.
Developing the operating model for a centralized repository of algorithms and models was a critical deliverable. A deep understanding of ECDIS regulations and applicable policies was essential. While the Risk Management team maintained the inventory, they lacked visibility into provisioning data details, including datasets and individual data fields. The core requirement was to establish accurate traceability from each model to its data sources and corresponding data dictionaries, including lineage back to the original source, particularly for third-party data. Integrating all these components into a single metadata platform was the primary objective and key deliverable.
1. Centralized Model Inventory
Establishing a consolidated model inventory that includes each model’s provisioning data sources, mapped data fields, computational logic, and the associated dictionaries and glossaries is vital for clear understanding and traceability of models and their datasets. The key priority was to link external third-party data sources to the model consumption points, ensuring clear traceability and visibility in support of ECDIS requirements.
2. System Integration
Mapping accurate fields across two systems was important for seamless integration. API Batch based Integration provided near-real-time data synchronization between two systems. The strategy included scheduling periodic reviews in ensuring the system integration remains aligned with evolving business and regulatory requirements. Maintaining the model inventory and its required metadata became effortless for operational and ownership teams.
3. Capturing ECDIS Data Fields
All data fields from the provisioning datasets needed to be identified and assessed for their relevance to ECDIS information requirements. These fields could originate from the insurer, third-party providers, or other related data and information sources. Once the data fields were enumerated and classified, they were reviewed by model owners and data managers to ensure accuracy and completeness. After identifying the ECDIS-indicative data fields, the classification was applied to the corresponding datasets and their consuming models. This approach ensures that any ECDIS-flagged models or datasets can be easily discovered, traced, and audited for compliance and regulatory reporting. This was only possible by focusing on essential regulatory requirements for accurately capturing ECDIS data fields.
4. Traceability
The designed solution provided a simplified and intuitive user experience for tracing customer-related ECDIS fields across the data lineage. This includes end-to-end linkage from models to consuming datasets, datasets to data dictionary elements, and ultimately to ECDIS fields. To enhance visibility, integrations with third-party datasets are also established. This was possible only with the mindset of pursuing simplicity and effortless action.
This traceability framework supported audit requirements by enabling clear lineage of customer data. It allowed each model to explicitly indicate whether the underlying customer data originated from internal systems (e.g., used in underwriting) or sourced from external third-party vendors.
|
|
A fully integrated system synchronizing the metadata platform and Risk Management model inventory. Best Practice: Standardize metadata and model definitions across all systems before integration. | A controlled, transparent, and auditable change management process that ensures consistent ECDIS compliance, reduces operational risk, and builds stakeholder confidence.. |
A comprehensive data lineage framework captures the relationships between models, their data sources, associated data dictionaries, and ECDIS-identified data fields. Best Practice: Map model dependencies to data sources and document the lineage clearly. | Flag ECDIS-relevant data fields and link them to consuming models. This centralized framework enables end-to-end traceability, auditability, and regulatory compliance. |
