Florida Administrative Code
69 - DEPARTMENT OF FINANCIAL SERVICES
69O - OIR - Insurance Regulation
Chapter 69O-137 - INSURER REPORTING REQUIREMENTS
Section 69O-137.002 - Annual Audited Financial Reports
Universal Citation: FL Admin Code R 69O-137.002
Current through Reg. 50, No. 187; September 24, 2024
(1) The purpose of this rule is to improve the Office's surveillance of the financial condition of insurers by requiring an annual audit of financial statements reporting the financial position and the results of operations of insurers by:
(a)
Independent certified public accountants;
(b) Communication of Internal Control Related
Matters Noted in an audit; and,
(c)
Management's Report of Internal Control over Financial Reporting.
(2)
(a) Every authorized insurer, as defined in
subsection (3), below, shall be subject to this rule. Insurers having direct
premiums written in this state of less than $1,000,000 in any calendar year and
fewer than 1,000 policyholders or certificate holders of direct written
policies nationwide at the end of the calendar year shall be exempt from this
rule for the year (unless the Office makes a specific finding that compliance
is necessary for the Office to carry out statutory responsibilities), except
that insurers having assumed premiums pursuant to contracts and/or treaties of
reinsurance of $1,000,000 or more will not be so exempt. Any insurer subject to
an exemption must submit by March 1 following the year to which the exemption
applies an affidavit sworn to by a responsible officer of the insurer
specifying the amount of direct premiums written in this state and number of
policyholders or certificate holders. Form OIR-DO-1431, (Rev. 7/01), "Audited
Financial Statements Exemption Affidavit," is hereby incorporated by reference
to be the form specified in Section
624.424(8)(b),
F.S., for exemptions from compliance with the filing of an annual audited
financial statement. Forms are available at
http://www.floir.com/iportal .
(b) Foreign or alien insurers filing Audited
Financial Reports in another state, pursuant to that state's requirement for
filing of Audited Financial Reports which has been found by the Office to be
substantially similar to the requirements herein, may, in lieu of the other
requirements herein, be exempt from subsections (4) through (13) of this rule
if:
1. A copy of the Audited Financial Report,
Communications of Internal Control Related Matters Noted in an Audit, and the
Accountant's Letter of Qualifications which are filed with the other state are
made available to the Office upon request in accordance with the filing dates
specified in subsections (4), (11) and (12), respectively (Canadian insurers
may submit accountants' reports as filed with the Office of the Superintendent
of Financial Institutions, Canada); and,
2. A copy of any Notification of Adverse
Financial Condition Report filed with the other state are made available to the
Office upon request within the time specified in subsection (10).
(c) This rule shall not prohibit,
preclude, or in any way limit the Office from ordering and/or conducting and/or
performing examinations of insurers under its rules.
(3) Definitions.
(a) "Accountant" and "Independent Certified
Public Accountant" means an independent Certified Public Accountant or
accounting firm in good standing with the American Institute of Certified
Public Accountants (AICPA) and in all states in which he or she is licensed to
practice. For Canadian and British companies, it means a Canadian-chartered or
British-chartered accountant.
(b)
"Affiliate" of, or person "affiliated" with, a specific person, is a person
that directly or indirectly through one or more intermediaries, controls, or is
controlled by, or is under common control with, the person specified.
(c) "Audit committee" means a committee (or
equivalent body) established by the board of directors of an entity for the
purpose of overseeing the accounting and financial reporting processes of an
insurer or Group of insurers, the Internal audit function of an insurer or
Group of insurers (if applicable), and external audits of financial statements
of the insurer or Group of insurers. The Audit committee of any entity that
controls a Group of insurers may be deemed to be the Audit committee for one or
more of these controlled insurers solely for the purposes of this regulation at
the election of the controlling person. Refer to paragraph (14)(e), for
exercising this election. If an Audit committee is not designated by the
insurer, the insurer's entire board of directors shall constitute the Audit
committee.
(d) "Audited Financial
Report" means and includes those items specified in subsection (5),
below.
(e) "Indemnification" means
an agreement of indemnity or a release from liability where the intent or
effect is to shift or limit in any manner the potential liability of the person
or firm for failure to adhere to applicable auditing or professional standards,
whether or not resulting in part from knowing of other misrepresentations made
by the insurer or its representatives.
(f) "Independent board member" has the same
meaning as described in paragraph (14)(c).
(g) "Insurer" means an authorized insurer as
defined in Section 624.09, F.S.
(h) "Group of insurers" means those licensed
insurers included in the reporting requirements of Chapter 628, Part IV, F.S.
or a set of insurers as identified by management, for the purpose of assessing
the effectiveness of internal control over financial reporting.
(i) "Internal audit function" means a person
or persons that provide independent, objective, and reasonable assurance
designed to add value and improve an organization's operations and accomplish
its objectives by bringing a systematic, disciplined approach to evaluate and
improve the effectiveness of risk management, control, and governance
processes.
(j) "Internal control
over financial reporting" means a process effected by an entity's board of
directors, management and other personnel designed to provide reasonable
assurance regarding the reliability of the financial statements, i.e., those
items specified in subparagraphs (5)(b)2. through 7. of this regulation, and
includes those policies and procedures that:
1. Pertain to the maintenance of records
that, in reasonable detail, accurately and fairly reflects the transactions and
dispositions of assets,
2. Provide
reasonable assurance that transactions are recorded as necessary to permit
preparation of the financial statements, i.e., those items specified in
subparagraphs (5)(b)2. through 7. of this regulation, and that receipts and
expenditures are being made only in accordance with authorizations of
management and directors; and,
3.
Provide reasonable assurance regarding prevention or timely detection of
unauthorized acquisition, use or disposition of assets that could have a
material effect on the financial statements, i.e., those items specified in
subparagraphs (5)(b)2. through 7. of this regulation.
(k) "Office" means the Office of Insurance
Regulation.
(l) "SEC" means the
United States Securities and Exchange Commission.
(m) "Section 404" means Section 404 of the
Sarbanes-Oxley Act of 2002 and the SEC's rules and regulations promulgated
thereunder.
(n) "Section 404
Report" means management's report on "internal control over financial
reporting" as defined by the SEC and the related attestation report of the
independent certified public accountant as described in paragraph
(3)(a).
(o) "SOX Compliant Entity"
means an entity that either is required to be compliant with, or voluntarily is
compliant with, all of the following provisions of the Sarbanes-Oxley Act of
2002:
(i) the preapproval requirements of
Section 201 (Section 10A(i) of the Securities Exchange Act of 1934);
(ii) the Audit committee independence
requirements of Section 301 (Section 10A(m)(3) of the Securities Exchange Act
of 1934); and
(iii) the Internal
control over financial reporting requirements of Section 404 (Item 308 of SEC
Regulation S-K).
(p)
"Section 16 Report" means a Management's Report of Internal Control over
Financial Reporting provided in subsection (17) of this rule.
(4) General Requirements Related to Filing and Extensions for Filing of Annual Audited Financial Report and Audit Committee Appointment.
(a) All insurers
shall have an annual audit by an independent Certified Public Accountant and
shall file an Audited Financial Report with the Office on or before June 1 for
the year ended December 31 immediately preceding. The Office may require an
insurer to file an Audited Financial Report earlier than June 1 with ninety
(90) days advance notice to the insurer.
(b) Every insurer required to file an annual
Audited Financial Report pursuant to this regulation shall designate a group of
individuals as constituting its Audit committee, as defined in subsection (3).
The Audit committee of an entity that controls an insurer may be deemed to be
the insurer's Audit committee for purposes of this regulation at the election
of the controlling person.
(5) Contents of Annual Audited Financial Report.
(a) The Annual Audited Financial
Report shall report the financial position of the insurer as of the end of the
most recent calendar year and the results of its operations, cash flows, and
changes in capital and surplus for the year then ended in conformity with
statutory accounting practices prescribed, or otherwise permitted, by the state
of domicile.
(b) The Annual Audited
Financial Report shall include the following:
1. Report of independent Certified Public
Accountant.
2. Balance sheet
reporting admitted assets, liabilities, capital and surplus.
3. Statement of operations.
4. Statement of cash flows.
5. Statement of changes in capital and
surplus.
6. Notes to financial
statements. These notes shall be those required by the appropriate NAIC Annual
Statement Instructions (incorporated by reference in subsection
69O-137.001(4),
F.A.C.) and the NAIC Accounting Practices and Procedures
Manual (incorporated by reference in subsection
69O-137.001(4),
F.A.C.) and any other notes required by generally accepted accounting
principles and shall also include reconciliation of differences, if any,
between the audited statutory financial statements and the Annual Statement
filed pursuant to Section
624.424(1),
F.S., with a written description of the nature of these differences.
7. The financial statements included in the
Audited Financial Report shall be prepared in a form and using language and
groupings substantially the same as the relevant sections of the Annual
Statement of the insurer filed with the Office, and the financial statement
shall be comparative, presenting the amounts as of December 31 of the current
year and the amounts as of the immediately preceding December 31. However, in
the first year in which an insurer is required to file an Audited Financial
Report, the comparative data may be omitted.
(6) Designation of Independent Certified Public Accountant.
(a) Each insurer required
by this rule to file an annual Audited Financial Report must, by December 31 of
the year subject to audit, register with the Office in writing the name and
address of the independent Certified Public Accountant or accounting firm
retained to conduct the annual audit set forth in this rule.
(b) The insurer shall obtain a letter from
the accountant, and file a copy with the Office, stating that the accountant is
aware of the provisions of the Insurance Code and the Rules and Regulations of
the state of domicile that relate to accounting and financial matters, and
affirming that the accountant will express his or her opinion on the financial
statements in terms of their conformity to the statutory accounting practices
prescribed or otherwise permitted by that Insurance Department, specifying the
exceptions as he or she may believe appropriate.
(c) If an accountant who was the accountant
for the immediately preceding filed Audited Financial Report is dismissed or
resigns, the insurer shall within five (5) business days notify the Office of
this event. The insurer shall also furnish the Office with a separate letter
within ten (10) business days of the above notification stating whether in the
twenty-four (24) months preceding that event there were any disagreements with
the former accountant on any matter of accounting principles or practices,
financial statement disclosure, or auditing scope or procedure; which
disagreements, if not resolved to the satisfaction of the former accountant,
would have caused him or her to make reference to the subject matter of the
disagreement in connection with his or her opinion. The disagreements required
to be reported in response to this paragraph include both those resolved to the
former accountant's satisfaction and those not resolved to the former
accountant's satisfaction. Disagreements contemplated by this subsection are
those that occur at the decision-making level, i.e., between personnel of the
insurer responsible for presentation of its financial statements and personnel
of the accounting firm responsible for rendering its report. The insurer shall
also in writing request the former accountant to furnish a letter addressed to
the insurer stating whether the accountant agrees with the statements contained
in the insurer's letter, and if not, stating the reasons for which he or she
does not agree; and the insurer shall furnish the responsive letter from the
former accountant to the Office together with its own.
(7) Qualifications of Independent Certified Public Accountant.
(a) The Office shall not
recognize any person or firm as a qualified independent Certified Public
Accountant if the person or firm:
1. Is not in
good standing with the American Institute of Certified Public Accountants
(AICPA) and in all states in which the accountant is licensed to practice, or
for a Canadian or British company, that is not a chartered
accountant;
2. Has not completed 4
hours of insurance related continuing education as required by Section
624.424(8)(d),
F.S.; or
3. Has either directly or
indirectly entered into an agreement of indemnity or release from liability
(collectively referred to as indemnification) with respect to
the audit of the insurer.
(b) Except as otherwise provided in this
rule, the Office shall recognize an independent Certified Public Accountant as
qualified as long as he or she prepares reports, filings, and statements as
required by the Florida Insurance Code, and conforms to the standards of his or
her profession as contained in the Rules and Regulations and Code of Ethics and
Rules of Professional Conduct of the Florida Board of Public Accountancy, or
similar code.
(c)
1. The lead (or coordinating) audit partner
(having primary responsibility for the audit) may not act in that capacity for
more than five (5) consecutive years. The person shall be disqualified from
acting in that or a similar capacity for the same company or its insurance
subsidiaries or affiliates for a period of five (5) consecutive years. An
insurer may make application to the Office for relief from the above rotation
requirement based on an unusual hardship to the insurer and a determination by
the Office that the accountant is exercising independent judgement that is not
unduly influenced by the insurer. This application should be made at least
thirty (30) days before the end of the calendar year. The Office shall consider
the following factors in determining if the relief should be granted:
a. Number of partners, expertise of the
partners, or the number of insurance clients in the currently registered
firm;
b. Premium volume of the
insurer; and,
c. Number of
jurisdictions in which the insurer transacts business.
2. The insurer shall file, with its annual
statement filing, the approval for relief from paragraph (7)(c), with the
states that it is licensed in or doing business in and with the NAIC. If the
nondomestic state accepts electronic filing with the NAIC, the insurer shall
file the approval in an electronic form acceptable to the NAIC.
(d) The Office shall neither
recognize as a qualified independent Certified Public Accountant, nor accept an
annual Audited Financial Report prepared in whole or in part by any natural
person who:
1. Has been found guilty of, or
has pleaded guilty or nolo contendere to, any felony or crime punishable by
imprisonment of one year or more under the law of the United States or any
state thereof or under the law of any other country, which involves moral
turpitude, without regard to whether a judgement of conviction has been entered
by the court having jurisdiction in such case;
2. Has been found to have violated the
insurance laws of this state with respect to any previous reports submitted
under this rule; or
3. Has failed
to detect or disclose material information in previous reports filed under the
provisions of this rule.
(e) In accordance with the provisions of
Sections 624.307 and
624.324, F.S., and in its own
rules of departmental practice, the Office shall conduct a hearing to determine
whether an independent Certified Public Accountant is qualified if Office
records do not contain sufficient information to demonstrate that the Certified
Public Accountant is qualified. Considering the evidence presented, the Office
shall conclude that the accountant is not qualified for purposes of expressing
his or her opinion on the financial statements in the annual Audited Financial
Report made pursuant to this rule, if the accountant fails to meet the
qualifications and other requirements of this rule. If the accountant is found
to be not qualified, the Office shall require the insurer to replace the
accountant with another whose relationship with the insurer is qualified within
the meaning of this rule. Upon determination by the Office that the accountant
is not qualified to express an opinion on the financial statements in the
annual Audited Financial Report made pursuant to this rule the insurer may
request a hearing pursuant to Section
120.57, F.S.
(f) A qualified independent certified
accountant may enter into an agreement with an insurer to have disputes
relating to an audit resolved by mediation or arbitration. However, in the
event of a delinquency proceeding commenced against the insurer under Chapter
631, F.S., the mediation or arbitration provisions shall operate at the option
of the statutory successor.
(g)
1. The Office shall not recognize as a
qualified independent certified public accountant, nor accept an annual Audited
Financial Report, prepared in whole or in part by an accountant who provides to
an insurer, contemporaneously with the audit, the following non-audit services:
a. Bookkeeping or other services related to
the accounting records or financial statements of the insurer;
b. Financial information systems design and
implementation;
c. Appraisal or
valuation services, fairness opinions, or contribution in-kind
reports;
d. Actuarially-oriented
advisory services involving the determination of amounts recorded in the
financial statements. The accountant may assist an insurer in understanding the
methods, assumptions and inputs used in the determination of amounts recorded
in the financial statement only if it is reasonable to conclude that the
services provided will not be subject to audit procedures during an audit of
the insurer's financial statements. An accountant's actuary may also issue an
actuarial opinion or certification ("opinion") on an insurer's reserves if the
following conditions have been met:
(I)
Neither the accountant nor the accountant's actuary has performed any
management functions or made any management decisions;
(II) The insurer has competent personnel (or
engages a third party actuary) to estimate the reserves for which management
takes responsibility; and,
(III)
The accountant's actuary tests the reasonableness of the reserves after the
insurer's management has determined the amount of the reserves;
e. Internal audit outsourcing
services;
f. Management functions
or human resources;
g. Broker or
dealer, investment adviser, or investment banking services; or
h. Legal services or expert services
unrelated to the audit.
2. In general, the principles of independence
with respect to services provided by the qualified independent certified public
accountant are largely predicated on three basic principles, violations of
which would impair the accountant's independence. The principles are that the
accountant cannot function in the role of management, cannot audit his own
work, and cannot serve in an advocacy role for the insurer.
(h) Insurers having direct written
and assumed premiums of less than $100,000,000 in any calendar year may request
an exemption from subparagraph (g)1. The insurer shall file with the Office a
written statement discussing the reasons why the insurer should be exempt from
these provisions. If the Office finds, upon review of this statement, that
compliance with this regulation would constitute an undue financial or
organizational hardship upon the insurer, an exemption shall be
granted.
(i) A qualified
independent certified public accountant who performs the audit may engage in
other non-audit services, including tax services that are not described in
subparagraph (g)1., or that do not conflict with subparagraph (g)2., only if
the activity is approved in advance by the Audit committee, in accordance with
paragraph (j).
(j) All auditing
services and non-audit services provided to an insurer by the qualified
independent certified public accountant of the insurer shall be preapproved by
the Audit committee. The preapproval requirement is waived with respect to
non-audit services if the insurer is a SOX Compliant Entity or a direct or
indirect wholly-owned subsidiary of a SOX Compliant Entity or:
1. The aggregate amount of all such non-audit
services provided to the insurer constitutes not more than five percent (5%) of
the total amount of fees paid by the insurer to its qualified independent
certified public accountant during the fiscal year in which the non-audit
services are provided;
2. The
services were not recognized by the insurer at the time of the engagement to be
non-audit services; and,
3. The
services are promptly brought to the attention of the Audit committee of the
insurer and approved prior to the completion of the audit by the Audit
committee or by one or more members of the Audit committee who are the members
of the board of directors to whom authority to grant such approvals has been
delegated by the Audit committee.
(k) The Audit committee may delegate to one
or more designated members of the Audit committee the authority to grant the
preapprovals required by paragraph (l). The decisions of any member to whom
this authority is delegated shall be presented to the full Audit committee at
each of its scheduled meetings.
(l)
1. The Office shall not recognize an
independent certified public accountant as qualified for a particular insurer
if a member of the board, president, chief executive officer, controller, chief
financial officer, chief accounting officer, or any person serving in an
equivalent position for that insurer, was employed by the independent certified
public accountant and participated in the audit of that insurer during the
one-year period preceding the date that the most current statutory opinion is
due. This subsection shall only apply to partners and senior managers involved
in the audit.
2. The insurer shall
file, with its annual statement filing, the approval for relief from
subparagraph (l)1., with the states that it is licensed in or doing business in
and the NAIC. If the nondomestic state accepts electronic filing with the NAIC,
the insurer shall file the approval in an electronic format acceptable to the
NAIC.
(8) Consolidated or Combined Audits.
(a) An
insurer may make written application to the Office for approval to file audited
consolidated or combined financial statements in lieu of separate annual
audited financial statements if the insurer is part of a group of insurance
companies which utilizes a pooling or one hundred percent reinsurance agreement
that affects the solvency and integrity of the insurer's reserves, and the
insurer cedes all of its direct and assumed business to the pool. In these
cases, a columnar consolidating or combining worksheet shall be filed with the
report, as follows:
1. Amounts shown on the
consolidated or combined Audited Financial Report shall be shown on the
worksheet.
2. Amounts for each
insurer subject to this section shall be stated separately.
3. Noninsurance operations may be shown on
the worksheet on a combined or individual basis.
4. Explanations of consolidating and
eliminating entries shall be included; and,
5. A reconciliation shall be included of any
differences between the amounts shown in the individual insurer columns of the
worksheet and comparable amounts shown on the Annual Statements of the
insurers.
(b)
1. The application for approval to
consolidate is required each year, and must be filed with the Office prior to
the end of the calendar year for which the approval is being granted, except
that applications for approval will be accepted after the end of such calendar
year subject to the imposition of an administrative fine on each insurer
involved in such application as provided for in Section
624.4211(2),
F.S.
2. The amount of the fine
shall be $50 per day for each day beyond the end of the calendar year, not to
exceed an aggregate amount of $10,000 for the group of insurers requesting
permission to file on a consolidated basis.
(c) Approval to consolidate or combine
statements shall be granted unless the Office makes a specific finding that
approval would prevent the Office from carrying out its statutory
responsibilities.
(9) Scope of Audit and Report of Independent Certified Public Accountant. Financial statements furnished pursuant to subsection (5) above, shall be examined by the independent certified public accountant. The audit of the insurer's financial statements shall be conducted in accordance with generally accepted auditing standards. In accordance with AU-C 610 of the Professional Standards of the AICPA, Using the Work of Internal Auditors, effective 12/15/14, and AU-C Section 940 of the Professional Standards of the AICPA, An Audit of Internal Control Over Financial Reporting That is Integrated With an Audit of Financial Statements, effective 12/15/16, the independent certified public accountant should obtain an understanding of internal control sufficient to plan the audit. To the extent required by AU-C 610 and AU-C Section 940, for those insurers required to file a Management's Report of Internal Control over Financial Reporting pursuant to subsection (17), the independent certified public accountant should consider (as that term is defined in of the Professional Standards of the AICPA, AU-C 200 Overall Objectives of the Independent Auditor and the Conduct of an Audit in Accordance With Generally Accepted Auditing Standards, effective 12/15/12) the most recently available report in planning and performing the audit of the statutory financial statements. Consideration should also be given to the other procedures illustrated in the Financial Condition Examiner's Handbook promulgated by the National Association of Insurance Commissioners (incorporated by reference in Rule 69O-138.001, F.A.C.) as the independent Certified Public Accountant deems necessary.
(10) Notification of Adverse Financial Condition.
(a) The insurer required to furnish
the annual Audited Financial Report shall require the independent Certified
Public Accountant to report, in writing, within five (5) business days to the
board of directors or its Audit committee any determination by the independent
Certified Public Accountant that the insurer has materially misstated its
financial condition as reported to the Office as of the balance sheet date
currently under audit, or that the insurer does not meet the minimum capital
and surplus requirement of the Florida Insurance Code as of that date. An
insurer who has received a report pursuant to this paragraph shall forward a
copy of the report to the Office within five (5) business days of receipt of
said report and shall provide the independent Certified Public Accountant
making the report with evidence of the report being furnished to the Office. If
the independent Certified Public Accountant fails to receive the evidence
within the required five (5) business day period, the independent Certified
Public Accountant shall furnish to the Office a copy of its report within the
next five (5) business days.
(b) An
independent certified public accountant shall not be liable in any manner to
any person for any statement made in connection with the above paragraph if the
statement is made in good faith in compliance with the above
paragraph.
(c) If the accountant,
subsequent to the date of the Audited Financial Report filed pursuant to this
rule, becomes aware of facts which might have affected his report, the Office
notes the obligation of the accountant to take such action as prescribed in
AU-C 560 of the Professional Standards of the AICPA, Subsequent Events
and Subsequently Discovered Facts, effective 12/15/12.
(11) Communication of Internal Control Related Matters Noted in an Audit.
(a)
In addition to the annual Audited Financial Report, each insurer shall furnish
the Office with a written communication as to any unremediated material
weaknesses in its Internal control over financial reporting noted during the
audit. Such communication shall be prepared by the accountant within sixty (60)
days after the filing of the annual Audited Financial Report, and shall contain
a description of any unremediated material weakness (as the term material
weakness is defined by AU-C 265 of the Professional Standards of the AICPA,
Communicating Internal Control Related Matters Identified in an
Audit), effective 12/15/12, as of December 31 immediately preceding
(so as to coincide with the Audited Financial Report discussed in subsection
(4)) in the insurer's Internal control over financial reporting noted by the
accountant during the course of their audit of the financial statements. If no
unremediated material weaknesses were noted, the communication should so
state.
(b) The insurer is required
to provide a description of remedial actions taken or proposed to correct
unremediated material weaknesses if the actions are not described in the
accountant's communication.
(12) Accountant's Letter of Qualifications.
(a) The accountant shall furnish a letter to
the insurer in connection with, and for inclusion in, the filing of the annual
Audited Financial Report.
(b) The
letter shall state:
1. That the accountant is
independent with respect to the insurer and conforms to the standards of his or
her profession as contained in the Code of Professional Ethics and
pronouncements of the AICPA and the Rules of Professional Conduct of the
Florida Board of Public Accountancy, or similar code,
2. The background and experience in general,
and the experience in audits of insurers of the staff assigned to the
engagement and whether each is an independent Certified Public Accountant.
Nothing within this rule shall be construed as prohibiting the accountant from
utilizing his or her staff as he or she deems appropriate where use is
consistent with the standards prescribed by generally accepted auditing
standards,
3. That the accountant
understands the annual Audited Financial Report, and his or her opinion thereon
will be filed in compliance with this rule, and that the Office will be relying
on this information in the monitoring and regulation of the financial position
of insurers,
4. That the accountant
consents to the requirements of subsection (13), below, and that the accountant
consents and agrees to make the workpapers as defined in subsection (13),
below, available for review by the Office,
5. A representation that the accountant is
properly licensed by an appropriate state licensing authority and is a member
in good standing in the AICPA; and,
6. A representation that the accountant is in
compliance with the requirements of subsection (7) of this rule.
(13) Definition, Availability, and Maintenance of Independent Certified Public Accountants Workpapers.
(a) Workpapers are the records
kept by the independent Certified Public Accountant of the procedures followed,
the tests performed, the information obtained, and the conclusions reached
pertinent to the accountant's audit of the financial statements of an insurer.
Workpapers, accordingly, may include audit planning documentation, work
programs, analyses, memoranda, letters of confirmation and representation,
abstracts of company documents and schedules, or commentaries prepared or
obtained by the independent Certified Public Accountant in the course of his or
her audit of the financial statements of an insurer, and which support the
accountant's opinion.
(b) Every
insurer required to file an Audited Financial Report pursuant to this rule
shall require the accountant to make available for review by Office examiners
all workpapers prepared in the conduct of the accountant's audit, and any
communications related to the audit between the accountant and the insurer, at
the offices of the insurer, at the Office or at any other reasonable place
designated by the Office. The insurer shall require that the accountant retain
the audit workpapers and communications until the Office has filed a Report on
Examination covering the period of the audit, but no less than seven (7) years
from the date of the audit report.
(c) In the conduct of the aforementioned
periodic review by the Office examiners, it shall be agreed that photocopies of
pertinent audit workpapers may be made and retained by the Office. The reviews
by the Office examiners shall be considered investigations, and all working
papers and communications obtained during the course of the investigations
shall be afforded the same confidentiality as other examination workpapers
generated by the Office until the Report of Examination is filed by the
Office.
(14) Requirements for Audit Committee.
This section shall not apply to foreign or alien insurers licensed in this state or an insurer that is a SOX Compliant Entity or a direct or indirect wholly-owned subsidiary of a SOX Compliant Entity.
(a) The Audit committee shall be directly
responsible for the appointment, compensation and oversight of the work of any
accountant (including resolution of disagreements between management and the
accountant regarding financial reporting) for the purpose of preparing or
issuing the Audited Financial Report or related work pursuant to this rule.
Each accountant shall report directly to the Audit committee.
(b) The Audit committee of an insurer or
Group of insurers shall be responsible for overseeing the insurer's Internal
audit function and granting the person or persons performing the function
suitable authority and resources to fulfill their responsibilities if required
by subsection 15 of this Regulation.
(c) Each member of the Audit committee shall
be a member of the board of directors of the insurer or a member of the board
of directors of an entity elected pursuant to paragraphs (f) and
(3)(c).
(d) In order to be
considered independent for purposes of this section, a member of the Audit
committee may not, other than in his or her capacity as a member of the Audit
committee, the board of directors, or any other board committee, accept any
consulting, advisory or other compensatory fee from the entity or be an
affiliated person of the entity or any subsidiary thereof.
(e) If a member of the Audit committee ceases
to be independent for reasons outside the member's reasonable control, that
person, with notice by the responsible entity to the state, may remain an Audit
committee member of the responsible entity until the earlier of the next annual
meeting of the responsible entity or one year from the occurrence of the event
that caused the member to be no longer independent.
(f) To exercise the election of the
controlling person to designate the Audit committee for purposes of this
regulation, the ultimate controlling person shall provide written notice to the
Office of the affected insurers. Notification shall be made timely prior to the
issuance of the statutory audit report and include a description of the basis
for the election. The election can be changed through notice to the Office by
the insurer, which shall include a description of the basis for the change. The
election shall remain in effect for perpetuity, until rescinded.
(g)
1. The
Audit committee shall require the accountant that performs for an insurer any
audit required by this regulation to timely report to the Audit committee in
accordance with the requirements of AU-C 260 of the Professional Standards of
the AICPA, The Auditor's Communication With Those Charged with
Governance, effective 12/15/12, including:
a. All significant accounting policies and
material permitted practices,
b.
All material alternative treatments of financial information within statutory
accounting principles that have been discussed with management officials of the
insurer, ramifications of the use of the alternative disclosures and
treatments, and the treatment preferred by the accountant; and,
c. Other material written communications
between the accountant and the management of the insurer, such as any
management letter or schedule of unadjusted differences.
2. If an insurer is a member of an insurance
holding company system, the reports required by subparagraph (g)1., may be
provided to the Audit committee on an aggregate basis for insurers in the
holding company system, provided that any substantial differences among
insurers in the system are identified to the Audit committee.
(h) The proportion of independent
Audit committee members shall meet or exceed the following criteria:
|
Prior Calendar Year Direct Written and Assumed Premiums |
||
|
$0 - 300,000,000 |
Over $300,000,000 - 500,000,000 |
Over 500,000,000 |
|
No minimum requirements. See also Notes A and B. |
Majority (50% or more) of members shall be independent. See also Notes A and B. |
Supermajority of members (75% or more) shall be independent. See also Note A. |
Note A: The Office has authority afforded by Section 624.4085, F.S., to require the entity's board to enact improvements to the independence of the Audit committee membership if the insurer is in a Risk Based Capital action level event, meets one or more of the standards of an insurer deemed to be in hazardous financial condition, or otherwise exhibits qualities of a troubled insurer.
Note B: All insurers with less than $500,000,000 in prior year direct written and assumed premiums are encouraged to structure their Audit committees with at least a supermajority of independent Audit committee members.
Note C: Prior calendar year direct written and assumed premiums shall be the combined total of direct premiums and assumed premiums from non-affiliates for the reporting entities.
(i) An insurer with direct written and
assumed premium, excluding premiums reinsured with the Federal Crop Insurance
Corporation and Federal Flood Program, less than $500,000,000 may make
application to the Office for a waiver from the subsection (14), requirements
based upon hardship. The insurer shall file, with its annual statement filing,
the approval for relief from subsection (14), with the states that it is
licensed in or doing business in and the NAIC. If the non-domestic state
accepts electronic filing with the NAIC, the insurer shall file the approval in
an electronic format acceptable to the NAIC.
(15) Internal Audit Function Requirements.
(a) Exemption - An insurer is exempt from the
requirements of this section if:
1. The
insurer has annual direct written and unaffiliated assumed premium, including
international direct and assumed premium but excluding premiums reinsured with
the Federal Crop Insurance Corporation and Federal Flood Program, less than
$500,000,000; and,
2. If the
insurer is a member of a Group of insurers, the group has annual direct written
and unaffiliated assumed premium, including international direct and assumed
premium but excluding premiums reinsured with the Federal Crop Insurance
Corporation and Federal Flood Program, less than $1,000,000,000.
(b) Note: An insurer or Group of
insurers exempt from the requirements of subsection (15) is encouraged, but not
required, to conduct a review of the insurer business type, sources of capital,
and other risk factors to determine whether an Internal audit function is
warranted. The potential benefits of an Internal audit function should be
assessed and compared against the estimated costs.
(c) Function - The insurer or Group of
insurers shall establish an Internal audit function providing independent,
objective, and reasonable assurance to the Audit committee and insurer
management regarding the insurer's governance, risk management, and internal
controls. This assurance shall be provided by performing general and specific
audits, reviews, and tests and by employing other techniques deemed necessary
to protect assets, evaluate control effectiveness and efficiency, and evaluate
compliance with policies and regulations.
(d) Independence - In order to ensure that
internal auditors remain objective, the Internal audit function must be
organizationally independent. Specifically, the Internal audit function will
not defer ultimate judgment on audit matters to others, and shall appoint an
individual to head the Internal audit function who will have direct and
unrestricted access to the board of directors. Organizational independence does
not preclude dual-reporting relationships.
(e) Reporting - The head of the Internal
audit function shall report to the Audit committee regularly, but no less than
annually, on the periodic audit plan, factors that may adversely impact the
Internal audit function's independence or effectiveness, material findings from
completed audits, and the appropriateness of corrective actions implemented by
management as a result of audit findings.
(f) Additional Requirements - If an insurer
is a member of an insurance holding company system or included in a Group of
insurers, the insurer may satisfy the Internal audit function requirements set
forth in this section at the ultimate controlling parent level, an intermediate
holding company level, or the individual legal entity level.
(16) Conduct of Insurer in Connection with the Preparation of Required Reports and Documents.
(a) No director or officer of an insurer
shall, directly or indirectly:
1. Make or
cause to be made a materially false or misleading statement to an accountant in
connection with any audit, review or communication required under this
regulation; or
2. Omit to state, or
cause another person to omit to state, any material fact necessary in order to
make statements made, in light of the circumstances under which the statements
were made, not misleading to an accountant in connection with any audit, review
or communication required under this regulation.
(b) No officer or director of an insurer, or
any other person acting under the direction thereof, shall directly or
indirectly take any action to coerce, manipulate, mislead or fraudulently
influence any accountant engaged in the performance of an audit pursuant to
this regulation if that person knew or should have known that the action, if
successful, could result in rendering the insurer's financial statements
materially misleading.
(c) For
purposes of paragraph (b) of this section, actions that, "if successful, could
result in rendering the insurer's financial statements materially misleading"
include, but are not limited to, actions taken at any time with respect to the
professional engagement period to coerce, manipulate, mislead or fraudulently
influence an accountant:
1. To issue or
reissue a report on an insurer's financial statements that is not warranted in
the circumstances (due to material violations of statutory accounting
principles prescribed by the Office or generally accepted auditing
standards);
2. Not to perform
audit, review or other procedures required by generally accepted auditing
standards;
3. Not to withdraw an
issued report; or
4. Not to
communicate matters to an insurer's Audit committee.
(17) Management's Report of Internal Control over Financial Reporting.
(a)
Every insurer required to file an Audited Financial Report pursuant to this
regulation that has annual direct written and assumed premiums, excluding
premiums reinsured with the Federal Crop Insurance Corporation and Federal
Flood Program, of $500,000,000 or more shall prepare a report of the insurer's
or Group of insurers' Internal control over financial reporting, as these terms
are defined in subsection (3). The report shall be filed with the Office along
with the Communication of Internal Control Related Matters Noted in an Audit
described under subsection (11). Management's Report of Internal Control over
Financial Reporting shall be as of December 31 immediately preceding.
(b) Notwithstanding the premium threshold in
paragraph (16)(a), the Office shall require an insurer to file Management's
Report of Internal Control over Financial Reporting if the insurer is in any
Risk Based Capital level event, or meets any one or more of the standards of an
insurer deemed to be in hazardous financial condition. "Hazardous financial
condition" shall mean any of the conditions that subject an insurer to
suspension or revocation of its certificate of authority as provided in Section
624.418, F.S.
(c) An insurer or a Group of insurers that
is:
1. Directly subject to Section
404;
2. Part of a holding company
system whose parent is directly subject to Section 404;
3. Not directly subject to Section 404 but is
a SOX Compliant Entity; or
4. A
member of a holding company system whose parent is not directly subject to
Section 404 but is a SOX Compliant Entity; may file its or its parent's Section
404 Report and an addendum in satisfaction of this Section's requirement
provided that those internal controls of the insurer or Group of insurers
having a material impact on the preparation of the insurer's or Group of
insurers' audited statutory financial statements (those items included in
subparagraphs (5)(b)2. through (5)(b)7. of this regulation) were included in
the scope of the Section 404 Report. The addendum shall be a positive statement
by management that there are no material processes with respect to the
preparation of the insurer's or Group of insurers' audited statutory financial
statements (those items included in subparagraphs (5)(b)2. through (5)(b)7. of
this rule) excluded from the Section 404 Report. If there are internal controls
of the insurer or Group of insurers that have a material impact on the
preparation of the insurer's or Group of insurers' audited statutory financial
statements and those internal controls were not included in the scope of the
Section 404 Report, the insurer or Group of insurers may either file (i) a
subsection (16) report, or (ii) the Section 404 Report and a subsection (16)
report for those internal controls that have a material impact on the
preparation of the insurer's or Group of insurers' audited statutory financial
statements not covered by the Section 404 Report.
(d) Management's Report of Internal Control
over Financial Reporting shall include:
1. A
statement that management is responsible for establishing and maintaining
adequate internal control over financial reporting,
2. A statement that management has
established internal control over financial reporting and an assertion, to the
best of management's knowledge and belief, after diligent inquiry, as to
whether its internal control over financial reporting is effective to provide
reasonable assurance regarding the reliability of financial statements in
accordance with statutory accounting principles,
3. A statement that briefly describes the
approach or processes by which management evaluated the effectiveness of its
internal control over financial reporting,
4. A statement that briefly describes the
scope of work that is included and whether any internal controls were
excluded,
5. Disclosure of any
unremediated material weaknesses in the internal control over financial
reporting identified by management as of December 31 immediately preceding,
after the effective date of this rule. Management is not permitted to conclude
that the internal control over financial reporting is effective to provide
reasonable assurance regarding the reliability of financial statements in
accordance with statutory accounting principles if there is one or more
unremediated material weaknesses in its internal controls over financial
reporting,
6. A statement regarding
the inherent limitations of internal control systems; and,
7. Signatures of the chief executive officer
and the chief financial officer (or equivalent position/title).
(e) Management shall document and
make available upon financial condition examination the basis upon which its
assertions, required in paragraph (d), above, are made. Management may base its
assertions, in part, upon its review, monitoring and testing of internal
controls undertaken in the normal course of its activities.
1. Management shall have discretion as to the
nature of the internal control framework used, and the nature and extent of
documentation, in order to make its assertion in a cost effective manner and,
as such, may include assembly of or reference to existing
documentation.
2. Management's
Report on Internal Control over Financial Reporting, required by paragraph (a),
above, and any documentation provided in support thereof during the course of a
financial condition examination, shall be kept confidential by the
Office.
(18) Exemptions and Effective Dates.
(a) Upon
written application of any insurer, the Office shall grant an exemption from
compliance with any and all provisions of this rule if the Office finds, upon
review of the application, that compliance with this regulation would
constitute an undue financial or organizational hardship upon the
insurer.
(b) Domestic insurers
shall comply with this rule for the year ending December 31, 2010, and each
year thereafter.
(c) Foreign
insurers shall comply with this rule for the year ending December 31, 2010, and
each year thereafter.
(d) The
requirements of paragraph (7)(c), shall be in effect for audits of the year
ending December 31, 2010, and thereafter.
(e) The requirements of subsection (14), are
to be in effect for audits of the year ending December 31, 2010. An insurer or
Group of insurers that is not required to have independent Audit committee
members or only a majority of independent Audit committee members (as opposed
to a supermajority) because the total written and assumed premium is below the
threshold and subsequently becomes subject to one of the independence
requirements discussed in this paragraph due to changes in premium shall have
one (1) year following the year the threshold is exceeded (but not earlier than
January 1, 2010) to comply with the independence requirements discussed in this
paragraph. Likewise, an insurer that becomes subject to one of the independence
requirements discussed in this paragraph as a result of a business combination
shall have one (1) calendar year following the date of acquisition or
combination to comply with the independence requirements.
(f) The requirements of subsection (17), and
other modified sections, except for subsection (14), covered above, are
effective beginning with the reporting period ending December 31, 2010, and
each year thereafter. An insurer or Group of insurers that is not required to
file a report because the total written premium is below the threshold and
subsequently becomes subject to the reporting requirements shall have two (2)
years following the year the threshold is exceeded (but not earlier than
December 31, 2010) to file a report. Likewise, an insurer acquired in a
business combination shall have two (2) calendar years following the date of
acquisition or combination to comply with the reporting requirements.
(g) If an insurer or Group of insurers that
has been exempt from the subsection 15 requirements no longer qualifies for
that exemption, it shall have one year after the year the threshold is exceeded
to comply with the requirements of this rule.
(19) Canadian and British Companies.
(a) In the case of Canadian and British
insurers, the annual Audited Financial Report shall be defined as the annual
statement of total business on the form filed by the companies with their
supervision authority duly audited by an independent chartered
accountant.
(b) For these insurers,
the letter required in paragraph (6)(b), above, shall state that the accountant
is aware of the requirements relating to the annual Audited Financial Report
filed with the Office pursuant to subsection (4), above, and shall affirm that
the opinion expressed is in conformity with these requirements.
(20) Severability Provision.
If any section or portion of this rule or its applicability to any person or circumstance is held invalid by a court, the remainder of the rule or the applicability of the provision to other persons or circumstances shall not be affected.
(21) Standards Incorporated by Reference.
(a) The
following standards are hereby incorporated by reference:
1. AU-C 610 of the Professional Standards of
the AICPA, Using the Work of Internal Auditors, effective
12/15/14;
2. AU-C 200 of
the Professional Standards of the AICPA, Overall Objectives of the
Independent Auditor and the Conduct of an Audit in Accordance With Generally
Accepted Auditing Standards, effective 12/15/12;
3. AU-C 560 of the Professional Standards of
the AICPA, Subsequent Events and Subsequently Discovered Facts,
effective 12/15/12;
4.
AU-C 265 of the Professional Standards of the AICPA, Communicating
Internal Control Related Matters Identified in an Audit, effective
12/15/12;
5. AU-C 260 of
the Professional Standards of the AICPA, The Auditor's Communication
With Those Charged With Governance, effective 12/15/12; and
6. AU-C Section 940 of the Professional
Standards of the AICPA, An Audit of Internal Control Over Financial
Reporting That is Integrated With an Audit of Financial Statements,
effective 12/15/16.
(b)
The standards incorporated in this section are available:
1. From the American Institute of Certified
Public Aaccountants' (AICPA) website at:
http://www.aicpa.org/Publications ;
and,
2. For inspection during
regular business hours at the Office of Insurance Regulation, Larson Building,
200 East Gaines Street, Tallahassee, Florida 32399-0300.
Rulemaking Authority 624.308(1), 624.4085, 624.424(8)(e) FS. Law Implemented 624.307(1), 624.324, 624.424(8) FS.
New 3-31-92, Amended 3-14-94, 8-17-98, 4-4-01, 8-14-02, Formerly 4-137.002, Amended 11-3-05, 9-21-10, 1-10-19, 12-26-19.
Disclaimer: These regulations may not be the most recent version. Florida may have more current or accurate information. We make no warranties or guarantees about the accuracy, completeness, or adequacy of the information contained on this site or the information linked to on the state site. Please check official sources.
This site is protected by reCAPTCHA and the Google
Privacy Policy and
Terms of Service apply.
