Current through Register Vol. 50, No. 9, March 1, 2024
RELATES TO:
KRS
304.1-040,
304.1-050,
304.2-065,
304.2-210-304.2-290,
304.3-120,
304.3-125,
304.3-240,
304.3-241,
304.17A-820,
304.32-210,
304.35-040,
304.36-140,
304.37-010,
304.37-020,
304.42-150,
304.45-030,
304.45-040,
304.48-110,
304.49-070(2),
304.49-080,
304.49-090,
304.50-060,
304.50-075,
18 U.S.C. Chapter 96,
Pub.
L. 107-204
NECESSITY, FUNCTION, AND CONFORMITY:
KRS
304.2-110 authorizes the Commissioner of the
Department of Insurance to promulgate administrative regulations necessary for
or as an aid to the effectuation of any provision of the Kentucky Insurance
Code as established in
KRS
304.1-010.
KRS
304.3-240 authorizes the commissioner to
promulgate administrative regulations concerning the publication of financial
statements.
KRS
304.49-170 authorizes the commissioner to
promulgate administrative regulations relating to captive insurance companies
that are necessary to enable the commissioner to carry out the provisions of
KRS
304.49-010 through
304.49-230.
This administrative regulation establishes requirements concerning the annual
filing of audited financial reports by insurers.
Section 1. Definitions.
(1) "Accountant" means:
(a) An independent certified public
accountant or accounting firm in good standing with the American Institute of
Certified Public Accountants and in all states in which the accountant is
licensed to practice;
(b) For
Canadian and British insurers, a Canadian-chartered or British-chartered
accountant.
(2)
"Affiliate" or "affiliated" is defined by
KRS
304.37-010(4).
(3) "Audit committee" means a committee, or
equivalent body, established by the board of directors of an entity for the
purpose of overseeing the accounting and financial reporting processes of an
insurer or group of insurers, the internal audit function of an insurer of
group of insurers, if applicable, and external audits of financial statements
of the insurer or group of insurers.
(4) "Audited financial report" means a report
consisting of those items established in Section 4 of this administrative
regulation.
(5) "Commissioner" is
defined by
KRS
304.1-050(1).
(6) "Control" is defined by
KRS
304.37-010(3).
(7) "Department" is defined in
KRS
304.1-050(2).
(8) "Group of insurers" means those licensed
insurers included in the reporting requirements of
KRS
304.37-020, or a set of insurers as
identified by management, for the purpose of assessing the effectiveness of
internal control over financial reporting.
(9) "Insurer" is defined by
KRS
304.1-040.
(10) "Internal audit function" means a person
who provides independent objective and reasonable assurance designed to add
value and improve an organization's operations and accomplish its objectives by
bringing a systematic, disciplined approach to evaluate and improve the
effectiveness of risk management, control, and governance processes."
(11) "Internal control over financial
reporting" means a process affected by an entity's board of directors,
management, and other personnel designed to provide reasonable assurance
regarding the reliability of the financial statements and includes those
policies and procedures that:
(a) Pertain to
the maintenance of records that, in reasonable detail, accurately and fairly
reflect the transactions and dispositions of assets;
(b) Provide reasonable assurance that
transactions are recorded as necessary to permit preparation of the financial
statements and that receipts and expenditures are being made only in accordance
with authorizations of management and directors; and
(c) Provide reasonable assurance regarding
prevention or timely detection of unauthorized acquisition, use, or disposition
of assets that could have a material effect on the financial
statements.
(12) "SEC"
means the United States Securities and Exchange Commission.
(13) "Section 404" means Section 404 of the
Sarbanes-Oxley Act of 2002,
Pub.
L. 107-204, and the SEC's rules and regulations
promulgated under Section 404.
(14)
"Section 404 Report" means management's report on "internal control over
financial reporting" as defined by the SEC at
17 C.F.R.
240.13a-15(f) and the
related attestation report of the accountant.
(15) "SOX compliant entity" means an entity
that either is required to be compliant with, or voluntarily is compliant with,
all of the following provisions of the Sarbanes-Oxley Act of 2002,
Pub.
L. 107-204 :
(a)
The preapproval requirements of Section 202;
(b) The audit committee independence
requirements of Section 301; and
(c) The internal control over financial
reporting requirements of Section 404.
(16) "Work papers" mean the records kept by
the accountant of the procedures followed, the tests performed, the information
obtained, and the conclusions reached pertinent to the accountant's audit of
the financial statements of an insurer. Work papers can include audit planning
documentation, work programs, analyses, memoranda, letters of confirmation and
representation, abstracts of insurer documents, and schedules or commentaries
prepared or obtained by the accountant in the course of the accountant's audit
of the financial statements of an insurer and that support the accountant's
opinion of the financial statements of an insurer.
Section 2. Purpose and Scope.
(1) This administrative regulation shall be
to improve the department's surveillance of the financial condition of insurers
by requiring:
(a) An annual audit of financial
statements reporting the financial position and the results of operations of
insurers by accountants;
(b)
Communication of internal control related matters noted in an audit;
and
(c) Management's report of
internal control over financial reporting.
(2) Except as established in paragraph (a) of
this subsection, every insurer shall be subject to this administrative
regulation.
(a) Unless the commissioner makes
a specific finding that compliance is necessary for the department to carry out
its statutory responsibilities, an insurer shall be exempt during years in
which the following conditions exist. The insurer has, at the end of the
calendar year:
1. Direct premiums written in
this state of less than $1,000,000; and
2. Less than 1,000 policyholders or
certificate holders of direct written policies nationwide.
(b) An insurer with assumed premiums of
$1,000,000 or more pursuant to contracts or treaties of reinsurance shall not
be exempt from this administrative regulation.
(3) A foreign or alien insurer filing the
audited financial report in another state, pursuant to the other state's
requirement for filing an audited financial report, which has been found by the
commissioner to be substantially similar to the requirements of this
administrative regulation, shall be exempt from this administrative regulation
if:
(a) The following documents, which are
filed with the other state, are filed with the commissioner in accordance with
Sections 4, 10, and 11 of this administrative regulation:
1. A copy of the audited financial
report;
2. Communication of
internal control related matters noted in an audit; and
3. The accountant's letter of qualifications.
Canadian insurers may submit accountants' reports as filed with the Office of
Superintendent of Financial Institutions, Canada; and
(b) A copy of any notification of adverse
financial condition report filed with the other state is filed with the
commissioner within the time established in Section 9 of this administrative
regulation.
(4) A
foreign or alien insurer required to file management's report of internal
control over financial reporting in another state shall be exempt from filing
the report in this state if:
(a) The other
state has substantially similar reporting requirements; and
(b) The report is filed with the commissioner
of the other state within the other state's required time.
(5) This administrative regulation shall not
prohibit, preclude, or in any way limit the commissioner from ordering,
conducting, or performing examinations of insurers under
KRS
304.2-210 through
304.2-290
through
304.2-300,
304.17A-820,
304.32-210,
304.35-040,
304.36-140,
304.42-150,
304.48-110,
304.49-080,
or
304.50-075.
Section 3. General Requirements
Related to Filing and Extensions for Filing of Annual Audited Financial Reports
and Audit Committee Appointment.
(1) All
insurers shall have an annual audit by an accountant and shall file an audited
financial report with the commissioner on or before June 1 for the year ended
December 31 immediately preceding. The commissioner may, based on whether or
not the company is determined to be in a "hazardous condition" pursuant to
KRS
304.2-065, require an insurer to file an
audited financial report earlier than June 1 with ninety (90) days advance
notice to the insurer.
(2)
Extensions of the June 1 filing date may be granted by the commissioner for
thirty (30) day periods upon showing by the insurer and its accountant the
reasons for requesting the extension and determination by the commissioner of
good cause for an extension. The request for extension shall be submitted in
writing not less than ten (10) days prior to the due date and contain
sufficient detail to permit the commissioner to make an informed decision as to
the requested extension.
(3) If an
extension is granted in accordance with subsection (2) of this section, a
similar extension of thirty (30) days shall be granted to the filing of
management's report of internal control over financial reporting.
(4) Every insurer required to file an annual
audited financial report pursuant to this administrative regulation shall
designate a group of individuals as constituting its audit committee. The audit
committee of an entity that controls an insurer may be deemed to be the
insurer's audit committee for purposes of this administrative regulation at the
election of the controlling person.
Section 4. Contents of Annual Audited
Financial Report.
(1) The annual audited
financial report shall report the financial condition of the insurer as of the
end of the most recent calendar year and the results of its operations, cash
flows, and changes in capital and surplus for the year then ended in conformity
with statutory accounting practices established, or otherwise permitted, by the
insurance supervisory authority of the insurer's state of domicile.
(2) The annual audited financial report shall
include the:
(a) Report of the
accountant;
(b) Balance sheet for
reporting admitted assets, liabilities, capital, and surplus;
(c) Statement of operations;
(d) Statement of cash flows;
(e) Statement of changes in capital and
surplus;
(f) Notes to financial
statements as required by
KRS
304.3-240 in accordance with
KRS
304.3-241. These notes shall also include:
1. A reconciliation of differences, if any,
between the audited statutory financial statements and the annual statement
filed pursuant to
KRS
304.3-240 with a written description of the
nature of these differences; and
2.
A summary of ownership and relationships of the insurer and all affiliated
companies; and
(g) The
financial statements included in the audited financial report shall be:
1. Prepared in a form and using language and
groupings substantially the same as the relevant sections of the annual
statement of the insurer filed with the commissioner; and
2. Comparative, presenting the amounts as of
December 31 of the current year and the amounts as of the immediately preceding
December 31. In the first year in which an insurer is required to file an
audited financial report, the comparative data may be omitted. The annual
statement forms and instructions shall be those established by the National
Association of Insurance Commissioners as required by
KRS
304.3-240.
Section 5. Designation of
Accountant.
(1) Each insurer required by this
administrative regulation to file an annual audited financial report shall,
within sixty (60) days after becoming subject to this requirement, register
with the commissioner in writing the name and address of the accountant or
accounting firm retained to conduct the annual audit required by this
administrative regulation.
(2) The
insurer shall obtain a letter from the accountant and file a copy with the
commissioner, stating that the accountant is aware of the provisions of the
insurance laws of the insurer's state of domicile that relate to accounting and
financial matters and affirming that the accountant shall express the
accountant's opinion on the financial statements in terms of their conformity
to the statutory accounting practices established or otherwise permitted by the
insurance regulatory authority in that state, stating any exceptions as the
accountant believes appropriate.
(3) If an accountant who was the accountant
for the immediately preceding filed audited financial report is dismissed or
resigns the insurer shall:
(a) Within five
(5) business days notify the commissioner of this event;
(b) Submit to the commissioner, a separate
letter within ten (10) business days of the notification established in
paragraph (a) of this subsection, if stating in the twenty-four (24) months
preceding the accountant's resignation, there were any disagreements with the
former accountant that, if not resolved to the satisfaction of the former
accountant, would cause the accountant to make reference to the subject matter
of the disagreement in connection with the opinion. These shall include
disagreements:
1. Concerning accounting
principles, financial statement disclosure, or auditing scope or
procedure;
2. That have been
resolved to the former accountant's satisfaction and those not so resolved;
and
3. That occur at the
decision-making level, that is, between personnel of the insurer responsible
for presentation of its financial statements and personnel for the accounting
firm responsible for rendering its report;
(c) Request the former accountant to submit a
letter addressed to the insurer stating whether or not the accountant agrees
with the statements contained in the insurer's letter, and, if not, stating the
reasons for which the accountant does not agree; and
(d) Submit the responsive letter from the
former accountant to the commissioner together with its own.
Section 6.
Qualifications of Accountant.
(1) The
commissioner shall not recognize any person or firm as a qualified accountant
if the person or firm:
(a) Is not in good
standing with the American Institute of Certified Public Accountants and in all
states in which the accountant is licensed to practice, or, for a Canadian or
British insurer, that is not a chartered accountant; or
(b) Has either directly or indirectly entered
into an agreement of indemnity or release from liability with respect to the
audit of the insurer.
(2) Except as otherwise established in this
administrative regulation, an accountant shall be recognized as qualified if
the accountant conforms to the standards of the accounting profession, as
contained in the statutes, administrative regulations, and codes of ethics and
rules of professional conduct administered by the State Board of Accountancy of
Kentucky in accordance with KRS Chapter 325 and 201 KAR Chapter 1.
(3) The lead or coordinating audit partner
having primary responsibility for the audit shall not act in that capacity for
more than five (5) consecutive years. After five (5) consecutive years, the
person shall be disqualified from acting in that or a similar capacity for the
same insurer or its insurance subsidiaries or affiliates for a period of five
(5) years.
(a) An insurer may make
application to the commissioner for relief from this rotation requirement on
the basis of undue hardship. Application shall be made at least thirty (30)
days before the end of the calendar year. The commissioner shall consider the
following factors in determining if the relief should be granted:
1. Number of partners, expertise of the
partners, or the number of insurance clients in the currently registered
firm;
2. Premium volume of the
insurer; or
3. Number of
jurisdictions in which the insurer transacts business.
(b) The insurer shall file with its annual
statement filing the approval for relief from paragraph (a)1 of this subsection
with the states that it is licensed in or doing business in and with the
National Association of Insurance Commissioners. If the nondomestic state
accepts electronic filing with the National Association of Insurance
Commissioners, the insurer shall file the approval in an electronic format
acceptable to the National Association of Insurance Commissioners via the Web
site,
https://www2.naic.org/servlet/Index.
(c) The commissioner shall not recognize as a
qualified accountant, nor accept any annual audited financial report, prepared
in whole or in part by any natural person who:
1. Has been convicted of fraud, bribery, or a
conviction of the Racketeer Influenced and Corrupt Organizations Act, 18 U.S.C.
Chapter 96;
2. Has been found to
have violated the insurance laws of this state with respect to any previous
reports submitted under this administrative regulation; or
3. Has demonstrated a pattern or practice of
failing to detect or disclose material information in previous reports filed
under this administrative regulation.
(4) If an insurer disagrees with a
determination made by the commissioner pursuant to subsection (3) of this
section, it may request a hearing in accordance with
KRS
304.2-310.
(5)
(a) The
commissioner shall not recognize as a qualified accountant, nor accept an
annual audited financial report prepared in whole or in part by an accountant
who provides to an insurer, contemporaneously with the audit, the following
nonaudit services:
1. Bookkeeping or other
services related to the accounting records or financial statements of the
insurer;
2. Financial information
systems design and implementation;
3. Appraisal or valuation services, fairness
opinions, or contribution-in-kind reports;
4. Actuarially-oriented advisory services
involving the determination of amounts recorded in the financial statements.
The accountant may assist an insurer in understanding the methods, assumptions,
and inputs used in the determination of amounts recorded in the financial
statement only if it is reasonable to conclude that the services provided will
not be subject to audit procedures during an audit of the insurer's financial
statements. An accountant's actuary may also issue an actuarial opinion or
certification on an insurer's reserves if:
a.
Neither the accountant nor the accountant's actuary has performed any
management functions or made any management decisions;
b. The insurer has competent personnel or
engages a third party actuary to estimate the reserves for which management
takes responsibility; and
c. The
accountant's actuary tests the reasonableness of the reserves after the
insurer's management has determined the amount of the reserves;
5. Internal audit outsourcing
services;
6. Management functions
or human resources;
7. Broker or
dealer, investment adviser, or investment banking services; or
8. Legal services or expert services
unrelated to the audit.
(b) A qualified independent public accountant
shall not:
1. Function in the role of
management;
2. Audit his or her own
work; and
3. Serve in an advocacy
role for the insurer.
(6)
(a) An
insurer having direct written and assumed premium of less than $100,000,000 in
any calendar year may request an exemption from subsection (5)(a) of this
section.
(b) To request an
exemption, the insurer shall file with the commissioner a written statement
discussing the reasons why the insurer should be exempt from these
provisions.
(c) If requested and if
the commissioner finds, upon review of this statement, that compliance with
this administrative regulation would constitute an organizational hardship upon
the insurer, an exemption shall be granted.
(7) A qualified accountant who performs the
audit may engage in other nonaudit services, including tax services, that are
not established in subsection (5)(a) of this section or that do not conflict
with subsection (5)(b) of this section, only if the activity is approved in
advance by the audit committee in accordance with subsection (8) of this
section.
(8)
(a) All auditing services and nonaudit
services provided to an insurer by the qualified accountant of the insurer
shall be preapproved by the audit committee.
(b) The preapproval requirement shall be
waived with respect to nonaudit services if:
1. The insurer is a SOX compliant entity or a
direct or indirect wholly-owned subsidiary of a SOX compliant entity;
or
2.
a. The aggregate amount of all non-audit
services provided to the insurer constitutes not more than five (5) percent of
the total amount of fees paid by the insurer to its qualified accountant during
the fiscal year in which the nonaudit services are provided;
b. The services were not recognized by the
insurer at the time of the engagement to be nonaudit services; and
c. The services are brought to the attention
of the audit committee and approved prior to the completion of the audit by the
audit committee or by one (1) or more members of the audit committee who are
the members of the board of directors to whom authority to grant approvals has
been delegated by the audit committee.
(9) The audit committee may
delegate to one (1) or more designated members of the audit committee the
authority to grant the preapprovals required by subsection (8) of this section.
The decisions of any member to whom this authority is delegated shall be
presented to the full audit committee at each of its scheduled
meetings.
(10)
(a)
1. The
commissioner shall not recognize an accountant as qualified for a particular
insurer if the following were employed by the accountant and participated in
the audit of that insurer during the one (1) year period preceding the date
that the most current statutory opinion is due:
a. A member of the board;
b. President;
c. Chief executive officer;
d. Controller;
e. Chief financial officer;
f. Chief accounting officer; or
g. Any person serving in an equivalent
position for that insurer.
2. This subsection shall only apply to
partners and senior managers involved in the audit.
3. An insurer may make application to the
commissioner for relief from the requirements established in this subsection on
the basis of undue hardship.
(b) The insurer shall file, with its annual
statement filing, the approval for relief from paragraph (a) of this subsection
with the states that it is licensed in or doing business in and the National
Association of Insurance Commissioners. If the nondomestic state accepts
electronic filing with the National Association of Insurance Commissioners, the
insurer shall file the approval in an electronic format acceptable to the
National Association of Insurance Commissioners via the Web site,
https://www2.naic.org/servlet/Index.
Section 7. Consolidated
or Combined Audits. An insurer may make written application to the commissioner
for approval to file audited consolidated or combined financial statements in
lieu of separate annual audited financial reports if the insurer is part of a
group of insurers that utilizes a pooling or 100 percent reinsurance agreement
that affects the solvency and integrity of the insurer's reserves and the
insurer cedes all of its direct and assumed business to the pool. In these
cases, a columnar consolidating or combining worksheet shall be filed with the
report, as established in subsections (1) through (5) of this section.
(1) Amounts shown on the consolidated or
combined audited financial report shall be shown on the worksheet.
(2) Amounts for each insurer subject to this
section shall be stated separately.
(3) Noninsurance operations may be shown on
the worksheet or a combined or individual basis.
(4) Explanations of consolidating and
eliminating entries shall be included.
(5) A reconciliation shall be included of any
differences between the amounts shown in the individual insurer columns of the
worksheet and comparable amounts shown in the annual statements of the
insurers.
Section 8.
Scope of Examination and Report of Accountant.
(1) Financial statements submitted pursuant
to Section 4 of this administrative regulation shall be examined by the
accountant.
(2) The examination of
the insurer's financial statements shall be conducted in accordance with
generally accepted auditing standards.
(3) In accordance with SAS No. 109,
Understanding the Entity and Its Environment and Assessing the Risks of
Material Misstatement and SAS No. 110, Performing Audit Procedures in Response
to Assessed Risks and Evaluating the Audit Evidence Obtained, the accountant
shall obtain an understanding of internal control sufficient to plan the
audit.
(4) To the extent required
by SAS 109 and SAS 110, for those insurers required to file a management's
report of internal control over financial reporting pursuant to Section 2 of
this administrative regulation, the accountant shall consider the most recently
available report in planning and performing the audit of the statutory
financial statements.
(5)
Consideration shall also be given to other procedures illustrated in the
Financial Condition Examiner's Handbook of the National Association of
Insurance Commissioners that the accountant deems necessary.
Section 9. Notification of Adverse
Financial Condition.
(1)
(a) The insurer required to submit the annual
audited financial report shall require the accountant to report, in writing,
within five (5) business days to the board of directors or its audit committee
any determination by the accountant that the insurer has materially misstated
its financial condition as reported to the commissioner as of the balance sheet
date currently under examination or that the insurer does not meet the minimum
capital and surplus requirements of
KRS
304.3-120 and
304.3-125
as of that date.
(b) An insurer
that has received a report pursuant to this subsection shall forward a copy of
the report to the commissioner within five (5) business days of receipt of the
report and shall provide the accountant making the report with evidence of this
report being submitted to the commissioner.
(c) If the accountant fails to receive this
evidence within the required five (5) business day period, the accountant shall
submit to the commissioner a copy of its report within the next five (5)
business days.
(2) An
accountant shall not be liable in any manner to any person for any statement
made in connection with subsection (1) of this section if the statement is made
in good faith in compliance with subsection (1) of this section.
(3) If the accountant, subsequent to the date
of the audited financial report filed pursuant to this administrative
regulation, becomes aware of facts that might have affected his report, the
commissioner shall note the obligation of the accountant to take the action
established in Volume 1, Section AU 561 of the Professional Standards of the
American Institute of Certified Public Accountants.
Section 10. Communication of Internal Control
Related Matters Noted in an Audit.
(1)
(a) In addition to the annual audited
financial statements, each insurer shall submit to the commissioner a written
communication as to any unremediated material weakness in its internal control
over financial reporting noted during the audit.
(b) The communication shall be prepared by
the accountant within sixty (60) days after the filing of the annual audited
financial report and shall contain a description of any unremediated material
weaknesses as of December 31 immediately preceding in the insurer's internal
control over financial reporting noted by the accountant during the course of
the accountant's audit of the financial statements.
(c) If unremediated material weaknesses were
not noted, the communication shall state that none were found.
(2) If the action is not included
in the accountant's communication, an insurer shall provide a description of
remedial actions taken or proposed to correct unremediated material
weaknesses.
Section 11.
Accountant's Letter of Qualifications. The accountant shall submit to the
insurer in connection with, and for inclusion in, the filing of the annual
audited financial report, a letter stating:
(1) That the accountant is independent with
respect to the insurer and conforms to the standards of the accountant's
profession as contained in statutes, administrative regulations, and rules of
professional conduct of the State Board of Accountancy of Kentucky set forth in
KRS Chapter 325 and 201 KAR Chapter 1;
(2) The background and experience in general,
and the experience in audits of insurers of the staff assigned to the
engagement and whether or not each is an accountant. This administrative
regulation shall not prohibit the accountant from utilizing staff as the
accountant deems appropriate if use is consistent with the standards
established by generally accepted auditing standards;
(3) That the accountant understands the
annual audited financial report, that the accountant's opinion on it shall be
filed in compliance with this administrative regulation, and that the
commissioner will be relying on this information in monitoring the financial
position of insurers;
(4) That the
accountant consents to the requirements of Section 12 of this administrative
regulation and that the accountant consents and agrees to make the work papers
available for review by the commissioner, the commissioner's designee, or the
commissioner's appointed agent;
(5)
That the accountant is properly licensed by an appropriate state licensing
authority and is a member in good standing of the American Institute of
Certified Public Accountants; and
(6) That the accountant is in compliance with
the requirements of Section 6 of this administrative regulation.
Section 12. Availability and
Maintenance of Accountant Work Papers.
(1)
Every insurer required to file an audited financial report pursuant to this
administrative regulation shall require the accountant to make available for
review by department examiners all work papers prepared in the conduct of the
accountant's audit and any communications related to the audit between the
accountant and the insurer, at the offices of the insurer, at the department,
or any other reasonable place designated by the commissioner. The insurer shall
require that the accountant retain the audit work papers and communications
until the department has filed a report on examination covering the period of
the audit, but no longer than seven (7) years from the date of the audit
report.
(2) In the conduct of the
periodic review by department examiners established in subsection (1) of this
section, it shall be agreed that photocopies of pertinent audit work papers may
be made and retained by the department. Reviews by the department examiners
shall be considered investigations, and all working papers and communications
obtained during the course of shall be afforded the same confidentiality as
other examination work papers generated by the department.
Section 13. Requirements for Audit
Committees. This section shall not apply to foreign or alien insurers licensed
in this state or an insurer that is a SOX compliant entity or a direct or
indirect wholly-owned subsidiary of a SOX compliant entity.
(1) The audit committee shall be directly
responsible for the appointment, compensation, and oversight of the work of any
accountant, including resolution of disagreements between management and the
accountant regarding financial reporting, for the purpose of preparing or
issuing the audited financial report or related work pursuant to this
administrative regulation. Each accountant shall report directly to the audit
committee.
(2)
(a) The audit committee of an insurer or
group of insurers shall be responsible for supervising the insurer's internal
audit function and granting the person performing the function suitable
authority and resources to fulfill the responsibilities if required by Section
14 of this administrative regulation.
(b) If an audit committee is not designated
by the insurer, the insurer's entire board of directors shall constitute the
audit committee.
(3)
Each member of the audit committee shall be a member of the board of directors
of the insurer or a member of the board of directors of an entity elected
pursuant to subsection (6) of this section and section 3(4) of this
administrative regulation.
(4)
(a) Except as established in paragraph (b) of
this subsection, a member of the audit committee shall not, other than in his
or her capacity as a member of the audit committee, the board of directors, or
any other board committee;
1. Accept any
consulting advisory or other compensatory fee from the entity; or
2. Be an affiliated person of the entity or
any subsidiary.
(b) If
the law requires board participation by otherwise nonindependent members, that
law shall prevail and the members may participate in the audit committee and be
designated as independent for audit committee purposes, unless the member is an
officer or employee of the insurer or one (1) of its affiliates.
(5) If a member of the audit
committee ceases to be independent for reasons outside the member's reasonable
control, that person, with notice by the responsible entity to the state, may
remain an audit committee member of the responsible entity until the earlier
of:
(a) The next annual meeting of the
responsible entity; or
(b) One (1)
year from the occurrence of the event that caused the member to be no longer
independent.
(6)
(a) At the election of the controlling
person, the audit committee of any entity that controls a group of insurers may
be deemed to be the audit committee for one (1) or more of these controlled
insurers solely for the purposes of this administration regulation.
(b) To exercise the election of the
controlling person to designate the audit committee for purposes of this
administrative regulation, the ultimate controlling person shall provide
written notice to the commissioners of the affected insurers.
(c) Notification shall be made timely prior
to the issuance of the statutory audit report and shall include a description
of the basis for the election.
(d)
The election can be changed through notice to the commissioner by the insurer
which shall include a description of the basis for the change.
(e) The election shall remain in effect for
perpetuity, until rescinded.
(7)
(a) The
audit committee shall require the accountant that performs for an insurer any
audit required by this administrative regulation to timely report to the audit
committee in accordance with the requirements of SAS 114, The Auditor's
Communication With Those Charged With Governance, or its replacement,
including:
1. All significant accounting
policies and material permitted practices;
2. All material alternative treatments of
financial information within statutory accounting principles that have been
discussed with management officials of the insurer, ramifications of the use of
the alternative disclosures and treatments, and the treatment preferred by the
accountant; and
3. Other material
written communications between the accountant and the management of the
insurer, including any management letter or schedule of unadjusted
differences.
(b)
1. If an insurer is a member of an insurance
holding company system, the reports required by paragraph (a) of this
subsection may be provided to the audit committee on an aggregate basis for
insurers in the holding company system.
2. Any substantial differences among insurers
in the system shall be identified to the audit committee.
(8)
(a) Except as established in paragraph (b) of
this subsection, the proportion of independent audit committee members shall
meet or exceed the following criteria:
1. For
prior calendar year direct written and assumed premiums between $0 and
$300,000,000, no minimum requirements;
2. For prior calendar year direct written and
assumed premiums over $300,000,000 to $500,000,000, fifty (50) percent or more
of members shall be independent; and
3. For prior calendar year direct written and
assumed premiums over $500,000,000; seventy-five (75) percent of members shall
be independent.
(b) The
commissioner may require the audit committee's board to enact improvements to
the independence of the audit committee membership if the insurer:
1. Is in a risk-based capital action level in
accordance with
806 KAR
3:190; or
2. Meets one (1) or more of the standards of
an insurer deemed to be in "hazardous financial condition", as established in
KRS
304.2-065, or otherwise exhibits qualities of
a "troubled insurer", as established in
KRS
304.3-625.
(c) An insurer with less than $500,000,000 in
prior year direct written and assumed premiums may structure its audit
committee with at least a supermajority of independent audit committee
members.
(d) For purposes of
subsection (7)(a) of this section, prior calendar year direct written and
assumed premiums shall be the combined total of direct premiums and assumed
premiums from nonaffiliates for the reporting entities.
(9)
(a) An
insurer with direct written and assumed premium, excluding premiums reinsured
with the Federal Crop Insurance Corporation and National Flood Insurance
Program, less than $500,000,000 may make application to the commissioner for a
waiver from the requirements of this section based upon hardship.
(b) The insurer shall file, with its annual
statement filing, the approval for relief from this section with the states
that it is licensed in or doing business in and the National Association of
Insurance Commissioners.
(c) If the
nondomestic state accepts electronic filing with the National Association of
Insurance Commissioners, the insurer shall file the approval in an electronic
format acceptable to the National Association of Insurance Commissioners, via
the Web site,
https://www2.naic.org/servlet/Index.
Section 14. Internal
Audit Function Requirements.
(1) An insurer
shall be exempt from the requirements of this section if the insurer:
(a) Has annual direct written and
unaffiliated assumed premium, including international direct and assumed
premium but excluding premiums reinsured with the Federal Crop Insurance
Corporation and National Flood Insurance Program, less than $500,000,000;
or
(b) Is a member of a group of
insurers that has annual direct written and unaffiliated assumed premium
including international direct and assumed premium, but excluding premiums
reinsured with the Federal Crop Insurance Corporation and National Flood
Insurance Program, less than $1,000,000,000.
(2) The insurer or group of insurers shall
establish an internal audit function providing independent, objective, and
reasonable assurance to the audit committee and insurer management regarding
the insurer's governance, risk management, and internal controls. This
assurance shall be provided by:
(a) Performing
general and specific audits, reviews, and tests; and
(b) Employing other techniques deemed
necessary to protect assets, evaluate control effectiveness and efficiency, and
evaluate compliance with policies and KAR Title 806.
(3) In order to ensure that internal auditors
remain objective, the internal audit function shall be organizationally
independent.
(a) The internal audit function
shall:
1. Not defer ultimate judgment on
audit matters to others; and
2.
Appoint an individual to head the internal audit function who shall have direct
and unrestricted access to the board of directors.
(b) Organization independence shall not
preclude dual-reporting relationships.
(4) The head of the internal audit function
shall report to the audit committee regularly, but no less than annually, on:
(a) The periodic audit plan;
(b) Factors that could adversely impact the
internal audit function's independence or effectiveness;
(c) Material findings from completed audits;
and
(d) The appropriateness of
corrective actions implemented by management as a result of audit
findings.
(5) If an
insurer is a member of an insurance holding company system or included in a
group of insurers, the insurer may satisfy the internal audit function
requirements established in this section at:
(a) The ultimate controlling parent
level;
(b) An intermediate holding
company level; or
(c) The
individual legal entity level.
Section 15. Conduct of Insurer in Connection
with the Preparation of Required Reports and Documents.
(1) A director or officer of an insurer shall
not, directly or indirectly:
(a) Make or cause
to be made a materially false or misleading statement to an accountant in
connection with any audit, review, or communication required under this
administrative regulation; or
(b)
Omit to state, or cause another person to omit to state, any material fact
necessary in order to make statements made, in light of the circumstances under
which the statements were made, not misleading to an accountant in connection
with any audit, review, or communication required under this administrative
regulation.
(2) An
officer or director of an insurer, or any other person acting under the
direction of the officer or director, shall not, directly or indirectly, take
any action to coerce, manipulate, mislead, or fraudulently influence any
accountant engaged in the performance of an audit pursuant to this
administrative regulation if that person knew or should have known that the
action, if successful, could result in rendering the insurer's financial
statements materially misleading.
(3) An officer or director of an insurer, or
any other person acting under the direction of the officer or director, shall
not, directly or indirectly, take any of the following actions to coerce,
manipulate, mislead, or fraudulently influence an accountant with respect to
the professional engagement period:
(a) To
issue or reissue a report on an insurer's financial statements that is not
warranted in the circumstances due to material violations of statutory
accounting principles as required by
KRS
304.3-241, generally accepted auditing
standards, or other professional or regulatory standards;
(b) Not to perform audit, review, or other
procedures required by generally accepted auditing standards or other
professional standards;
(c) Not to
withdraw an issued report; or
(d)
Not to communicate matters to an insurer's audit committee.
Section 16.
Management's Report of Internal Control over Financial Reporting.
(1)
(a)
Except as established in subsection (2) of this section, every insurer required
to file an audited financial report pursuant to this administrative regulation
that has annual direct written and assumed premiums, excluding premiums
reinsured with the Federal Crop Insurance Corporation and National Flood
Insurance Program, of $500,000,000 or more shall prepare a report of the
insurer's or group of insurers' internal control over financial
reporting.
(b) The report shall be
filed with the commissioner along with the communication of internal control
related matters noted in an audit.
(c) Management's report of internal control
over financial reporting shall be as of December 31 immediately
preceding.
(2) The
commissioner may require an insurer to file management's report of internal
control over financial reporting if the insurer:
(a) Is in any risk-based capital level event
in accordance with
806 KAR
3:190; or
(b) Meets one (1) or more of the standards of
an insurer deemed to be in "hazardous financial condition" in accordance with
KRS
304.2-065.
(3) An insurer or a group of insurers meeting
the following requirements may file its or its parent's Section 404 Report and
an addendum in satisfaction of the requirements of this section if those
internal controls of the insurer or group of insurers having a material impact
on the preparation of the insurer's or group of insurer's audited statutory
financial statements were included in the scope of the Section 404 Report:
(a) Directly subject to Section
404;
(b) Part of a holding company
system whose parent is directly subject to Section 404;
(c) Not directly subject to Section 404, but
is a SOX compliant entity; and
(d)
A member of a holding company system whose parent is not directly subject to
Section 404 but is a SOX compliant entity.
(4) Management's report of internal control
over financial reporting shall include:
(a) A
statement that management shall be responsible for establishing and maintaining
adequate internal control over financial reporting;
(b) A statement that management has
established internal control over financial reporting and an assertion, to the
best of management's knowledge and belief, after diligent inquiry, as to
whether or not its internal control over financial reporting is effective to
provide reasonable assurance regarding the reliability of financial statements
in accordance with statutory accounting principles;
(c) A statement that briefly describes the
approach or processes by which management evaluated the effectiveness of
internal control over financial reporting;
(d) A statement that briefly describes the
scope of work that is included and whether or not any internal controls were
excluded;
(e) Disclosure of any
unremediated material weaknesses in the internal control over financial
reporting identified by management as of December 31 immediately preceding.
Management shall not conclude that the internal control over financial
reporting is effective to provide reasonable assurance regarding the
reliability of financial statements in accordance with statutory accounting
principles if there is one (1) or more unremediated material weaknesses in its
internal control over financial reporting;
(f) A statement regarding the inherent
limitations of internal control systems; and
(g) Signatures of the chief executive officer
and the chief financial officer.
(5) Management shall document and make
available upon financial condition examination the basis upon which its
assertions, required in subsection (4) of this section, are made. Management
may base its assertions, in part, upon its review, monitoring, and testing of
internal controls undertaken in the normal course of its activities.
(a) Management shall have discretion as to
the nature of the internal control framework used, and the nature and extent of
the documentation, in order to make its assertion in a cost effective manner
and may include assembly of or reference to existing documentation.
(b) The following shall have one (1) year
following the year the threshold is exceeded to comply with the independence
requirements in Section 6 of this administrative regulation, but not earlier
than January 1, 2010. An insurer or group of insurers that, pursuant to Section
13 of this administrative regulation:
1. Is
not required to have independent audit committee members or is required to have
only a majority of independent audit committee members because the total
written and assumed premiums is below the threshold; and
2. Subsequently becomes subject to one (1) of
the independence requirements due to changes in premium.
Section 17. Exemptions
and Effective Dates.
(1) Upon written
application of any insurer, the commissioner may grant an exemption from
compliance with any or all provisions of this administrative regulation if the
commissioner finds, upon review of the application, that compliance with this
administrative regulation would constitute a financial or organizational
hardship upon the insurer. An exemption may be granted any time and from time
to time for a specified period or periods. Upon denial of an insurer's written
request for an exemption from this administrative regulation, the insurer may
request a hearing on its application for an exemption. The hearing process
shall be pursuant to
KRS
304.2-310.
(2) The requirements of this administrative
regulation shall be in effect for audits of calendar years beginning January 1,
2010.
Section 18.
Canadian and British Companies.
(1) In the
case of Canadian and British insurers, the annual audited financial reports
shall be the annual statement of total business in the manner filed by these
insurers with their supervisory authority duly audited by an independent
chartered accountant.
(2) For
Canadian and British insurers, the letter required by Section 5 of this
administrative regulation shall state that the accountant is aware of the
requirements relating to the annual audited financial report filed with the
commissioner pursuant to Section 3 of this administrative regulation and shall
affirm that the opinion expressed is in conformity with the requirements of
Section 3 of this administrative regulation.
Section 19. Incorporation by Reference.
(1) The following material is incorporated by
reference:
(a) "Financial Condition Examiner's
Handbook", 2020, National Association of Insurance Commissioners;
(b) AU Section 561, "Subsequent Discovery of
Facts Existing at the Date of the Auditor's Report", 1996 Professional
Standards of the American Institute of Certified Public Accountants;
(c) SAS 114, "The Auditors Communication with
Those Charged with Governance", 2007, American Institute of Certified Public
Accountants;
(d) SAS 109,
"Understanding the Entity and Its Environment and Assessing the Risks of
material Misstatement", 2007 American Institute of Certified Public
Accountants; and
(e) SAS 110,
"Performing Audit Procedures in Response to Assessed Risks and Evaluating the
Audit Evidence", 2007 American Institute of Certified Public
Accountants.
(2) This
material may be inspected, copied, or obtained, subject to applicable copyright
law, at the Kentucky Department of Insurance, 500 Mero Street, Frankfort,
Kentucky 40601, Monday through Friday, 8 a.m. to 4:30 p.m.
STATUTORY AUTHORITY:
KRS
304.2-110,
304.3-240,
304.49-140