Code of Massachusetts Regulations
211 CMR - DIVISION OF INSURANCE
Title 211 CMR 26.00 - Annual Financial Reporting For Years Ending 2010 And After
Section 26.19 - Management's Report of Internal Control over Financial Reporting

Universal Citation: 211 MA Code of Regs 211.26

Current through Register 1531, September 27, 2024

(1) Every insurer required to file an Audited financial report pursuant to 211 CMR 26.00 that has annual direct written and assumed premiums, excluding premiums reinsured with the Federal Crop Insurance Corporation and Federal Flood Program, of $500,000,000 or more shall prepare a report of the insurer's or Group of insurers' Internal control over financial reporting, as these terms are defined in 211 CMR 26.04.

The report shall be filed with the Commissioner along with the Communication of Internal Control Related Matters Noted in an Audit described under 211 CMR 26.12. Management's Report of Internal Control over Financial Reporting shall be as of December 31st immediately preceding.

(2) Notwithstanding the premium threshold in 211 CMR 26.19(1), the Commissioner may require an insurer to file Management's Report of Internal Control over Financial Reporting if the insurer is in any risk-based capital level event, or meets any one or more of the standards of an insurer deemed to be in hazardous financial condition as defined in M.G.L. c. 175, §§ 3A, 4, 48,180A through 180L; M.G.L. c. 175J; M.G.L. c. 176A, §§ 3,18, 23, 24, 33; M.G.L. c. 176B, §§ 8, 9, 10, 13, 17, 21; M.G.L. c. 176D, § 11; M.G.L. c. 176E, §§ 8, 9, 10, 13, 16; M.G.L. c. 176F, §§ 8, 9, 10, 13; M.G.L. c. 176G, §§ 10, 17, 20, 20A, 25, 29; 211 CMR 20.00: Risk-based Capital (RBC) for Insurers and 211 CMR 25.00: Risk-based Capital (RBC) for Health Organization.

(3) An insurer or a Group of insurers that is:

(a) Directly subject to § 404;

(b) Part of a holding company system whose parent is directly subject to § 404;

(c) Not directly subject to § 404, but is a SOX Compliant Entity; or

(d) A member of a holding company system whose parent is not directly subject to § 404, but is a SOX Compliant Entity; may file its or its parent's § 404 Report and an addendum in satisfaction of 211 CMR 26.19(3) requirement provided that those internal controls of the insurer or Group of insurers having a material impact on the preparation of the insurer's or Group of insurers' audited statutory financial statements (those items included in 211 CMR 26.06) were included in the scope of the § 404 Report. The addendum shall be a positive statement by management that there are no material processes with respect to the preparation of the insurer's or Group of insurers' audited statutory financial statements (those items included in 211 CMR 26.06) excluded from the § 404 Report. If there are internal controls of the insurer or Group of insurers that have a material impact on the preparation of the insurer's or Group of insurers' audited statutory financial statements and those internal controls were not included in the scope of the § 404 Report, the insurer or Group of insurers may either file a 211 CMR 26.19 report, or the § 404 Report and a 211 CMR 26.19 report for those internal controls that have a material impact on the preparation of the insurer's or Group of insurers' audited statutory financial statements not covered by the § 404 Report.

(4) Management's Report of Internal Control over Financial Reporting shall include:

(a) A statement that management is responsible for establishing and maintaining adequate Internal control over financial reporting;

(b) A statement that management has established Internal control over financial reporting and an assertion, to the best of management's knowledge and belief, after diligent inquiry, as to whether its Internal control over financial reporting is effective to provide reasonable assurance regarding the reliability of financial statements in accordance with statutory accounting principles;

(c) A statement that briefly describes the approach or processes by which management evaluated the effectiveness of its Internal control over financial reporting;

(d) A statement that briefly describes the scope of work that is included and whether any internal controls were excluded;

(e) Disclosure of any unremediated material weaknesses in the Internal control over financial reporting identified by management as of December 31st immediately preceding. (Management is not permitted to conclude that the Internal control over financial reporting is effective to provide reasonable assurance regarding the reliability of financial statements in accordance with statutory accounting principles if there is one or more unremediated material weaknesses in its Internal controls over financial reporting.);

(f) A statement regarding the inherent limitations of internal control systems; and

(g) Signatures of the chief executive officer and the chief financial officer (or equivalent position/title).

(5) Management shall document and make available upon financial condition examination the basis upon which its assertions, required in 211 CMR 26.19(4), are made. Management may base its assertions, in part, upon its review, monitoring and testing of internal controls undertaken in the normal course of its activities.

(a) Management shall have discretion as to the nature of the internal control framework used, and the nature and extent of documentation, in order to make its assertion in a cost effective manner and, as such, may include assembly of or reference to existing documentation.

(b) Management's Report on Internal Control over Financial Reporting, required by 211 CMR 26.19(1), and any documentation provided in support thereof during the course of a financial condition examination, shall be kept confidential as provided for under M.G.L. c. 175, § 4.

Disclaimer: These regulations may not be the most recent version. Massachusetts may have more current or accurate information. We make no warranties or guarantees about the accuracy, completeness, or adequacy of the information contained on this site or the information linked to on the state site. Please check official sources.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.