Current through Register 1531, September 27, 2024
(1) Every insurer required to file an Audited
financial report pursuant to
211 CMR 26.00 that has annual
direct written and assumed premiums, excluding premiums reinsured with the
Federal Crop Insurance Corporation and Federal Flood Program, of $500,000,000
or more shall prepare a report of the insurer's or Group of insurers' Internal
control over financial reporting, as these terms are defined in
211 CMR 26.04.
The report shall be filed with the Commissioner along with the
Communication of Internal Control Related Matters Noted in an Audit described
under
211
CMR 26.12. Management's Report of Internal
Control over Financial Reporting shall be as of December
31st immediately preceding.
(2) Notwithstanding the premium threshold in
211 CMR 26.19(1), the Commissioner may require an insurer to file Management's
Report of Internal Control over Financial Reporting if the insurer is in any
risk-based capital level event, or meets any one or more of the standards of an
insurer deemed to be in hazardous financial condition as defined in M.G.L. c.
175, §§ 3A, 4, 48,180A through 180L; M.G.L. c. 175J; M.G.L. c. 176A,
§§ 3,18, 23, 24, 33; M.G.L. c. 176B, §§ 8, 9, 10, 13, 17,
21; M.G.L. c. 176D, § 11; M.G.L. c. 176E, §§ 8, 9, 10, 13, 16;
M.G.L. c. 176F, §§ 8, 9, 10, 13; M.G.L. c. 176G, §§ 10, 17,
20, 20A, 25, 29;
211 CMR 20.00:
Risk-based Capital (RBC) for Insurers and
211 CMR 25.00:
Risk-based Capital (RBC) for Health Organization.
(3) An insurer or a Group of insurers that
is:
(a) Directly subject to §
404;
(b) Part of a holding company
system whose parent is directly subject to § 404;
(c) Not directly subject to § 404, but
is a SOX Compliant Entity; or
(d) A
member of a holding company system whose parent is not directly subject to
§ 404, but is a SOX Compliant Entity; may file its or its parent's §
404 Report and an addendum in satisfaction of 211 CMR 26.19(3) requirement
provided that those internal controls of the insurer or Group of insurers
having a material impact on the preparation of the insurer's or Group of
insurers' audited statutory financial statements (those items included in
211 CMR
26.06) were included in the scope of the
§ 404 Report. The addendum shall be a positive statement by management
that there are no material processes with respect to the preparation of the
insurer's or Group of insurers' audited statutory financial statements (those
items included in
211 CMR
26.06) excluded from the § 404 Report.
If there are internal controls of the insurer or Group of insurers that have a
material impact on the preparation of the insurer's or Group of insurers'
audited statutory financial statements and those internal controls were not
included in the scope of the § 404 Report, the insurer or Group of
insurers may either file a 211 CMR 26.19 report, or the § 404 Report and a
211 CMR 26.19 report for those internal controls that have a material impact on
the preparation of the insurer's or Group of insurers' audited statutory
financial statements not covered by the § 404 Report.
(4) Management's Report of Internal Control
over Financial Reporting shall include:
(a) A
statement that management is responsible for establishing and maintaining
adequate Internal control over financial reporting;
(b) A statement that management has
established Internal control over financial reporting and an assertion, to the
best of management's knowledge and belief, after diligent inquiry, as to
whether its Internal control over financial reporting is effective to provide
reasonable assurance regarding the reliability of financial statements in
accordance with statutory accounting principles;
(c) A statement that briefly describes the
approach or processes by which management evaluated the effectiveness of its
Internal control over financial reporting;
(d) A statement that briefly describes the
scope of work that is included and whether any internal controls were
excluded;
(e) Disclosure of any
unremediated material weaknesses in the Internal control over financial
reporting identified by management as of December
31st immediately preceding. (Management is not
permitted to conclude that the Internal control over financial reporting is
effective to provide reasonable assurance regarding the reliability of
financial statements in accordance with statutory accounting principles if
there is one or more unremediated material weaknesses in its Internal controls
over financial reporting.);
(f) A
statement regarding the inherent limitations of internal control systems;
and
(g) Signatures of the chief
executive officer and the chief financial officer (or equivalent
position/title).
(5)
Management shall document and make available upon financial condition
examination the basis upon which its assertions, required in 211 CMR 26.19(4),
are made. Management may base its assertions, in part, upon its review,
monitoring and testing of internal controls undertaken in the normal course of
its activities.
(a) Management shall have
discretion as to the nature of the internal control framework used, and the
nature and extent of documentation, in order to make its assertion in a cost
effective manner and, as such, may include assembly of or reference to existing
documentation.
(b) Management's
Report on Internal Control over Financial Reporting, required by 211 CMR
26.19(1), and any documentation provided in support thereof during the course
of a financial condition examination, shall be kept confidential as provided
for under M.G.L. c. 175, § 4.