Current through all regulations passed and filed through September 16, 2024
(A) Purpose
(1) The purpose of this rule is to facilitate
the department's surveillance of the financial condition of insurers by
requiring (a) an annual audit of financial statements reporting the financial
position and results of operation of insurers by independent certified public
accountants, (b) communication of internal control related matters noted in an
audit, and (c) management's report of internal control over financial
reporting. This rule shall apply to all insurers, except those insurers having
direct premiums written of less than one million dollars and having less than
one thousand policyholders nationwide at the end of any year. Those insurers
will be exempt from this rule for the year they do not meet this threshold
unless the superintendent makes a specific finding that compliance by the
insurer is necessary for the superintendent to carry out his or her statutory
responsibilities. Insurers having assumed premiums to contracts and/or treaties
of reinsurance of one million dollars or more will not be exempt. Insurers
filing audited financial reports in another state, pursuant to such other
state's requirement of audited financial reports, which are found by the
superintendent to be substantially similar to the requirements herein, are
exempt from this rule if:
(a) A copy of the
audited financial report, communication of internal control related matters
noted in audit, and the accountant's letter of qualifications, which are filed
with such other states are filed with the superintendent in accordance with the
filing dates specified in paragraphs (D), (K) and (L) of this rule. (Canadian
insurers may submit accountants' reports as filed with the office of the
superintendent of financial institutions, Canada); and
(b) A copy of any notification or report of
adverse financial condition filed with such other state is filed with the
superintendent within the time specified in paragraph (J) of this rule. Foreign
or alien insurers required to file management's report of internal control over
financial reporting in another state are exempt from filing the report in this
state provided the other state has substantially similar reporting requirements
and the report is filed with the superintendent of the other state within the
time specified.
(2) This
rule shall not prohibit, preclude or in any way limit the superintendent from
ordering, conducting and performing examinations of insurers under the rules
and regulations and the practice and procedures of the department.
(B) Authority
This rule is promulgated pursuant to the authority vested in
the superintendent under section
3901.041
of the Revised Code which requires the superintendent to adopt, amend, and
rescind rules and make adjudications necessary to discharge his or her duties
and exercise his or her powers under Title XXXIX of the Revised Code, subject
to sections
119.01
to
119.13
of the Revised Code. This rule is issued to implement sections
3901.04,
3901.07
and
3901.77
of the Revised Code.
(C)
Definitions
(1) "Audited Financial Report"
means the annual report defined in the items specified in paragraph (E) of this
rule.
(2) "Accountant" and
"Independent Certified Public Accountant" mean an independent certified public
accountant or accounting firm, as defined by the general standards of the
"American Institute of Certified Public Accountants," in good standing with the
"American Institute of Certified Public Accountants" and in all states in which
it is licensed to practice; for Canadian and British companies, it means a
Canadian-chartered or British-chartered accountant.
(3) An "affiliate" of, or person "affiliated"
with, a specific person, is a person that directly, or indirectly through one
or more intermediaries, controls, or is controlled by, or is under common
control with, the person specified.
(4) "Audit committee" means a committee (or
equivalent body) established by the board of directors of an entity for the
purpose of overseeing the accounting and financial reporting process of an
insurer or group of insurers, the internal audit function of an insurer or
group of insurers (if applicable), and external audits of financial statements
of the insurer or group of insurers. The audit committee of any entity that
controls a group of insurers may be deemed to be the audit committee for one or
more of these controlled insurers solely for the purposes of this rule at the
election of the controlling person. Refer to paragraph (N) of this rule for
exercising this election. If an audit committee is not designated by the
insurer, the insurer's entire board of directors shall constitute the audit
committee.
(5) "Department" means
the Ohio department of insurance.
(6) "Indemnification" means an agreement of
indemnity or a release from liability where the intent or effect is to shift or
limit in any manner the potential liability of the person or firm for failure
to adhere to applicable auditing or professional standards, whether or not
resulting in part from knowing of other misrepresentations made by the insurer
or its representatives.
(7)
"Independent board member" has the same meaning as described in paragraph (N)
of this rule.
(8) "Internal audit
function" means a person or persons that provide independent, objective and
reasonable assurance designed to add value and improve an organization's
operations and accomplish its objectives by bringing a systematic disciplined
approach to evaluate and improve the effectiveness of risk management, control
and governance processes.
(9)
"Internal control over financial reporting" means a process effected by an
entity's board of directors, management and other personnel designed to provide
reasonable assurance regarding the reliability of the financial statements,
i.e., those items specified in paragraphs (E)(2) to (E)(7) of this rule, and
includes those policies and procedures that:
(a) Pertain to the maintenance of records
that, in reasonable detail, accurately and fairly reflect the transactions and
dispositions of assets;
(b) Provide
reasonable assurance that transactions are recorded as necessary to permit
preparation of the financial statements, i.e., these items specified in
paragraphs (E)(2) to (E)(7) of this rule, and that receipts and expenditures
are being made only in accordance with authorizations of management and
directors; and
(c) Provide
reasonable assurance regarding prevention or timely detection of unauthorized
acquisition, use or disposition of assets that could have a material effect on
the financial statements, i.e., these items specified in paragraphs (E)(2) to
(E)(7) of this rule.
(10)
"SEC" means the United States securities and exchange commission.
(11) "Section 404" means section 404 of the
Sarbanes-Oxley Act of 2002 and the SEC's rules and regulations promulgated
thereunder.
(12) "Section 404
Report" means management's report on "internal control over financial
reporting" as defined by the SEC and the related attestation report of the
independent certified public accountant as described in paragraph (C)(2) of
this rule.
(13) "SOX Compliant
Entity" means an entity that either is required to be compliant with, all of
the following provisions of the Sarbanes-Oxley Act of 2002:
(i) the preapproval requirements of section
201 (section 10A(i) of the Securities Exchange Act of 1934);
(ii) the audit committee independence
requirements of section 301 (section 10A(m)(3) of the Securities Exchange Act
of 1934); and
(iii) the internal
control over financial reporting requirements of section 404 (item 308 of SEC
regulation S-K0).
(14)
"Insurer" means
an entity licensed
pursuant to Chapter
1739.,
1751., 3907., 3909., 3911., 3925., 3929., 3931.
or 3953. of the Revised Code.
(15)
"Group of Insurers" means those
entities included in the
reporting requirements of sections
3901.32
to
3901.37
of the Revised Code, or a set of insurers as identified by management, for the
purpose of assessing the effectiveness of internal controls over financial
reporting.
(16) "Statutory
accounting practices" has the meaning defined in the current editions of
"Annual Statement Instructions" and the "Accounting Practices and Procedures
Manual" published by the "National Association of Insurance Commissioners," or
as otherwise prescribed by the insurance department of the insurer's state of
domicile.
(17) "Superintendent"
means the superintendent of the Ohio department of
insurance.
(18) "Workpapers"
means the records kept by an independent certified public accountant of the
procedures followed, the tests performed, the information obtained, and the
conclusions reached pertinent to his or her audit of the financial statements
of an insurer. Workpapers may include audit planning documentation, work
programs, analyses, memoranda, letters of confirmation and representation,
abstracts of company documents and schedules of commentaries prepared or
obtained by the independent certified public accountant in the course of his or
her audit of the financial statements of an insurer and, which support his or
her opinion thereof.
(D)
General requirements related to filing and extensions for filing of audited
financial reports and audit committee appointment
All insurers shall have an annual audit by an independent
certified public accountant and shall file an audited financial report as a
supplement to the annual statement with the superintendent on or before June
first for the immediately preceding year ended December thirty-first.
Extensions of the June first filing date may be granted in writing by the
superintendent for thirty day periods upon showing by the insurer and its
independent certified public accountant the reasons for requesting such
extension and determination by the superintendent of good cause for an
extension. The request for an extension must be submitted in writing not less
than ten days prior to the due date in sufficient detail to permit the
superintendent to make an informed decision with respect to the requested
extension.
If an extension is granted, a similar extension of thirty days
is granted to the filing of management's report of internal control over
financial reporting.
Every insurer required to file an annual audited financial
report pursuant to this rule shall designate a group of individuals as
constituting its audit committee, as defined in paragraph (C)(4) of this rule.
The audit committee of any entity that controls an insurer may be deemed to be
the insurer's audit committee for purposes of this rule at the election of the
controlling person.
The superintendent may require an insurer to file an audited
financial report earlier than June first with ninety days advance notice to the
insurer.
(E) Contents of
audited financial report
The audited financial report shall report the financial
condition of the insurer as of the end of the most recent calendar year and the
results of its operations, cash flows, and changes in capital and surplus for
the year then ended in conformity with statutory accounting practices. The
audited financial report shall include the following items:
(1) Report of independent certified public
accountant;
(2) Balance sheet
reporting admitted assets, liabilities, capital and surplus;
(3) Statement of operations;
(4) Statement of cash flows;
(5) Statement of changes in capital and
surplus;
(6) Notes to financial
statements. These notes shall be those appropriate to a CPA audited financial
report, based on applicability, materiality and significance, taking into
account the subjects covered in the instructions to and illustrations of how to
report information in the notes to financial statements section of the "NAIC"
annual statement instructions and any other notes required by the "NAIC
Accounting Practices and Procedures Manual" and shall include:
(a) A reconciliation of differences, if any,
between the audited statutory financial statements and the annual financial
statement filed with the superintendent including a written description of the
nature of these differences; and
(b) A narrative explanation of all
significant intercompany transactions and balances; and
(c) A summary of ownership and relationships
of the insurer and all affiliated companies.
(7) The financial statements included in the
audited financial report shall be prepared in a form and using language and
groupings substantially the same as the relevant sections of the annual
financial statement of the insurer filed with the superintendent and:
(a) The financial statements shall be
comparative, presenting the amounts as of December thirty-first of the current
year and amounts as of the immediately preceding year ending December
thirty-first. (However, in the first year in which an insurer is required to
file an audited financial report, the comparative data may be omitted);
and
(b) Amounts may be rounded to
the nearest thousand dollars.
(F) Designation of independent certified
public accountant
(1) Each insurer required by
this rule to file an audited financial report must, within sixty days after
becoming subject to such requirement, register with the superintendent, in
writing, the name and address of the independent certified public accountant
retained to conduct the annual audit required in this rule. Insurers not
previously retaining an independent certified public accountant shall register
the name and address of their retained independent certified public accountant
not less than six months before the date when the first audited financial
report is to be filed.
(2) The
insurer shall obtain a letter from such accountant, and file a copy of such
letter with the superintendent, stating that the accountant is aware of the
provisions of the insurance code and the rules and regulations of the insurance
department of its state of domicile that relate to accounting and financial
matters and affirming that he or she will express his or her opinion on the
financial statements of the insurer in the terms of their conformity to the
statutory accounting practices prescribed or otherwise permitted by such
insurance department, specifying such exceptions as he or she may believe
appropriate. If an accountant, who was not the accountant for the insurer's
most recently filed audited financial report, is engaged to audit the insurer's
financial statements, the insurer shall, within thirty days of the date the
accountant is engaged, notify the department of this event.
(3) If an accountant who was the accountant
for the immediately preceding filed audited financial report is dismissed or
resigns, the insurer shall within five business days notify the department of
insurance of this event. The insurer shall also furnish the superintendent with
a separate letter within ten business days of the above notification stating
whether in the twenty four months preceding such engagement there were any
disagreements with the former accountant on any matter of accounting principles
or practices, financial statement disclosure, or auditing scope or procedure,
which disagreements, if not resolved to the satisfaction of the former
accountant, would have caused him or her to make reference to the subject
matter of the disagreement in connection with his or her opinion. Disagreements
contemplated by this paragraph are those that occur at the decision-making
level, i.e., between personnel of the insurer responsible for presentation of
its financial statements and personnel of the accounting firm responsible for
rendering its report. The insurer shall also request, in writing, such former
accountant to furnish a letter, addressed to the insurer, stating whether the
accountant agrees with the statements contained in the insurer's letter and, if
not, stating the reasons for which he or she does not agree; and the insurer
shall furnish such responsive letter from the former accountant to the
superintendent, together with its own letter.
(G) Qualifications of independent certified
public accountant
An insurer may not use any person or firm as an independent
certified public accountant if such person or firm:
(1) is not in good standing with the
"American Institute of Certified Public Accountants" in all states in which the
person or firm is licensed to practice or, for a Canadian or British company,
that is not a chartered accountant;
(2) has either directly or indirectly entered
into an agreement of indemnity or release from liability (collectively referred
to as "indemnification") with respect to the audit of the insurer. Except as
otherwise provided herein, an insurer may use a certified public accountant as
its independent certified public accountant only if and for as long as such
accountant conforms to the standards of his or her profession, as contained in
the "Code of Professional Conduct" of the "American Institute of Certified
Public Accountants" and "Rules of Professional Conduct" of the "Accountancy
Board of Ohio," or similar code.
The lead (or coordinating) audit partner (having primary
responsibility for the audit) may not act in that capacity for more than five
consecutive years. The person shall be disqualified from acting in that or a
similar capacity for the same company or its insurance subsidiaries or
affiliates for a period of five consecutive years. An insurer may make
application to the superintendent of insurance for relief from the above
rotation requirement on the basis of unusual circumstances. This application
should be made at least thirty days before the end of the calendar year. The
superintendent may consider the following factors in determining if the relief
should be granted:
(a) number of
partners, expertise of the partners or the number of insurance clients in the
currently registered firm;
(b)
premium volume of the insurer; or
(c) number of jurisdictions in which the
insurer transacts business. The insurers shall file, with its annual statement
filing, the proof of relief from the five years limitation with the states that
it is licensed in or doing business in and with the "National Association of
Insurance Commissioners." If the nondomestic state accepts electronic files
with the NAIC, the insurer shall file the approval in an electronic format
acceptable to the "National Association of Insurance Commissioners."
The superintendent shall not recognize as a qualified
independent certified public accountant, nor accept any annual audited
financial report, prepared in whole or in part by, any natural person who (1)
has been convicted of fraud, bribery, a violation of the Racketeer Influenced
and Corrupt Organizations Act, 18 U.S.C. sections 1961-1968, or any dishonest
conduct or practices under federal or state law; (2) has been found to have
violated the insurance laws of this state with respect to any previous reports
submitted under this rule; or (3) has demonstrated a pattern or practice of
failing to detect or disclose material information in previous reports filed
under the provisions of this requirement.
The superintendent may hold a hearing to determine whether a
certified public accountant is qualified and, considering the evidence
presented, may rule that the accountant is not qualified for purposes of
expressing his or her opinion on the financial statements in the annual audited
financial report made pursuant to this requirement and require the insurer to
replace the accountant with another whose relationship with the insurer is
qualified within the meaning of this requirement.
(1) The superintendent shall not recognize as
a qualified independent certified public accountant, nor accept an annual
audited financial report, prepared in whole or in part by an accountant who
provides to an insurer, contemporaneously with the audit, the following
non-audit services:
(a) Bookkeeping or other
services related to the accounting records or financial statements of the
insurer;
(b) Financial information
systems design and implementation;
(c) Appraisal or valuation services, fairness
opinions, or contribution-in-kind reports;
(d) Actuarial-oriented advisory services
involving the determination of amounts recorded in the financial statements.
The accountant may assist an insurer in understanding the methods, assumptions
and inputs used in the determination of amounts recorded in the financial
statement only if it is reasonable to conclude that the services provided will
not be subject to audit procedures during an audit of the insurer's financial
statements. An accountant's actuary may also issue an actuarial opinion or
certification ("opinion") on an insurer's reserves if the following conditions
have been met:
(i) Neither the accountant nor
the accountant's actuary has performed any management functions or made any
management decisions:
(ii) The
insurer has competent personnel (or engages a third party actuary) to estimate
the reserves for which management takes responsibility:
(iii) The accountant's actuary tests the
reasonableness of the reserves after the insurer's management has determined
the amount of the reserves:
(e) Internal audit outsourcing
services:
(f) Management functions
or human resources:
(g) Broker or
dealer, investment advisor, or investment banking services:
(h) Legal services or expert services
unrelated to the audit: or
(i) Any
other services that the superintendent determines, by rule, are
impermissible.
(2) In
general, the principles of independence with respect to services provided by
the qualified independent certified public accountant are largely predicted on
three basic principles, violations of which would impair the accountant's
independence. The principles are that the accountant cannot function in the
role of management, cannot audit his or her own work, and cannot serve in an
advocacy role for the insurer.
Insurers having direct written and assumed premiums of less
than one hundred million dollars in any calendar year may request an exemption
from this paragraph. The insurer shall file with the superintendent a written
statement discussing the reasons why the insurer should be exempt from these
provisions. If the superintendent finds, upon review of this statement, that
compliance with this rule would constitute a financial or organizational
hardship upon the insurer, an exemption may be granted.
(3) A qualified independent certified public
accountant who performs the audit may engage in other non-audit services for an
insurer, including tax services, that are not described in paragraph (G)(1) of
this rule or that do not conflict with paragraph (G)(2) of this rule, only if
the activity is approved in advance by the audit committee for the insurer, in
accordance with paragraph (G)(4) of this rule.
(4) All auditing services and non-audit
services provided to an insurer by the qualified independent certified public
accountant of the insurer shall be preapproved by the audit committee of the
insurer. The preapproval requirement is waived with respect to non-audit
services if the insurer is a "SOX" compliant entity or a direct or indirect
wholly-owned subsidiary of a "SOX" compliant entity or;
(a) The aggregate amount of all such
non-audit services provided to the insurer constitutes not more than five per
cent of the total amount of fees paid by the insurer to its qualified
independent certified public account during the fiscal year in which the
non-audit services are provided:
(b) The services were not recognized by the
insurer at the time of the engagement to be non-audit services; and
(c) The services are promptly brought to the
attention of the audit committee and approved prior to the completion of the
audit by the audit committee or by one or more members of the audit committee
who are members of the board of directors to whom authority to grant such
approvals has been delegated by the audit committee.
(5) The audit committee of an insurer may
delegate to one or more designated members of the audit committee the authority
to grant the preapprovals required by paragraph (G)(4) of this rule. The
decisions of any member to whom this authority is delegated shall be presented
to the full audit committee at each of its scheduled meetings.
(6) The superintendent shall not recognize an
independent certified public accountant as qualified for particular insurer if
a member of the board, president, chief executive officer, controller, chief
financial officer, chief accounting officer, or any person serving in an
equivalent position for that insurer, was employed by the independent certified
public accountant and participated in the audit of that insurer during the one
year period preceding the date that the most current statutory opinion is due.
This section shall only apply to partners and senior managers involved in the
insurer's preceding audit. An insurer may make an application to the
superintendent for relief from the requirement on the basis of unusual
circumstances.
(7) The insurer
shall file, with its annual statement filing, the approval for relief from
paragraph (G)(6) of this rule with the states that it is licensed in or doing
business in and the NAIC. If the nondomestic state accepts electronic filing
with the NAIC, the insurer shall file the approval in an electronic format
acceptable to the NAIC.
(H) Consolidated or combined audits
An insurer may make an annual written application to the
superintendent for approval to file audited consolidated or combined financial
statements in lieu of separate annual audited financial statements if the
insurer is part of a group of insurance companies which utilizes a pooling or
one hundred percent reinsurance agreement that affects the solvency and
integrity of the insurer's reserves and such insurer cedes all of its direct
and assumed business to the pool. In such cases, a columnar consolidating or
combining worksheet shall be filed with the report, as follows:
(1) Amounts shown on the consolidated or
combined audited financial report shall be shown on the worksheet;
(2) Amounts for each insurer subject to this
rule shall be stated separately;
(3) Non-insurance operations may be shown on
the worksheet on a combined or individual basis;
(4) Explanations of consolidating and
eliminating entries shall be included; and
(5) A reconciliation shall be included of any
differences between the amounts shown in the individual insurer columns of the
worksheet and comparable amounts shown on the financial statements of the
insurers.
(I) Scope of
audit and report of independent certified public accountant
Financial statements furnished pursuant to paragraph (E) of
this rule shall be examined by an independent certified public accountant. The
audit of the insurer's financial statements shall be conducted in accordance
with generally accepted auditing standards. In accordance with AU section 319
of the professional standards of the accountants "American Institute of
Certified Public Accountants," consideration of internal control in a financial
statement audit, the independent certified public accountant should obtain an
understanding of internal control sufficient to plan the audit. To the extent
required by AU section 319, for those insurers required to file a management's
report of internal control over financial reporting pursuant to paragraph (Q)
of this rule, the independent certified public accountant should consider (as
that term is defined in Statement on Auditing Standards (SAS) No. 102, defining
professional requirements in statements on auditing standards or its
replacement) the most recently available report in planning and performing the
audit of the statutory financial statements. Consideration should be given to
such other standards illustrated in the "Financial Condition Examiner's
Handbook" promulgated by the "National Association of Insurance Commissioners"
as the independent certified public accountant deems necessary.
(J) Notification of adverse
financial condition
(1) The insurer required
to furnish the annual audited financial report shall require the independent
certified public accountant to report in writing within five business days to
the board of directors or its audit committee any determination by the
independent certified public accountant that the insurer has materially
misstated its financial condition as reported to the superintendent as of the
balance sheet date currently under audit or that the insurer does not meet the
minimum capital and surplus requirement of the Revised Code as of that date. An
insurer who has received a report pursuant to this paragraph shall forward a
copy of the report to the superintendent within five business days of receipt
of such report and shall provide the independent certified public accountant
making the report with evidence of the report being furnished to the
superintendent. If the independent certified public accountant fails to receive
such evidence within the required five business day period, the independent
certified public accountant shall furnish to the superintendent a copy of its
report within the next five business days.
(2) No independent certified public
accountant shall be liable in any manner to any person for any statement made
in connection with the above paragraph if such statement is made in good faith
in compliance with the above paragraph.
(3) If the accountant, subsequent to the date
of the audited financial report filed pursuant to this rule, becomes aware of
facts which might have affected his or her report, the department shall note
the obligation of the accountant to take such action as prescribed in volume
one, section AU five hundred sixty one of the "Professional Standards of the
American Institute of Certified Public Accountants," as amended.
(K) Communication of internal
control related matters noted in an audit
In addition to the annual audited financial report, each
insurer shall furnish the superintendent with a written communication as to any
unremediated material weakness in its internal controls over financial
reporting noted during the audit. Such communication shall be prepared by the
accountant within sixty days after the filing of the annual audited financial
report, and shall contain:
(1) A
description of any unremediated material weakness (as the term material
weakness is defined by statement on auditing standard sixty, communication of
internal control related matters noted in an audit, or its replacement) as of
December thirty-first immediately preceding (so as to coincide with the audited
financial report discussed in paragraph (D) of this rule) in the insurer's
internal control over financial reporting noted by the accountant during the
course of their audit of the financial statements. If no unremediated material
weaknesses are noted, the communication should so state.
(2) The insurer is required to provide a
description of remedial action taken or proposed to correct unremediated
material weaknesses, if the actions are not described in the accountant's
communications.
(L)
Accountant's letter of qualifications
The accountant shall furnish the insurer in connection with,
and for inclusion in, the filing of the annual audited financial report, a
letter stating:
(1) That he or she is
independent with respect to the insurer and conforms to the standards of his or
her profession as contained in the "Code of Professional Ethics" and
pronouncements of the "American Institute of Certified Public Accountants" and
the "Rules of Professional Conduct" of the "Accountancy Board of Ohio" or other
state board of public accountancy that performs the same licensing
function.
(2) The background and
experience in general, and the experience in audits of insurers of the staff
assigned to the engagement and whether each is an independent certified public
accountant. Nothing within this requirement shall be construed as prohibiting
the accountant from utilizing such staff as he or she deems appropriate where
such use is consistent with the standards prescribed by generally accepted
auditing standards.
(3) That the
accountant understands the annual audited financial report and his or her
opinion thereon will be filed in compliance with this requirement and that the
superintendent will be relying on this information in the monitoring and
regulation of the financial position of insurers.
(4) That the accountant consents to the
requirements of paragraph (M) of this rule and that the accountant consents and
agrees to make available for review by the superintendent his or her designee
or his or her appointed agent, the workpapers, as defined in paragraph (C)(18)
of this rule.
(5) A representation
that the accountant is properly licensed by
an appropriate state licensing authority and is a
member in good standing in the "American Institute of Certified Public
Accountants."
(6) A representation
that the accountant is in compliance with the requirements of paragraph (G) of
this rule.
(M)
Availability and maintenance of independent certified public accountant
workpapers
Every insurer required to file an audited financial report
pursuant to this rule shall require the accountant to make available for review
by department examiners the workpapers prepared in the conduct of his or her
audit and any communications related to the audit between the accountant and
the insurer, at the offices of the insurer, at the department, or at any other
reasonable place designated by the superintendent. The insurer shall require
that the accountant retain the workpapers and communications until the
domiciliary department has filed a report on examination covering the period of
the audit, but for no longer than seven years from the date of the audit
report.
In the conduct of the aforementioned periodic review by the
domiciliary department examiners, it shall be agreed that photocopies of
pertinent audit workpapers may be made and retained by the domiciliary
department. Such reviews by the domiciliary department examiners shall be
considered investigations and all workpapers and communications obtained during
the course of such investigations shall be afforded the same confidentiality as
other examination workpapers generated by the domiciliary department.
(N) Requirements for audit
committees
This section shall not apply to foreign or alien insurers
licensed in this state or an insurer that is a "SOX" compliant entity or a
direct or indirect wholly-owned subsidiary of a "SOX" compliant entity.
The audit committee shall be directly responsible for the
appointment, compensation and oversight of the work of any accountant
(including resolution of disagreements between management and the accountant
regarding financial reporting) for the purpose of preparing or issuing audited
financial report or related work pursuant to this regulation. Each accountant
shall report directly to the audit committee.
The audit committee of an insurer or group of insurers shall be
responsible for overseeing the insurer's internal audit function and granting
the person or persons performing the function suitable authority and resources
to fulfill their responsibilities if required by paragraph (O) of this
rule.
Each member of the audit committee shall be a member of the
board of directors of the insurer or a member of the board of directors of an
entity elected pursuant to this paragraph and paragraph (C)(4) of this
rule.
In order to be considered independent for purposes of this
rule, a member of the audit committee may not, other than in his or her
capacity as a member of the audit committee, the board of directors, or any
other board committee, accept any consulting, advisory or other compensatory
fee from the entity or be an affiliated person of the entity or any subsidiary
thereof. However, if law requires the board participation by otherwise
non-independent members, that law shall prevail and such members may
participate in the audit committee and be designated as independent for audit
committee purposes, unless they are an officer or employee of the insurer or
one of its affiliates.
If a member of the audit committee ceases to be independent for
reasons outside the member's reasonable control, that person, with notice by
the responsible entity to the domiciliary state, may remain an audit committee
member of the responsible entity until the earlier of the next annual meeting
of the responsible entity or one year from the occurrence of the event that
caused the member to be no longer independent.
To exercise the election of the controlling person to designate
the audit committee for purposes of this rule, the ultimate controlling person
shall provide written notice to the domiciliary commissioners of the affected
insurers. Notification shall be made timely prior to the issuance of the
statutory audit report and include a description of the basis for the election.
The election can be changed through notice to the domiciliary commissioner by
the insurer, which shall include a description of the basis for the change. The
election shall remain in effect for perpetuity, until rescinded.
The audit committee shall require the accountant that performs
for an insurer any audit required by this regulation to timely report to the
audit committee in accordance with the requirements of "SAS" No. 61,
"Communication with Audit Committees," or its replacement, including: All
significant accounting policies and material permitted practices; All material
alternative treatments of financial information within statutory accounting
principles that have been discussed with management officials of the insurer,
ramifications of the use of the alternative disclosures and treatments, and the
treatment preferred by the accountant; and other material written
communications between the accountant and the management of the insurer, such
as any management letter or schedule of unadjusted differences.
If an insurer is a member of an insurance holding company
system, the reports required above may be provided to the audit committee on an
aggregate basis for insurers in the holding company system, provided that any
substantial differences among insurers in the system are identified to the
audit committee.
The portion of independent audit committee members shall meet
or exceed the following criteria:
Prior Calendar Year Direct Written and Assumed Premiums
|
$0- $300,000,000 |
$300,000,000- $500,000,000 |
Over $500,000,000 |
|
No minimum requirements. See also note A and
B. |
Majority (50% or more) of members shall be independent.
See also note A and B. |
Supermajority of members (75% or more) shall be
independent. See also Note A and B. |
Note A: The superintendent has authority afforded by state law
to require the entity's board to enact improvements to the independence of the
audit committee membership if the insurer is in a "RBC" action level event,
meets one or more of the standards of an insurer deemed to be in hazardous
financial condition, or otherwise exhibits qualities of a troubled
insurer.
Note B: All insurers with less than five hundred million
dollars in prior year direct written and assumed premiums are encouraged to
structure their audit committees with at least a supermajority of independent
audit committee members.
Note C: Prior calendar year direct written and assumed premiums
shall be the combined total of direct premiums and assumed premiums from
non-affiliates for the reporting entities.
An insurer with direct written and assumed premium, excluding
premiums reinsured with the federal crop insurance corporation and federal
flood program, less than five hundred million dollars may make application to
the superintendent for a waiver from these requirements based upon hardship.
The insurer shall file, with its annual statement filing, the approval for
relief from paragraph (N) of this rule with the states that it is licensed in
or doing business in and the NAIC. If the non-domestic state accepts electronic
filing with the NAIC, the insurer shall file the approval in an electronic
format acceptable to the NAIC.
(O) Internal audit function requirements
(1) An insurer is exempt from the
requirements of paragraph (O) of this rule if:
(a) The insurer has annual direct written and
unaffiliated assumed premium, including international direct and assumed
premium but excluding premiums reinsured with the "Federal Crop Insurance
Corporation" and "Federal Flood Program," less than five hundred million
dollars; and
(b) If the insurer is
a member of a group of insurers that has an annual direct written and
unaffiliated assumed premium including international direct and assumed
premium, but excluding premiums reinsured with the "Federal Crop Insurance
Corporation" and "Federal Flood Program," less than one billion
dollars.
(2) The insurer
or group of insurers shall establish an internal audit function providing
independent, objective and reasonable assurance to the audit committee and
insurer management regarding the insurer's governance, risk management and
internal controls. This assurance shall be provided by performing general and
specific audits, reviews and tests and by employing other techniques deemed
necessary to protect assets, evaluate control effectiveness and efficiency, and
evaluate compliance with policies and regulations.
(3) In order to ensure that internal auditors
remain objective, the internal audit function must be organizationally
independent. Specifically, the internal audit function will not defer ultimate
judgment on audit matters to others, and shall appoint an individual to head
the internal audit function who will have direct and unrestricted access to the
board of directors. Organizational independence does not preclude
dual-reporting relationships.
(4)
The head of internal audit function shall report to the audit committee
regularly, but no less than annually, on the periodic audit plan, factors that
may adversely impact the internal audit function's independence or
effectiveness, material findings from completed audits and the appropriateness
of corrective actions implemented by management as a result of audit
findings.
(5) If an insurer is a
member of an insurance holding company system or included in a group of
insurers, the insurer may satisfy the internal audit function requirements set
forth in paragraph (O) of this rule at the ultimate controlling parent level,
an intermediate holding company level or the individual legal entity
level.
(P) Conduct of
insurer in connection with the preparation of required reports and documents
No director or officer of an insurer shall, directly or
indirectly:
(1) Make or cause to be
made a materially false or misleading statement to an accountant in connection
with any audit, review or communication required under this rule; or
(2) Omit to state, or cause another person to
omit to state, any material fact necessary in order to make statements made, in
light of the circumstances under which the statements were made, not misleading
to an accountant in connection with any audit, review or communication required
under this rule.
No officer or director of an insurer, or any other person
acting under the direction thereof, shall directly or indirectly take any
action to coerce, manipulate, mislead or fraudulently influence any accountant
engaged in the performance of an audit pursuant to this rule if that person
knew or should have known that the action, if successful, could result in
rendering the insurer's financial statements materially misleading.
Actions that, "if successful, could result in rendering the
insurer's financial statements materially misleading" include, but are not
limited to, actions taken at any time with respect to the professional
engagement period to coerce, manipulate, mislead or fraudulently influence an
accountant:
(a) To issue or reissue a
report on an insurer's financial statements that is not warranted in the
circumstances (due to material violations of statutory accounting principles
prescribed by the commissioner, generally accepted auditing standards, or other
professional or regulatory standards):
(b) Not to perform audit, review or other
procedures required by generally accepted auditing standards or other
professional standards;
(c) Not to
withdraw an issued report; or
(d)
Not to communicate matters to an insurer's audit committee.
(Q) Management's report
of internal control over financial reporting
Every insurer required to file an audited financial report
pursuant to this rule that has annual direct written and assumed premiums,
excluding premiums reinsured with the federal crop insurance corporation and
federal flood program, of five hundred million dollars or more shall prepare a
report of the insurer's or group of insurer's internal control over financial
reporting as these terms are defined in paragraph (C) of this rule. The report
shall be filed with the superintendent along with the communication of internal
control related matters noted in an audit described in paragraph (K) of this
rule. Management's report of internal control over financial reporting shall be
as of December thirty-first immediately preceding.
Notwithstanding the premium threshold, as stated above, the
superintendent may require an insurer to file management's report of internal
control over financial reporting if the insurer is in any "RBC" level event, or
meets any one or more of the standards of an insurer deemed to be in hazardous
financial condition as defined in sections
3903.09
and
3903.71
of the Revised Code and rule
3901-3-04
of the Administrative Code.
An insurer or a group of insurers that is:
(1) Directly subject to "Section
404";
(2) Part of a holding company
system whose parent is directly subject to "Section 404";
(3) Not directly subject to "Section 404" but
is a "SOX" compliant entity; or
(4)
A member of a holding company system whose parent is not directly subject to
"Section 404" but is a "SOX" compliant entity, may file its or
its parents "Section 404" report on internal control and an addendum in
satisfaction of this paragraph's requirement provided that those internal
controls of the insurer or group of insurers having a material impact on the
preparation of the insurer or group of insurers' its audited statutory
financial statements were included in the scope of the "Section 404" reports.
The addendum shall be a positive statement by management that there are no
material processes with respect to the preparation of the insurer's or group of
insurers' audited statutory financial statements excluded from the "Section
404" report. If there are internal controls of the insurer or group of insurers
that have a material impact on the preparation of the insurer's or group of
insurers' audited statutory financial statements and those internal controls
were not included in the scope of the "Section 404" report, the insurer or
group of insurers may either file (a) a report as required by paragraph (Q) of
this rule, or (b) the "Section 404" report and a report as required by
paragraph (Q) of this rule for those internal controls that have a material
impact on the insurer's or group of insurers' audited statutory financial
statements not covered by the "Section 404" report.
Management's report of internal control over financial
reporting shall include:
(a) A
statement that management is responsible for establishing and maintaining
adequate control over financial reporting;
(b) A statement that management has
established internal control over financial reporting and an assertion to the
best of management's knowledge and belief, after diligent inquiry, as to
whether its internal control over financial reporting is effective to provide
reasonable assurance regarding the reliability of financial statements in
accordance with statutory accounting principles;
(c) A statement that briefly describes the
approach or process by which management evaluated the effectiveness of its
internal control over financial reporting;
(d) A statement that briefly describes the
scope of work that is included and whether any internal controls were
excluded;
(e) Disclosure of any
unremediated material weaknesses in internal control over financial reporting
identified by management as of December thirty-first immediately preceding.
Management is not permitted to conclude that the internal control over
financial reporting is effective to provide reasonable assurance regarding the
reliability of financial statements in accordance with statutory accounting
principles if there is one or more unremediated material weakness in its
internal controls over financial reporting;
(f) A statement regarding the inherent
limitations of internal control systems; and
(g) Signatures of the chief executive officer
and the chief financial officer (or equivalent position/title).
Management shall document and make available upon financial
condition examination the basis upon which its assertions, required in above,
are made. Management may base its assertions, in part, upon its review,
monitoring and testing of internal controls undertaken in the normal course of
its activities.
(i) Management shall
have discretion as to the nature of the internal control framework used, and
the nature and extent of documentation, in order to make its assertion in a
cost effective manner, as such, may include assembly of or reference to
existing documentation.
(ii)
Management's report on internal control over financial reporting, required
above, and any documentation provided in support thereof during the course of a
financial condition examination, shall be kept confidential by the
superintendent.
(R) Exemptions and effective dates
(1) Upon written application of any insurer,
the superintendent may grant an exemption from compliance with any and all
provisions this rule if the superintendent finds, upon review of the
application, that compliance with this rule would constitute a financial or
organizational hardship upon the insurer. An exemption may be granted at any
time and from time to time for any specified period. Domestic insurers
retaining an independent certified public accountant on the effective date of
this rule shall comply with this rule for the year ending December 31, 2008,
and each year thereafter unless the superintendent permits otherwise. Domestic
insurers not retaining an independent certified public accountant on the
effective date of this rule shall meet the following schedule for compliance,
unless the superintendent gives his or her written permission otherwise.
(a) For the year ending December 31, 2008,
file with the superintendent an audited financial report:
(b) For the year ending December 31, 2009,
and each year thereafter, such insurers shall file with the superintendent all
reports and communications required by this rule.
(2) Foreign insurers shall comply with this
rule for the year ending December 31, 2009, and each year thereafter, unless
the superintendent gives his or her written permission otherwise.
(3) The requirements of paragraph (G) of this
rule shall be in effect for audits of the year beginning January 1, 2010 and
thereafter.
(4) The requirements of
paragraph (N) of this rule are to be in effect January 1, 2010. An insurer or
group of insurers that is not required to have independent audit committee
members or only a majority of independent audit committee members (as opposed
to a supermajority) because the total written and assumed premium is below the
threshold and subsequently becomes subject to one of the independence
requirements due to changes in premium shall have one year following the year
threshold is exceeded (but not earlier than January 1, 2010) to comply with the
independence requirements. Likewise, an insurer that becomes subject to one of
the independence requirements as a result of a business combination shall have
one calendar year following the date of acquisition or combination to comply
with the independence requirements.
(5)
The requirements
of paragraph (O) of this rule are to be in effect January 1, 2016. If an
insurer or group of insurers that is exempt from paragraph (O) of this rule
requirements no longer qualifies for the exemption, it shall have one year
after the threshold is exceeded to comply with the requirements of paragraph
(O) of this rule.
(6) The requirements
of paragraph (Q) of this rule , except for paragraph (N) of
this rule covered above, are effective beginning with the reporting period
December 31, 2010 and each year thereafter. An insurer or group of insurers
that is not required to file a report because the total written premium is
below the threshold and subsequently becomes subject to the reporting
requirements shall have two years following the year the threshold is exceeded
(but not earlier than December 31, 2010) to file a report. Likewise, an insurer
acquired in a business combination shall have two calendar years following the
date of acquisition or combination to comply with the reporting
requirements.
(S)
Canadian and British companies
In the case of Canadian and British insurers, the audited
financial report shall be defined as the annual statement of total business on
the form filed by such companies with their domiciliary supervision authority
duly audited by an independent chartered accountant. For such insurers, the
letter required in paragraph (F)(2) of this rule shall state that the
accountant is aware of the requirements relating to the audited financial
report filed with the superintendent pursuant to paragraph (Q) of this rule and
shall affirm that the opinion expressed is in conformity with such
requirements.
(T)
Severability
If any paragraph, term or provision of this rule is adjudged
invalid for any reason, the judgment shall not affect, impair or invalidate any
other paragraph, term or provision of this rule, but the remaining paragraphs,
terms and provisions shall be and continue in full force and effect.
