Current through Register Vol. 54, No. 44, November 2, 2024
(a) An insurer that
is required to file an audited financial report and that has annual direct
written and assumed premiums equal to or greater than $500,000,000, excluding
premiums reinsured with the Federal Crop Insurance Corporation and Federal
Flood Program, shall file with the Department a management's report of internal
control over financial reporting of the insurer or insurer group. A
management's report of internal control over financial reporting shall be filed
for an insurer group if the annual direct written and assumed premiums of any
one insurer in the group is equal to or greater than $500,000,000, excluding
premiums reinsured with the Federal Crop Insurance Corporation and Federal
Flood Program. However, the Commissioner may require an insurer that has less
than $500,000,000 in annual direct written and assumed premiums, excluding
premiums reinsured with the Federal Crop Insurance Corporation and Federal
Flood Program, to file a management's report of internal control over financial
reporting under sections 501-563, 501-A-515-A, and 501-B-515-B of The Insurance
Department Act of 1921 (40 P.S. §§ 221.1-221.63,
221.1-A-221.15-A and
221.1-B-221.15-B) regarding suspension of business and risk-based capital
requirements, Chapter 160 (relating to standards to define insurers deemed to
be in hazardous financial condition) or other provisions of law. If an insurer
previously not required to file a management's report of internal control over
financial reporting because it did not meet the $500,000,000 threshold is
subsequently required to file the report because its premiums equal or exceed
the threshold, the insurer or the insurer group shall have 2 years following
the year the threshold is exceeded to file the report.
(b) The management's report of internal
control over financial reporting shall be prepared by management as of the
immediately preceding December 31, filed with the report of internal control
related matters required under §
147.9a (relating to establishment
and communication of internal control over financial reporting) and include:
(1) Statement that management is responsible
for establishing and maintaining adequate internal control over financial
reporting.
(2) Statement that
management has established internal control over financial reporting.
(3) Brief description of the approach or
processes by which management evaluated the effectiveness of its internal
control over financial reporting.
(4) Disclosure of any unremediated material
weaknesses in the internal control over financial reporting identified by
management as of the immediately preceding December 31.
(5) Assertion to the best of management's
knowledge and belief, after diligent inquiry, as to whether its internal
control over financial reporting is effective to provide reasonable assurance
regarding the reliability of financial statements in accordance with statutory
accounting principles.
(A) Management may base
its assertion, in part, upon its review, monitoring and testing of internal
controls undertaken in the normal course of its activities.
(B) Management may not assert that internal
control over financial reporting is effective to provide reasonable assurance
regarding the reliability of financial statements in accordance with statutory
accounting principles if one or more unremediated material weaknesses in
internal control over financial reporting are disclosed as required by
paragraph (4).
(C) Management shall
create and maintain documentation relating to the basis upon which its
assertion in management's report of internal control over financial reporting
is made. Management shall have discretion as to the nature and extent of
documentation to make its assertion in a cost-effective manner, including
assembly of or reference to existing documentation. The documentation shall be
made available to Department examiners and given confidential treatment under
the authority of sections 901-908 of The Insurance Department Act of 1921
(40
P.S. §§ 323.1-323.8).
(6) Statement regarding the inherent
limitations of internal control systems.
(7) Signatures of chief executive officer and
chief financial officer or individuals holding equivalent positions. A
management's report of internal control over financial reporting filed for an
insurer group must include a statement identifying the officers or individuals
in equivalent positions who have been authorized by management to sign the
report on behalf of the affiliated insurers in the group.
(c) An insurer may satisfy the requirements
of subsection (a) by filing a Section 404 report of the insurer or insurer
group if:
(1) The insurer or insurer group is
at least one of the following:
(i) Directly
subject to Section 404.
(ii) A
Sarbanes-Oxley compliant entity not directly subject to Section 404.
(iii) A member of a holding company system
whose parent is directly subject to Section 404.
(iv) A member of a holding company system
whose parent is not directly subject to Section 404 and is a Sarbanes-Oxley
compliant entity.
(2) The
scope of the Section 404 report includes internal controls of the insurer or
insurer group that have a material impact on the preparation of the audited
statutory financial statements of the insurer or insurer group as required
under §
147.4(b) and (c)
(relating to contents of annual audited financial report).
(3) The Section 404 report includes an
addendum consisting of a positive statement by management that no material
processes relating to the preparation of the audited statutory financial
statements of the insurer or insurer group, as required under §
147.4(b) and (c)
are excluded from the Section 404 report.
(d) An insurer or insurer group that
satisfies the requirements of subsection (c)(1) and (3) but the scope of its
Section 404 report does not satisfy the requirements of subsection (c)(2) may
satisfy the requirements of subsection (a) by filing one of the following:
(1) A management's report of internal control
over financial reporting as required under subsection (b).
(2) A Section 404 report and a management's
report of internal control over financial reporting for those internal controls
that have a material impact on the preparation of the audited statutory
financial statements of the insurer or insurer group and that are not included
within the scope of the Section 404 report.
(e) This section does not apply to continuing
care providers.
This section cited in 31 Pa. Code §
147.3 (relating to filing
extensions for filing required reports and
communications).
