The rule is being amended to conform to the amendments to the National Association of Insurance Commissioners (NAIC) Annual Financial Reporting Model Regulation model rule.  

  •  

    DEPARTMENT OF FINANCIAL SERVICES

    OIR – Insurance Regulation

    RULE NO.:RULE TITLE:

    69O-137.002Annual Audited Financial Reports

    PURPOSE AND EFFECT: The rule is being amended to conform to the amendments to the National Association of Insurance Commissioners (NAIC) Annual Financial Reporting Model Regulation model rule.

    SUMMARY: The rule is amended to add a section for internal audits and defines “internal audit function.”

    SUMMARY OF STATEMENT OF ESTIMATED REGULATORY COSTS AND LEGISLATIVE RATIFICATION:

    The Agency has determined that this will not have an adverse impact on small business or likely increase directly or indirectly regulatory costs in excess of $200,000 in the aggregate within one year after the implementation of the rule. A SERC has not been prepared by the Agency.

    The Agency has determined that the proposed rule is not expected to require legislative ratification based on the statement of estimated regulatory costs or if no SERC is required, the information expressly relied upon and described herein: Agency personnel familiar with the subject matter of the rule amendment have performed an economic analysis of the rule amendment that shows that the rule amendment is unlikely to have an adverse impact on the State economy in excess of the criteria established in Section 120.541(2)(a), Florida Statutes.

    Any person who wishes to provide information regarding a statement of estimated regulatory costs, or provide a proposal for a lower cost regulatory alternative must do so in writing within 21 days of this notice.

    RULEMAKING AUTHORITY: 624.308(1); 624.4085; 624.424(8)(e) FS.

    LAW IMPLEMENTED: 624.307(1); 624.324; 624.424(8) FS.

    IF REQUESTED WITHIN 21 DAYS OF THE DATE OF THIS NOTICE, A HEARING WILL BE SCHEDULED AND ANNOUNCED IN THE FAR.

    THE PERSON TO BE CONTACTED REGARDING THE PROPOSED RULE IS: Michael Lawrence, Jr., Assistant General Counsel, Office of Insurance Regulation, Michael.LawrenceJr@floir.com, (850)413-4112.

     

    THE FULL TEXT OF THE PROPOSED RULE IS:

     

    69O-137.002 Annual Audited Financial Reports.

    (1) through (2) No change.

    (3) Definitions.

    (a) through (b) No change.

    (c) “Audit committee” means a committee (or equivalent body) established by the board of directors of an entity for the purpose of overseeing the accounting and financial reporting processes of an insurer or Group of insurers, the Internal audit function of an insurer or Group of insurers (if applicable), and external audits of financial statements of the insurer or Group of insurers. The Audit committee of any entity that controls a Group of insurers may be deemed to be the Audit committee for one or more of these controlled insurers solely for the purposes of this regulation at the election of the controlling person. Refer to paragraph (14)(e), for exercising this election. If an Audit committee is not designated by the insurer, the insurer’s entire board of directors shall constitute the Audit committee.

    (d) through (h) No change.

    (i) “Internal audit function” means a person or persons that provide independent, objective, and reasonable assurance designed to add value and improve an organization’s operations and accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.

    (j)(i) “Internal control over financial reporting” means a process effected by an entity’s board of directors, management and other personnel designed to provide reasonable assurance regarding the reliability of the financial statements, i.e., those items specified in subparagraphs (5)(b)2. through 7. of this regulation, and includes those policies and procedures that:

    1. through 3. No change.

    (k)(j) “Office” means the Office of Insurance Regulation.

    (l)(k) “SEC” means the United States Securities and Exchange Commission.

    (m)(l) “Section 404” means Section 404 of the Sarbanes-Oxley Act of 2002 and the SEC’s rules and regulations promulgated thereunder.

    (n)(m) “Section 404 Report” means management’s report on “internal control over financial reporting” as defined by the SEC and the related attestation report of the independent certified public accountant as described in paragraph (3)(a).

    (o)(n) “SOX Compliant Entity” means an entity that either is required to be compliant with, or voluntarily is compliant with, all of the following provisions of the Sarbanes-Oxley Act of 2002: (i) the preapproval requirements of Section 201 (Section 10A(i) of the Securities Exchange Act of 1934); (ii) the Audit committee independence requirements of Section 301 (Section 10A(m)(3) of the Securities Exchange Act of 1934); and (iii) the Internal control over financial reporting requirements of Section 404 (Item 308 of SEC Regulation S-K).

    (p)(o) “Section 16 Report” means a Management’s Report of Internal Control over Financial Reporting provided in subsection (16) of this rule.

    (4) through (8) No change.

    (9) Scope of Audit and Report of Independent Certified Public Accountant. Financial statements furnished pursuant to subsection (5), above, shall be examined by the independent certified public accountant. The audit of the insurer’s financial statements shall be conducted in accordance with generally accepted auditing standards. In accordance with AU Section 319 of the Professional Standards of the AICPA, Consideration of Internal Control in a Financial Statement Audit, the independent certified public accountant should obtain an understanding of internal control sufficient to plan the audit. To the extent required by AU 319, for those insurers required to file a Management’s Report of Internal Control over Financial Reporting pursuant to subsection (17) (16), the independent certified public accountant should consider (as that term is defined in AU Section 120 of the Professional Standards of the AICPA, Defining Professional Requirements in Statements on Auditing Standards) the most recently available report in planning and performing the audit of the statutory financial statements. Consideration should also be given to the other procedures illustrated in the Financial Condition Examiner’s Handbook promulgated by the National Association of Insurance Commissioners (incorporated by reference in rule 69O-138.001, F.A.C.) as the independent Certified Public Accountant deems necessary.

    (10) through (13) No change.

    (14) Requirements for Audit Committee.

    This section shall not apply to foreign or alien insurers licensed in this state or an insurer that is a SOX Compliant Entity or a direct or indirect wholly-owned subsidiary of a SOX Compliant Entity.

    (a) No change.

    (b) The Audit committee of an insurer or Group of insurers shall be responsible for overseeing the insurer’s Internal audit function and granting the person or persons performing the function suitable authority and resources to fulfill their responsibilities if required by subsection 15 of this Regulation.

    (c)(b) Each member of the Audit committee shall be a member of the board of directors of the insurer or a member of the board of directors of an entity elected pursuant to paragraphs (f) (e) and (3)(c).

    (d)(c) In order to be considered independent for purposes of this section, a member of the Audit committee may not, other than in his or her capacity as a member of the Audit committee, the board of directors, or any other board committee, accept any consulting, advisory or other compensatory fee from the entity or be an affiliated person of the entity or any subsidiary thereof.

    (e)(d) If a member of the Audit committee ceases to be independent for reasons outside the member’s reasonable control, that person, with notice by the responsible entity to the state, may remain an Audit committee member of the responsible entity until the earlier of the next annual meeting of the responsible entity or one year from the occurrence of the event that caused the member to be no longer independent.

    (f)(e) To exercise the election of the controlling person to designate the Audit committee for purposes of this regulation, the ultimate controlling person shall provide written notice to the Office of the affected insurers. Notification shall be made timely prior to the issuance of the statutory audit report and include a description of the basis for the election. The election can be changed through notice to the Office by the insurer, which shall include a description of the basis for the change. The election shall remain in effect for perpetuity, until rescinded.

    (g)(f)1. The Audit committee shall require the accountant that performs for an insurer any audit required by this regulation to timely report to the Audit committee in accordance with the requirements of AU Section 380 of the Professional Standards of the AICPA, Communication with Audit Committees, including:

    a. through c. No change.

    2. If an insurer is a member of an insurance holding company system, the reports required by subparagraph (g)1., (f)1., may be provided to the Audit committee on an aggregate basis for insurers in the holding company system, provided that any substantial differences among insurers in the system are identified to the Audit committee.

    (h)(g) The proportion of independent Audit committee members shall meet or exceed the following criteria:

    Prior Calendar Year Direct Written and Assumed Premiums

    $0 – 300,000,000

    Over $300,000,000 – 500,000,000

    Over 500,000,000

    No minimum requirements.

    See also Notes A and B.

    Majority (50% or more) of members shall be independent. See also Notes A and B.

    Supermajority of members (75% or more) shall be independent. See also Note A.

    Note A: The Office has authority afforded by Section 624.4085, F.S., to require the entity’s board to enact improvements to the independence of the Audit committee membership if the insurer is in a Risk Based Capital action level event, meets one or more of the standards of an insurer deemed to be in hazardous financial condition, or otherwise exhibits qualities of a troubled insurer.

    Note B: All insurers with less than $500,000,000 in prior year direct written and assumed premiums are encouraged to structure their Audit committees with at least a supermajority of independent Audit committee members.

    Note C: Prior calendar year direct written and assumed premiums shall be the combined total of direct premiums and assumed premiums from non-affiliates for the reporting entities.

    (i)(h) An insurer with direct written and assumed premium, excluding premiums reinsured with the Federal Crop Insurance Corporation and Federal Flood Program, less than $500,000,000 may make application to the Office for a waiver from the subsection (14), requirements based upon hardship. The insurer shall file, with its annual statement filing, the approval for relief from subsection (14), with the states that it is licensed in or doing business in and the NAIC. If the non-domestic state accepts electronic filing with the NAIC, the insurer shall file the approval in an electronic format acceptable to the NAIC.

    (15) Internal Audit Function Requirements

    (a) Exemption – An insurer is exempt from the requirements of this section if:

    1. The insurer has annual direct written and unaffiliated assumed premium, including international direct and assumed premium but excluding premiums reinsured with the Federal Crop Insurance Corporation and Federal Flood Program, less than $500,000,000; and,

    2. If the insurer is a member of a Group of insurers, the group has annual direct written and unaffiliated assumed premium, including international direct and assumed premium but excluding premiums reinsured with the Federal Crop Insurance Corporation and Federal Flood Program, less than $1,000,000,000.

    (b) Note: An insurer or Group of insurers exempt from the requirements of subsection (15) is encouraged, but not required, to conduct a review of the insurer business type, sources of capital, and other risk factors to determine whether an Internal audit function is warranted.  The potential benefits of an Internal audit function should be assessed and compared against the estimated costs.

    (c) Function – The insurer or Group of insurers shall establish an Internal audit function providing independent, objective, and reasonable assurance to the Audit committee and insurer management regarding the insurer’s governance, risk management, and internal controls. This assurance shall be provided by performing general and specific audits, reviews, and tests and by employing other techniques deemed necessary to protect assets, evaluate control effectiveness and efficiency, and evaluate compliance with policies and regulations.

    (d) Independence – In order to ensure that internal auditors remain objective, the Internal audit function must be organizationally independent. Specifically, the Internal audit function will not defer ultimate judgment on audit matters to others, and shall appoint an individual to head the Internal audit function who will have direct and unrestricted access to the board of directors. Organizational independence does not preclude dual-reporting relationships.

    (e) Reporting – The head of the Internal audit function shall report to the Audit committee regularly, but no less than annually, on the periodic audit plan, factors that may adversely impact the Internal audit function’s independence or effectiveness, material findings from completed audits, and the appropriateness of corrective actions implemented by management as a result of audit findings.

    (f) Additional Requirements – If an insurer is a member of an insurance holding company system or included in a Group of insurers, the insurer may satisfy the Internal audit function requirements set forth in this section at the ultimate controlling parent level, an intermediate holding company level, or the individual legal entity level.

    (16)(15) Conduct of Insurer in Connection with the Preparation of Required Reports and Documents.

    (a) through (c) No change.

    (17)(16) Management’s Report of Internal Control over Financial Reporting.

    (a) through (e) No change.

    (18)(17) Exemptions and Effective Dates.

    (a) through (e) No change.

    (f) The requirements of subsection (17), (16), and other modified sections, except for subsection (14), covered above, are effective beginning with the reporting period ending December 31, 2010, and each year thereafter. An insurer or Group of insurers that is not required to file a report because the total written premium is below the threshold and subsequently becomes subject to the reporting requirements shall have two (2) years following the year the threshold is exceeded (but not earlier than December 31, 2010) to file a report. Likewise, an insurer acquired in a business combination shall have two (2) calendar years following the date of acquisition or combination to comply with the reporting requirements.

    (g) If an insurer or Group of insurers that has been exempt from the subsection 15 requirements no longer qualifies for that exemption, it shall have one year after the year the threshold is exceeded to comply with the requirements of this rule.

    (19)(18) Canadian and British Companies.

    (a) through (b) No change.

    (20)(19) Severability Provision.

    If any section or portion of this rule or its applicability to any person or circumstance is held invalid by a court, the remainder of the rule or the applicability of the provision to other persons or circumstances shall not be affected.

    (21)(20) Standards Incorporated by Reference.

    (a) through (b) No change.

    Rulemaking Authority 624.308(1), 624.4085, 624.424(8)(e) FS. Law Implemented 624.307(1), 624.324, 624.424(8) FS. History–New 3-31-92, Amended 3-14-94, 8-17-98, 4-4-01, 8-14-02, Formerly 4-137.002, Amended 11-3-05, 9-21-10, ____________.

     

    NAME OF PERSON ORIGINATING PROPOSED RULE: Michael Lawrence, Jr., Assistant General Counsel, Office of Insurance Regulation, Michael.LawrenceJr@floir.com, (850) 413-4112.

    NAME OF AGENCY HEAD WHO APPROVED THE PROPOSED RULE: Financial Services Commission

    DATE PROPOSED RULE APPROVED BY AGENCY HEAD: July 25, 2019

    DATE NOTICE OF PROPOSED RULE DEVELOPMENT PUBLISHED IN FAR: March 11, 2019

Document Information

Comments Open:
8/6/2019
Summary:
The rule is amended to add a section for internal audits and defines “internal audit function.”
Purpose:
The rule is being amended to conform to the amendments to the National Association of Insurance Commissioners (NAIC) Annual Financial Reporting Model Regulation model rule.
Rulemaking Authority:
624.308(1); 624.4085; 624.424(8)(e) FS.
Law:
624.307(1); 624.324; 624.424(8) FS.
Contact:
Michael Lawrence, Jr., Assistant General Counsel, Office of Insurance Regulation, Michael.LawrenceJr@floir.com, (850) 413-4112.
Related Rules: (1)
69O-137.002. Annual Audited Financial Reports