69O-137.002. Annual Audited Financial Reports  

39(a) Independent certified public accountants;

44(b) Communication of Internal Control Related Matters Noted in an audit; and,

56(c) Management’s Report of Internal Control over Financial Reporting.

65(2)(a) Every authorized insurer, as defined in subsection (3), below, shall be subject to this rule. Insurers having direct premiums written in this state of less than $1,000,000 in any calendar year and fewer than 1,000 policyholders or certificateholders of direct written policies nationwide at the end of the calendar year shall be exempt from this rule for the year (unless the Office makes a specific finding that compliance is necessary for the Office to carry out statutory responsibilities), except that insurers having assumed premiums pursuant to contracts and/or treaties of reinsurance of $1,000,000 or more will not be so exempt. Any insurer subject to an exemption must submit by March 1 following the year to which the exemption applies an affidavit sworn to by a responsible officer of the insurer specifying the amount of direct premiums written in this state and number of policyholders or certificateholders. 217Form OIR-DO-1431, (Rev. 7/01), “Audited Financial Statements Exemption Affidavit,” is hereby incorporated by reference to be the form specified in Section 239624.424(8)(b), F.S., 241for exemptions from compliance with the filing of an annual audited financial statement. Forms are available at http://www.floir.com/iportal.

259(b) Foreign or alien insurers filing Audited Financial Reports in another state, pursuant to that state’s requirement for filing of Audited Financial Reports which has been found by the Office to be substantially similar to the requirements herein, may, in lieu of the other 303requirements herein, be exempt from subsections (4) through (13) of this rule if:

420(c) This rule shall not prohibit, preclude, or in any way limit the Office from ordering and/or conducting and/or performing examinations of insurers under its rules.

448(a) “Accountant” and “Independent Certified Public Accountant” means an independent Certified Public Accountant or accounting firm in good standing with the 469American Institute of Certified Public Accountants (AICPA) and 477in all states in which 482he or she is licensed to practice489. For Canadian and British companies, it means a Canadian-chartered or British-chartered accountant.

502(b) 503“Affiliate” of, or person “affiliated” with, a specific person, is a person that directly or indirectly through one or more intermediaries, controls, or is controlled by, or is under common control with, the person specified.

538(c) “Audit committee” means a committee (or equivalent body) established by the board of directors of an entity for the purpose of overseeing the accounting and financial reporting processes of an insurer or Group of insurers, the Internal audit function of an insurer or Group of insurers (if applicable), and external audits of financial statements of the insurer or Group of insurers. The Audit committee of any entity that controls a Group of insurers may be deemed to be the Audit committee for one or more of these controlled insurers solely for the purposes of this regulation at the election of the controlling person. Refer to paragraph (14)(e), for exercising this election. If an Audit committee is not designated by the insurer, the insurer’s entire board of directors shall constitute the Audit committee.

671(d) “Audited Financial Report” means and includes those items specified in subsection (5), below.

685(e) “Indemnification” means an agreement of indemnity or a release from liability where the intent or effect is to shift or limit in any manner the potential liability of the person or firm for failure to adhere to applicable auditing or professional standards, whether or not resulting in part from knowing of other misrepresentations made by the insurer or its representatives.

746(f) “Independent board member” has the same meaning as described in paragraph (14)(c).

759(g) “Insurer” means an authorized insurer as defined in Section 769624.09, F.S.

771(h) “Group of insurers” means those licensed insurers included in the reporting requirements of Chapter 628, Part IV, F.S. or a set of insurers as identified by management, for the purpose of assessing the effectiveness of internal control over financial reporting.

812(i) “Internal audit function” means a person or persons that provide independent, objective, and reasonable assurance designed to add value and improve an organization’s operations and accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.

860(j) “Internal control over financial reporting” means a process effected by an entity’s board of directors, management and other personnel designed to provide reasonable assurance regarding the reliability of the financial statements, i.e., those items specified in subparagraphs (5)(b)2. through 7. of this regulation, and includes those policies and procedures that:

1018(k) “Office” means the Office of Insurance Regulation.

1026(l) “SEC” means the United States Securities and Exchange Commission.

1036(m) “Section 404” means Section 404 of the Sarbanes-Oxley Act of 2002 and the SEC’s rules and regulations promulgated thereunder.

1056(n) “Section 404 Report” means management’s report on “internal control over financial reporting” as defined by the SEC and the related attestation report of the independent certified public accountant as described in paragraph (3)(a).

1090(o) “SOX Compliant Entity” means an entity that either is required to be compliant with, or voluntarily is compliant with, all of the following provisions of the Sarbanes-Oxley Act of 2002: (i) the preapproval requirements of Section 201 (Section 10A(i) of the Securities Exchange Act of 1934); (ii) the Audit committee independence requirements of Section 301 (Section 10A(m)(3) of the Securities Exchange Act of 1934); and (iii) the Internal control over financial reporting requirements of Section 404 (Item 308 of SEC Regulation S-K).

1173(p) “Section 16 Report” means a Management’s Report of Internal Control over Financial Reporting provided in subsection (17) of this rule.

1213(a) All insurers shall have an annual audit by an independent Certified Public Accountant and shall file an Audited Financial Report with the Office on or before June 1 for the year ended December 31 immediately preceding. The Office may require an insurer to file an Audited Financial Report earlier than June 1 with ninety (90) days advance notice to the insurer.

1275(b) Every insurer required to file an annual Audited Financial Report pursuant to this regulation shall designate a group of individuals as constituting its Audit committee, as defined in subsection (3). The Audit committee of an entity that controls an insurer may be deemed to be the insurer’s Audit committee for purposes of this regulation at the election of the controlling person.

1344(a) The Annual Audited Financial Report shall report the financial position of the insurer as of the end of the most recent calendar year and the results of its operations, cash flows, and changes in capital and surplus for the year then ended in conformity with statutory accounting practices prescribed, or otherwise permitted, by the state of domicile.

1402(b) The Annual Audited Financial Report shall include the following:

1628(a) Each insurer required by this rule to file an annual Audited Financial Report must, by December 31 of the year subject to audit, register with the Office in writing the name and address of the independent Certified Public Accountant or accounting firm retained to conduct the annual audit set forth in this rule.

1682(b) The insurer shall obtain a letter from the accountant, and file a copy with the Office, stating that the accountant is aware of the provisions of the Insurance Code and the Rules and Regulations of the state of domicile that relate to accounting and financial matters, and affirming that the accountant will express his or her opinion on the financial statements in terms of their conformity to the statutory accounting practices prescribed or otherwise permitted by that Insurance Department, specifying the exceptions as he or she may believe appropriate.

1772(c) If an accountant who was the accountant for the immediately preceding filed Audited Financial Report is dismissed or resigns, the insurer shall within five (5) business days notify the Office of this event. The insurer shall also furnish the Office with a separate letter within ten (10) business days of the above notification stating whether in the twenty-four (24) months preceding that event there were any disagreements with the former accountant on any matter of accounting principles or practices, financial statement disclosure, or auditing scope or procedure; which disagreements, if not resolved to the satisfaction of the former accountant, would have caused him or her to make reference to the subject matter of the disagreement in connection with his or her opinion. The disagreements required to be reported in response to this paragraph include both those resolved to the former accountant’s satisfaction and those not resolved to the former accountant’s satisfaction. Disagreements contemplated by this subsection are those that occur at the decision-making level, i.e., between personnel of the insurer responsible for presentation of its financial statements and personnel of the accounting firm responsible for rendering its report. The insurer shall also in writing request the former accountant to furnish a letter addressed to the insurer stating whether the accountant agrees with the statements contained in the insurer’s letter, and if not, stating the reasons for which he or she does not agree; and the insurer shall furnish the responsive letter from the former accountant to the Office together with its own.

2032(a) The Office shall not recognize any person or firm as a qualified independent Certified Public Accountant if the person or firm:

2125(b) Except as otherwise provided in this rule, the Office shall recognize an independent Certified Public Accountant as qualified as long as he or she prepares reports, filings, and statements as required by the Florida Insurance Code, and conforms to the standards of his or her profession as contained in the Rules and Regulations and Code of Ethics and Rules of Professional Conduct of the Florida Board of Public Accountancy, or similar code.

2424(d) The Office shall neither recognize as a qualified independent Certified Public Accountant, nor accept an annual Audited Financial Report prepared in whole or in part by any natural person who:

2566(e) In accordance with the provisions of Sections 2574624.307 2575and 2576624.324, F.S., 2578and in its own rules of departmental practice, the Office shall conduct a hearing to determine whether an independent Certified Public Accountant is qualified if Office records do not contain sufficient information to demonstrate that the Certified Public Accountant is qualified. Considering the evidence presented, the Office shall conclude that the accountant is not qualified for purposes of expressing his or her opinion on the financial statements in the annual Audited Financial Report made pursuant to this rule, if the accountant fails to meet the qualifications and other requirements of this rule. If the accountant is found to be not qualified, the Office shall require the insurer to replace the accountant with another whose relationship with the insurer is qualified within the meaning of this rule. Upon determination by the Office that the accountant is not qualified to express an opinion on the financial statements in the annual Audited Financial Report made pursuant to this rule the insurer may request a hearing pursuant to Section 2743120.57, F.S.

2745(f) A qualified independent certified accountant may enter into an agreement with an insurer to have disputes relating to an audit resolved by mediation or arbitration. However, in the event of a delinquency proceeding commenced against the insurer under Chapter 631, F.S., the mediation or arbitration provisions shall operate at the option of the statutory successor.

3119(h) Insurers having direct written and assumed premiums of less than $100,000,000 in any calendar year may request an exemption from subparagraph (g)1. The insurer shall file with the Office a written statement discussing the reasons why the insurer should be exempt from these provisions. If the Office finds, upon review of this statement, that compliance with this regulation would constitute an undue financial or organizational hardship upon the insurer, an exemption shall be granted.

3196(i) A qualified independent certified public accountant who performs the audit may engage in other non-audit services, including tax services that are not described in subparagraph (g)1., or that do not conflict with subparagraph (g)2., only if the activity is approved in advance by the Audit committee, in accordance with paragraph (j).

3248(j) All auditing services and non-audit services provided to an insurer by the qualified independent certified public accountant of the insurer shall be preapproved by the Audit committee. The preapproval requirement is waived with respect to non-audit services if the insurer is a SOX Compliant Entity or a direct or indirect wholly-owned subsidiary of a SOX Compliant Entity or:

3437(k) The Audit committee may delegate to one or more designated members of the Audit committee the authority to grant the preapprovals required by paragraph (l). The decisions of any member to whom this authority is delegated shall be presented to the full Audit committee at each of its scheduled meetings.

3639(a) An insurer may make written application to the Office for approval to file audited consolidated or combined financial statements in lieu of separate annual audited financial statements if the insurer is part of a group of insurance companies which utilizes a pooling or one hundred percent reinsurance agreement that affects the solvency and integrity of the insurer’s reserves, and the insurer cedes all of its direct and assumed business to the pool. In these cases, a columnar consolidating or combining worksheet shall be filed with the report, as follows:

3930(c) Approval to consolidate or combine statements shall be granted unless the Office makes a specific finding that approval would prevent the Office from carrying out its statutory responsibilities.

4206(a) The insurer required to furnish the annual Audited Financial Report shall require the independent Certified Public Accountant to report, in writing, within five (5) business days to the board of directors or its Audit committee any determination by the independent Certified Public Accountant that the insurer has materially misstated its financial condition as reported to the Office as of the balance sheet date currently under audit, or that the insurer does not meet the minimum capital and surplus requirement of the Florida Insurance Code as of that date. An insurer who has received a report pursuant to this paragraph shall forward a copy of the report to the Office within five (5) business days of receipt of said report and shall provide the independent Certified Public Accountant making the report with evidence of the report being furnished to the Office. If the independent Certified Public Accountant fails to receive the evidence within the required five (5) business day period, the independent Certified Public Accountant shall furnish to the Office a copy of its report within the next five (5) business days.

4388(b) An independent certified public accountant shall not be liable in any manner to any person for any statement made in connection with the above paragraph if the statement is made in good faith in compliance with the above paragraph.

4428(c) If the accountant, subsequent to the date of the Audited Financial Report filed pursuant to this rule, becomes aware of facts which might have affected his report, the 4457Office notes the obligation of the accountant to take such action as prescribed in 4471AU-C 560 4473of the Professional Standards of the AICPA, 4480Subsequent Events and Subsequently Discovered Facts, 4486effective 12/15/124488.

4500(a) In addition to the annual Audited Financial Report, each insurer 4511shall furnish the Office with a written communication as to any unremediated material weaknesses in its Internal control over financial reporting noted during the audit. Such communication shall be prepared by the accountant within sixty (60) days after the filing of the annual Audited Financial Report, and shall contain a description of any unremediated material weakness (as the term material weakness is defined by AU-C 265 of the Professional Standards of the AICPA, 4584Communicating Internal Control Related Matters Identified in an Audit), 4593effective 12/15/12, 4595as of December 31 immediately preceding (so as to coincide with the Audited Financial Report discussed in subsection (4)) in the insurer’s Internal control over financial reporting noted by the accountant during the course of their audit of the financial statements. If no unremediated material weaknesses were noted, the communication should so state.

4648(b) The insurer is required to provide a description of remedial actions taken or proposed to correct unremediated material weaknesses if the actions are not described in the accountant’s communication.

4683(a) The accountant shall furnish a letter to the insurer in connection with, and for inclusion in, the filing of the annual Audited Financial Report.

4708(b) The letter shall state:

4964(a) Workpapers are the records kept by the independent Certified Public Accountant of the procedures followed, the tests performed, the information obtained, and the conclusions reached pertinent to the accountant’s audit of the financial statements of an insurer. Workpapers, accordingly, may include audit planning documentation, work programs, analyses, memoranda, letters of confirmation and representation, abstracts of company documents and schedules, or commentaries prepared or obtained by the independent Certified Public Accountant in the course of his or her audit of the financial statements of an insurer, and which support the accountant’s opinion.

5056(b) Every insurer required to file an Audited Financial Report pursuant to this rule shall require the accountant to make available for review by Office examiners all workpapers prepared in the conduct of the accountant’s audit, and any communications related to the audit between the accountant and the insurer, at the offices of the insurer, at the Office or at any other reasonable place designated by the Office. The insurer shall require that the accountant retain the audit workpapers and communications until the Office has filed a Report on Examination covering the period of the audit, but no less than seven (7) years from the date of the audit report.

5166(c) In the conduct of the aforementioned periodic review by the Office examiners, it shall be agreed that photocopies of pertinent audit workpapers may be made and retained by the Office. The reviews by the Office examiners shall be considered investigations, and all working papers and communications obtained during the course of the investigations shall be afforded the same confidentiality as other examination workpapers generated by the Office until the Report of Examination is filed by the Office.

5284(a) The Audit committee shall be directly responsible for the appointment, compensation and oversight of the work of any accountant (including resolution of disagreements between management and the accountant regarding financial reporting) for the purpose of preparing or issuing the Audited Financial Report or related work pursuant to this rule. Each accountant shall report directly to the Audit committee.

5343(b) The Audit committee of an insurer or Group of insurers shall be responsible for overseeing the insurer’s Internal audit function and granting the person or persons performing the function suitable authority and resources to fulfill their responsibilities if required by subsection 15 of this Regulation.

5389(c) 5390Each member of the Audit committee shall be a member of the board of directors of the insurer or a member of the board of directors of an entity elected pursuant to paragraphs (f) and (3)(c).

5426(d) In order to be considered independent for purposes of this section, a member of the Audit committee may not, other than in his or her capacity as a member of the Audit committee, the board of directors, or any other board committee, accept any consulting, advisory or other compensatory fee from the entity or be an affiliated person of the entity or any subsidiary thereof.

5492(e) If a member of the Audit committee ceases to be independent for reasons outside the member’s reasonable control, that person, with notice by the responsible entity to the state, may remain an Audit committee member of the responsible entity until the earlier of the next annual meeting of the responsible entity or one year from the occurrence of the event that caused the member to be no longer independent.

5562(f) To exercise the election of the controlling person to designate the Audit committee for purposes of this regulation, the ultimate controlling person shall provide written notice to the Office of the affected insurers. Notification shall be made timely prior to the issuance of the statutory audit report and include a description of the basis for the election. The election can be changed through notice to the Office by the insurer, which shall include a description of the basis for the change. The election shall remain in effect for perpetuity, until rescinded.

5832(h) The proportion of independent Audit committee members shall meet or exceed the following criteria:

5909Note A: The Office has authority afforded by Section 5918624.4085, F.S., 5920to require the entity’s board to enact improvements to the independence of the Audit committee membership if the insurer is in a Risk Based Capital action level event, meets one or more of the standards of an insurer deemed to be in hazardous financial condition, or otherwise exhibits qualities of a troubled insurer.

5973Note B: All insurers with less than $500,000,000 in prior year direct written and assumed premiums are encouraged to structure their Audit committees with at least a supermajority of independent Audit committee members.

6008Note C: Prior calendar year direct written and assumed premiums shall be the combined total of direct premiums and assumed premiums from non-affiliates for the reporting entities.

6035(i) An insurer with direct written and assumed premium, excluding premiums reinsured with the Federal Crop Insurance Corporation and Federal Flood Program, less than $500,000,000 may make application to the Office for a waiver from the subsection (14), requirements based upon hardship. The insurer shall file, with its annual statement filing, the approval for relief from subsection (14), with the states that it is licensed in or doing business in and the NAIC. If the non-domestic state accepts electronic filing with the NAIC, the insurer shall file the approval in an electronic format acceptable to the NAIC.

6139(a) Exemption – An insurer is exempt from the requirements of this section if:

6238(b) Note: An insurer or Group of insurers exempt from the requirements of subsection (15) is encouraged, but not required, to conduct a review of the insurer business type, sources of capital, and other risk factors to determine whether an Internal audit function is warranted. The potential benefits of an Internal audit function should be assessed and compared against the estimated costs.

6300(c) Function – The insurer or Group of insurers shall establish an Internal audit function providing independent, objective, and reasonable assurance to the Audit committee and insurer management regarding the insurer’s governance, risk management, and internal controls. This assurance shall be provided by performing general and specific audits, reviews, and tests and by employing other techniques deemed necessary to protect assets, evaluate control effectiveness and efficiency, and evaluate compliance with policies and regulations.

6373(d) Independence – In order to ensure that internal auditors remain objective, the Internal audit function must be organizationally independent. Specifically, the Internal audit function will not defer ultimate judgment on audit matters to others, and shall appoint an individual to head the Internal audit function who will have direct and unrestricted access to the board of directors. Organizational independence does not preclude dual-reporting relationships.

6438(e) Reporting – The head of the Internal audit function shall report to the Audit committee regularly, but no less than annually, on the periodic audit plan, factors that may adversely impact the Internal audit function’s independence or effectiveness, material findings from completed audits, and the appropriateness of corrective actions implemented by management as a result of audit findings.

6497(f) Additional Requirements – If an insurer is a member of an insurance holding company system or included in a Group of insurers, the insurer may satisfy the Internal audit function requirements set forth in this section at the ultimate controlling parent level, an intermediate holding company level, or the individual legal entity level.

6565(a) No director or officer of an insurer shall, directly or indirectly:

6656(b) No officer or director of an insurer, or any other person acting under the direction thereof, shall directly or indirectly take any action to coerce, manipulate, mislead or fraudulently influence any accountant engaged in the performance of an audit pursuant to this regulation if that person knew or should have known that the action, if successful, could result in rendering the insurer’s financial statements materially misleading.

6723(c) For purposes of paragraph (b) of this section, actions that, “if successful, could result in rendering the insurer’s financial statements materially misleading” include, but are not limited to, actions taken at any time with respect to the professional engagement period to coerce, manipulate, mislead or fraudulently influence an accountant:

6851(a) Every insurer required to file an Audited Financial Report pursuant to this regulation that has annual direct written and assumed premiums, excluding premiums reinsured with the Federal Crop Insurance Corporation and Federal Flood Program, of $500,000,000 or more shall prepare a report of the insurer’s or Group of insurers’ Internal control over financial reporting, as these terms are defined in subsection (3). The report shall be filed with the Office along with the Communication of Internal Control Related Matters Noted in an Audit described under subsection (11). Management’s Report of Internal Control over Financial Reporting shall be as of December 31 immediately preceding.

6957(b) Notwithstanding the premium threshold in paragraph (16)(a), the Office shall require an insurer to file Management’s Report of Internal Control over Financial Reporting if the insurer is in any Risk Based Capital level event, or meets any one or more of the standards of an insurer deemed to be in hazardous financial condition. “Hazardous financial condition” shall mean any of the conditions that subject an insurer to suspension or revocation of its certificate of authority as provided in Section 7037624.418, F.S.

7039(c) An insurer or a Group of insurers that is:

7325(d) Management’s Report of Internal Control over Financial Reporting shall include:

7553(e) Management shall document and make available upon financial condition examination the basis upon which its assertions, required in paragraph (d), above, are made. Management may base its assertions, in part, upon its review, monitoring and testing of internal controls undertaken in the normal course of its activities.

7687(a) Upon written application of any insurer, the Office shall grant an exemption from compliance with any and all provisions of this rule if the Office finds, upon review of the application, that 7720compliance with this regulation would constitute an undue financial or organizational hardship upon the insurer.

7735(b) Domestic insurers shall comply with this rule for the year ending December 31, 2010, and each year thereafter.

7754(c) Foreign insurers shall comply with this rule for the year ending December 31, 2010, and each year thereafter.

7773(d) The requirements of paragraph (7)(c), shall be in effect for audits of the year ending December 31, 2010, and thereafter.

7794(e) The requirements of subsection (14), are to be in effect for audits of the year ending December 31, 2010. An insurer or Group of insurers that is not required to have independent Audit committee members or only a majority of independent Audit committee members (as opposed to a supermajority) because the total written and assumed premium is below the threshold and subsequently becomes subject to one of the independence requirements discussed in this paragraph due to changes in premium shall have one (1) year following the year the threshold is exceeded (but not earlier than January 1, 2010) to comply with the independence requirements discussed in this paragraph. Likewise, an insurer that becomes subject to one of the independence requirements discussed in this paragraph as a result of a business combination shall have one (1) calendar year following the date of acquisition or combination to comply with the independence requirements.

7945(f) 7946The requirements of subsection (17), and other modified sections, except for subsection (14), covered above, are effective beginning with the reporting period ending December 31, 2010, and each year thereafter. An insurer or Group of insurers that is not required to file a report because the total written premium is below the threshold and subsequently becomes subject to the reporting requirements shall have two (2) years following the year the threshold is exceeded (but not earlier than December 31, 2010) to file a report. Likewise, an insurer acquired in a business combination shall have two (2) calendar years following the date of acquisition or combination to comply with the reporting requirements.

8057(g) If an insurer or Group of insurers that has been exempt from the subsection 15 requirements no longer qualifies for that exemption, it shall have one year after the year the threshold is exceeded to comply with the requirements of this rule.

8105(a) In the case of Canadian and British insurers, the annual Audited Financial Report shall be defined as the annual statement of total business on the form filed by the companies with their supervision authority duly audited by an independent chartered accountant.

8147(b) For these insurers, the letter required in paragraph (6)(b), above, shall state that the accountant is aware of the requirements relating to the annual Audited Financial Report filed with the Office pursuant to subsection (4), above, and shall affirm that the opinion expressed is in conformity with these requirements.

8247(a) The following standards are hereby incorporated by reference:

8395(b) 8396The standards incorporated in this section are available: