5722: COMMITTEE SUMMARY (11-12-08) - INSURANCE AUDITING PROCEDURES

INSURANCE AUDITING PROCEDURES H.B. 5722 (H-2): COMMITTEE SUMMARY
[Please see the PDF version of this analysis, if available, to view this image.]

House Bill 5722 (Substitute H-2 as passed by the House)
Sponsor: Representative Virgil Smith
House Committee: Insurance
Senate Committee: Economic Development and Regulatory Reform

Date Completed: 11-12-08

CONTENT
The bill would amend the Insurance Code to do all of the following:

-- Require insurers that must file an annual audited financial report to designate an audit committee.
-- Specify that an extension granted on the deadline of an insurer's annual audited financial report would have to include an extension on the filing of management's report of internal control over financial reporting.
-- Refer to accounting practices prescribed by the Commissioner of Financial and Insurance Regulation in requirements pertaining to the reporting of an insurer's financial condition in the annual audited financial report.
-- Revise and expand requirements for the Commissioner's recognition of a person or firm as an independent public accountant for purposes of an insurer's annual audited financial report.
-- Allow a qualified independent public accountant who performed an insurer's annual audited financial report to engage in certain other nonaudit services, if the activity were preapproved by the audit committee, and allow that preapproval to be waived under certain circumstances.
-- Revise requirements regarding an independent public accountant's responsibility to report deficiencies in an insurer's internal control structures.
-- Establish specific audit requirements for a domestic insurer that was not a "SOX compliant entity".
-- Specify prohibited actions of a director or officer of an insurer.
-- Require certain insurers that must file an audited financial report to prepare a report of the insurer's or group of insurers' internal control over financial reporting, and establish requirements of such a report.
-- Allow the Commissioner, upon written application of any insurer, to grant an exemption from compliance with any or all provisions of the Code relating to an annual audited financial report.
-- Require a reinsurance agreement to provide that the agreement constituted the entire agreement between the parties and that there were no understandings between them except as expressed in the agreement.

The provisions of the bill dealing with audit requirements for a domestic insurer that was not a SOX compliant entity would take effect on January 1, 2010. The provisions requiring reports of insurers' internal control over financial reporting would take effect beginning with the reporting period ending December 31, 2010.

Annual Audit

Extension. Under Chapter 10 (Annual Audited Financial Reports) of the Insurance Code, each insurer authorized to do business
in Michigan must have an annual audit by an independent public accountant and file an audited financial report with the Commissioner by June 1 for the immediately preceding calendar year. The Commissioner may grant extension of the June 1 filing date for 30-day periods upon a showing by the insurer and its independent public accountant of the reasons for requesting the extension and upon a determination by the Commissioner of good cause for an extension.

Under the bill, an extension granted under that provision would have to include a 30-day extension to the filing of management's report of "internal control over financial reporting". The bill would define "internal control over financial reporting" as a process effected by an entity's board of directors, management, and other personnel designed to provide reasonable assurance regarding the reliability of the financial statement filed with the Commissioner, including the following:

-- Policies and procedures pertaining to the maintenance of records that, in reasonable detail, accurately and fairly reflect the transactions and dispositions of assets.
-- Policies and procedures providing reasonable assurance that transactions are recorded as necessary to permit preparation of the financial statement filed with the Commissioner and that receipts and expenditures are being made only in accordance with authorizations of management and directors.
-- Policies and procedures providing reasonable assurance regarding prevention or timely detection of unauthorized acquisition, use, or disposition of assets that could have a material effect on the financial statement filed with the Commissioner.

Audit Committee. The bill would require each insurer required to file an annual audited financial report under Chapter 10 to designate a group of individuals as constituting its audit committee. The audit committee of an entity that controlled an insurer could be the insurer's audit committee for purposes of Chapter 10 at the election of the controlling person.

Financial Reports. Chapter 10 requires the annual audited financial report to report the insurer's financial condition as of the end of the most recent calendar year and the results of its operations, cash flows, and changes in capital and surplus for the year in conformity with accounting practices prescribed or otherwise permitted by the Commissioner. These include notes to financial statements required by the Commissioner's annual statement instructions and any other notes required by generally accepted accounting principles, which must include both of the following:

-- A reconciliation of differences, if any, between the audited financial statements and the annual statement filed under the Code with a written description of the nature of the differences.
-- A summary of ownership and relationships of the insurer and all affiliated companies, including a disclosure of all significant intercompany transactions and balances.

The bill would replace the reference to other notes required by generally accepted accounting principles with a reference to accounting practices prescribed by the Commissioner. It also would delete requirements that the report include the summary of ownership and relationships of the insurer and affiliated companies.

Independent Public Accountant

The Commissioner may not recognize a person or firm as an independent public accountant unless the person or firm is in good standing with the American Institute of Certified Public Accountants and in good standing in all states in which the accountant is licensed to practice or, for a Canadian or British company, unless the person or firm is a chartered accountant. Under the bill, the Commissioner also could not recognize a person or firm as an independent public accountant if the person or firm either directly or indirectly entered into an indemnification agreement, whether an agreement of indemnity or release from liability, with respect to the insurer's audit.

The bill would authorize a qualified independent accountant to enter into an agreement with an insurer to have disputes relating to an audit resolved by mediation or arbitration. If a delinquency proceeding were commenced against the insurer under Chapter 81 (Supervision, Rehabilitation, and Liquidation) of the Code, however, the mediation or arbitration provision would have to operate at the option of the statutory successor.

An individual independent public accountant or a partner or other person responsible for rendering a report by an independent public accounting firm retained to conduct an annual audit under Chapter 10 may not act in that capacity for the same insurer for more than seven consecutive years. The bill would reduce this period to not more than five consecutive years and would refer to an individual independent public accountant or a lead partner having primary responsibility for an annual audit or other person responsible for rendering a report.

After the seven-year period of service, an individual independent public accountant or partner or other responsible person for the accounting firm may not conduct an annual audit under Chapter 10 for the same insurer or its insurance subsidiaries or affiliates for a period of two years. The bill would change that limitation to a five-year period after the five-year period of service.

An insurer may apply for relief from the period-of-service limitation on the basis of unusual circumstances. Under the bill, the application would have to be made at least 30 days before the end of the calendar year. The insurer would have to file an approval for relief with its annual statement filing with the states in which it was licensed or doing business and with the National Association of Insurance Commissioners (NAIC). If the nondomestic state accepted electronic filing with the NAIC, the insurer would have to file the approval in an electronic format acceptable to the NAIC.

The bill would prohibit the Commissioner from recognizing as a qualified independent public accountant, or accepting an annual audited financial report prepared in whole or in part by, an individual who provided to an insurer, contemporaneously with the audit, any of the following nonaudit services:

-- Bookkeeping or other services related to the accounting records or financial statements of the insurer.
-- Financial information systems design and implementation.
-- Appraisal or valuation services, fairness opinions, or contribution-in-kind reports.
-- Actuarially oriented advisory services involving the determination of amounts recorded in the financial statements.
-- Internal audit outsourcing services.
-- Management functions or human resources.
-- Broker or dealer, investment adviser, or investment banking services.
-- Legal services or expert services unrelated to the audit.
-- Any other services that the Commissioner determined, by order or regulation, were impermissible.

Insurers having direct written and assumed premiums of less than $100.0 million in any calendar year could request an exemption from those provisions. An insurer requesting an exemption would have to file with the Commissioner a written statement discussing the reasons why the insurer should be exempt. The Commissioner would have to grant the exemption if, after review of the statement, he or she found that compliance would constitute a financial or organization hardship upon the insurer.

To be a qualified independent public accountant, the accountant could not function in the role of management, could not audit his or her own work, and could not serve in an advocacy role for the insurer.

A qualified independent public accountant who performed an audit under Chapter 10 could engage in other nonaudit services, including tax services, that were not described by the prohibitions listed above and that did not conflict with the management role prohibition, only if the activity were approved in advance by the audit committee.

All auditing services and nonaudit services provided to an insurer by its qualified independent public accountant would have to be preapproved by the audit committee. The preapproval requirement would be waived with respect to nonaudit services if the insurer were a SOX compliant entity or a direct or indirect wholly-owned subsidiary of a SOX compliant entity. The preapproval requirement also would be waived for nonaudit services if the aggregate amount of all nonaudit services provided to the insurer constituted not more than 5% of the total amount of fees paid by the insurer to its qualified independent public accountant during the fiscal year in which the nonaudit services were provided; the services were not recognized by the insurer at the time of the engagement to be nonaudit services; and the services were promptly brought to the attention of the audit committee and approved before the completion of the audit by the audit committee or by one or more members of the audit committee who were the members of the board of directors to whom authority to grant such approvals had been delegated by the audit committee.

The audit committee could delegate to one or more designated members the authority to grant the preapprovals. The decisions of any member to whom authority was delegated would have to be presented to the full audit committee at each of its scheduled meetings.

"SOX compliant entity" would mean an entity that either is required to be compliant with, or voluntarily is compliant with, all of the following provisions of the Federal Sarbanes-Oxley Act:

-- The preapproval requirements of Section 201 (which allow a registered public accounting firm to engage in certain nonaudit services for an audit client, if the activity is approved in advance by the issuer's audit committee).
-- The audit committee independence requirements of Section 301 (which generally require each member of an issuer's audit committee to be a member of the issuer's board of directors and otherwise be independent, and establish independence criteria).
-- The internal control over financial reporting requirements of Section 404 (which require an annual report to contain an internal control report which must state the responsibility of management for establishing and maintaining an adequate internal control structure and procedures for financial reporting and contain an assessment of the effectiveness of the internal control structure and procedures for financial reporting).

The Commissioner could not recognize an independent public accountant as qualified for a particular insurer if a member of the board, president, chief executive officer, controller, chief financial officer, chief accounting officer, or any person serving in an equivalent position for that insurer were employed by the accountant and participated in the audit of that insurer during the one-year period before the date that the most current statutory opinion was due. This would apply only to partners and senior managers involved in the audit. An insurer could request relief from this provision by filing a request with the Commissioner 30 days before the end of the calendar year for the audit in a manner prescribed by the Commissioner and showing the unusual circumstances that supported the need for relief. The insurer would have to file an approval for relief granted by the Commissioner with its annual statement filing with the states in which it was licensed or doing business and with the NAIC. If the nondomestic state accepted electronic filing with the NAIC, the insurer would have to file the approval in an electronic format acceptable to the NAIC.

If, after the date of the audited financial report filed pursuant to Chapter 10, the accountant became aware of facts that might have affected his or her report, the accountant would have to take action as prescribed by the professional standards of the American Institute of Certified Public Accountants.

Chapter 10 requires an independent public accountant to communicate significant deficiencies in the insurer's internal control structure, known as reportable conditions, noted during a financial statement audit to the appropriate parties within an insurer. If the accountant does not do so, a report may not be issued. The bill instead would require the independent public accountant to communicate in writing to the Commissioner any unremediated material weaknesses in the insurer's internal controls over financial reporting noted during the audit. This communication would have to be prepared by the accountant within 60 days after the filing of the annual audited financial report and would have to describe any unremediated material weaknesses, as of the immediately preceding December 31, in the insurer's internal control over financial reporting noted by the accountant during the course of his or her audit of the financial statements. The communication also would have to state if no unremediated material weaknesses were noted.

The insurer would have to give the Commissioner a description of remedial actions taken or proposed to correct unremediated material weaknesses, if the actions taken or proposed were not described in the accountant's communication.

Domestic Insurer not SOX Compliant

Section 1027 of Chapter 10, proposed by the bill, would apply to a domestic insurer that was not a SOX compliant entity. A domestic insurer that was a direct or indirect subsidiary of a SOX compliant entity would be considered to be a SOX compliant entity.

The audit committee for a domestic insurer that was not a SOX compliant entity would be directly responsible for the appointment, compensation, and oversight of the work of any accountant, including resolution of disagreements between management and the accountant regarding financial reporting, for the purpose of preparing or issuing the audited financial report or related work pursuant to Chapter 10. Each accountant would have to report directly to the audit committee. Each member of the audit committee would have to be a member of the insurer's board of directors or a member of the board of directors of an entity elected pursuant to the bill.

To be considered independent for purposes of Section 1027, a member of the audit committee could not, except in his or her capacity as a member of the audit committee, the board of directors, or any other board committee, accept any consulting, advisory, or other compensatory fee from the entity audited, or be an affiliated person of the entity or subsidiary audited, unless the individual served on the board to meet another statutory requirement related to the composition of the board. In no case, however, could the independent audit committee member be an officer or employee of the insurer or one of its affiliates.

If a member of the audit committee ceased to be independent for reasons outside the member's reasonable control, that person, with notice by the responsible entity to the State, could remain an audit committee member of the responsible entity until the earlier of its next annual meeting or one year from the occurrence of the event that caused the member not to be independent.

To exercise the election of the controlling person to designate the audit committee for purposes of Section 1027, the ultimate controlling person would have to provide written notice to the Commissioner. Notification would have to be timely and made before the statutory audit report was issued and describe the basis for the election. The election could be changed through notice to the Commissioner by the insurer, which would have to describe the basis for the change. The election would have to remain in effect until rescinded.

The audit committee would have to require the accountant that performed for an insurer any audit required by Chapter 10 to report in a timely manner to the audit committee in accordance with the requirements of SAS 61, Communication with Audit Committees, or a substantially similar replacement publication as the Commissioner required, including all of the following:

-- All significant accounting policies and material permitted practices.
-- All material alternative treatments of financial information within statutory accounting principles that had been discussed with the insurer's management officials, ramifications of the use of the alternative disclosures and treatments, and the treatment preferred by the accountant.
-- Other material written communications between the accountant and the management of the insurer, such as any management letter or schedule of unadjusted differences.

If an insurer were a member of an insurance holding company system, the report described above could be provided to the audit committee on an aggregate basis for insurers in the holding company system, as long as any substantial differences among insurers were identified to the audit committee.

All insurers would be encouraged to structure their audit committees with at least a supermajority of independent committee members. An insurer with $300,000,000.01 or less of direct written and assumed premiums in the prior calendar year would not be required to have independent audit committee members. An insurer with more than $300.0 million but $500.0 million or less of direct written and assumed premiums in the prior calendar year would have to have 50% or more of its audit committee members be independent. An insurer with more than $500.0 million of direct written and assumed premiums in the prior calendar year would have to have 75% or more of its audit committee members be independent. ("Direct written and assumed premiums" would be the combined total of direct premiums and assumed premiums from nonaffiliates for the reporting entities.)

The Commissioner could require an entity's board to enact improvements to the independence of the audit committee membership if the insurer were in a risk-based capital action level event, met one or more standards listed in Chapter 4 (Authorization of Insurers and General Requirements) of the Code of an insurer considered to be in hazardous financial condition, or otherwise exhibited signs of a troubled insurer.

An insurer with direct written and assumed premiums of less than $500.0 million, excluding premiums reinsured with the Federal Crop Insurance Corporation and Federal Flood Program, could apply to the Commissioner for a waiver from Section 1027 based upon hardship. The insurer would have to file, with its annual statement filing, the approval for relief from Section 1027 granted by the Commissioner with the states in which it was licensed or doing business and with the NAIC. If the nondomestic state accepted electronic filing with the NAIC, the insurer would have to file the approval in an electronic format acceptable to the NAIC.

Section 1027 would take effect on January 1, 2010. An insurer or group of insurers that was not required to have independent audit committee members or only 50% independent audit committee members because the total written and assumed premium was below the required threshold, and subsequently became subject to one of the independence requirements due to changes in premium, whether through business combination or not, would have one year after the year the threshold was exceeded to comply with the independence requirements.

Director & Officer Prohibitions

Under the bill, a director or officer of an insurer could not do either of the following:

-- Make or cause to be made a materially false or misleading statement to an accountant in connection with any audit, review, or communication required under Chapter 10.
-- Omit to state, or cause another person to omit to state, any material fact necessary in order to make statements made, in light of the circumstances under which the statements were made, not misleading to an accountant in connection with any audit, review, or communication required under Chapter 10.

An insurer's director or officer, or any other person acting under the direction of an insurer, could not directly or indirectly take any action to coerce, manipulate, mislead, or fraudulently influence any accountant engaged in the performance of an audit under Chapter 10 if that person knew or should have known that the action, if successful, could result in rendering the insurer's financial statements materially misleading. Such actions would include actions taken at any time with respect to the professional engagement period to coerce, manipulate, mislead, or fraudulently influence an accountant to do any of the following:

-- Issue or reissue a report on an insurer's financial statements that was not warranted under the circumstance due to material violations of statutory accounting principles prescribed by the Commissioner, generally accepted auditing standards, or other professional or regulatory standards.
-- Not to perform audit, review, or other procedures required by generally accepted auditing standards or other professional standards.
-- Not to withdraw an issued report.
-- Not to communicate matters to an insurer's audit committee.

Report of Internal Control over Financial Reporting

Under Section 1031 of Chapter 10, as proposed by the bill, every insurer required to file an audited financial report pursuant to Chapter 10 that had annual direct written and assumed premiums of $500.0 million or more, excluding premiums reinsured with the Federal Crop Insurance Corporation and Federal Flood Program, would have to prepare a report of the insurer's or group of insurers' internal control over financial reporting, as of the immediately preceding December 31. The report would have to be filed with the Commissioner along with the communication of internal control-related matters noted in an audit communicating unremediated material weaknesses. Notwithstanding the premium threshold, the Commissioner could require an insurer to file a report of internal control over financial reporting if the insurer were in a risk-based capital level event or met one or more of the standards listed in Chapter 4 of an insurer considered to be in hazardous financial condition, or otherwise exhibited signs of a troubled insurer.

An insurer or a group of insurers that was directly subject to Section 404 of the Sarbanes-Oxley Act, part of a holding company system whose parent was directly subject to Section 404, not directly subject to Section 404 but was a SOX compliant entity, or a member of a holding company system whose parent was not a SOX compliant entity, could file its or its parent's Section 404 report and an addendum in satisfaction of the requirement to file a report of internal control over financial reporting, if the insurer's or group's internal controls having a material impact on the preparation of the insurer's or group's audited statutory financial statements required under Chapter 10 were included in the scope of the Section 404 report. The addendum would have to be a positive statement by management that there were no material processes with respect to the preparation of the insurer's or group's audited statutory financial statements excluded from the Section 404 report. If there were internal controls of the insurer or group that had a material impact on the preparation of the insurer's or group's audited statutory financial statements and those internal controls were not included in the Section 404 report, the insurer or group could file either a report under the bill or the Section 404 report and a report under the bill for those internal controls that had a material impact on the preparation of the insurer's or group's audited statutory financial statement not covered by the Section 404 report.

The report of internal control over financial reporting would have to include all of the following:

-- A statement that management was responsible for establishing and maintaining adequate internal control over financial reporting.
-- A statement that management had established internal control over financial reporting and an assertion, to the best of management's knowledge and belief, after diligent inquiry, as to whether its internal control over financial reporting was effective to provide reasonable assurance regarding the reliability of financial statements in accordance with statutory accounting principles.
-- A statement that briefly described the approach or processes by which management evaluated the effectiveness of its internal control over financial reporting.
-- A statement that briefly described the scope of work that was included and whether any internal controls were excluded.
-- Disclosure of any unremediated material weaknesses in the internal control over financial reporting identified by management as of the immediately preceding December 31.
-- A statement regarding the inherent limitations of internal control systems.
-- Signatures of the chief executive officer and the chief financial officer or his or her equivalent.

Management would have to document and make available upon financial condition examination the basis upon which its assertions were made. Management could base its assertions, in part, upon its review, monitoring, and testing of internal controls undertaken in the normal course of its activities. Management would have discretion as to the nature of the internal control framework used, and the nature and extent of documentation, in order to make its assertion in a cost-effective manner and, as such, could include assembly of or reference to existing documentation.

The Office of Financial and Insurance Regulation would have to keep confidential the report on internal control over financial
reporting, and any documentation provided in support of that report, during the course of a financial condition examination.

Section 1031 would take effect beginning with the reporting period ending December 31, 2010. An insurer or group that was not required to file a report because the total written premium was below the required threshold and subsequently became subject to the reporting requirements, whether through business combination or not, would have two years after the year the threshold was exceeded to comply with the section's reporting requirements.

Exemption from Requirements of Chapter 10

Upon written application of any insurer, the Commissioner could grant an exemption from compliance with any or all provisions of Chapter 10 if he or she found, upon review of the application, that compliance with Chapter 10 would constitute a financial or organizational hardship upon the insurer. An exemption could be granted at any time and from time to time for a specified period or periods. An exemption would have to be filed by the insurer with the states in which it was licensed or doing business and with the NAIC. If the nondomestic state accepted electronic filing with the NAIC, the insurer would have to file the approval in an electronic format acceptable to the NAIC.

Within 10 days from a denial of an insurer's written request for an exemption, the insurer could request in writing a hearing on its application for an exemption. The hearing would have to be held pursuant to the Administrative Procedures Act.

Reinsurance Agreement

Chapter 11 (Reinsurance) of the Code provides that neither a reinsurance agreement nor any amendment to that agreement may be used to reduce any liability or to establish any asset in any financial statement filed with the Commissioner, unless the agreement, amendment, or a binding letter of intent has been duly executed by the appropriate party by the filing date of the financial statement.

Except for facultative certificates duly executed by a property and casualty reinsurer or its duly appointed agent, a reinsurance agreement must provide that any change or modification to the agreement is null and void unless made by amendment to the agreement and signed by both parties. The bill also would require such a reinsurance agreement to provide that the agreement constituted the entire agreement between the parties with respect to the business being reinsured and that there were no understandings between the parties other than as expressed in the agreement.

MCL 500.1001 et al.

Legislative Analyst: Patrick Affholter

FISCAL IMPACT
The bill would have no fiscal impact on State or local government.

Fiscal Analyst: Elizabeth Pratt
Maria Tyszkiewicz

Analysis was prepared by nonpartisan Senate staff for use by the Senate in its deliberations and does not constitute an official statement of legislative intent. hb5722/0708