Florida Regulations 69O-137.002: Annual Audited Financial Reports
Current as of: 2024 | Check for updates
|
Other versions
(1) The purpose of this rule is to improve the Office’s surveillance of the financial condition of insurers by requiring an annual audit of financial statements reporting the financial position and the results of operations of insurers by:
(a) Independent certified public accountants;
(b) Communication of Internal Control Related Matters Noted in an audit; and,
(c) Management’s Report of Internal Control over Financial Reporting.
(2)(a) Every authorized insurer, as defined in subsection (3), below, shall be subject to this rule. Insurers having direct premiums written in this state of less than $1,000,000 in any calendar year and fewer than 1,000 policyholders or certificateholders of direct written policies nationwide at the end of the calendar year shall be exempt from this rule for the year (unless the Office makes a specific finding that compliance is necessary for the Office to carry out statutory responsibilities), except that insurers having assumed premiums pursuant to contracts and/or treaties of reinsurance of $1,000,000 or more will not be so exempt. Any insurer subject to an exemption must submit by March 1 following the year to which the exemption applies an affidavit sworn to by a responsible officer of the insurer specifying the amount of direct premiums written in this state and number of policyholders or certificateholders. Form OIR-DO-1431, (Rev. 7/01), “”Audited Financial Statements Exemption Affidavit,”” is hereby incorporated by reference to be the form specified in Section 624.424(8)(b), F.S., for exemptions from compliance with the filing of an annual audited financial statement. Forms are available at http://www.floir.com/iportal.
(b) Foreign or alien insurers filing Audited Financial Reports in another state, pursuant to that state’s requirement for filing of Audited Financial Reports which has been found by the Office to be substantially similar to the requirements herein, may, in lieu of the other requirements herein, be exempt from subsections (4) through (13) of this rule if:
1. A copy of the Audited Financial Report, Communications of Internal Control Related Matters Noted in an Audit, and the Accountant’s Letter of Qualifications which are filed with the other state are made available to the Office upon request in accordance with the filing dates specified in subsections (4), (11) and (12), respectively (Canadian insurers may submit accountants’ reports as filed with the Office of the Superintendent of Financial Institutions, Canada); and,
2. A copy of any Notification of Adverse Financial Condition Report filed with the other state are made available to the Office upon request within the time specified in subsection (10).
(c) This rule shall not prohibit, preclude, or in any way limit the Office from ordering and/or conducting and/or performing examinations of insurers under its rules.
(3) Definitions.
(a) “”Accountant”” and “”Independent Certified Public Accountant”” means an independent Certified Public Accountant or accounting firm in good standing with the American Institute of Certified Public Accountants (AICPA) and in all states in which he or she is licensed to practice. For Canadian and British companies, it means a Canadian-chartered or British-chartered accountant.
(b) “”Affiliate”” of, or person “”affiliated”” with, a specific person, is a person that directly or indirectly through one or more intermediaries, controls, or is controlled by, or is under common control with, the person specified.
(c) “”Audit committee”” means a committee (or equivalent body) established by the board of directors of an entity for the purpose of overseeing the accounting and financial reporting processes of an insurer or Group of insurers, the Internal audit function of an insurer or Group of insurers (if applicable), and external audits of financial statements of the insurer or Group of insurers. The Audit committee of any entity that controls a Group of insurers may be deemed to be the Audit committee for one or more of these controlled insurers solely for the purposes of this regulation at the election of the controlling person. Refer to paragraph (14)(e), for exercising this election. If an Audit committee is not designated by the insurer, the insurer’s entire board of directors shall constitute the Audit committee.
(d) “”Audited Financial Report”” means and includes those items specified in subsection (5), below.
(e) “”Indemnification”” means an agreement of indemnity or a release from liability where the intent or effect is to shift or limit in any manner the potential liability of the person or firm for failure to adhere to applicable auditing or professional standards, whether or not resulting in part from knowing of other misrepresentations made by the insurer or its representatives.
(f) “”Independent board member”” has the same meaning as described in paragraph (14)(c).
(g) “”Insurer”” means an authorized insurer as defined in Florida Statutes § 624.09
(h) “”Group of insurers”” means those licensed insurers included in the reporting requirements of Florida Statutes Chapter 628, Part IV or a set of insurers as identified by management, for the purpose of assessing the effectiveness of internal control over financial reporting.
(i) “”Internal audit function”” means a person or persons that provide independent, objective, and reasonable assurance designed to add value and improve an organization’s operations and accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.
(j) “”Internal control over financial reporting”” means a process effected by an entity’s board of directors, management and other personnel designed to provide reasonable assurance regarding the reliability of the financial statements, i.e., those items specified in subparagraphs (5)(b)2. through 7. of this regulation, and includes those policies and procedures that:
1. Pertain to the maintenance of records that, in reasonable detail, accurately and fairly reflects the transactions and dispositions of assets,
2. Provide reasonable assurance that transactions are recorded as necessary to permit preparation of the financial statements, i.e., those items specified in subparagraphs (5)(b)2. through 7. of this regulation, and that receipts and expenditures are being made only in accordance with authorizations of management and directors; and,
3. Provide reasonable assurance regarding prevention or timely detection of unauthorized acquisition, use or disposition of assets that could have a material effect on the financial statements, i.e., those items specified in subparagraphs (5)(b)2. through 7. of this regulation.
(k) “”Office”” means the Office of Insurance Regulation.
(l) “”SEC”” means the United States Securities and Exchange Commission.
(m) “”Section 404″” means Section 404 of the Sarbanes-Oxley Act of 2002 and the SEC’s rules and regulations promulgated thereunder.
(n) “”Section 404 Report”” means management’s report on “”internal control over financial reporting”” as defined by the SEC and the related attestation report of the independent certified public accountant as described in paragraph (3)(a).
(o) “”SOX Compliant Entity”” means an entity that either is required to be compliant with, or voluntarily is compliant with, all of the following provisions of the Sarbanes-Oxley Act of 2002: (i) the preapproval requirements of Section 201 (Section 10A(i) of the Securities Exchange Act of 1934); (ii) the Audit committee independence requirements of Section 301 (Section 10A(m)(3) of the Securities Exchange Act of 1934); and (iii) the Internal control over financial reporting requirements of Section 404 (Item 308 of SEC Regulation S-K).
(p) “”Section 16 Report”” means a Management’s Report of Internal Control over Financial Reporting provided in subsection (17) of this rule.
(4) General Requirements Related to Filing and Extensions for Filing of Annual Audited Financial Report and Audit Committee Appointment.
(a) All insurers shall have an annual audit by an independent Certified Public Accountant and shall file an Audited Financial Report with the Office on or before June 1 for the year ended December 31 immediately preceding. The Office may require an insurer to file an Audited Financial Report earlier than June 1 with ninety (90) days advance notice to the insurer.
(b) Every insurer required to file an annual Audited Financial Report pursuant to this regulation shall designate a group of individuals as constituting its Audit committee, as defined in subsection (3). The Audit committee of an entity that controls an insurer may be deemed to be the insurer’s Audit committee for purposes of this regulation at the election of the controlling person.
(5) Contents of Annual Audited Financial Report.
(a) The Annual Audited Financial Report shall report the financial position of the insurer as of the end of the most recent calendar year and the results of its operations, cash flows, and changes in capital and surplus for the year then ended in conformity with statutory accounting practices prescribed, or otherwise permitted, by the state of domicile.
(b) The Annual Audited Financial Report shall include the following:
1. Report of independent Certified Public Accountant.
2. Balance sheet reporting admitted assets, liabilities, capital and surplus.
3. Statement of operations.
4. Statement of cash flows.
5. Statement of changes in capital and surplus.
6. Notes to financial statements. These notes shall be those required by the appropriate NAIC Annual Statement Instructions (incorporated by reference in subsection 69O-137.001(4), F.A.C.) and the NAIC Accounting Practices and Procedures Manual (incorporated by reference in subsection 69O-137.001(4), F.A.C.) and any other notes required by generally accepted accounting principles and shall also include reconciliation of differences, if any, between the audited statutory financial statements and the Annual Statement filed pursuant to Florida Statutes § 624.424(1), with a written description of the nature of these differences.
7. The financial statements included in the Audited Financial Report shall be prepared in a form and using language and groupings substantially the same as the relevant sections of the Annual Statement of the insurer filed with the Office, and the financial statement shall be comparative, presenting the amounts as of December 31 of the current year and the amounts as of the immediately preceding December 31. However, in the first year in which an insurer is required to file an Audited Financial Report, the comparative data may be omitted.
(6) Designation of Independent Certified Public Accountant.
(a) Each insurer required by this rule to file an annual Audited Financial Report must, by December 31 of the year subject to audit, register with the Office in writing the name and address of the independent Certified Public Accountant or accounting firm retained to conduct the annual audit set forth in this rule.
(b) The insurer shall obtain a letter from the accountant, and file a copy with the Office, stating that the accountant is aware of the provisions of the Insurance Code and the Rules and Regulations of the state of domicile that relate to accounting and financial matters, and affirming that the accountant will express his or her opinion on the financial statements in terms of their conformity to the statutory accounting practices prescribed or otherwise permitted by that Insurance Department, specifying the exceptions as he or she may believe appropriate.
(c) If an accountant who was the accountant for the immediately preceding filed Audited Financial Report is dismissed or resigns, the insurer shall within five (5) business days notify the Office of this event. The insurer shall also furnish the Office with a separate letter within ten (10) business days of the above notification stating whether in the twenty-four (24) months preceding that event there were any disagreements with the former accountant on any matter of accounting principles or practices, financial statement disclosure, or auditing scope or procedure; which disagreements, if not resolved to the satisfaction of the former accountant, would have caused him or her to make reference to the subject matter of the disagreement in connection with his or her opinion. The disagreements required to be reported in response to this paragraph include both those resolved to the former accountant’s satisfaction and those not resolved to the former accountant’s satisfaction. Disagreements contemplated by this subsection are those that occur at the decision-making level, i.e., between personnel of the insurer responsible for presentation of its financial statements and personnel of the accounting firm responsible for rendering its report. The insurer shall also in writing request the former accountant to furnish a letter addressed to the insurer stating whether the accountant agrees with the statements contained in the insurer’s letter, and if not, stating the reasons for which he or she does not agree; and the insurer shall furnish the responsive letter from the former accountant to the Office together with its own.
(7) Qualifications of Independent Certified Public Accountant.
(a) The Office shall not recognize any person or firm as a qualified independent Certified Public Accountant if the person or firm:
1. Is not in good standing with the American Institute of Certified Public Accountants (AICPA) and in all states in which the accountant is licensed to practice, or for a Canadian or British company, that is not a chartered accountant; or
2. Has either directly or indirectly entered into an agreement of indemnity or release from liability (collectively referred to as indemnification) with respect to the audit of the insurer.
(b) Except as otherwise provided in this rule, the Office shall recognize an independent Certified Public Accountant as qualified as long as he or she prepares reports, filings, and statements as required by the Florida Insurance Code, and conforms to the standards of his or her profession as contained in the Rules and Regulations and Code of Ethics and Rules of Professional Conduct of the Florida Board of Public Accountancy, or similar code.
(c)1. The lead (or coordinating) audit partner (having primary responsibility for the audit) may not act in that capacity for more than five (5) consecutive years. The person shall be disqualified from acting in that or a similar capacity for the same company or its insurance subsidiaries or affiliates for a period of five (5) consecutive years. An insurer may make application to the Office for relief from the above rotation requirement based on an unusual hardship to the insurer and a determination by the Office that the accountant is exercising independent judgement that is not unduly influenced by the insurer. This application should be made at least thirty (30) days before the end of the calendar year. The Office shall consider the following factors in determining if the relief should be granted:
a. Number of partners, expertise of the partners, or the number of insurance clients in the currently registered firm;
b. Premium volume of the insurer; and,
c. Number of jurisdictions in which the insurer transacts business.
2. The insurer shall file, with its annual statement filing, the approval for relief from paragraph (7)(c), with the states that it is licensed in or doing business in and with the NAIC. If the nondomestic state accepts electronic filing with the NAIC, the insurer shall file the approval in an electronic form acceptable to the NAIC.
(d) The Office shall neither recognize as a qualified independent Certified Public Accountant, nor accept an annual Audited Financial Report prepared in whole or in part by any natural person who:
1. Has been found guilty of, or has pleaded guilty or nolo contendere to, any felony or crime punishable by imprisonment of one year or more under the law of the United States or any state thereof or under the law of any other country, which involves moral turpitude, without regard to whether a judgement of conviction has been entered by the court having jurisdiction in such case;
2. Has been found to have violated the insurance laws of this state with respect to any previous reports submitted under this rule; or
3. Has failed to detect or disclose material information in previous reports filed under the provisions of this rule.
(e) In accordance with the provisions of Sections 624.307 and 624.324, F.S., and in its own rules of departmental practice, the Office shall conduct a hearing to determine whether an independent Certified Public Accountant is qualified if Office records do not contain sufficient information to demonstrate that the Certified Public Accountant is qualified. Considering the evidence presented, the Office shall conclude that the accountant is not qualified for purposes of expressing his or her opinion on the financial statements in the annual Audited Financial Report made pursuant to this rule, if the accountant fails to meet the qualifications and other requirements of this rule. If the accountant is found to be not qualified, the Office shall require the insurer to replace the accountant with another whose relationship with the insurer is qualified within the meaning of this rule. Upon determination by the Office that the accountant is not qualified to express an opinion on the financial statements in the annual Audited Financial Report made pursuant to this rule the insurer may request a hearing pursuant to Florida Statutes § 120.57
(f) A qualified independent certified accountant may enter into an agreement with an insurer to have disputes relating to an audit resolved by mediation or arbitration. However, in the event of a delinquency proceeding commenced against the insurer under Florida Statutes Chapter 631, the mediation or arbitration provisions shall operate at the option of the statutory successor.
(g)1. The Office shall not recognize as a qualified independent certified public accountant, nor accept an annual Audited Financial Report, prepared in whole or in part by an accountant who provides to an insurer, contemporaneously with the audit, the following non-audit services:
a. Bookkeeping or other services related to the accounting records or financial statements of the insurer;
b. Financial information systems design and implementation;
c. Appraisal or valuation services, fairness opinions, or contribution in-kind reports;
d. Actuarially-oriented advisory services involving the determination of amounts recorded in the financial statements. The accountant may assist an insurer in understanding the methods, assumptions and inputs used in the determination of amounts recorded in the financial statement only if it is reasonable to conclude that the services provided will not be subject to audit procedures during an audit of the insurer’s financial statements. An accountant’s actuary may also issue an actuarial opinion or certification (“”opinion””) on an insurer’s reserves if the following conditions have been met:
(I) Neither the accountant nor the accountant’s actuary has performed any management functions or made any management decisions;
(II) The insurer has competent personnel (or engages a third party actuary) to estimate the reserves for which management takes responsibility; and,
(III) The accountant’s actuary tests the reasonableness of the reserves after the insurer’s management has determined the amount of the reserves;
e. Internal audit outsourcing services;
f. Management functions or human resources;
g. Broker or dealer, investment adviser, or investment banking services; or
h. Legal services or expert services unrelated to the audit.
2. In general, the principles of independence with respect to services provided by the qualified independent certified public accountant are largely predicated on three basic principles, violations of which would impair the accountant’s independence. The principles are that the accountant cannot function in the role of management, cannot audit his own work, and cannot serve in an advocacy role for the insurer.
(h) Insurers having direct written and assumed premiums of less than $100,000,000 in any calendar year may request an exemption from subparagraph (g)1. The insurer shall file with the Office a written statement discussing the reasons why the insurer should be exempt from these provisions. If the Office finds, upon review of this statement, that compliance with this regulation would constitute an undue financial or organizational hardship upon the insurer, an exemption shall be granted.
(i) A qualified independent certified public accountant who performs the audit may engage in other non-audit services, including tax services that are not described in subparagraph (g)1., or that do not conflict with subparagraph (g)2., only if the activity is approved in advance by the Audit committee, in accordance with paragraph (j).
(j) All auditing services and non-audit services provided to an insurer by the qualified independent certified public accountant of the insurer shall be preapproved by the Audit committee. The preapproval requirement is waived with respect to non-audit services if the insurer is a SOX Compliant Entity or a direct or indirect wholly-owned subsidiary of a SOX Compliant Entity or:
1. The aggregate amount of all such non-audit services provided to the insurer constitutes not more than five percent (5%) of the total amount of fees paid by the insurer to its qualified independent certified public accountant during the fiscal year in which the non-audit services are provided;
2. The services were not recognized by the insurer at the time of the engagement to be non-audit services; and,
3. The services are promptly brought to the attention of the Audit committee of the insurer and approved prior to the completion of the audit by the Audit committee or by one or more members of the Audit committee who are the members of the board of directors to whom authority to grant such approvals has been delegated by the Audit committee.
(k) The Audit committee may delegate to one or more designated members of the Audit committee the authority to grant the preapprovals required by paragraph (l). The decisions of any member to whom this authority is delegated shall be presented to the full Audit committee at each of its scheduled meetings.
(l)1. The Office shall not recognize an independent certified public accountant as qualified for a particular insurer if a member of the board, president, chief executive officer, controller, chief financial officer, chief accounting officer, or any person serving in an equivalent position for that insurer, was employed by the independent certified public accountant and participated in the audit of that insurer during the one-year period preceding the date that the most current statutory opinion is due. This subsection shall only apply to partners and senior managers involved in the audit.
2. The insurer shall file, with its annual statement filing, the approval for relief from subparagraph (l)1., with the states that it is licensed in or doing business in and the NAIC. If the nondomestic state accepts electronic filing with the NAIC, the insurer shall file the approval in an electronic format acceptable to the NAIC.
(8) Consolidated or Combined Audits.
(a) An insurer may make written application to the Office for approval to file audited consolidated or combined financial statements in lieu of separate annual audited financial statements if the insurer is part of a group of insurance companies which utilizes a pooling or one hundred percent reinsurance agreement that affects the solvency and integrity of the insurer’s reserves, and the insurer cedes all of its direct and assumed business to the pool. In these cases, a columnar consolidating or combining worksheet shall be filed with the report, as follows:
1. Amounts shown on the consolidated or combined Audited Financial Report shall be shown on the worksheet.
2. Amounts for each insurer subject to this section shall be stated separately.
3. Noninsurance operations may be shown on the worksheet on a combined or individual basis.
4. Explanations of consolidating and eliminating entries shall be included; and,
5. A reconciliation shall be included of any differences between the amounts shown in the individual insurer columns of the worksheet and comparable amounts shown on the Annual Statements of the insurers.
(b)1. The application for approval to consolidate is required each year, and must be filed with the Office prior to the end of the calendar year for which the approval is being granted, except that applications for approval will be accepted after the end of such calendar year subject to the imposition of an administrative fine on each insurer involved in such application as provided for in Florida Statutes § 624.4211(2)
2. The amount of the fine shall be $50 per day for each day beyond the end of the calendar year, not to exceed an aggregate amount of $10,000 for the group of insurers requesting permission to file on a consolidated basis.
(c) Approval to consolidate or combine statements shall be granted unless the Office makes a specific finding that approval would prevent the Office from carrying out its statutory responsibilities.
(9) Scope of Audit and Report of Independent Certified Public Accountant. Financial statements furnished pursuant to subsection (5) above, shall be examined by the independent certified public accountant. The audit of the insurer’s financial statements shall be conducted in accordance with generally accepted auditing standards. In accordance with AU-C 610 of the Professional Standards of the AICPA, Using the Work of Internal Auditors, effective 12/15/14, and AU-C Section 940 of the Professional Standards of the AICPA, An Audit of Internal Control Over Financial Reporting That is Integrated With an Audit of Financial Statements, effective 12/15/16, the independent certified public accountant should obtain an understanding of internal control sufficient to plan the audit. To the extent required by AU-C 610 and AU-C Section 940, for those insurers required to file a Management’s Report of Internal Control over Financial Reporting pursuant to subsection (17), the independent certified public accountant should consider (as that term is defined in of the Professional Standards of the AICPA, AU-C 200 Overall Objectives of the Independent Auditor and the Conduct of an Audit in Accordance With Generally Accepted Auditing Standards, effective 12/15/12) the most recently available report in planning and performing the audit of the statutory financial statements. Consideration should also be given to the other procedures illustrated in the Financial Condition Examiner’s Handbook promulgated by the National Association of Insurance Commissioners (incorporated by reference in Fl. Admin. Code R. 69O-138.001) as the independent Certified Public Accountant deems necessary.
(10) Notification of Adverse Financial Condition.
(a) The insurer required to furnish the annual Audited Financial Report shall require the independent Certified Public Accountant to report, in writing, within five (5) business days to the board of directors or its Audit committee any determination by the independent Certified Public Accountant that the insurer has materially misstated its financial condition as reported to the Office as of the balance sheet date currently under audit, or that the insurer does not meet the minimum capital and surplus requirement of the Florida Insurance Code as of that date. An insurer who has received a report pursuant to this paragraph shall forward a copy of the report to the Office within five (5) business days of receipt of said report and shall provide the independent Certified Public Accountant making the report with evidence of the report being furnished to the Office. If the independent Certified Public Accountant fails to receive the evidence within the required five (5) business day period, the independent Certified Public Accountant shall furnish to the Office a copy of its report within the next five (5) business days.
(b) An independent certified public accountant shall not be liable in any manner to any person for any statement made in connection with the above paragraph if the statement is made in good faith in compliance with the above paragraph.
(c) If the accountant, subsequent to the date of the Audited Financial Report filed pursuant to this rule, becomes aware of facts which might have affected his report, the Office notes the obligation of the accountant to take such action as prescribed in AU-C 560 of the Professional Standards of the AICPA, Subsequent Events and Subsequently Discovered Facts, effective 12/15/12.
(11) Communication of Internal Control Related Matters Noted in an Audit.
(a) In addition to the annual Audited Financial Report, each insurer shall furnish the Office with a written communication as to any unremediated material weaknesses in its Internal control over financial reporting noted during the audit. Such communication shall be prepared by the accountant within sixty (60) days after the filing of the annual Audited Financial Report, and shall contain a description of any unremediated material weakness (as the term material weakness is defined by AU-C 265 of the Professional Standards of the AICPA, Communicating Internal Control Related Matters Identified in an Audit), effective 12/15/12, as of December 31 immediately preceding (so as to coincide with the Audited Financial Report discussed in subsection (4)) in the insurer’s Internal control over financial reporting noted by the accountant during the course of their audit of the financial statements. If no unremediated material weaknesses were noted, the communication should so state.
(b) The insurer is required to provide a description of remedial actions taken or proposed to correct unremediated material weaknesses if the actions are not described in the accountant’s communication.
(12) Accountant’s Letter of Qualifications.
(a) The accountant shall furnish a letter to the insurer in connection with, and for inclusion in, the filing of the annual Audited Financial Report.
(b) The letter shall state:
1. That the accountant is independent with respect to the insurer and conforms to the standards of his or her profession as contained in the Code of Professional Ethics and pronouncements of the AICPA and the Rules of Professional Conduct of the Florida Board of Public Accountancy, or similar code,
2. The background and experience in general, and the experience in audits of insurers of the staff assigned to the engagement and whether each is an independent Certified Public Accountant. Nothing within this rule shall be construed as prohibiting the accountant from utilizing his or her staff as he or she deems appropriate where use is consistent with the standards prescribed by generally accepted auditing standards,
3. That the accountant understands the annual Audited Financial Report, and his or her opinion thereon will be filed in compliance with this rule, and that the Office will be relying on this information in the monitoring and regulation of the financial position of insurers,
4. That the accountant consents to the requirements of subsection (13), below, and that the accountant consents and agrees to make the workpapers as defined in subsection (13), below, available for review by the Office,
5. A representation that the accountant is properly licensed by an appropriate state licensing authority and is a member in good standing in the AICPA; and,
6. A representation that the accountant is in compliance with the requirements of subsection (7) of this rule.
(13) Definition, Availability, and Maintenance of Independent Certified Public Accountants Workpapers.
(a) Workpapers are the records kept by the independent Certified Public Accountant of the procedures followed, the tests performed, the information obtained, and the conclusions reached pertinent to the accountant’s audit of the financial statements of an insurer. Workpapers, accordingly, may include audit planning documentation, work programs, analyses, memoranda, letters of confirmation and representation, abstracts of company documents and schedules, or commentaries prepared or obtained by the independent Certified Public Accountant in the course of his or her audit of the financial statements of an insurer, and which support the accountant’s opinion.
(b) Every insurer required to file an Audited Financial Report pursuant to this rule shall require the accountant to make available for review by Office examiners all workpapers prepared in the conduct of the accountant’s audit, and any communications related to the audit between the accountant and the insurer, at the offices of the insurer, at the Office or at any other reasonable place designated by the Office. The insurer shall require that the accountant retain the audit workpapers and communications until the Office has filed a Report on Examination covering the period of the audit, but no less than seven (7) years from the date of the audit report.
(c) In the conduct of the aforementioned periodic review by the Office examiners, it shall be agreed that photocopies of pertinent audit workpapers may be made and retained by the Office. The reviews by the Office examiners shall be considered investigations, and all working papers and communications obtained during the course of the investigations shall be afforded the same confidentiality as other examination workpapers generated by the Office until the Report of Examination is filed by the Office.
(14) Requirements for Audit Committee.
This section shall not apply to foreign or alien insurers licensed in this state or an insurer that is a SOX Compliant Entity or a direct or indirect wholly-owned subsidiary of a SOX Compliant Entity.
(a) The Audit committee shall be directly responsible for the appointment, compensation and oversight of the work of any accountant (including resolution of disagreements between management and the accountant regarding financial reporting) for the purpose of preparing or issuing the Audited Financial Report or related work pursuant to this rule. Each accountant shall report directly to the Audit committee.
(b) The Audit committee of an insurer or Group of insurers shall be responsible for overseeing the insurer’s Internal audit function and granting the person or persons performing the function suitable authority and resources to fulfill their responsibilities if required by subsection 15 of this Regulation.
(c) Each member of the Audit committee shall be a member of the board of directors of the insurer or a member of the board of directors of an entity elected pursuant to paragraphs (f) and (3)(c).
(d) In order to be considered independent for purposes of this section, a member of the Audit committee may not, other than in his or her capacity as a member of the Audit committee, the board of directors, or any other board committee, accept any consulting, advisory or other compensatory fee from the entity or be an affiliated person of the entity or any subsidiary thereof.
(e) If a member of the Audit committee ceases to be independent for reasons outside the member’s reasonable control, that person, with notice by the responsible entity to the state, may remain an Audit committee member of the responsible entity until the earlier of the next annual meeting of the responsible entity or one year from the occurrence of the event that caused the member to be no longer independent.
(f) To exercise the election of the controlling person to designate the Audit committee for purposes of this regulation, the ultimate controlling person shall provide written notice to the Office of the affected insurers. Notification shall be made timely prior to the issuance of the statutory audit report and include a description of the basis for the election. The election can be changed through notice to the Office by the insurer, which shall include a description of the basis for the change. The election shall remain in effect for perpetuity, until rescinded.
(g)1. The Audit committee shall require the accountant that performs for an insurer any audit required by this regulation to timely report to the Audit committee in accordance with the requirements of AU-C 260 of the Professional Standards of the AICPA, The Auditor’s Communication With Those Charged with Governance, effective 12/15/12, including:
a. All significant accounting policies and material permitted practices,
b All material alternative treatments of financial information within statutory accounting principles that have been discussed with management officials of the insurer, ramifications of the use of the alternative disclosures and treatments, and the treatment preferred by the accountant; and,
c. Other material written communications between the accountant and the management of the insurer, such as any management letter or schedule of unadjusted differences.
2. If an insurer is a member of an insurance holding company system, the reports required by subparagraph (g)1., may be provided to the Audit committee on an aggregate basis for insurers in the holding company system, provided that any substantial differences among insurers in the system are identified to the Audit committee.
(h) The proportion of independent Audit committee members shall meet or exceed the following criteria:
Prior Calendar Year Direct Written and Assumed Premiums
$0 – 300,000,000
Over $300,000,000 – 500,000,000
Over 500,000,000
No minimum requirements.
See also Notes A and B.
Majority (50% or more) of members shall be independent. See also Notes A and B.
Supermajority of members (75% or more) shall be independent. See also Note A.
Note A: The Office has authority afforded by Florida Statutes § 624.4085, to require the entity’s board to enact improvements to the independence of the Audit committee membership if the insurer is in a Risk Based Capital action level event, meets one or more of the standards of an insurer deemed to be in hazardous financial condition, or otherwise exhibits qualities of a troubled insurer.
Note B: All insurers with less than $500,000,000 in prior year direct written and assumed premiums are encouraged to structure their Audit committees with at least a supermajority of independent Audit committee members.
Note C: Prior calendar year direct written and assumed premiums shall be the combined total of direct premiums and assumed premiums from non-affiliates for the reporting entities.
(i) An insurer with direct written and assumed premium, excluding premiums reinsured with the Federal Crop Insurance Corporation and Federal Flood Program, less than $500,000,000 may make application to the Office for a waiver from the subsection (14), requirements based upon hardship. The insurer shall file, with its annual statement filing, the approval for relief from subsection (14), with the states that it is licensed in or doing business in and the NAIC. If the non-domestic state accepts electronic filing with the NAIC, the insurer shall file the approval in an electronic format acceptable to the NAIC.
(15) Internal Audit Function Requirements.
(a) Exemption – An insurer is exempt from the requirements of this section if:
1. The insurer has annual direct written and unaffiliated assumed premium, including international direct and assumed premium but excluding premiums reinsured with the Federal Crop Insurance Corporation and Federal Flood Program, less than $500,000,000; and,
2. If the insurer is a member of a Group of insurers, the group has annual direct written and unaffiliated assumed premium, including international direct and assumed premium but excluding premiums reinsured with the Federal Crop Insurance Corporation and Federal Flood Program, less than $1,000,000,000.
(b) Note: An insurer or Group of insurers exempt from the requirements of subsection (15) is encouraged, but not required, to conduct a review of the insurer business type, sources of capital, and other risk factors to determine whether an Internal audit function is warranted. The potential benefits of an Internal audit function should be assessed and compared against the estimated costs.
(c) Function – The insurer or Group of insurers shall establish an Internal audit function providing independent, objective, and reasonable assurance to the Audit committee and insurer management regarding the insurer’s governance, risk management, and internal controls. This assurance shall be provided by performing general and specific audits, reviews, and tests and by employing other techniques deemed necessary to protect assets, evaluate control effectiveness and efficiency, and evaluate compliance with policies and regulations.
(d) Independence – In order to ensure that internal auditors remain objective, the Internal audit function must be organizationally independent. Specifically, the Internal audit function will not defer ultimate judgment on audit matters to others, and shall appoint an individual to head the Internal audit function who will have direct and unrestricted access to the board of directors. Organizational independence does not preclude dual-reporting relationships.
(e) Reporting – The head of the Internal audit function shall report to the Audit committee regularly, but no less than annually, on the periodic audit plan, factors that may adversely impact the Internal audit function’s independence or effectiveness, material findings from completed audits, and the appropriateness of corrective actions implemented by management as a result of audit findings.
(f) Additional Requirements – If an insurer is a member of an insurance holding company system or included in a Group of insurers, the insurer may satisfy the Internal audit function requirements set forth in this section at the ultimate controlling parent level, an intermediate holding company level, or the individual legal entity level.
(16) Conduct of Insurer in Connection with the Preparation of Required Reports and Documents.
(a) No director or officer of an insurer shall, directly or indirectly:
1. Make or cause to be made a materially false or misleading statement to an accountant in connection with any audit, review or communication required under this regulation; or
2. Omit to state, or cause another person to omit to state, any material fact necessary in order to make statements made, in light of the circumstances under which the statements were made, not misleading to an accountant in connection with any audit, review or communication required under this regulation.
(b) No officer or director of an insurer, or any other person acting under the direction thereof, shall directly or indirectly take any action to coerce, manipulate, mislead or fraudulently influence any accountant engaged in the performance of an audit pursuant to this regulation if that person knew or should have known that the action, if successful, could result in rendering the insurer’s financial statements materially misleading.
(c) For purposes of paragraph (b) of this section, actions that, “”if successful, could result in rendering the insurer’s financial statements materially misleading”” include, but are not limited to, actions taken at any time with respect to the professional engagement period to coerce, manipulate, mislead or fraudulently influence an accountant:
1. To issue or reissue a report on an insurer’s financial statements that is not warranted in the circumstances (due to material violations of statutory accounting principles prescribed by the Office or generally accepted auditing standards);
2. Not to perform audit, review or other procedures required by generally accepted auditing standards;
3. Not to withdraw an issued report; or
4. Not to communicate matters to an insurer’s Audit committee.
(17) Management’s Report of Internal Control over Financial Reporting.
(a) Every insurer required to file an Audited Financial Report pursuant to this regulation that has annual direct written and assumed premiums, excluding premiums reinsured with the Federal Crop Insurance Corporation and Federal Flood Program, of $500,000,000 or more shall prepare a report of the insurer’s or Group of insurers’ Internal control over financial reporting, as these terms are defined in subsection (3). The report shall be filed with the Office along with the Communication of Internal Control Related Matters Noted in an Audit described under subsection (11). Management’s Report of Internal Control over Financial Reporting shall be as of December 31 immediately preceding.
(b) Notwithstanding the premium threshold in paragraph (16)(a), the Office shall require an insurer to file Management’s Report of Internal Control over Financial Reporting if the insurer is in any Risk Based Capital level event, or meets any one or more of the standards of an insurer deemed to be in hazardous financial condition. “”Hazardous financial condition”” shall mean any of the conditions that subject an insurer to suspension or revocation of its certificate of authority as provided in Florida Statutes § 624.418
(c) An insurer or a Group of insurers that is:
1. Directly subject to Section 404;
2. Part of a holding company system whose parent is directly subject to Section 404;
3. Not directly subject to Section 404 but is a SOX Compliant Entity; or
4. A member of a holding company system whose parent is not directly subject to Section 404 but is a SOX Compliant Entity; may file its or its parent’s Section 404 Report and an addendum in satisfaction of this Section’s requirement provided that those internal controls of the insurer or Group of insurers having a material impact on the preparation of the insurer’s or Group of insurers’ audited statutory financial statements (those items included in subparagraphs (5)(b)2. through (5)(b)7. of this regulation) were included in the scope of the Section 404 Report. The addendum shall be a positive statement by management that there are no material processes with respect to the preparation of the insurer’s or Group of insurers’ audited statutory financial statements (those items included in subparagraphs (5)(b)2. through (5)(b)7. of this rule) excluded from the Section 404 Report. If there are internal controls of the insurer or Group of insurers that have a material impact on the preparation of the insurer’s or Group of insurers’ audited statutory financial statements and those internal controls were not included in the scope of the Section 404 Report, the insurer or Group of insurers may either file (i) a subsection (16) report, or (ii) the Section 404 Report and a subsection (16) report for those internal controls that have a material impact on the preparation of the insurer’s or Group of insurers’ audited statutory financial statements not covered by the Section 404 Report.
(d) Management’s Report of Internal Control over Financial Reporting shall include:
1. A statement that management is responsible for establishing and maintaining adequate internal control over financial reporting,
2. A statement that management has established internal control over financial reporting and an assertion, to the best of management’s knowledge and belief, after diligent inquiry, as to whether its internal control over financial reporting is effective to provide reasonable assurance regarding the reliability of financial statements in accordance with statutory accounting principles,
3. A statement that briefly describes the approach or processes by which management evaluated the effectiveness of its internal control over financial reporting,
4. A statement that briefly describes the scope of work that is included and whether any internal controls were excluded,
5. Disclosure of any unremediated material weaknesses in the internal control over financial reporting identified by management as of December 31 immediately preceding, after the effective date of this rule. Management is not permitted to conclude that the internal control over financial reporting is effective to provide reasonable assurance regarding the reliability of financial statements in accordance with statutory accounting principles if there is one or more unremediated material weaknesses in its internal controls over financial reporting,
6. A statement regarding the inherent limitations of internal control systems; and,
7 Signatures of the chief executive officer and the chief financial officer (or equivalent position/title).
(e) Management shall document and make available upon financial condition examination the basis upon which its assertions, required in paragraph (d), above, are made. Management may base its assertions, in part, upon its review, monitoring and testing of internal controls undertaken in the normal course of its activities.
1. Management shall have discretion as to the nature of the internal control framework used, and the nature and extent of documentation, in order to make its assertion in a cost effective manner and, as such, may include assembly of or reference to existing documentation.
2. Management’s Report on Internal Control over Financial Reporting, required by paragraph (a), above, and any documentation provided in support thereof during the course of a financial condition examination, shall be kept confidential by the Office.
(18) Exemptions and Effective Dates.
(a) Upon written application of any insurer, the Office shall grant an exemption from compliance with any and all provisions of this rule if the Office finds, upon review of the application, that compliance with this regulation would constitute an undue financial or organizational hardship upon the insurer.
(b) Domestic insurers shall comply with this rule for the year ending December 31, 2010, and each year thereafter.
(c) Foreign insurers shall comply with this rule for the year ending December 31, 2010, and each year thereafter.
(d) The requirements of paragraph (7)(c), shall be in effect for audits of the year ending December 31, 2010, and thereafter.
(e) The requirements of subsection (14), are to be in effect for audits of the year ending December 31, 2010. An insurer or Group of insurers that is not required to have independent Audit committee members or only a majority of independent Audit committee members (as opposed to a supermajority) because the total written and assumed premium is below the threshold and subsequently becomes subject to one of the independence requirements discussed in this paragraph due to changes in premium shall have one (1) year following the year the threshold is exceeded (but not earlier than January 1, 2010) to comply with the independence requirements discussed in this paragraph. Likewise, an insurer that becomes subject to one of the independence requirements discussed in this paragraph as a result of a business combination shall have one (1) calendar year following the date of acquisition or combination to comply with the independence requirements.
(f) The requirements of subsection (17), and other modified sections, except for subsection (14), covered above, are effective beginning with the reporting period ending December 31, 2010, and each year thereafter. An insurer or Group of insurers that is not required to file a report because the total written premium is below the threshold and subsequently becomes subject to the reporting requirements shall have two (2) years following the year the threshold is exceeded (but not earlier than December 31, 2010) to file a report. Likewise, an insurer acquired in a business combination shall have two (2) calendar years following the date of acquisition or combination to comply with the reporting requirements.
(g) If an insurer or Group of insurers that has been exempt from the subsection 15 requirements no longer qualifies for that exemption, it shall have one year after the year the threshold is exceeded to comply with the requirements of this rule.
(19) Canadian and British Companies.
(a) In the case of Canadian and British insurers, the annual Audited Financial Report shall be defined as the annual statement of total business on the form filed by the companies with their supervision authority duly audited by an independent chartered accountant.
(b) For these insurers, the letter required in paragraph (6)(b), above, shall state that the accountant is aware of the requirements relating to the annual Audited Financial Report filed with the Office pursuant to subsection (4), above, and shall affirm that the opinion expressed is in conformity with these requirements.
(20) Severability Provision.
If any section or portion of this rule or its applicability to any person or circumstance is held invalid by a court, the remainder of the rule or the applicability of the provision to other persons or circumstances shall not be affected.
(21) Standards Incorporated by Reference.
(a) The following standards are hereby incorporated by reference:
1. AU-C 610 of the Professional Standards of the AICPA, Using the Work of Internal Auditors, effective 12/15/14;
2. AU-C 200 of the Professional Standards of the AICPA, Overall Objectives of the Independent Auditor and the Conduct of an Audit in Accordance With Generally Accepted Auditing Standards, effective 12/15/12;
3. AU-C 560 of the Professional Standards of the AICPA, Subsequent Events and Subsequently Discovered Facts, effective 12/15/12;
4. AU-C 265 of the Professional Standards of the AICPA, Communicating Internal Control Related Matters Identified in an Audit, effective 12/15/12;
5. AU-C 260 of the Professional Standards of the AICPA, The Auditor’s Communication With Those Charged With Governance, effective 12/15/12; and
6. AU-C Section 940 of the Professional Standards of the AICPA, An Audit of Internal Control Over Financial Reporting That is Integrated With an Audit of Financial Statements, effective 12/15/16.
(b) The standards incorporated in this section are available:
1. From the American Institute of Certified Public Aaccountants’ (AICPA) website at: http://www.aicpa.org/Publications; and,
2. For inspection during regular business hours at the Office of Insurance Regulation, Larson Building, 200 East Gaines Street, Tallahassee, Florida 32399-0300.
Rulemaking Authority 624.308(1), 624.4085, 624.424(8)(e) FS. Law Implemented 624.307(1), 624.324, 624.424(8) FS. History-New 3-31-92, Amended 3-14-94, 8-17-98, 4-4-01, 8-14-02, Formerly 4-137.002, Amended 11-3-05, 9-21-10, 1-10-19, 12-26-19.
Terms Used In Florida Regulations 69O-137.002
- Affidavit: A written statement of facts confirmed by the oath of the party making it, before a notary or officer having authority to administer oaths.
- Appraisal: A determination of property value.
- Assets: (1) The property comprising the estate of a deceased person, or (2) the property in a trust account.
- Committee membership: Legislators are assigned to specific committees by their party. Seniority, regional balance, and political philosophy are the most prominent factors in the committee assignment process.
- Conviction: A judgement of guilt against a criminal defendant.
- Corporation: A legal entity owned by the holders of shares of stock that have been issued, and that can own, receive, and transfer property, and carry on business in its own name.
- Evidence: Information presented in testimony or in documents that is used to persuade the fact finder (judge or jury) to decide the case for one side or the other.
- Fiscal year: The fiscal year is the accounting period for the government. For the federal government, this begins on October 1 and ends on September 30. The fiscal year is designated by the calendar year in which it ends; for example, fiscal year 2006 begins on October 1, 2005 and ends on September 30, 2006.
- Judgement: The official decision of a court finally determining the respective rights and claims of the parties to a suit.
- Jurisdiction: (1) The legal authority of a court to hear and decide a case. Concurrent jurisdiction exists when two courts have simultaneous responsibility for the same case. (2) The geographic area over which the court has authority to decide cases.
- Liabilities: The aggregate of all debts and other legal obligations of a particular person or legal entity.
- Nolo contendere: No contest-has the same effect as a plea of guilty, as far as the criminal sentence is concerned, but may not be considered as an admission of guilt for any other purpose.
- Obligation: An order placed, contract awarded, service received, or similar transaction during a given period that will require payments during the same or a future period.
- Oversight: Committee review of the activities of a Federal agency or program.
- Remainder: An interest in property that takes effect in the future at a specified time or after the occurrence of some event, such as the death of a life tenant.
(b) Communication of Internal Control Related Matters Noted in an audit; and,
(c) Management’s Report of Internal Control over Financial Reporting.
(2)(a) Every authorized insurer, as defined in subsection (3), below, shall be subject to this rule. Insurers having direct premiums written in this state of less than $1,000,000 in any calendar year and fewer than 1,000 policyholders or certificateholders of direct written policies nationwide at the end of the calendar year shall be exempt from this rule for the year (unless the Office makes a specific finding that compliance is necessary for the Office to carry out statutory responsibilities), except that insurers having assumed premiums pursuant to contracts and/or treaties of reinsurance of $1,000,000 or more will not be so exempt. Any insurer subject to an exemption must submit by March 1 following the year to which the exemption applies an affidavit sworn to by a responsible officer of the insurer specifying the amount of direct premiums written in this state and number of policyholders or certificateholders. Form OIR-DO-1431, (Rev. 7/01), “”Audited Financial Statements Exemption Affidavit,”” is hereby incorporated by reference to be the form specified in Section 624.424(8)(b), F.S., for exemptions from compliance with the filing of an annual audited financial statement. Forms are available at http://www.floir.com/iportal.
(b) Foreign or alien insurers filing Audited Financial Reports in another state, pursuant to that state’s requirement for filing of Audited Financial Reports which has been found by the Office to be substantially similar to the requirements herein, may, in lieu of the other requirements herein, be exempt from subsections (4) through (13) of this rule if:
1. A copy of the Audited Financial Report, Communications of Internal Control Related Matters Noted in an Audit, and the Accountant’s Letter of Qualifications which are filed with the other state are made available to the Office upon request in accordance with the filing dates specified in subsections (4), (11) and (12), respectively (Canadian insurers may submit accountants’ reports as filed with the Office of the Superintendent of Financial Institutions, Canada); and,
2. A copy of any Notification of Adverse Financial Condition Report filed with the other state are made available to the Office upon request within the time specified in subsection (10).
(c) This rule shall not prohibit, preclude, or in any way limit the Office from ordering and/or conducting and/or performing examinations of insurers under its rules.
(3) Definitions.
(a) “”Accountant”” and “”Independent Certified Public Accountant”” means an independent Certified Public Accountant or accounting firm in good standing with the American Institute of Certified Public Accountants (AICPA) and in all states in which he or she is licensed to practice. For Canadian and British companies, it means a Canadian-chartered or British-chartered accountant.
(b) “”Affiliate”” of, or person “”affiliated”” with, a specific person, is a person that directly or indirectly through one or more intermediaries, controls, or is controlled by, or is under common control with, the person specified.
(c) “”Audit committee”” means a committee (or equivalent body) established by the board of directors of an entity for the purpose of overseeing the accounting and financial reporting processes of an insurer or Group of insurers, the Internal audit function of an insurer or Group of insurers (if applicable), and external audits of financial statements of the insurer or Group of insurers. The Audit committee of any entity that controls a Group of insurers may be deemed to be the Audit committee for one or more of these controlled insurers solely for the purposes of this regulation at the election of the controlling person. Refer to paragraph (14)(e), for exercising this election. If an Audit committee is not designated by the insurer, the insurer’s entire board of directors shall constitute the Audit committee.
(d) “”Audited Financial Report”” means and includes those items specified in subsection (5), below.
(e) “”Indemnification”” means an agreement of indemnity or a release from liability where the intent or effect is to shift or limit in any manner the potential liability of the person or firm for failure to adhere to applicable auditing or professional standards, whether or not resulting in part from knowing of other misrepresentations made by the insurer or its representatives.
(f) “”Independent board member”” has the same meaning as described in paragraph (14)(c).
(g) “”Insurer”” means an authorized insurer as defined in Florida Statutes § 624.09
(h) “”Group of insurers”” means those licensed insurers included in the reporting requirements of Florida Statutes Chapter 628, Part IV or a set of insurers as identified by management, for the purpose of assessing the effectiveness of internal control over financial reporting.
(i) “”Internal audit function”” means a person or persons that provide independent, objective, and reasonable assurance designed to add value and improve an organization’s operations and accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.
(j) “”Internal control over financial reporting”” means a process effected by an entity’s board of directors, management and other personnel designed to provide reasonable assurance regarding the reliability of the financial statements, i.e., those items specified in subparagraphs (5)(b)2. through 7. of this regulation, and includes those policies and procedures that:
1. Pertain to the maintenance of records that, in reasonable detail, accurately and fairly reflects the transactions and dispositions of assets,
2. Provide reasonable assurance that transactions are recorded as necessary to permit preparation of the financial statements, i.e., those items specified in subparagraphs (5)(b)2. through 7. of this regulation, and that receipts and expenditures are being made only in accordance with authorizations of management and directors; and,
3. Provide reasonable assurance regarding prevention or timely detection of unauthorized acquisition, use or disposition of assets that could have a material effect on the financial statements, i.e., those items specified in subparagraphs (5)(b)2. through 7. of this regulation.
(k) “”Office”” means the Office of Insurance Regulation.
(l) “”SEC”” means the United States Securities and Exchange Commission.
(m) “”Section 404″” means Section 404 of the Sarbanes-Oxley Act of 2002 and the SEC’s rules and regulations promulgated thereunder.
(n) “”Section 404 Report”” means management’s report on “”internal control over financial reporting”” as defined by the SEC and the related attestation report of the independent certified public accountant as described in paragraph (3)(a).
(o) “”SOX Compliant Entity”” means an entity that either is required to be compliant with, or voluntarily is compliant with, all of the following provisions of the Sarbanes-Oxley Act of 2002: (i) the preapproval requirements of Section 201 (Section 10A(i) of the Securities Exchange Act of 1934); (ii) the Audit committee independence requirements of Section 301 (Section 10A(m)(3) of the Securities Exchange Act of 1934); and (iii) the Internal control over financial reporting requirements of Section 404 (Item 308 of SEC Regulation S-K).
(p) “”Section 16 Report”” means a Management’s Report of Internal Control over Financial Reporting provided in subsection (17) of this rule.
(4) General Requirements Related to Filing and Extensions for Filing of Annual Audited Financial Report and Audit Committee Appointment.
(a) All insurers shall have an annual audit by an independent Certified Public Accountant and shall file an Audited Financial Report with the Office on or before June 1 for the year ended December 31 immediately preceding. The Office may require an insurer to file an Audited Financial Report earlier than June 1 with ninety (90) days advance notice to the insurer.
(b) Every insurer required to file an annual Audited Financial Report pursuant to this regulation shall designate a group of individuals as constituting its Audit committee, as defined in subsection (3). The Audit committee of an entity that controls an insurer may be deemed to be the insurer’s Audit committee for purposes of this regulation at the election of the controlling person.
(5) Contents of Annual Audited Financial Report.
(a) The Annual Audited Financial Report shall report the financial position of the insurer as of the end of the most recent calendar year and the results of its operations, cash flows, and changes in capital and surplus for the year then ended in conformity with statutory accounting practices prescribed, or otherwise permitted, by the state of domicile.
(b) The Annual Audited Financial Report shall include the following:
1. Report of independent Certified Public Accountant.
2. Balance sheet reporting admitted assets, liabilities, capital and surplus.
3. Statement of operations.
4. Statement of cash flows.
5. Statement of changes in capital and surplus.
6. Notes to financial statements. These notes shall be those required by the appropriate NAIC Annual Statement Instructions (incorporated by reference in subsection 69O-137.001(4), F.A.C.) and the NAIC Accounting Practices and Procedures Manual (incorporated by reference in subsection 69O-137.001(4), F.A.C.) and any other notes required by generally accepted accounting principles and shall also include reconciliation of differences, if any, between the audited statutory financial statements and the Annual Statement filed pursuant to Florida Statutes § 624.424(1), with a written description of the nature of these differences.
7. The financial statements included in the Audited Financial Report shall be prepared in a form and using language and groupings substantially the same as the relevant sections of the Annual Statement of the insurer filed with the Office, and the financial statement shall be comparative, presenting the amounts as of December 31 of the current year and the amounts as of the immediately preceding December 31. However, in the first year in which an insurer is required to file an Audited Financial Report, the comparative data may be omitted.
(6) Designation of Independent Certified Public Accountant.
(a) Each insurer required by this rule to file an annual Audited Financial Report must, by December 31 of the year subject to audit, register with the Office in writing the name and address of the independent Certified Public Accountant or accounting firm retained to conduct the annual audit set forth in this rule.
(b) The insurer shall obtain a letter from the accountant, and file a copy with the Office, stating that the accountant is aware of the provisions of the Insurance Code and the Rules and Regulations of the state of domicile that relate to accounting and financial matters, and affirming that the accountant will express his or her opinion on the financial statements in terms of their conformity to the statutory accounting practices prescribed or otherwise permitted by that Insurance Department, specifying the exceptions as he or she may believe appropriate.
(c) If an accountant who was the accountant for the immediately preceding filed Audited Financial Report is dismissed or resigns, the insurer shall within five (5) business days notify the Office of this event. The insurer shall also furnish the Office with a separate letter within ten (10) business days of the above notification stating whether in the twenty-four (24) months preceding that event there were any disagreements with the former accountant on any matter of accounting principles or practices, financial statement disclosure, or auditing scope or procedure; which disagreements, if not resolved to the satisfaction of the former accountant, would have caused him or her to make reference to the subject matter of the disagreement in connection with his or her opinion. The disagreements required to be reported in response to this paragraph include both those resolved to the former accountant’s satisfaction and those not resolved to the former accountant’s satisfaction. Disagreements contemplated by this subsection are those that occur at the decision-making level, i.e., between personnel of the insurer responsible for presentation of its financial statements and personnel of the accounting firm responsible for rendering its report. The insurer shall also in writing request the former accountant to furnish a letter addressed to the insurer stating whether the accountant agrees with the statements contained in the insurer’s letter, and if not, stating the reasons for which he or she does not agree; and the insurer shall furnish the responsive letter from the former accountant to the Office together with its own.
(7) Qualifications of Independent Certified Public Accountant.
(a) The Office shall not recognize any person or firm as a qualified independent Certified Public Accountant if the person or firm:
1. Is not in good standing with the American Institute of Certified Public Accountants (AICPA) and in all states in which the accountant is licensed to practice, or for a Canadian or British company, that is not a chartered accountant; or
2. Has either directly or indirectly entered into an agreement of indemnity or release from liability (collectively referred to as indemnification) with respect to the audit of the insurer.
(b) Except as otherwise provided in this rule, the Office shall recognize an independent Certified Public Accountant as qualified as long as he or she prepares reports, filings, and statements as required by the Florida Insurance Code, and conforms to the standards of his or her profession as contained in the Rules and Regulations and Code of Ethics and Rules of Professional Conduct of the Florida Board of Public Accountancy, or similar code.
(c)1. The lead (or coordinating) audit partner (having primary responsibility for the audit) may not act in that capacity for more than five (5) consecutive years. The person shall be disqualified from acting in that or a similar capacity for the same company or its insurance subsidiaries or affiliates for a period of five (5) consecutive years. An insurer may make application to the Office for relief from the above rotation requirement based on an unusual hardship to the insurer and a determination by the Office that the accountant is exercising independent judgement that is not unduly influenced by the insurer. This application should be made at least thirty (30) days before the end of the calendar year. The Office shall consider the following factors in determining if the relief should be granted:
a. Number of partners, expertise of the partners, or the number of insurance clients in the currently registered firm;
b. Premium volume of the insurer; and,
c. Number of jurisdictions in which the insurer transacts business.
2. The insurer shall file, with its annual statement filing, the approval for relief from paragraph (7)(c), with the states that it is licensed in or doing business in and with the NAIC. If the nondomestic state accepts electronic filing with the NAIC, the insurer shall file the approval in an electronic form acceptable to the NAIC.
(d) The Office shall neither recognize as a qualified independent Certified Public Accountant, nor accept an annual Audited Financial Report prepared in whole or in part by any natural person who:
1. Has been found guilty of, or has pleaded guilty or nolo contendere to, any felony or crime punishable by imprisonment of one year or more under the law of the United States or any state thereof or under the law of any other country, which involves moral turpitude, without regard to whether a judgement of conviction has been entered by the court having jurisdiction in such case;
2. Has been found to have violated the insurance laws of this state with respect to any previous reports submitted under this rule; or
3. Has failed to detect or disclose material information in previous reports filed under the provisions of this rule.
(e) In accordance with the provisions of Sections 624.307 and 624.324, F.S., and in its own rules of departmental practice, the Office shall conduct a hearing to determine whether an independent Certified Public Accountant is qualified if Office records do not contain sufficient information to demonstrate that the Certified Public Accountant is qualified. Considering the evidence presented, the Office shall conclude that the accountant is not qualified for purposes of expressing his or her opinion on the financial statements in the annual Audited Financial Report made pursuant to this rule, if the accountant fails to meet the qualifications and other requirements of this rule. If the accountant is found to be not qualified, the Office shall require the insurer to replace the accountant with another whose relationship with the insurer is qualified within the meaning of this rule. Upon determination by the Office that the accountant is not qualified to express an opinion on the financial statements in the annual Audited Financial Report made pursuant to this rule the insurer may request a hearing pursuant to Florida Statutes § 120.57
(f) A qualified independent certified accountant may enter into an agreement with an insurer to have disputes relating to an audit resolved by mediation or arbitration. However, in the event of a delinquency proceeding commenced against the insurer under Florida Statutes Chapter 631, the mediation or arbitration provisions shall operate at the option of the statutory successor.
(g)1. The Office shall not recognize as a qualified independent certified public accountant, nor accept an annual Audited Financial Report, prepared in whole or in part by an accountant who provides to an insurer, contemporaneously with the audit, the following non-audit services:
a. Bookkeeping or other services related to the accounting records or financial statements of the insurer;
b. Financial information systems design and implementation;
c. Appraisal or valuation services, fairness opinions, or contribution in-kind reports;
d. Actuarially-oriented advisory services involving the determination of amounts recorded in the financial statements. The accountant may assist an insurer in understanding the methods, assumptions and inputs used in the determination of amounts recorded in the financial statement only if it is reasonable to conclude that the services provided will not be subject to audit procedures during an audit of the insurer’s financial statements. An accountant’s actuary may also issue an actuarial opinion or certification (“”opinion””) on an insurer’s reserves if the following conditions have been met:
(I) Neither the accountant nor the accountant’s actuary has performed any management functions or made any management decisions;
(II) The insurer has competent personnel (or engages a third party actuary) to estimate the reserves for which management takes responsibility; and,
(III) The accountant’s actuary tests the reasonableness of the reserves after the insurer’s management has determined the amount of the reserves;
e. Internal audit outsourcing services;
f. Management functions or human resources;
g. Broker or dealer, investment adviser, or investment banking services; or
h. Legal services or expert services unrelated to the audit.
2. In general, the principles of independence with respect to services provided by the qualified independent certified public accountant are largely predicated on three basic principles, violations of which would impair the accountant’s independence. The principles are that the accountant cannot function in the role of management, cannot audit his own work, and cannot serve in an advocacy role for the insurer.
(h) Insurers having direct written and assumed premiums of less than $100,000,000 in any calendar year may request an exemption from subparagraph (g)1. The insurer shall file with the Office a written statement discussing the reasons why the insurer should be exempt from these provisions. If the Office finds, upon review of this statement, that compliance with this regulation would constitute an undue financial or organizational hardship upon the insurer, an exemption shall be granted.
(i) A qualified independent certified public accountant who performs the audit may engage in other non-audit services, including tax services that are not described in subparagraph (g)1., or that do not conflict with subparagraph (g)2., only if the activity is approved in advance by the Audit committee, in accordance with paragraph (j).
(j) All auditing services and non-audit services provided to an insurer by the qualified independent certified public accountant of the insurer shall be preapproved by the Audit committee. The preapproval requirement is waived with respect to non-audit services if the insurer is a SOX Compliant Entity or a direct or indirect wholly-owned subsidiary of a SOX Compliant Entity or:
1. The aggregate amount of all such non-audit services provided to the insurer constitutes not more than five percent (5%) of the total amount of fees paid by the insurer to its qualified independent certified public accountant during the fiscal year in which the non-audit services are provided;
2. The services were not recognized by the insurer at the time of the engagement to be non-audit services; and,
3. The services are promptly brought to the attention of the Audit committee of the insurer and approved prior to the completion of the audit by the Audit committee or by one or more members of the Audit committee who are the members of the board of directors to whom authority to grant such approvals has been delegated by the Audit committee.
(k) The Audit committee may delegate to one or more designated members of the Audit committee the authority to grant the preapprovals required by paragraph (l). The decisions of any member to whom this authority is delegated shall be presented to the full Audit committee at each of its scheduled meetings.
(l)1. The Office shall not recognize an independent certified public accountant as qualified for a particular insurer if a member of the board, president, chief executive officer, controller, chief financial officer, chief accounting officer, or any person serving in an equivalent position for that insurer, was employed by the independent certified public accountant and participated in the audit of that insurer during the one-year period preceding the date that the most current statutory opinion is due. This subsection shall only apply to partners and senior managers involved in the audit.
2. The insurer shall file, with its annual statement filing, the approval for relief from subparagraph (l)1., with the states that it is licensed in or doing business in and the NAIC. If the nondomestic state accepts electronic filing with the NAIC, the insurer shall file the approval in an electronic format acceptable to the NAIC.
(8) Consolidated or Combined Audits.
(a) An insurer may make written application to the Office for approval to file audited consolidated or combined financial statements in lieu of separate annual audited financial statements if the insurer is part of a group of insurance companies which utilizes a pooling or one hundred percent reinsurance agreement that affects the solvency and integrity of the insurer’s reserves, and the insurer cedes all of its direct and assumed business to the pool. In these cases, a columnar consolidating or combining worksheet shall be filed with the report, as follows:
1. Amounts shown on the consolidated or combined Audited Financial Report shall be shown on the worksheet.
2. Amounts for each insurer subject to this section shall be stated separately.
3. Noninsurance operations may be shown on the worksheet on a combined or individual basis.
4. Explanations of consolidating and eliminating entries shall be included; and,
5. A reconciliation shall be included of any differences between the amounts shown in the individual insurer columns of the worksheet and comparable amounts shown on the Annual Statements of the insurers.
(b)1. The application for approval to consolidate is required each year, and must be filed with the Office prior to the end of the calendar year for which the approval is being granted, except that applications for approval will be accepted after the end of such calendar year subject to the imposition of an administrative fine on each insurer involved in such application as provided for in Florida Statutes § 624.4211(2)
2. The amount of the fine shall be $50 per day for each day beyond the end of the calendar year, not to exceed an aggregate amount of $10,000 for the group of insurers requesting permission to file on a consolidated basis.
(c) Approval to consolidate or combine statements shall be granted unless the Office makes a specific finding that approval would prevent the Office from carrying out its statutory responsibilities.
(9) Scope of Audit and Report of Independent Certified Public Accountant. Financial statements furnished pursuant to subsection (5) above, shall be examined by the independent certified public accountant. The audit of the insurer’s financial statements shall be conducted in accordance with generally accepted auditing standards. In accordance with AU-C 610 of the Professional Standards of the AICPA, Using the Work of Internal Auditors, effective 12/15/14, and AU-C Section 940 of the Professional Standards of the AICPA, An Audit of Internal Control Over Financial Reporting That is Integrated With an Audit of Financial Statements, effective 12/15/16, the independent certified public accountant should obtain an understanding of internal control sufficient to plan the audit. To the extent required by AU-C 610 and AU-C Section 940, for those insurers required to file a Management’s Report of Internal Control over Financial Reporting pursuant to subsection (17), the independent certified public accountant should consider (as that term is defined in of the Professional Standards of the AICPA, AU-C 200 Overall Objectives of the Independent Auditor and the Conduct of an Audit in Accordance With Generally Accepted Auditing Standards, effective 12/15/12) the most recently available report in planning and performing the audit of the statutory financial statements. Consideration should also be given to the other procedures illustrated in the Financial Condition Examiner’s Handbook promulgated by the National Association of Insurance Commissioners (incorporated by reference in Fl. Admin. Code R. 69O-138.001) as the independent Certified Public Accountant deems necessary.
(10) Notification of Adverse Financial Condition.
(a) The insurer required to furnish the annual Audited Financial Report shall require the independent Certified Public Accountant to report, in writing, within five (5) business days to the board of directors or its Audit committee any determination by the independent Certified Public Accountant that the insurer has materially misstated its financial condition as reported to the Office as of the balance sheet date currently under audit, or that the insurer does not meet the minimum capital and surplus requirement of the Florida Insurance Code as of that date. An insurer who has received a report pursuant to this paragraph shall forward a copy of the report to the Office within five (5) business days of receipt of said report and shall provide the independent Certified Public Accountant making the report with evidence of the report being furnished to the Office. If the independent Certified Public Accountant fails to receive the evidence within the required five (5) business day period, the independent Certified Public Accountant shall furnish to the Office a copy of its report within the next five (5) business days.
(b) An independent certified public accountant shall not be liable in any manner to any person for any statement made in connection with the above paragraph if the statement is made in good faith in compliance with the above paragraph.
(c) If the accountant, subsequent to the date of the Audited Financial Report filed pursuant to this rule, becomes aware of facts which might have affected his report, the Office notes the obligation of the accountant to take such action as prescribed in AU-C 560 of the Professional Standards of the AICPA, Subsequent Events and Subsequently Discovered Facts, effective 12/15/12.
(11) Communication of Internal Control Related Matters Noted in an Audit.
(a) In addition to the annual Audited Financial Report, each insurer shall furnish the Office with a written communication as to any unremediated material weaknesses in its Internal control over financial reporting noted during the audit. Such communication shall be prepared by the accountant within sixty (60) days after the filing of the annual Audited Financial Report, and shall contain a description of any unremediated material weakness (as the term material weakness is defined by AU-C 265 of the Professional Standards of the AICPA, Communicating Internal Control Related Matters Identified in an Audit), effective 12/15/12, as of December 31 immediately preceding (so as to coincide with the Audited Financial Report discussed in subsection (4)) in the insurer’s Internal control over financial reporting noted by the accountant during the course of their audit of the financial statements. If no unremediated material weaknesses were noted, the communication should so state.
(b) The insurer is required to provide a description of remedial actions taken or proposed to correct unremediated material weaknesses if the actions are not described in the accountant’s communication.
(12) Accountant’s Letter of Qualifications.
(a) The accountant shall furnish a letter to the insurer in connection with, and for inclusion in, the filing of the annual Audited Financial Report.
(b) The letter shall state:
1. That the accountant is independent with respect to the insurer and conforms to the standards of his or her profession as contained in the Code of Professional Ethics and pronouncements of the AICPA and the Rules of Professional Conduct of the Florida Board of Public Accountancy, or similar code,
2. The background and experience in general, and the experience in audits of insurers of the staff assigned to the engagement and whether each is an independent Certified Public Accountant. Nothing within this rule shall be construed as prohibiting the accountant from utilizing his or her staff as he or she deems appropriate where use is consistent with the standards prescribed by generally accepted auditing standards,
3. That the accountant understands the annual Audited Financial Report, and his or her opinion thereon will be filed in compliance with this rule, and that the Office will be relying on this information in the monitoring and regulation of the financial position of insurers,
4. That the accountant consents to the requirements of subsection (13), below, and that the accountant consents and agrees to make the workpapers as defined in subsection (13), below, available for review by the Office,
5. A representation that the accountant is properly licensed by an appropriate state licensing authority and is a member in good standing in the AICPA; and,
6. A representation that the accountant is in compliance with the requirements of subsection (7) of this rule.
(13) Definition, Availability, and Maintenance of Independent Certified Public Accountants Workpapers.
(a) Workpapers are the records kept by the independent Certified Public Accountant of the procedures followed, the tests performed, the information obtained, and the conclusions reached pertinent to the accountant’s audit of the financial statements of an insurer. Workpapers, accordingly, may include audit planning documentation, work programs, analyses, memoranda, letters of confirmation and representation, abstracts of company documents and schedules, or commentaries prepared or obtained by the independent Certified Public Accountant in the course of his or her audit of the financial statements of an insurer, and which support the accountant’s opinion.
(b) Every insurer required to file an Audited Financial Report pursuant to this rule shall require the accountant to make available for review by Office examiners all workpapers prepared in the conduct of the accountant’s audit, and any communications related to the audit between the accountant and the insurer, at the offices of the insurer, at the Office or at any other reasonable place designated by the Office. The insurer shall require that the accountant retain the audit workpapers and communications until the Office has filed a Report on Examination covering the period of the audit, but no less than seven (7) years from the date of the audit report.
(c) In the conduct of the aforementioned periodic review by the Office examiners, it shall be agreed that photocopies of pertinent audit workpapers may be made and retained by the Office. The reviews by the Office examiners shall be considered investigations, and all working papers and communications obtained during the course of the investigations shall be afforded the same confidentiality as other examination workpapers generated by the Office until the Report of Examination is filed by the Office.
(14) Requirements for Audit Committee.
This section shall not apply to foreign or alien insurers licensed in this state or an insurer that is a SOX Compliant Entity or a direct or indirect wholly-owned subsidiary of a SOX Compliant Entity.
(a) The Audit committee shall be directly responsible for the appointment, compensation and oversight of the work of any accountant (including resolution of disagreements between management and the accountant regarding financial reporting) for the purpose of preparing or issuing the Audited Financial Report or related work pursuant to this rule. Each accountant shall report directly to the Audit committee.
(b) The Audit committee of an insurer or Group of insurers shall be responsible for overseeing the insurer’s Internal audit function and granting the person or persons performing the function suitable authority and resources to fulfill their responsibilities if required by subsection 15 of this Regulation.
(c) Each member of the Audit committee shall be a member of the board of directors of the insurer or a member of the board of directors of an entity elected pursuant to paragraphs (f) and (3)(c).
(d) In order to be considered independent for purposes of this section, a member of the Audit committee may not, other than in his or her capacity as a member of the Audit committee, the board of directors, or any other board committee, accept any consulting, advisory or other compensatory fee from the entity or be an affiliated person of the entity or any subsidiary thereof.
(e) If a member of the Audit committee ceases to be independent for reasons outside the member’s reasonable control, that person, with notice by the responsible entity to the state, may remain an Audit committee member of the responsible entity until the earlier of the next annual meeting of the responsible entity or one year from the occurrence of the event that caused the member to be no longer independent.
(f) To exercise the election of the controlling person to designate the Audit committee for purposes of this regulation, the ultimate controlling person shall provide written notice to the Office of the affected insurers. Notification shall be made timely prior to the issuance of the statutory audit report and include a description of the basis for the election. The election can be changed through notice to the Office by the insurer, which shall include a description of the basis for the change. The election shall remain in effect for perpetuity, until rescinded.
(g)1. The Audit committee shall require the accountant that performs for an insurer any audit required by this regulation to timely report to the Audit committee in accordance with the requirements of AU-C 260 of the Professional Standards of the AICPA, The Auditor’s Communication With Those Charged with Governance, effective 12/15/12, including:
a. All significant accounting policies and material permitted practices,
b All material alternative treatments of financial information within statutory accounting principles that have been discussed with management officials of the insurer, ramifications of the use of the alternative disclosures and treatments, and the treatment preferred by the accountant; and,
c. Other material written communications between the accountant and the management of the insurer, such as any management letter or schedule of unadjusted differences.
2. If an insurer is a member of an insurance holding company system, the reports required by subparagraph (g)1., may be provided to the Audit committee on an aggregate basis for insurers in the holding company system, provided that any substantial differences among insurers in the system are identified to the Audit committee.
(h) The proportion of independent Audit committee members shall meet or exceed the following criteria:
Prior Calendar Year Direct Written and Assumed Premiums
$0 – 300,000,000
Over $300,000,000 – 500,000,000
Over 500,000,000
No minimum requirements.
See also Notes A and B.
Majority (50% or more) of members shall be independent. See also Notes A and B.
Supermajority of members (75% or more) shall be independent. See also Note A.
Note A: The Office has authority afforded by Florida Statutes § 624.4085, to require the entity’s board to enact improvements to the independence of the Audit committee membership if the insurer is in a Risk Based Capital action level event, meets one or more of the standards of an insurer deemed to be in hazardous financial condition, or otherwise exhibits qualities of a troubled insurer.
Note B: All insurers with less than $500,000,000 in prior year direct written and assumed premiums are encouraged to structure their Audit committees with at least a supermajority of independent Audit committee members.
Note C: Prior calendar year direct written and assumed premiums shall be the combined total of direct premiums and assumed premiums from non-affiliates for the reporting entities.
(i) An insurer with direct written and assumed premium, excluding premiums reinsured with the Federal Crop Insurance Corporation and Federal Flood Program, less than $500,000,000 may make application to the Office for a waiver from the subsection (14), requirements based upon hardship. The insurer shall file, with its annual statement filing, the approval for relief from subsection (14), with the states that it is licensed in or doing business in and the NAIC. If the non-domestic state accepts electronic filing with the NAIC, the insurer shall file the approval in an electronic format acceptable to the NAIC.
(15) Internal Audit Function Requirements.
(a) Exemption – An insurer is exempt from the requirements of this section if:
1. The insurer has annual direct written and unaffiliated assumed premium, including international direct and assumed premium but excluding premiums reinsured with the Federal Crop Insurance Corporation and Federal Flood Program, less than $500,000,000; and,
2. If the insurer is a member of a Group of insurers, the group has annual direct written and unaffiliated assumed premium, including international direct and assumed premium but excluding premiums reinsured with the Federal Crop Insurance Corporation and Federal Flood Program, less than $1,000,000,000.
(b) Note: An insurer or Group of insurers exempt from the requirements of subsection (15) is encouraged, but not required, to conduct a review of the insurer business type, sources of capital, and other risk factors to determine whether an Internal audit function is warranted. The potential benefits of an Internal audit function should be assessed and compared against the estimated costs.
(c) Function – The insurer or Group of insurers shall establish an Internal audit function providing independent, objective, and reasonable assurance to the Audit committee and insurer management regarding the insurer’s governance, risk management, and internal controls. This assurance shall be provided by performing general and specific audits, reviews, and tests and by employing other techniques deemed necessary to protect assets, evaluate control effectiveness and efficiency, and evaluate compliance with policies and regulations.
(d) Independence – In order to ensure that internal auditors remain objective, the Internal audit function must be organizationally independent. Specifically, the Internal audit function will not defer ultimate judgment on audit matters to others, and shall appoint an individual to head the Internal audit function who will have direct and unrestricted access to the board of directors. Organizational independence does not preclude dual-reporting relationships.
(e) Reporting – The head of the Internal audit function shall report to the Audit committee regularly, but no less than annually, on the periodic audit plan, factors that may adversely impact the Internal audit function’s independence or effectiveness, material findings from completed audits, and the appropriateness of corrective actions implemented by management as a result of audit findings.
(f) Additional Requirements – If an insurer is a member of an insurance holding company system or included in a Group of insurers, the insurer may satisfy the Internal audit function requirements set forth in this section at the ultimate controlling parent level, an intermediate holding company level, or the individual legal entity level.
(16) Conduct of Insurer in Connection with the Preparation of Required Reports and Documents.
(a) No director or officer of an insurer shall, directly or indirectly:
1. Make or cause to be made a materially false or misleading statement to an accountant in connection with any audit, review or communication required under this regulation; or
2. Omit to state, or cause another person to omit to state, any material fact necessary in order to make statements made, in light of the circumstances under which the statements were made, not misleading to an accountant in connection with any audit, review or communication required under this regulation.
(b) No officer or director of an insurer, or any other person acting under the direction thereof, shall directly or indirectly take any action to coerce, manipulate, mislead or fraudulently influence any accountant engaged in the performance of an audit pursuant to this regulation if that person knew or should have known that the action, if successful, could result in rendering the insurer’s financial statements materially misleading.
(c) For purposes of paragraph (b) of this section, actions that, “”if successful, could result in rendering the insurer’s financial statements materially misleading”” include, but are not limited to, actions taken at any time with respect to the professional engagement period to coerce, manipulate, mislead or fraudulently influence an accountant:
1. To issue or reissue a report on an insurer’s financial statements that is not warranted in the circumstances (due to material violations of statutory accounting principles prescribed by the Office or generally accepted auditing standards);
2. Not to perform audit, review or other procedures required by generally accepted auditing standards;
3. Not to withdraw an issued report; or
4. Not to communicate matters to an insurer’s Audit committee.
(17) Management’s Report of Internal Control over Financial Reporting.
(a) Every insurer required to file an Audited Financial Report pursuant to this regulation that has annual direct written and assumed premiums, excluding premiums reinsured with the Federal Crop Insurance Corporation and Federal Flood Program, of $500,000,000 or more shall prepare a report of the insurer’s or Group of insurers’ Internal control over financial reporting, as these terms are defined in subsection (3). The report shall be filed with the Office along with the Communication of Internal Control Related Matters Noted in an Audit described under subsection (11). Management’s Report of Internal Control over Financial Reporting shall be as of December 31 immediately preceding.
(b) Notwithstanding the premium threshold in paragraph (16)(a), the Office shall require an insurer to file Management’s Report of Internal Control over Financial Reporting if the insurer is in any Risk Based Capital level event, or meets any one or more of the standards of an insurer deemed to be in hazardous financial condition. “”Hazardous financial condition”” shall mean any of the conditions that subject an insurer to suspension or revocation of its certificate of authority as provided in Florida Statutes § 624.418
(c) An insurer or a Group of insurers that is:
1. Directly subject to Section 404;
2. Part of a holding company system whose parent is directly subject to Section 404;
3. Not directly subject to Section 404 but is a SOX Compliant Entity; or
4. A member of a holding company system whose parent is not directly subject to Section 404 but is a SOX Compliant Entity; may file its or its parent’s Section 404 Report and an addendum in satisfaction of this Section’s requirement provided that those internal controls of the insurer or Group of insurers having a material impact on the preparation of the insurer’s or Group of insurers’ audited statutory financial statements (those items included in subparagraphs (5)(b)2. through (5)(b)7. of this regulation) were included in the scope of the Section 404 Report. The addendum shall be a positive statement by management that there are no material processes with respect to the preparation of the insurer’s or Group of insurers’ audited statutory financial statements (those items included in subparagraphs (5)(b)2. through (5)(b)7. of this rule) excluded from the Section 404 Report. If there are internal controls of the insurer or Group of insurers that have a material impact on the preparation of the insurer’s or Group of insurers’ audited statutory financial statements and those internal controls were not included in the scope of the Section 404 Report, the insurer or Group of insurers may either file (i) a subsection (16) report, or (ii) the Section 404 Report and a subsection (16) report for those internal controls that have a material impact on the preparation of the insurer’s or Group of insurers’ audited statutory financial statements not covered by the Section 404 Report.
(d) Management’s Report of Internal Control over Financial Reporting shall include:
1. A statement that management is responsible for establishing and maintaining adequate internal control over financial reporting,
2. A statement that management has established internal control over financial reporting and an assertion, to the best of management’s knowledge and belief, after diligent inquiry, as to whether its internal control over financial reporting is effective to provide reasonable assurance regarding the reliability of financial statements in accordance with statutory accounting principles,
3. A statement that briefly describes the approach or processes by which management evaluated the effectiveness of its internal control over financial reporting,
4. A statement that briefly describes the scope of work that is included and whether any internal controls were excluded,
5. Disclosure of any unremediated material weaknesses in the internal control over financial reporting identified by management as of December 31 immediately preceding, after the effective date of this rule. Management is not permitted to conclude that the internal control over financial reporting is effective to provide reasonable assurance regarding the reliability of financial statements in accordance with statutory accounting principles if there is one or more unremediated material weaknesses in its internal controls over financial reporting,
6. A statement regarding the inherent limitations of internal control systems; and,
7 Signatures of the chief executive officer and the chief financial officer (or equivalent position/title).
(e) Management shall document and make available upon financial condition examination the basis upon which its assertions, required in paragraph (d), above, are made. Management may base its assertions, in part, upon its review, monitoring and testing of internal controls undertaken in the normal course of its activities.
1. Management shall have discretion as to the nature of the internal control framework used, and the nature and extent of documentation, in order to make its assertion in a cost effective manner and, as such, may include assembly of or reference to existing documentation.
2. Management’s Report on Internal Control over Financial Reporting, required by paragraph (a), above, and any documentation provided in support thereof during the course of a financial condition examination, shall be kept confidential by the Office.
(18) Exemptions and Effective Dates.
(a) Upon written application of any insurer, the Office shall grant an exemption from compliance with any and all provisions of this rule if the Office finds, upon review of the application, that compliance with this regulation would constitute an undue financial or organizational hardship upon the insurer.
(b) Domestic insurers shall comply with this rule for the year ending December 31, 2010, and each year thereafter.
(c) Foreign insurers shall comply with this rule for the year ending December 31, 2010, and each year thereafter.
(d) The requirements of paragraph (7)(c), shall be in effect for audits of the year ending December 31, 2010, and thereafter.
(e) The requirements of subsection (14), are to be in effect for audits of the year ending December 31, 2010. An insurer or Group of insurers that is not required to have independent Audit committee members or only a majority of independent Audit committee members (as opposed to a supermajority) because the total written and assumed premium is below the threshold and subsequently becomes subject to one of the independence requirements discussed in this paragraph due to changes in premium shall have one (1) year following the year the threshold is exceeded (but not earlier than January 1, 2010) to comply with the independence requirements discussed in this paragraph. Likewise, an insurer that becomes subject to one of the independence requirements discussed in this paragraph as a result of a business combination shall have one (1) calendar year following the date of acquisition or combination to comply with the independence requirements.
(f) The requirements of subsection (17), and other modified sections, except for subsection (14), covered above, are effective beginning with the reporting period ending December 31, 2010, and each year thereafter. An insurer or Group of insurers that is not required to file a report because the total written premium is below the threshold and subsequently becomes subject to the reporting requirements shall have two (2) years following the year the threshold is exceeded (but not earlier than December 31, 2010) to file a report. Likewise, an insurer acquired in a business combination shall have two (2) calendar years following the date of acquisition or combination to comply with the reporting requirements.
(g) If an insurer or Group of insurers that has been exempt from the subsection 15 requirements no longer qualifies for that exemption, it shall have one year after the year the threshold is exceeded to comply with the requirements of this rule.
(19) Canadian and British Companies.
(a) In the case of Canadian and British insurers, the annual Audited Financial Report shall be defined as the annual statement of total business on the form filed by the companies with their supervision authority duly audited by an independent chartered accountant.
(b) For these insurers, the letter required in paragraph (6)(b), above, shall state that the accountant is aware of the requirements relating to the annual Audited Financial Report filed with the Office pursuant to subsection (4), above, and shall affirm that the opinion expressed is in conformity with these requirements.
(20) Severability Provision.
If any section or portion of this rule or its applicability to any person or circumstance is held invalid by a court, the remainder of the rule or the applicability of the provision to other persons or circumstances shall not be affected.
(21) Standards Incorporated by Reference.
(a) The following standards are hereby incorporated by reference:
1. AU-C 610 of the Professional Standards of the AICPA, Using the Work of Internal Auditors, effective 12/15/14;
2. AU-C 200 of the Professional Standards of the AICPA, Overall Objectives of the Independent Auditor and the Conduct of an Audit in Accordance With Generally Accepted Auditing Standards, effective 12/15/12;
3. AU-C 560 of the Professional Standards of the AICPA, Subsequent Events and Subsequently Discovered Facts, effective 12/15/12;
4. AU-C 265 of the Professional Standards of the AICPA, Communicating Internal Control Related Matters Identified in an Audit, effective 12/15/12;
5. AU-C 260 of the Professional Standards of the AICPA, The Auditor’s Communication With Those Charged With Governance, effective 12/15/12; and
6. AU-C Section 940 of the Professional Standards of the AICPA, An Audit of Internal Control Over Financial Reporting That is Integrated With an Audit of Financial Statements, effective 12/15/16.
(b) The standards incorporated in this section are available:
1. From the American Institute of Certified Public Aaccountants’ (AICPA) website at: http://www.aicpa.org/Publications; and,
2. For inspection during regular business hours at the Office of Insurance Regulation, Larson Building, 200 East Gaines Street, Tallahassee, Florida 32399-0300.
Rulemaking Authority 624.308(1), 624.4085, 624.424(8)(e) FS. Law Implemented 624.307(1), 624.324, 624.424(8) FS. History-New 3-31-92, Amended 3-14-94, 8-17-98, 4-4-01, 8-14-02, Formerly 4-137.002, Amended 11-3-05, 9-21-10, 1-10-19, 12-26-19.