Section
1. Authority
This regulation is promulgated by the Director of Insurance
(Director) of the South Carolina Department of Insurance (Department) pursuant
to Sections
38-3-110,
38-13-80,
38-90-150
and
38-90-630
of the South Carolina Code of Laws.
Section 2. Purpose and Scope
A. The purpose of this regulation is to
improve the Department's surveillance of the financial condition of insurers,
as defined in Section 3, by requiring (1) an annual audit of financial
statements reporting the financial position and the results of operations of
insurers by independent certified public accountants, (2) Communication of
Internal Control Related Matters Noted in an Audit, and (3) Management's Report
of Internal Control over Financial Reporting.
B. Every insurer shall be subject to this
regulation. Insurers having direct premiums written in this state of less than
$1,000,000 in any calendar year and less than 1,000 policyholders or
certificate holders of direct written policies nationwide at the end of the
calendar year shall be exempt from this regulation for the year (unless the
Director makes a specific finding that compliance is necessary for the Director
to carry out statutory responsibilities) except that insurers having assumed
premiums pursuant to contracts and/or treaties of reinsurance of $1,000,000 or
more will not be so exempt. For purposes of this subsection, all premiums
written or assumed by a captive insurer shall be deemed to be written in this
state.
C. Foreign or alien insurers
filing the Audited Financial Report in another state, pursuant to that state's
requirement for filing of Audited Financial Reports, which has been found by
the Director to be substantially similar to the requirements herein, are exempt
from Sections 4 through 13 of this regulation if:
(1) A copy of the Audited Financial Report,
Communication of Internal Control Related Matters Noted in an Audit, and the
Accountant's Letter of Qualifications that are filed with the other state are
filed with the Director in accordance with the filing dates specified in
Sections 4, 11 and 12, respectively (Canadian insurers may submit accountants'
reports as filed with the Office of the Superintendent of Financial
Institutions, Canada).
(2) A copy
of any Notification of Adverse Financial Condition Report filed with the other
state is filed with the Director within the time specified in Section
10.
D. Foreign or alien
insurers required to file Management's Report of Internal Control over
Financial Reporting in another state are exempt from filing the Report in this
state provided the other state has substantially similar reporting requirements
and the Report is filed with the commissioner of the other state within the
time specified.
E. This regulation
shall not prohibit, preclude or in any way limit the Director from ordering or
conducting or performing examinations of insurers under the rules and
regulations of the Department and the practices and procedures of the
Department.
F.
(1) Except as otherwise provided in this
subsection, this regulation shall not apply to captive insurance companies
other than captive insurers as defined in Section 3(A)(5). In the case of a
conflict between a provision of Regulation
69-60
and a provision of this regulation, the latter controls.
(2) The Director may, by written notice,
require a captive insurance company that is not otherwise subject to this
regulation to comply with any provision or requirement of this regulation by
making a specific finding that compliance is necessary for the Director to
carry out statutory responsibilities. In arriving at this finding, the Director
may consider the captive insurance company's business plan, including the
nature of the risks insured, and other factors the Director considers
advisable. Such a notice may be issued at any time and from time to time for a
specified period or periods. Within thirty days from issuance of the notice,
the captive insurance company may request in writing a hearing, pursuant to
statute, on the requirement for compliance. The hearing shall be held in
accordance with South Carolina law pertaining to administrative hearing
procedures.
(3) Notwithstanding any
provision of this regulation to the contrary, a captive insurance company made
subject to this regulation by written notice pursuant to Section 2(F)(2) shall
file its Audited Financial Report on or before the date that is six months
following the last day of the captive insurance company's fiscal year end,
provided that the Director may require an earlier filing than such date with
ninety days advance notice to the captive insurance company. Extensions of the
filing date may be granted by the Director for thirty-day periods upon a
showing by the captive insurance company and its independent certified public
accountant of the reasons for requesting an extension and determination by the
Director of good cause for an extension. The request for extension must be
submitted in writing not less than ten days prior to the due date in sufficient
detail to permit the Director to make an informed decision with respect to the
requested extension. If an extension of the filing date is granted, a similar
extension of thirty days is granted to the filing of Management's Report of
Internal Control over Financial Reporting.
(4) Every captive insurance company required
to file an annual Audited Financial Report by written notice pursuant to
Section 2(F)(2) shall designate a group of individuals as constituting its
Audit Committee, as defined in Section 3(A)(3). The Audit Committee of an
entity that controls the captive insurance company may be deemed to be the
captive insurance company's Audit Committee for purposes of this regulation at
the election of the controlling person.
Section 3. Definitions
A. The terms and definitions contained herein
are intended to provide definitional guidance as the terms are used within this
regulation.
(1) "Accountant" or "independent
certified public accountant" means an independent certified public accountant
or accounting firm in good standing with the American Institute of Certified
Public Accountants (AICPA) and in all states in which he or she is licensed to
practice; for Canadian and British companies, it means a Canadian-chartered or
British-chartered accountant.
(2)
"Affiliate" of a specific person or a person "affiliated" with a specific
person means a person that directly or indirectly through one or more
intermediaries, controls, or is controlled by, or is under common control with
the specific person.
(3) "Audit
Committee" means a committee (or equivalent body) established by the board of
directors of an entity for the purpose of overseeing the accounting and
financial reporting processes of an insurer or group of insurers, the Internal
audit function of an insurer or group of insurers (if applicable), and external
audits of financial statements of the insurer or group of insurers. The Audit
Committee of any entity that controls a group of insurers may be deemed to be
the Audit Committee for one or more of these controlled insurers solely for the
purposes of this regulation at the election of the controlling person. Refer to
Section 14(A)(5) for exercising this election. If an Audit Committee is not
designated by the insurer, the insurer's entire board of directors shall
constitute the Audit Committee.
(4)
"Audited Financial Report" means and includes those items specified in Section
5 of this regulation.
(5) "Captive
insurer" means any captive insurance company licensed as a risk retention
group, South Carolina coastal captive insurance company, special purpose
financial captive, or other captive insurance company made subject to this
regulation by written notice pursuant to Section 2(F)(2).
(6) "Indemnification" means an agreement of
indemnity or a release from liability where the intent or effect is to shift or
limit in any manner the potential liability of the person or firm for failure
to adhere to applicable auditing or professional standards, whether or not
resulting in part from knowing of other misrepresentations made by the insurer
or its representatives.
(7)
"Independent board member" has the same meaning as described in Section
14(A)(3).
(8) "Insurer" includes
any captive insurer as defined in Section 3(A)(5), health maintenance
organization, title insurer, fraternal organization, burial association, other
association, corporation, partnership, society, order, individual, or
aggregation of individuals engaging or proposing or attempting to engage as
principals in any kind of insurance or surety business, including the
exchanging of reciprocal or interinsurance contracts between individuals,
partnerships, and corporations.
(9)
"Group of insurers" means those licensed insurers included in the reporting
requirements of Title 38, Chapter 21 - Insurance Holding Company Regulatory
Act, or a set of insurers as identified by management, for the purpose of
assessing the effectiveness of internal control over financial
reporting.
(10) "Internal audit
function" means a person or persons that provide independent, objective and
reasonable assurance designed to add value and improve an organization's
operations and accomplish its objectives by bringing a systematic, disciplined
approach to evaluate and improve the effectiveness of risk management, control
and governance processes.
(11)
"Internal control over financial reporting" means a process effected by an
insurer's board of directors, management and other personnel designed to
provide reasonable assurance regarding the reliability of the financial
statements, i.e., those items specified in Section 5(B)(2) through 5(B)(7) of
this regulation and includes those policies and procedures that:
(a) Pertain to the maintenance of records
that, in reasonable detail, accurately and fairly reflect the transactions and
dispositions of assets;
(b) Provide
reasonable assurance that transactions are recorded as necessary to permit
preparation of the financial statements, i.e., those items specified in Section
5(B)(2) through 5(B)(7) of this regulation and that receipts and expenditures
are being made only in accordance with authorizations of management and
directors; and
(c) Provide
reasonable assurance regarding prevention or timely detection of unauthorized
acquisition, use or disposition of assets that could have a material effect on
the financial statements, i.e., those items specified in Section 5(B)(2)
through 5(B)(7) of this regulation.
(12) "SEC" means the United States Securities
and Exchange Commission.
(13)
"Section 404" means Section 404 of the Sarbanes-Oxley Act of 2002 ( 15 USC
Section
7201 et seq.) and the SEC's rules and regulations promulgated
thereunder.
(14) "Section 404
Report" means management's report on "internal control over financial
reporting" as defined by the SEC and the related attestation report of the
independent certified public accountant as described in Section
3(A)(1).
(15) "SOX Compliant
Entity" means an entity that either is required to be compliant with, or
voluntarily is compliant with, all of the following provisions of the
Sarbanes-Oxley Act of 2002 ( 15 USC Section
7201 et seq.):
(i) the pre-approval requirements of Section
201 (Section 10A(i) of the Securities Exchange Act of 1934) ( 15 USC Section
78a et seq.));
(ii) the Audit
Committee independence requirements of Section 301 (Section 10A(m)(3) of the
Securities Exchange Act of 1934 ( 15 USC Section
78a et seq.)); and
(iii) the internal control over financial
reporting requirements of Section 404 (Item 308 of SEC Regulation
S-K).
Section
4. General Requirements Related to Filing and Extensions for
Filing of Annual Audited Financial Reports and Audit Committee Appointment
A. All insurers shall have an annual audit by
an independent certified public accountant and shall file an Audited Financial
Report with the Director on or before June 1 for the year ended December 31
immediately preceding. The Director may require an insurer to file an Audited
Financial Report earlier than June 1 with ninety days advance notice to the
insurer.
B. Extensions of the June
1 filing date may be granted by the Director for thirty-day periods upon a
showing by the insurer and its independent certified public accountant of the
reasons for requesting an extension and determination by the Director of good
cause for an extension. The request for extension must be submitted in writing
not less than ten days prior to the due date in sufficient detail to permit the
Director to make an informed decision with respect to the requested
extension.
C. If an extension is
granted in accordance with the provisions in Section 4(B), a similar extension
of thirty days is granted to the filing of Management's Report of Internal
Control over Financial Reporting.
D. Every insurer required to file an annual
Audited Financial Report pursuant to this regulation shall designate a group of
individuals as constituting its Audit Committee, as defined in Section 3. The
Audit Committee of an entity that controls an insurer may be deemed to be the
insurer's Audit Committee for purposes of this regulation at the election of
the controlling person.
E. This
section does not apply to a captive insurance company made subject to this
regulation by written notice pursuant to Section 2(F)(2). Such a captive
insurance company shall comply with the requirements of Section 2(F)(3) and
2(F)(4).
Section 5.
Contents of Annual Audited Financial Report
A. The annual Audited Financial Report shall
report the financial position of the insurer as of the end of the most recent
calendar year and the results of its operations, cash flow, and changes in
capital and surplus for the year then ended in conformity with statutory
accounting practices prescribed, or otherwise permitted, by the insurer's state
of domicile.
B. The annual Audited
Financial Report shall include the following:
(1) Report of independent certified public
accountant;
(2) Balance sheet
reporting admitted assets, liabilities, capital and surplus;
(3) Statement of operations;
(4) Statement of cash flow;
(5) Statement of changes in capital and
surplus;
(6) Notes to financial
statements. These notes shall be those required by the appropriate NAIC Annual
Statement Instructions and the NAIC Accounting Practices and Procedures Manual.
The notes shall include a reconciliation of differences, if any, between the
audited statutory financial statements and the annual statement filed pursuant
to Section
38-13-80
of the South Carolina Code of Laws with a written description of the nature of
these differences;
(7) The
financial statements included in the Audited Financial Report shall be prepared
in a form and using language and groupings substantially the same as the
relevant sections of the annual statement of the insurer filed with the
Director, and the financial statement shall be comparative, presenting the
amounts as of December 31 of the current year and the amounts as of the
immediately preceding December 31. However, in the first year in which an
insurer is required to file an Audited Financial Report, the comparative data
may be omitted.
Section
6. Designation of Independent Certified Public Accountant
A. Each insurer required by this regulation
to file an annual Audited Financial Report, within sixty days after becoming
subject to the requirement, shall register with the Director in writing the
name and address of the independent certified public accountant or accounting
firm retained to conduct the annual audit set forth in this regulation.
Insurers not retaining an independent certified public accountant on the
effective date of this regulation shall register the name and address of their
retained independent certified public accountant not less than six months
before the date when the first Audited Financial Report is to be
filed.
B. The insurer shall obtain
a letter from the accountant and file a copy with the Director stating that the
accountant is aware of the provisions of the insurance code and the regulations
of the insurance department of the state of domicile that relate to accounting
and financial matters and affirming that the accountant will express an opinion
on the financial statements in terms of their conformity to the statutory
accounting practices prescribed or otherwise permitted by that insurance
department, specifying such exceptions as the accountant may believe
appropriate.
C. If the accountant
who was the insurer's accountant for the immediately preceding filed Audited
Financial Report is dismissed or resigns, the insurer shall notify the Director
within five business days of this event. The insurer shall also furnish the
Director with a separate letter within ten business days of the above
notification stating whether in the twenty-four months preceding the event
there were any disagreements with the former accountant on any matter of
accounting principles or practices, financial statement disclosure, or auditing
scope or procedure, which, if not resolved to the satisfaction of the former
accountant, would have caused the accountant to make reference to the subject
matter of the disagreement in connection with the opinion. The disagreements
required to be reported in response to this section include those resolved to
the former accountant's satisfaction and those not resolved to the former
accountant's satisfaction. Disagreements contemplated by this section are those
that occur at the decision-making level, i.e., between personnel of the insurer
responsible for presentation of its financial statements and personnel of the
accounting firm responsible for rendering its report. The insurer also in
writing shall request the former accountant to furnish a letter addressed to
the insurer stating whether the accountant agrees with the statements contained
in the insurer's letter and, if not, stating the reasons for the disagreement;
and the insurer shall furnish the responsive letter from the former accountant
to the Director together with its own.
Section 7. Qualifications of Independent
Certified Public Accountant
A. The Director
shall not recognize a person or firm as a qualified independent certified
public accountant if the person or firm:
(1)
Is not in good standing with the AICPA and in all states in which the
accountant is licensed to practice, or, for a Canadian or British company, that
is not a chartered accountant; or
(2) Has either directly or indirectly entered
into an agreement of indemnity or release from liability, collectively referred
to as indemnification, with respect to the audit of the insurer.
B. Except as otherwise provided in
this regulation, the Director shall recognize an independent certified public
accountant as qualified as long as the accountant conforms to the standards of
the profession, as contained in the AICPA Code of Professional Conduct and the
regulations of the South Carolina Board of Accountancy, or similar
code.
C. A qualified independent
certified public accountant may enter into an agreement with an insurer to have
disputes relating to an audit resolved by mediation or arbitration. However, in
the event of a delinquency proceeding commenced against the insurer under
Chapter 27 of Title 38 of the South Carolina Code of Laws, the mediation or
arbitration provisions shall operate at the option of the statutory
successor.
D. The lead or
coordinating audit partner having primary responsibility for the audit may not
act in that capacity for more than five consecutive years. The person shall be
disqualified from acting in that or a similar capacity for the same insurer or
its insurance subsidiaries or affiliates for a period of five consecutive
years. An insurer may make application to the Director for relief from the
above rotation requirement on the basis of unusual circumstances. This
application should be made at least thirty days before the end of the calendar
year. The Director may consider the following factors in determining if the
relief should be granted:
(1) Number of
partners, expertise of the partners or the number of insurance clients in the
currently registered firm;
(2)
Premium volume of the insurer; or
(3) Number of jurisdictions in which the
insurer transacts business.
E. The insurer shall file, with its annual
statement filing, the approval for relief from Subsection D with the states
that it is licensed in or doing business in and with the NAIC. If the
non-domestic state accepts electronic filing with the NAIC, the insurer shall
file the approval in an electronic format acceptable to the NAIC. A captive
insurer is not required to file the approval for relief from Subsection D with
the NAIC if the captive insurer is not required to file its annual statement
with the NAIC.
F. The Director
shall not recognize as a qualified independent certified public accountant or
accept any annual Audited Financial Report prepared in whole or in part by any
person who:
(1) Has been convicted of fraud,
bribery, a violation of the Racketeer Influenced and Corrupt Organizations Act,
18 U.S.C. Section
1961 et seq., or any dishonest conduct or practices under
federal or state law;
(2) Has been
found to have violated the insurance laws of this state with respect to any
previous reports submitted under this regulation; or
(3) Has demonstrated a pattern or practice of
failing to detect or disclose material information in previous reports filed
under the provisions of this regulation.
G. The Director, pursuant to statute, may
hold a hearing to determine whether an independent certified public accountant
is qualified and, considering the evidence presented, may rule that the
accountant is not qualified for purposes of expressing his or her opinion on
the financial statements in the annual Audited Financial Report made pursuant
to this regulation and require the insurer to replace the accountant with
another whose relationship with the insurer is qualified within the meaning of
this regulation.
H. The Director
shall not recognize as a qualified independent certified public accountant or
accept an annual Audited Financial Report prepared in whole or in part by an
accountant who provides to an insurer, contemporaneously with the audit, the
following non-audit services:
(1) Bookkeeping
or other services related to the accounting records or financial statements of
the insurer;
(2) Financial
information systems design and implementation;
(3) Appraisal or valuation services, fairness
opinions, or contribution-in-kind reports;
(4) Actuarially-oriented advisory services
involving the determination of amounts recorded in the financial statements.
The accountant may assist an insurer in understanding the methods, assumptions
and inputs used in the determination of amounts recorded in the financial
statement only if it is reasonable to conclude that the services provided will
not be subject to audit procedures during an audit of the insurer's financial
statements. An accountant's actuary may also issue an actuarial opinion or
certification ("opinion") on an insurer's reserves if the following conditions
have been met:
(a) Neither the accountant nor
the accountant's actuary has performed any management functions or made any
management decisions;
(b) The
insurer has competent personnel (or engages a third-party actuary) to estimate
the reserves for which management takes responsibility; and
(c) The accountant's actuary tests the
reasonableness of the reserves after the insurer's management has determined
the amount of the reserves;
(5) Internal audit outsourcing
services;
(6) Management functions
or human resources;
(7) Broker or
dealer, investment adviser, or investment banking services;
(8) Legal services or expert services
unrelated to the audit; or
(9) Any
other services that the Director determines, by regulation, are
impermissible.
I. In
general, the principles of independence with respect to services provided by
the qualified independent certified public accountant are largely predicated on
three basic principles, violations of which would impair the accountant's
independence. The principles are that the accountant cannot function in the
role of management, cannot audit their own work, and cannot serve in an
advocacy role for the insurer.
J.
Insurers having direct written and assumed premiums of less than $100,000,000
in any calendar year may request an exemption from Subsection H. The insurer
shall file with the Director a written statement discussing the reasons why the
insurer should be exempt from these provisions. An exemption may be granted if
the Director finds, upon review of this statement, that compliance with this
regulation would constitute a financial or organizational hardship upon the
insurer.
K. A qualified independent
certified public accountant who performs the audit may engage in other
non-audit services, including tax services, that are not described in
Subsection H or that do not conflict with Subsection I, only if the activity is
approved in advance by the Audit Committee, in accordance with Subsection
L.
L. All auditing services and
non-audit services provided to an insurer by the qualified independent
certified public accountant of the insurer shall be pre-approved by the Audit
Committee. The pre-approval requirement is waived with respect to non-audit
services if the insurer is a SOX compliant entity or a direct or indirect
wholly-owned subsidiary of a SOX compliant entity or:
(1) The aggregate amount of all such
non-audit services provided to the insurer constitutes not more than five
percent of the total amount of fees paid by the insurer to its qualified
independent certified public accountant during the fiscal year in which the
non-audit services are provided;
(2) The services were not recognized by the
insurer at the time of the engagement to be non-audit services; and
(3) The services are promptly brought to the
attention of the Audit Committee and approved prior to the completion of the
audit by the Audit Committee or by one or more members of the Audit Committee
who are the members of the board of directors to whom authority to grant such
approvals has been delegated by the Audit Committee.
M. The Audit Committee may delegate to one or
more designated members of the Audit Committee the authority to grant the
pre-approvals required by Subsection L. The decisions of any member to whom
this authority is delegated shall be presented to the full Audit Committee at
each of its scheduled meetings.
N.
The Director shall not recognize an independent certified public accountant as
qualified for a particular insurer if a member of the board, president, chief
executive officer, controller, chief financial officer, chief accounting
officer, or any person serving in an equivalent position for that insurer, was
employed by the independent certified public accountant and participated in the
audit of that insurer during the one-year period preceding the date that the
most current statutory opinion is due. This section shall only apply to
partners and senior managers involved in the audit. An insurer may make
application to the Director for relief from the above requirement on the basis
of unusual circumstances.
O. The
insurer shall file, with its annual statement filing, the Director's letter
granting relief from Subsection N with the states in which it is licensed or
doing business and with the NAIC. If the non-domestic state accepts electronic
filing with the NAIC, the insurer shall file the approval in an electronic
format acceptable to the NAIC. A captive insurer is not required to file the
Director's letter granting relief from Subsection N with the NAIC if the
captive insurer is not required to file its annual statement with the
NAIC.
Section 8.
Consolidated or Combined Audits
A. An insurer
may make written application to the Director for approval to include in its
Audited Financial Report audited consolidated or combined financial statements
in lieu of separate annual audited financial statements if the insurer is part
of a group of insurance companies that utilizes a pooling or one hundred
percent reinsurance agreement that affects the solvency and integrity of the
insurer's reserves and the insurer cedes all of its direct and assumed business
to the pool. In such cases, a columnar consolidating or combining worksheet
shall be filed with the report, as follows:
(1) Amounts shown on the consolidated or
combined Audited Financial Report shall be shown on the worksheet;
(2) Amounts for each insurer subject to this
section shall be stated separately;
(3) Noninsurance operations may be shown on
the worksheet on a combined or individual basis;
(4) Explanations of consolidating and
eliminating entries shall be included; and
(5) A reconciliation shall be included of any
differences between the amounts shown in the individual insurer columns of the
worksheet and comparable amounts shown on the annual Statements of the
insurers.
Section
9. Scope of Audit and Report of Independent Certified Public
Accountant
Financial statements furnished pursuant to Section 5 shall be
examined by the independent certified public accountant. The audit of the
insurer's financial statements shall be conducted in accordance with generally
accepted auditing standards. In accordance with Auditing (AU) Section 319 of
the AICPA Professional Standards, Consideration of Internal Control in a
Financial Statement Audit, the independent certified public accountant shall
obtain an understanding of internal control sufficient to plan the audit. To
the extent required by AU Section 319, for those insurers required to file a
Management's Report of Internal Control over Financial Reporting pursuant to
Section 17, the independent certified public accountant should consider (as
that term is defined in Statements on Auditing Standards (SAS) No. 102 of the
AICPA Professional Standards, Defining Professional Requirements in Statements
on Auditing Standards or its replacement) the most recently available report in
planning and performing the audit of the statutory financial statements.
Consideration shall be given to the procedures illustrated in the Financial
Condition Examiners Handbook promulgated by the National Association of
Insurance Commissioners as the independent certified public accountant deems
necessary.
Section 10.
Notification of Adverse Financial Condition
A.
The insurer required to furnish the annual Audited Financial Report shall
require the independent certified public accountant to report, in writing,
within five business days to the board of directors or its Audit Committee any
determination by the independent certified public accountant that the insurer
has materially misstated its financial condition as reported to the Director as
of the balance sheet date currently under audit or that the insurer does not
meet the minimum capital and surplus requirement of the South Carolina Code of
Laws as of that date. An insurer that has received a report pursuant to this
paragraph shall forward a copy of the report to the Director within five
business days of receipt of the report and shall provide the independent
certified public accountant making the report with evidence of the report being
furnished to the Director. If the independent certified public accountant fails
to receive the evidence within the required five business day period, the
independent certified public accountant shall furnish to the Director a copy of
its report within the next five business days.
B. No independent certified public accountant
shall be liable in any manner to any person for any statement made in
connection with the above paragraph if the statement is made in good faith in
compliance with Subsection A.
C. If
the accountant, subsequent to the date of the Audited Financial Report filed
pursuant to this regulation, becomes aware of facts that might have affected
his or her report, the Director notes the obligation of the accountant to take
such action as prescribed in AU 561 of the AICPA Professional Standards,
Subsequent Discovery of Facts Existing at the Date of the Auditor's
Report.
Section 11.
Communication of Internal Control Related Matters Noted in an Audit
A. In addition to the annual Audited
Financial Report, each insurer shall furnish the Director with a written
communication as to any unremediated material weaknesses in its internal
control over financial reporting noted during the audit. Such communication
shall be prepared by the accountant within sixty days after the filing of the
annual Audited Financial Report, and shall contain a description of any
unremediated material weakness (as the term material weakness is defined in SAS
No. 112 of the AICPA Professional Standards, Communicating Internal Control
Related Matters Identified in an Audit, or its replacement) as of December 31
immediately preceding (so as to coincide with the Audited Financial Report
discussed in Section 4(A)) in the insurer's Internal control over financial
reporting identified by the accountant during the course of the audit of the
financial statements. If no unremediated material weaknesses were noted, the
communication should so state.
B.
The insurer is required to provide a description of remedial actions taken or
proposed to correct unremediated material weaknesses, if the actions are not
described in the accountant's communication.
C. The insurer is expected to maintain
information about significant deficiencies communicated by the independent
certified public accountant. The information should be made available to the
examiner conducting a financial examination for review and kept in a manner as
to remain confidential.
Section
12. Accountant's Letter of Qualifications
A. The accountant shall furnish the insurer
in connection with, and for inclusion in, the filing of the annual Audited
Financial Report, a letter stating:
(1) That
the accountant is independent with respect to the insurer and conforms to the
standards of their profession as contained in the AICPA's Code of Professional
Conduct and pronouncements of its Financial Accounting Standards Board and the
South Carolina Board of Accountancy, or similar code;
(2) The background and experience in general,
and the experience in audits of insurers of the staff assigned to the
engagement and whether each is an independent certified public accountant.
Nothing within this regulation shall be construed as prohibiting the accountant
from utilizing such staff as deemed appropriate where use is consistent with
the standards prescribed by generally accepted auditing standards;
(3) That the accountant understands the
annual Audited Financial Report and that its opinion thereon will be filed in
compliance with this regulation and that the Director will be relying on this
information in the monitoring and regulation of the financial position of
insurers;
(4) That the accountant
consents to the requirements of Section 13 of this regulation and that the
accountant consents and agrees to make available for review by the Director, or
the Director's designee or appointed agent, the workpapers, as defined in
Section 13;
(5) A representation
that the accountant is properly licensed by an appropriate state licensing
authority and is a member in good standing in the AICPA; and
(6) A representation that the accountant is
in compliance with the requirements of Section 7 of this regulation.
Section 13. Definition,
Availability and Maintenance of Independent Certified Public Accountants
Workpapers
A. Workpapers are the records kept
by the independent certified public accountant of the procedures followed, the
tests performed, the information obtained, and the conclusions reached
pertinent to the accountant's audit of the financial statements of an insurer.
Workpapers, accordingly, may include audit planning documentation, work
programs, analyses, memoranda, letters of confirmation and representation,
abstracts of insurer documents and schedules or commentaries prepared or
obtained by the independent certified public accountant in the course of his or
her audit of the financial statements of an insurer and which support the
accountant's opinion.
B. Every
insurer required to file an Audited Financial Report pursuant to this
regulation, shall require the accountant to make available for review by
Department examiners, all workpapers prepared in the conduct of the
accountant's audit and any communications related to the audit between the
accountant and the insurer, at the offices of the insurer, at the Department or
at any other reasonable place designated by the Director. The insurer shall
require that the accountant retain the audit workpapers and communications
until the Department has filed a report on examination covering the period of
the audit but no longer than seven years from the date of the audit
report.
C. In the conduct of the
aforementioned periodic review by the Department examiners, it shall be agreed
that photocopies of pertinent audit workpapers may be made and retained by the
department. Such reviews by the department examiners shall be considered
investigations and all working papers and communications obtained during the
course of such investigations shall be afforded the same confidentiality as
other examination workpapers generated by the Department.
Section 14. Requirements for Audit Committees
A. This section shall not apply to foreign or
alien insurers licensed in this state or an insurer that is a SOX Compliant
Entity or a direct or indirect wholly-owned subsidiary of a SOX Compliant
Entity.
(1) The Audit Committee shall be
directly responsible for the appointment, compensation and oversight of the
work of any accountant (including resolution of disagreements between
management and the accountant regarding financial reporting) for the purpose of
preparing or issuing the Audited Financial Report or related work pursuant to
this regulation. Each accountant shall report directly to the Audit
Committee.
(2) The Audit committee
of an insurer or Group of insurers shall be responsible for overseeing the
insurer's internal audit function and granting the person or persons performing
the function suitable authority and resources to fulfill their responsibilities
if required by Section 15 of this Regulation.
(3) Each member of the Audit Committee shall
be a member of the board of directors of the insurer or a member of the board
of directors of an entity elected pursuant to Subsection (A)(6) of this Section
and Section 3(A)(3).
(4) In order
to be considered independent for purposes of this section, a member of the
Audit Committee may not, other than in his or her capacity as a member of the
Audit Committee, the board of directors, or any other board committee, accept
any consulting, advisory or other compensatory fee from the entity or be an
affiliated person of the entity or any subsidiary thereof. However, if law
requires board participation by otherwise non-independent members, that law
shall prevail and such members may participate in the Audit Committee and be
designated as independent for Audit Committee purposes, unless they are an
officer or employee of the insurer or one of its affiliates.
(5) If a member of the Audit Committee ceases
to be independent for reasons outside the member's reasonable control, that
person, with notice by the responsible entity to the Director, may remain an
Audit Committee member of the responsible entity until the earlier of the next
annual meeting of the responsible entity or one year from the occurrence of the
event that caused the member to be no longer independent.
(6) To exercise the election of the
controlling person to designate the Audit Committee for purposes of this
regulation, the ultimate controlling person shall provide written notice to the
commissioners of the affected insurers. Notification shall be made timely prior
to the issuance of the statutory audit report and include a description of the
basis for the election. The election can be changed through notice to the
Director by the insurer, which shall include a description of the basis for the
change. The election shall remain in effect for perpetuity, until
rescinded.
(7) The Audit Committee
shall require the accountant that performs for an insurer any audit required by
this regulation to timely report to the Audit Committee in accordance with the
requirements of SAS No. 114 of the AICPA Professional Standards, The Auditor's
Communication with those Charged with Governance, or its replacement,
including:
(a) All significant accounting
policies and material permitted practices;
(b) All material alternative treatments of
financial information within statutory accounting principles that have been
discussed with management officials of the insurer, ramifications of the use of
the alternative disclosures and treatments, and the treatment preferred by the
accountant; and
(c) Other material
written communications between the accountant and the management of the
insurer, such as any management letter or schedule of unadjusted
differences.
(8) If an
insurer is a member of an insurance holding company system, the reports
required by Subsection (A)(7) may be provided to the Audit Committee on an
aggregate basis for insurers in the holding company system, provided that any
substantial differences among insurers in the system are identified to the
Audit Committee.
(9) The proportion
of independent Audit Committee members shall meet or exceed the following
criteria:
Prior Calendar Year Direct Written and Assumed
Premiums
|
$0-$300,000,000
|
Over $300,000,000 - $500,000,000
|
Over $500,000,000
|
No minimum requirements. See also Note A and B.
|
Majority (50% or more) of members shall be independent.
See also Note A and B.
|
Supermajority of members (75% or more) shall be
independent. See also Note A.
|
Note A: The Director has authority afforded by state law to
require the insurer's board to enact improvements to the independence of the
Audit Committee membership if the insurer is in a RBC action level event, meets
one or more of the standards of an insurer deemed to be in hazardous financial
condition, or otherwise exhibits qualities of a troubled insurer.
Note B: All insurers with less than $500,000,000 in prior year
direct written and assumed premiums are encouraged to structure their Audit
Committees with at least a supermajority of independent Audit Committee
members.
Note C: Prior calendar year direct written and assumed premiums
shall be the combined total of direct premiums and assumed premiums from
non-affiliates for the reporting entities.
(10) An insurer with direct written and
assumed premium, excluding premiums reinsured with the Federal Crop Insurance
Corporation and Federal Flood Program, less than $500,000,000 may make
application to the Director for a waiver from the Section 14 requirements based
upon hardship. The insurer shall file, with its annual statement filing, the
approval for relief from Section 14 with the states that it is licensed in or
doing business in and the NAIC. If the non-domestic state accepts electronic
filing with the NAIC, the insurer shall file the approval in an electronic
format acceptable to the NAIC.
Section 15. Internal Audit Function
Requirements
A. Exemption - An insurer is
exempt from the requirements of this section if:
(1) The insurer has annual direct written and
unaffiliated assumed premium, including international direct and assumed
premium, but excluding premiums reinsured with the Federal Crop Insurance
Corporation and Federal Flood Program, less than $500,000,000; and
(2) If the insurer is a member of a group of
insurers, the group has annual direct written and unaffiliated assumed premium
including international direct and assumed premium, but excluding premiums
reinsured with the Federal Crop Insurance Corporation and Federal Flood
Program, less than $1,000,000,000.
B. Function - The Insurer or group of
insurers shall establish an internal audit function providing independent,
objective and reasonable assurance to the Audit committee and insurer
management regarding the insurer's governance, risk management and internal
controls. This assurance shall be provided by performing general and specific
audits, reviews and tests and by employing other techniques deemed necessary to
protect assets, evaluate control effectiveness and efficiency, and evaluate
compliance with policies and regulations.
C. Independence - In order to ensure that
internal auditors remain objective, the internal audit function must be
organizationally independent. Specifically, the internal audit function will
not defer ultimate judgment on audit matters to others, and shall appoint an
individual to head the internal audit function who will have direct and
unrestricted access to the board of directors. Organizational independence does
not preclude dual-reporting relationships.
D. Reporting - The head of the internal audit
function shall report to the audit committee regularly, but no less than
annually, on the periodic audit plan, factors that may adversely impact the
internal audit function's independence or effectiveness, material findings from
completed audits and the appropriateness of corrective actions implemented by
management as a result of audit findings.
E. Additional Requirements - If an insurer is
a member of an insurance holding company system or included in a group of
insurers, the insurer may satisfy the internal audit function requirements set
forth in this section at the ultimate controlling parent level, an intermediate
holding company level or the individual legal entity level.
Section 16. Conduct of Insurer in
Connection with the Preparation of Required Reports and Documents
A. No director or officer of an insurer
shall, directly or indirectly:
(1) Make or
cause to be made a materially false or misleading statement to an accountant in
connection with any audit, review or communication required under this
regulation; or
(2) Omit to state,
or cause another person to omit to state, any material fact necessary in order
to make statements made, in light of the circumstances under which the
statements were made, not misleading to an accountant in connection with any
audit, review or communication required under this regulation.
B. No officer or director of an
insurer, or any other person acting under the direction thereof, shall directly
or indirectly take any action to coerce, manipulate, mislead or fraudulently
influence any accountant engaged in the performance of an audit pursuant to
this regulation if that person knew or should have known that the action, if
successful, could result in rendering the insurer's financial statements
materially misleading.
C. For
purposes of Subsection B, actions that, "if successful, could result in
rendering the insurer's financial statements materially misleading" include,
but are not limited to, actions taken at any time with respect to the
professional engagement period to coerce, manipulate, mislead or fraudulently
influence an accountant:
(1) To issue or
reissue a report on an insurer's financial statements that is not warranted in
the circumstances (due to material violations of statutory accounting
principles prescribed by the Director, generally accepted auditing standards,
or other professional or regulatory standards);
(2) Not to perform audit, review or other
procedures required by generally accepted auditing standards or other
professional standards;
(3) Not to
withdraw an issued report; or
(4)
Not to communicate matters to an insurer's Audit Committee.
Section 17.
Management's Report of Internal Control over Financial Reporting
A. Each insurer required to file an Audited
Financial Report pursuant to this regulation that has annual direct written and
assumed premiums, excluding premiums reinsured with the Federal Crop Insurance
Corporation and Federal Flood Program, of $500,000,000 or more shall prepare a
report of the insurer's or group of insurers' Internal Control Over Financial
Reporting, as these terms are defined in Section 3. The report shall be filed
with the Director along with the Communicating Internal Control Related Matters
Identified in an Audit described under Section 11. Management's Report of
Internal Control Over Financial Reporting shall be as of December 31
immediately preceding.
B.
Notwithstanding the premium threshold in Subsection A, the Director may require
an insurer to file Management's Report of Internal Control Over Financial
Reporting if the insurer is in any RBC level event, or meets any one or more of
the standards of an insurer deemed to be in hazardous financial condition as
defined in S.C. Code Ann. Sections 35-5-120,
38-9-150,
38-9-360,
and
38-9-440.
C. An insurer or a group of insurers that is
(1) directly subject to Section
404;
(2) part of a holding company
system whose parent is directly subject to Section 404;
(3) not directly subject to Section 404 but
is a SOX compliant entity; or
(4) a
member of a holding company system whose parent is not directly subject to
Section 404 but is a SOX compliant entity; may file its or its parent's Section
404 Report and an addendum in satisfaction of this Section 17 requirement
provided that those internal controls of the insurer or group of insurers
having a material impact on the preparation of the insurer's or group of
insurers' audited statutory financial statements (those items included in
Section 5(B)(2) through 5(B)(7) of this regulation) were included in the scope
of the Section 404 Report. The addendum shall be a positive statement by
management that there are no material processes with respect to the preparation
of the insurer's or group of insurers' audited statutory financial statements
(those items included in Section 5(B)(2) through 5(B)(7) of this regulation)
excluded from the Section 404 Report. If there are internal controls of the
insurer or group of insurers that have a material impact on the preparation of
the insurer's or group of insurers' audited statutory financial statements and
those internal controls were not included in the scope of the Section 404
Report, the insurer or group of insurers may either file (i) a Section 17
report, or (ii) the Section 404 Report and a Section 17 report for those
internal controls that have a material impact on the preparation of the
insurer's or group of insurers' audited statutory financial statements not
covered by the Section 404 Report.
D. Management's Report of Internal Control
Over Financial Reporting shall include:
(1) A
statement that management is responsible for establishing and maintaining
adequate internal control over financial reporting;
(2) A statement that management has
established internal control over financial reporting and an assertion, to the
best of management's knowledge and belief, after diligent inquiry, as to
whether its internal control over financial reporting is effective to provide
reasonable assurance regarding the reliability of financial statements in
accordance with statutory accounting principles;
(3) A statement that briefly describes the
approach or processes by which management evaluated the effectiveness of its
internal control over financial reporting;
(4) A statement that briefly describes the
scope of work that is included and whether any internal controls were
excluded;
(5) Disclosure of any
unremediated material weaknesses in the internal control over financial
reporting identified by management as of December 31 immediately preceding.
Management shall not conclude that the internal control over financial
reporting is effective to provide reasonable assurance regarding the
reliability of financial statements in accordance with statutory accounting
principles if there are one or more unremediated material weaknesses in its
internal control over financial reporting;
(6) A statement regarding the inherent
limitations of internal control systems; and
(7) Signatures of the chief executive officer
and the chief financial officer (or equivalent position/title).
E. Management shall document and
make available upon financial condition examination the basis upon which its
assertions, required in Subsection D, are made. Management may base its
assertions, in part, upon its review, monitoring and testing of internal
controls undertaken in the normal course of its activities.
(1) Management shall have discretion as to
the nature of the internal control framework used, and the nature and extent of
documentation, in order to make its assertion in a cost effective manner and,
as such, may include assembly of or reference to existing
documentation.
(2) Management's
Report on Internal Control over Financial Reporting, required by Subsection A ,
and any documentation provided in support thereof during the course of a
financial condition examination, shall be kept confidential by the
Director.
Section
18. Exemptions
A. Upon written
application of an insurer, the Director may grant an exemption from compliance
with any provision or requirement of this regulation if the Director finds,
upon review of the application, that compliance with this regulation would
constitute a financial or organizational hardship upon the insurer. An
exemption may be granted at any time and from time to time for a specified
period or periods. Within ten days from a denial of an insurer's written
request for an exemption from this regulation, the insurer may request in
writing a hearing, pursuant to statute, on its application for an exemption.
The hearing shall be held in accordance with South Carolina law pertaining to
administrative hearing procedures.
B. Domestic insurers retaining a certified
public accountant on the effective date of this regulation shall comply with
this regulation for the year ending December 31, 2019 and each year thereafter
unless the director permits otherwise
C. Domestic insurers retaining
If an insurer or Group of insurers that is exempt from the
Section 15 requirements no longer qualifies for that exemption, it shall have
one year after the year the threshold is exceeded to comply with the
requirements of this article.
Section 19. Canadian and British Companies
A. For Canadian and British insurers, the
annual Audited Financial Report shall be defined as the annual statement of
total business on the form filed by such companies with their supervision
authority duly audited by an independent chartered accountant.
B. For such insurers, the letter required in
Section 6B shall state that the accountant is aware of the requirements
relating to the annual Audited Financial Report filed with the Director
pursuant to Section 4 and shall affirm that the opinion expressed is in
conformity with those requirements.
Section 20. Effective Dates
A. Unless otherwise noted, the requirements
of this regulation shall become effective for the reporting period ending
December 31, 2010 and each year thereafter. An insurer or group of insurers not
required to file a report because its total written premium is below the
threshold that subsequently becomes subject to the reporting requirements shall
have two years following the year the threshold is exceeded (but not earlier
than December 31, 2010) to file the report. Likewise, an insurer acquired in a
business combination shall have two calendar years following the date of
acquisition or combination to comply with the reporting requirements.
B. The requirements of Section 7D shall
become effective for audits of the year beginning January 1, 2010 and
thereafter.
C. The requirements of
Section 14 shall become effective on January 1, 2010. An insurer or group of
insurers that is not required to have independent Audit Committee members or
only a majority of independent Audit Committee members (as opposed to a
supermajority) because the total direct written and assumed premium is below
the threshold and subsequently becomes subject to one of the independence
requirements due to changes in premium shall have one year following the year
the threshold is exceeded (but not earlier than January 1, 2010) to comply with
the independence requirements. Likewise, an insurer that becomes subject to one
of the independence requirements as a result of a business combination shall
have one calendar year following the date of acquisition or combination to
comply with the independence requirements.
Section 21. Severability Provision
If any section or portion of a section of this regulation or its
applicability to any person or circumstance is held invalid by a court, the
remainder of the regulation or the applicability of the provision to other
persons or circumstances shall not be affected.