BEFORE THE COMMISSIONER OF SECURITIES AND INSURANCE
MONTANA STATE AUDITOR
In the matter of the adoption of New Rule I and the amendment of ARM 6.6.3501, 6.6.3515, and 6.6.3520, pertaining to Annual Audited Reports and Establishing Accounting Practices and Procedures to Be Used in Annual Statements, and Internal Audit Function Requirements
NOTICE OF PROPOSED ADOPTION AND AMENDMENT
NO PUBLIC HEARING CONTEMPLATED
TO: All Concerned Persons
1. The Commissioner of Securities and Insurance, Office of the Montana State Auditor (CSI), proposes to adopt and amend the above-stated rules.
2. The CSI will make reasonable accommodations for persons with disabilities who wish to participate in this rulemaking process or need an alternative accessible format of this notice. If you require an accommodation, contact the CSI no later than 5:00 p.m. on September 3, 2019, to advise us of the nature of the accommodation that you need. Please contact Ramona Bidon, CSI, 840 Helena Avenue, Helena, Montana, 59601; telephone (406) 444-2726; TDD (406) 444-3246; fax (406) 444-3499; or e-mail email@example.com.
3. The new rule proposed to be adopted provides as follows:
NEW RULE I INTERNAL AUDIT FUNCTION REQUIREMENTS (1) An insurer is exempt from the requirements of this rule if:
(a) the insurer has annual direct written and unaffiliated assumed premium, including international direct and assumed premium but excluding premiums reinsured with the Federal Crop Insurance Corporation and Federal Flood Program, less than $500,000,000; and
(b) if the insurer is a member of a group of insurers, the group has annual direct written and unaffiliated assumed premium including international direct and assumed premium, but excluding premiums reinsured with the Federal Crop Insurance Corporation and Federal Flood Program, less than $1,000,000,000.
(2) An insurer or group of insurers exempt from the requirements of this rule is encouraged, but not required, to conduct a review of the insurer business type, sources of capital, and other risk factors to determine whether an internal audit function is warranted. The potential benefits of an internal audit function should be assessed and compared against the estimated costs.
(3) The insurer or group of insurers shall establish an Internal audit function providing independent, objective, and reasonable assurance to the audit committee and insurer management regarding the insurer's governance, risk management, and internal controls. This assurance shall be provided by performing general and specific audits, reviews and tests and by employing other techniques deemed necessary to protect assets, evaluate control effectiveness and efficiency, and evaluate compliance with policies and regulations.
(4) In order to ensure that internal auditors remain objective, the internal audit function must be organizationally independent. Specifically, the internal audit function will not defer ultimate judgment on audit matters to others, and shall appoint an individual to head the Internal audit function who will have direct and unrestricted access to the board of directors. Organizational independence does not preclude dual-reporting relationships.
(5) The head of the internal audit function shall report to the audit committee regularly, but no less than annually, on the periodic audit plan, factors that may adversely impact the internal audit function's independence or effectiveness, material findings from completed audits and the appropriateness of corrective actions implemented by management as a result of audit findings.
(6) If an insurer is a member of an insurance holding company system or included in a group of insurers, the insurer may satisfy the internal audit function requirements set forth in this rule at the ultimate controlling parent level, an intermediate holding company level, or the individual legal entity level.
AUTH: 33-1-313, 33-2-1517, MCA
IMP: 33-2-701, 33-2-1517, 33-4-313, 33-5-413, MCA
REASON: The Commissioner of Securities and Insurance - Office of the State Auditor, Matthew M. Rosendale, (commissioner) is the statewide elected official responsible for administering the Montana Insurance Department and regulating insurers. The commissioner is a member of the National Association of Insurance Commissioners (NAIC). The NAIC is an organization of insurance regulators from the 50 states, the District of Columbia, and the five U.S. territories. The NAIC provides a forum for the development of uniform national policy and regulation when uniformity is appropriate. Insurer solvency and financial reporting is a principal area in which uniformity is efficient and effective for insurers and regulators. Multi-state insurers are able to use the same financial reporting in all jurisdictions and avoid the additional expense of tailoring their financial reporting to different requirements in each jurisdiction. Regulators across jurisdictions are able to have the same understanding of the financial reporting and terminology which aids them in monitoring the financial condition of insurers to protect insurance consumers.
The NAIC has promulgated model regulations regarding financial reporting for insurers which promote national uniformity and also increase the transparency and reliability of the financial reporting. The commissioner is proposing to amend existing administrative rules, adding internal audit function requirements for insurers with total annual premiums of greater than $500,000,000 (and for a group of insurers, greater than 1,000,000,000). There are no domestic insurers operating in Montana that would have to comply with this new rule at the present time. This rule is based on the NAIC Annual Financial Reporting Model Regulation 205, amended in 2014.
The NAIC Accreditation Program provides a process to monitor and regulate solvency of multi-state insurers. To be accredited, each jurisdiction must demonstrate adequate solvency laws and regulation to protect consumers and guarantee funds, and also effective and efficient financial analysis and examination processes. All the proposed rule changes are consistent with the NAIC Model Regulation 205, and necessary to maintain the agency's accreditation through the NAIC Financial Regulation Standards and Accreditation Program.
4. The rules as proposed to be amended provide as follows, new matter underlined, deleted matter interlined:
6.6.3501 DEFINITIONS For the purposes of this subchapter, the following terms shall have the following meanings:
(1) "Accountant" and "independent certified public accountant" mean an independent certified public accountant or accounting firm in good standing with the American Institute of Certified Public Accountants (AICPA), and in all states in which they are licensed to practice; for Canadian and British companies, it means a Canadian-chartered or British-chartered accountant.
(2) An "affiliate" of, or person "affiliated" with a specific person, is a person that directly, or indirectly through one or more intermediaries, controls, or is controlled by, or is under common control with, the person specified.
(3) "Audit committee" means a committee (or equivalent body) established by the board of directors of an entity for the purpose of overseeing the accounting and financial reporting processes of an insurer, or group of insurers, the internal audit function of an insurer or group of insurers (if applicable), and external audits of financial statements of the insurer, or group of insurers. The audit committee of any entity that controls a group of insurers may be deemed to be the audit committee for one or more of these controlled insurers solely for the purposes of this regulation at the election of the controlling person. Refer to ARM 6.6.3515(6) for exercising this election. If an audit committee is not designated by the insurer, the insurer's entire board of directors shall constitute the audit committee.
(4) "Audited financial report" means and includes those items specified in ARM 6.6.3504.
(5) "Indemnification" means an agreement of indemnity, or a release from liability, where the intent or effect is to shift, or limit, in any manner the potential liability of the person, or firm, for failure to adhere to applicable auditing or professional standards, whether or not resulting in part from knowing of other misrepresentations made by the insurer, or its representatives.
(6) "Independent board member" has the same meaning as described in ARM 6.6.3515(4).
(7) "Insurer" means an insurer as defined in 33-1-201 and 33-2-1501, MCA, or an authorized insurer as defined in 33-1-201, MCA.
(8) "Group of insurers" means those licensed insurers included in the reporting requirements of 33-2-1101, MCA, et seq., or a subset of such insurers as identified by management for the purpose of assessing the effectiveness of internal controls over financial reporting.
(9) "Internal audit function" means a person or persons that provide independent, objective, and reasonable assurance designed to add value and improve an organization's operations and accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.
(9) (10) "Internal control over financial reporting" means a process effected by an entity's board of directors, management, and other personnel designed to provide reasonable assurance regarding the reliability of the financial statements, i.e., those items specified in ARM 6.6.3504(2)(b) through 6.6.3504(3), and includes those policies and procedures that:
(a) pertain to the maintenance of records that, in reasonable detail, accurately and fairly reflect the transactions and dispositions of assets;
(b) provide reasonable assurance that transactions are recorded as necessary to permit preparation of the financial statements, i.e., those items specified in ARM 6.6.3504(2)(b) through 6.6.3504(3), and that receipts and expenditures are being made only in accordance with authorizations of management, and directors; and
(c) provide reasonable assurance regarding prevention or timely detection of unauthorized acquisition, use or disposition of assets that could have a material effect on the financial statements, i.e., those items specified in ARM 6.6.3504(2)(b) through 6.6.3504(3).
(10) (11) "SEC" means the United States Securities and Exchange Commission.
(11) (12) "Section 404" means Section 404 of the Sarbanes-Oxley Act of 2002 and the SEC's rules and regulations promulgated thereunder.
(12) (13) "Section 404 Report" means management's report on "internal control over financial reporting" as defined by the SEC, and the related attestation report of the independent certified public accountant as described in ARM 6.6.3501.
(13) (14) "SOX compliant entity" means an entity that either is required to be compliant with, or voluntarily is compliant with, all of the following provisions of the Sarbanes-Oxley Act of 2002:
(a) the preapproval requirements of Section 201 (Section 10A(i) of the Securities Exchange Act of 1934);
(b) the audit committee independence requirements of Section 301 (Section 10A(m)(3) of the Securities Exchange Act of 1934); and
(c) the internal control over financial reporting requirements of Section 404 (Item 308 of SEC Regulation S-K).
AUTH: 33-1-313, 33-2-1517, MCA
IMP: 33-2-701, 33-2-1517, 33-4-313, 33-5-413, MCA
6.6.3515 REQUIREMENTS FOR AUDIT COMMITTEES (1) This rule shall not apply to foreign or alien insurers licensed in this state, an insurer that is a SOX compliant entity, or an insurer that is a direct or indirect wholly-owned subsidiary of a SOX compliant entity.
(2) The audit committee shall be directly responsible for the appointment, compensation, and oversight of the work of any accountant (including resolution of disagreements between management and the accountant regarding financial reporting) for the purpose of preparing or issuing the audited financial report or related work pursuant to this subchapter. Each accountant shall report directly to the audit committee.
(3) The audit committee of an insurer or group of insurers shall be responsible for overseeing the insurer's internal audit function and granting the person or persons performing the function suitable authority and resources to fulfill their responsibilities if required by [NEW RULE I].
(3) (4) Each member of the audit committee shall be a member of the board of directors of the insurer or a member of the board of directors of an entity elected pursuant to ARM 6.6.3501(3) and 6.6.3515 (6) (7).
(4) (5) In order to be considered independent for purposes of this rule, a member of the audit committee may not, other than in his or her capacity as a member of the audit committee, the board of directors, or any other board committee, accept any consulting, advisory, or other compensatory fee from the entity or be an affiliated person of the entity, or any subsidiary thereof. However, if law requires board participation by otherwise nonindependent members, that law shall prevail, and such members may participate in the audit committee and be designated as independent for audit committee purposes, unless they are an officer, or employee of the insurer, or one of its affiliates.
(5) (6) If a member of the audit committee ceases to be independent for reasons outside the member's reasonable control, that person, with notice by the responsible entity to the state, may remain an audit committee member of the responsible entity until the earlier of the next annual meeting of the responsible entity, or one year from the occurrence of the event that caused the member to be no longer independent.
(6) (7) To exercise the election of the controlling person to designate the audit committee for purposes of this subchapter, the ultimate controlling person shall provide written notice to the commissioners of the affected insurers. Notification shall be made timely prior to the issuance of the statutory audit report and shall include a description of the basis for the election. The election can be changed through notice to the commissioner by the insurer, which shall include a description of the basis for the change. The election shall remain in effect for perpetuity, until rescinded.
(7) (8) The audit committee shall require the accountant that performs for an insurer any audit required by this subchapter to timely report to the audit committee in accordance with the requirements of SAS 61, Communication with Audit Committees, or its replacement, including:
(a) all significant accounting policies and material permitted practices;
(b) all material alternative treatments of financial information within statutory accounting principles that have been discussed with management officials of the insurer, ramifications of the use of the alternative disclosures and treatments, and the treatment preferred by the accountant; and
(c) other material written communications between the accountant and the management of the insurer, such as any management letter, or schedule of unadjusted differences.
(8) (9) If an insurer is a member of an insurance holding company system, the reports required by (7) (8) may be provided to the audit committee on an aggregate basis for insurers in the holding company system, provided that any substantial differences among insurers in the system are identified to the audit committee.
(9) (10) The proportion of independent audit committee members shall meet or exceed the following criteria:
Prior Calendar Year Direct Written and Assumed Premiums.
See Note C.
$0 - $300,000,000
Over $300,000,000 - $500,000,000
requirements. See also Note A and B.
Majority (50% or more) of
members shall be
independent. See also Note A and B.
members (75% or more)
shall be independent.
See also Note A.
Note A: The commissioner has authority afforded by state law to require the entity's board to enact improvements to the independence of the audit committee membership if the insurer is in a RBC action level event, meets one or more of the standards of an insurer deemed to be in hazardous financial condition, or otherwise exhibits qualities of a troubled insurer.
Note B: All insurers with less than $500,000,000 in prior year direct written and assumed premiums are encouraged to structure their audit committees with at least a supermajority of independent audit committee members.
Note C: Prior calendar year direct written and assumed premiums shall be the combined total of direct premiums and assumed premiums from nonaffiliates for the reporting entities.
(10) (11) An insurer with direct written and assumed premium, excluding premiums reinsured with the Federal Crop Insurance Corporation and Federal Flood Program, less than $500,000,000 may make application to the commissioner for a waiver from the ARM 6.6.3515 requirements based upon hardship. The insurer shall file, with its annual statement filing, the approval for relief from ARM 6.6.3515 with the states that it is licensed in, doing business in, and the NAIC. If the nondomestic state accepts electronic filing with the NAIC, the insurer shall file the approval in an electronic format acceptable to the NAIC.
AUTH: 33-1-313, 33-2-1517, MCA
IMP: 33-2-701, 33-2-1517, 33-4-313, 33-5-413, MCA
6.6.3520 EXEMPTIONS AND EFFECTIVE DATES (1) Upon written application of any insurer, the commissioner may grant an exemption from compliance with any and all provisions of these rules if the commissioner finds, upon review of the application, that compliance would constitute a financial or organizational hardship upon the insurer. An exemption may be granted at any time and from time to time for a specified period or periods. Within ten days from a denial of an insurer's written request for an exemption, such insurer may make a written request for a hearing on its application for an exemption. Such hearing shall be held in accordance with 33-1-701, MCA.
(2) Domestic insurers retaining certified public accountants on the effective date of this rule who qualify as independent shall comply with these rules for the year ending December 31, 2009, and each year thereafter unless the commissioner permits otherwise.
(3) Domestic insurers not retaining certified public accountants on the effective date of these rules who qualify as independent may meet the following schedule for compliance, unless the commissioner permits otherwise.
(a) as of December 31, 2009, file with the commissioner an audited financial report.
(b) for the year ending December 31, 2010, and each year thereafter, such insurers shall file with the commissioner all reports and communications required by these rules.
(4) Foreign insurers shall comply with these rules for the year ending December 31, 2009, and each year thereafter, unless the commissioner permits otherwise.
(5) The requirements of ARM 6.6.3506(4) shall be in effect for audits of the year beginning January 1, 2010, and thereafter.
(6) The requirements of ARM 6.6.3515 are to be in effect January 1, 2010. An insurer, or group of insurers, that is not required to have independent audit committee members, or only a majority of independent audit committee members (as opposed to a supermajority), because the total written and assumed premium is below the threshold, and subsequently becomes subject to one of the independence requirements due to changes in premium shall have one year following the year the threshold is exceeded (but not earlier than January 1, 2010) to comply with the independence requirements. Likewise, an insurer that becomes subject to one of the independence requirements as a result of a business combination shall have one calendar year following the date.
(7) The requirements of ARM 6.6.3517 and ARM 6.6.3510 are effective beginning with the reporting period ending December 31, 2010, and each year thereafter. An insurer, or group of insurers, that is not required to file a report because the total written premium is below the threshold, and subsequently becomes subject to the reporting requirements, shall have two years following the year the threshold is exceeded (but not earlier than December 31, 2010) to file a report. Likewise, an insurer acquired in a business combination shall have two calendar years following the date of acquisition or combination to comply with the reporting requirements.
(8) If an insurer or group of insurers that is exempt from [NEW RULE I] requirements no longer qualifies for that exemption, it shall have one year after the year the threshold is exceeded to comply with the requirements of [NEW RULE I].
AUTH: 33-1-313, 33-2-1517, MCA
IMP: 33-1-701, 33-2-1517, 33-4-313, 33-5-413, MCA
5. Concerned persons may submit their data, views, or arguments concerning the proposed actions in writing to: Ivan C. Evilsizer, Attorney, Office of the Commissioner of Securities and Insurance, Montana State Auditor, 840 Helena Ave., Helena, Montana, 59601; telephone (406) 444-1295; fax (406) 444-3497; or
e-mail firstname.lastname@example.org, and must be received no later than 5:00 p.m., September 20, 2019.
6. If persons who are directly affected by the proposed action wish to express their data, views, or arguments orally or in writing at a public hearing, they must make written request for a hearing and submit this request along with any written comments to Ivan C. Evilsizer at the above address no later than 5:00 p.m., September 20, 2019.
7. If the agency receives requests for a public hearing on the proposed action from either 10 percent or 25, whichever is less, of the persons directly affected by the proposed action; from the appropriate administrative rule review committee of the Legislature; from a governmental subdivision or agency; or from an association having not less than 25 members who will be directly affected, a hearing will be held at a later date. Notice of the hearing will be published in the Montana Administrative Register. Ten percent of those directly affected has been determined to be: not applicable, since no insurers in Montana are directly affected at the present time.
8. The CSI maintains a list of interested persons who wish to receive notices of rulemaking actions proposed by this agency. Persons who wish to have their name added to the list may sign up by clicking on the blue button on the CSI's website at: http://csimt.gov/laws-rules/ and may specify the subject matter they are interested in. Notices will be sent by e-mail unless a mailing preference is noted in the request. Request may also be sent to the CSI in writing. Such written request may be mailed or delivered to the contact information in 2 above, or may be made by completing a request form at any rules hearing held by the CSI.
9. The bill sponsor contact requirements of 2-4-302, MCA, do not apply.
10. With regard to the requirements of 2-4-111, MCA, the office has determined that the adoption and amendment of the above-referenced rules will have no significant impact on small businesses.
/s/ Ivan C. Evilsizer /s/ Michelle Dietrich
Ivan C. Evilsizer Michelle Dietrich
Rule Reviewer Chief Legal Counsel
Certified to the Secretary of State August 13, 2019.