Proposed Regulations Adopting NAIC’s Internal Audit Function Requirements Announced

Proposed Regulations Adopting NAIC’s Internal Audit Function Requirements Announced

Summary 

Large insurers should be preparing now to comply with proposed regulations that adopt the NAIC’s internal audit function requirements.  The internal audit function is designed to provide independent, objective and reasonable assurance to the audit committee and insurer management regarding the insurance company’s risk management, control and governance processes.

The Pennsylvania Insurance Department has just announced proposed regulations which would amend the Annual Financial Reporting Requirements regulations (30 Pa. Code § 147.1 et seq.)   These regulations were initially adopted in 1979 and, among other things, contain requirements for the establishment of audit committees and maintenance of effective internal controls over financial reporting.  

In the Pennsylvania Bulletin, the Department explained that the proposed rulemaking is based on changes to Model Regulation No. 205 (Annual Financial Reporting Model Regulation), which were adopted by the NAIC in 2014.  The NAIC determined that it was necessary for insurers to maintain an effective internal audit function capable of providing the insurer’s audit committee with independent assurance regarding the insurer’s governance, risk management and internal controls.  The NAIC decided that the best way to implement an internal audit requirement would be to place the requirement within the NAIC’s existing Annual Financial Reporting Model Regulation.  

Essentially, the amendments create an internal audit function requirement for large insurance companies.  Some of the key details of this requirement include:  

  • Scope.  The revisions require individual insurers writing more than $500 million or insurance groups writing more than $1 billion in annual premiums to maintain an internal audit function.  If an insurer is a member of an insurance holding company system or included in a group of insurers, the insurer may satisfy the internal audit function requirements in this section at the ultimate controlling parent level, an intermediate holding company level or the individual legal entity level.
  • Function.  The internal audit function will provide independent, objective and reasonable assurance to the audit committee and insurer management regarding the insurer’s governance, risk management and internal controls.  This includes the performance of audits and use of other techniques deemed necessary to protect assets, evaluate control effectiveness and efficiency, and evaluate compliance with policies and regulations.    
  • Oversight.  The audit committee is responsible for overseeing the insurer’s internal audit function and granting the person performing the function suitable authority and resources to fulfill his or her responsibilities.
  • Independence.  The internal audit function must be organizationally independent and may not defer ultimate judgment on audit matters to others. The individual appointed to head the internal audit function must have direct and unrestricted access to the board of directors.
  • Reporting.  The head of the internal audit function must report regularly, but no less than annually, on the periodic audit plan, factors that may adversely impact the internal audit function’s independence or effectiveness, material findings from completed audits and the appropriateness of corrective actions implemented by management as a result of the audit findings.

Pennsylvania joins just a handful of states that have either adopted the NAIC’s amendments to the Annual Financial Reporting Model Regulation or have pending state action on them.  The proposed rulemaking will become effective 30 days after final-form publication in the Pennsylvania Bulletin.  

While the regulations have not yet been formally adopted, large insurers should be taking steps today to make sure they are in compliance with the proposed regulations.   For questions on these proposed regulations, please contact Jeremy Heinnickel at 717.257.7575 / jheinnickel@saul.com – and watch for future Saul Ewing Alerts and announcements on sponsored programs on corporate governance issues. 

View Document(s):