Originally published October 29, 2009

On January 1, 2010, the National Association of Insurance Commissioners ("NAIC") 2006 amendments to its model regulation1 governing the submission of audited statutory financial statements by insurance companies, commonly known as the Model Audit Rule, will go into effect.2 The revised Model Audit Rule incorporates significant new requirements in six related areas:

  • Audit committee composition, independence, and duties;
  • Lead audit partner rotation;
  • Requirements regarding pre-approval of audit services and prohibited non-audit services;
  • Conduct of the insurer in connection with the audit;
  • Management's report on internal controls over financial reporting; and
  • Communication of internal control related to matters noted in the audit.

In order to implement these new rules, it will be necessary for each insurer's management, at a minimum, to determine if the audit committee is structured correctly, to meet with its audit committee to establish new processes, to meet with accountants on how to implement the new requirements, to develop appropriate policies and procedures, and to review, test and document their implementation. The planning for the implementation of the Model Audit Rule is significant. Is your organization ready?

I. OVERVIEW OF THE MODEL AUDIT RULE

The Model Audit Rule is designed to improve the ability of state insurance departments to oversee the financial condition of insurers. The Model Audit Rule was created as an insurance company counterpart to the Sarbanes-Oxley Act of 2002 ("Sarbanes-Oxley" or "SOX"). Its goals are to achieve greater transparency, prevent fraud, and enhance public confidence in the insurance industry. Because the new requirements are derived, in large part, from Sarbanes-Oxley, insurance companies may benefit from looking to the requirements of SOX and practices thereunder. In particular, examining the steps and processes that companies have undertaken to meet Sarbanes-Oxley requirements likely will be helpful in implementing the Model Audit Rule requirements.

Subject to general exceptions for certain small insurers and specific section exceptions for foreign and alien insurers (discussed below), the revised Model Audit Rule applies to all domestic insurance companies, including life insurers, health insurers, property-casualty insurers, and captive insurers. For the first time, non-publicly traded insurers (for example, mutual companies) will be required to comply with a number of SOX-like provisions. In addition, the Model Audit Rule expands the regulatory requirements of insurers subject to Sarbanes-Oxley, as discussed below.

II. AUDIT COMMITTEE COMPOSITION, INDEPENDENCE, AND DUTIES

Composition. The Model Audit Rule requires an insurer to have an audit committee (the "Audit Committee"). Each member of the Audit Committee must be a member of the board of directors of the insurer, or in the alternative, the insurer's ultimate controlling entity may elect the Audit Committee of any entity that controls the insurer (or "Group of insurers"3) to be deemed the insurer's Audit Committee for purposes of the Model Audit Rule.4 If an Audit Committee is not designated by the insurer, the insurer's entire board of directors will be deemed to be the Audit Committee.5

The Audit Committee must retain a certain proportion of independent members, determined by reference to the insurer's previous year's premium revenue. Companies with $300 million to $500 million in direct written and assumed premiums from the prior year must ensure that at least 50% of their Audit Committee's members are independent. The requirement rises to 75% for companies with more than $500 million in prior calendar year direct written and assumed premiums.6 These requirements are effective January 1, 2010. The NAIC Implementation Guide for the Annual Financial Reporting Model Regulation (the "Implementation Guide") provides additional detail about when and how to measure premium revenue and how to address situations in which a company's yearly revenue triggers changes to the independence requirements.7 The Implementation Guide is also useful with respect to other questions that could arise concerning the Model Audit Rule.

Insurers In A Holding Company Structure. The Model Audit Rule allows an Audit Committee of any entity that controls a Group of insurers, at the election of the controlling entity, to be deemed to be the Audit Committee for the Group of insurers for purposes of the Model Audit Rule.8 The ultimate controlling company within the holding company structure must provide written notice regarding such election to the state insurance commissioner of the affected insurer(s).9 As noted above, each member of the Audit Committee must be a member of the board of directors of the insurer, or the insurer's ultimate controlling entity may elect the Audit Committee of any entity that controls the insurer (or Group of insurers) to be deemed the insurer's Audit Committee for purposes of the Model Audit Rule.

Sarbanes-Oxley Compliant Entities. The Audit Committee requirements do not apply to a "SOX Compliant Entity" or any direct or indirect wholly owned subsidiary of a "SOX Compliant Entity."10 According to the Implementation Guide, the drafters of the Model Audit Rule included this exception in order to avoid conflicts between the independence requirements of the Model Audit Rule and the requirements of Sarbanes-Oxley § 301.11 Regulators expected that the same independent audit committee required of public companies would be deemed to be the insurer's audit committee or would participate in the oversight of the insurers within the Group of insurers. "Therefore, if material weaknesses, significant deficiencies and/or significant solvency concerns are identified at the legal entity level, the independent Audit Committee should be involved in addressing those issues, regardless of their materiality at the consolidated, parent company level."12

Who Is Independent? For an Audit Committee member to be considered "independent," the member:

  • May not accept any consulting, advisory, or other compensatory fee from the insurer, other than in his or her capacity as a member of the Audit Committee, the board of directors, or any other board committee; or
  • May not be an affiliated person of the entity or any subsidiary of the entity.13

However, if state law requires board participation by an otherwise non-independent member of the board of directors (e.g., a medical provider on a health plan board), such member may participate in the Audit Committee and be designated as independent for Audit Committee purposes, so long as the member is not an officer or employee of the insurer or one of its affiliates.14

Duties. Under the new Model Audit Rule requirements, the Audit Committee is directly responsible for the appointment, compensation, and oversight of the work of the independent certified public accountant ("CPA"), including resolution of disagreements between management and the CPA regarding financial reporting. The independent CPA must report directly to the Audit Committee.15 The Audit Committee must pre-approve all audit and non-audit services provided by the CPA, unless a waiver is available.16

The Audit Committee must require the independent CPA to timely report to the Audit Committee as required by Statement of Accounting Standards ("SAS") No. 114, The Auditor's Communication With Those Charged With Governance, on matters including:

  • All significant accounting policies and material permitted practices;
  • All material alternative treatments of financial information within statutory accounting principles that have been discussed with management, including ramifications of the use of such alternative disclosures and treatments, and the treatment that the accountant prefers; and
  • Other material written communications between the accountant and management.17

Exceptions To The Audit Committee Requirements.

Small Insurer Exception. Companies with less than $300 million in direct written and assumed premiums for the prior calendar year are exempt from the independent audit committee member requirement, although the insurance commissioner has the authority afforded by state law to require more independent audit committee members if the insurer experiences a Risk-Based Capital ("RBC") action level event or meets one or more of the standards indicating that the insurer is in a hazardous financial condition as defined in the state's Corrective Action statute.18

Foreign-Alien Company Exception. The Audit Committee requirements likewise do not apply to foreign or alien insurers licensed in the state.19

III. ROTATION OF LEAD AUDIT PARTNER

Section 7(D)(1) of the revised Model Audit Rule closely tracks the requirements set forth in § 203 of Sarbanes-Oxley, pursuant to which the Securities and Exchange Commission ("SEC") adopted rules20 prohibiting all partners who perform audit services for a company from providing such services to the company (or any of its significant subsidiaries) for more than five consecutive years. Under the revisions to the Model Audit Rule, the lead (or coordinating) audit partner, who has primary responsibility for the audit of the company's statutory financial statements, may not act in that capacity for more than five consecutive years. After one five-year period, that same person may not act as lead auditor again until the expiration of another five-year "cooling off" period.21 Such person also may not serve in that or a similar capacity for the same company or any of its insurance subsidiaries or affiliates for five years.

Separate Accounts And Affiliated Funds. The Implementation Guide makes clear that a separate account for which GAAP-basis financial statements are prepared is considered to be an insurance affiliate for purposes of the Model Audit Rule, thus implicating its lead audit partner provisions. By contrast, affiliated mutual funds are considered to be non-insurance affiliates and would not come within the scope of the Model Audit Rule.22

Relief From Rotation Limitations. The Model Audit Rule revisions permit an insurer to petition the insurance commissioner for relief from the rotation limitations based on unusual circumstances, such as: (i) number of partners, expertise of partners, or number of insurance clients; (ii) premium volume of the insurer; or (iii) number of jurisdictions in which an insurer transacts business.

Applicability And Implementation Of Rotation Requirements. The new rotation requirements under the Model Audit Rule will become effective in connection with audits of the 2010 financial statements. These rotation requirements are applicable for statutory reporting and regulatory purposes. An insurer and its affiliates that are subject to the rotation requirements of the SEC and the Public Company Accounting Oversight Board ("PCAOB") must continue to comply with those rotation requirements, as well as those of the Model Audit Rule.23

IV. REQUIREMENTS REGARDING AUDIT AND NON-AUDIT SERVICES

Prohibited Non-Audit Services. Section 7(G)(1) of the revised Model Audit Rule closely tracks the requirements set forth in § 201 of Sarbanes-Oxley, pursuant to which the SEC adopted rules24 prohibiting auditors from concurrently performing an audit required by the SEC and engaging in certain enumerated non-audit services. The Model Audit Rule makes clear that auditor independence with regard to the provision of non-audit services is based on three principles: (i) an independent CPA cannot function in the role of management; (ii) an independent CPA cannot audit his or her own work; and (iii) an independent CPA cannot serve in an advocacy role for the insurer.25

Under the revised Model Audit Rule, a CPA may not, contemporaneously with an audit, perform the following non-audit services:

  • Bookkeeping or other services related to the accounting records or financial statements of the insurer;26
  • Financial information systems design and implementation;
  • Appraisal or valuation services, fairness opinions, or contribution-in-kind reports;
  • Actuarial-oriented advisory services involving the determination of amounts recorded in financial statements. The accountant may assist the insurer in understanding the methods, assumptions, and inputs used in the determination of amounts recorded in the financials only if it is reasonable to conclude that the services provided will not be subject to audit procedures during an audit of the insurer's financial statements;27
  • Internal audit outsourcing services;
  • Management functions or human resources;
  • Broker or dealer, investment adviser, or investment banking services;
  • Legal services or expert services unrelated to the audit; or
  • Any other services that the insurance commissioner determines, by regulation, are impermissible.28

Insurers having direct written and assumed premiums of less than $1 million in any calendar year may request an exemption from these provisions by filing a written statement with the insurance commissioner discussing the reasons why the insurer should be exempt. The commissioner may grant the exemption upon a finding that compliance with these provisions would constitute a financial or organizational hardship.29

Pre-Approval Of Audit And Permitted Non-Audit Services. Section 7(J) of the revised Model Audit Rule closely tracks the requirements set forth in § 202 of Sarbanes-Oxley, pursuant to which the SEC adopted new rules30 requiring, among other things, a public company's audit committee to approve in advance any audit or permitted non-audit service performed by an auditing firm. Under § 7(J), all audit and non-audit services provided to the insurer by the insurer's independent CPA must be preapproved by the Audit Committee. The Audit Committee can delegate authority to one or more members to grant preapprovals, but such decisions of the delegate must be presented to the full Audit Committee at each scheduled meeting.

The pre-approval requirement is waived with respect to non-audit services if:

  • The insurer is a SOX Compliant Entity or a direct or indirect wholly owned subsidiary of a SOX Compliant Entity;31
  • The aggregate amount of all such non-audit services provided to the insurer constitutes not more than 5% of the total amount of fees paid by the insurer to its independent CPA during the fiscal year in which the non-audit services are provided;
  • The services are not recognized by the insurer at the time of the engagement to be non-audit services; and
  • The services are promptly brought to the attention of the Audit Committee of the insurer and approved prior to the completion of the audit by the Audit Committee or by one or more members of the Audit Committee who are the members of the board of directors to whom the Audit Committee has delegated the authority to grant such approvals.

Prohibition On The Employment Of Senior Management By The Independent CPA. Section 7(L)(1) of the revised Model Audit Rule closely tracks the requirement set forth in § 206 of Sarbanes-Oxley, pursuant to which the SEC adopted rules32 prohibiting a registered public accounting firm from conducting an audit if certain executive officers of the issuer were members of the accountant's audit engagement team within the preceding year. Section 7(L)(1) provides that an independent CPA is not qualified to conduct an audit if a member of the board, the president, the chief executive officer, the controller, the chief financial officer, the chief accounting officer, or any person serving in an equivalent position for the insurer, was employed by the independent CPA as a partner or senior manager and participated in an audit of the insurer during the one-year period preceding the date on which the current statutory opinion is due. An insurer may request relief with regard to this requirement from its insurance commissioner based on unusual circumstances.

V. CONDUCT OF THE INSURER IN CONNECTION WITH THE AUDIT

Section 15 of the revised Model Audit Rule closely tracks the requirement of Rule 13b2-2(b) under the Securities Exchange Act of 1934 ("1934 Act"),33 which prohibits officers, directors, and persons acting under their direction from improperly influencing the auditor of an issuer's financial statements, when an officer, director, or person acting under his or her direction knew or should have known that the action, if successful (but regardless of whether the action is in fact successful), could result in rendering the issuer's financial statements materially misleading.34

Section 15(A) of the Model Audit Rule imports the definition of materiality from the federal securities laws into the Rule and prohibits any officer or director from making or causing to be made any materially false or misleading statement, or omitting to state a material fact, to the accountant in connection with an audit, review, or communication required by the Model Audit Rule.

Section 15(B) of the Model Audit Rule provides that no officer or director of the insurer, or any other person acting under his or her direction, shall directly or indirectly take any action to coerce, manipulate, mislead, or fraudulently influence any accountant engaged in the performance of an audit pursuant to the Model Audit Rule, if such person knew or should have known that the action, if successful, could result in rendering the insurer's financial statements materially misleading.

VI. MANAGEMENT'S REPORT ON INTERNAL CONTROL OVER FINANCIAL REPORTING

Section 16 of the Model Audit Rule closely tracks the requirements set forth in § 404 of Sarbanes-Oxley but does not impose a requirement to have the company's auditors attest to management's assessment of internal controls.

Pursuant to the issuance of Sarbanes-Oxley, the SEC adopted rules to implement § 40435 requiring that each annual report under § 13(a) or § 15(d) of the 1934 Act contain an internal control report that includes: (i) a statement of management's responsibility for establishing and maintaining adequate internal control over financial reporting; (ii) conclusions about the effectiveness of the company's internal control over financial reporting based on management's assessment of the end of the company's most recent fiscal year; and (iii) a statement that the company's auditors have attested to and reported on management's evaluation of the company's internal control over financial reporting.

The most controversial and expensive requirement of § 404 of Sarbanes-Oxley is "internal control over financial reporting," which is a process designed to provide reasonable assurance regarding the reliability of financial reporting and the preparation of U.S. GAAP financial statements. Internal control over financial reporting includes those policies and procedures that:

  • Pertain to the maintenance of records that in reasonable detail accurately and fairly reflect the transaction and asset sales of the company;
  • Provide reasonable assurance that transactions are recorded as necessary to permit preparation of financial statements according to GAAP principles; and
  • Provide reasonable assurance regarding the prevention or timely detection of unauthorized acquisition, use, or disposition of the company's assets that could have a material effect on the financial statements.

Reporting. The revisions to the Model Audit Rule incorporate the substantive requirements of § 404 of Sarbanes-Oxley. An insurer that is subject to Model Audit Rule § 16 must prepare and file with the insurance commissioner a report prepared by management regarding management's assessment of the insurer's internal control over statutory financial reporting. The report must contain:

  • A statement of management's responsibility for establishing and maintaining adequate internal control over financial reporting;
  • Management's assessment, after diligent inquiry, of the effectiveness of the insurer's internal control over financial reporting as to whether its internal control over financial reporting is effective to provide reasonable assurance regarding the reliability of the insurer's financial statements prepared in accordance with statutory financial principles;
  • A statement describing the approach or processes by which management evaluated the effectiveness of its internal control over financial reporting;
  • A statement describing the scope of work included and whether any internal controls were excluded;
  • Disclosure of any unremediated material weaknesses in the internal control over financial reporting identified by management as of the December 31 immediately preceding;
  • A statement regarding the inherent limitations of internal control systems; and
  • The signatures of the chief executive officer and the chief financial officer.

Applicability. Model Audit Rule § 16 applies to every insurer with annual direct written and assumed premiums of $500 million or more. However, the insurance commissioner may require an insurer to file a Management Report on Internal Control over Financial Reporting if the insurer is experiencing an RBC action level event, or if the insurer meets one or more of the standards indicating that the insurer is in a hazardous financial condition as defined in the state's Corrective Action statute.36 The requirements of § 16 are effective beginning with the reporting period ending December 31, 2010, and each year thereafter.37

Group Of Insurers. The Model Audit Rule permits the Management's Report on Internal Control over Financial Reporting to be prepared for a Group of insurers, which raises many interpretative issues, including the following:

  • Signature By CEO And CFO. If a report is filed on behalf of a Group of insurers, management should identify the officeholders that have the authority to sign the report on behalf of all the legal entities being reported upon within the Group of insurers.38
  • Similarity In Internal Controls. Because internal controls are often applied across multiple legal entities within the same organization, the Interpretative Guide suggests that management consider those common processes and associated controls when determining the Group of insurers for reporting purposes.39
  • Material Weakness In One Entity Within The Group. Questions have been raised on how to report a material weakness identified for one entity within a Group of insurers that is not considered a material weakness for the group overall. Members of the NAIC/AICPA (E) Working Group at the 2009 Fall National Meeting agreed that if such a situation occurs, it should be reported in Management's Report of Internal Control over Financial Reporting. More guidance is expected in this area.
  • Focus On The Legal Entity Level. Because statutory reporting requires presentation at a legal-entity level, management's assertion on the effectiveness of internal controls must apply at the individual legal entity level. Therefore, when determining the scope of controls subject to review for the "Group of insurers," recent language exposed for comments at the 2009 Fall National Meeting would require that "all controls deemed significant to each individual legal entity within the Group be included within the scope of management's review."40

Compliance By Sarbanes-Oxley Compliant Entity. Section 16(C) of the Model Audit Rule permits certain insurers (or Groups of insurers) to file the insurer's or the insurer's parent's Sarbanes-Oxley § 404 Report, plus an addendum, in satisfaction of the Model Audit Rule § 16 requirements, subject to a proviso. Such insurers or Groups of insurers include: (i) an entity that is directly subject to Sarbanes-Oxley § 404; (ii) an entity that is part of a holding company whose parent is subject to § 404; (iii) an entity that is not directly subject to § 404, but which is a SOX Compliant Entity within the meaning of Model Audit Rule § 3(M); or (iv) an entity that is a member of a holding company system whose parent is a SOX Compliant Entity.

The internal controls of the insurer or Group of insurers having a material impact on the preparation of the insurer's or Group of insurer's audited statutory financial statements must be included within the scope of the § 404 Report. The required addendum is a positive statement by management that there are no material processes with respect to the preparation of the insurer's or Group of insurer's audited statutory financial statements excluded from the § 404 Report. If any such material processes are not included in the § 404 Report, then the insurer or Group of insurers must file either: (i) its own report under § 16 of the Model Audit Rule; or (ii) a § 404 Report, plus a § 16 Report for those internal controls that have a material impact on the preparation of the insurer's or Group of insurer's audited statutory financial statements and that are not covered by the § 404 Report.

Availability To State Insurance Regulators. Model Audit Rule § 16(E) requires management to document, and to make available during insurance departments' financial condition examinations, the basis upon which its assertions in the Management Report of Internal Control over Financial Reporting were made.

No Requirement For Auditor Attestation. Because the Management's Report of Internal Control over Financial Reporting is subject to state insurance departments' financial condition examinations, there is no requirement that the independent CPA be engaged to perform an examination of the effectiveness of internal control over financial reporting.41

VII. COMMUNICATIONS OF INTERNAL CONTROL RELATED TO MATTERS NOTED IN THE AUDIT

Section 11 of the revised Model Audit Rule requires management to furnish the insurance commissioner with a written communication as to any unremediated material weaknesses in internal controls over financial reporting noted during the audit of statutory financial statements. Such communication must describe any unremediated material weakness, as the term is defined by SAS 60, Communication of Internal Control Related to Matters Noted in the Audit, as of the December 31 immediately preceding. If no unremediated material weaknesses were noted in the audit, the communication must so state. The insurer is expected to maintain information about material deficiencies communicated by the independent CPA and to make such information available to the examiner conducting the financial condition examination.

VIII. OBSERVATIONS

As we consider the potential impacts of the revised Model Audit Rule for insurers, we present the following observations and considerations:

  • Even if an entity is Sarbanes-Oxley compliant, compliance with The Model Audit Rule will likely require a significant commitment of resources.
    • Material processes, procedures, and internal controls used to prepare the audited statutory financial statements may not have been included within the scope of the § 404 Report and may not have been documented, or completely documented.
    • Companies will need to implement processes, establish appropriate levels of materiality, identify and test key controls, address control deficiencies, report applicable communications, develop compliance policies and procedures, and review, test and document their implementation.
  • The Model Audit Rule provides an opportunity for insurers to examine their corporate governance processes and procedures.
    • Although most insurers are not required to have a charter for their Audit Committee, preparation of a charter may be a way to easily document responsibilities, and to then develop policies to augment the charter.
    • In addition, policies and procedures will need to be developed to specifically address the prohibition on hiring employees of the auditor and maintaining the independence of the Audit Committee.
    • A re-examination of company by-laws (especially any applicable indemnification provisions), committee charters (particularly the Audit Committee charter), and directors and officers insurance coverage would be both prudent—and perhaps vital—to attracting independent directors to a company.
    • The Audit Committee will need to be actively involved in overseeing the audit process and will have to work extensively with management and outside accountants.
  • The "buck stops with management."
    • Under the Model Audit Rule, since there is no formal external audit of internal control over financial reporting, management alone assumes the full burden of the control evaluation. Theoretically, there is increased risk due to the absence of standards defining management's assessment.
    • Management is responsible for defining the correct targets, evaluating the effectiveness of such controls, and preparing appropriate disclosure.
    • As a result, management should consider relying on reports of external auditors engaged for these purposes, for management's own benefit and effectiveness.
  • The Audit Committee will need to demonstrate satisfaction of all its new responsibilities.
    • The Audit Committee meetings will need to develop formal, scripted processes. For example, the new responsibility to approve auditor compensation will require additional work on the part of the Committee.
    • The Audit Committee will also need to implement a process for determining how to pre-approve audit services and how to deal with non-audit services.
    • The Audit Committee in conjunction with the auditors will need to develop the types of information they will require to approve compensation.
    • The Audit Committee meeting will generally be longer in order to meet all new responsibilities.
  • Likewise, since management must disclose the evaluation process over internal control, it should consider relying on external audit services, with appropriate legal advice, to assist in crafting, implementing, and describing such processes.
    • The external audit of an insurer's financial statements could be a red flag. For example, if the external auditors record a material audit adjustment or restatement of a prior period in the financial statements, regulators might view such item as indicative of a material weakness.
    • If a weakness is neither discovered by management nor disclosed in prior internal periods (in such an instance where the weakness has existed over several preceding periods), a difficult situation arises for the board and for management.
  • As has been the case with SOX, the standards of care prescribed by the model audit rule and an insurer's compliance with those standards may very well become an issue in future litigation involving the insurer.
    • Adherence to and documentation of processes may play a vital role in such scenarios.
    • Given the lack of standards today, documentation of critical processes and internal controls and establishment of an effective process for risk identification will likely be crucial.
  • In the transactional context, an insurer's compliance with the model audit rule will be a subject of additional due diligence, representation and warranties, and an important integration item following an acquisition.

The implementation of the new Model Audit Rules will present unforeseen challenges, especially as a result of the interplay between SOX processes and the new state regulatory structures. When public companies began to implement § 404 of Sarbanes-Oxley, the process took on a life of its own and resulted in the emergence of a myriad of issues for companies. Like companies implementing Sarbanes-Oxley, insurers applying the Model Audit Rule have no indication today how regulators and auditors will react tomorrow. What will a material weakness mean? How will the rules affect the holding company? However, the lessons learned during the implementation of SOX will provide all parties with valuable guidance going forward.

Footnotes

1. The formal name of the model regulation is the Annual Financial Reporting Model Regulation ("Model 205") (hereinafter cited as "MAR").

2. To date 31 states have adopted the revised requirements; the remaining states and the District of Columbia plan to adopt the revisions prior to year-end or shortly thereafter. The NAIC gave states a strong incentive to adopt the 2006 amendment by January 1, 2010, when, during the June 2009 National Meeting, the Financial Regulation Standards and Accreditation (F) Committee voted to make adopting the amended Model Audit Rule a requirement in order for a state to remain accredited by the NAIC. States that have not adopted the amended Model Audit Rule as of January 1, 2010, will be in danger of losing their accreditation standing.

3. "Group of insurers" is defined in § 3(H) of the Model Audit Rule as those licensed insurers included in the reporting requirements of Insurance Holding Company System Regulatory Act, or a set of insurers as identified by management, for the purpose of assessing the effectiveness of internal controls over financial reporting.

4. MAR §§ 3(C), 14(B).

5. MAR § 3(C).

6. MAR § 14(G).

7. See Implementation Guide at G-11 through G-12, available at http://www.naic.org/documents/committees_e_naic_aicpa_implementation_guide_exposed-Final_0314.pdf.

8. MAR §§ 3(C), 14(B), 14(E).

9. MAR § 14(E). Notice must be made to the state insurance commissioner before the issuance of the statutory audit report and must describe the basis for the election. Interestingly, changes to the election can be changed "by the insurer." If such an election is contemplated, it may be wise to utilize a joint communication from the ultimate controlling company and the subject insurer for the sake of good order. The election remains in effect for perpetuity, unless rescinded.

10. "SOX Compliant Entity" is defined as any entity that either is required to comply, or voluntarily complies, with all of the following provisions of Sarbanes-Oxley: (i) the pre-approval of audit and non-audit services of § 201, as enacted in § 10A(i) of the 1934 Act; (ii) the audit committee independence requirements of § 301, as enacted in § 10A(m)(3) of the 1934 Act; and (iii) the internal controls over financial reporting requirements of § 404, as enacted in Rule 308 of Regulation S-K. MAR § 3(M).

11. Implementation Guide at G-10.

12. Id.

13. MAR § 14(C). Please note that § 14(D) of the Model Audit Rule explicitly directs state insurance commissioners, in determining the independence of Audit Committee members, to refer to the rule implementing § 10A(m)(1) of the 1934 Act (added by § 301 of Sarbanes-Oxley and requiring the SEC to direct the national securities exchanges and the national securities associations to prohibit the listing of any security of an issuer that is not in compliance with several enumerated standards regarding issuer audit committees, which include independence standards referencing specified criteria). See Standards Relating to Listed Company Audit Committees, Securities Act Release No. 8820, Exchange Act Release No. 47,654, Investment Company Act Release No. 26,001 (Apr. 10, 2003).

14. MAR § 14(C).

15. MAR § 14(A).

16. MAR § 7(J).

17. Section 14(F) of the Model Audit Rule refers to SAS No. 61, Communications With Audit Committees, or its replacement. SAS No. 61 was superseded by SAS No. 114 effective for audits of financial statements for periods beginning on or after December 15, 2006 (generally 2007 calendar year-end audits). New SAS No. 114 establishes standards for matters required to be communicated by the auditor, the form and timing of that communication, and the person or entity to whom the matters should be communicated.

18. MAR § 14(G) Note A; see also Implementation Guide at G-13, available at http://www.naic.org/documents/committees_e_naic_aicpa_implementation_guide_exposed-Final_0314.pdf (providing guidance on the meaning of the phrase "RBC level event").

19. MAR § 14.

20. See Regulation S-X Rule 2-01(c)(6), 17 C.F.R. § 210.2-01(c)(6).

21. Prior to the revisions to the Model Audit Rule, rules of the American Institute of Certified Public Accountants ("AICPA") required a seven-year lead partner rotation with only a two-year cooling off period. The Implementation Guide provides guidance for transitioning partners. See Implementation Guide at G-4 through G-9, available at http://www.naic.org/documents/committees_e_naic_aicpa_implementation_guide_exposed-Final_0314.pdf.

22. See Implementation Guide at G-7.

23. See Implementation Guide at G-4.

24. See Regulation S-X Rule 2-01(c)(4), 17 C.F.R. § 210.2-01(c)(4).

25. MAR § 7(G)(2).

26. At the NAIC 2009 Fall National Meeting, the NAIC/AICPA (E) Working Group discussed what types of services would be considered bookkeeping services and could not be performed by the independent certified public accountant under the Model Audit Rule. Members agreed that production of annual statements would be considered a bookkeeping service, but that drafting the Audited Statutory Financial Statements would not be considered a bookkeeping service so long as proper controls are in place. See NAIC 2009 Fall National Meeting Summary Reports, available at http://www.naic.org/meetings0909/summaries.htm.

27. An accountant's actuary may issue an actuarial opinion or certification of an insurer's reserves if the following conditions have been met: (i) neither the accountant nor the accountant's actuary has performed any management functions or made any management decisions; (ii) the insurer has competent personnel (or engages a third-party actuary) to estimate the reserves for which management takes responsibility; and (iii) the accountant's actuary tests the reasonableness of the reserves after the insurer's management has determined the amount of the reserves. MAR § 7(G)(1)(d).

28. Section 7(G) of the revised Model Audit Rule explicitly urges state insurance commissioners to bear in mind that uniformity among the states is essential in this matter and directs state insurance commissioners, in determining whether a non-audit service is permissible, to use the guidance provided by the SEC in its release adopting rules that strengthened auditor independence requirements. See Strengthening the Commission's Requirements Regarding Auditor Independence, Securities Act Release No. 8183, Exchange Act Release No. 47,265, Public Utility Holding Company Act Release No. 27,642, Investment Company Act Release No. 25,915, Investment Advisers Act Release No. 2103 (Mar. 27, 2003).

29. MAR § 7(H).

30. See Regulation S-X Rule 2-01(c)(7), 17 C.F.R. § 210.2-01(c)(7).

31. See footnote 10 above for the definition of "SOX Compliant Entity."

32. See Regulation S-X Rule 2-01(c)(2), 17 C.F.R. § 210.2-01(c)(2).

33. See Final Rule: Improper Influence on Conduct of Audits, Exchange Act Release No. 47,890, Investment Co. Act Release No. 26,050 (May 20, 2003) (implementing § 303(a) of the 1934 Act).

34. The SEC explains that "improperly influencing" includes coercing, manipulating, misleading, or fraudulently influencing. Id.

35. See Final Rule: Management's Report on Internal Control Over Financial Reporting and Certification of Disclosure in Exchange Act Periodic Report, Securities Act Release No. 8283, Exchange Act Release No. 47,986, Investment Co. Act Release No. 26,068 (June 5, 2003).

36. See Implementation Guide at G-13, available at http://www.naic.org/documents/committees_e_naic_aicpa_implementation_guide_exposed-Final_0314.pdf (providing guidance on the meaning of the phrase "RBC level event").

37. MAR § 17(G).

38. See Implementation Guide at G-14.

39. See Implementation Guide at G-15.

40. See NAIC 2009 Fall National Meeting materials for NAIC/AICPA (E) Working Group, available at http://www.naic.org/documents/committees_e_naic_aicpa_wg_0909_materials.pdf.

41. See Implementation Guide at G-14

© 2009 Sutherland Asbill & Brennan LLP. All Rights Reserved.

This article is for informational purposes and is not intended to constitute legal advice.