806 Ky. Admin. Regs. 3:170

Current through Register Vol. 51, No. 6, December 1, 2024
Section 806 KAR 3:170 - Annual audited financial reports

RELATES TO: KRS 304.1-040, 304.1-050, 304.2-065, 304.2-210-304.2-290, 304.3-120, 304.3-125, 304.3-240, 304.3-241, 304.17A-820, 304.32-210, 304.35-040, 304.36-140, 304.37-010, 304.37-020, 304.42-150, 304.45-030, 304.45-040, 304.48-110, 304.49-070(2), 304.49-080, 304.49-090, 304.50-060, 304.50-075, 18 U.S.C. Chapter 96, Pub. L. 107-204

NECESSITY, FUNCTION, AND CONFORMITY: KRS 304.2-110 authorizes the Commissioner of the Department of Insurance to promulgate administrative regulations necessary for or as an aid to the effectuation of any provision of the Kentucky Insurance Code as established in KRS 304.1-010. KRS 304.3-240 authorizes the commissioner to promulgate administrative regulations concerning the publication of financial statements. KRS 304.49-170 authorizes the commissioner to promulgate administrative regulations relating to captive insurance companies that are necessary to enable the commissioner to carry out the provisions of KRS 304.49-010 through 304.49-230. This administrative regulation establishes requirements concerning the annual filing of audited financial reports by insurers.

Section 1. Definitions.
(1) "Accountant" means:
(a) An independent certified public accountant or accounting firm in good standing with the American Institute of Certified Public Accountants and in all states in which the accountant is licensed to practice;
(b) For Canadian and British insurers, a Canadian-chartered or British-chartered accountant.
(2) "Affiliate" or "affiliated" is defined by KRS 304.37-010(4).
(3) "Audit committee" means a committee, or equivalent body, established by the board of directors of an entity for the purpose of overseeing the accounting and financial reporting processes of an insurer or group of insurers, the internal audit function of an insurer of group of insurers, if applicable, and external audits of financial statements of the insurer or group of insurers.
(4) "Audited financial report" means a report consisting of those items established in Section 4 of this administrative regulation.
(5) "Commissioner" is defined by KRS 304.1-050(1).
(6) "Control" is defined by KRS 304.37-010(3).
(7) "Department" is defined in KRS 304.1-050(2).
(8) "Group of insurers" means those licensed insurers included in the reporting requirements of KRS 304.37-020, or a set of insurers as identified by management, for the purpose of assessing the effectiveness of internal control over financial reporting.
(9) "Insurer" is defined by KRS 304.1-040.
(10) "Internal audit function" means a person who provides independent objective and reasonable assurance designed to add value and improve an organization's operations and accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes."
(11) "Internal control over financial reporting" means a process affected by an entity's board of directors, management, and other personnel designed to provide reasonable assurance regarding the reliability of the financial statements and includes those policies and procedures that:
(a) Pertain to the maintenance of records that, in reasonable detail, accurately and fairly reflect the transactions and dispositions of assets;
(b) Provide reasonable assurance that transactions are recorded as necessary to permit preparation of the financial statements and that receipts and expenditures are being made only in accordance with authorizations of management and directors; and
(c) Provide reasonable assurance regarding prevention or timely detection of unauthorized acquisition, use, or disposition of assets that could have a material effect on the financial statements.
(12) "SEC" means the United States Securities and Exchange Commission.
(13) "Section 404" means Section 404 of the Sarbanes-Oxley Act of 2002, Pub. L. 107-204, and the SEC's rules and regulations promulgated under Section 404.
(14) "Section 404 Report" means management's report on "internal control over financial reporting" as defined by the SEC at 17 C.F.R. 240.13a-15(f) and the related attestation report of the accountant.
(15) "SOX compliant entity" means an entity that either is required to be compliant with, or voluntarily is compliant with, all of the following provisions of the Sarbanes-Oxley Act of 2002, Pub. L. 107-204 :
(a) The preapproval requirements of Section 202;
(b) The audit committee independence requirements of Section 301; and
(c) The internal control over financial reporting requirements of Section 404.
(16) "Work papers" mean the records kept by the accountant of the procedures followed, the tests performed, the information obtained, and the conclusions reached pertinent to the accountant's audit of the financial statements of an insurer. Work papers can include audit planning documentation, work programs, analyses, memoranda, letters of confirmation and representation, abstracts of insurer documents, and schedules or commentaries prepared or obtained by the accountant in the course of the accountant's audit of the financial statements of an insurer and that support the accountant's opinion of the financial statements of an insurer.
Section 2. Purpose and Scope.
(1) This administrative regulation shall be to improve the department's surveillance of the financial condition of insurers by requiring:
(a) An annual audit of financial statements reporting the financial position and the results of operations of insurers by accountants;
(b) Communication of internal control related matters noted in an audit; and
(c) Management's report of internal control over financial reporting.
(2) Except as established in paragraph (a) of this subsection, every insurer shall be subject to this administrative regulation.
(a) Unless the commissioner makes a specific finding that compliance is necessary for the department to carry out its statutory responsibilities, an insurer shall be exempt during years in which the following conditions exist. The insurer has, at the end of the calendar year:
1. Direct premiums written in this state of less than $1,000,000; and
2. Less than 1,000 policyholders or certificate holders of direct written policies nationwide.
(b) An insurer with assumed premiums of $1,000,000 or more pursuant to contracts or treaties of reinsurance shall not be exempt from this administrative regulation.
(3) A foreign or alien insurer filing the audited financial report in another state, pursuant to the other state's requirement for filing an audited financial report, which has been found by the commissioner to be substantially similar to the requirements of this administrative regulation, shall be exempt from this administrative regulation if:
(a) The following documents, which are filed with the other state, are filed with the commissioner in accordance with Sections 4, 10, and 11 of this administrative regulation:
1. A copy of the audited financial report;
2. Communication of internal control related matters noted in an audit; and
3. The accountant's letter of qualifications. Canadian insurers may submit accountants' reports as filed with the Office of Superintendent of Financial Institutions, Canada; and
(b) A copy of any notification of adverse financial condition report filed with the other state is filed with the commissioner within the time established in Section 9 of this administrative regulation.
(4) A foreign or alien insurer required to file management's report of internal control over financial reporting in another state shall be exempt from filing the report in this state if:
(a) The other state has substantially similar reporting requirements; and
(b) The report is filed with the commissioner of the other state within the other state's required time.
(5) This administrative regulation shall not prohibit, preclude, or in any way limit the commissioner from ordering, conducting, or performing examinations of insurers under KRS 304.2-210 through 304.2-290 through 304.2-300, 304.17A-820, 304.32-210, 304.35-040, 304.36-140, 304.42-150, 304.48-110, 304.49-080, or 304.50-075.
Section 3. General Requirements Related to Filing and Extensions for Filing of Annual Audited Financial Reports and Audit Committee Appointment.
(1) All insurers shall have an annual audit by an accountant and shall file an audited financial report with the commissioner on or before June 1 for the year ended December 31 immediately preceding. The commissioner may, based on whether or not the company is determined to be in a "hazardous condition" pursuant to KRS 304.2-065, require an insurer to file an audited financial report earlier than June 1 with ninety (90) days advance notice to the insurer.
(2) Extensions of the June 1 filing date may be granted by the commissioner for thirty (30) day periods upon showing by the insurer and its accountant the reasons for requesting the extension and determination by the commissioner of good cause for an extension. The request for extension shall be submitted in writing not less than ten (10) days prior to the due date and contain sufficient detail to permit the commissioner to make an informed decision as to the requested extension.
(3) If an extension is granted in accordance with subsection (2) of this section, a similar extension of thirty (30) days shall be granted to the filing of management's report of internal control over financial reporting.
(4) Every insurer required to file an annual audited financial report pursuant to this administrative regulation shall designate a group of individuals as constituting its audit committee. The audit committee of an entity that controls an insurer may be deemed to be the insurer's audit committee for purposes of this administrative regulation at the election of the controlling person.
Section 4. Contents of Annual Audited Financial Report.
(1) The annual audited financial report shall report the financial condition of the insurer as of the end of the most recent calendar year and the results of its operations, cash flows, and changes in capital and surplus for the year then ended in conformity with statutory accounting practices established, or otherwise permitted, by the insurance supervisory authority of the insurer's state of domicile.
(2) The annual audited financial report shall include the:
(a) Report of the accountant;
(b) Balance sheet for reporting admitted assets, liabilities, capital, and surplus;
(c) Statement of operations;
(d) Statement of cash flows;
(e) Statement of changes in capital and surplus;
(f) Notes to financial statements as required by KRS 304.3-240 in accordance with KRS 304.3-241. These notes shall also include:
1. A reconciliation of differences, if any, between the audited statutory financial statements and the annual statement filed pursuant to KRS 304.3-240 with a written description of the nature of these differences; and
2. A summary of ownership and relationships of the insurer and all affiliated companies; and
(g) The financial statements included in the audited financial report shall be:
1. Prepared in a form and using language and groupings substantially the same as the relevant sections of the annual statement of the insurer filed with the commissioner; and
2. Comparative, presenting the amounts as of December 31 of the current year and the amounts as of the immediately preceding December 31. In the first year in which an insurer is required to file an audited financial report, the comparative data may be omitted. The annual statement forms and instructions shall be those established by the National Association of Insurance Commissioners as required by KRS 304.3-240.
Section 5. Designation of Accountant.
(1) Each insurer required by this administrative regulation to file an annual audited financial report shall, within sixty (60) days after becoming subject to this requirement, register with the commissioner in writing the name and address of the accountant or accounting firm retained to conduct the annual audit required by this administrative regulation.
(2) The insurer shall obtain a letter from the accountant and file a copy with the commissioner, stating that the accountant is aware of the provisions of the insurance laws of the insurer's state of domicile that relate to accounting and financial matters and affirming that the accountant shall express the accountant's opinion on the financial statements in terms of their conformity to the statutory accounting practices established or otherwise permitted by the insurance regulatory authority in that state, stating any exceptions as the accountant believes appropriate.
(3) If an accountant who was the accountant for the immediately preceding filed audited financial report is dismissed or resigns the insurer shall:
(a) Within five (5) business days notify the commissioner of this event;
(b) Submit to the commissioner, a separate letter within ten (10) business days of the notification established in paragraph (a) of this subsection, if stating in the twenty-four (24) months preceding the accountant's resignation, there were any disagreements with the former accountant that, if not resolved to the satisfaction of the former accountant, would cause the accountant to make reference to the subject matter of the disagreement in connection with the opinion. These shall include disagreements:
1. Concerning accounting principles, financial statement disclosure, or auditing scope or procedure;
2. That have been resolved to the former accountant's satisfaction and those not so resolved; and
3. That occur at the decision-making level, that is, between personnel of the insurer responsible for presentation of its financial statements and personnel for the accounting firm responsible for rendering its report;
(c) Request the former accountant to submit a letter addressed to the insurer stating whether or not the accountant agrees with the statements contained in the insurer's letter, and, if not, stating the reasons for which the accountant does not agree; and
(d) Submit the responsive letter from the former accountant to the commissioner together with its own.
Section 6. Qualifications of Accountant.
(1) The commissioner shall not recognize any person or firm as a qualified accountant if the person or firm:
(a) Is not in good standing with the American Institute of Certified Public Accountants and in all states in which the accountant is licensed to practice, or, for a Canadian or British insurer, that is not a chartered accountant; or
(b) Has either directly or indirectly entered into an agreement of indemnity or release from liability with respect to the audit of the insurer.
(2) Except as otherwise established in this administrative regulation, an accountant shall be recognized as qualified if the accountant conforms to the standards of the accounting profession, as contained in the statutes, administrative regulations, and codes of ethics and rules of professional conduct administered by the State Board of Accountancy of Kentucky in accordance with KRS Chapter 325 and 201 KAR Chapter 1.
(3) The lead or coordinating audit partner having primary responsibility for the audit shall not act in that capacity for more than five (5) consecutive years. After five (5) consecutive years, the person shall be disqualified from acting in that or a similar capacity for the same insurer or its insurance subsidiaries or affiliates for a period of five (5) years.
(a) An insurer may make application to the commissioner for relief from this rotation requirement on the basis of undue hardship. Application shall be made at least thirty (30) days before the end of the calendar year. The commissioner shall consider the following factors in determining if the relief should be granted:
1. Number of partners, expertise of the partners, or the number of insurance clients in the currently registered firm;
2. Premium volume of the insurer; or
3. Number of jurisdictions in which the insurer transacts business.
(b) The insurer shall file with its annual statement filing the approval for relief from paragraph (a)1 of this subsection with the states that it is licensed in or doing business in and with the National Association of Insurance Commissioners. If the nondomestic state accepts electronic filing with the National Association of Insurance Commissioners, the insurer shall file the approval in an electronic format acceptable to the National Association of Insurance Commissioners via the Web site, https://www2.naic.org/servlet/Index.
(c) The commissioner shall not recognize as a qualified accountant, nor accept any annual audited financial report, prepared in whole or in part by any natural person who:
1. Has been convicted of fraud, bribery, or a conviction of the Racketeer Influenced and Corrupt Organizations Act, 18 U.S.C. Chapter 96;
2. Has been found to have violated the insurance laws of this state with respect to any previous reports submitted under this administrative regulation; or
3. Has demonstrated a pattern or practice of failing to detect or disclose material information in previous reports filed under this administrative regulation.
(4) If an insurer disagrees with a determination made by the commissioner pursuant to subsection (3) of this section, it may request a hearing in accordance with KRS 304.2-310.
(5)
(a) The commissioner shall not recognize as a qualified accountant, nor accept an annual audited financial report prepared in whole or in part by an accountant who provides to an insurer, contemporaneously with the audit, the following nonaudit services:
1. Bookkeeping or other services related to the accounting records or financial statements of the insurer;
2. Financial information systems design and implementation;
3. Appraisal or valuation services, fairness opinions, or contribution-in-kind reports;
4. Actuarially-oriented advisory services involving the determination of amounts recorded in the financial statements. The accountant may assist an insurer in understanding the methods, assumptions, and inputs used in the determination of amounts recorded in the financial statement only if it is reasonable to conclude that the services provided will not be subject to audit procedures during an audit of the insurer's financial statements. An accountant's actuary may also issue an actuarial opinion or certification on an insurer's reserves if:
a. Neither the accountant nor the accountant's actuary has performed any management functions or made any management decisions;
b. The insurer has competent personnel or engages a third party actuary to estimate the reserves for which management takes responsibility; and
c. The accountant's actuary tests the reasonableness of the reserves after the insurer's management has determined the amount of the reserves;
5. Internal audit outsourcing services;
6. Management functions or human resources;
7. Broker or dealer, investment adviser, or investment banking services; or
8. Legal services or expert services unrelated to the audit.
(b) A qualified independent public accountant shall not:
1. Function in the role of management;
2. Audit his or her own work; and
3. Serve in an advocacy role for the insurer.
(6)
(a) An insurer having direct written and assumed premium of less than $100,000,000 in any calendar year may request an exemption from subsection (5)(a) of this section.
(b) To request an exemption, the insurer shall file with the commissioner a written statement discussing the reasons why the insurer should be exempt from these provisions.
(c) If requested and if the commissioner finds, upon review of this statement, that compliance with this administrative regulation would constitute an organizational hardship upon the insurer, an exemption shall be granted.
(7) A qualified accountant who performs the audit may engage in other nonaudit services, including tax services, that are not established in subsection (5)(a) of this section or that do not conflict with subsection (5)(b) of this section, only if the activity is approved in advance by the audit committee in accordance with subsection (8) of this section.
(8)
(a) All auditing services and nonaudit services provided to an insurer by the qualified accountant of the insurer shall be preapproved by the audit committee.
(b) The preapproval requirement shall be waived with respect to nonaudit services if:
1. The insurer is a SOX compliant entity or a direct or indirect wholly-owned subsidiary of a SOX compliant entity; or
2.
a. The aggregate amount of all non-audit services provided to the insurer constitutes not more than five (5) percent of the total amount of fees paid by the insurer to its qualified accountant during the fiscal year in which the nonaudit services are provided;
b. The services were not recognized by the insurer at the time of the engagement to be nonaudit services; and
c. The services are brought to the attention of the audit committee and approved prior to the completion of the audit by the audit committee or by one (1) or more members of the audit committee who are the members of the board of directors to whom authority to grant approvals has been delegated by the audit committee.
(9) The audit committee may delegate to one (1) or more designated members of the audit committee the authority to grant the preapprovals required by subsection (8) of this section. The decisions of any member to whom this authority is delegated shall be presented to the full audit committee at each of its scheduled meetings.
(10)
(a)
1. The commissioner shall not recognize an accountant as qualified for a particular insurer if the following were employed by the accountant and participated in the audit of that insurer during the one (1) year period preceding the date that the most current statutory opinion is due:
a. A member of the board;
b. President;
c. Chief executive officer;
d. Controller;
e. Chief financial officer;
f. Chief accounting officer; or
g. Any person serving in an equivalent position for that insurer.
2. This subsection shall only apply to partners and senior managers involved in the audit.
3. An insurer may make application to the commissioner for relief from the requirements established in this subsection on the basis of undue hardship.
(b) The insurer shall file, with its annual statement filing, the approval for relief from paragraph (a) of this subsection with the states that it is licensed in or doing business in and the National Association of Insurance Commissioners. If the nondomestic state accepts electronic filing with the National Association of Insurance Commissioners, the insurer shall file the approval in an electronic format acceptable to the National Association of Insurance Commissioners via the Web site, https://www2.naic.org/servlet/Index.
Section 7. Consolidated or Combined Audits. An insurer may make written application to the commissioner for approval to file audited consolidated or combined financial statements in lieu of separate annual audited financial reports if the insurer is part of a group of insurers that utilizes a pooling or 100 percent reinsurance agreement that affects the solvency and integrity of the insurer's reserves and the insurer cedes all of its direct and assumed business to the pool. In these cases, a columnar consolidating or combining worksheet shall be filed with the report, as established in subsections (1) through (5) of this section.
(1) Amounts shown on the consolidated or combined audited financial report shall be shown on the worksheet.
(2) Amounts for each insurer subject to this section shall be stated separately.
(3) Noninsurance operations may be shown on the worksheet or a combined or individual basis.
(4) Explanations of consolidating and eliminating entries shall be included.
(5) A reconciliation shall be included of any differences between the amounts shown in the individual insurer columns of the worksheet and comparable amounts shown in the annual statements of the insurers.
Section 8. Scope of Examination and Report of Accountant.
(1) Financial statements submitted pursuant to Section 4 of this administrative regulation shall be examined by the accountant.
(2) The examination of the insurer's financial statements shall be conducted in accordance with generally accepted auditing standards.
(3) In accordance with SAS No. 109, Understanding the Entity and Its Environment and Assessing the Risks of Material Misstatement and SAS No. 110, Performing Audit Procedures in Response to Assessed Risks and Evaluating the Audit Evidence Obtained, the accountant shall obtain an understanding of internal control sufficient to plan the audit.
(4) To the extent required by SAS 109 and SAS 110, for those insurers required to file a management's report of internal control over financial reporting pursuant to Section 2 of this administrative regulation, the accountant shall consider the most recently available report in planning and performing the audit of the statutory financial statements.
(5) Consideration shall also be given to other procedures illustrated in the Financial Condition Examiner's Handbook of the National Association of Insurance Commissioners that the accountant deems necessary.
Section 9. Notification of Adverse Financial Condition.
(1)
(a) The insurer required to submit the annual audited financial report shall require the accountant to report, in writing, within five (5) business days to the board of directors or its audit committee any determination by the accountant that the insurer has materially misstated its financial condition as reported to the commissioner as of the balance sheet date currently under examination or that the insurer does not meet the minimum capital and surplus requirements of KRS 304.3-120 and 304.3-125 as of that date.
(b) An insurer that has received a report pursuant to this subsection shall forward a copy of the report to the commissioner within five (5) business days of receipt of the report and shall provide the accountant making the report with evidence of this report being submitted to the commissioner.
(c) If the accountant fails to receive this evidence within the required five (5) business day period, the accountant shall submit to the commissioner a copy of its report within the next five (5) business days.
(2) An accountant shall not be liable in any manner to any person for any statement made in connection with subsection (1) of this section if the statement is made in good faith in compliance with subsection (1) of this section.
(3) If the accountant, subsequent to the date of the audited financial report filed pursuant to this administrative regulation, becomes aware of facts that might have affected his report, the commissioner shall note the obligation of the accountant to take the action established in Volume 1, Section AU 561 of the Professional Standards of the American Institute of Certified Public Accountants.
Section 10. Communication of Internal Control Related Matters Noted in an Audit.
(1)
(a) In addition to the annual audited financial statements, each insurer shall submit to the commissioner a written communication as to any unremediated material weakness in its internal control over financial reporting noted during the audit.
(b) The communication shall be prepared by the accountant within sixty (60) days after the filing of the annual audited financial report and shall contain a description of any unremediated material weaknesses as of December 31 immediately preceding in the insurer's internal control over financial reporting noted by the accountant during the course of the accountant's audit of the financial statements.
(c) If unremediated material weaknesses were not noted, the communication shall state that none were found.
(2) If the action is not included in the accountant's communication, an insurer shall provide a description of remedial actions taken or proposed to correct unremediated material weaknesses.
Section 11. Accountant's Letter of Qualifications. The accountant shall submit to the insurer in connection with, and for inclusion in, the filing of the annual audited financial report, a letter stating:
(1) That the accountant is independent with respect to the insurer and conforms to the standards of the accountant's profession as contained in statutes, administrative regulations, and rules of professional conduct of the State Board of Accountancy of Kentucky set forth in KRS Chapter 325 and 201 KAR Chapter 1;
(2) The background and experience in general, and the experience in audits of insurers of the staff assigned to the engagement and whether or not each is an accountant. This administrative regulation shall not prohibit the accountant from utilizing staff as the accountant deems appropriate if use is consistent with the standards established by generally accepted auditing standards;
(3) That the accountant understands the annual audited financial report, that the accountant's opinion on it shall be filed in compliance with this administrative regulation, and that the commissioner will be relying on this information in monitoring the financial position of insurers;
(4) That the accountant consents to the requirements of Section 12 of this administrative regulation and that the accountant consents and agrees to make the work papers available for review by the commissioner, the commissioner's designee, or the commissioner's appointed agent;
(5) That the accountant is properly licensed by an appropriate state licensing authority and is a member in good standing of the American Institute of Certified Public Accountants; and
(6) That the accountant is in compliance with the requirements of Section 6 of this administrative regulation.
Section 12. Availability and Maintenance of Accountant Work Papers.
(1) Every insurer required to file an audited financial report pursuant to this administrative regulation shall require the accountant to make available for review by department examiners all work papers prepared in the conduct of the accountant's audit and any communications related to the audit between the accountant and the insurer, at the offices of the insurer, at the department, or any other reasonable place designated by the commissioner. The insurer shall require that the accountant retain the audit work papers and communications until the department has filed a report on examination covering the period of the audit, but no longer than seven (7) years from the date of the audit report.
(2) In the conduct of the periodic review by department examiners established in subsection (1) of this section, it shall be agreed that photocopies of pertinent audit work papers may be made and retained by the department. Reviews by the department examiners shall be considered investigations, and all working papers and communications obtained during the course of shall be afforded the same confidentiality as other examination work papers generated by the department.
Section 13. Requirements for Audit Committees. This section shall not apply to foreign or alien insurers licensed in this state or an insurer that is a SOX compliant entity or a direct or indirect wholly-owned subsidiary of a SOX compliant entity.
(1) The audit committee shall be directly responsible for the appointment, compensation, and oversight of the work of any accountant, including resolution of disagreements between management and the accountant regarding financial reporting, for the purpose of preparing or issuing the audited financial report or related work pursuant to this administrative regulation. Each accountant shall report directly to the audit committee.
(2)
(a) The audit committee of an insurer or group of insurers shall be responsible for supervising the insurer's internal audit function and granting the person performing the function suitable authority and resources to fulfill the responsibilities if required by Section 14 of this administrative regulation.
(b) If an audit committee is not designated by the insurer, the insurer's entire board of directors shall constitute the audit committee.
(3) Each member of the audit committee shall be a member of the board of directors of the insurer or a member of the board of directors of an entity elected pursuant to subsection (6) of this section and section 3(4) of this administrative regulation.
(4)
(a) Except as established in paragraph (b) of this subsection, a member of the audit committee shall not, other than in his or her capacity as a member of the audit committee, the board of directors, or any other board committee;
1. Accept any consulting advisory or other compensatory fee from the entity; or
2. Be an affiliated person of the entity or any subsidiary.
(b) If the law requires board participation by otherwise nonindependent members, that law shall prevail and the members may participate in the audit committee and be designated as independent for audit committee purposes, unless the member is an officer or employee of the insurer or one (1) of its affiliates.
(5) If a member of the audit committee ceases to be independent for reasons outside the member's reasonable control, that person, with notice by the responsible entity to the state, may remain an audit committee member of the responsible entity until the earlier of:
(a) The next annual meeting of the responsible entity; or
(b) One (1) year from the occurrence of the event that caused the member to be no longer independent.
(6)
(a) At the election of the controlling person, the audit committee of any entity that controls a group of insurers may be deemed to be the audit committee for one (1) or more of these controlled insurers solely for the purposes of this administration regulation.
(b) To exercise the election of the controlling person to designate the audit committee for purposes of this administrative regulation, the ultimate controlling person shall provide written notice to the commissioners of the affected insurers.
(c) Notification shall be made timely prior to the issuance of the statutory audit report and shall include a description of the basis for the election.
(d) The election can be changed through notice to the commissioner by the insurer which shall include a description of the basis for the change.
(e) The election shall remain in effect for perpetuity, until rescinded.
(7)
(a) The audit committee shall require the accountant that performs for an insurer any audit required by this administrative regulation to timely report to the audit committee in accordance with the requirements of SAS 114, The Auditor's Communication With Those Charged With Governance, or its replacement, including:
1. All significant accounting policies and material permitted practices;
2. All material alternative treatments of financial information within statutory accounting principles that have been discussed with management officials of the insurer, ramifications of the use of the alternative disclosures and treatments, and the treatment preferred by the accountant; and
3. Other material written communications between the accountant and the management of the insurer, including any management letter or schedule of unadjusted differences.
(b)
1. If an insurer is a member of an insurance holding company system, the reports required by paragraph (a) of this subsection may be provided to the audit committee on an aggregate basis for insurers in the holding company system.
2. Any substantial differences among insurers in the system shall be identified to the audit committee.
(8)
(a) Except as established in paragraph (b) of this subsection, the proportion of independent audit committee members shall meet or exceed the following criteria:
1. For prior calendar year direct written and assumed premiums between $0 and $300,000,000, no minimum requirements;
2. For prior calendar year direct written and assumed premiums over $300,000,000 to $500,000,000, fifty (50) percent or more of members shall be independent; and
3. For prior calendar year direct written and assumed premiums over $500,000,000; seventy-five (75) percent of members shall be independent.
(b) The commissioner may require the audit committee's board to enact improvements to the independence of the audit committee membership if the insurer:
1. Is in a risk-based capital action level in accordance with 806 KAR 3:190; or
2. Meets one (1) or more of the standards of an insurer deemed to be in "hazardous financial condition", as established in KRS 304.2-065, or otherwise exhibits qualities of a "troubled insurer", as established in KRS 304.3-625.
(c) An insurer with less than $500,000,000 in prior year direct written and assumed premiums may structure its audit committee with at least a supermajority of independent audit committee members.
(d) For purposes of subsection (7)(a) of this section, prior calendar year direct written and assumed premiums shall be the combined total of direct premiums and assumed premiums from nonaffiliates for the reporting entities.
(9)
(a) An insurer with direct written and assumed premium, excluding premiums reinsured with the Federal Crop Insurance Corporation and National Flood Insurance Program, less than $500,000,000 may make application to the commissioner for a waiver from the requirements of this section based upon hardship.
(b) The insurer shall file, with its annual statement filing, the approval for relief from this section with the states that it is licensed in or doing business in and the National Association of Insurance Commissioners.
(c) If the nondomestic state accepts electronic filing with the National Association of Insurance Commissioners, the insurer shall file the approval in an electronic format acceptable to the National Association of Insurance Commissioners, via the Web site, https://www2.naic.org/servlet/Index.
Section 14. Internal Audit Function Requirements.
(1) An insurer shall be exempt from the requirements of this section if the insurer:
(a) Has annual direct written and unaffiliated assumed premium, including international direct and assumed premium but excluding premiums reinsured with the Federal Crop Insurance Corporation and National Flood Insurance Program, less than $500,000,000; or
(b) Is a member of a group of insurers that has annual direct written and unaffiliated assumed premium including international direct and assumed premium, but excluding premiums reinsured with the Federal Crop Insurance Corporation and National Flood Insurance Program, less than $1,000,000,000.
(2) The insurer or group of insurers shall establish an internal audit function providing independent, objective, and reasonable assurance to the audit committee and insurer management regarding the insurer's governance, risk management, and internal controls. This assurance shall be provided by:
(a) Performing general and specific audits, reviews, and tests; and
(b) Employing other techniques deemed necessary to protect assets, evaluate control effectiveness and efficiency, and evaluate compliance with policies and KAR Title 806.
(3) In order to ensure that internal auditors remain objective, the internal audit function shall be organizationally independent.
(a) The internal audit function shall:
1. Not defer ultimate judgment on audit matters to others; and
2. Appoint an individual to head the internal audit function who shall have direct and unrestricted access to the board of directors.
(b) Organization independence shall not preclude dual-reporting relationships.
(4) The head of the internal audit function shall report to the audit committee regularly, but no less than annually, on:
(a) The periodic audit plan;
(b) Factors that could adversely impact the internal audit function's independence or effectiveness;
(c) Material findings from completed audits; and
(d) The appropriateness of corrective actions implemented by management as a result of audit findings.
(5) If an insurer is a member of an insurance holding company system or included in a group of insurers, the insurer may satisfy the internal audit function requirements established in this section at:
(a) The ultimate controlling parent level;
(b) An intermediate holding company level; or
(c) The individual legal entity level.
Section 15. Conduct of Insurer in Connection with the Preparation of Required Reports and Documents.
(1) A director or officer of an insurer shall not, directly or indirectly:
(a) Make or cause to be made a materially false or misleading statement to an accountant in connection with any audit, review, or communication required under this administrative regulation; or
(b) Omit to state, or cause another person to omit to state, any material fact necessary in order to make statements made, in light of the circumstances under which the statements were made, not misleading to an accountant in connection with any audit, review, or communication required under this administrative regulation.
(2) An officer or director of an insurer, or any other person acting under the direction of the officer or director, shall not, directly or indirectly, take any action to coerce, manipulate, mislead, or fraudulently influence any accountant engaged in the performance of an audit pursuant to this administrative regulation if that person knew or should have known that the action, if successful, could result in rendering the insurer's financial statements materially misleading.
(3) An officer or director of an insurer, or any other person acting under the direction of the officer or director, shall not, directly or indirectly, take any of the following actions to coerce, manipulate, mislead, or fraudulently influence an accountant with respect to the professional engagement period:
(a) To issue or reissue a report on an insurer's financial statements that is not warranted in the circumstances due to material violations of statutory accounting principles as required by KRS 304.3-241, generally accepted auditing standards, or other professional or regulatory standards;
(b) Not to perform audit, review, or other procedures required by generally accepted auditing standards or other professional standards;
(c) Not to withdraw an issued report; or
(d) Not to communicate matters to an insurer's audit committee.
Section 16. Management's Report of Internal Control over Financial Reporting.
(1)
(a) Except as established in subsection (2) of this section, every insurer required to file an audited financial report pursuant to this administrative regulation that has annual direct written and assumed premiums, excluding premiums reinsured with the Federal Crop Insurance Corporation and National Flood Insurance Program, of $500,000,000 or more shall prepare a report of the insurer's or group of insurers' internal control over financial reporting.
(b) The report shall be filed with the commissioner along with the communication of internal control related matters noted in an audit.
(c) Management's report of internal control over financial reporting shall be as of December 31 immediately preceding.
(2) The commissioner may require an insurer to file management's report of internal control over financial reporting if the insurer:
(a) Is in any risk-based capital level event in accordance with 806 KAR 3:190; or
(b) Meets one (1) or more of the standards of an insurer deemed to be in "hazardous financial condition" in accordance with KRS 304.2-065.
(3) An insurer or a group of insurers meeting the following requirements may file its or its parent's Section 404 Report and an addendum in satisfaction of the requirements of this section if those internal controls of the insurer or group of insurers having a material impact on the preparation of the insurer's or group of insurer's audited statutory financial statements were included in the scope of the Section 404 Report:
(a) Directly subject to Section 404;
(b) Part of a holding company system whose parent is directly subject to Section 404;
(c) Not directly subject to Section 404, but is a SOX compliant entity; and
(d) A member of a holding company system whose parent is not directly subject to Section 404 but is a SOX compliant entity.
(4) Management's report of internal control over financial reporting shall include:
(a) A statement that management shall be responsible for establishing and maintaining adequate internal control over financial reporting;
(b) A statement that management has established internal control over financial reporting and an assertion, to the best of management's knowledge and belief, after diligent inquiry, as to whether or not its internal control over financial reporting is effective to provide reasonable assurance regarding the reliability of financial statements in accordance with statutory accounting principles;
(c) A statement that briefly describes the approach or processes by which management evaluated the effectiveness of internal control over financial reporting;
(d) A statement that briefly describes the scope of work that is included and whether or not any internal controls were excluded;
(e) Disclosure of any unremediated material weaknesses in the internal control over financial reporting identified by management as of December 31 immediately preceding. Management shall not conclude that the internal control over financial reporting is effective to provide reasonable assurance regarding the reliability of financial statements in accordance with statutory accounting principles if there is one (1) or more unremediated material weaknesses in its internal control over financial reporting;
(f) A statement regarding the inherent limitations of internal control systems; and
(g) Signatures of the chief executive officer and the chief financial officer.
(5) Management shall document and make available upon financial condition examination the basis upon which its assertions, required in subsection (4) of this section, are made. Management may base its assertions, in part, upon its review, monitoring, and testing of internal controls undertaken in the normal course of its activities.
(a) Management shall have discretion as to the nature of the internal control framework used, and the nature and extent of the documentation, in order to make its assertion in a cost effective manner and may include assembly of or reference to existing documentation.
(b) The following shall have one (1) year following the year the threshold is exceeded to comply with the independence requirements in Section 6 of this administrative regulation, but not earlier than January 1, 2010. An insurer or group of insurers that, pursuant to Section 13 of this administrative regulation:
1. Is not required to have independent audit committee members or is required to have only a majority of independent audit committee members because the total written and assumed premiums is below the threshold; and
2. Subsequently becomes subject to one (1) of the independence requirements due to changes in premium.
Section 17. Exemptions and Effective Dates.
(1) Upon written application of any insurer, the commissioner may grant an exemption from compliance with any or all provisions of this administrative regulation if the commissioner finds, upon review of the application, that compliance with this administrative regulation would constitute a financial or organizational hardship upon the insurer. An exemption may be granted any time and from time to time for a specified period or periods. Upon denial of an insurer's written request for an exemption from this administrative regulation, the insurer may request a hearing on its application for an exemption. The hearing process shall be pursuant to KRS 304.2-310.
(2) The requirements of this administrative regulation shall be in effect for audits of calendar years beginning January 1, 2010.
Section 18. Canadian and British Companies.
(1) In the case of Canadian and British insurers, the annual audited financial reports shall be the annual statement of total business in the manner filed by these insurers with their supervisory authority duly audited by an independent chartered accountant.
(2) For Canadian and British insurers, the letter required by Section 5 of this administrative regulation shall state that the accountant is aware of the requirements relating to the annual audited financial report filed with the commissioner pursuant to Section 3 of this administrative regulation and shall affirm that the opinion expressed is in conformity with the requirements of Section 3 of this administrative regulation.
Section 19. Incorporation by Reference.
(1) The following material is incorporated by reference:
(a) "Financial Condition Examiner's Handbook", 2020, National Association of Insurance Commissioners;
(b) AU Section 561, "Subsequent Discovery of Facts Existing at the Date of the Auditor's Report", 1996 Professional Standards of the American Institute of Certified Public Accountants;
(c) SAS 114, "The Auditors Communication with Those Charged with Governance", 2007, American Institute of Certified Public Accountants;
(d) SAS 109, "Understanding the Entity and Its Environment and Assessing the Risks of material Misstatement", 2007 American Institute of Certified Public Accountants; and
(e) SAS 110, "Performing Audit Procedures in Response to Assessed Risks and Evaluating the Audit Evidence", 2007 American Institute of Certified Public Accountants.
(2) This material may be inspected, copied, or obtained, subject to applicable copyright law, at the Kentucky Department of Insurance, 500 Mero Street, Frankfort, Kentucky 40601, Monday through Friday, 8 a.m. to 4:30 p.m.

806 KAR 3:170

18 Ky.R. 959; eff. 11-8-91; TAm eff. 8-9-2007; 35 Ky.R. 1304; 1831; 1765; eff. 3-6-2009; 37 Ky.R. 2746; 38 Ky.R. 37; eff. 9-2-2011; Crt eff. 2-26-2020; 47 Ky.R. 384, 956; eff. 2-2-2021.

STATUTORY AUTHORITY: KRS 304.2-110, 304.3-240, 304.49-140