New Mexico Register /
Volume XXXI, Issue 18 / September 29, 2020
This is an
amendment to 13.2.5 NMAC, Sections 1 through 3, 6 through 9, & 12 through
28 effective 10/1/2020.
13.2.5.1 ISSUING
AGENCY: [New Mexico Public
Regulation Commission, Division of Insurance, Post Office Box 1269, Santa Fe,
NM 87504-1269] Office of Superintendent of Insurance (“OSI”).
[7/1/97; 13.2.5.1 NMAC - Rn, 13 NMAC 2.5.1 & A, 1/1/2010; A, 10/01/2020]
13.2.5.2 SCOPE:
A. Every insurer shall be subject to this rule.
B. Insurers having direct premiums written in this state of less than $1,000,000 in any calendar year and less than 1,000 policyholders or certificate holders of direct written policies nationwide at the end of the calendar year shall be exempt from this rule for the year, unless the superintendent makes a specific finding that compliance is necessary for the superintendent to carry out statutory responsibilities.
C. Insurers
having assumed premiums pursuant to contracts [and/or] or
treaties of reinsurance of $1,000,000 or more are not exempt.
D. Foreign or alien insurers filing the audited financial report in another state, pursuant to that state’s requirement for filing of audited financial reports, which has been found by the superintendent to be substantially similar to the requirements herein, are exempt from this rule if:
(1) a
copy of the audited financial report, communication of internal control related
matters noted in an audit, and the accountant’s letter of qualifications that
are filed with the other state are filed with the superintendent in accordance
with the filing dates specified in this rule respectively [(Canadian
insurers may submit accountants’ reports as filed with the office of the
superintendent of financial institutions, Canada)]; and
(2) a copy of any notification of adverse financial condition report filed with the other state is filed with the superintendent within the time specified in this rule.
E. Foreign or alien insurers required to file management’s report of internal control over financial reporting in another state are exempt from filing the report in this state provided the other state has substantially similar reporting requirements and the report is filed with the commissioner of the other state within the time specified.
[1/1/94; 13.2.5.2 NMAC - Rn, 13 NMAC 2.5.2 & A, 1/1/2010; A, 10/01/2020]
13.2.5.3 STATUTORY
AUTHORITY: [Section] Sections
59A-2-8, 59A-2-9, and Chapter 59A Article 37 NMSA 1978 (“the
Insurance Holding Company Law”).
[1/1/94; 13.2.5.3 NMAC - Rn, 13 NMAC 2.5.3, 1/1/2010; A, 10/01/2020]
13.2.5.6 OBJECTIVE: The purpose of this rule is to [improve]
ensure robust [the New Mexico division of insurance’s]
surveillance of the financial condition of insurers by requiring: (1) an annual
audit of financial statements reporting the financial position and the results
of operations of insurers by independent certified public accountants; (2)
communication of internal control related matters noted in an audit; and (3)
management’s report of internal control over financial reporting.
[1/1/94; 13.2.5.6 NMAC - Rn, 13 NMAC 2.5.6 & A, 1/1/2010; A, 10/01/2020]
13.2.5.7 DEFINITIONS:
[A. “Accountant” or “independent certified public
accountant” means an independent certified public accountant or accounting
firm in good standing with the American institute of certified public accountants
(AICPA) and in all states in which he or she is licensed to practice; for
Canadian and British companies, it means a Canadian-chartered or
British-chartered accountant.]
[B] A. An “affiliate”
of, or person “affiliated” with, a specific person, is a person that
directly, or indirectly through one or more intermediaries, controls, or is
controlled by, or is under common control with, the person specified.
[C] B. “Audit
committee” means a committee (or equivalent body) established by the board
of directors of an entity for the purpose of overseeing the accounting
and financial reporting processes of an insurer or group of insurers, and
audits of financial statements of the insurer or group of insurers. The audit committee of any entity that
controls a group of insurers may be deemed to be the audit committee for one or
more of these controlled insurers solely for the purposes of this rule at the
election of the controlling person. If
an audit committee in not designated by [the] an [insurers]
insurer, the insurer’s entire board of directors shall constitute the
audit committee.
[D] C. “Audited
financial report” means and includes all items specified in 13.2.5.10,
13.2.5.11 and 13.2.5.12 NMAC.
[E] D. “Indemnification”
means an agreement of [indenmity] indemnity or a release from
liability where the intent or effect is to shift or limit in any manner the
potential liability of the person or firm for failure to adhere to applicable
auditing or professional standards, whether or not resulting in part from
knowing of other misrepresentations made by the insurer or its representatives.
[F] E. “Independent
[board] audit committee member” has the same meaning as
described in Subsection D of 13.2.5.16 NMAC.
F. “Independent certified public accountant”(“ICPA”) means a certified public accountant or accounting firm in good standing with the American institute of certified public accountants (“AICPA”) and in all states in which the ICPA is licensed to practice, who maintains compliance with the AICPA Independence Rule and its interpretations, including the Conceptual Framwork for Independence. For Canadian and British companies, it means a Canadian-charted or British-charted accountant.
G. “Insurer” means an authorized insurer, an eligible surplus lines insurer, and a registered risk retention group, unless the context clearly indicates otherwise.
H. “Group
of insurers” means those licensed insurers included in the reporting
requirements of [NMSA 1978, Article 37,] the Insurance Holding
Company Law or a set of insurers as identified by management, for the
purpose of assessing the effectiveness of internal control over financial
reporting.
I. “Internal audit
function” means a person or persons who provide independent, objective and
reasonable assurance designed to add value and improve an organization’s
operations and accomplish its objectives through a systemic, disciplined
approach to evaluate and improve the effectiveness of risk management, control
and governance processes.
[I] J. “Internal
control over financial reporting” means a process effected by an entity’s
board of directors, management and other personnel designed to provide
reasonable assurance regarding the reliability of the financial statements,
i.e., those items specified in [Subsections A and B of] 13.2.5.22] 13.2.5.23
NMAC [of this rule] and includes those policies and procedures that:
(1) pertain to the maintenance of records that, in reasonable detail, accurately and fairly reflect the transactions and dispositions of assets;
(2) provide
reasonable assurance that transactions are recorded as necessary to permit
preparation of the financial statements, i.e., those items specified in Subsections
A and B of 13.2.5.22 NMAC [of this rule] and that receipts and
expenditures are being made only in accordance with authorizations of
management and directors; and
(3) provide reasonable assurance
regarding prevention or timely detection of authorized acquisition, use or
disposition of assets that could have a material effect on the financial
statements, i.e., those items specified in [Subsections A and B of 13.2.5.22]
13.2.5.23 NMAC [of this rule].
K. “NAIC”
means the national association of insurance commissioners.
[J] L. “SEC” means the united states
securities and exchange commission.
[K] M. “Section
404” means Section 404 of the Sarbanes-Oxley Act of 2002 and the SEC’s
rules and regulations promulgated thereunder.
[L] N. “Section 404 report” means
management’s report on “internal control over financial reporting” as defined
by the SEC and the related attestation report of the independent certified
public accountant.
[M] O. “SOX [complaint] compliant entity” means an
entity that either is required to be compliant with, or voluntarily is
compliant with, all of the following provisions of the Sarbanes-Oxley Act of
2002:
(1) the preapproval requirements of Section 201 (Section 10A(i) of the Securities Exchange Act of 1934);
(2) the audit committee independence requirements of Section 301 (Section 10A (m)(3) of the Securities Exchange Act of 1934); and
(3) the internal control over financial reporting requirements of Section 404 (item 308 of SEC regulation S-K).
[1/1/94; 13.2.5.7 NMAC - Rn, 13 NMAC 2.5.7 & A, 1/1/2010; A, 10/01/2020]
13.2.5.8 CONFLICT
WITH OTHER PROVISIONS: This rule
shall not prohibit, preclude or in any way limit the superintendent from
ordering, conducting or performing examinations of insurers under the Insurance
Code or other [insurance department] OSI rules.
[1/1/94; 13.2.5.8 NMAC - Rn, 13 NMAC 2.5.8, 1/1/2010; A, 10/01/2020]
13.2.5.9 FILING DATES AND EXTENSIONS:
A. [All] An [insurers]
insurerer shall have an annual audit by an independent certified public
accountant and shall file an annual audited financial report and
management’s report of internal control over financial reporting with the
superintendent on or before June 1 for the year ended December 31 immediately
preceding. The superintendent may
require an insurer to file an audited financial report and management’s
report of internal control over financial reporting earlier than June 1
with ninety days advance notice to the insurer.
B. The
superintendent may grant extensions of the June 1 filing date for 30-day
periods for good cause shown. The
request for extension [must] shall be submitted in writing not
less than 10 days prior to the filing date. The insurer and its independent certified
public accountant [must] shall show the reasons for requesting
such extension in sufficient detail to permit the superintendent to make an informed
decision with respect to the requested extension.
[C. If an extension of annual audited financial report is
granted in accordance with the provisions in Subsection B of 13.2.5.9 NMAC, a
similar extension of 30 days is granted to the filing of management’s report of
internal control over financial reporting.]
[D] C. [Every] An insurer required
to file an annual audited financial report pursuant to this rule shall
designate a group of individuals as constituting its audit committee, as
defined in [Subsection C of] 13.2.5.7 NMAC. The audit committee of an entity that
controls an insurer may be deemed to be the insurer’s audit committee for
purposes of this rule at the election of the controlling person consistent
with 13.2.5.16 NMAC.
[1/1/94; 13.2.5.9 NMAC - Rn, 13 NMAC 2.5.9 & A, 1/1/2010; A, 10/01/2020]
13.2.5.12 CONTENTS OF REPORT: The annual audited financial report shall include the following:
A. report of independent certified public accountant;
B. balance sheet reporting admitted assets, liabilities, capital and surplus;
C. statement of operations;
D. statement of cash flows;
E. statement of changes in capital and surplus;
F. notes to financial statements, including:
(1) those required by the appropriate NAIC annual statement instructions and the NAIC accounting practices and procedures manual;
(2) a reconciliation of differences, if any, between the annual audited financial report filed pursuant to this rule and the annual statement filed pursuant to Section 59A-5-29 NMSA 1978, with a written description of the nature of these differences;
(3) a summary of ownership and relationships of the insurer and all affiliated companies; and
(4) any other notes required by generally accepted accounting principles; and
G. accountant’s
letter of qualifications, as described in [this rule] 13.2.5.13 NMAC.
[1/1/94; 13.2.5.12 NMAC - Rn, 13 NMAC 2.5.12 & A, 1/1/2010; A, 10/01/2020]
13.2.5.13 REGISTRATION OF INDEPENDENT CERTIFIED PUBLIC ACCOUNTANT:
A. [Each]
An insurer required by this rule to file an annual audited financial
report must, within 60 days after becoming subject to such requirement,
register with the superintendent, in writing, the name and address of the [independent
certified public accountant] ICPA or accounting firm retained to conduct
the annual audit required by this rule. [Insurers not retaining an
independent certified public accountant on the effective date of this rule
shall register the name and address of their retained certified public accountant
not less than six months before the date when the first audited financial
report is to be filed.]
B. [The]
An insurer shall obtain a letter from the [accountant] ICPA,
and [file] submit a copy [with the superintendent,] to
OSI stating that the [accountant] ICPA is aware of the
provisions of the insurance code and the rules of the insurance department of
the insurer’s state of domicile that relate to accounting and financial matters
and affirming that [he] the ICPA will express [his] an
opinion on the financial statement in terms of [their] conformity to the
statutory accounting practices prescribed or otherwise permitted by that
department, specifying such exceptions as [he] the ICPA may
believe appropriate.
[1/1/94; 13.2.5.13 NMAC - Rn, 13 NMAC 2.5.13, 1/1/2010; A, 10/01/2020]
13.2.5.14 DISMISSAL OR RESIGNATION OF INDEPENDENT CERTIFIED PUBLIC ACCOUNTANT:
A. If
an accountant who was the [accountant] ICPA for the immediately
preceding filed audited financial report is dismissed or resigns, the insurer
shall notify the superintendent in writing of this event within five business
days.
B. The insurer shall also furnish the superintendent with a separate letter of disagreement within ten business days of the notice of dismissal or resignation, which shall contain the following:
(1) the
letter shall state whether, in the [twenty-four] 24 months
preceding such event, there were any disagreements with the former [accountant]
ICPA on any matter of accounting principles or practices, financial
statement disclosure, or auditing scope or procedure, which would have caused
the accountant to make reference in [his] the ICPA opinion to the
subject matter of the disagreement if the disagreement had not been resolved to
the satisfaction of the former [accountant] ICPA; and
(2) the insurer must report in the letter
all disagreements that occurred at the decision-making level (i.e., between
personnel of the insurer responsible for presentation of its financial
statements and personnel of the accounting firm responsible for rendering its
report), whether resolved to the former [accountant’s] ICPA’s satisfaction
or not resolved to the former [accountant’s] ICPA’s satisfaction.
C. The
insurer shall send a copy of the letter of disagreement to the former [accountant]
ICPA and request in writing that the former [accountant] ICPA
furnish a letter addressed to the insurer stating whether the [accountant]
ICPA agrees with the statements contained in the insurer’s letter of
disagreement and, if not, stating the reasons for [his] disagreement. The insurer shall furnish a copy of the
responsive letter from the former [accountant] ICPA to the
superintendent.
[1/1/94; 13.2.5.14 NMAC - Rn, 13 NMAC 2.5.14, 1/1/2010; A, 10/01/2020]
13.2.5.15 QUALIFICATIONS OF INDEPENDENT CERTIFIED PUBLIC ACCOUNTANT:
A. The
superintendent shall not recognize a person or firm as a qualified [independent
certified public accountant] ICPA if the person or firm:
(1) is
not in good standing with the AICPA and in all states in which the [accountant]
ICPA is licensed to practice, or, for a Canadian or British company,
that is not a chartered accountant; or
(2) has either directly or indirectly entered into an agreement of indemnity or release from liability, collectively referred to as indemnification, with respect to the audit of the insurer.
B. Except
as otherwise provided in this rule, the superintendent shall recognize an [independent
certified public accountant] ICPA as qualified as long as [he or
she] the ICPA conforms to the standards of [his or her]the
profession, as contained in the code of professional ethics of the AICPA and
rules and regulations and code of ethics and rules of professional conduct of
the New Mexico board of public accountancy, or similar code.
C. A
qualified [independent certified public accountant] ICPA may [enther]
enter into an agreement with an insurer to have disputes relating to an
audit resolved by mediation or arbitration.
However, in the event of a delinquency proceeding commenced against the
insurer under [NMSA 1978,] Chapter 59A, Article 41, NMSA 1978 the
mediation or arbitration provisions shall operate at the option of the
statutory successor.
D. The lead or coordinating audit partner having primary responsibility for the audit may not act in that capacity for more than five consecutive years. The person shall be disqualified from acting in that or a similar capacity for the same company or its insurance subsidiaries or affiliates for a period of five consecutive years. An insurer may make application to the superintendent for relief from the above rotation requirement on the basis of unusual circumstances. This application should be made at least 30 days before the end of the calendar year. The superintendent may consider the following factors in determining if the relief should be granted:
(1) number of partners, expertise of the partners or the number of insurance claims in the currently registered firm;
(2) premium volume of the insurer; or
(3) number of jurisdictions in which the insurer transacts business.
E. [The]
An insurer shall file, with its annual statement filing, the approval
for relief from [Subsection D of] this section with the states [that]
in which it is licensed [in] or doing business [in] and
with the NAIC. If the nondomestic state
accepts electronic filing with the NAIC, the insurer shall file the approval in
an electronic format acceptable to the NAIC.
F. The
superintendent shall neither recognize as a qualified [independent certiied
public accountant] ICPA, nor accept an annual audited financial
report, prepared in whole or in part by, a natural person who:
(1) has been convicted of fraud, bribery, a violation of the racketeer influenced and corrupt organizations act, 18 U.S.C. Sections 1961 to 1968, or any dishonest conduct or practices under federal or state law;
(2) has been found to have violated the insurance laws of this state with respect to any previous reports submitted under this rule; or
(3) has demonstrated a pattern or practice of failing to detect or disclose material information in previous reports filed under the provisions of this rule.
G. The
superintendent may hold a hearing, as provided in [NMSA 1978,] Chapter
59A, Article 4, NMSA 1978 to determine whether an [independent
certiied public accountant] ICPA is qualified and, considering the
evidence presented, may rule that the accountant is not qualified for purposes
of expressing [his or her] an opinion on the financial statements
in the annual audited financial report made pursuant to this rule and require
the insurer to replace the [accountant] ICPA with another whose
relationship with the insurer is qualified within the meaning of this rule.
H. The
superintendent shall not recognize as a qualified [independent certiied
public accountant] ICPA, nor accept an annual audited financial
report, prepared in whole or in part by an [accountant] ICPA who
provides to an insurer, [comtemporaneously] contemporaneously
with the audit, the following non-audit services:
(1) bookkeeping or other services related to the accounting records or financial statements of the insurer;
(2) financial information systems design and implementation;
(3) appraisal or valuation services, fairness opinions, or contribution-in-kind reports;
(4) actuarially-oriented advisory
services involving the determination of amounts recorded in the financial
statements. The [accountant] ICPA may assist an insurer in
understanding the methods, assumptions and inputs used in the determination of
amounts recorded in the financial statement only if it is reasonable to
conclude that the services provided will not be subject to the audit procedures
during an audit of the insurer’s financial statements. An [accountant’s]
ICPA’s actuary may also issue an actuarial opinion or certification
(“opinion”) on an insurer’s reserves if the following conditions have been met:
(a) neither the [accountant] ICPA
nor the [accountant’s] ICPA’s actuary has performed any
management functions or made any management decisions;
(b) the insurer has competent personnel (or engages a third party actuary) to estimate the reserves for which management takes responsibility; and
(c) the
[accountant’s] ICPA’s actuary tests the reasonableness of the
reserves after the insurer’s management has determined the amount of the
reserves;
(5) internal audit outsourcing services;
(6) management functions or human resources;
(7) broker or dealer, investment adviser, or investment banking services;
(8) legal services or expert services unrelated to the audit; or
(9) any other services that the superintendent determines, by rule, are impermissible.
I. In
general, the principles of independence with respect to services provided by
the qualified [independent certiied public accountant] ICPA are
largely predicated on three basic principles, violations of which would impair
the [accountant’s] ICPA’s independence. The principles are that the [accountant]
ICPA cannot function in the role of management, cannot audit [his or
her] its own work, and cannot serve in an advocacy role for the
insurer.
J. [Iinsurers]
An insurer having direct written and assumed premiums of less than
$100,000,000 in any calendar year may request an exemption from Subsection H of
this section. The insurer shall file
with the superintendent a written statement discussing the reasons why the
insurer should be exempt from these provisions.
If the superintendent finds, upon review of this statement, that
compliance with this rule would constitute a financial or organizational
hardship upon the insurer, an exemption may be granted.
K. A
qualified [independent certiied public accountant] ICPA who
performs the audit may engage in other non-audit services, including tax
services, that are not described in Subsection H of this section or that do not
conflict with Subsection I of this section, only if the activity is approved in
advance by the audit committee, in accordance with Subsection L of this section.
L. All
auditing services and non-audit services provided to an insurer by the
qualified [independent certiied public accountant] ICPA of the
insurer shall be preapproved by the audit committee. The preapproval requirement is waived with
respect to non-audit services if the insurer is a SOX [complaint] compliant
entity or a direct or indirect wholly-owned subsidiary of a SOX [comliant]
compliant entity or:
(1) the aggregate amount of all such
non-audit services provided to the insurer constitutes not more than five
percent of the total amount of fees paid by the insurer to its qualified [independent
certiied public accountant] ICPA during the fiscal year in which the
non-audit services are provided;
(2) the services were not recognized by the insurer at the time of the engagement to be non-audit services; and
(3) the services are promptly brought to the attention of the audit committee and approved prior to the completion of the audit by the audit committee or by one or more members of the audit committee who are the members of the board of directors to whom authority to grant such approvals has been delegated by the audit committee.
M. The audit committee may delegate to one or more designated members of the audit committee the authority to grant the preapprovals required by Subsection L of this section. The decisions of any member to whom this authority is delegated shall be presented to the full audit committee at each of its scheduled meetings.
N. [The
superintendent shall not recognize a independent certiied public
accountant as] An ICPA is not qualified for a particular insurer [is]
if a member of the board, president, chief executive officer,
controller, chief financial officer, chief accounting officer, or any person
serving in an equivalent position for that insurer, was employed by the [independent
certiied public accountant] ICPA and participated in the audit of
that insurer during the one-year period preceding the date that the most
current statutory opinion is due. [This
section shall only apply to partners and senior managers involved in the audit.] An insurer may make application to the
superintendent for relief from the above requirement on the basis of unusual
circumstances. This subsection shall
only apply to partners and senior managers involved in the audit.
O. The
insurer shall file, with its annual statement filing, the approval for relief
from Subsection N of this section with the states [that] in which
it is licensed [in] or doing business [in] and the NAIC. If the nondomestic state accepts electronic
filing with the NAIC, the insurer shall file the approval in an electronic
format acceptable to the NAIC.
[1/1/94; 13.2.5.15 NMAC - Rn, 13 NMAC 2.5.15 & A, 1/1/2010; A, 10/01/2020]
13.2.5.16 REQUIREMENTS
FOR AUDIT COMMITTEE: This section [as
in 13.2.5.16 NMAC] shall not apply to foreign or alien insurers licensed in
this state or an insurer that is a SOX [complaint] compliant entity
or a direct or indirect wholly-owned subsidiary of a SOX [complaint] compliant
entity.
A. The audit committee shall be directly responsible for the appointment, compensation and oversight of the work of any accountant, including resolution of disagreements between management and the accountant regarding financial reporting, for the purpose of preparing or issuing the audited financial report or related work pursuant to this rule. Each accountant shall report directly to the audit committee.
B. The audit committee of an insurer or group of insurers
shall be responsible for overseeing the insurer’s audit function and granting
the person or persons performing the function suitable authority and resources
to fulfill their responsibilities.
[B] C. Each member of
the audit committee shall be a member of the board of directors of the insurer
or a member of the board of directors of an entity elected pursuant to
Subsection [E] F of this section and Subsection C of 13.2.5.7 NMAC.
[C] D. In order to be
considered independent for purposes of this section, a member of the audit
committee may not, other than in his or her capacity as a member of the audit
committee, the board of directors, or any other board committee, accept any
consulting, advisory or other compensatory fee from the entity or be an
affiliated person of the entity or any subsidiary thereof. However, if law requires board participation
by otherwise non-independent members, the law shall prevail and such members
may participate in the audit committee and be designated as independent for
audit committee purposes, unless they are an officer or employee of the insurer
or one of its affiliates.
[D] E. If a member of the audit committee ceases to be independent for reasons outside the member’s reasonable control, that person, with notice by the responsible entity to the state, may remain an audit committee member of the responsible entity until the earlier of the next annual meeting of the responsible entity or one year from the occurrence of the event that caused the member to be no longer independent.
[E] F. To exercise
the election of the controlling person to designate the audit committee for
purposes of this rule, the ultimate controlling person shall provide a written
notice to the [commissioners of the affected insurers.] superintendent. Notification shall be made [timely]
prior to the issuance of the statutory audit report and include a description
of the basis for the election. The
election can be changed through notice to the superintendent by the insurer,
which shall include a description of the basis for the change. The election shall remain in effect for
perpetuity, until [recinded] rescinded.
[F] G. The audit
committee shall require the accountant that performs for an insurer any audit
required by this rule to [timely] report to the audit committee in
accordance with the requirements of SAS 61, communication with audit
committees, or its replacement, including:
(1) all significant accounting [prolicies]
policies and material permitted practices;
(2) all material alternative treatments of financial information within statutory accounting principles that have been discussed with management officials of the insurer, ramifications of the use of the alternative disclosures and treatments, and the treatment preferred by the accountant; and
(3) other material written communications between the accountant and the management of the insurer, such as any management letter or schedule of unadjusted differences.
[G] H. If an insurer
is a member of an insurance holding company system, the reports required by
Subsection [F] G may be provided to the audit committee on an
aggregate basis for insurers in the holding company system, provided that any
substantial differences among insurers in the system are identified to the
audit committee.
[H] I. The proportion of independent audit
committee members shall meet or exceed the following criteria:
|
Prior Calendar Year Direct Written and
Assumed Premiums |
||
|
$0 - $300,000,000 |
Over $300,000,000 - $500,000,000 |
Over $500,000,000 |
|
No minimum requirements. |
Majority (50% or more) of members shall be independent. |
Supermajority of members (75% or more) shall be independent. |
[I] J. An insurer with direct written and
assumed premium, excluding premiums reinsured with the federal crop insurance
corporation and federal flood program, less than $500,000,000 may make
application to the superintendent for a waiver from the requirements of this
section based upon hardship. [The
insurer shall file, with its annual statement filing, the approval for relief
from this section with the states that it is licensed in or doing business in
and the NAIC. If the nondomestic state
accepts electronic filing with the NAIC, the insurer shall file the approval in
an electronic format acceptable to the NAIC.]
[13.2.5.16 NMAC - N, 1/1/2010; A, 10/01/2020]
13.2.5.17 INTERNAL AUDIT FUNCTION
REQUIREMENTS
A. Function. An insurer or group of insurers
shall establish an internal audit function providing independent, objective and
reasonable assurance to the audit committee and insurer management regarding
the insurer’s governance, risk management and internal controls. This assurance shall be provided by performing
general and specific audits, reviews and tests and by employing other
techniques deemed necessary to protect assets, evaluate control effectiveness
and efficiency, and evaluate compliance with policies and regualtions.
B. Independence.
In order to ensure that internal auditors remain objective, the internal audit
function must be organizationally independent. Specifically, the internal audit function
shall have direct and unrestricted access to the board of directors.
Organizational independence does not preclude dual-reporting relationships.
C. Reporting. The head of the internal audit function shall report to the
audit committee regularly, but no less than annually, on the periodic audit
plan, factors that may adversely impact the intenal audit function’s
independence or effectiveness, material findings from completed audits and the
appropriateness of corrective actions implemented by management as a result of
audit findings.
D. Additional
Requirements. If an insurer is a member of an insurance holding company
system or included in a group of insurers, the insurer may satisfy the internal
audit function requirements set forth in this section at the ultimate controlling
parent level, an intermediate holding company level or the individual legal
entity level.
E. Exemption. An insurer may be exempt
from the requirements of this section only if:
(1) the
insurer has annual direct written and unaffiliated assumed premium, including
international direct and assumed premium but excluding premiums reinsured with
the federal corp insurance coporation and federal flood program, less than
$500,000,000); or,
(2) if
the insurer is a member of a group of insurers that has annual direct written
and unaffiliated assumed premium including international direct and assumed
premium, but excluding premiums reinsured with federal crop insurance
corporation and federal flood program, less than $1,000,000,000.
[13.2.5.17 NMAC - N, 10/01/2020]
[13.2.5.17] 13.2.5.18 ROTATION OF ACCOUNTANTS REQUIRED:
A. [After
January 1, 2010] No partner or other person responsible for rendering a
report may act in that capacity for more than five consecutive years. Following any such period of service the
person shall be disqualified from acting in that or a similar capacity for the
same company or its insurance subsidiaries or affiliates for a period of two
years.
B. An insurer may make application to the superintendent for relief from this rotation requirement on the basis of unusual circumstances. The superintendent may consider the following factors in determining if the relief should be granted:
(1) the number of partners, expertise of the partners or the number of insurance clients in the currently registered firm;
(2) the premium volume of the insurer; and
(3) the number of jurisdictions in which the insurer transacts business.
[13.2.5.18 NMAC - Rn & A, 13.2.5.17 NMAC, 10/01/2020]
[13.2.5.18] 13.2.5.19 CONSOLIDATED OR COMBINED AUDITS: An insurer may make written application to
the superintendent for approval to file consolidated or combined annual audited
financial reports in lieu of separate annual audited financial reports if the
insurer is part of a group of insurance companies which utilizes a pooling or
one hundred percent reinsurance agreement that affects the solvency and
integrity of the insurer’s reserves and such insurer cedes all of its direct
and assumed business to the pool. In
such cases, a columnar consolidated or combined worksheet shall be filed with
the report, as follows:
A. amounts shown on the consolidated or combined audited financial report shall be shown on the worksheet;
B. amounts for each insurer subject to this section shall be stated separately;
C. noninsurance operations may be shown on the worksheet on a combined or individual basis;
D. explanations of consolidated and eliminated entries shall be included; and
E. a reconciliation shall be included of any differences between the amounts shown in the individual insurer columns of the worksheet and comparable amounts shown on the annual statements of the insurers.
[13.2.5.19 NMAC – Rn, 13.2.5.18 NMAC, 10/01/2020]
[13.2.5.19] 13.2.5.20 SCOPE OF EXAMINATION AND REPORT OF
INDEPENDENT CERTIFIED PUBLIC ACCOUNTANT:
A. The
superintendent [shall] will not accept any annual audited
financial report prepared in whole or in part by any person or firm that is not
recognized as a qualified [independent certiied public accountant] ICPA.
B. The examination of the insurer’s financial statements shall be conducted in accordance with generally accepted auditing standards.
C. The
[independent certiied public accountant] ICPA shall use such
other procedures illustrated in the [national association of insurance commissioners’]
NAIC’s financial condition examiner’s handbook as [he] the ICPA
may deem necessary.
[13.2.5.20 NMAC - Rn & A, 13.2.5.19 NMAC, 10/01/2020]
[13.2.5.20] 13.2.5.21 REPORT OF ADVERSE FINANCIAL CONDITION:
A. An
insurer shall require its [independent certiied public accountant] ICPA
to report, in writing, within five business days to the board of directors or
its audit committee any determination by [him] the ICPA that the
insurer has materially misstated its financial condition as reported to the
superintendent as of the balance sheet date currently under examination or that
the insurer does not meet the minimum capital and surplus requirements of the
New Mexico Insurance Code as of that date.
B. An
insurer who has received a report of adverse financial condition shall forward
a copy of the report to the superintendent within five business days of
receiving it and shall furnish to the [independent certiied public accountant]
ICPA evidence that the report of adverse financial condition was
forwarded to the superintendent.
C. If
the [independent certiied public accountant] ICPA fails to
receive such evidence within the required five business day period, the
independent certified public accountant shall furnish to the superintendent a
copy of its report of adverse financial condition within the next five business
days.
D. No
[independent certiied public accountant] ICPA shall be liable in
any manner to any person for any statement made in connection with this section
if such statement is made in good faith compliance with this section.
E. If
the [accountant] ICPA, subsequent to the date of the audited
financial report filed pursuant to this rule, becomes aware of facts which
might have affected [his] that report, then the ICPA
has the obligation [of the accountant] to take such action as
prescribed in Volume 1, Section AU 561 of the Professional Standards of the [American
Institute of Certified Public Accountants] AICPA.
[13.2.5.21 NMAC - Rn & A, 13.2.5.20 NMAC, 10/01/2020]
[13.2.5.21] 13.2.5.22 REPORT ON UNREMEDIATED MATERIAL
WEAKNESSES IN INTERNAL CONTROLS:
A. Within
[sixty] 60 days after the filing of the annual audited financial
statements, [each] an insurer shall [furnish] submit to
the superintendent [with] a written report prepared by the [accountant]
ICPA describing any unremediated material weaknesses in the insurer’s
internal control structure noted by the [accountant] ICPA during
the audit. SAS No. 112, Communication of Internal Control Structure Matters
Noted in an Audit (AU Section 325A of the Professional Standards of the [American
Institute of Certified Public Accountants] AICPA) requires an [accountant]
ICPA to communicate unremediated material weaknesses (known as
“reportable conditions”) noted during a financial statement audit to the
appropriate [parties] persons within an entity. If no unremediated weakness were noted, the [cumminication
] communication should so state.
B. [The]
An insurer shall provide a description of remedial actions taken or
proposed to correct unremediated material weaknesses, if such actions are not
described in the [accountant’s] ICPA’s communication.
C. No
report on unremediated material weaknesses in internal controls should
be issued if the [accountant] ICPA does not identify unremediated
material weaknesses.
[13.2.5.22 NMAC - Rn & A, 13.2.5.21 NMAC, 10/01/2020]
[13.2.5.22] 13.2.5.23 MANAGEMENT’S REPORT OF INTERNAL
CONTROL OVER FINANCIAL REPORTING:
A. [Every]
An insurer required to file an audited financial report pursuant to this
rule that has annual direct written and assumed premiums, excluding premiums
reinsured with the federal crop insurance corporation and federal flood
program, of $500,000,000 or more shall prepare a report of the insurer’s or
group of insurers’ internal control over financial reporting, as these terms
are defined in this rule. The report
shall be [filed with] submitted to the superintendent along with
the communication of internal control related matters noted in an audit
described in this rule. Management’s
report of internal control over financial reporting shall be as of December 31
immediately preceding.
B. Notwithstanding
the premium threshold in [Subsection A of 13.2.5.22 NMAC;] this
section the superintendent may require an insurer to [file] submit
management’s report of internal control over financial reporting if the insurer
is in any [RBC] risk based capital level event, or if the
insurer meets [any] one or more of the standards of an insurer
deemed to be in hazardous financial condition.
C. An
insurer or a group of insurers that is: (1) directly subject to Section 404;
(2) part of a holding company system whose parent is directly subject to
Section 404; (3) not directly subject to Section 404, but is a SOX [complaint]
compliant entity; or (4) a member of a holding company system whose
parent is not directly subject to Section 404, but is a SOX [complaint] compliant
entity; may file its or its parent’s Section 404 report and an addendum in
satisfaction of this requirement provided that those internal controls of the
insurer or group of insurers having a material impact on the preparation of the
insurer’s or group of insurers’ audited statutory financial statements were
included in the scope of the Section 404 report. The addendum shall be a positive statement by
management that there are no material processes with respect to the preparation
of the insurer’s or group of insurers’ audited statutory financial statements
excluded from the Section 404 report. If
there are internal controls of the insurer or group of insurers that have a
material impact on the preparation of the insurer’s or group of insurers’
audited statutory financial statements and those internal controls were not
included in the scope of the Section 404 report, the insurer or group of
insurers may either file (i) a report required by [13.2.5.22 NMAC] this
section, or (ii) the Section 404 report and a report required by [13.2.5.22
NMAC] this section for those internal controls that have a material
impact on the preparation of the insurer’s or group of insurers’ audited
statutory financial statements not covered by the Section 404 report.
D. Management’s report of internal control over financial reporting shall include:
(1) a statement that management is responsible for establishing and maintaining adequate internal control over financial reporting:
(2) a statement that management has established internal control over financial reporting and an assertion, to the best of management’s knowledge and belief, after diligent inquiry, as to whether its internal control over financial reporting is effective to provide reasonable assurance regarding the reliability of financial statements in accordance with statutory accounting principles;
(3) a statement that briefly describes the approach or processes by which management evaluated the effectiveness of its internal control over financial reporting;
(4) a statement that briefly describes the scope of work that is included and whether any internal controls were excluded;
(5) disclosure of any unremediated material weaknesses in the internal control over financial reporting identified by management as of December 31 immediately preceding; management is not permitted to conclude that the internal control over financial reporting is effective to provide reasonable assurance regarding the reliability of financial statements in accordance with statutory accounting principles if there is one or more unremediated material weaknesses in its internal control over financial reporting;
(6) a statement regarding the inherent limitations of internal control systems; and
(7) signatures of the chief executive
officer and the chief financial officer (or the equivalent position [/]
or title).
E. Management
shall document and make available upon financial condition examination the
basis upon which its assertions, required in [Subsection D of 13.2.5.22 NMAC]
this section, are made.
Management may base its assertions, in part, upon its review, monitoring
and testing of internal controls undertaken in the normal course of its
activities.
F. Management shall have discretion as to the nature of the internal control framework used, and the nature and extent of documentation, in order to make its assertion in a cost effective manner and, as such, may include assembly of or reference to existing documentation.
G. Management’s
report on internal control over financial reporting, required by [Subsection
A of 13.2.5.22 NMAC] this section, and any documentation provided in
support thereof during the course of a financial condition examination, [shall]
will be kept confidential by the [state insurance department] OSI
in accordance with state law.
[13.2.5.23 NMAC - Rn & A, 13.2.5.22 NMAC, 10/01/2020]
[13.2.5.23] 13.2.5.24 INDEPENDENT CERTIFIED PUBLIC ACCOUNTANT’S
LETTER OF QUALIFICATIONS: The [accountant]
ICPA shall furnish the insurer with a letter stating that:
A. that
the [accountant] ICPA is independent with respect to the insurer
and conforms to the standards of the profession as contained in the code of professional ethics of the [American
institute of certified public accountants] AICPA and the code of
ethics and rules of professional conduct of the New Mexico state board of
public accountancy, or similar code;
B. the
background and experience in general, and the experience in audits of insurers,
of the staff assigned to the examination and whether each is an [independent
certiied public accountant] ICPA (however, nothing in this rule
shall be construed as prohibiting the [accountant] ICPA from
utilizing such staff as is deemed appropriate if such use is consistent with
generally accepted auditing standards);
C. [that]
the [accountant] ICPA understands that the annual audited
financial report and [his] opinion [will] shall be [filed]
submitted in compliance with this rule and that the superintendent will
rely on this information in the monitoring of the financial condition of
insurers;
D. [that]
the [accountant] ICPA consents to the requirements of this rule
regarding ICPA workpapers and agrees to make them available for review
by the superintendent, [his] or the superintendent’s designee or [his]
appointed agent;
E. [that]
the [accountant] ICPA is properly licensed by an appropriate
state licensing authority and is a member in good standing of the [American
institute of certified public accountants] AICPA; and
F. [that]
the [accountant] ICPA is in compliance with the requirements of [13.2.5.15
NMAC and 13.2.5.17 NMAC] this rule.
[13.2.5.24 NMAC - Rn & A, 13.2.5.23 NMAC, 10/01/2020]
[13.2.5.24] 13.2.5.25 [CPA] INDEPENDENT CERTIFIED
PUBLIC ACCOUNTANT’S WORKPAPERS:
A. For
purposes of this rule, workpapers are the records kept by the [independent
certiied public accountant] ICPA of the procedures followed, the
tests performed, the information obtained, and the conclusions reached
pertinent to [his] the ICPA’s examination of the financial
statements of an insurer. Workpapers [accordingly,]
may include, without limitation, audit planning documentation, work
programs, analyses, memoranda, letters of confirmation and representation,
abstracts of company documents and schedules or commentaries prepared or
obtained by the [independent certiied public accountant] ICPA in
the course of [his] the ICPA’s examination of the financial
statements of an insurer and which support [his] the ICPA’s
opinion.
B. [Every]
An insurer required by this rule to [file]submit an
audited financial report, shall require the [accountant] ICPA
to make available for review by [department] OSI examiners and examiners
designated by the superintendent all workpapers prepared [in] during the
[conduct] course of [his] the ICPA’s examination
and any communications related to the audit between the [accountant] ICPA
and the insurer, at the offices of the insurer, at the [insurance department]
OSI or at any other reasonable place designated by the superintendent. The insurer shall require that the [accountant]
ICPA retain the audit workpapers and communications until the [insurance
department] OSI has filed a final report [on] of
examination covering the period of the audit but no longer than seven years
from the date of the audit report.
C. Reviews
by [insurance department] OSI examiners shall be considered
investigations, and all [working papers] and communications
obtained during the course of such investigations shall be afforded the same
confidentiality as examination workpapers generated by the [department] OSI.
Photocopies of pertinent audit
workpapers may be made and retained by the [department] OSI.
[13.2.5.25 NMAC - Rn & A, 13.2.5.24 NMAC, 10/01/2020]
[13.2.5.25] 13.2.5.26 CONDUCT OF INSURER IN CONNECTION WITH
THE PREPARATION OF REQUIRED REPORTS AND DOCUMENTS:
A. No director or officer of an insurer shall, directly or indirectly:
(1) make
or cause to be made a materially false or misleading statement to an [accountant]
ICPA in connection with any audit, review or communication required
under this [regulation] rule; or
(2) omit
to state, or cause another person to omit to state, any material fact necessary
in order to make statements made, in light of the circumstances under which the
statements were made, not misleading to an accountant in connection with any
audit, review or communication required under this [regulation] rule.
B. No officer or
director of an insurer, or any other person acting under the direction thereof,
shall directly or indirectly take any action to coerce, manipulate, mislead or
fraudulently influence any accountant engaged in the performance of an audit
pursuant to this [regulation] rule if that person knew or should
have known that the action, if successful, could result in rendering the
insurer’s financial statements materially misleading.
C. For purposes of Subsection B of this section, actions that, “if successful, could result in rendering the insurer’s financial statements materially misleading” include, but are not limited to, actions taken at any time with respect to the professional engagement period to coerce, manipulate, mislead or fraudulently influence an accountant:
(1) to issue or reissue a report on an
insurer’s financial statements that is not warranted in the [circumstancesdue]
circumstances due to material violations of statutory accounting
principles prescribed by the [commissioner] superintendet,
generally accepted auditing standards, or other professional or regulatory
standards);
(2) not to perform audit, review or other procedures required by generally accepted auditing standards or other professional standards;
(3) not to withdraw an issued report; or
(4) not to communicate matters to an insurer’s audit committee.
[13.2.5.26 NMAC - Rn & A, 13.2.5.25 NMAC, 10/01/2020]
[13.2.5.26] 13.2.5.27 HARDSHIP EXEMPTIONS:
A. Upon written application of any insurer, the superintendent may grant an exemption from compliance with any and all provisions of this rule if the superintendent finds, upon review of the application, that compliance with this rule would constitute a financial or organizational hardship upon the insurer.
B. An exemption may be granted at any time and from time to time for a specified period or periods.
C. Within 10 days from a denial of an insurer’s written request for an exemption from this rule, such insurer may request in writing a hearing on its application for an exemption. Such hearing shall be held in accordance with the New Mexico Insurance Code, Chapter 59A, Article 4, NMSA 1978.
[13.2.5.27 NMAC - Rn & A, 13.2.5.26 NMAC, 10/01/2020]
[13.2.5.27 EFFECTIVE DATES FOR REPORTING
REQUIREMENTS:
A. Domestic
insurers retaining a certified public accountant on the effective date of this
rule who qualifies as independent shall be required to file all reports
required by this rule for the year ending December 31, 2010 and each year
thereafter, unless the superintendent permits otherwise.
B. Domestic
insurers not retaining a certified public accountant on the effective date of
this rule who qualifies as independent shall be required to file the following
documents with the superintendent for the year ending December 31, 2009:
(1) report of independent certified
public accountant;
(2) actual balance sheet
(3) notes to audited balance sheet.
C. For
the year ending December 31, 2010 and each year thereafter, such insurers shall
file with the superintendent all reports required by this rule.
D. Foreign
insurers shall comply with this rule for the year ending December 31, 2010 and
each year thereafter, unless the superintendent permits otherwise.]
[1/1/94; 13.2.5.27 NMAC - Rn, 13 NMAC 2.5.25; 1/1/2010; 13.2.5.27 NMAC - Rn, 13.2.5.26 NMAC, 11/15/2012; Repealed 10/01/2020]
13.2.5.28 CANADIAN AND BRITISH COMPANIES:
A. [In
the case of] As regards Canadian and British insurers, the annual
audited financial report shall be defined as the annual statement of total
business on the form filed by such companies with their domiciliary supervisory
authority, duly audited by an independent chartered accountant.
B. For such insurers, the letter of compliance required by 13.2.5.13 NMAC shall state that the accountant is aware of the requirements relating to the annual audited statement filed with the superintendent pursuant to this rule and shall affirm that the opinion expressed is in conformity with such requirements.
C. For purposes of compliance with this rule, a Canadian insurer may submit to OSI accountants’ reports as filed with the Canadian office of superintendent of financial institutions.
[13.2.5.28 NMAC - Rn, 13.2.5.27 NMAC, 11/15/2012; A, 10/01/2020]
HISTORY OF 13.2.5 NMAC:
Pre-NMAC History: The material in this part was derived from that previously filed with the commission of public records, state records center and archives:
SCC 93-7-IN, Annual Audited
Financial Reports, filed 12/1/1993.
History of Repealed Material:
13.2.5.27 NMAC - Effective Dates For Reporting Requirements, Renumbered 11/15/2012 was repealed effective 10/01/2020.
Other History:
SCC 93-7-IN, Annual Audited
Financial Reports (filed 12/1/1993) was renumbered, reformatted, amended and
replaced by 13 NMAC 2.5, Annual Audited Financial Reports, effective 7/1/1997.
13 NMAC 2.5, Annual Audited
Financial Reports (filed 5/27/1997) was renumbered, reformatted, amended and
replaced by 13.2.5 NMAC, Annual Audited Financial Reports, effective 1/1/2010.