MISSISSIPPI LEGISLATURE

2019 Regular Session

To: Insurance

By: Representative Chism

House Bill 323

(As Passed the House)

AN ACT TO AMEND SECTION 83-5-102, MISSISSIPPI CODE OF 1972, TO REVISE DEFINITIONS OF CERTAIN TERMS USED IN THE SECTIONS OF LAW REQUIRING AN AUDIT OF INSURERS; TO AMEND SECTION 83-5-119, MISSISSIPPI CODE OF 1972, TO PROVIDE THAT THE AUDIT COMMITTEE OF AN INSURER SHALL BE RESPONSIBLE FOR OVERSEEING THE INSURER'S INTERNAL AUDIT FUNCTION; TO CREATE SECTION 83-5-120, MISSISSIPPI CODE OF 1972, TO REQUIRE INSURERS TO ESTABLISH AN INTERNAL AUDIT FUNCTION PROVIDING INDEPENDENT, OBJECTIVE AND REASONABLE ASSURANCE TO THE AUDIT COMMITTEE AND INSURER MANAGEMENT REGARDING THE INSURER'S GOVERNANCE, RISK MANAGEMENT AND INTERNAL CONTROLS; AND FOR RELATED PURPOSES.

     BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF MISSISSIPPI:

     SECTION 1.  Section 83-5-102, Mississippi Code of 1972, is amended as follows:

     83-5-102.  As used in Sections 83-5-102 through 83-5- * * *113125, the following terms have the respective meanings herein set forth unless the context shall require otherwise:

          (a)  "Audited financial report" means and includes those items specified in Section 83-5-103.

          (b)  "Accountant" or "independent certified public accountant" means an independent certified public accountant or accounting firm in good standing with the American Institute of Certified Public Accountants and in all states in which they are licensed to practice; for Canadian and British companies, it means a Canadian chartered or British chartered accountant.

          (c)  "Commissioner" means the Commissioner of Insurance.

          (d)  "Department" means the Department of Insurance.

          (e)  "Indemnification" means an agreement of indemnity or a release from liability where the intent or effect is to shift or limit in any manner the potential liability of the person or firm for failure to adhere to applicable auditing or professional standards, whether or not resulting in part from knowing or other misrepresentations made by the insurer or its representatives.

     (f)  "Insurer" means an insurer as defined in Section 83-5-1 or an authorized insurer as defined in Section 83-21-17.

          (g)  "Affiliate" of, or person "affiliated" with, a specific person, is a person that directly, or indirectly through one or more intermediaries, controls, or is controlled by, or is under common control with, the person specified.

          (h)  "Audit committee" means a committee (or equivalent body) established by the board of directors of an entity for the purpose of overseeing the accounting and financial reporting processes of an insurer or group of insurers, the internal audit function of an insurer or group of insurers (if applicable), and external audits of financial statements of the insurer or group of insurers.  The audit committee of any entity that controls a group of insurers may be deemed to be the audit committee for one or more of these controlled insurers solely for the purposes of this section at the election of the controlling person.  Refer to Section 83-5-119(e) for exercising this election.  If an audit committee is not designated by the insurer, the insurer's entire board of directors shall constitute the audit committee.

          (i)  "Independent board member" has the same meaning as described in Section 83-5-119(c).

          (j)  "Group of insurers" means those licensed insurers included in the reporting requirements of Sections 83-6-1 through 83-6-43, or a set of insurers as identified by management, for the purpose of assessing the effectiveness of internal control over financial reporting.

          (k)  "Internal control over financial reporting" means a process effected by an entity's board of directors, management and other personnel designed to provide reasonable assurance regarding the reliability of the financial statements and includes those policies and procedures that:

              (i)  Pertain to the maintenance of records that, in reasonable detail, accurately and fairly reflect the transactions and dispositions of assets;

              (ii)  Provide reasonable assurance that transactions are recorded as necessary to permit preparation of the financial statements and that receipts and expenditures are being made only in accordance with authorizations of management and directors; and

              (iii)  Provide reasonable assurance regarding prevention or timely detection of unauthorized acquisition, use or disposition of assets that could have a material effect on the financial statements.

          (l)  "RBC" means risk-based capital pursuant to Sections 83-5-401 through 83-5-427.

          (m)  "SEC" means the United States Securities and Exchange Commission.

          (n)  "Section 404" means Section 404 of the Sarbanes-Oxley Act of 2002 and the SEC's rules and regulations promulgated thereunder.

          (o)  "Section 404 Report" means management's report on "internal control over financial reporting" as defined by the SEC and the related attestation report of the independent certified public accountant.

          (p)  "SOX Compliant Entity" means an entity that either is required to be compliant with, or voluntarily is compliant with, all of the following provisions of the Sarbanes-Oxley Act of 2002:  (i) the preapproval requirements of Section 201 (Section 10A(i) of the Securities Exchange Act of 1934); (ii) the audit committee independence requirements of Section 301 (Section 10A(m)(3) of the Securities Exchange Act of 1934); and (iii) the internal control over financial reporting requirements of Section 404 (Item 308 of SEC Regulation S-K).

          (q)  "Internal audit function" means a person or persons who provide independent, objective and reasonable assurance designed to add value and improve an organization's operations and accomplish its objectives by bringing a systematic disciplined approach to evaluate and improve the effectiveness of risk management control and governance processes.

     SECTION 2.  Section 83-5-119, Mississippi Code of 1972, is amended as follows:

     83-5-119.  Every insurer required to file an annual audited financial report pursuant to this section shall designate a group of individuals as constituting its audit committee.  The audit committee of an entity that controls an insurer may be deemed to be the insurer's audit committee for purposes of this section at the election of the controlling person.

     This section shall not apply to foreign or alien insurers licensed in this state or an insurer that is a SOX Compliant Entity or a direct or indirect wholly owned subsidiary of a SOX Compliant Entity.

          (a)  The audit committee shall be directly responsible for the appointment, compensation and oversight of the work of any accountant (including resolution of disagreements between management and the accountant regarding financial reporting) for the purpose of preparing or issuing the audited financial report or related work pursuant to this section.  Each accountant shall report directly to the audit committee.

          (b)  Each member of the audit committee shall be a member of the board of directors of the insurer or a member of the board of directors of an entity elected pursuant to paragraph (e) and Section 83-5-102(h).

          (c)  In order to be considered independent for purposes of this section, a member of the audit committee may not, other than in his or her capacity as a member of the audit committee, the board of directors, or any other board committee, accept any consulting, advisory or other compensatory fee from the entity or be an affiliated person of the entity or any subsidiary thereof.  However, if law requires board participation by otherwise nonindependent members, that law shall prevail and such members may participate in the audit committee and be designated as independent for audit committee purposes, unless they are an officer or employee of the insurer or one (1) of its affiliates.

          (d)  If a member of the audit committee ceases to be independent for reasons outside the member's reasonable control, that person, with notice by the responsible entity to the state, may remain an audit committee member of the responsible entity until the earlier of the next annual meeting of the responsible entity or one (1) year from the occurrence of the event that caused the member to be no longer independent.

          (e)  To exercise the election of the controlling person to designate the audit committee for purposes of this section, the ultimate controlling person shall provide written notice to the commissioners of the affected insurers.  Notification shall be made timely prior to the issuance of the statutory audit report and include a description of the basis for the election.  The election can be changed through notice to the commissioner by the insurer, which shall include a description of the basis for the change.  The election shall remain in effect for perpetuity, until rescinded.

          (f)  (i)  The audit committee shall require the accountant that performs for an insurer any audit required by this section to timely report to the audit committee in accordance with the requirements of Statement on Auditing Standard No. 114, The Auditor's Communication With Those Charged With Governance or its replacement, including:

                   1.  All significant accounting policies and material permitted practices;

                   2.  All material alternative treatments of financial information within statutory accounting principles that have been discussed with management officials of the insurer, ramifications of the use of the alternative disclosures and treatments, and the treatment preferred by the accountant; and

                   3.  Other material written communications between the accountant and the management of the insurer, such as any management letter or schedule of unadjusted differences.

              (ii)  If an insurer is a member of an insurance holding company system, the reports required by paragraph (f)(i) may be provided to the audit committee on an aggregate basis for insurers in the holding company system, provided that any substantial differences among insurers in the system are identified to the audit committee.

          (g)  The proportion of independent audit committee members shall meet or exceed the following criteria:

Prior Calendar Year Direct Written and Assumed Premiums

$0 - $300,000,000      Over $300,000,000 -    Over $500,000,000

                            $500,000,000

No minimum           Majority (50% or more)        Supermajority of

requirements.  See    of members shall be     members (75% or

also Notes A and B.    independent.  See       more) shall be

                      also Notes A and B.     independent.  See

                                              also Note A.

     Note A:  The commissioner has authority afforded by state law to require the entity's board to enact improvements to the independence of the audit committee membership if the insurer is in a RBC action level event, meets one or more of the standards of an insurer deemed to be in hazardous financial condition, or otherwise exhibits qualities of a troubled insurer.

     Note B:  All insurers with less than Five Hundred Million Dollars ($500,000,000.00) in prior calendar year direct written and assumed premiums are encouraged to structure their audit committees with at least a supermajority of independent audit committee members.

     Note C:  Prior calendar year direct written and assumed premiums shall be the combined total of direct premiums and assumed premiums from nonaffiliates for the reporting entities.

          (h)  An insurer with direct written and assumed premium, excluding premiums reinsured with the Federal Crop Insurance Corporation and Federal Flood Program less than Five Hundred Million Dollars ($500,000,000.00), may make application to the commissioner for a waiver from the requirements of this section based upon hardship.  The insurer shall file, with its annual statement filing, the approval for relief from the requirements of this section with the states that it is licensed or doing business.

          (i)  An insurer or group of insurers that is not required to have independent audit committee members or only a majority of independent audit committee members (as opposed to a supermajority) because the total written and assumed premium is below the threshold and subsequently becomes subject to one (1) of the independence requirements due to changes in premium shall have one (1) year following the year the threshold is exceeded to comply with the independence requirements.  Likewise, an insurer that becomes subject to one (1) of the independence requirements as a result of a business combination shall have one (1) calendar year following the date of acquisition or combination to comply with the independence requirements.

          (j)  The audit committee of an insurer or group of insurers shall be responsible for overseeing the insurer's internal audit function and granting the person or persons performing the function suitable authority and resources to fulfill their responsibilities if required by Section 3 of this act.

     SECTION 3.  The following shall be codified as Section 83-5-120, Mississippi Code of 1972:

     83-5-120.  Internal audit function requirements.  (1)  Exemption.  An insurer is exempt from the requirements of this section if:

          (a)  The insurer has annual direct written and unaffiliated assumed premium, including international direct and assumed premium but excluding premiums reinsured with the Federal Crop Insurance Corporation and Federal Flood Program, less than Five Hundred Million Dollars ($500,000,000.00); and

          (b)  If the insurer is a member of a group of insurers, the group has annual direct written and unaffiliated assumed premium, including international direct and assumed premium, but excluding premiums reinsured with the Federal Crop Insurance Corporation and Federal Flood Program, less than One Billion Dollars ($1,000,000,000.00).

     Note:  An insurer or group of insurers exempt from the requirements of this section is encouraged, but not required, to conduct a review of the insurer business type, sources of capital, and other risk factors to determine whether an internal audit function is warranted.  The potential benefits of an internal audit function should be assessed and compared against the estimated costs.

     (2)  Function.  The insurer or group of insurers shall establish an internal audit function providing independent, objective and reasonable assurance to the audit committee and  insurer management regarding the insurer's governance, risk management and internal controls.  This assurance shall be provided by performing general and specific audits, reviews and tests and by employing other techniques deemed necessary to protect assets, evaluate control effectiveness and efficiency, and evaluate compliance with policies and regulations.

     (3)  Independence.  In order to ensure that internal auditors remain objective, the internal audit function must be organizationally independent.  Specifically, the internal audit function will not defer ultimate judgment on audit matters to others, and shall appoint an individual to head the internal audit function who will have direct and unrestricted access to the board of directors.  Organizational independence does not preclude dual-reporting relationships.

     (4)  Reporting.  The head of the internal audit function shall report to the audit committee regularly, but no less than annually, on the periodic audit plan, factors that may adversely impact the internal audit function's independence or effectiveness, material findings from completed audits and the appropriateness of corrective actions implemented by management as a result of audit findings.

     (5)  Additional requirements.  If an insurer is a member of an insurance holding company system or included in a group of insurers, the insurer may satisfy the internal audit function requirements set forth in this section at the ultimate controlling parent level, an intermediate holding company level or the individual legal entity level.

     SECTION 4.  This act shall take effect and be in force from and after January 1, 2020.