Model Audit Rule would apply to mutual companies

As work on various components of a Model Audit Rule continues to develop, regulators are reaffirming the need for amendments that reflect requirements in the Sarbanes-Oxley Act of 2002.

The work is being undertaken even as the Securities and Exchange Commission and the Public Company Accounting Oversight Board, both in Washington, streamline the original guidance (see related story on opposite page).

Incorporating portions of SOX take on more importance in light of the recent acknowledgement from American International Group, New York, that a recalculation of financial statements would reduce shareholder equity by $2.7 billion, says Doug Stolte, deputy commissioner with Virginia’s Bureau of Insurance, a division of the Virginia State Corporation Commission. Stolte also is chairing the NAIC/AICPA working group, which is undertaking the effort along with the group’s subgroups.

That work is scheduled to continue at the summer meeting of the National Association of Insurance Commissioners, Kansas City, Mo. Prior to the meeting, a conference call is scheduled to discuss comments on proposed changes to Titles II and III of the model, which address auditor independence and corporate governance.

An interim meeting was held last week to review Title IV of the model, which focuses on incorporating SOX requirements for attesting to the soundness of internal controls.

Publicly traded insurance companies already are required to comply with SOX. The amendments would affect mutual insurance companies which currently are not required to adhere to SOX.

Steve Johnson, deputy commissioner in Pennsylvania and chair of the Title IV subgroup, says that during the interim meeting, principles were discussed upon which industry will draw from when it prepares a discussion paper that both regulators and insurers will use to start work on revisions that ultimately could be part of MAR. Among the principles, he says, is to focus on risk-based systems and controls rather than on every possible accounting system and control. So, for instance, using the principles, items such as petty cash controls would not be the focus of changes to this portion of MAR. Work on those revisions could begin at a mid-summer meeting in July.

Johnson says that he believes there is more of a willingness on the part of insurers to develop a draft.

Insurance trade groups including the American Council of Life Insurers, Washington, are monitoring the issue.

And several property-casualty groups continue to ask regulators if the costs incurred by these changes are worth benefits that would be accrued from making amendments to the model.

In fact, the National Association of Mutual Insurance Companies, Indianapolis, is finalizing a study of insurers to determine the extent of those costs, says Bill Boyd, NAMIC’s financial regulation manager.

Currently, companies under $25 million would not be required to comply with provisions, although regulators have indicated a willingness to consider a higher threshold.

Neil Aldredge, NAMIC’s state affairs director, says that during the meeting he raised the point that the National Conference of Insurance Legislators, Troy, N.Y., has reservations both about procedural and substantive changes to MAR.

Indeed, on March 10, NCOIL objected to any incorporation of changes through NAIC annual statement instructions. It also objected to imposing accounting reporting requirements it says are designed for public companies to non-public companies.

Feedback from at least one company that spoke at the interim meeting suggests that SOX requirements are “enormously burdensome,” according to Steve Broadie, vice president of financial legislation and regulation with the Property Casualty Insurance Association of America, Des Plaines, Ill. The framework does not apply well to small- and medium-sized insurers, he continues.

During the meeting the discussion focused on a list of principles that include: a focus on solvency and an examination of key risks, confidentiality among other points, he says.

PCI also questions the benefits for implementing these changes, he adds. He cites a recent finding of the Financial Executives Institute, Florham Park, N.J., that found that the average cost for a company to comply with SOX was $4.3 million.