TITLE 28. INSURANCE

PART 1. TEXAS DEPARTMENT OF INSURANCE

CHAPTER 7. CORPORATE AND FINANCIAL REGULATION

SUBCHAPTER A. EXAMINATION AND FINANCIAL ANALYSIS

28 TAC §7.88, §7.89

The Texas Department of Insurance proposes to amend 28 TAC §7.88, concerning independent annual audits of insurer and Health Maintenance Organization (HMO) financial statements and insurer and HMO internal control over financial reporting. TDI also proposes new 28 TAC §7.89, concerning annual corporate governance disclosures. Amendments to §7.88 update the section to include requirements for audit committees and the internal audit function for large insurers and HMOs to align with best practices and changes to the Model Audit Rule (MAR) of the National Association of Insurance Commissioners (NAIC). New §7.89 implements House Bill 3306, 86th Legislature, Regular Session (2019), which is codified in Insurance Code Chapter 831 and requires rules describing the corporate governance disclosures an insurer or HMO is required to make each year.

EXPLANATION. The proposed amendments to §7.88 require certain large insurers and HMOs to establish an internal audit function that is independent and reports on corporate governance and internal controls to the audit committee of the board of directors.

Under Insurance Code Chapter 823, Subchapter B, insurers and HMOs are required to provide an annual registration statement on executive staff's implementation and maintenance of corporate governance and internal control procedures and the board's oversight of corporate governance and internal controls. In order to have oversight, a board of directors should have a direct line of communication from an independent internal source at regular intervals. Best practices show this is achieved by establishing an internal audit function that reports to the audit committee of the board of directors.

The proposed amendments to §7.88 will improve TDI's oversight of the financial condition of insurers and HMOs and incorporate best practices by requiring large insurers and HMOs to establish an internal audit function to ensure appropriate corporate governance and internal controls. The internal audit function will provide independent and objective assurance to an insurer's or HMO's audit committee and management regarding their governance, risk management, and internal controls.

The proposed amendments to §7.88 are necessary for TDI to maintain its NAIC accreditation. TDI notes that these amendments are consistent with existing stock exchange requirements, international standards, and industry best practices observed by large insurers or HMOs.

New §7.89 is necessary to implement HB 3306, which requires the Commissioner to adopt rules relating to an insurer's or HMO's corporate governance annual disclosure (CGAD) requirements. A recent analysis in the insurance industry compared existing corporate governance statutory requirements, regulatory initiatives, and review practices of regulators and the insurance industry. The analysis identified a need to collect additional information related to corporate governance practices. To address this need, the Legislature passed HB 3306. The NAIC also acted to address this need, by developing the CGAD Model Act and the CGAD Model Regulation. The provisions of HB 3306 and proposed new §7.89 are based on the NAIC CGAD Model Act and NAIC CGAD Model Regulation, and they are necessary for TDI to maintain its NAIC accreditation.

HB 3306 requires an insurer or HMO or a group of insurers or HMOs to provide confidential corporate disclosures relating to their corporate governance practices to the Commissioner of their lead state if the insurer or HMO is a member of an insurance group or their domestic regulator each year by June 1. An insurer or HMO that is a member of an insurance group must submit the CGAD to the Commissioner of the lead state for the insurance group, under the laws of the lead state, as determined by the procedures adopted by the NAIC.

Neither HB 3306 nor proposed new §7.89 prescribe new governance standards, but rather require an insurer or HMO to report on existing practices. Given the different structures of U.S. insurers and HMOs, they are afforded discretion over the format of the filing and the level of the company responsible for the filing. The levels may be the ultimate controlling parent level, an intermediate holding company level or the individual legal entity level, depending on how the insurer or insurance group has structured its system of corporate governance. However, an insurer or HMO should consider which level of the company determines the insurer or HMO or insurance or HMO groups' risk appetite.

At a minimum, the disclosure is required to address: (1) the insurer's or HMO's corporate governance framework and structure; (2) the policies and practices of its board of directors and significant committees; (3) the policies and practices directing senior management; and (4) the processes by which the board of directors, its committees, and senior management ensure an appropriate level of oversight to the critical risk areas impacting the insurer's or HMO's business activities.

To simplify the reporting process, the CGAD disclosure requirements allow reference to existing documents and filings and provide guidance for filing changes from the prior year. Any insurer or HMO that fails, without cause, to timely file the CGAD under Insurance Code Chapter 831 as required may be subject to a penalty. Most insurers and HMOs already summarize and describe their corporate governance practices to various stakeholders on a regular basis, so the compliance costs with this requirement will not be significant.

HB 3306 states that the CGAD requirement does not apply before June 1, 2020. TDI is not expecting insurers or HMOs to file until the following year. TDI expects to receive initial filings on or before June 1, 2021. The electronic filing address is provided on TDI's website at www.tdi.texas.gov.

Section 7.88. Independent Audits of Insurer and HMO Financial Statements and Insurer and HMO Internal Control over Financial Reporting. Amendments to §7.88 are made to subsections that are affected by the proposed internal audit function requirements. The internal audit function requirements are proposed as new subsection (l), which means that current subsection (l) and all subsections following it are redesignated as appropriate.

Proposed §7.88(b) is amended to include a new paragraph (4), which states that the internal audit committee requirements under §7.88(l) are applicable beginning January 1, 2021.

Proposed §7.88(c)(3) is amended to add the words "the internal audit function of an insurer or HMO or group of insurers or HMOs" and "external" to the definition of audit committee.

Proposed §7.88(d)(4), (e)(2), (g), and (k)(3) are amended to revise citations to a redesignated subsection and a redesignated paragraph. The references to subsection (m) in subsections (e)(2) and (g) are changed to reference subsection (n), the reference to subsection (m)(1) in subsection (e)(2) is changed to reference subsection (n)(1), and the reference to paragraph (9) in subsection (k)(3) is changed to reference paragraph (10).

Proposed §7.88(k)(3)(B) is amended to revise a citation to a chapter name and to revise a citation to a rule section that have changed. The title of Chapter 8 is updated to "Hazardous Condition" and the reference to §11.810 is changed to §11.811.

Proposed 7.88(k)(4) is amended to reflect renumbering of the paragraphs that follow new paragraph (7). Under the proposal, the waiver discussed in §7.88(k)(4) will apply to paragraphs (1), (2), (5), (6), and (8) - (13) instead of (1), (2), (5) - (12), as under the current rule.

Proposed §7.88(k)(7) is new language added to clarify responsibilities of an insurer's or HMO's or group of insurers' or HMOs' audit committee. This amendment is included because the audit committee is responsible for overseeing the insurer's, HMO's or group of insurers' or HMOs' internal audit function. In order to meaningfully carry out this function, certain authority and adequate resources must be made available to the persons doing the work. This paragraph also clarifies that this requirement for the audit committee applies only if the premium thresholds in proposed §7.88(l) apply to the insurer or HMO.

Because a new paragraph (7) is added, the paragraphs that follow it are renumbered as appropriate. In addition, because of the renumbering of the paragraphs in subsection (k), the reference to paragraph (10) in proposed subsection (k)(8) is updated to reference paragraph (11) and the reference to paragraph (11) in proposed subsection (k)(13) is updated to reference paragraph (12).

Section 7.88(l) is proposed as a new subsection to §7.88, and the subsections that follow it are redesignated as appropriate. Proposed §7.88(l) describes the requirements for the internal audit function, which applies to an insurer or HMO or group of insurers or HMOs when proposed §7.88(k)(7)'s requirements for audit committees are applicable.

Proposed §7.88(l)(1) describes exemptions that limit the requirement for an insurer or HMO to comply with the internal audit function requirements of the subsection. Under §7.88(l)(1), an insurer or HMO is exempt if it has annual direct written and unaffiliated assumed premium, including international direct and assumed premium but excluding premiums reinsured with the Federal Crop Insurance Corporation and Federal Flood Program, of less than $500 million, and the insurer or HMO is a member of a group that has annual direct written and unaffiliated assumed premium including international direct and assumed premium, but excluding premiums reinsured with the Federal Crop Insurance Corporation and Federal Flood Program, of less than $1 billion.

Section 7.88(l)(2) describes the required characteristics for the internal audit function. The internal audit function must provide independent, objective, and reasonable assurance to the audit committee and insurer management about the insurer's governance, risk management, and internal controls. The assurance is provided by doing general and specific audits, reviews, and tests, and by employing other techniques deemed necessary to protect assets, evaluate control effectiveness and efficiency, and evaluate compliance with policies and regulations.

Section 7.88(l)(3) requires that an internal audit function be organizationally independent, in order to ensure that internal auditors remain objective. Being independent means that internal audit makes the final decision on audit matters and that there is an individual appointed to head the internal audit function who has direct and unrestricted access to the board of directors. Internal audit can report to more than just the board without compromising organizational independence.

Section 7.88(l)(4) describes how often and what the head of the internal audit function must report to the audit committee. It states that reporting must happen regularly, and it specifies that this must be no less than once a year. The report must include detail about the audit plan, factors that may adversely impact the internal audit function's independence or effectiveness, material findings from completed audits and the appropriateness of corrective actions implemented by management as a result of audit findings.

Section 7.88(l)(5) provides that if an insurer or HMO is a member of an insurance holding company system or included in a group of insurers or HMOs, the internal audit function requirements may be satisfied at the ultimate controlling parent level, an intermediate holding company level, or the individual legal entity level.

Proposed §7.88(n)(2) updates the reference to a TAC section to change it from §11.810 to §11.811.

Proposed §7.88(o)(2) and (o)(3) are amended to revise citations to reflect redesignated subsections. The reference to subsection (m) in subsection (o)(2) is changed to subsection (n), and the reference to (m)(1) in subsection (o)(3) is changed to (n)(1).

Proposed §7.88(o)(4) is new. It states that if an insurer or HMO or a group of insurers or HMOs no longer meets the exemption from the internal audit requirement in §7.88(l)(1), the insurer or HMO or group of insurers or HMOs has one year after the year the threshold is exceeded to comply with the requirements of proposed §7.88(l).

Non-substantive amendments are also made to the existing rule text to conform it to current TDI rule drafting style. These amendments include:

--capitalizing the word "Commissioner" where it appears in lowercase in subsections (b)(1); (d)(1) - (4); (f); (h); (h)(1), (2), (4), (4)(I), (6), (10); (j)(1); (k)(3), (4), (10), and (11); redesignated (m)(2)(A); and redesignated (n)(1) and (2);

--correcting unnecessary capitalization in the catchlines for subsections (d) - (k) and redesignated (m) - (p);

--replacing the words "shall be" with "is" in subsection (b)(2);

--replacing the word "shall" with "must" in subsections (f)(5); (e)(1); (h)(1) and (12); (j)(1); (k)(2); (5); and (6); (k)(12); and redesignated (n)(1) and (7);

--replacing the word "shall" with "will" in subsections (h) and (h)(11);

--replacing the word "shall" with "may" in subsection (h)(3);

--removing superfluous instances of the word "the" before citations to specific subchapters or sections of the Insurance Code in subsections (a)(3); (b)(1); (c)(1), (2), (4), (5), and (14); (d)(1) and (3) - (5); (e)(1)(C); (g); (h); (h)(11)(B) and (C); (i); (j)(1); (k)(2), (3)(A) and (B), and (12); redesignated (m)(1)(A) and (B) and (2); redesignated (n)(1), (2), (4), and (9); and redesignated (o)(2); and

--changing to word "chapter" to "title" and inserting the word "to" in a reference to another section of Title 28 of the Texas Administrative Code.

Proposed New §7.89. Corporate Governance Annual Disclosure. Proposed new §7.89 describes the requirements for submitting the CGAD.

Proposed new §7.89(a) states the purpose of the section, which is to implement Insurance Code Chapter 831 by providing the procedures for filing and the content of the corporate governance annual disclosures.

Proposed §7.89(b) provides definitions for the section. It states the definitions in Insurance Code §831.0002 apply to §7.89 and provides additional definitions. Insurance Code §831.0002(3) includes HMOs in the definition of "insurer," so when the term "insurer" is used in proposed §7.89 it includes an HMO, and it is unnecessary to expressly repeat that definition in §7.89.

Section 7.89(b)(1) defines "board" as the insurer's board of directors. Section 7.89(b)(2) defines "CGAD" as the corporate governance annual disclosure. Section 7.89(b)(3) defines "Senior Management" as any corporate officer reporting information to the board of directors at regular intervals or providing this information to shareholders or regulators. It notes that the term includes, but is not limited to, the chief executive officer (CEO), chief financial officer (CFO), chief operations officer, chief procurement officer, chief legal officer, chief information officer, chief technology officer, chief revenue officer, chief visionary officer, or any other senior level executive. Section 7.89(b)(4) defines "TDI" as the Texas Department of Insurance.

Proposed new §7.89(c) describes the CGAD's filing procedures. Section 7.89(c)(1) states that an insurer required to file the CGAD must do so no later than June 1 of each calendar year.

Section 7.89(c)(2) identifies who may sign the CGAD, and it provides that the signature attests that the corporate governance practices were implemented and that the CGAD was provided to the appropriate board of directors and committee.

Section 7.89(c)(3) describes how to submit the CGAD. The CGAD must be sent in an electronic format acceptable to TDI. The electronic filing address is provided on TDI's website at www.tdi.texas.gov.

Section 7.89(c)(4) describes the format of CGAD. Section 7.89(c)(4) states the insurer or the insurance group has discretion over the format of the information described in §7.89 and can choose the most relevant information as long as it allows TDI to understand the corporate governance structure, policies, and practices used by the insurer or insurance group.

Section 7.89(c)(5) describes that the level the insurer should report depends on how it has structured its corporate governance. Section 7.89(c)(5)(A) states the insurer or insurance group has the choice to report at the controlling parent level, an intermediate holding company level, or the individual legal entity level. Section 7.89(c)(5)(B) encourages that the CGAD disclosures be made at the level at which the insurer's or insurance group's risk appetite is determined, or at which the earnings, capital, liquidity, operations, and reputation of the insurer are overseen collectively and at which the supervision of those factors are coordinated and exercised, or the level at which legal liability for failure of general corporate governance duties would be placed. Section 7.89(c)(5)(C) requires the insurer or insurance group to indicate which of the three criteria under §7.89(c)(5)(B) was used to determine the level of reporting and explain any subsequent changes in level of reporting.

Section 7.89(c)(6) provides details if the CGAD is completed at the insurance group level. Section 7.89(c)(6) states that if the CGAD is completed at the insurance group level, then it must be filed with the lead state of the group as determined by the procedures outlined in the most recent financial analysis handbook adopted by the NAIC. It further describes that if completed on the insurance group level, a copy of the CGAD must also be provided upon request to the chief regulatory official of any state in which the insurance group has a domestic insurer.

Section 7.89(c)(7) describes what should be filed in the annual filing if there were changes to the CGAD or if there were no changes. Section 7.89(c)(7) states that after the initial filing, the insurer must file an amended CGAD if there were changes. The amended CGAD must identify where the changes were made. If there were no changes, the insurer must submit a letter signed by the person described under §7.89(c)(2) and stating that there were no changes since the last CGAD submission. The letter must also identify that CGAD's date.

Proposed new §7.89(d) describes the content of the CGAD. It states that the CGAD should be as descriptive as possible and include attachments and examples that are used in the governance process. The CGAD should provide information that shows the strengths of the framework and controls. The insurer or insurance group may reference other filings that were previously submitted to TDI instead of resubmitting similar information.

Proposed new §7.89(e) describes what the insurer's or insurance group's corporate governance framework and structure should consider, at a minimum. Section 7.89(e)(1) states the framework and structure should consider the board and board committees that are responsible for overseeing the insurer or insurance group and the levels that the oversight of the insurer or insurance group occurs. The level may be at the ultimate controlling parent level, an intermediate holding company level or the individual legal entity level, depending on how the insurer or insurance group has structured its system of corporate governance. The insurer or insurance group must also describe and discuss the rationale for the current board size and structure. Section 7.89(e)(2) states the framework and structure should also consider the duties of the board and each of its significant committees and how they are governed under the bylaws, charters, and informal mandates, as well as, how the board's leadership is structured. It should also include a discussion of the roles of chief executive officer and chairman of the board.

Proposed new §7.89(f) describes the factors that the insurer or insurance group should consider when compiling the CGAD. The insurer or insurance group must describe the policies and practices of the most senior governing entity and its significant committees, including, but not limited to, a discussion of the factors described in §7.89(f)(1) - (5).

Section 7.89(f)(1) requires a description of how the qualifications, expertise, and experience of each board member meet the needs of the insurer or insurance group.

Section 7.89(f)(2) requires a description of how independence is maintained on the board and its significant committees.

Section 7.89(f)(3) requires a report of the number of meetings held by the board and its significant committees over the past year, as well as information on director attendance.

Section 7.89(f)(4) requires a description of how the insurer or insurance group identifies, nominates, and elects members to the board and its committees. The discussion should include, but is not limited to, the factors proposed in §7.89(f)(4)(A) - (D). Section 7.89(f)(4)(A) requires the description include whether a nomination committee is in place to identify and select individuals for consideration. Section 7.89(f)(4)(B) requires the discussion include whether term limits are placed on directors. Section 7.89(f)(4)(C) requires the discussion include how the election and reelection processes function. Section 7.89(f)(4)(D) requires the discussion include whether a board diversity policy is in place and, if so, how it functions.

Section 7.89(f)(5) requires that the description include the processes in place for the board to evaluate its performance and the performance of its committees, as well as any recent measures taken to improve performance. This description should include any board or committee training programs that have been put in place.

Proposed new 7.89(g) requires an insurer or insurer group to address additional factors related to the policies and practices used to direct senior management. The factors must include those described in §7.89(g)(1) - (4).

Section 7.89(g)(1) requires a description of any processes or practices to determine whether officers and key persons in control functions have the appropriate background, experience, and integrity to fulfill their prospective roles, such as suitability standards. The description of the processes or practices must include those listed in §7.89(g)(1)(A) - (B). Section 7.89(g)(1)(A) - (B) address the specific positions for which suitability standards have been developed and a description of the standards employed, and any changes in an officer's or key person's suitability as outlined by the insurer's or insurance group's standards and procedures to monitor and evaluate such changes.

Section 7.89(g)(2) requires the discussion include the insurer's or insurance group's code of business conduct and ethics. Section 7.89(g)(2)(A) - (B) provides examples of what the discussion could consider. Section 7.89(g)(2)(A) suggests the discussion of which considers compliance with laws, rules, and regulations, and §7.89(g)(2)(B) suggests that it include proactive reporting of any illegal or unethical behavior.

Section 7.89(g)(3) requires the discussion include the insurer's or insurance group's processes for performance evaluation, compensation, and corrective action to ensure effective senior management throughout the organization. This description must include a description of the general objectives of significant compensation programs and what the programs are designed to reward. The description must also include enough detail to allow the director to understand how the organization ensures that compensation programs do not encourage and reward excessive risk taking.

Section 7.89(g)(3)(A) - (F) provides examples of elements to discuss under §7.89(g)(3). Section 7.89(g)(3)(A) references the board's role in overseeing management compensation programs and practices. Section 7.89(g)(3)(B) references the various elements of compensation awarded in the insurer's or insurance group's compensation programs and how the insurer or insurance group determines and calculates the amount of each element of compensation paid. Section 7.89(g)(3)(C) references how compensation programs are related to both company and individual performance over time. Section 7.89(g)(3)(D) references whether compensation programs include risk adjustments and how those adjustments are incorporated into the programs for employees at different levels. Section 7.89(g)(3)(E) references "clawback provisions" built into the programs to recover awards or payments if the performance measures on which they are based are restated or otherwise adjusted. Section 7.89(g)(3)(F) references any other factors relevant in understanding how the insurer or insurance group monitors its compensation policies to determine whether its risk management objectives are met by incentivizing its employees.

Section 7.89(g)(4) requires the discussion include the insurer's or insurance group's plans for CEO and senior management succession.

Proposed new §7.89(h) requires the insurer or insurance group to describe the processes by which the board, its committees, and senior management ensure an appropriate amount of oversight to the critical risk areas impacting the insurer's business activities. Section 7.89(h)(1) - (3) lists the details that must be addressed in the insurer or insurance group's description of oversight.

Section 7.89(h)(1) requires a description of how oversight and management responsibilities are delegated between the board, its committees, and senior management.

Section 7.89(h)(2) requires a description of how the board is kept informed of the insurer's strategic plans, the associated risks, and steps that senior management is taking to monitor and manage those risks.

Section 7.89(h)(3) requires a description how reporting responsibilities are organized for each critical risk area that allows the board to understand the frequency at which information on each critical risk area is reported to and reviewed by senior management and the board. Subparagraphs (A) - (H) provide that the description may include risk management processes, actuarial function, investment decision-making processes, reinsurance decision-making processes, business strategy/finance decision-making processes, compliance function, financial reporting/internal auditing, and market conduct decision-making processes.

Proposed new §7.89(i) discusses the severability of §7.89. It states that if a determination that any portion of §7.89 or its application to any person or circumstance is held invalid, it does not affect other portions of §7.89 or its applications that can be given effect without the invalid portion or application.

NAIC. This proposal includes provisions related to NAIC rules, regulations, directives, or standards; and under Insurance Code §36.004, TDI must consider whether authority exists to enforce or adopt it. In addition, under Insurance Code §36.007, an agreement that infringes on the authority of this state to regulate the business of insurance in this state has no effect unless the agreement is approved by the Texas Legislature.

TDI has determined that neither Insurance Code §36.004 nor §36.007 prohibit the proposed rules under §7.88 or §7.89. The proposed amendments to §7.88 are required for TDI to maintain its accreditation and do not implement an interstate, national, or international agreement. Proposed new §7.89 is expressly authorized by statute, is required to maintain accreditation, and does not implement an interstate, national, or international agreement.

FISCAL NOTE AND LOCAL EMPLOYMENT IMPACT STATEMENT. Jamie Walker, deputy commissioner of the Financial Regulation Division, has determined that during each year of the first five years the proposed amendments and new sections are in effect, there will be no measurable fiscal impact on state and local governments as a result of enforcing or administering the sections, other than that imposed by the statute. This determination was made because the proposed amendments do not add to or decrease state revenues or expenditures, and because local governments are not involved in enforcing or complying with the proposed amendments.

Ms. Walker does not anticipate any measurable effect on local employment or the local economy as a result of this proposal.

PUBLIC BENEFIT AND COST NOTE. For each year of the first five years the proposed amended and new sections are in effect, Ms. Walker expects that administering and enforcing the proposed amendments to §7.88 and proposed new §7.89 will have the public benefits of ensuring that TDI's rules comply with best practices for insurers and HMOs and provide TDI with the ability to better regulate their solvency.

Ms. Walker expects that the proposed amendments to §7.88 will not increase the cost of compliance to regulated persons because there is a cost saving for insurers and HMOs to have an internal audit function. Internal controls help ensure that financial statements give a true and fair view and help to reduce the risk of misstatement associated with the loss or misappropriation of assets. A business cannot prepare financial statements or prevent or detect the theft of assets if it fails to control its accounting records.

An internal control function ensures that information is timely and accurate, which is essential to an insurer's or HMO's decision-making. An internal audit function's value can be derived from saving money, monitoring compliance to avoid fines, increasing productivity, and protecting the insurer's or HMO's reputation.

Under Insurance Code Section 401.004 and 28 TAC Section 7.88, insurers and HMOs must have an independent public accountant (auditor) perform an annual audit that contains certain information about internal controls. Insurers and HMOs with an effective set of internal controls validated by an internal audit function provide the auditor greater assurance regarding the reliability of the financial reporting, the effectiveness and efficiency of operations, and compliance with applicable laws and regulations.

When preparing an insurer's audit plan, auditors (a) test controls, (b) consider board engagement, and (c) evaluate its governance framework. If there is not an effective internal audit function, independent auditors are required to expand their audit plan to do more testing of controls and substantive work, increasing the direct cost of the audit and pulling the insurer's or HMO's staff away from performing routine job duties.

The costs associated with having an internal audit function under the proposed amendments to §7.88 will reduce the external independent audit costs also required under §7.88 and will help the insurers or HMOs run a more efficient operation. The actual dollar amount of savings, however, will vary. An insurer or HMO may choose to use staff who are currently employed to perform the function and others may choose to hire new full- or part-time employees or may choose to use contractors. The costs will also vary depending on how often internal audit does testing. The dollar cost of an annual audit by an independent auditor will also vary because it depends on who the insurer or HMO chooses to hire and the size and complexity of the insurer or HMO, but the overall cost of the audit will be less because there will be less audit procedures required if there is an internal audit function established and reporting to the audit committee of the board of directors. The reduction in independent audit costs and the greater efficacy an internal audit function provides exceed the costs associated with proposed §7.88.

Currently, the forty insurers or HMOs that would be subject to the proposed amendments to §7.88 already have an internal audit function in place. If the insurers' or HMOs' internal audit function is not currently reporting to the audit committee of the board of directors, the amendments to §7.88 will require them to do so at least annually. The financial benefit of having an engaged and informed audit committee on the board of directors will exceed the cost associated with requiring the internal control function to report directly to the audit committee. The rule does not prohibit dual reporting to senior management and the audit committee if independence is maintained.

Proposed new §7.89 may increase the cost of compliance with Insurance Code Chapter 831. Insurance Code §831.0008 requires the CGAD to contain material information necessary to permit the Commissioner to gain an understanding of the insurer's or insurance group's corporate governance structure, policies, and practices, consistent with rules adopted by the Commissioner. The actual dollar amount to comply with the requirements in §7.89 will vary. Section 7.89 gives the insurer or insurance group discretion over the format of the filing and over the level responsible for the filing. The level responsible for the filing may be the ultimate controlling parent level, intermediate holding company level or the individual legal entity level, depending on how the insurer or insurance group has structured its system of corporate governance. It will also depend on the complexity of the insurer's or insurance group's structure. The structure impacts the number of employees it will take to create the disclosures, ensure that the corporate governance practices are implemented, analyze if any changes occur from year to year, and file the CGAD. The structure will also impact the amount of time the insurer's or insurance group's chief executive officer or corporate secretary will need to review the CGAD and to attest that the corporate governance practices have been implemented.

ECONOMIC IMPACT STATEMENT AND REGULATORY FLEXIBILITY ANALYSIS. TDI has determined that the proposed amendments and new section will not have an adverse economic effect or a disproportionate economic impact on small or micro businesses, or on rural communities. This is because the amendments to §7.88 and new §7.89 apply only to insurers or HMOs that do not qualify as small or micro-businesses, and the amendments and new section do not apply to any rural communities. As a result, and in accordance with Government Code §2006.002(c), TDI is not required to prepare a regulatory flexibility analysis.

EXAMINATION OF COSTS UNDER GOVERNMENT CODE §2001.0045. TDI has determined that the proposed amendments to §7.88 do not impose a cost on regulated persons under Government Code §2001.0045. As discussed under the public benefit and cost note, TDI has determined that the proposed amendments to §7.88(l) decrease the overall costs on regulated persons. Government Code §2001.0045(c)(2)(B) states that Government Code §2001.0045 does not apply to a rule that is amended to decrease the regulated persons' cost for compliance with the rule.

TDI has determined that proposed new §7.89 may impose a cost on regulated persons. However, an examination of costs under Government Code §2001.0045 is not required because proposed new §7.89 implements Insurance Code Chapter 831, as added by HB 3306, and Insurance Code §831.0014(b) provides that Government Code §2001.0045 does not apply to a rule adopted under Insurance Code Chapter 831.

GOVERNMENT GROWTH IMPACT STATEMENT. TDI has determined that for each year of the first five years that the proposed amendments and new section are in effect the proposed rules:

--will not create or eliminate a government program;

--will not require the creation of new employee positions or the elimination of existing employee positions;

--will not require an increase or decrease in future legislative appropriations to the agency;

--will not require an increase or decrease in fees paid to the agency;

--will create a new regulation;

--will expand, limit, or repeal an existing regulation;

--will increase or decrease the number of individuals subject to the rule's applicability; and

--will not positively or adversely affect the Texas economy.

TAKINGS IMPACT ASSESSMENT. TDI has determined that no private real property interests are affected by this proposal and that this proposal does not restrict or limit an owner's right to property that would otherwise exist in the absence of government action. As a result, this proposal does not constitute a taking or require a takings impact assessment under Government Code §2007.043.

REQUEST FOR PUBLIC COMMENT. TDI will consider any written comments on the proposal that are received by TDI no later than 5:00 p.m. Central time on September 21, 2020. Send your comments to ChiefClerk@tdi.texas.gov; or to the Office of the Chief Clerk, MC 112-2A, Texas Department of Insurance, P.O. Box 149104, Austin, Texas 78714-9104.

To request a public hearing on the proposal, submit a request before the end of the comment period, and separate from any comments, to ChiefClerk@tdi.texas.gov; or to the Office of the Chief Clerk, MC 112-2A, Texas Department of Insurance, P.O. Box 149104, Austin, Texas 78714-9104. The request for public hearing must be separate from any comments and received by the department no later than 5:00 p.m., central time, on September 21, 2020. If TDI holds a public hearing, TDI will consider written and oral comments presented at the hearing.

STATUTORY AUTHORITY. TDI proposes amendments to §7.88 under Insurance Code §36.001 and §36.004(c) and new §7.89 under Insurance Code §§36.001, 36.004(c), 831.0008(c) and 831.0014(a).

Insurance Code §36.001 provides that the Commissioner may adopt rules necessary and appropriate to implement the powers and duties of TDI under the Insurance Code and other laws of this state.

Insurance Code §36.004(c) provides that the Commissioner may adopt a rule to require compliance with a rule, regulation, directive, or standard adopted by the National Association of Insurance Commissioners if the rule is technical or non-substantive in nature or necessary to preserve TDI's NAIC accreditation and before the adoption of the rule, the Commissioner provides the standing committees of the senate and house of representatives with primary jurisdiction over TDI with written notice of the Commissioner's intent to adopt the rule.

Insurance Code §831.0008(c) provides that corporate governance annual disclosures must be prepared consistent with rules adopted by the Commissioner.

Insurance Code §831.0014(a) provides that the Commissioner shall adopt rules as necessary to enforce Insurance Code Chapter 831.

CROSS-REFERENCE TO STATUTE. Amendments to §7.88 affect Insurance Code Chapter 401, Subchapter B and Insurance Code Chapter 843, Subchapter B. New §7.89 affects Insurance Code §§831.0003 - 831.0014.

§7.88.Independent Audits of Insurer and HMO Financial Statements and Insurer and HMO Internal Control over Financial Reporting.

(a) Purpose. The purpose of this section is to improve the Texas Department of Insurance's surveillance of the financial condition of insurers and HMOs by:

(1) specifying the requirements of an annual audit by an accountant of the financial statements reporting the financial condition and the results of operations of each insurer or HMO;

(2) requiring communication of internal control related matters noted in an audit;

(3) requiring an insurer or HMO that is required to file an annual audited financial report under [the] Insurance Code Chapter 401, Subchapter A, to have an audit committee; and

(4) requiring certain insurer or HMO management to report on internal control over financial reporting.

(b) Applicability.

(1) Except as otherwise specified in this section and in [the] Insurance Code Chapter 401, Subchapter A, this section applies to insurers and HMOs and takes effect beginning with the annual reporting period ending December 31, 2010, which period is reflected in reports and communications required to be filed with the Commissioner [commissioner] during calendar year 2011, and continues in effect each year thereafter.

(2) Subsection (h)(1) of this section, relating to lead audit partner limitation, is [shall be] in effect for audits of the year beginning January 1, 2010, which audits are reflected in reports and communications required to be filed with the Commissioner [commissioner] during calendar year 2011, and continues in effect each year thereafter.

(3) Subsection (k) of this section, relating to audit committee requirements, takes effect on September 1, 2010.

(4) Subsection (l) of this section, relating to internal audit committee requirements, is applicable beginning January 1, 2021.

(c) Definitions. The following words and terms, when used in this section, shall have the following meanings, unless the context clearly indicates otherwise.

(1) Accountant--An independent certified public accountant or accounting firm that meets the requirements of [the] Insurance Code §401.011.

(2) Affiliate--Has the meaning assigned by [the] Insurance Code §823.003.

(3) Audit committee--A committee established by the board of directors of an entity for the purpose of overseeing the accounting and financial reporting processes of an insurer or HMO or group of insurers or HMOs, the internal audit function of an insurer or HMO or group of insurers or HMOs, and external audits of financial statements of the insurer or HMO or group of insurers or HMOs. At the election of the controlling person, the audit committee of an entity that controls a group of insurers or HMOs may be the audit committee for one or more of the controlled insurers or HMOs solely for the purposes of this section. If an audit committee is not designated by the insurer or HMO, the insurer's or HMO's entire board of directors constitutes the audit committee.

(4) Audited financial report--The annual audit report required by [the] Insurance Code Chapter 401, Subchapter A.

(5) Group of insurers or HMOs--Those authorized insurers or HMOs included in the reporting requirements of [the] Insurance Code Chapter 823, or a set of insurers or HMOs as identified by management, for the purpose of assessing the effectiveness of internal control over financial reporting.

(6) Health maintenance organization (HMO)--A health maintenance organization authorized to engage in business in this state.

(7) Insurer--An insurer authorized to engage in business in this state, including:

(A) a life, health, or accident insurance company;

(B) a fire and marine insurance company;

(C) a general casualty company;

(D) a title insurance company;

(E) a fraternal benefit society;

(F) a mutual life insurance company;

(G) a local mutual aid association;

(H) a statewide mutual assessment company;

(I) a mutual insurance company other than a mutual life insurance company;

(J) a farm mutual insurance company;

(K) a county mutual insurance company;

(L) a Lloyd's plan;

(M) a reciprocal or interinsurance exchange;

(N) a group hospital service corporation;

(O) a stipulated premium company; and

(P) a nonprofit legal services corporation.

(8) Internal control over financial reporting--A process implemented by an entity's board of directors, management, and other personnel designed to provide reasonable assurance regarding the reliability of the entity's financial statements. The term includes policies and procedures that:

(A) relate to the maintenance of records that, in reasonable detail, accurately and fairly reflect the transactions and dispositions of assets;

(B) provide reasonable assurance that:

(i) transactions are recorded as necessary to permit preparation of the financial statements; and

(ii) receipts and expenditures are made only in accordance with authorizations of management and directors; and

(C) provide reasonable assurance regarding prevention or timely detection of unauthorized acquisition, use, or disposition of assets that could have a material effect on the financial statements.

(9) Management--The management of an insurer or HMO or group of insurers or HMOs subject to this section.

(10) SEC--The United States Securities and Exchange Commission.

(11) Section 404--Section 404, Sarbanes-Oxley Act of 2002 (15 U.S.C. §7262), and rules adopted under that section.

(12) Section 404 report--Management's report on internal control over financial reporting as determined by the SEC and the related attestation report of an accountant.

(13) SOX-compliant entity--An entity that is required to comply with or voluntarily complies with:

(A) the preapproval requirements provided by 15 U.S.C. §78j-1(i);

(B) the audit committee independence requirements provided by 15 U.S.C. §78j-1(m)(3); and

(C) the internal control over financial reporting requirements provided by 15 U.S.C. §7262(b) and Item 308, SEC Regulation S-K.

(14) Subsidiary--Has the meaning assigned by [the] Insurance Code §823.003.

(d) Filing and extensions [Extensions] for filing [Filing] of audited financial report [Audited Financial Report].

(1) Except as provided in paragraphs (2), (3), and (4) of this subsection, an insurer or HMO that is required to have an annual audit performed by an accountant and to file an audited financial report with the Commissioner [commissioner] under [the] Insurance Code Chapter 401, Subchapter A, shall file the audited financial report with the Commissioner [commissioner] on or before June 1 for the preceding calendar year.

(2) Except as provided in paragraphs (3) and (4) of this subsection, an insurer or HMO that, along with any affiliated insurers or HMOs, is licensed in and does business only in Texas shall file the audited financial report with the Commissioner [commissioner] on or before June 30 for the preceding calendar year. This paragraph does not apply to an insurer or HMO that is a member of a group comprised of one or more insurers or HMOs authorized and actually doing the business of insurance in another state that requires that an audited financial report be filed on or before June 1 for the preceding calendar year.

(3) In accordance with [the] Insurance Code §401.004(b), the Commissioner [commissioner] may require an insurer or HMO to file an audited financial report on a date that precedes the June 1 deadline in paragraph (1) of this subsection or the June 30 deadline in paragraph (2) of this subsection. The Commissioner [commissioner] must notify the insurer or HMO of the filing date not later than the 90th day before that date.

(4) The Commissioner [commissioner] may grant an extension of the filing date in accordance with [the] Insurance Code §401.004(c). An extension granted under [the] Insurance Code §401.004(c), relating to the filing date for an audited financial report, also applies to the filing of management's report on internal control over financial reporting required under subsection (n) [(m)] of this section.

(5) An insurer or HMO required to file an annual audited financial report under [the] Insurance Code Chapter 401, Subchapter A, and this section must [shall] designate a group of individuals to serve as its audit committee. The audit committee of an entity that controls an insurer or HMO may, at the election of the controlling person, be the insurer's or HMO's audit committee for purposes of this section.

(e) Exemption for certain foreign [Certain Foreign] or alien insurers [Alien Insurers] or HMOs.

(1) A foreign or alien insurer or HMO exempt under [the] Insurance Code §401.007(a) must [shall ] file with the commissioner a copy of:

(A) the audited financial report and the accountant's letter of qualifications filed with the insurer's or HMO's state of domicile at the same time these documents are filed with the state of domicile;

(B) the communication of internal control-related matters noted in the audit that is substantially similar to the communication required under subsection (j) of this section, not later than the 60th day after the date the copy of the audited financial report and accountant's letter of qualifications are filed with the commissioner; and

(C) any notification of adverse financial conditions report filed with the other state, in accordance with the filing date prescribed by [the] Insurance Code §401.017.

(2) A foreign or alien insurer or HMO required to file management's report of internal control over financial reporting in another state is exempt from filing the report in this state under subsection (n)(1) [(m)(1)] of this section if the other state has substantially similar reporting requirements and the report is filed with the commissioner in that state in the time specified.

(f) Requirements for financial statements [Financial Statements] in audited financial report [Audited Financial Report]. The financial statements included in the audited financial report must be prepared in a form and use language and groupings substantially the same as the relevant sections of the annual statement of the insurer or HMO filed with the Commissioner [commissioner]. The financial statements must be comparative, including amounts on December 31 of the current year and amounts as of the immediately preceding December 31, except for the first year in which an insurer or HMO is required to file the report.

(g) Scope of audit [Audit] and report [Report] of accountant [Accountant ]. An accountant must audit the financial reports provided by an insurer or HMO for purposes of an audit conducted under [the] Insurance Code Chapter 401, Subchapter A. In addition to complying with the requirements of the Insurance Code §401.010, the accountant shall obtain an understanding of internal control sufficient to plan the audit, in accordance with "Consideration of Internal Control in a Financial Statement Audit," AU Section 319, Professional Standards of the American Institute of Certified Public Accountants. To the extent required by AU Section 319, for those insurers or HMOs required to file a management's report of internal control over financial reporting under subsection (n) [(m)] of this section, the accountant shall consider the most recently available report in planning and performing the audit of the statutory financial statements. In this subsection, "consider" has the meaning assigned by Statement on Auditing Standards No. 102, "Defining Professional Requirements in Statements on Auditing Standards," or a successor document.

(h) Qualifications and independence [Independence ] of accountant; acceptance [Accountant; Acceptance ] of audited financial report [Audited Financial Report]. Except as provided by [the] Insurance Code §401.011(b) and (d), and paragraphs (1), (3), (4), (5), and (10) of this subsection, the Commissioner will [commissioner shall] accept an audited financial report from an independent certified public accountant or accounting firm that is a member in good standing of the American Institute of Certified Public Accountants; is in good standing with all states in which the accountant or firm is licensed to practice, as applicable; and conforms to the American Institute of Certified Public Accountants Code of Professional Conduct and to the rules of professional conduct and other rules of the Texas State Board of Public Accountancy or a similar code.

(1) A lead partner or other person responsible for rendering an audited financial report for an insurer or HMO may not act in that capacity for more than five consecutive years and may not, during the five-year period after that fifth year, render an audited financial report for the insurer or HMO or for a subsidiary or affiliate of the insurer or HMO that is engaged in the business of insurance. On application made at least 30 days before the end of the calendar year, the Commissioner [commissioner] may determine that the limitation provided by this paragraph does not apply to an accountant for a particular insurer or HMO if the insurer or HMO demonstrates to the satisfaction of the Commissioner [commissioner] that the limitation's application to the insurer or HMO would be unfair because of unusual circumstances. In making the determination, the Commissioner [commissioner] may consider:

(A) the number of partners or individuals the accountant employs, the expertise of the partners or individuals the accountant employs, or the number of the accountant's insurance clients;

(B) the premium volume of the insurer or HMO; and

(C) the number of jurisdictions in which the insurer or HMO engages in business.

(2) On filing its annual statement, an insurer or HMO for which the Commissioner [commissioner] has approved an exemption under paragraph (1) of this subsection must [shall] file the approval with the states in which it is doing business or is authorized to do business and with the National Association of Insurance Commissioners. If a state other than this state accepts electronic filing with the National Association of Insurance Commissioners, the insurer or HMO must [shall] file the approval in an electronic format acceptable to the National Association of Insurance Commissioners.

(3) In providing services, the accountant may [shall] not:

(A) function in the role of management, audit the accountant's own work, or serve in an advocacy role for the insurer or HMO; or

(B) directly or indirectly enter into an agreement of indemnity or release from liability regarding the audit of the insurer or HMO.

(4) The Commissioner [commissioner] may not recognize as qualified or independent an accountant, or accept an annual audited financial report that was prepared wholly or partly by an accountant, who provides an insurer or HMO at the time of the audit:

(A) bookkeeping or other services related to the accounting records or financial statements of the insurer or HMO;

(B) services related to financial information systems design and implementation;

(C) appraisal or valuation services, fairness opinions, or contribution-in-kind reports;

(D) actuarially oriented advisory services involving the determination of amounts recorded in the financial statements;

(E) internal audit outsourcing services;

(F) management or human resources services;

(G) broker or dealer, investment adviser, or investment banking services;

(H) legal services or other expert services unrelated to the audit; or

(I) any other service that the Commissioner [commissioner] determines to be inappropriate.

(5) Notwithstanding paragraph (4)(D) of this subsection, an accountant may assist an insurer or HMO in understanding the methods, assumptions, and inputs used in the determination of amounts recorded in the financial statement if it is reasonable to believe that the advisory service will not be the subject of audit procedures during an audit of the insurer's or HMO's financial statements. An accountant's actuary may also issue an actuarial opinion or certification on an insurer's or HMO's reserves if:

(A) the accountant or the accountant's actuary has not performed management functions or made any management decisions;

(B) the insurer or HMO has competent personnel, or engages a third-party actuary, to estimate the reserves for which management takes responsibility; and

(C) the accountant's actuary tests the reasonableness of the reserves after the insurer's or HMO's management has determined the amount of the reserves.

(6) An insurer or HMO that has direct written and assumed premiums of less than $100 million in any calendar year may request an exemption from the requirements of paragraph (4) of this subsection by filing with the Commissioner [commissioner] a written statement explaining why the insurer or HMO should be exempt. The Commissioner [commissioner] may grant the exemption if the Commissioner [commissioner] finds that compliance with paragraph (4) of this subsection would impose an undue financial or organizational hardship on the insurer or HMO.

(7) An accountant who performs an audit may perform non-audit services, including tax services, that are not described in paragraph (4) of this subsection or that do not conflict with paragraph (3) of this subsection, only if the activity is approved in advance by the audit committee in accordance with paragraph (8) of this subsection.

(8) The audit committee must approve in advance all auditing services and non-audit services that an accountant provides to the insurer or HMO. The prior approval requirement is waived with respect to non-audit services if the insurer or HMO is a SOX-compliant entity or a direct or indirect wholly owned subsidiary of a SOX-compliant entity or:

(A) the aggregate amount of all non-audit services provided to the insurer or HMO is not more than five percent of the total amount of fees paid by the insurer or HMO to its accountant during the fiscal year in which the non-audit services are provided;

(B) the services were not recognized by the insurer or HMO at the time of the engagement to be non-audit services; and

(C) the services are promptly brought to the attention of the audit committee and approved before the completion of the audit by the audit committee or by one or more members of the audit committee who are the members of the board of directors to whom the audit committee has delegated authority to grant approvals.

(9) The audit committee may delegate to one or more designated members of the audit committee the authority to grant the prior approval required by paragraph (7) of this subsection. The decisions of any member to whom this authority is delegated shall be presented to the full audit committee at each of its scheduled meetings.

(10) The Commissioner [commissioner] may not recognize an accountant as qualified or independent for a particular insurer or HMO if a member of the board, the president, chief executive officer, controller, chief financial officer, chief accounting officer, or any individual serving in an equivalent position for the insurer or HMO, was employed by the accountant and participated in the audit of that insurer or HMO during the one-year period preceding the date on which the most current statutory opinion is due. This paragraph applies only to partners and senior managers involved in the audit. An insurer or HMO may apply to the Commissioner [commissioner] for an exemption from the requirements of this paragraph on the basis of unusual circumstances.

(11) The Commissioner will [commissioner shall] not accept an audited financial report prepared wholly or partly by an individual or firm who the commissioner finds:

(A) has been convicted of fraud, bribery, a violation of the Racketeer Influenced and Corrupt Organizations Act (18 U.S.C. §1961 et seq.), or a state or federal criminal offense involving dishonest conduct;

(B) has violated the insurance laws of this state with respect to a report filed under [the] Insurance Code Chapter 401, Subchapter A, or this section;

(C) has demonstrated a pattern or practice of failing to detect or disclose material information in reports filed under [the] Insurance Code Chapter 401, Subchapter A, or this section; or

(D) has directly or indirectly entered into an agreement of indemnity or release of liability regarding an audit of an insurer.

(12) The insurer or HMO must [shall] file, with its annual statement filing, the approval of an exemption granted under paragraph (6) or (10) of this subsection with the states in which it does business or is authorized to do business and with the National Association of Insurance Commissioners. If a state, other than this state, in which the insurer or HMO does business or is authorized to do business accepts electronic filing, the insurer or HMO must [shall] file the approval in an electronic format acceptable to the National Association of Insurance Commissioners.

(i) Accountant's letter [Letter] of qualifications [Qualifications]. The audited financial report required under [the] Insurance Code §401.004 must be accompanied by a letter, provided by the accountant who performed the audit, that includes the representations and statements required under [the] Insurance Code §401.013, and a representation that the accountant is in compliance with the requirements specified in subsection (h) of this section.

(j) Communication of internal control matters noted [Internal Control Matters Noted] in audit [Audit].

(1) In addition to the audited financial report required by [the] Insurance Code Chapter 401, Subchapter A, and this section, each insurer or HMO shall provide to the Commissioner [commissioner] a written communication prepared by an accountant in accordance with the Professional Standards of the American Institute of Certified Public Accountants that describes any unremediated material weaknesses in its internal controls over financial reporting noted during the audit. The insurer or HMO must [shall] annually file with the Commissioner [commissioner] the communication required by this subsection not later than the 60th day after the date the audited financial report is filed. The communication must contain a description of any unremediated material weaknesses, as defined by Statement on Auditing Standards No. 112, "Communicating Internal Control Related Matters Identified in an Audit," or a successor document, as of the immediately preceding December 31, in the insurer's or HMO's internal control over financial reporting that was noted by the accountant during the course of the audit of the financial statements. The communication must affirmatively state if unremediated material weaknesses were not noted by the accountant.

(2) The insurer or HMO shall also provide a description of remedial actions taken or proposed to be taken to correct unremediated material weaknesses, if the actions are not described in the accountant's communication.

(k) Requirements for audit committees [Audit Committees].

(1) This subsection does not apply to the following:

(A) a foreign or alien insurer or HMO;

(B) an insurer or HMO that is a SOX-compliant entity;

(C) an insurer or HMO that is a direct or indirect wholly owned subsidiary of a SOX-compliant entity; or

(D) a non-stock insurer that is under the direct or indirect control of a SOX-compliant entity, including pursuant to the terms of an exclusive management contract.

(2) Except as provided in paragraphs (1) and (3) of this subsection, an insurer or HMO to which [the] Insurance Code Chapter 401, Subchapter A, applies must [shall] establish an audit committee conforming to the following criteria:

(A) an insurer or HMO with over $500 million in direct written and assumed premiums for the preceding calendar year shall establish an audit committee with an independent membership of at least 75 percent;

(B) an insurer or HMO with $300 million to $500 million in direct written and assumed premiums for the preceding calendar year shall establish an audit committee with an independent membership of at least 50 percent; and

(C) except as provided in paragraph (3) of this subsection, an insurer with less than $300 million in direct and assumed premiums for the preceding calendar year is not required to comply with the independence requirements in this subsection for its audit committee.

(3) Notwithstanding subsection (k)(1) and (10)[(9)] of this section, the Commissioner [commissioner ] may require the insurer's or HMO's board to enact improvements to the independence of the audit committee membership if the insurer or HMO:

(A) is in a risk-based capital action level event, as described by or provided in [the] Insurance Code Chapters 822, 841, 843, or 884 or rules adopted thereunder, including §7.402 of this title [chapter] (relating to Risk-Based Capital and Surplus Requirements for Insurers and HMOs);

(B) meets one or more of the standards of an insurer or HMO considered to be in hazardous financial condition as described by or provided in [the] Insurance Code Chapter 404, 441, or 843 or rules adopted thereunder, including Chapter 8 of this title (relating to Hazardous Condition)[(relating to Early Warning System for Insurers in Hazardous Condition)] and §11.811 of this title (relating to Action under Insurance Code §843.157 and Insurance Code §843.461)[§11.810 of this title (relating to Harzardous Conditions for HMOs)]; or

(C) otherwise exhibits qualities of a troubled insurer or HMO.

(4) An insurer or HMO with direct written and assumed premiums, excluding premiums reinsured with the Federal Crop Insurance Corporation and the National Flood Insurance Program, of less than $500 million may apply to the Commissioner [commissioner] for a waiver from the requirements of paragraphs (1), (2), (5), (6) and (8) - (13) [(5) - (12)] of this subsection based on hardship. The insurer or HMO shall file, with its annual statement filing, the approval of a waiver under this paragraph with the states in which it does business or is authorized to do business and with the National Association of Insurance Commissioners. If a state other than this state accepts electronic filing, the insurer or HMO shall file the approval in an electronic format acceptable to the National Association of Insurance Commissioners.

(5) In this subsection, direct written and assumed premiums for the preceding calendar year must [shall] be the combined total of direct premiums and assumed premiums from non-affiliates for the reporting entities.

(6) The audit committee is directly responsible for the appointment, compensation, and oversight of the work of any accountant, including the resolution of disagreements between the management of the insurer or HMO and the accountant regarding financial reporting, for the purpose of preparing or issuing the audited financial report or related work under [the] Insurance Code Chapter 401, Subchapter A, and this section. Each accountant shall report directly to the audit committee.

(7) The audit committee of an insurer or HMO or group of insurers or HMOs must be responsible for overseeing the insurer's or HMO's internal audit function and granting the person or persons performing the function suitable authority and resources to fulfill their responsibilities if required by subsection (l) of this section, relating to internal audit function requirements.

(8) [(7)] Each member of the audit committee must be a member of the board of directors of the insurer or HMO or, at the election of the controlling person, a member of the board of directors of an entity that controls the group of insurers or HMOs as provided under paragraph (11)[(10)] of this subsection and described under subsection (c)(3) of this section.

(9) [(8)] To be independent for purposes of this subsection, a member of the audit committee may not, other than in his or her capacity as a member of the audit committee, the board of directors, or any other board committee, accept any consulting, advisory, or other compensatory fee from the entity or be an affiliate of the entity or an affiliate of any subsidiary of the entity. To the extent of any conflict with a statute requiring an otherwise non-independent board member to participate in the audit committee, the other statute prevails and controls, and the member may participate in the audit committee unless the member is an officer or employee of the insurer or HMO or an affiliate of the insurer or HMO.

(10) [(9)] Except as provided in paragraph (3) of this subsection, if a member of the audit committee ceases to be independent for reasons outside the member's reasonable control, the member may remain an audit committee member of the responsible entity, if the responsible entity gives notice to the Commissioner [commissioner], until the earlier of:

(A) the next annual meeting of the responsible entity; or

(B) the first anniversary of the occurrence of the event that caused the member to be no longer independent.

(11) [(10)] To exercise the election of the controlling person to designate the audit committee under this section, the ultimate controlling person must provide written notice of the affected insurers or HMOs to the Commissioner [commissioner ]. Notice must be made before the issuance of the statutory audit report and must include a description of the basis for the election. The election may be changed through a notice to the Commissioner [commissioner] by the insurer or HMO, which must include a description of the basis for the change. An election remains in effect until changed by later election.

(12) [(11)] The audit committee must [shall] require the accountant who performs an audit required by [the] Insurance Code Chapter 401, Subchapter A, and this section to report to the audit committee in accordance with the requirements of Statement on Auditing Standards No. 114, "The Auditor's Communication With Those Charged With Governance," or a successor document, including:

(A) all significant accounting policies and material permitted practices;

(B) all material alternative treatments of financial information in statutory accounting principles that have been discussed with the insurer's or HMO's management officials;

(C) ramifications of the use of the alternative disclosures and treatments, if applicable, and the treatment preferred by the accountant; and

(D) other material written communications between the accountant and the management of the insurer or HMO, such as any management letter or schedule of unadjusted differences.

(13) [(12)] If an insurer or HMO is a member of an insurance holding company system, the report required by paragraph (12)[(11)] of this subsection may be provided to the audit committee on an aggregate basis for insurers or HMOs in the holding company system if any substantial differences among insurers or HMOs in the system are identified to the audit committee.

(l) Internal audit function requirements.

(1) An insurer or HMO is exempt from the requirements of this subsection if:

(A) the insurer or HMO has annual direct written and unaffiliated assumed premium, including international direct and assumed premium but excluding premiums reinsured with the Federal Crop Insurance Corporation and Federal Flood Program, less than $500 million; and

(B) the insurer or HMO is a member of a group of insurers or HMOs, the group has annual direct written and unaffiliated assumed premium including international direct and assumed premium, but excluding premiums reinsured with the Federal Crop Insurance Corporation and Federal Flood Program, less than $1 billion.

(2) An insurer or HMO or group of insurers or HMOs subject to this subsection must establish an internal audit function providing independent, objective, and reasonable assurance to the audit committee and insurer or HMO management regarding the insurer's or HMO's governance, risk management, and internal controls. This assurance must be provided by performing general and specific audits, reviews, and tests, and by employing other techniques deemed necessary to protect assets, evaluate control effectiveness and efficiency, and evaluate compliance with policies and regulations.

(3) In order to ensure that internal auditors remain objective, the internal audit function must be organizationally independent. Specifically, the internal audit function cannot defer ultimate judgment on audit matters to others and must appoint an individual to head the internal audit function who has direct and unrestricted access to the board of directors. Organizational independence does not prevent dual-reporting relationships.

(4) The head of the internal audit function must report to the audit committee regularly but no less than annually on the periodic audit plan, factors that may adversely impact the internal audit function's independence or effectiveness, material findings from completed audits, and the appropriateness of corrective actions implemented by management as a result of audit findings.

(5) If an insurer or HMO is a member of an insurance holding company system or included in a group of insurers or HMOs, the insurer or HMO may satisfy the internal audit function requirements set forth in this section at the ultimate controlling parent level, an intermediate holding company level, or the individual legal entity level.

(m) [(l)] Prohibited conduct [Conduct] in connection [Connection] with preparation [Preparation] of required reports [Required Reports] and documents [Documents].

(1) A director or officer of an insurer or HMO may not, directly or indirectly:

(A) make or cause to be made a materially false or misleading statement to an accountant in connection with an audit, review, or communication required by [the] Insurance Code Chapter 401, Subchapter A, or this section; or

(B) omit to state, or cause another person to omit to state, any material fact necessary in order to make statements made, in light of the circumstances under which the statements were made, not misleading to an accountant in connection with any audit, review, or communication required under [the] Insurance Code Chapter 401, Subchapter A, or this section.

(2) An officer or director of an insurer or HMO, or another person acting under the direction of an officer or director of an insurer or HMO, may not directly or indirectly coerce, manipulate, mislead, or fraudulently influence an accountant performing an audit under [the] Insurance Code Chapter 401, Subchapter A, or this section if that person knew or should have known that the action, if successful, could result in rendering the insurer's or HMO's financial statements materially misleading. For purposes of this paragraph, actions that could result in rendering the insurer's or HMO's financial statements materially misleading include actions taken at any time with respect to the professional engagement period to coerce, manipulate, mislead, or fraudulently influence an accountant:

(A) to issue or reissue a report on an insurer's or HMO's financial statements that is not warranted and would result in material violations of statutory accounting principles prescribed by the Commissioner [commissioner], generally accepted auditing standards, or other professional or regulatory standards;

(B) not to perform an audit, review, or other procedure required by generally accepted auditing standards or other professional standards;

(C) not to withdraw an issued report; or

(D) not to communicate matters to an insurer's or HMO's audit committee.

(n) [(m)] Report of internal control [Internal Control] over financial reporting [Financial Reporting].

(1) Each insurer or HMO required to file an audited financial report under [the] Insurance Code Chapter 401, Subchapter A, and this section that has annual direct written and assumed premiums, excluding premiums reinsured with the Federal Crop Insurance Corporation and the National Flood Insurance Program, of $500 million or more must [shall] prepare a report of the insurer's or HMO's or group of insurers' or HMOs' internal control over financial reporting. The report must be filed with the Commissioner [commissioner] with the communication described by subsection (j) of this section. The report of internal control over financial reporting shall be filed with the Commissioner [commissioner] as of the immediately preceding December 31.

(2) Notwithstanding the premium threshold under paragraph (1) of this subsection, the Commissioner [commissioner] may require an insurer or HMO to file the management's report of internal control over financial reporting if the insurer or HMO is in any risk-based capital level event or meets one or more of the standards of an insurer or HMO considered to be in hazardous financial condition as described by or provided in [the] Insurance Code Chapter 404, 441, 822, 841, 843, or 884 or rules adopted thereunder, including §7.402 of this title, Chapter 8 of this title, and §11.811 [§11.810] of this title.

(3) An insurer or HMO or a group of insurers or HMOs may file the insurer's or HMO's or the insurer's or HMO's parent's Section 404 report and an addendum if the insurer or HMO or group of insurers or HMOs is:

(A) directly subject to Section 404;

(B) part of a holding company system whose parent is directly subject to Section 404;

(C) not directly subject to Section 404 but is a SOX-compliant entity; or

(D) a member of a holding company system whose parent is not directly subject to Section 404 but is a SOX-compliant entity.

(4) A Section 404 report described by paragraph (3) of this subsection must include those internal controls of the insurer or HMO or group of insurers or HMOs that have a material impact on the preparation of the insurer's or HMO's or group of insurers' or HMOs' audited statutory financial statements, including those items listed in [the] Insurance Code §401.009(a)(3)(B) - (H) and (b). The addendum must be a positive statement by management that there are no material processes excluded from the Section 404 report with respect to the preparation of the insurer's or HMO's or group of insurers' or HMOs' audited statutory financial statements, including those items specified in [the] Insurance Code §401.009(a)(3)(B) - (H) and (b). If there are internal controls of the insurer or HMO or group of insurers or HMOs that have a material impact on the preparation of the insurer's or HMO's or group of insurers' or HMOs' audited statutory financial statements and those internal controls are not included in the Section 404 report, the insurer or HMO or group of insurers or HMOs may either file:

(A) a report under this subsection; or

(B) the Section 404 report and a report under this subsection for those internal controls that have a material impact on the preparation of the insurer's or HMO's or group of insurers' or HMOs' audited statutory financial statements not covered by the Section 404 report.

(5) The insurer's or HMO's management report of internal control over financial reporting must include:

(A) a statement that management is responsible for establishing and maintaining adequate internal control over financial reporting;

(B) a statement that management has established internal control over financial reporting and an opinion concerning whether, to the best of management's knowledge and belief, after diligent inquiry, its internal control over financial reporting is effective to provide reasonable assurance regarding the reliability of financial statements in accordance with statutory accounting principles;

(C) a statement that briefly describes the approach or processes by which management evaluates the effectiveness of its internal control over financial reporting;

(D) a statement that briefly describes the scope of work that is included and whether any internal controls were excluded;

(E) disclosure of any unremediated material weaknesses in the internal control over financial reporting identified by management as of the immediately preceding December 31;

(F) a statement regarding the inherent limitations of internal control systems; and

(G) signatures of the chief executive officer and the chief financial officer or an equivalent position or title.

(6) For purposes of paragraph (5)(E) of this subsection, an insurer's or HMO's management may not conclude that the internal control over financial reporting is effective to provide reasonable assurance regarding the reliability of financial statements in accordance with statutory accounting principles if there is one or more unremediated material weaknesses in its internal control over financial reporting.

(7) Management must [shall] document, and make available upon financial condition examination, the basis of the opinions required by paragraph (5) of this subsection. Management may base opinions, in part, on its review, monitoring, and testing of internal controls undertaken in the normal course of its activities.

(8) Management has discretion about the nature of the internal control framework used, and the nature and extent of the documentation required by paragraph (7) of this subsection, in order to form its opinions in a cost-effective manner and may include an assembly of or reference to existing documentation.

(9) The management's report of internal control over financial reporting required by this subsection and any supporting documentation provided in the course of a financial condition examination are considered examination information pursuant to [the] Insurance Code §401.058 and information described by [the] Insurance Code §401.201.

(o) [(n)] Transition dates [Dates].

(1) An insurer or HMO or group of insurers or HMOs whose audit committee as of September 1, 2010, is not subject to the independence requirements of subsection (k) of this section because the total written and assumed premium is below the threshold specified in subsection (k)(2)(A) or (B) of this section and that later becomes subject to one of the independence requirements because of changes in the amount of written and assumed premium, has one year following the year in which the written and assumed premium exceeds the threshold amount to comply with the independence requirements. An insurer or HMO that becomes subject to one of the independence requirements as a result of a business combination must comply with the independence requirements not later than the first anniversary of the date of the acquisition or combination.

(2) An insurer or HMO required to file an audited financial report under [the] Insurance Code Chapter 401, Subchapter A, and this section that has annual direct written and assumed premiums, excluding premiums reinsured with the Federal Crop Insurance Corporation and the National Flood Insurance Program, of $500 million or more for the reporting period ending December 31, 2010, and that has not had total written premium at the $500 million or more premium threshold amount in any prior calendar year reporting period must comply with the reporting requirements in subsection (n) [(m)] of this section no later than two years after the year in which the written premium exceeds the threshold amount required to file a report.

(3) An insurer or HMO or group of insurers or HMOs that is not required by subsection (n)(1) [(m)(1)] of this section to file a report beginning with the reporting period ending December 31, 2010, because the total written premium is below the threshold amount, and that later becomes subject to the reporting requirements, has two years after the year in which the written premium exceeds the threshold amount required to file a report. An insurer or HMO acquired in a business combination must comply with the reporting requirements not later than the second anniversary of the date of the acquisition or combination.

(4) An insurer or HMO or group of insurers or HMOs that no longer qualifies for the exemption in subsection (l)(1) of this section has one year after the year the threshold is exceeded to comply with the requirements of subsection (l)(1) of this section.

(p) [(o)] Severability. If any subsection or portion of a subsection of this section is held to be invalid for any reason, all valid parts are severable from the invalid parts and remain in effect. If any subsection or portion of a subsection is held to be invalid in one or more of its applications, the part remains in effect in all valid applications that are severable from the invalid applications. To this end, all provisions of this section are declared to be severable.

§7.89.Corporate Governance Annual Disclosure.

(a) Purpose. The purpose of this section is to implement Insurance Code Chapter 831 by providing the procedures for filing and the content of the corporate governance annual disclosures.

(b) Definitions. The definitions in Insurance Code §831.0002 apply to this section. Consistent with Insurance Code §831.0002(3), when used in this section the term "insurer" includes Health Maintenance Organizations. In addition, the following terms are defined as used in this section:

(1) Board--insurer's board of directors;

(2) CGAD--Corporate Governance Annual Disclosure;

(3) Senior Management--any corporate officer reporting information to the board of directors at regular intervals or providing this information to shareholders or regulators, and includes, but is not limited to, the chief executive officer, chief financial officer, chief operations officer, chief procurement officer, chief legal officer, chief information officer, chief technology officer, chief revenue officer, chief visionary officer, or any other senior level executive;

(4)TDI--Texas Department of Insurance.

(c)Filing procedures.

(1)Filing deadline. An insurer required to file a CGAD under Insurance Code §831.0001 must file it with TDI no later than June 1 of each calendar year.

(2)Signature. The CGAD must include a signature of the insurer's or insurance group's chief executive officer or corporate secretary attesting to the best of that individual's belief and knowledge that the insurer or insurance group has implemented the corporate governance practices and that a copy of the CGAD has been provided to the insurer's or insurance group's board of directors or appropriate committee.

(3) Submitting. Insurers and HMOs must submit the CGAD in an electronic format acceptable to TDI. The electronic filing address is provided on TDI's website at www.tdi.texas.gov.

(4) Format of CGAD. The insurer or insurance group have discretion over the format of the information required by this section and can customize the CGAD to provide the most relevant information necessary as long as it allows TDI to gain an understanding of the corporate governance structure, policies, and practices used by the insurer or insurance group.

(5) Level providing information.

(A) For purposes of completing the CGAD, the insurer or insurance group may choose to provide information on governance activities that occur at the ultimate controlling parent level, an intermediate holding company level or the individual legal entity level, depending on how the insurer or insurance group has structured its system of corporate governance.

(B) The insurer or insurance group is encouraged to make the CGAD disclosures at the level at which the insurer's or insurance group's risk appetite is determined, or at which the earnings, capital, liquidity, operations, and reputation of the insurer are overseen collectively and at which the supervision of those factors are coordinated and exercised, or the level at which legal liability for failure of general corporate governance duties would be placed.

(C) If the insurer or insurance group determines the level of reporting based on the criteria in paragraph (5)(B) of this subsection, it must indicate which of the three criteria was used to determine the level of reporting and explain any subsequent changes in level of reporting.

(6) Filing if CGAD is completed on insurance group level. If the CGAD is completed at the insurance group level, then it must be filed with the lead state of the group as determined by the procedures outlined in the most recent financial analysis handbook adopted by the National Association of Insurance Commissioners. In these instances, a copy of the CGAD must also be provided to the chief regulatory official of any state in which the insurance group has a domestic insurer, on request.

(7 )Annual filing of amended versions. Each year following the initial filing of the CGAD, the insurer or insurance group must file:

(A) an amended version of the previously filed CGAD indicating where changes have been made; or

(B) a letter stating that no changes were made in the information or activities reported by the insurer or insurance group since the previously filed CGAD. The letter must state the date of the previously filed CGAD.

(d) Content of CGAD. The insurer or insurance group must be as descriptive as possible in completing the CGAD, with inclusion of attachments or example documents that are used in the governance process, since these may provide a means to demonstrate the strengths of their governance framework and practices. The insurer or insurance group may reference other filings that were previously submitted to TDI instead of resubmitting similar information.

(e) CGAD considerations. The CGAD must describe the insurer's or insurance group's corporate governance framework and structure including consideration of the following:

(1) the board and various board committees ultimately responsible for overseeing the insurer or insurance group and the level at which that oversight occurs. The level of oversight may be at the ultimate controlling parent level, intermediate holding company control level, or the individual legal entity control level, depending on how the insurer or insurance group has structured its system of corporate governance. The insurer or insurance group must describe and discuss the rationale for the current board size and structure; and

(2) the duties of the board and each of its significant committees and how they are governed under the bylaws, charters, and informal mandates, as well as how the board's leadership is structured, including a discussion of the roles of chief executive officer and chairman of the board within the organization.

(f) Factors. The insurer or insurance group must describe the policies and practices of the most senior governing entity and its significant committees, including a discussion of the following factors:

(1) How the qualifications, expertise, and experience of each board member meet the needs of the insurer or insurance group.

(2) How an appropriate amount of independence is maintained on the board and its significant committees.

(3) The number of meetings held by the board and its significant committees over the past year as well as information on director attendance.

(4) How the insurer or insurance group identifies, nominates, and elects members to the board and its committees. The discussion should include:

(A) Whether a nomination committee is in place to identify and select individuals for consideration.

(B) Whether term limits are placed on directors.

(C) How the election and re-election processes function.

(D) Whether a board diversity policy is in place and if so, how it functions.

(5) The processes in place for the board to evaluate its performance and the performance of its committees, as well as any recent measures taken to improve performance, including any board or committee training programs that have been put in place.

(g) Additional factors. The insurer or insurance group must describe the policies and practices for directing senior management, including a description of the following factors:

(1) Any processes or practices (suitability standards) to determine whether officers and key persons in control functions have the appropriate background, experience and integrity to fulfill their prospective roles, including:

(A) identification of the specific positions for which suitability standards have been developed and a description of the standards employed; and

(B) any changes in an officer's or key person's suitability as outlined by the insurer's or insurance group's standards and procedures to monitor and evaluate such changes.

(2) The insurer's or insurance group's code of business conduct and ethics, the discussion of which considers, for example:

(A) compliance with laws, rules, and regulations; and

(B) proactive reporting of any illegal or unethical behavior.

(3) The insurer's or insurance group's processes for performance evaluation, compensation, and corrective action to ensure effective senior management throughout the organization, including a description of the general objectives of significant compensation programs and what the programs are designed to reward. The description must include enough detail to allow the director to understand how the organization ensures that compensation programs do not encourage and reward excessive risk taking. Elements to be discussed may include:

(A) the board's role in overseeing management compensation programs and practices;

(B) the various elements of compensation awarded in the insurer's or insurance group's compensation programs and how the insurer or insurance group determines and calculates the amount of each element of compensation paid;

(C) how compensation programs are related to both company and individual performance over time;

(D) whether compensation programs include risk adjustments and how those adjustments are incorporated into the programs for employees at different levels;

(E) any "clawback provisions" built into the programs to recover awards or payments if the performance measures upon which they are based are restated or otherwise adjusted; and

(F) any other factors relevant in understanding how the insurer or insurance group monitors its compensation policies to determine whether its risk management objectives are met by incentivizing its employees.

(4) The insurer's or insurance group's plans for chief executive officer and senior management succession.

(h) Oversight. The insurer or insurance group must describe the processes by which the board, its committees, and senior management ensure an appropriate amount of oversight to the critical risk areas impacting the insurer's business activities, including a discussion of:

(1) how oversight and management responsibilities are delegated between the board, its committees, and senior management;

(2) how the board is kept informed of the insurer's strategic plans, the associated risks, and steps that senior management is taking to monitor and manage those risks; and

(3) how reporting responsibilities are organized for each critical risk area. The description should allow the board to understand the frequency at which information on each critical risk area is reported to and reviewed by senior management and the board. This description may include the following critical risk areas of the insurer:

(A) risk management processes. An ORSA summary report filer may refer to its ORSA summary report under Insurance Code Chapter 30;

(B) actuarial function;

(C) investment decision-making processes;

(D) reinsurance decision-making processes;

(E) business strategy/finance decision-making processes;

(F) compliance function;

(G) financial reporting/internal auditing; and

(H) market conduct decision-making processes.

(i) Severability. If any portion of this section, or its application to any person or circumstance, is held invalid, the determination does not affect other portions of this section or its applications that can be given effect without the invalid portion or application. To this end, the provisions of this rule are severable.

The agency certifies that legal counsel has reviewed the proposal and found it to be within the state agency's legal authority to adopt.

Filed with the Office of the Secretary of State on August 5, 2020.

TRD-202003177

James Person

General Counsel

Texas Department of Insurance

Earliest possible date of adoption: September 20, 2020

For further information, please call: (512) 676-6584