Sec. 1028.
(1) An insurer is exempt from the requirements of this section if the insurer has annual direct written and unaffiliated assumed premium, including international direct and assumed premium but excluding premiums reinsured with the Federal Crop Insurance Corporation and National Flood Insurance Program less than $500,000,000.00 and if the insurer is a member of a group of insurers that has annual direct written and unaffiliated assumed premium including international direct and assumed premium, but excluding premiums reinsured with the Federal Crop Insurance Corporation and National Flood Insurance Program less than $1,000,000,000.00.
(2) An insurer or group of insurers not exempt under subsection (1) shall establish an internal audit function providing independent, objective, and reasonable assurance to the audit committee and management regarding the insurer's governance, risk management, and internal controls. This assurance must be provided by performing general and specific audits, reviews and tests, and by employing other techniques considered necessary to protect assets, evaluate control effectiveness and efficiency, and evaluate compliance with policies and regulations.
(3) General and specific audits performed under this section are not considered an insurance compliance self-evaluative audit under section 221. Documents prepared or produced as a result of or in connection with audits performed under this section must be disclosed to the director on written request. Except as otherwise provided in this subsection, the director shall withhold from public inspection all information and documents submitted to the department under this section and these items are confidential, are not subject to subpoena, are not subject to disclosure under the freedom of information act, 1976 PA 442, MCL 15.231 to 15.246, and must not be divulged to any person. However, the director may divulge the information and documents described in this subsection to a relevant state or federal agency, or to the National Association of Insurance Commissioners, if the director receives assurances that the information and documents will be kept confidential. The director shall not use the information and documents submitted under this section to form the sole basis for an examination under section 222.
(4) To ensure that internal auditors remain objective, the internal audit function must be organizationally independent. Specifically, the internal audit function must not defer ultimate judgment on audit matters to others, and must appoint an individual to head the internal audit function who will have direct and unrestricted access to the board of directors. Organizational independence does not preclude dual-reporting relationships.
(5) The head of internal audit function shall report to the audit committee regularly, but no less than annually, on the periodic audit plan, factors that may adversely impact the internal audit function's independence or effectiveness, material findings from completed audits, and the appropriateness of corrective actions implemented by management as a result of audit findings.
(6) If an insurer is a member of an insurance holding company system or included in a group of insurers, the insurer may satisfy the internal audit function requirements set forth in this section at the ultimate controlling parent level, an intermediate holding company level, or the individual legal entity level.
(7) An insurer that meets the premium thresholds under this section must have an internal audit function and must have the function in place by no later than January 1, 2021. If an insurer or group of insurers that is exempt no longer qualifies for the exemption, it has 1 year after the year the threshold is exceeded to comply with the requirement.
History: Add. 2020, Act 17, Imd. Eff. Jan. 27, 2020
Popular Name: Act 218