The Model Audit Rule: Best Practices for Insurers

Ensuring a More Effective Path to MAR Compliance for Private Insurance Companies

The Model Audit Rule (MAR), also known as Model Audit Rule 205, is a set of regulations established to enforce rigorous standards for financial reporting and auditing within the insurance industry. Developed by the National Association of Insurance Commissioners (NAIC), the MAR seeks to enhance the reliability of financial disclosures and maintain the integrity of reporting practices in the insurance field.

To achieve Model Audit Rule compliance, it’s important to work with a trusted advisor with in-depth knowledge of the insurance industry and an understanding of the intricate regulatory compliance challenges insurers face.

MAR vs SOX

The MAR was developed to align with the Sarbanes-Oxley Act (SOX) of 2002, which imposed stringent requirements on public companies to enhance corporate governance and financial disclosures. While SOX directly applies to publicly traded companies, the MAR extends similar principles to insurance companies to protect policyholders and maintain market integrity. It requires insurers to adopt rigorous internal controls over financial reporting and undergo independent audits.

Although it shares similar goals with the SOX, which governs publicly traded companies, the MAR is specifically tailored to meet the distinctive requirements of both privately held and publicly traded insurance firms. Unlike SOX, which applies to all publicly traded companies, the MAR specifically imposes certain enhanced requirements on insurance companies with more than $500 million in direct written and assumed premiums.

MAR’s Impact on Insurance Companies

The implementation of MAR has significantly impacted the operational and financial management practices of insurance companies. The key impacts include:

• Enhanced Transparency: By requiring detailed financial reporting and robust internal controls, MAR has improved insurers' transparency and accountability, thereby increasing stakeholder confidence.
• Increased Compliance Costs: Insurers have faced increased costs related to compliance, primarily due to the need for more comprehensive internal control systems and external audit fees. However, these costs are generally viewed as necessary investments to ensure financial integrity.
• Improved Risk Management: The rule encourages insurers to adopt more effective risk management practices, as it necessitates the identification and mitigation of financial reporting risks.

Benefits MAR Provides for Insurers

The MAR has been particularly influential for insurers for the following reasons:

• Enhanced Financial Transparency and Accountability: MAR requires detailed financial reporting and independent audits to ensure the accuracy of insurers' financial statements. This transparency is vital for stakeholders, like regulators and investors, to make informed decisions.
• Strengthened Internal Controls: By mandating effective internal controls over financial reporting, MAR helps prevent misstatements and fraud, while promoting operational efficiency and legal compliance.
• Alignment With Regulatory Standards: The MAR aligns insurance companies with broader regulatory standards, such as those of the Sarbanes-Oxley Act, ensuring high standards of corporate governance and financial integrity in the industry.
• Protection for Policyholders: By promoting sound financial practices and stability, MAR reduces the risk of insurer insolvency, ensuring companies can fulfill their obligations to policyholders.
• Facilitation of Risk Management: The emphasis on internal controls and audits encourages better risk management practices, helping insurers identify and mitigate risks related to financial reporting for sustained financial health.

Common Challenges MAR Poses for Insurers

While MAR has brought about positive change, insurance companies have encountered several challenges, including:

• Complex Implementation: Establishing and maintaining effective internal controls requires significant effort, particularly for smaller insurers with limited resources. Companies must invest in training and development to ensure employees understand and can implement these controls.
• Complex Risk Profiles: MAR companies deal with complex and high-value risks, requiring specialized audit expertise.
• Regulatory Pressure: The need to comply with multiple regulatory frameworks can be demanding.
• Balancing Costs and Benefits: Insurers must carefully balance the costs associated with compliance against the benefits of improved financial reporting and risk management. Efficiently allocating resources to areas of greatest risk is crucial.
• Ongoing Monitoring and Adaptation: As the regulatory environment evolves, insurers must continually monitor and adapt their practices to remain compliant. This requires staying informed about changes in regulations and industry best practices.

Subscribe and stay on top of it all.

Join our mailing list and be the first to receive alerts, newsletters and webinar invitations by email.

Subscribe

MAR Compliance Requirements

Insurance companies exceeding $500 million in direct written and assumed premiums must:

• Submit an annual financial statement audit by an independent CPA
• Report on Internal Control Over Financial Reporting (ICOFR); and
• Establish an audit committee and adequate corporate governance oversight

MAR Implementation Guide for Insurers

Implementing and maintaining compliance with the MAR presents several challenges for insurance companies, which vary depending on the size and complexity of the organization. Here is a snapshot of how our insurance team can help in your Model Audit Rule compliance journey.

• Risk Assessment: Conducting a risk assessment involves input from business lines, strategic objectives and qualitative and quantitative data to thoroughly examine your company. This detailed review produces a comprehensive report that highlights the most pressing risks requiring your attention, along with anticipated risks based on your risk profile and current industry and regulatory trends.
• Map Controls to Financial Statement Line Items: Aligning financial reporting controls to correspond with management assertions and risks is a crucial next step. Furthermore, management should scope financially significant areas for MAR, based on materiality.
• Assess Both Design and Operational Effectiveness: To evaluate the design effectiveness of controls, you can start by conducting inquiries and performing a walk-through of the control processes. This approach helps insurers understand how the controls are structured and whether they are appropriately designed to mitigate risks. However, to assess how well these controls function in practice, you need to perform control testing. This involves evaluating the actual operation of controls to ensure they are working as intended. Your MAR methodology might incorporate a rotating schedule for annual control testing, allowing different controls to be tested at various intervals, ensuring comprehensive coverage and efficient resource use.
• Use More Preventive Controls: Ideally, controls should be designed to prevent errors or misstatements, rather than detecting them after the fact. This proactive approach improves the reliability and accuracy of financial reporting by addressing potential issues before they affect financial statements. By focusing on prevention, insurance companies can minimize errors and reduce the need for later corrections, allowing for more effective and efficient control systems.
• Prioritize Quality Controls: Insurers should choose quality controls over quantity. Controls should be reexamined and limited to those that genuinely drive risk mitigation.
• Continue Seeking New Opportunities: MAR reporting needs to be more than just an annual compliance exercise. Rather, it should be recognized as a valuable tool that is part of your ongoing strategic risk management process. In this way, systematic, continuous assessment can help drive ongoing remediation.
• Ensure Continuous Compliance: Stay informed about changes in regulatory requirements and adjust your framework accordingly. Conduct periodic reviews to ensure ongoing compliance with MAR and other applicable regulations.

Internal Audit Insurance Considerations

Whether your insurance company decides to implement a formal control structure through MAR, SOX, or other methods, internal audit is an important component of risk management and compliance. Having an internal audit structure and adequate resources can help mitigate insurance-specific risks and improve various areas including:

• Underwriting and Claims: Ensuring that underwriting processes are robust, and claims are handled efficiently and accurately.
• Reinsurance Arrangements: Reviewing insurance contracts and arrangements to ensure they are appropriately managed and accounted for.
• Premiums: Ensuring efficiency of the collection process and furthermore ensuring rates and billable amounts are accurately recorded.
• Financial Reporting: Ensuring the accuracy and reliability of financial data and reports.
• IT Systems: Evaluating the security and reliability of IT systems, especially given the digitalization of insurance processes.

Co-Sourcing in Insurance Companies

What Is Co-Sourcing?

Co-sourcing involves partnering with external service providers to complement the internal audit function, such as sharing resources, expertise and technology. Co-sourcing opens the door to specialized skills and knowledge, enhanced flexibility and potential cost savings.

Applying Co-Sourcing in Insurance

• Specialized Expertise: Co-sourcing partners can bring expertise in areas like actuarial analysis, information technology (IT) audits and regulatory compliance, which are critical in this sector.
• Scalability: Companies can scale their audit efforts based on demand, especially during peak regulatory reporting periods.

Choosing a Co-Sourcing Partner

• Experience and Reputation: Look for partners with deep industry knowledge of the insurance industry. Given the unique regulatory requirements and operational structure with third-party administrators (TPAs), engaging a trusted advisor who understands your business is key.
• Technological Capabilities: Ensure the partner has the necessary technology and tools to support advanced data analytics and audit processes.
• Cultural Fit: Alignment in terms of company culture and values can improve collaboration and effectiveness.

Co-Sourcing Challenges & Considerations

• Data Security: Ensuring sensitive data is protected when shared with external partners.
• Coordination: Managing the relationship and communication between internal and external teams to ensure cohesive functioning.

How Cherry Bekaert Can Help 

Leveraging both internal audits and co-sourcing can enhance risk management, ensure regulatory compliance and improve operational efficiency. The complexity and specificity of risks in the insurance sector make it essential to have access to specialized skills, either in-house or through external partnerships. Effective internal audit and co-sourcing strategies can provide a competitive edge by ensuring robust control environments and compliance with industry standards.

It’s crucial to enlist a trusted advisor with extensive insurance industry experience and an understanding of the complex regulatory and risk challenges insurance companies face. Cherry Bekaert’s Insurance Practice understands the intricacies of statutory and insurance standards, ensuring your organization’s financial integrity while avoiding unnecessary red tape and adding value to your business.

Connect With Us