Sec. 12.3. (a) This section does not apply to a domestic insurer that meets the following requirements:

(1) The domestic insurer has annual direct written and unaffiliated assumed premiums (including international direct and assumed premiums and excluding premiums reinsured with the Federal Crop Insurance Corporation and Federal Flood Program) of less than five hundred million dollars ($500,000,000).

(2) If the domestic insurer is a member of a group of insurers, the group has annual direct written and unaffiliated assumed premiums (including international direct and assumed premiums and excluding premiums reinsured with the Federal Crop Insurance Corporation and Federal Flood Program) of less than one billion dollars ($1,000,000,000).

A domestic insurer or group of insurers described in this subsection shall comply with the requirements of this section not later than one (1) year after the year in which the domestic insurer's or group's annual direct written and unaffiliated assumed premiums described in subdivisions (1) and (2) exceed the applicable maximum amount specified in subdivision (1) or (2).

(b) A domestic insurer shall establish an internal audit function to:

(1) provide independent, objective, and reasonable assurance to the domestic insurer's audit committee and management concerning the domestic insurer's governance, risk management, and internal controls;

(2) perform general and specific audits, reviews, and tests; and

(3) use other techniques considered necessary to protect assets, evaluate control effectiveness and efficiency, and evaluate compliance with policies and regulations.

(c) An internal audit function established under subsection (b) must be organizationally independent, as follows:

(1) Ultimate judgment concerning audit matters must be made by the department responsible for the internal audit function.

(2) The department responsible for the internal audit function shall appoint an individual:

(A) to be responsible for the internal audit function; and

(B) to have direct and unrestricted access to the board of directors of the domestic insurer.

The internal audit function's organizational independence does not preclude dual reporting relationships.

(d) The director of the internal audit function shall report to the audit committee of a domestic insurer on a regular basis, at least annually, concerning the following:

(1) The internal audit function's periodic audit plan.

(2) Factors that may adversely affect the internal audit function's independence or effectiveness.

(3) Material findings from completed audits.

(4) The appropriateness of corrective actions implemented by management as a result of audit findings.

(e) If a domestic insurer is a member of an insurance holding company system or a member of a group of insurers, the domestic insurer may satisfy the internal audit function requirements of this section at the ultimate controlling person level, an intermediate holding company level, or an individual legal entity level.

As added by P.L.146-2015, SEC.17. Amended by P.L.72-2016, SEC.7.