Under the gun: Sarbanes-Oxley compliance requires significantly more investment than public insurers anticipated. Now mutuals may have to comply as well.
Insurers that are well along the road to compliance have found that implementation costs exceed their initial estimates. A recent study by Financial Executives International found companies' total costs for first-year Section 404 compliance averaged $4.36 million, up 39% from the $3.14 million they expected to pay, based on an earlier study. The increase stems largely from a 66% rise in external costs for consulting, software and other vendors and a 58% increase in the fees charged by external auditors.
Stemming from corporate malfeasance uncovered during the past few years, and exemplified by Enron Corp., the corporate accountability required by Sarbanes-Oxley is under consideration by the National Association of Insurance Commissioners, which may incorporate sections of it into model legislation that could apply across the board to both public and mutual insurers.
If provisions of Sarbanes-Oxley are brought to bear on mutuals, those insurers are likely to fred the cost of compliance to be on par with the experience of their public counterparts--particularly in terms of the act's controversial and costly Section 404, which requires the signatures of the chief executive officer and chief financial officer on the company's annual report certifying that the financial reporting follows all the rules.
"I think the act itself, there's nothing wrong with it. In fact, we were one of the few business organizations that supported it,' said FEI President Colleen Cunningham. "The issue is in the implementation. It's not that we're not getting benefits out of it. I think it's more that the costs far outweigh the minimal benefits we're getting."
Cost to Benefits
Early reports on the securities front, however, show other views.
At an April round table of the U.S. Securities and Exchange Commission, some company executives said that, while Sarbanes-Oxley compliance is costly, the benefits do outweigh costs.
At least one insurance executive at the meeting praised the process as reinvigorating companies' attention to control processes that most already had in place.
"Leading up to Sarbanes, external auditors had more or less stopped relying on the systems of internal controls that companies had," said Jonathan Michael, president and chief executive officer of specialty insurer RLI Corp.
"There are so many more vehicles available to auditors through computerization that a lot of their testing did not necessarily revolve around the operations of companies, but instead, used outside information to validate transaction flows. I think that contributed to companies becoming more lax, not on exercising internal controls, but on documenting their control mechanisms."
Doug Stolte, Virginia's deputy commissioner, head of the NAIC/American Institute of Certified Public Accountants working group and a member of the Title IV subgroup, said regulators agree the value of added high-quality internal controls and CEO sign-off will prove to be priceless in the future.
"The question that I always pose is that the rest of the financial services industry has had to comply; what makes the insurance industry different?" Stolte said. "The general public and the policyholders deserve to only have financially solvent insurers out there writing business. And the way we monitor solvency is though the review of the financial statements filed to us."
Making New Rules
A chorus of industry advocates is expressing concerns about compliance costs and what the final proposal will require. One voice has been that of Steve Broadie, vice president of financial legislation and regulation for the Property Casualty Insurers Association of America, which represents more than 1,000 companies that write some 39% of the nation's P/C policies.
In addition to the looming aspect of cost, Broadie said insurers are concerned with an apparent "lack of definition" on behalf of the NAIC with regard to folding sections of Sarbanes-Oxley into insurance regulation.
"The NAIC has assumed that this is needed but they haven't really tried to engage in any analysis of whether or not Sarbanes-Oxley Section 404 is needed in the insurance regulatory scheme:' Broadie said." PCI is strongly in favor of good corporate governance and accurate financial reporting, and so are our members, but they don't see the benefit; or some may see a little benefit, but in comparison with the enormous costs that they feel they're going to incur, they certainly question whether it's worth it."
Others wonder why the NAIC hasn't issued a cost-benefit analysis before proceeding with a plan to vote on the model law by its quarterly meeting in December.
"It does not appear responsible to us, for the NAIC to impose added regulation requirements without attention to the consequential cost of compliance," said William Boyd, financial regulation manager for the National Association of Mutual Insurance Companies, with more than 1,400 member companies and 43% of U.S. property/casualty premiums.
Stolte has argued that it's too early to consider such a study since "we haven't even determined what we're going to come out with on Title IV, let alone discuss precisely how we're going to implement it."
Still, some who are experienced with the compliance measures required of Sarbanes-Oxley are reporting positive results.
According to a study by the U.S. national law firm of Foley & Lardner, private and nonprofit sector companies that volunteered to take on "best practices" sections--excluding Section 404--of the Sarbanes-Oxley Act have been pleased with the results.
"About 78% felt the corporate governance reforms were about right," said Paul Broude, a partner of the firm. But that positive view might change if and when Section 404 enters the picture for private companies, he said. "I think that most people have formed an opinion as to whether the costs outweigh the benefits. You might see some change over time where public companies are forced into Section 404 compliance. Then I think you might see more dissatisfaction and more people saying that the costs outweigh the benefits."
To aid in the effort of incorporating certain sections of Sarbanes-Oxley into insurance regulation, some public company principals have joined with the "interested parties" working group of the NAIC's Sarbanes-Oxley project.
One Company's Close Encounter with Sarbanes-Oxley
Kim Thorpe cares. As executive vice president chief financial officer of medical professional liability insurer FPIC Insurance Group Inc., Thorpe has been there, done that and is now advising others on how to do the same as the ground is laid for mutual insurers to comply with "best practices" sections of the Sarbanes-Oxley Act of 2002.
As a member of the "interested parties" group associated with the National Association of Insurance Commissioners' Sarbanes-Oxley compliance project, Thorpe joins representatives of other publicly traded and private insurers and insurer advocacy groups in offering advice to regulators who are proceeding full throttle to vote, as early as December, on whether or not sections II, III and IV of the act should become part of model regulation.
For Thorpe's company of 600 employees spread out among four U.S. locations, the cost of compliance, diversion of human resources and time spent on the project were among other factors which were unknown going forward.
In the end, FPIC spent more money and time and assigned more employees than originally expected.
"We had an estimate but not a precise budget," Thorpe said. "Our initial thinking of what the costs would be was in the range of $1.2 million to $1.5 million. It ended up taking significantly more time than we originally envisioned. When you consider time, that's money. This was truly a very large and complex effort. It took nearly 12 months to do it. At one point or another, more than 45 of our people participated in the project, 20 of whom devoted significant time, including senior management. We used more than 12 outside consultants and purchased 18,000 hours of consultant time.
"All in all, and this is a very rough estimate, we believe management and company personnel spent about 7,000 hours on it. And through Dec. 31, 2004, we incurred $2.5 million in direct costs on top of internal time, including the cost of consultants, software and independent audit," he said.
Other burdens. Thorpe reported, included a constant flow of evolving interpretations by the accounting profession and others on the law--FPIC started early in 2004 and was still obtaining Sarbanes-Oxley interpretation through December 2004. and to some extent thereafter--and auditors who spent significantly more time on control activities at the transactions level rather than the corporate governance level, "where most agree the risk of fraud is greatest."
In an effort to persuade NAIC regulators to use a kinder and gentler approach when incorporating Sarbanes-Oxley language into insurance regulation, Thorpe said the "interested parties" group wants to bring its experience to the table so that others won't run into the same pitfalls.
One aspect that worked in FPIC's favor was to plan ahead and start early.
While other publicly traded companies might have lost focus along the way as to the overall, long-term goal, FPIC applied project management disciplines and hired staff versed in Sarbanes-Oxley compliance, so in the future, when the annual audit comes along, other personnel won't get pulled away from their primary responsibilities. The company also put in place a $40,000 database to house documentation.
So what's Thorpe's advice for private insurance companies that might one day soon have Sarbanes-Oxley knocking at their door?
"What I would say to them is to pay close attention to the deliberations of the [NAIC/American Institute of Certified Public Accountants working group]," Thorpe said. "Two key goals of the 'interested parties' group are to ensure that the already substantial regulation of insurers is duly considered and that the NAIC doesn't inadvertently adopt the same unnecessary burdens and inefficiencies that public companies have already endured."
Sarbanes-Oxley Section 404 Implementation
A study by Financial Executives International, a not-for-profit organization, broke down the actual costs to comply with the Sarbanes-Oxley Act of 2002 in the first year and compared those numbers to an earlier survey on expected compliance costs. Results were published in March 2005.
* Less Than $100 Million * $100 Million-$499 Million * $500 Million-$999 Million * $1 Billion-$4.9 Billion * Greater than $5 Billion
Mean $1,337,935 Estimated Mean $1,283,400
Mean $1,716,987 Estimated Mean $1,037,100
Auditor Attestation Fees
Mean $1,301,050 Estimated Mean $823,200
Mean $4,355,972 Estimated Mean $3, 143,685
Top Concerns About Sarbanes-Oxley Compliance Requirements Among those responding to a survey sent to more than 3,000 NASDAQ issuers, cost was cited as the top Sarbanes-Oxley compliance concern. Cost of compliance too high 90.2% The opportunity cost to my company because resources 67.8% are redirected from risk management areas to SOX Rule structure does not adjust for size of companies 67.0% Lack of clarity for implementation requirements 61.4% Auditors are too conservative on compliance and 50.3% materiality SOX discourages companies from going public 42.8% The act is unnecessary 26.4% Implementation will result in too many companies 14% that do not certify Source: NASDAQ, April 2005 Note: Table made from bar graph. Benefits vs. Costs A study by the law firm Foley & Lardner LLP found that, excluding the controversial Section 404 of the Sarbanes-Oxley Act of 2002, companies by and large believe compliance costs either outweigh or are equal to the benefit gained. 2004 2005 Benefits outweigh cots 23% 29% Benefits = Costs 40% 38% Costs outweigh benefits 27% 28% Don't know/No answer 10% 4% Source: Foley & Lardner LLP
* The National Association of Insurance Commissioners is considering folding sections of the Sarbanes-Oxley act of 2002 into insurance regulation.
* Of the "best practices" improvements included in the act, Title IV, Section 404, is the most controversial and costly.
* The chief complaint of public companies that have recently come into compliance with Sarbanes-Oxley has focused on cost.
A.M. Best Company # 04210 (RLI Insurance Co.) Distribution: Branch offices, wholesales brokers, independent agents
FPIC Insurance Group Inc.
A.M. Best Company $ 18457 Distribution: Independent agents, brokerage firms, managing general agents, direct
For ratings and other financial strength information about these companies, visit www.ambest.com
|Printer friendly Cite/link Email Feedback|
|Title Annotation:||Regulatory/Law: Sarbanes-Oxley Act of 2002|
|Comment:||Under the gun: Sarbanes-Oxley compliance requires significantly more investment than public insurers anticipated.|
|Date:||Jun 1, 2005|
|Previous Article:||A new chapter in title insurance: state and federal probes are changing the way title insurers do business.|
|Next Article:||Hook, line and sinker: life insurers and their policyholders could be the next targets of online phishing scams.|