University of Illinois at Urbana – Champaign
College of Business
FIN 590 “Risk Management & Insurance”
“Sarbanes-Oxley Act of 2002 in its impact on the Insurance
Professor: Mark C.Vonnahme
Introduction ……………………………………………... 3
Circumstances that led to the Act ……………………… 4
The Act’s Important Provisions ……………………….. 5
The Impact on the Insurance Industry ……………….. 8
The Advantages and disadvantages of the Act on
Conclusion ……………………………………………… 18
References ……………………………………………… 19
Sarbanes-Oxley Act of 2002 or as many people call it “SOA” or “SOX” has virtually
changed the accounting profession and affected every single publicly traded company in
the United States since it is enactment in 2002.
In this research we will focus on the circumstances that led to this Act and how it affected
the Insurance Industry. We will address the advantages and the disadvantages of this Act,
and we will try to show the costs associated with this act and the effects on the Insurers
and how they responded to it.
We will conclude the research by emphasizing on the main and real effect on the
Insurance Industry and with a brief projection to the future concerning how the Insurance
Industry is going to deal with the act’s requirements and provisions.
Circumstances that led to the Act
The Act did not come without events that showed the necessities of its enactment. The act
was passed by U.S. Congress to protect investors from the possibility of fraudulent
accounting activities by corporations. When the Enron/Andersen scandal first unraveled
in late 2001, followed quickly by ImClone, Global Crossing, and similar stories,
Congress did very little. Several committees did hold hearings, and a number of bills
were introduced to address corporate misconduct. However, the differences between the
Senate, under Democratic control at the time, and the House of Representatives and
White House, under Republican control, on how to address the problems were so great
that no legislation appeared imminent. In fact, it appeared that the corporate reform effort
had completely stalled.
Then came a second wave of scandals, led by WorldCom and Adelphia in the summer of
2002. As the stock market continued to plummet only a few months before the fall
elections, Congress and the White House saw the need for action. This time, Congress
rushed to pass the complicated Sarbanes-Oxley Act before the August recess. The
previously controversial proposal had suddenly become very popular, passing 99-0 in the
Senate and 423-3 in the House. President Bush, who had earlier expressed skepticism
about some of the bill's main provisions, signed the measure into law on July 30.
However, implementation of the act did not go as smoothly. One of the most important
provisions of the act establishes the Public Company Accounting Oversight Board,
designed to prevent auditing abuses such as those seen at Enron. The Securities and
Exchange Commission (SEC) was given the responsibility of naming the five members
of this new board.
The search for a chairman and members of the new accounting oversight board was led
by SEC Chairman Harvey Pitt, who previously had represented the major accounting
firms and many large corporations as a highly successful securities lawyer. John Biggs,
head of a major pension fund and an advocate for strong accounting oversight, appeared
to be the SEC's initial choice to chair the new board. However, after substantial
opposition to Biggs surfaced, the SEC apparently changed course.
Rather, on a contentious 3-2 vote of the SEC, Pitt and the two other Republican
commissioners selected William Webster, a former federal judge and former head of both
the CIA and FBI, to be the first chairman. However, Pitt's staff failed to disclose that
Webster himself had been on the audit committee of a nearly insolvent public company
whose accounting practices were being investigated by the SEC. Within a few weeks,
both Pitt and Webster had announced their resignations. The incident embarrassed the
SEC and marred the reputation of the new accounting oversight board before it was even
officially in business.
The Act’s Important Provisions
The Sarbanes-Oxley Act set the broad outlines for reform, but left it to the SEC to
provide many of the details by regulation. The majority of these regulations were adopted
in late January, although some have delayed effective dates. The rule-making process was
the subject of heavy lobbying by the interest groups most affected. The following is a
broad overview of some key requirements of the law and the rules.
Restrictions on Auditors:
Once the accounting board begins operation, its job will be to register, oversee,
investigate, and discipline all accounting firms that audit public companies. The new law
also instructs the board to set auditing standards to be used by these accounting firms, a
crucial point if auditors are going to be more successful in uncovering future efforts at
Sarbanes-Oxley also imposes new auditor independence standards in response to
concerns that Andersen's audits of Enron may have been compromised by the fact that
the accounting firm was earning more from Enron for consulting services than for
auditing. An auditor is prohibited from "contemporaneously" providing a public company
auditing client with the following specific types of consulting or other non-audit services:
Auditors are not the only targets of Sarbanes-Oxley, as the act also includes a broad range
of provisions dealing with corporate governance. The audit committee of the board of
directors at any public company gains new power and responsibilities, and there are more
safeguards to ensure that audit committee members are not controlled by top management.
Audit committees now must pre-approve numerous audit and non-audit services,
although in many instances they may do so by putting in place policies and procedures to
be followed rather than actually reviewing each decision. Auditors must communicate to
the audit committee all "critical accounting policies" and any discussions of "material
accounting alternatives" that may affect how results are reported.
Officers and Directors:
CEOs and CFOs of public companies are required to personally certify the accuracy of
various financial reports, with significant criminal penalties for false certifications (up to
10 years in prison for "knowing" violations; up to 20 years if "willful"). While the
penalties sound significant, the government's difficulty in enforcing this provision will
likely come in proving that a corporate officer's inaccurate certification was done at least
"knowingly," as opposed to negligently or even recklessly.
A number of provisions add to or strengthen disclosure requirements placed on public
companies. All material off-balance sheet transactions or special purpose entities must be
disclosed in annual and quarterly financial reports. If a company uses pro forma numbers
in its financial reports or press releases, it must also show what the financial results
would be using generally accepted accounting principles.
Legal insider trading by company officers or directors must be reported much sooner,
within two business days. Other material changes to a company's financial condition must
be reported on a "rapid and current basis." Even the presence or absence of a company
ethics code for its senior financial officers, or any waiver of that code, must be disclosed.
In theory, the crime and punishment section appears to be one of the law's tougher
provisions. It creates new or broader federal crimes for obstruction of justice and
securities fraud, with maximum prison time of 20 or 25 years, respectively. Sentences for
many existing federal crimes were enhanced. Mail and wire fraud maximum penalties
were quadrupled, from 5 to 20 years. The maximum sentence for some securities law
violations was doubled from 10 to 20 years, and the maximum fine against a company for
the same offense was increased from $2.5 million to $25 million. In practice, the strength
of the criminal penalties portion of Sarbanes-Oxley will depend on the government's
success in prosecuting specific individuals. The statute's harsher penalties, of course,
cannot be used for any crimes that occurred before the new law was passed.
The Impact on the Insurance Industry
The impact on the Insurance Industry was huge, but mainly concentrated on two areas.
The first one is the Directors and Officers liability insurance “D&O Insurance”, and the
second area is the corporate governance and auditing procedures within the insurance
companies “Accounting costs”.
The liability risk for directors and officers has never been higher. Directors and officers
face increasing responsibility, heightened time commitments and lower investor tolerance
for performance and governance failures, all triggering potentially greater risks of
Audit committee members in particular are becoming responsible for appointing the
auditors, reviewing non-audit services, and overseeing procedures to encourage
whistleblowers. Senior corporate officers are now required to certify to the accuracy of
their corporation’s periodic reports and to the effectiveness of their corporation’s
disclosure controls and procedures.
At the same time, increases in securities class action settlements, September 11 losses
and depressed stock returns, among other things, have resulted in D&O insurance policies
with much higher premiums, increased deductibles and lower limits being offered by
fewer high-quality insurers during the past year with no improvement in sight. Obviously,
D&O insurance premiums are going to be higher after Sarbanes-Oxley Act. This reflects
the fact that many insurance companies perceive the huge liabilities they will incur if one
of their insured individuals was faulty. Since executives will be personally liable for the
accounting practices of their company, it is likely that the cost of directors and officers
("D&O") will increase substantially. According to a report released by General Re
Corporation, a subsidiary of Berkshire Hathaway Inc., which is a holding company for
global reinsurance and related operations, “financially strong companies can expect an
increase of 25-40% in D&O premiums and weaker companies can expect increases of up
However, this perceived increase in premiums for insurers is associated with the higher
risk to be taken. One objective of a D&O underwriter is to accurately assess risk so that
good insureds do not subsidize higher risk insureds. This is an area where a corporation's
insurance broker may help reduce the inherent asymmetric information flow between the
insured and the insurer in assessing risk. Information provided to the D&O underwriter
that provides a clear and open view of the internal controls and good corporate
governance should result in more favorable pricing and terms.
Even if the insurer took into account the previous points in writing the new form of D&O
policies, many will not be able to as a result of the tremendous amount of risk to be taken.
As released in General Re Corporation’s web site:
“Roughly 55 companies write D&O, including public, private and/or non-profit
companies. Many insurers exited the D&O market, as short-term profits evaporated over
an 18 to 24 month period; a few became insolvent or ceased writing all business. Now
only three or four primary insurance markets serve the large public D&O sector. These
insurers have considerable expertise and financial fortitude to underwrite more complex
D&O risks. New capacity seems to flow to the more stable, small company sector.
The other hot area, where the Insurance Industry affected by Sarbanes-Oxley is the
accounting cost for the Insurers themselves. Audit fees are expected to increase
approximately 38% during the first year of compliance with section 404, according to a
survey of public companies by Financial Executives International (FEI) in January 2004.
The survey also reveals that total costs of first-year compliance with section 404 could
exceed $4.6 million for each of the largest U.S. companies (companies with over $5
billion in revenues). Medium-sized and smaller companies will also incur significant
additional costs to comply with section 404, the survey finding an average projected cost
of almost $2 million. Interestingly, the projected costs are higher than originally
anticipated based on an FEI survey conducted the previous year.
This projected increase is consistent with PricewaterhouseCoopers’ June 2003 survey of
136 U.S.-based multinational corporations, which revealed that the number of senior
executives describing SOA compliance as costly had nearly doubled since its enactment,
from 32% to 60%. In a speech to the National Press Club in July 2003, SEC Chairman
William H. Donaldson said, “These are landmark rules; they will require hard work and
significant expenditures in the short run by corporations, but in the long term they will
result in sounder processes and more reliable financial reporting.” On the other hand,
almost half of the Pricewater-houseCoopers survey respondents believe SOA is a “well-
meaning attempt, but will impose unnecessary costs on companies.” To consider the cost-
benefit relationship, it is helpful to determine the areas where the costs of the compliance
may be borne.
Accounting and audit fees. Probably the most obvious costs are accounting and auditing
fees. The projected $2 million first-year cost of compliance with section 404 reported by
FEI in January 2004 is based on the following estimates (the lower and upper ranges
represent annual revenues of less than $25 million and over $5 billion, respectively):
Approximately 12,000 hours of internal work, ranging from 1,150 to 35,000
3,000 hours of external work, ranging from 846 to 6,197 hours;
Additional audit fees of $590,000, ranging from $52,000 to $1.5 million.
The PricewaterhouseCoopers survey noted above indicated an approximate 3 to 1 ratio of
internal to external new compliance costs. The following aspects of compliance were
rated as at least somewhat costly:
Documentation (mentioned by 74% of respondents);
Legal requirements (72%);
Detailed policy development (65%);
Attest requirements and certifications (59%);
Staff training (56%); and
Boards of directors and audit committees. A 2004 PricewaterhouseCoopers survey of
CFOs and managing directors indicated that boards and board audit committees had
increased the time and effort spent on corporate governance over the past year. Directors
are expected to have more input on company issues. Approximately half of audit
committees are holding longer meetings and are meeting more frequently. Compensation
paid to board members is rising, but only modestly. In fact, only 29% of boards that
reported spending more time were rewarded with increased compensation. Only 10% of
boards plan to increase compensation over the next year.
More important than the modest increase in compensation, other costs, such as liability
insurance and outside consulting fees, are also rising. Liability insurance, which insures
against personal liability for a wrongful act, will increase with the escalation of claims
over the last few years. Boards are hiring outside lawyers and consultants for advice on
their expanded role. In fact, new SEC requirements specifically give audit committees the
authority to engage independent counsel and other advisors that they determine necessary
to carry out their duties. The 2004 PricewaterhouseCoopers survey reported that 31% of
audit committees have engaged outside advisors to assist in meeting new requirements.
Similarly, KPMG Audit Committee Roundtable discussions with approximately 2,400
audit committee members and other executives in 2003 disclosed that 44% of audit
committee members had or would retain external advice over the next year.
Going public. According to a study conducted last year by the law firm Foley & Lardner,
senior management of public middle-market companies expect costs directly associated
with going public to increase by almost 100% as a result of new compliance provisions.
Not surprisingly, the number of companies going private in the one-year period after the
enactment of SOA has increased. Although the absolute dollar costs are higher for large
companies, the cost burden appears to fall disproportionately on smaller companies. If
young, growing companies must seek alternative sources of financing to going public,
their cost of capital will likely rise.
Decision-making and productivity. Will companies become more cautious and risk-
adverse in the post-SOA environment? If it takes longer to review major decisions, will
companies be less likely to make deals? Will the increased focus on compliance affect
productivity? The answer to all of these questions: Probably. If employees are spending
additional hours on things such as fine-tuning internal controls, evaluating and
reevaluating financial reports, and compiling more information for their board of
directors, other important activities are likely to suffer.
The “independent” director. A more indirect cost associated with directors may stem
from the new emphasis on the role of the “independent director.” SOA section 301,
which is also effective starting in 2004, stipulates that all audit committee members be
independent, defined as “not receiving, other than for service on the board, any
consulting, advisory, or other compensatory fee from the issuer, and as not being an
affiliated person of the issuer, or any subsidiary thereof.”
The Advantages and disadvantages of the Act on Insurers
An obvious advantage to the introduction of the SARBANES OXLEY ACT is the better
disclosure of all the accounting practices of the company. The investors will be better
able to analyze the company in the presence of an act governing these issues.
Also, since the act tries to keep the auditors away from providing any non audit related
services, there would be more transparency, and less possibility of committing fraudulent
activities, such as those witnessed during the ENRON case.
As margins begin to get squeezed in the face of increasing competition and the cushion of
investment returns begins to shrink, insurance companies, due to the added costs from
compliance of the SOX ACT, are looking to sharpen underwriting, cut overheads and
reduce claims leakage. They are also striving to improve risk management in the wake of
recent financial setbacks, solvency pressures and governance scandals. However, the
payoff from these efforts can already be seen in strengthening market confidence and a
resumption of acquisition activity following a relative lull earlier in the decade. The
outsourcing and strategic partnerships are also proving increasingly popular.
The compliance requirements are making many insurance companies to shift up a gear
and renew its focus on growth. Demand for savings, investments and health insurance is
likely to rise as the population ages and prepares for a longer retirement.
The ACT holds the senior directors personally accountable for all the disclosures made in
the accounts. Hence, due to this personal accountability, the directors, as well as the
companies would be very careful before making any disclosure
Also, with the criminal penalties attached to any material error or mistakes in the
disclosures, there would be a lot more care taken while making any statement in the
financial statements by companies.
Due to the reporting requirements, IT will be expected to have a critical role in SOX
Compliance. In Insurance, financial reporting draws upon transactional data from
accounting, underwriting, policy administration, claims, risk and capital management.
Thus, experts say that appropriate technology can enable insurers to meet SOX
requirements. Also, these same investments can enhance risk management across the
enterprise, improve IT architecture and data quality, and reduce costs through automating
time consuming, manual processes. However, as mentioned in the disadvantages, this
transition using the appropriate technology has not been smooth till now.
Another advantage with SOX ACT is that with SOX, insurers can’t just haul their records
out. Thus, if, for example, an insurance company goes through a merger or an acquisition,
it has to retain and produce any records relating to that merger or acquisition if and when
that information becomes material. This is an improvement, because, prior to SOX
compliance, records management used to be a big problem. Nobody really owned it. The
assumed responsibility used to be on the administrative staff, and there was no clear
provision as to the maintenance of the records.
The SOX ACT, 2002 also puts heightened pressure on insurance executives for improved
management information. This has driven interest in financial modeling tools, to better
handle stock market fluctuations and make better predictions.
Although there has been some discussions on the issue, there has been pretty much
consensus that even the Mutual Insurers will have to comply with the requirements of
SOX, although these insurers are not accustomed to such stringent financial reporting
standards and will find it difficult and expensive.
One disadvantage of the introduction of the SARBANES OXLEY ACT is the costs, the
direct and the indirect ones. As mentioned before in this review, there would be increased
costs on the companies, due to the compliance requirements of this Act.
Also, due to the compliance requirements, as mentioned before, the companies will take
longer to reach any decision. In some cases, the companies may not at all be able to take
a good decision, because of which the company may totally scrap the idea.
Again, it would be quite difficult, to find an “independent director”, who would be
unrelated to such an extent.
Another disadvantage to the insurance industry is that, experts say that the industry still
relies a lot on manual processes and ad-hoc measures to the fast-changing regulatory and
corporate governance demands. Experts believe that the industry is failing to fully
embrace the high business value of information technology when addressing regulatory
requirements such as HIPAA and corporate governance demands driven by this ACT. All
these factors cause the industry to spend valuable time in shifting to measures, which will
enable it to comply with its requirements faster. During this time, there could be more
inefficiency in the industry as a lot of the working time would be focused on the
compliance requirements of this ACT.
The experts continue to believe that a smooth and quick transition to the SOX ACT
compliant measures would require the companies to upgrade to the appropriate
technology. This will cost some more than the costs mentioned before.
For Mutual Insurers, one disadvantage would be the stringent financial reporting
requirements of SOX ACT. Until this time, these companies have never been put to such
stringent reporting. Hence, to have the compliance for such stringent requirements would
be pretty difficult and expensive.
Hence, to conclude, SARBANES OXLEY ACT has been passed to improve the
transparency in the reporting by the companies. It has been passed keeping the investors
in consideration. By improving the disclosure requirements, the investors would be able
to make better investment. Also, issues like ENRON and WORLDCOM would be
reduced. It was time that the government came out with a solid solution to these issues.
With all its compliance requirements and its disadvantages, it provides a lot of
advantages. It provides a step towards uniform disclosure requirements, as well as
investor protection. Hence, it would only make sense to have all companies comply with
the requirements. However, the future of SOX compliance depends on the ability of
businesses to respond to such areas as project mindset, overextension of internal audit,
poorly defined roles, improvisational approach, underestimation of technology impacts
and implications and ignored risks. It will, however, also improve the reporting for all the
companies. Insurance companies are part of a whole cycle of national business in the US,
and they will continue to struggle in keeping the compliance with the act’s provisions,
even if it is costing them a lot. This eventually will correspond to the words have been
always said “hard work always pay off” as the insurance companies starts to gain from
correctly complaining with the act.