(1) Within one hundred twenty days of receipt of a plan of management and operation, the state risk manager shall either approve or disapprove the formation of the self-insurance program after reviewing the plan to determine whether the proposed program complies with this chapter and all rules adopted in accordance with this chapter.
(2) If the state risk manager denies a request for approval, the state risk manager shall specify in detail the reasons for denial and the manner in which the program fails to meet the requirements of this chapter or any rules adopted in accordance with this chapter.
(3) Whenever the state risk manager determines that a joint self-insurance program covering property or liability risks or an individual or joint self-insured health and welfare benefits program is in violation of this chapter or is operating in an unsafe financial condition, the state risk manager may issue and serve upon the program an order to cease and desist from the violation or practice.
(a) The state risk manager shall deliver the order to the appropriate entity or entities directly or mail it to the appropriate entity or entities by registered mail with return receipt requested.
(b) If the program violates the order or has not taken steps to comply with the order after the expiration of twenty days after the cease and desist order has been received by the program, the program is deemed to be operating in violation of this chapter, and the state risk manager shall notify the state auditor and the attorney general of the violation.
(c) After hearing or with the consent of a program governed by this chapter and in addition to or in lieu of a continuation of the cease and desist order, the risk manager may levy a fine upon the program in an amount not less than three hundred dollars and not more than ten thousand dollars. The order levying such fine shall specify the period within which the fine shall be fully paid. The period within which such fines shall be paid shall not be less than fifteen nor more than thirty days from the date of such order. Upon failure to pay any such fine when due the risk manager shall request the attorney general to bring a civil action on the risk manager's behalf to collect the fine. The risk manager shall pay any fine so collected to the state treasurer for the account of the general fund.
(4) Each self-insurance program approved by the state risk manager shall annually file a report with the state risk manager and state auditor providing:
(a) Details of any changes in the articles of incorporation, bylaws, or interlocal agreement;
(b) Copies of all the insurance coverage documents;
(c) A description of the program structure, including participants' retention, program retention, and excess insurance limits and attachment point;
(d) An actuarial analysis, if required;
(e) A list of contractors and service providers;
(f) The financial and loss experience of the program; and
(g) Such other information as required by rule of the state risk manager.
(5) No self-insurance program requiring the state risk manager's approval may engage in an act or practice that in any respect significantly differs from the management and operation plan that formed the basis for the state risk manager's approval of the program unless the program first notifies the state risk manager in writing and obtains the state risk manager's approval. The state risk manager shall approve or disapprove the proposed change within sixty days of receipt of the notice. If the state risk manager denies a requested change, the risk manager shall specify in detail the reasons for denial and the manner in which the program would fail to meet the requirements of this chapter or any rules adopted in accordance with this chapter.