Next Article in Journal
A Critical Analysis of Volatility Surprise in Bitcoin Cryptocurrency and Other Financial Assets
Previous Article in Journal
Value-Based Financial Risk Prediction Model
 
 
Search for Articles:
Title / Keyword
Author / Affiliation / Email
Journal
Article Type
 
 
Advanced Search
 
Section
Special Issue
Volume
Issue
Number
Page
 
Journals
Risks
Volume 9
Issue 11
10.3390/risks9110206
risks-logo
Submit to this Journal Review for this Journal Propose a Special Issue
Article Menu

Article Menu

share Share announcement Help format_quote Cite question_answer Discuss in SciProfiles thumb_up
...
Endorse textsms
...
Comment
first_page
settings
Order Article Reprints
Font Type:
Arial Georgia Verdana
Font Size:
Aa Aa Aa
Line Spacing:
Column Width:
Background:
Article

Designing a Model for Testing the Effectiveness of a Regulation: The Case of DORA for Insurance Undertakings

by
Simon Grima
1,* and
Pierpaolo Marano
2,3
1
Department of Insurance, Faculty of Economics Management and Accountancy, University of Malta, MSD 2080 Msida, Malta
2
Faculty of Business, Management and Economics, The University of Latvia, LV-1050 Riga, Latvia
3
Department of Legal Studies, The Catholic University of the Sacred Heart, 20123 Milan, Italy
*
Author to whom correspondence should be addressed.
Risks 2021, 9(11), 206; https://doi.org/10.3390/risks9110206
Submission received: 18 September 2021 / Revised: 30 October 2021 / Accepted: 11 November 2021 / Published: 12 November 2021
Browse Figure
Versions Notes

Abstract

:
Technology is sometimes seen as a disruption that although provides opportunities for growth and development, also provides opportunities for deception, theft, and fraud. On the other hand, automation can make it easier to identify and protect from threats. Hence, a proposal was made by the European Commission to enact a digital operations resilience act. Therefore, our objective in this paper is to lay out the perceived characteristics of effective regulation by using DORA as our case study. We do this by carrying out a literature review and extracting using the thematic analysis approach propositions for these characteristics. Then, we test these using exploratory factor analysis and design a model for perceived effective regulation (PERM). We test the reliability and validity of this model by using the Cronbach alpha. Results show that according to our model, an effective regulation should have four characteristics, specifically “Flexibility and Integration”, “Proportionality and Cost”, “Reliability and Transparency”, and “Relevance and Timeliness”. Findings laid out in this paper and PERM can be used to test other proposed regulations to ensure that they are effective before being enacted and also to determine when there is a need for a revamp in specified areas of current regulations and requirements.

1. Introduction

Although some might see technology as a disruption to the norm, it provides opportunities for growth and development. It also provides opportunities for deception, theft, and fraud. On the other hand, automation can make it easier to identify and protect from threats. Therefore, information technology (IT) risk management regulations are vital for assurance and reliability for today’s work environment, none the least, insurance undertakings and markets.
Operational resilience is important for consumers, firms, and financial markets. Operational disruptions can cause extensive harm to consumers, cause instability in the financial system, threaten the sustainability of firms, and pose a risk to market integrity. It is the next phase in the evolution of financial services’ regulatory policies (Council of the European Union 2020).
Expectations are increasing, hence regulators are increasing pressures as part of this evolution. More specifically, with this increasingly complex networking web of a digitalised society, disruption is inevitable, and at some point, it will affect the whole of the operation, be it financial, people, regulatory, structures, and systems. Insurance undertakings are called upon to “join the dots” across a range of IT risk management and governance activities (Biggs and Richardson 2014).
Insurance undertakings are expected to have the ability and resources to ensure operational resilience, meaning they should be capable of preventing, adapting, responding to, recovering, and learning from operational disruptions. They must prepare mitigations for the expected impacts of future incidents and build a framework that incorporates appetite and tolerances for internal and external triggers to ensure an efficient and sustainable business that can respond promptly to risks and pursue opportunities (Thomadakis 2007).
The insurance market is all about trust and reliability of information and processes. Therefore, protecting both the technical risks and the storage and process tools IT provides should be the order of the day for everyone within the insurance market. The rapid pace with which the IT environment changes and develops exposes the insurance market and its environment to fast-paced emergent risks. Proactive risk controls must be continuously evaluated to ensure they are still valid and effective in identifying and managing the risks within the appetite and tolerance of the insurance undertaking.
Increased digitalisation and the subsequent increase in the number and sophistication of cyber threats and ICT incidents highlight the importance and urgency to address the incidence and impact(s) of such risks proactively since this can result in a source of systemic risk. Prudential supervisors should make sure that the assessment and monitoring of ICT is a major mandate to preserve and build a harmonised approach with international standards to effectively address digital operational resilience issues and to increase trust and motivate digital innovation.
Therefore, if there is a need for regulation, this must be enacted, and be seen as being enacted, in the public interest. However, it has to account for the different and often competing aims and objectives. The objective to ensure digital resilience is attained by the European Union (EU) Commission through a dedicated regulation, namely the Digital and Operational Resilience Act (DORA). This is a proposal through a diverse set of rules, including governance requirements, information communication technology (ICT) risk management and incident reporting requirements, digital resilience testing, and detailed regulation third-party provider (TPP) risk and oversight
The European Commission (EC) launched a public consultation on DORA on 19 December, 2019, by putting forward 62 questions on topics relating to (1) information and communication technology (ICT) risk management frameworks, (2) ICT and security incident reporting requirements, (3) resilience testing framework, (4) oversight of third-party providers, (5) information sharing, and risk transfer. Specifically, they are proposing legislative changes (1) in the requirements on security risk management and ICT, (2) to streamline the existing incident reporting, (3) to set a framework for cyber resilience testing, and (4) to establish oversight over third-party providers of ICT (European Commission 2020). The proposed DORA regulation will accelerate the digital transformation of insurance firms within the EU and make them more efficient and effective. However, if there are unclear and potentially overlapping provisions in this proposal, there is the risk of dramatically hindering the attainment of this objective. Moreover, since the financial sector is a major user of ICT, accounting for approximately one-fifth of the worlds’ expenditure on ICT, global operational resilience depends largely on ICT. Additionally, with the increased use of distributed ledger technology (DLT) and artificial intelligence (AI), this dependence is expected to mushroom further, and the need for stronger operational resilience and ensuring adequate and timely supervision is obligatory (European Commission 2020).
However, when enacting new regulations, there is a risk of overregulating or regulating just for the sake of regulation without really taking stock to determine whether the regulation adds value or is needed. Therefore, it is important to determine the characteristics of good and effective regulation and ensure the proposed regulation fits these characteristics so as not to run the risk of overspilling the market with useless regulations, which would burden stakeholders (which include regulators) with unnecessary requirements, creating regulatory risks and keeping them away from focussing on what is important to ensure sustainability (i.e., a balance between the economy, culture, and the environment) and appropriate risk management.
The problem of overspilling of regulation, believing that ICT can solve problems and that an enacted regulation is fit for purpose has been going on persistently for several decades. That is why the world has gone through periods of deregulations and reregulations. This attests to the fact that the systems used to ensure the effectiveness of regulation before it is enacted are not working. Regulators will always rethink regulations “till angels govern” (Barth et al. 2005). However, there is a need for a regulatory effectiveness model to determine the effectiveness before being enacted.

2. Aim and Research Question (RQ)

We aim to determine, by looking at literature and the perception of the insurance market on the proposed DORA, what are the characteristics for effective regulation and to create a regulatory effectiveness model. This model will enable one to test that a proposed regulation is needed and is not an overspill before it is enacted. This is by determining variables that can be used in a scorecard model to test the effectiveness of a proposed regulation.
In doing this, we aim to answer the following RQ: What are the characteristics that the proposed requirement (DORA) should have to add value and be fit for purpose?

3. Methodology

To do this, we first determined from the literature the characteristics that an effective regulation should have. We followed the theoretical framework suggested by Yin (2002, 2014), Yazan (2015), and Stake (2000); analysed the literature using the thematic analysis approach, as suggested by Braun and Clarke (2006); and determined 8 propositions for these characteristics, listed in Table 1, that an effective regulation should have. Then, we tested using the proposed DORA as our case to determine through a survey whether these propositions for characteristics are perceived by the insurance market as characteristics that ensure effective regulation.

3.1. Determining Propositions

To determine these propositions, which is what constitutes effective regulation, we first carried out a wide literature search, which generated 1268 valid records. We then reviewed the results for duplicates and filtered this sample by applying inclusion/exclusion criteria and the Preferred Reporting Items for Systematic Reviews and Meta-Analysis (PRISMA) search strategy. We created tables to classify the chosen articles (n = 26) and organise our findings and results. The following databases were utilised for our search: Scopus, EBSCO, JSTOR, CiteFactor, RePEc, ResearchGate, Academia, Google Scholar, Loop, EU regulations, and the University of Malta online library, Hydi and Web of Science. The search was carried out during January 2020 and covered literature ranging from 1990 to 2020. The above-mentioned databases were selected based on their strength and prominence in our research arena. The keywords used were: “Good” AND “Efficient” AND “Regulation” AND “Effective”. Each of the above keywords (or a combination of keywords) was applied to the different databases specified above. The resulting search lists were compared and contrasted manually. By doing this, we could eliminate from this search studies that were not aligned with our review aims (by referring to whether the article was relevant to our aim). Moreover, any repeated search items were rejected.
The PRISMA flow diagram below (Figure 1) depicts the representation of our obtained search results and the manner in which findings were filtered to determine the pertinent articles (Moher et al. 2009). The final set of articles (n = 26) selected for full review met the specified review criteria (i.e., our aim) for determining our propositions.
It was determined that the proposed regulation should be reliable (Proposition 1) in terms of achieving proactive prudential resilience is essential. Regulations must maintain sensitivity to the needs of investors and should maintain objectivity and accountability with respect to insurance market participants and policymakers. Effective regulation should be the main driving force of a high-quality reliable service (NSW Government 2019) (Shleifer 2010) (CFA Institute 2020). It should be flexible (Proposition 2) enough to enable it to integrate and fit in with the rapid changing world of digitalisation with the least effort and disruption (Bennear and Coglianese 2012) (Smart Grid Task Force 2015).
The timeliness (Proposition 3) of its integration should be appropriate since the changes in logical systems are fast and time friction to address operational risks leads to rapid innovative opportunities for deception, theft, and fraud. Therefore, it is important that the requirements can be processed in a timely manner and are appropriate for the processes and activities of the time (Brown and Scott 2009). The cost (Proposition 4) of maintaining the regulation should be congruent with the needs and value added in terms of both prudence and effectiveness. Compliance can be challenging in terms of qualitative resources. One needs to consider keeping cost—in terms of compliance costs, fees and other enforced burdens on issuers, registrants and investors—to a minimum (Regulation Taskforce 2006; Scott 2018; Kira et al. 2007; CFA Institute 2020; OECD n.d.; Beales et al. 2017).
It should be able to integrate (Proposition 5) the requirement easily within the environment, culture, system, and market. To achieve results, a requirement should consider current policies, standards, institutions, and tools across the sector and understand the culture and recognise and consider the specific impact. The question asked here is whether the requirements can achieve the intended and expected objective/s (OECD 2012; Radia 2011; Boothe 2013). Relevance (Proposition 6) and proportionality (Proposition 7) in terms of applicability to the undertakings and their operations needs to be ensured. The regulation should be able to allow for its applicability in relation to the different sizes and complexity of insurers. An effective regulatory system should recognise that statutory regulation is not always required, or even the most appropriate approach and relevant and accepted self-regulatory entities may be the most appropriate manner to address certain issues (Fiennes 2016). However, regulation and enforcement must be consistent for similar transactions and activities. Regulations should not be enacted just for the sake of justifying the regulators’ importance (Deighton-Smith et al. 2016; Armstrong and Sappington 2006; OECD n.d.). The regulation should ensure that any burden or restriction imposed is proportionate to the benefits expected (Financial Conduct Authority 2020).
Transparency (Proposition 8) in the development stages of regulation is closely associated with accountability and inclusiveness. It should be ensured that all stakeholders are consulted about the regulation. There should be a clearly established framework of the flow of the exposure, criticism, and consultation during the development phase, that is, clear objectives and methods for achieving the regulation need to be debated, and all parties having a stake in it should be able to provide input (Better Regulation Task Force 1998; European Commission 2015; OECD n.d.). The regulation must provide enough objective and appropriate information (Financial Conduct Authority 2020; Baldwin et al. 2011; Boothe 2013).
The objective of regulators and any regulatory reform is to improve the sustainability of the economies in line with the cultural aspects and the environmental needs and enhance the ability to cope and adapt to a changing playing field. In order for this to work, regulation and structural reforms need to complement sound macroeconomic and fiscal policies. Therefore, continuous and expansive social, economic, and technological disruption requires that regulators consider the interrelated effects of regulatory regimes to guarantee that these regulatory structures and processes have the 8 characteristics mentioned above. Regulatory reform is dynamic and by far not a one-off effort. It is a long-term, multidisciplinary process (OECD n.d.).

3.2. Survey

We then designed a survey as described in Section 3.3 below and administered it between February 2020 and June 2020 by (1) using social networks, such as LinkedIn©, Twitter©, and Facebook©; (2) verbal face-to-face meetings and over the phone; and (3) online communication using Zoom©, Microsoft Teams©, and GoTo© applications. The sample consisted of participants who worked within the insurance industry and professionals in the field who were filtered based on their response regarding the level of experiences they held, qualifications attained, area of expertise, and knowledge in/of digital operations and DORA. Filtering was performed by asking prospective participants in the survey to answer on a Likert scale from 1 to 5, with 5 being the highest level and 1 being the lowest, the level of expertise and knowledge on ICT use in insurance operations and DORA. Only in the case where the answer was 3 and above were the participant answers considered valid data for our analysis. Although as a starting point we went specifically to our contacts (nonprobability purposive sampling method), we requested the participants to invite also their contacts to participate in this survey, creating a snowballing sampling effect (nonprobability snowballing sampling), therefore adding another layer of control to eliminate selection bias. Our expertise and networks in the area were used to start the participation and not to select persons. We highlighted the administration of the questionnaire as nonprobability purposive sampling because the survey was started on our social networks, and therefore, we assumed that the first participants would be limited to our friends on our networks, which run into thousands, but the participants answered anonymously using the Qualtrics XM® application software. We could not have known who answered us and to whom the possible participants passed on this link (snowballing sampling).
As already noted, for the data collection process, we use a dedicated online application software Qualtrics XM® (Suen et al. 2014). This helped both in the structuring of our survey and enabled its efficiency and flexible administration. Although we administered approximately over 2000 contacts, we received a total of 1807 valid responses (216 responses were eliminated since their knowledge and expertise fell below 3). These responses provided the confidence that we had a representative sample, which allowed us to continue with our analysis (Cochran 2007; Naderifar et al. 2017).

3.3. Survey Design

We then developed 21 statements derived from these propositions, reflecting the variables for the characteristics of effective regulation (n = 21), as noted in the above literature and Table 1 (which also shows references to the appropriate literature). We used these statements to construct our survey in three sections. The first section was related to the participants’ demographic factors, where participants were asked to provide details on their age, gender, level of education and occupation status, grouped as shown in Table 2.
The second section consisted of the 21 statements, which were derived/adapted from the literature referenced in Table 1, to which the survey participants were asked to answer using a 5-point Likert scale with “1” being strongly disagree, “2” being disagree, “3” being neutral, “4” being agree, and “5” being strongly agree. Since the second section of this survey could have led to the identified variables in a form of a “self-fulfilling prophecy”, meaning that a statement might have been biased towards our propositions, we kept an open mind and included an open-ended comment box in the third section. Here, participants were able to include anything they felt had not emerged from their previous answers. This guaranteed the capture of factors that might not have been determined through the literature review (Farrugia and Grima 2021).

3.4. Data Analysis

Only 31 participants made comments in the third section of the survey, and most were received from those who participated face to face, over the phone, or using the online communication applications systems as explained above. These data were transcribed onto Microsoft Word®, analysed, and grouped into common themes determined through a thematic analysis approach, as explained by Braun and Clarke (2006). However, these only resulted in explaining the characteristics further and did not add anything more than what was already determined through literature.
Using the IBM SPSS® (version 26) application software, we applied descriptive statistics to analyse the participants’ demographics. Exploratory factor analysis (EFA) was then applied to the quantitative data to determine the characteristic variables for effective regulations. To measure the consistency of these characteristic variables, we used the Cronbach alpha.

3.5. Limitations of the Methods Used

Although we tried our utmost to eliminate as much as possible the limitations of this study, no studies and models are without limitations and assumptions. We are aware that the results relate to one case study DORA, the literature sampled, and the participants answering the survey. Therefore, it is important to carry out further studies using other regulatory examples and maybe carry out a confirmatory factor analysis of this model.
Moreover, EFA assumes that in the collection of observed variables, there are a set of underlying factor variables, which are smaller than the observed variables that can explain the interrelationships among those variables. Additionally, the thematic analysis approach is phrase based and sometimes phrases cannot capture the meaning correctly.

4. Results and Discussion

4.1. Participants’ Demographics

The majority of the respondents (642) were aged between 55 and 64 years. Precisely 88% of these were either consultants (427), nonexecutive directors (139), and top management (76). This was mainly since we targeted and filtered for experienced and knowledgeable (in the area of both technology and regulations) participants, as noted in Section 3.2. The other age groups of participants included those in the age bracket: (1) 18 to 24 (322), of which (254) worked with ICT-related consultancy firms and the rest (68) in supervisory roles; (2) 25 to 34 (251), of which (184) worked with ICT-related consultancy firms and (67) in middle management operational roles; (3) 35 to 44 (356), of which (196) worked with ICT-related consultancy firms and the rest (133) in top management roles and (27) in supervisory roles; (4) 45–54 (171), of which all worked in top management roles; and 65+ (65), all working in nonexecutive roles. In total, 594 of the respondents were female, and 1212 were male.
Most respondents (1587) had a first degree or an EQF level 7 standing or above. The largest group of participants was nonexecutives or consultants (1344). The rest were top management (328), middle management (129), and the least lower management (6), which again, reflects the fact that expertise was looked for through purposive and snowballing sampling.

4.2. Exploratory Factor Analysis

EFA was used to determine and group under the characteristics for an effective regulation (Research Question 1 (RQ1)). EFA “summarises and groups variables into a set of clusters so that relationships and patterns can be easily interpreted and understood. This helps one to understand better the data obtained from the self-administered questionnaires, by reducing it, into meaningful categories” (Yong and Sean 2013).
EFA was determined as the best method to address our aim since in general it is used to determine “the factor structure of a measure and to examine its internal reliability. It is a multivariate statistical method that attempts to identify the smallest number of hypothetical constructs/factors/dimensions/latent variables/synthetic variables/internal attributes that can parsimoniously explain the covariation observed” (Hair 1998).
For EFA, equamax rotation (orthogonal rotation) was used via principal components extraction and with Kaiser normalisation. The scope of rotation is to find an arrangement in which each variable loads high on a factor and low on others, for ease of interpretation. The Kaiser–Meyer–Olkin (KMO) statistic is a measure of sampling adequacy for the appropriateness of applying factor analysis and fell within the acceptable range (above 0.6), with a value of 0.873. It indicates the degree to which each variable in a set is predicted without error by the other variables. This further supported the continuance of factor analysis.
Using EFA, we determined that one of the statements explaining the characteristic variables was to be eliminated from the model, PC4—“DORA recognises that the regulation is not always needed or even the best approach and that deferral to, and support of, relevant and recognised self-regulatory entities may be the best way to address certain issues”. This was because this characteristic variable did not explain much of the variance and therefore was unstable and unreliable due to the fact that they were defined by other variables. This left us with the 20 statements explaining the characteristic variables included in the model.
Based on this analysis, EFA loaded best on 4 factors and 20 statements explaining the characteristic variables, which, in combination, explained 75.69% of the variance. Table 2 shows the statements that are grouped under each of the four factors. Factor 1 represents the characteristics “Flexibility and Integration”, and it explains 31.67% of the variance, which comprises seven items. Factor 2 represents the characteristics “Proportionality and Cost”, and it explains 20.76% of the total variance, which comprises five items. Factor 3 represents the characteristics “Reliability and Transparency”, and it explains 17.40% of the total variance, which comprises four items. Factor 4 represents the characteristics “Relevance and Timeliness”, and it explains 5.87% of the total variance, which comprises four items (Hair 1998).

4.3. Cronbach Alpha

As already noted above, we used the Cronbach alpha to assess the reliability and the internal consistency of each of the factors determined through EFA. It is utilised to determine how much the items on a scale are measuring the same underlying dimension. The Cronbach alpha coefficients of this scale were between 0.55 and 0.92, as shown in Table 3.
The results of the Cronbach alpha are higher than 0.5 and therefore are acceptable. Hulin et al. (2001) “claim that as a rule of thumb a Cronbach alpha value of 0.6–0.7 indicates an acceptable level of reliability, with 0.8 and above producing a very good level”. However, Hinton et al. (2004) note that a Cronbach alpha value between 0.5 and 0.7 shows moderate reliability. Therefore, it can be concluded that this scale of the perceived effective regulation model (PERM) is reliable (Taber 2016).
Therefore, we are now able to compute an inventory of characteristics that an effective regulation should have using EFA by using DORA as our case study. From these four characteristics (Variables F1 to F4) and twenty statements, we computed the PERM (research question (RQ)).

4.4. Discussion

The outcomes delivered by the survey and processed as described above show a general appreciation of the proposed DORA for effective risk management in the insurance market.
Respondents view DORA as flexible and easily integrable within operational systems, and it can be adapted to the ongoing changes in these systems. The ICT risk management framework set forth by Article 5 of DORA allows financial entities to build their framework, while ICT systems, protocols, and tools to be used and maintained updated must be appropriate to the nature, variety, complexity, and magnitude of operations supporting the conduct of their activities (European Commission 2020, Article 6, Paragraph 1) Nonetheless, some concerns arise from the impact of DORA on the current standards and policies, which need to embed the proposed regulation and its adaptability to the culture and environment of the EU insurance market.
Respondents also believe that DORA allows for proportionality and is cost efficient. Article 25 of DORA (European Commission 2020) sets forth as a general principle that financial entities’ management of ICT third parties shall be implemented considering proportionality. Moreover, the requested use of qualitative and quantitative assessment criteria can be tailored to the risks and needs of the financial entity and, ultimately, based on its size and business profile. Additionally, rules on ICT risk management, oversight of critical ICT third-party service providers, reporting of major ICT-related incidents, and digital resilience testing embedded the principle of proportionality. Such a principle has likely affected the perception of the costs from respondents who consider DORA keeping the cost at a minimum. DORA aims at introducing a comprehensive set of rules on digital operational resilience at the UE level. The purpose should reduce uncoordinated national initiatives, duplicative requirements, inconsistencies and, ultimately, high administrative and compliance costs for entities operating cross-border. Moreover, DORA expressly requires financial entities to weigh the benefits and costs of alternative solutions, when they perform the identification and assessment of ICT concentration risks (European Commission 2020, in Article 26).
Regarding reliability and transparency, DORA is perceived as an asset ensuring prudential risk resilience in the operation of insurance, maintaining sensitivity to the needs of stakeholders and objectivity to market participants. DORA comes from several stakeholder consultations, including the two joint technical advice by the ESAs. Confidential input, publicly available reports from supervisory authorities, international standard-setting bodies, and leading research institutes have complemented DORA, in addition to quantitative and qualitative input from identified stakeholders across the global financial sector. Thus, all stakeholders were consulted about the proposed regulation, including the insurance market participants.
Lastly, respondents agreed on the relevance and timeliness of DORA, which addresses the issue of digital resilience by providing a comprehensive and harmonised framework to protect the ICT system and requiring financial entities to use state-of-the-art ICT technology and processes ((European Commission 2020, Article 8). Additionally, DORA requires financial entities to have in place internal governance and control frameworks that ensure effective and prudent management of all ICT risks (European Commission 2020, Article 4). This forward-looking approach is in line with the one introduced under the Solvency II prudential regime. Thus, insurers should be well positioned to embed the new framework within the governance of the undertakings in a timely manner.

5. Conclusions

The use of DORA as our case study confirms our proposition that an effective regulation should have the eight characteristics integrated under four main characteristics, specifically (1) “Flexibility and Integration”, (2) “Proportionality and Cost”, (3) “Reliability and Transparency”, and (4) “Relevance and Timeliness”, to form the PERM model. These statements grouped under the themes in this model, determining the effectiveness of regulation, can be used by stakeholders such as policymakers, regulators, and reformists within countries as a measure to determine whether a proposed regulatory requirement is effective.
The PERM can be used similarly to a managerial scorecard to test other proposed regulations to ensure that they are effective prior to being enacted and also to determine when there is a need for a revamp in specified areas of current regulations and requirements.
In fact, using the PERM, one can reliably test any regulation prior to it being enacted by giving a score to the statements under all the four factors, from “1” to “5” and dividing each factor variable by the number of statements and then adding all the resultant “4” scores given to the “4” factor variables and dividing by “4” to come up with a resultant single score. The closer the result is to “5”, the more effective is the relative regulation and vice versa. In this way regulators, risk managers, policyholders, can use it equally to determine and confirm proactively whether a regulation will be fit for purpose, adds value, and will meet its objectives.

Author Contributions

Conceptualisation, S.G. and P.M.; methodology, S.G.; software, S.G.; validation, S.G. and P.M.; formal analysis, S.G. and P.M.; investigation, S.G. and P.M.; resources, S.G.; data curation, S.G.; writing—original draft preparation, S.G. and P.M.; writing—review and editing, S.G. and P.M.; visualisation, S.G. and P.M.; supervision, S.G. and P.M.; project administration, S.G. and P.M. All authors have read and agreed to the published version of the manuscript.

Funding

This research received no external funding.

Institutional Review Board Statement

The study was conducted according to the guidelines of the Declaration of Helsinki, and sent to the Faculty of Economics, Management and Accountancy Ethics Committee, University of Malta.

Informed Consent Statement

Data was received and stored anonymously from participants who ticked a consent box before proceeding with the survey.

Conflicts of Interest

The authors declare no conflict of interest.

References

  1. Armstrong, Mark, and David E. M. Sappington. 2006. Regulation, Competition, and Liberalization. Journal of Economics Literature 44: 325–366. [Google Scholar] [CrossRef] [Green Version]
  2. Baldwin Robert, Cave Martin, and Lodge Martin. 2011. Understanding Regulation: Theory, Strategy, and Practice. Published to Oxford. Oxford: Oxford University Press. [Google Scholar] [CrossRef]
  3. Barth, James, Gerard Caprio Jr., and Ross Levine. 2005. Rethinking Bank Regulation: Till Angels Govern. Cambridge: Cambridge University Press. [Google Scholar] [CrossRef]
  4. Beales Howard, Jerry Brito, Kennerly J. Davis, Christopher DeMuth, Donald Dudley Susan Devine, Brian Mannix, and John O. McGinnis. 2017. Government Regulation: The Good, The Bad and The Ugly. Regulatory Process Working Group. Regulatory Transprency Project. UNilocking Innovation and Opportunity. Available online: https://regproject.org/wp-content/uploads/RTP-Regulatory-Process-Working-Group-Paper.pdf (accessed on 11 November 2021).
  5. Bennear, Lori Snyder, and Cary Coglianese. 2012. Flexible Environment Regulation. 2012. Institute for Law & Economics A Joint Research Center of the Law School, the Wharton School, and the Department of Economics in the School of Arts and Sciences at the University of Pennsylvania Research Paper No. 12-03. January. Available online: https://www.academia.edu/49295150/Designing_flexible_regulations_to_mitigate_climate_change_A_cross_country_comparative_policy_analysis (accessed on 11 November 2021).
  6. Better Regulation Task Force. 1998. Principles of Good Regulation; London: Cabinet Office.
  7. Biggs, John H., and Matthew P. Richardson. 2014. Modernizing Insurance Regulation: An Overview. Wiley Finance Series; New York: University New York, chap. 1. pp. 1–18. [Google Scholar]
  8. Boothe, Paul. 2013. Canadian Public Policy/Analyse de Politiques. Toronto: University of Toronto Press, vol. 39, pp. 359–70. Available online: https://www.jstor.org/stable/23594716 (accessed on 11 November 2021).
  9. Braun, Victoria, and Virginia Clarke. 2006. Using thematic analysis in psychology. Qualitative Research in Psychology 3: 77–101. [Google Scholar] [CrossRef] [Green Version]
  10. Brown, Ciara, and Colin Scott. 2009. Reflexive Governance in Better Regulation: Evidence from Three Countries. Louvain-la-Neuve: Reflexive Governance Programme. [Google Scholar]
  11. CFA Institute. 2020. Elements of Effective Regulation. Available online: https://www.cfainstitute.org/en/advocacy/issues/elements-effective-regulation (accessed on 11 November 2021).
  12. Cochran, William G. 2007. Sampling Techniques. Hoboken: John Wiley and Sons. [Google Scholar]
  13. Council of the European Union. 2020. Opinion of the European Economic and Social Committee European Economic and Social Committee (EESC). Proposal for a Regulation of the European Parliament and of the Council on Digital Operational Resilience for the Financial Sector and Amending Regulations (EC) No 1060/2009, (EU) No 648/2012, (EU) No 600/2014 and (EU) No 909/2014 [COM(2020) 595 Final—2020/0266 (COD)] ECO/536. Available online: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:52020AE5040 (accessed on 11 November 2021).
  14. Deighton-Smith, Rex, Erbacci Angelo, and Kauffmann Céline. 2016. Promoting Inclusive Growth through Better Regulation: The Role of Regulatory Impact Assessment. OECD Regulatory Policy Working Papers No.3. Armadale: Jaguar Consulting Pty Ltd., Paris: OECD, Available online: https://dx.doi.org/10.1787/5jm3tqwqp1vj-en (accessed on 11 November 2021).
  15. European Commission. 2015. Better Regulation for Better Results-A European Agenda. Brussels: European Commission, Available online: https://ec.europa.eu/info/sites/default/files/business_economy_euro/banking_and_finance/documents/2019-financial-services-digital-resilience-consultation-document_en.pdf (accessed on 11 November 2021).
  16. European Commission. 2020. Digital Operational Resilience Framework for Financial Services: Making the EU Financial Sector More Secure. Consultation Document. Available online: https://ec.europa.eu/info/sites/default/files/business_economy_euro/banking_and_finance/documents/2019-financial-services-digital-resilience-consultation-document_en.pdf (accessed on 11 November 2021).
  17. Farrugia, A., and S. Grima. 2021. The Insurance Utmost Good Faith Principle: The Case of Malta. Journal of Legal, Ethical and Regulatoy Issuesvolume 24: 1. Available online: https://www.abacademies.org/articles/the-insurance-utmost-good-faith-principle-the-case-of-malta-10514.html (accessed on 11 November 2021).
  18. Fiennes. 2016. Regulation and the Importance of Market Discipline; A Speech Delivered at an Event Hosted by the NZ Bankers Association and Bank of New Zealand in Auckland. Auckland: NZ Bankers Association and Bank of New Zealand. Available online: https://www.rbnz.govt.nz/research-and-publications/speeches/2016/speech2016-02-04-2 (accessed on 11 November 2021).
  19. Financial Conduct Authority. 2020. Principles of Good Regulation. Available online: https://www.fca.org.uk/about/principles-good-regulation (accessed on 11 November 2021).
  20. Hair, Joseph F. 1998. Multivariate Data Analysis. Upper Saddle River: Prentice Hall. [Google Scholar]
  21. Hinton Perry R., Brownlow Charlotte, McMurray Isabella, and Cozens Bob. 2004. SPSS Explained. London and New York: Routledge Taylor and Francis Group, p. 364. [Google Scholar]
  22. Hulin, Charles, Netemeyer Rick, and Cudeck Robert. 2001. Can a Reliability Coefficient Be Too High? Journal of Consumer Psychology 10: 55–58. [Google Scholar]
  23. Kira, Fabrizio, Rose Nancy, and Wolfram Catherine. 2007. Do Markets Reduce Costs? Assessing the Impact of Regulatory Restructuring on US Electric Generation Efficiency. American Economic Review 97: 1250–77. [Google Scholar]
  24. Moher David, Alessandro Liberati, Jennifer Tetzlaff, and Douglas G. Altman. 2009. Preferred reporting items for systematic reviews and meta-analyses: The PRISMA statement. PLoS Medicine 6: e1000097. [Google Scholar] [CrossRef] [PubMed] [Green Version]
  25. Naderifar, Mahin, Goli Hamideh, and Ghaljaie Fereshteh. 2017. Snowball Sampling: A Purposeful Method of Sampling in Qualitative Research. Strides in Development of Medical Education 14: 1–6. [Google Scholar] [CrossRef] [Green Version]
  26. NSW Government. 2019. Treasury. TPP 19–01. Policy and Guideline Paper. NSW Government Guide to Better Regulation. Available online: https://www.treasury.nsw.gov.au/sites/default/files/2019-01/TPP19-01%20-%20Guide%20to%20Better%20Regulation.pdf (accessed on 11 November 2021).
  27. OECD. 2012. Organisation for Economic Co-Operation and Development. Better Policies for Better Lives. Recommendation of the Council on Regulatory Policy and Governance. pp. 1–32. Available online: https://www.oecd.org/governance/regulatory-policy/49990817.pdf (accessed on 11 November 2021).
  28. OECD. n.d. Organisation for Economic Co-operation and Development. OECD Guiding Principles for Regulatory Quality and Performance. Available online: https://www.oecd.org/fr/reformereg/34976533.pdf (accessed on 11 November 2021).
  29. Radia, Sheetal. 2011. Effective Regulation. CFA Society United Kingdom. Position Paper. Supported by CFA Uk’s Market Integrity and Professionalism Committee. Available online: https://www.cfauk.org/-/media/files/pdf/pdf/5-professionalism/3-research-and-position-papers/effective-regulation.pdf (accessed on 11 November 2021).
  30. Regulation Taskforce. 2006. Rethinking Regulation: Report of the Taskforce on Reducing Regulatory Burdens on Business; Canberra: Productivity Commission.
  31. Scott, Colin. 2018. Integrating Regulatory Governance and Better Regulation as Reflexive Governance. In The EU Better Regulation Agenda A Critical Assessment. Edited by Sacha Garben and Inge Govaere. Oxford: Hart Publishing. [Google Scholar]
  32. Shleifer, Andrei. 2010. Efficient Regulation. In Regulation vs. Litigation. Edited by Daniel Kessler. NBER and University of Chicago Press: Available online: https://www.nber.org/system/files/chapters/c11957/c11957.pdf (accessed on 11 November 2021).
  33. Smart Grid Task Force. 2015. EG3 Report. Regulatory Recommendations for the Deployment of Flexibility. January, pp. 1–93. Available online: https://www.interregeurope.eu/fileadmin/user_upload/tx_tevprojects/library/EG3%20Final%20-%20January%202015.pdf (accessed on 11 November 2021).
  34. Stake, Robert E. 2000. Case Studies. Thousand Oaks. California: Sage. [Google Scholar]
  35. Suen, Lee-Jen Wu, Hui-Man Huang, and Hao-Hsien Lee. 2014. A Comparison of Convenience Sampling and Purposive Sampling. Hu Li Za Zhi 2014: 105–11. (In Chinese). [Google Scholar]
  36. Taber, Keith. 2016. The Use of Cronbach’s Alpha When Developing and Reporting Research Instruments in Science Education. Research in Science Education 48: 1273–1296. Available online: https://doi.org/10.1007/s11165-016-9602-2 (accessed on 11 November 2021). [CrossRef]
  37. Thomadakis, Stavros B. 2007. What Makes Good Regulation. Public Interest Oversight Board. IFAC Council Seminar. Mexico City. November 14. Available online: https://www.ifac.org/system/files/downloads/30th_anniversary_Thomadakis_Pres_Nov_07.pdf (accessed on 11 November 2021).
  38. Yazan, Bedrettin. 2015. Three approaches to case study methods in education. The Qualitative Report 20: 134–52. [Google Scholar] [CrossRef]
  39. Yin, R. K. 2002. Applications of Case Study Research. Thousand Oaks: Sage, pp. 22–28. [Google Scholar]
  40. Yin, Robert K. 2014. Case Study Research: Design and Methods. Thousand Oaks: Sage. [Google Scholar]
  41. Yong, An Gie, and Pearce Sean. 2013. A beginner’s guide to factor analysis: Focusing on exploratory factor analysis. Tutorials in Quantitative Methods for Psychology 9: 79–94. [Google Scholar] [CrossRef]
Risks 09 00206 g001 550
Figure 1. PRISMA flow diagram. Source: authors compilation.
Figure 1. PRISMA flow diagram. Source: authors compilation.
Risks 09 00206 g001
Table
Table 1. Characteristics of good and effective regulation.
Table 1. Characteristics of good and effective regulation.
PropositionThemeReference
Proposition 1Reliability(NSW Government 2019; Shleifer 2010; CFA Institute 2020; Thomadakis 2007)
Proposition 2Flexibility(Bennear and Coglianese 2012; Smart Grid Task Force 2015; Thomadakis 2007)
Proposition 3Timeliness (In line with the Time)(Brown and Scott 2009; Thomadakis 2007)
Proposition 4Cost Efficiency(Regulation Taskforce 2006; Scott 2018; Kira et al. 2007; CFA Institute 2020; OECD n.d.; Beales et al. 2017).
Proposition 5Able to Integrate(OECD 2012; Radia 2011; Thomadakis 2007; Boothe 2013)
Proposition 6Relevant(Fiennes 2016; OECD n.d.; Thomadakis 2007)
Proposition 7Allows for Proportionality (Deighton-Smith et al. 2016; Armstrong and Sappington 2006; Financial Conduct Authority 2020)
Proposition 8Allows for Transparency (Better Regulation Task Force 1998; European Commission 2015; OECD n.d.; Financial Conduct Authority 2020; Baldwin et al. 2011; Boothe 2013)
Source: authors’ compilation.
Table
Table 2. Exploratory factor analysis a.
Table 2. Exploratory factor analysis a.
Characteristic Variable
1234
FT1. DORA is easily integrated within other systems0.842
FT2. DORA can be easily integrated within any insurance operations structure0.840
FT3. DORA can be promptly adapted to any operational system changes easily0.823
FT4. DORA is flexible in its approach and allows for prompt adaptation0.783
FT6. DORA takes consideration of current policies and standards0.694
FT5. DORA is adaptable to the culture and environment of the European insurance market0.686
FT7. DORA takes consideration of the institutions and tools across the insurance sector0.663
PC1. Maintaining DORA is congruent with the need and value added in terms of both prudence and effectiveness 0.873
PC2. Compliance with DORA is challenging in terms of qualitative resources but appropriate for the insurance market operations risk resilience. 0.870
PC5. DORA enforcement is consistent for similar transactions and activities. 0.837
PC3. DORA considers keeping cost—in terms of fees, compliance costs, and other burdens imposed on registrants, issuers, and investors—to a minimum 0.811
PC6. The burden or restriction imposed by DORA is proportionate to the benefits expected 0.637
R1. DORA is an asset in ensuring prudential risk resilience in the operations of insurance 0.827
R2. DORA maintains sensitivity to the needs of stakeholders 0.821
R3. DORA maintains objectivity with respect to insurance market participants 0.765
R4. DORA ensures accountability with respect to insurance market participants 0.671
RT1. The development stages of DORA is closely aligned with inclusiveness and accountability 0.730
RT2. All stakeholders are consulted about the implementation and impact of DORA, and all parties having a stake in it can provide input 0.646
RT3. There is a clear framework on how the exposure, consultation, and criticism of DORA should flow during the development phase 0.612
RT4. DORA can be processed in a timely manner and is appropriate for the processes and activities of the time 0.449
Extraction method: principal component analysis.
Rotation method: equamax with Kaiser normalisation.
a Rotation converged in 11 iterations. Source: authors’ compilation.
Table
Table 3. Cronbach alpha.
Table 3. Cronbach alpha.
Characteristic VariableName of Characteristic VariableItemMeanMin-MaxVarianceCronbach Alpha
Characteristic Variable 1 (F1) Flexibility and Integration72.5422.044–3.0900.1250.92
Characteristic Variable 2 (F2) Proportionality and Cost53.6263.31–4.090.0630.86
Characteristic Variable 3 (F3)Reliability and Transparency43.2102.77–3.460.0920.80
Characteristic Variable 4 (F4)Relevance and Timeliness42.8292.27–4.040.6710.62
PERMPerceived Effective Regulation Model43.052.54–3.630.2210.55
Cronbach alpha values (source: IBM SPSS®); source: authors’ compilation.
Publisher’s Note: MDPI stays neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Share and Cite

MDPI and ACS Style

Grima, S.; Marano, P. Designing a Model for Testing the Effectiveness of a Regulation: The Case of DORA for Insurance Undertakings. Risks 2021, 9, 206. https://doi.org/10.3390/risks9110206

AMA Style

Grima S, Marano P. Designing a Model for Testing the Effectiveness of a Regulation: The Case of DORA for Insurance Undertakings. Risks. 2021; 9(11):206. https://doi.org/10.3390/risks9110206

Chicago/Turabian Style

Grima, Simon, and Pierpaolo Marano. 2021. "Designing a Model for Testing the Effectiveness of a Regulation: The Case of DORA for Insurance Undertakings" Risks 9, no. 11: 206. https://doi.org/10.3390/risks9110206

APA Style

Grima, S., & Marano, P. (2021). Designing a Model for Testing the Effectiveness of a Regulation: The Case of DORA for Insurance Undertakings. Risks, 9(11), 206. https://doi.org/10.3390/risks9110206

Note that from the first issue of 2016, this journal uses article numbers instead of page numbers. See further details here.

Article Metrics

Back to TopTop