ISO 31000, REGULATORY COMPLIANCE, AND ENTERPRISE RISK MANAGEMENT EFFECTIVENESS: EVIDENCE FROM SAUDI INSURANCE COMPANIES UNDER A TRANSITIONING SUPERVISORY REGIME

This study looks at how the ISO 31000 risk management framework affects Enterprise Risk Management (ERM) effectiveness in the insurance sector. The Saudi insurance sector works in a regulated and changing supervisory environment. Earlier research shows evidence on the ERM performance link. Researchers have not focused much on the role of the ISO 31000 risk standard, in boosting regulatory compliance and governance in the Saudi insurance sector. The study focuses on emerging insurance markets. I use theory and the resource‑based view to look at ISO 31000 adoption. I separate compliance‑driven ISO 31000 adoption from embedded ISO 31000 adoption. I collect survey data from risk and compliance professionals. I add firm‑level indicators for the period 2019–2024. I run a multivariate regression analysis to test ERM effectiveness. The findings show that ISO 31000 adoption improves ERM outcomes when ISO 31000 adoption is built into governance and decision‑making processes. ISO 31000 adoption does not help ERM outcomes when ISO 31000 adoption is used as a symbolic act, for regulatory conformity. The results highlight the limits of compliance-oriented risk management and offer regulatory and managerial implications for insurance supervisors seeking to promote substantive ERM implementation. The Saudi insurance market provides a theoretically relevant setting due to recent supervisory consolidation and heightened regulatory expectations