How regulatory changes are driven by a need for control in reputational scandals: a case study in the German insurance industry Case study in the German insuranceindustry

Purpose – This paper aims to contribute to the understanding of the mechanisms that evolve during reputationalscandals and lead to changes in industry regulation. It exploresthe processes bywhich a demand for external industry regulation evolves, also addressing the consequences of ﬁ rms ’ competitive behaviors which lead to substantial misbehavior and the destruction of reputational capital. The authors are interested in whether and how regulatory activities – in the case analyzed here, changes in insurance regulation regarding sales commissions for insurance brokers – are used as a costly, external behavioral control mechanism (third-loop learning) to terminate a reputational scandal that cannot be stopped by internal controlsat a ﬁ rm level( ﬁ rst-loopandsecond-looplearning)anymore. Design/methodology/approach – The paper explores a real-life case in the German insurance industry that peaked in 2012 and has been well documented by broad media coverage, complemented by interviews with leading industry representatives. Using causal process tracing as a methodology, the authors study the factors in the case that led to an industry scandal. The authors further analyze why the insurance ﬁ rms involved were not able to limit the scandal ’ s impact by internally controlling their behaviors, but had to call for external regulation, thus imposing costly restrictions on sales and contract processes. To identify the mechanisms underlying this result, theories from the ﬁ elds of economics (game theory) and sociology (vicious cycle ofbureaucracies),as well asorganizationallearningtheory, areused. Findings – The authors ﬁ nd that individual rationality does not suf ﬁ ce to prevent insurance ﬁ rms from scandalous business practices, e.g. via implementing appropriate internal behavioral control measures within their organizations. If, as a result, misbehavior leads to reputational scandals, and the destruction of reputational capital spills over to the whole industry, a vicious cycle is set in motion which can be terminated by regulationasanexternally enforced controlmechanism. Practical implications – The paper shows that if ﬁ rms want to avoid increasing regulation, they must implement strong reputational risk management (RRM) to counteract short-term pro ﬁ t pressure and to avoid restrictive regulation imposed on the industry as a whole. Furthermore, it sheds light on the relevance of spillover effects for RRM, as not only employee behavior within an organization might lead to the destruction of reputationalcapitalbut also thatfrom other ﬁ rms, e.g.from elsewherewithinan industry. Originality/value – The paper contributes by emphasizing a direct causal link between corporate scandals, loss of reputation and regulatory change within the insurance industry. Furthermore, the paper contributes by combining economic theorieswith organizationaltheoriesto understandreal-lifephenomena.


Introduction
For several decades, insurance has been one of the most scandal-prone industries. These extend from the spectacular collapse of the Austrian Phoenix life insurance in 1936 to the bid-rigging scandal compromising the US insurance brokers Marsh McLennan, as well as the insurance firm AIG in 2004, to the 2012 MEG scandal instigated by the insurance broker Mehmet Göker, dubbed by the media as the "Wolf of Kassel". Quite recently, under the Covid-19 pandemic, a new scandal has been tarnishing the relationship between insurers and customers. Although insurers had underwritten business interruption insurances (i.e. contracts that were supposed to cover losses resulting from business closures due to infectious diseases) as late as March 2020, after the lockdown, the insurance industry had taken the stance that pandemics were excluded in the contracts' fine print. This position quickly came under fire as customers felt defrauded and the number of complaints, as well as public outrage, grew (Maniar, 2020). Until today, several court decisions have sided with customers when insurers had failed to detail the insured events (Versicherungsbote, 2020). As a result, insurers find themselves under public scrutiny for their handling of pandemicrelated insurance claims and the industry is once again facing a substantial crisis and loss of reputation.
Such events are especially problematic for the insurance industry, as its financial success is particularly dependent on maintaining a good reputation. In a nutshell, corporate reputation is an individual's overall evaluation of a firm's key attributes, performance and behavior toward its stakeholders. With respect to a firm's products, reputation comprises customers' subjective beliefs about the qualities of the products and services delivered (Burke et al., 2018). As reputation adds to customers' motivation to enter into a contract and/ or pay price premiums, it yields economic benefits subsumed as reputational capital (Raithel and Schwaiger, 2015;Walsh et al., 2009) which is a part of a firm's market value.
For insurance firms, building and maintaining reputational capital is of paramount importance, as insurance products are credence goods, whose main quality, i.e. the insurer rightfully stepping in if the insured event occurs, cannot be evaluated in the usual course of business (Darby and Karni, 1973). Instead, insurance firms sell contracts that are rather opaque, as they are characterized by virtuality, typically long durations (e.g. in life insurance a contract could encompass the entire human life span) and complexity regarding the specific conditions under which an occurring event is insured. This results in information asymmetry at the expense of customers who are often unable to assess how risk calculation and profit margins are reflected in a given insurance premium or whether an insurer rightfully denies insurance claims. Even more so, customers must rely on the sustainability of an insurance firm's business model, as they must trust that the insurer will still be in business when they have a claim or that the insurer will be financially sound enough to handle a claim in the customer's best interest.
It is obvious that if an insurance firm or one of its employees chooses a course of action that substantially impairs customers' beliefs on credence qualities, existing reputational capital will be destroyed either partially or as a whole. The same holds, if customers' beliefs change due to an external event, e.g. because a corporate scandal that originally affects another insurer has spillover effects into the industry as a whole (Nienaber et al., 2014). It is, therefore, not surprising that the management of such reputational risks, i.e. all activities avoiding (further) damage of an insurance company's reputation, is a vital part of an insurer's overall risk management.
A particular challenge in reputational risk management (RRM) is that the financial value of a firm's reputational capital cannot be measured reliably. As a consequence, such changes are not included in a firm's formal accounting and control systems, which typically comprises formal results and action controls, e.g. key performance objectives or budgets (Merchant and Van der Stede, 2017). Thus, in situations with pressure for financial profitability and/or with managers prone to myopic behavior, the short-term gains of exploiting reputation at the expense of customers' expectations are oftentimes overstated against the resulting long-term losses when customers switch toward competitors or are less willing to pay price premiums (Mizik and Jacobson, 2007), leading to the observed scandalous behaviors to the disadvantages of customers.
To prevent a resulting market failure in the insurance industry, whose services are of high economic relevance (Haiss and Sümegi, 2008), it is subject to comprehensive regulation, e.g. the European Directive Solvency II that implements comprehensive European Unionwide insurance regulation in terms of quantitative requirements, governance and risk management requirements, as well as disclosure and transparency requirements; or the international accounting standards International Financial Reporting Standards 4 (IFRS 4) and IFRS 17, establishing principles for recognizing and measuring contracts issued by insurance firms.
But as regulation imposes costly restrictions on firm behavior, firms usually try to avoid direct, as well as indirect costs of regulatory activities caused, for example, by fees, taxes and behavioral restrictions (Darby and Karni, 1973;Gino et al., 2013). Even so, we find that in some cases, insurance firms even demand additional regulation instead of using selfimposed, but less costly internal control mechanisms (Merchant and Van der Stede, 2017) to build up reputational capital. Our research objective is to investigate this seemingly counterintuitive interplay between insurance firm behavior and regulatory activities, to better understand why regulation might be used as an externally imposed behavioral control mechanism.
Our paper addresses this research objective by taking a closer look at the management of reputational crises and the underlying causal mechanisms that have led to changes in insurance regulation regarding sales commissions for insurance brokers. To this end, we analyze a real-life case from the German private health insurance industry that started in 2009 and peaked in 2012. We combine economic and sociological theories to understand the dynamics that lead to increased regulation as a result of scandals. Our paper, therefore, Case study in the German insurance industry contributes to the field threefold. First, we add to the management control literature, suggesting that a need for behavioral control might also be addressed by firms demanding external regulation as a mechanism for limiting dysfunctional employee behavior. Second, we show that in our case, it was part of insurance firms' RRM, i.e. the prevention of further destruction of reputational capital, that had been driving the resulting changes in German insurance regulation. Third, we provide additional insights into why firms choose this rather costly and inflexible way to address behavioral control problems instead of implementing internal controls. Our paper is organized as follows: in the second section, we provide a brief literature review on risk management, regulation and reputational risks. Section 3 gives an overview of our research method. Section 4 contains our case, the MEG scandal. Section 5 analyses theoretical mechanisms and compares and combines their explanatory merits by using causal process tracing and Section 6 concludes.

Literature review
Even though there is a broad body of literature on corporate risk management, most of it deals with the integration of risk considerations into the firm's management and control cycle, dealing with, for example, risk as an economic phenomenon, managerial conceptualizations of risk and the organization of risk management, as well as its integration into the administrative management control cycle (for a comprehensive overview see Bromiley et al., 2015). Nonetheless, Wagenhofer (2016) criticizes the fact that research on risk management remains somewhat scarce, especially with respect to the interplay of regulation and risk management.
Traditionally, accounting research deals with "risk counting" (Mikes, 2011), i.e. integrating risks into meaningful financial accounting measures. In this vein, accounting regulation is a mechanism for making financial statements more informative for investors and other decision-makers with respect to variance in future performance, andat least to some extentalso serving as an instrument for managerial governance and control to prevent excessive risk-taking behaviors by a firm's management. However, as accountingbased financial controls do not suffice, firms also use a broad array of other behavioral controls, e.g. codes of conduct, compliance training, whistle-blower hotlines, as well as employee selection and development to restrict dysfunctional employee behavior (Merchant and Van der Stede, 2017). Nevertheless, until today, there remains a research gap regarding the role of external regulation within a firm's "management control package" (Grabner and Moers, 2013, p. 408). For example, Power (2002) implies that regulation plays only a decreasing role compared to internal controls, e.g. firms being forced to implement standardized risk management and corporate governance systems. Both Modell (2012) and Ahrens and Khalifa (2015) include external regulation only as a trigger for the development of internal control systems into their analyses, but not as a control instrument in itself.
While these papers are in line with the traditional political economy going back to Pigou (1938), arguing that regulation is an externally inflicted measure to mitigate conflicts between corporate insiders and outsiders, new approaches discuss regulation as an instrument in itself, that can be used by economic actors to yield economic rents. One of the first papers addressing the latter notion is the seminal analysis by Stigler (1971), who shows how relatively small economic groups, e.g. industries, benefit by actively seeking regulation restricting their activities. This idea has been taken up, among others, by Hail et al. (2018), who focus on the self-interest of regulators.
Our paper adds to both literature streams by addressing the original idea presented by Stigler (1971), and linking it to the management control literature by providing additional insights showing that the demand for regulation might also be an instrument for mitigating reputational risks. It can do so by serving as an externally enforced behavioral control instrument, thus creating economic rents at the level of a firm's real-economy business model.
For our analysis, we have chosen the insurance business, due to the exceptional importance of reputation for this industry. With this notion, our study uses a second literature stream showing that trust is one of the decisive factors for insurance customers (Csiszar and Heidrich, 2006;Schanz, 2006;Stewart, 2006). Gatzert and Schmit (2015), for example, argue that reputation signals a corporation's quality and reliability, especially when informational asymmetry is high. Moreover, many studies underline a positive link between reputation and firm performance (Raithel and Schwaiger, 2015).
Another literature stream analyzes the effects of reputation on clients and investors. Yoon et al. (1993) show that reputation can assist in generating purchase intention while others demonstrate that a good reputation reduces price sensitivity and increases willingness to pay (Graham and Bansal, 2007;Walsh et al., 2009;Burke et al., 2018). Milgrom and Roberts (1986) argue that a good reputation can also attract investors. Overall, researchers agree in their assessment that a good corporate reputation can function as a strategic asset that sets a company apart from its competitors. In this vein, Belva (2005) demonstrates in his research that reputational risks can have significant financial consequences. Fombrun and Van Riel (2004) argue that the financial impact reputational damages cause depends on how organizations manage reputational risks during a crisis. In fact, reputational risks play such an important role in insurance, that the Solvency II regime also addresses them as a separate risk category that has to be managed by insurers (Gatzert and Kolb, 2013).
In general, insurers already face a very tight regulatory regime imposing restrictive internal structures (Liedtke, 2011), and practitioners caution that reputational scandals will lead to an even stronger tightening of regulations for the industry, making internal organization costlier (Forstmoser and Herger, 2006;Nienaber et al., 2014;Schanz, 2006;Zboron, 2006). When misdemeanor becomes public, it is, therefore, critical how an organization or industry deals with this scandal (Poppo and Schepker, 2010).
Given this literature and the extensive damage that reputational scandals can impose on individual insurers, as well as the overall insurance industry, the lack of academic research on the reputational risks in financial industries and especially in insurance is quite surprising (Veh et al., 2019;Zaby and Pohl, 2019;Will et al., 2017;Schanz, 2006). The critique of Overbay (2003, p. 1) still holds that "reputational risk management (RRM) is poorly understood in the risk management and insurance community".

Research method
The focus of our study is to analyze how changes in insurance regulation are driven by reputational scandals, and on industry efforts to mitigate the resulting reputational risks. This research topic is rather difficult to assess in a quantitative study. First, reputational risk and the loss of reputational capital is a relatively delicate issue that might yield highly biased answers in a survey. Second, the constructs on which we focus are difficult to quantify; changes in regulation and reputational risks are difficult to measure as there are no standardized assessment methods (Zboron, 2006). Third, our main research interest lies in the interplay of factors and mechanisms that lead to changes in the regulatory environment of the insurance industry. Therefore, we have chosen a qualitative case study to capture an in-depth and multifaceted view of the complex interplay between scandals, loss of reputation, industry Case study in the German insurance industry behavior and regulation. Case studies constitute a common method in behavioral research, psychology and sociology and have gained popularity in management research too (Yin, 1984;Eisenhardt, 1989). With respect to the different approaches within the case study methodology, we have chosen the causal process tracing method (short: CPT) for our analysis. Blatter and Haverland (2014, p. 60) describe CPT as a "within-case method of analysis that concentrates on the processes and/or mechanisms that link the causes and the effects within specific cases". One of the main objectives of CPT is to highlight the interplay of different causal factors within a case study to pinpoint the underlying social mechanisms driving mechanism-based conjectures (Blatter and Haverland, 2012). CPT is particularly useful if the research object is the cause of an effect, rather than the effect of certain causes, and allows researchers to analyze a plurality of factors that work together to produce that effect. Therefore, CPT can be seen as a "tool for drawing descriptive and causal inferences from diagnostic pieces of evidenceoften understood as part of a temporal sequence of events or phenomena" (Collier, 2011, p. 824). Beach and Pederson (2013, p. 11) distinguish between the following three types of CPT methods: theory-testing process tracing, theory-building process tracing and explaining outcome process tracing. In this case study, we have chosen theory-testing process tracing as "we know both X and Y and we either have existing conjectures about a plausible mechanism or are able to use logical reasoning to formulate a causal mechanism from existing theory" (Beach and Pederson, 2013, p. 14). Therefore, the objective of this case study is to specify theories and variables that can best explain causality between the witnessed phenomena (Kay and Baker, 2015).
As pointed out in the literature, the most important factor in choosing a particular case for study is accessibility and that the case shows the outcome the researcher is interested in analyzing (Yin, 1984;Eisenhardt, 1989;Blatter and Haverland, 2012). In our research field of reputational scandals, loss of reputation, industry behavior and change in regulation, accessibility is very high, due to publicly available documentation of the law-making process and media coverage. From the number of scandals that have afflicted the insurance industry in the past decades, the scandal surrounding the insurance broker MEG and its founder Mehmet Göker is most suitable for our research, as the factors leading to the changes in regulation are to a large extent publicly documented, as is the desired effect, i.e. the change in regulation. We have used the extensive media coverage and, complementarily, the information from two film documentaries on MEG. Furthermore, we conducted narrative interviews with management-level representatives of three insurance companies who at the time were, and remain important protagonists in the health insurance market. These interviews shed light on background discussions within the industry and the different motives at play.
One prominent limitation of case studies is the challenge of gathering results that can be generalized beyond the analyzed case. However, a CPT case study results in a set of potential factors and mechanisms that lead to the observed result. Therefore, as Kay and Baker (2015, p. 3) argue, these deductions are as follows: are portable within and across cases and can be the basis for systematic theorizing about policy processes, particularly if some kind of typological theorizing is employed to work out how mechanisms may interact in any particular situation.

Case study: the MEG scandal
Mehmet E. Göker was born in 1979 in Germany. After finishing his training as a sales agent at a health insurance firm, he founded his brokerage MEG Aktiengesellschaft (AG) in 2003.
He soon focused on selling private health insurance contracts for several health insurance firms, which at the time offered the highest commissions of all private insurance lines. Due to its focus on high commissions, MEG experienced a large growth within a short period and in 2005 had about 40 employees and total commissions of EUR 2.6m. In 2006, MEG went public with 150 employees, revenue of EUR 11.1m, but a loss of EUR 2.2m (Handelsblatt, 2013).
Due to the resulting financial pressures, Göker started to push the boundaries of the business to his advantage. In 2006, he succeeded in negotiating substantially higher commissions from the insurers he cooperated with andeven more importantadvance payments for these commissions. While other health insurance brokers supposedly received a commission of 6 or 7 monthly premiums (i.e. given a monthly insurance premium of EUR 500, the broker would earn about EUR 3,000 to EUR 3,500 per sale), Göker was rumored to have received commissions of up to 21 monthly premiums (i.e. in this example EUR 10,500) (Frankfurter Allgemeine Zeitung, 2012). FOCUS reports a maximum amount of EUR 8,000 per insurance policy, which still amounts to more than twice the average compared to other sales agents (FOCUS Online, 2015). More importantly, such excessive commissions imply that a health insurer reaches break-even on an insurance policy after 16 to 21 months of contract duration at the earliest.
This commission scheme, paired with a low liability period fueled a "churning" market in the German health insurance industry, from which MEG heavily gained (Handelsblatt, 2013). With a liability period of only one year, brokers like MEG had a high incentive to change a customer's health insurance provider. Every year, as soon as the liability period ended, thus generating a new broker commission for the same customer. This churning affected insurers and insurance customers negatively. For one, even though the churning offered the opportunity to grow one's market share, this was very costly for insurers because churning caused losses if the commission exceeded the annual insurance premium.
Furthermore, churning affected the remaining customers of this insurer in two ways. In general, insurers pool individual risks into collectives (i.e. groups of insurance customers) to hedge risks within larger groups. Thereby, individual risks, which are highly uncertain in occurrence and severity, become calculable, as the insurer can collect data and calculate probabilities on average risks. However, this also entails sharing losses in the collective as well. Therefore, the losses from the re-sold contracts were borne by the remaining insurance collective in the form of increasing insurance premiums due to high acquisition costs. Second, as churning usually affected healthy customers (who are easiest to churn) this harmed the collective by shifting the structure of the collective to a disproportionate share of customers with poor health and high health costs. This too, resulted in losses for the insurance collective due to poorer performance of the collective, leading to increasing insurance premiums as well. Even more so, churning led to disadvantages for those customers whose contracts were re-sold. When signing with a new health insurance provider, customers had to endure a waiting period (usually 12 months) in which the insurer would not pay out any claims. However, if the insurance broker re-sold this health insurance contract to a different health insurer, the waiting period would start all over again, leaving the customer effectively without health insurance cover, despite paying his insurance premiums. Consequentially, the commission scheme and low liability period posed a high incentive for brokers like MEG to focus on churning, effectively putting their own selfinterest before that of their customers to get a professional consultation. Churning paired with a pyramid-scheme sales structure and highly organized and unethical sales practices offered brokers like MEG large growth potential.

Case study in the German insurance industry
As all these disadvantages and shady practices were neither discussed in public at that time nor transparent to most customers, MEG continued its exponential growth and in 2007, revenue was at EUR 33.3m, with a profit of EUR 280,000. In 2008, revenue increased to 53.7m Euros, with a profit of 3.1m Euros. In 2009, revenue seemed to grow as well, and in August 2009, MEG reported revenue of EUR 48.5m. At that time, MEG was considered the second largest health insurance sales agency in Germany (FOCUS Online, 2015). Therefore, the sudden announcement that Göker would be stepping down from his position as CEO came as a surprise to outsiders, especially as a new investor took over Göker's stock shares for a symbolic price of 1 euro. Only two months later, MEG filed for insolvency (Handelsblatt, 2013).
Later, it was revealed that MEG had for some time been in deep financial trouble. For one, Göker had withdrawn large amounts of money for private expenses. However, he had done so without approval from the supervisory board (Handelsblatt, 2013). Furthermore, the large and quick personnel growth of MEG fueled dubious contract-acquisition practices. As a result, contract annulments by customers increased from an average of 20%-30% to almost 90% (Frankfurter Allgemeine Zeitung, 2012). MEG had neither made substantial provisions for repayment of the advance payments received by the health insurers nor did it have sufficient net assets to cover these liabilities.
This development of course made large waves within the industry and especially at those insurance companies with which MEG had cooperated, as they had paid out large amounts of advance payments for commissions to MEG without receiving the corresponding insurance sales. The authorities started to investigate Göker for delayed filing of insolvency. In 2011, he faced criminal charges and many insurers were suing for the return of advance payments and restitution for annulled contracts. For example, Allianz and AXA, two of the largest insurance firms worldwide, filed for a sum of EUR 3.4m (Allianz) resp. EUR 2.6m (AXA) (DAS INVESTMENT, 2015a, 2015b. Local newspapers started to report regularly on the court proceedings (Hessische/Niedersächsische Allgemeine (HNA), 2011a, 2011b, 2011c), and as the press gathered interest in MEG, the first misdemeanors became public. Media reported on illegal practices and that MEG sales agents might have even forged customer signatures (Hessische/Niedersächsische Allgemeine (HNA), 2011d).
At the same time, the association of German private health insurers (PKV) comprising 42 insurers (more than 90% of the market) [3] proactively called for legislation to introduce significant new regulations for the German health insurance industry Deutscher Bundestag (2011a, 2011b) as a direct result of the MEG scandal (SPIEGEL Online, 2013). During the public hearings for the policy draft, the association argued that they were not able to implement a limitation of commissions on their own, e.g. via internal behavioral control mechanisms, as this would bring insurers into conflict with anti-competition laws (Deutscher Bundestag, 2011aBundestag, , 2011b. On December 6, 2011, as a consequence to the MEG scandal, a new law for private health insurance (Art. 22, Gesetz zur Novellierung des Finanzanlagenvermittler-und Vermögensanlagenrechts, changing § § 12 and 80 Versicherungsaufsichtsgesetz (VAG)) [4] was introduced into German legislation, taking effect on April 1, 2012. This law had significant effects on the payment of insurance sales commissions. Before the new legislation, sales commissions for insurance brokers were negotiable between insurers and brokers, and therefore, a significant competitive factor for insurers. Furthermore, the commission was usually earned by the broker after a liability period of one year to accommodate the risk that customers might cancel the insurance policy right after its inception.

JAOC 18,1
The new regulation introduced significant and costly changes to the organization and accounting of insurance firms and brokers. For one thing, it prolonged the liability period from 1 to 5 years, and furthermore, commissions were now limited to a maximum of nine monthly premiums. The industry association of German private health insurers (PKV) estimated at the time that 400,000 individual contracts between brokers and insurers had to be changed (Deutscher Bundestag, 2011aBundestag, , 2011b. In addition, insurance brokers were now forced to recognize increased provisions in the balance sheet regarding potential contract annulments. Overall, the new regulation had significant effects on private health insurance. For a start, with a limitation on commissions, a market standard for health insurance commission was effectively introduced. This changed inter-organizational cooperation by abolishing commission-based competition between health insurers. The regulation, thus put a stop to commission excesses and lowered acquisition costs. Health insurance premiums consist of a risk premium, administrative costs (including acquisition costs) and provisions for old age. Therefore, a reduction of acquisition costs directly benefits the insurance collective by increasing funds for provisions for old age.
In addition, the prolongation of the liability period effectively abolished churning in the private health insurance market and the resulting losses for insurance costumers, which, due to the credence qualities of health insurance contracts, became publicly known only in the aftermath of the MEG scandal.
On March 8, 2012, a documentary on MEG opened in German cinemas and made news at the national level. A film team had been documenting Mehmet Göker's path and the rise and fall of MEG for years. MEG and Mehmet Göker came under media scrutiny and the mass media detailed the sales practices within his organization. The director summarized the documentary: "If you offered the story as a movie script, you would be rejected because it includes too many clichés" (Frankfurter Allgemeine Zeitung, 2012). The documentary "Der Versicherungsvertreter" depicted the greed of sales agents and their hunger for money, power and status at the expense of their customers, and, even more so, that insurance companies supported such sales-driven brokerage organizations and cooperated with them willingly and enthusiastically, thus impairing their reputation dramatically (SPIEGEL Online, 2015).
By 2011, MEG AG had gone out of business, and Göker had moved to Turkey, where a prohibition of extradition prevented the German authorities from enforcing judgment until 2021. The insurance regulation enacted after the scandal is still in effect to this day. Regulatory authorities have declared it a success (Deutscher Bundestag, 2018) so that the German insurance industry finds itself confronted with repeated pressure to introduce similar accounting changes for other insurance lines as well (see, for example, the newly introduced limitation on commissions for residual debt insurance, DAS INVESTMENT, 2021).

Analysis
As a starting point for analyzing the industry factors leading to the MEG scandal, we use the Prisoner's Dilemma, which, as an essential part of game theory, describes the (un) cooperative behavior of two competing actors. Specifically, in a situation with two players, each faces the possibility to exploit a cooperative co-player to increase his/her own gain. As both players' actions are based on rational choice, they anticipate the exploitative behavior of the other one and act in an exploitative fashion as well. The resulting Nash equilibrium is Pareto-inferior (Axelrod and Hamilton, 1981).

Case study in the German insurance industry
Applying the perspective of the Prisoner's Dilemma to the insurance industry and the MEG scandal, the players are the insurance firms that compete for market shares. The insurance broker (in our case: MEG) serves as an external sales channel whose activities are based upon a simple commission mechanism: New health insurance contracts are shifted toward the insurance firm that agrees to the most advantageous commission scheme for the broker. As a result, commissions increase, and profits are gradually shifted from health insurers to insurance brokers. On the other hand, as overall market volume cannot be increased indefinitely, there is no corresponding increase in sales volumes if all insurance firms are engaged in the competition for contract sales with the insurance broker. In the Pareto-inferior Nash equilibrium, insurance firms pay the maximum commission (compared to an average commission before engaging in competition) and the volume of contracts sold remains virtually unchanged. As contract losses are covered by the premiums paid by all customers, i.e. the insurance collective, insurers' payoffs do not become negative, but with increasing commissions, there is a welfare loss to the customers which is unobservable in the usual course of business due to the credence qualities of insurance contracts. This is illustrated in Figure 1.
In a stylized case of two insurers, both had the choice to either pay a standard commission to MEG or compete against each other in terms of commission. If both insurers pay an average commission, they reach the market optimum with the highest overall gain (payoff 3 for both insurers). If only one insurer offers higher commissions to the broker, all sales are channeled to this insurer. As a consequence, for this insurer, contract volume increases over proportionally compared to the reduction in profit per contract due to the higher commission. As a result, this insurer realizes higher net earnings compared to the other insurer which loses the corresponding sales volume (payoffs 1 and 4 and/or 4 and 1). The overall sum of payoffs (5 < 6) is lower compared to the first case, as the broker receives an excess commission. If both insurers compete on commissions, the Pareto-inferior Nash equilibrium of the Prisoner's Dilemma materializes (payoff 2 for both insurers) which reduces insurers' profits to a sum of 4, once again increasing excessive broker commissions even more, and in fact creating a deadweight welfare loss of the insurance collective mentioned above. As we have seen in the MEG case, almost all insurers had competed on commission.
However, in the case of MEG, the Prisoner's Dilemma had in fact been repeated for several years, i.e. without any foreseeable end, so that from a model perspective, the game has to be played for an infinite number of rounds which each of the players remembers. In that case, game theory suggests that players can develop strong cooperative strategies, e.g. tit for tat (Wedekind and Milinski, 1996), and reach the Pareto-optimal solution.
If this had been the case with MEG, neither the competition on commissions would have evolved nor would regulation have been implemented. Instead, the behavior of all health insurers would have been driven by a collective self-commitment not to tolerate MEG's aggressive sales behavior toward customers. Interestingly, however, such behavior did not materialize, i.e. firms were obviously not implementing internal controls restricting their own behavior. Interviews with leading representatives of the German insurance industry that we conducted show an overall agreement in this respect. Insurer A explains: An industry is a competitive market. There are always those [insurers], of course, that are largely dependent on brokers, that also considered these sales practices, well, necessary. And contrary to that, there are certainly those who had addressed this issue intensely: can it be, that commissions are paid to this extent?
Insurer B similarly elaborates: Because, it was not just one or two insurers, there were quite a few that were delighted with this greed and I think they tried to use this in order to increase sales numbers for themselves. But it is always baffling how many actually fell for that. Well, even back then I found this very puzzling.
Insurer C even reports how individual attempts to remedy the situation were hindered: There was heavy resistance from the industry itself and there were of course the normal industry associations, that took the leadwhether it was associations like GVK [5] and so on, that are actually more focused on sales agents and brokers. On the other hand, there were our mouthpieces, like GDV [6], who massively fought against [a standardization of commissions]. I think, people thought that this would lead to heavy decreases in sales.
In the context of the Prisoner's Dilemma, ordonomic game theory suggests as well that "in a many-sided dilemma, an individual self-commitment can never solve the problem of collective self-damage" (Pies et al., 2009, p. 385). In this vein, a potential solution mechanism suggested by Pies et al. (2009) is then industry regulation. This view is reiterated by Insurer A: Well, of course, there was the opinion that in a free-market economy every form of [statutory] intervention into the relationship between contractual parties is not necessary. That's why there was a strictly liberal school: no intervention. However, there was also the view that private health insurancewhich we're talking aboutis a part of the social security system, and excesses which we had partially seen, had to be limited by the appropriate statutory intervention if the market was not able to regulate itself.
This implies that the official justification presented by the association of the German health insurers, of not being able to stop competing on commission, as this would violate anticompetition laws isin our opinionjust a symbolic argument, covering up the true reasons for the need for regulation. To identify the hidden mechanisms explaining why insurance firms over a long time not only tolerated but also even fueled the shady sales practices and misbehavior of MEG at the expense of the insurance collective, we will, therefore, in a next step, draw on sociological theory, more specifically on the theory of vicious cycles of bureaucracies Crozier (1963), Luhmann (1964 combined with organizational learning theory (Argyris, 1977;Grebe, 2013). This follows Masuch (1985), who also applies both approaches in combination, to explain underperformance, stagnation or decay in organizations.
In the context of corporate misbehavior or transgressions becoming public, Kühl (2019) argues that such events can set in motion a vicious cycle that will lead to long-lasting changes in the governance of a company or even regulatory changes. We draw on these deliberations to understand how scandals develop, why they spiral out of control and what Case study in the German insurance industry consequences result. However, we broaden the application of this mechanism from an organizational level to an industry level. As a starting point, we assume that vicious cycles evolve in the following three stages: (1) A transgression becomes public.
(3) Firms come under the scrutiny of the public that is now wary of new transgressions.
Depending on how the reputational risks are managed at these stages, firms' actions can put a stop to this cycle or cause the crisis to spiral (Figure 2). The starting point of a vicious cycle, i.e. public transgression, can occur in different ways and encompass all kinds of rule-breaking, from accepted procedures and practices to unethical behavior or even illegal activities. Whether a scandal develops then depends on how unethical or enraging this action is perceived by the public (Eccles and Vollbracht, 2006;Forstmoser and Herger, 2006;Kühl, 2019;Will et al., 2017;Zboron, 2006). These circumstances make the management of reputational risks challenging for an organization, as it is difficult to anticipate its potential impact. Nevertheless, if a scandal occurs in one firm, there are often spillover effects to the industry as a whole, which create pressure for the industry.
In the second stage, the firms try to repair reputational damage, engaging in activities that are supposed to repair the "display window", meaning they focus on risk management measures that have a significant and positive signaling effect to external observers. The quality of these risk-management measures is a decisive factor for the further development of the scandal. Poppo and Schepker (2010) emphasize that no reaction at all is much worse than a simple public apology, and Grebe (2013) adds that cosmetic "white-washing" is not enough, which also comprises activities, such as public apologies, image campaigns, by claiming that this is an isolated event, downplaying negative consequences or presenting them as common practice (Hahn et al., 2021;Beaubien, 2008). Another popular "whitewashing" method aimed at containing the reputational risk is to offer a sacrificial lamb (socalled scapegoating). Guénin-Paracini et al. (2014) analyze the surprisingly insignificant regulatory changes in the USA that resulted from the 2008 global financial crisis. They argue that successful scapegoating at an industry level (i.e. putting the blame on Lehman Brothers) was crucial in protecting the overall industry and preventing new regulation. They conclude that scapegoating works to protect the existing system from blame and thereby deflects calls for new and extensive regulations at an industry level. To effectively address a reputational scandal at the firm level, Grebe (2013) points out that double-loop learning (Argyris, 1977) becomes necessary, which extends way beyond organizations apologizing for their behavior and discontinuing the criticized practices, which is denoted as single-loop learning (Pfarrer et al., 2008). If organizations establish internal behavioral controls that prevent these and similar types of misconduct, they have accomplished double-loop learning. Even so, reputational risk controls that are effective at the firm level, e.g. the introduction of regular external audits, changes in the code of conduct or other compliance measures within a firm's ethical infrastructure, are no longer feasible if a scandal grows. First, the impact of such risk controls materializes rather slowly. Second, public awareness of the effectiveness of these measures is difficult to achieve. Third, there are still spillover effects from firms within the industry which do not implement such reputational risk controls.
In the third phase, a firm finds itself under the looking-glass, as the scandal has created a situation in which the public remains critical or even skeptical. Kühl (2019) notes that in this phase, it is likely that attention and scrutiny lead to more scandals because other transgressions are unearthed. As a result, the whole cycle could start all over again and if other firms are affected, spill, over to the whole industry.
Using the example of the scandal surrounding an oil company, Grebe (2013) argues that third-loop learning becomes necessary if the double-loop learning by an organization in the second stage, through implementing adequate reputational risk measures, is no longer adequate to appease the public outrage. Third-loop learning in that case implies that regulatory authorities intervene to incorporate the outcome of the organization's double-loop learning (either a best practice or lessons learned) into new regulation for the whole industry, shifting RRM and the implementation of behavioral controls from firm-level to industry-level.
Applying these foundations to the dynamics of the MEG case, we find that even though the first misbehaviors by MEG became public in 2009, they only made news at the local level and within the German insurance industry. However, with the release of the documentary on MEG in 2012, a reputational scandal developed at the national level as the immoral and greedy sales practices of brokers and insurers became transparent to the public at large (Stage 1), and triggered public outrage, spilling over from MEG to health insurers and the whole insurance industry, damaging its reputation. The insurance industry hurried to assure the public that MEG was not representative for industry practices or that insurers themselves had proactively withdrawn from business dealings with MEG (Versicherungsmagazin, 2012). However, a myriad of the picture and video footage made it difficult for insurers to distance themselves from the scandal. Insurer C states: Well, I can tell you, the reputation [of the] insurance industry, very much teetered on the brink. The reputation teetered on the brink because people were questioning, how it can be that someone earns so much moneyto put it very simplyhow someone can earn so much money with commissions for a consultation that is not professional but ultimately unprofessional.
However, the culprit of this scandal was not remorseful and Göker did not take any steps to manage the reputational risk at the level of MEG, such as by renouncing his sales practices. Instead, afflicted insurers themselves had to implement reputational risk measures, i.e. the task of "repairing the display windows" devolved on them. Insurer A elaborates on the situation in which insurers found themselves as follows: The pressure, of course, in terms of whether private health insurers are operating a sustainable business model, had indeed increased again and again due to media coverage. [. . .] And that led to pressure also with regard to the future viability of the industry.

Case study in the German insurance industry
Insurer C reports that the industry tried to implement internal and industry-level controls as follows: At the time when the commission binges happened, we discussed that we somehow had to improve the image of insurance sales agents and brokers, because this also reflects negatively on us [insurers]. That is why the industry then introduced the initiative "well advised" However, these industry initiatives did not eradicate dubious sales practices like those of MEG.
Another risk management measure, in that case, could have been scapegoating. Finding a sacrificial lamb would have enabled the industry to deflect the blame onto one player and protect the health insurance industry as a whole. However, as almost all major health insurers were involved in business dealings with MEG, scapegoating was not feasible in this case.
Furthermore, stopping these sales practices at each individual insurer (single-loop and double-loop learning) was not considered sufficient. Insurer C explains: Well, I think if certain things transpire so publicly, you cannot solve them internally anymore. You can only solve things internally, that do not explode like that. That [creates] a certain expectation.
As a consequence, the association of German private health insurers (PKV), took more drastic measures to prevent this cycle from going further. Reinhold Schulte, then head of the association, stated that the association had proactively and unilaterally called on regulators to introduce new regulations (Deutscher Bundestag, 2011a, 2011b. He disclosed that the new regulation was a direct result of the MEG scandal (SPIEGEL Online, 2013). Insurer A conveys: However, there was no self-commitment [in the industry]. This is an issue, of course, that selfcommitment is not possible due to anti-trust requirements. And that is why there were different opinions on that [topic]. We did not reach the point where insurers had decreased their commissions [on their own], as they had other priorities. Given this environment, it is my opinion that it's better to have a clear regulatory framework.

Insurer B similarly states:
And that is why I say, as long as we have these colleagues in the industry, these companies, it will not work out by making each individual and the industry as a whole see reason. You have to regulate it by law.
This implementation of lessons learned at an industry level constitutes third-loop learning.
In the third phase, the industry found itself under scrutiny from various parties. Up to this point, most politicians had avoided the issue of commission binges. Insurer A ascribes this to a lack of understanding and describes the role that the MEG scandal played in raising awareness as follows: The change of mind within [parliament] politics entailed, of course, a better understanding of the problem, witnessing and noticing these sales practices. MEG certainly played a role, in the sense that it became more transparent how these sales practices operated.
Therefore, the scandal acted as a catalyst which created a sense of urgency within the political sphere. However, consumer organizations have always held a more critical view of JAOC 18,1 the private health insurance industry. Therefore, the MEG case strengthened their call for action, as Insurer B notes: I think the pressure was too great to be able to continue like this. [. . .] But, in the end, you could not go on like this because consumer protection organizations had focused on this issue.
At this point, the cycle might have continued and led to externally imposed and much more restrictive regulation. However, when the MEG scandal broke publicly in 2012, the media also reported that the insurance industry had already taken measures to prevent this type of sales frenzy in the future, by means of new regulation (Versicherungsmagazin, 2012), effectively bringing the vicious cycle to a halt. Nevertheless, those insurers involved in these market practices still struggled with these new regulations, as all three insurers mention. Insurer B explains: And even after [the introduction of the law in 2012], the regulatory authority and the industry association both conducted surveys: ok, how is it regulated, how have you adapted the regulation within your company. Even then, especially in the first year, you could see who complied [with the new regulation] and who did not comply. And that was an insight, that was truly gruesome.
Even though the subsequent industry regulation prevented excessive competition on commission, and thus moved the industry toward a situation reflected by the Pareto-optimal equilibrium in our model, we still find indications that this solution is costly, not very flexible and not flawless. All our interview partners noted in unison that those insurers that were heavily involved in the illicit sales practices at that time still feel burdened and restricted by the existing regulation, and therefore, seek workarounds and means of evasion. Hence, the industry still relies heavily on regular insurer audits by supervisory bodies. Insurer C, for example, discloses: Well, the thing is that in the industry, many insurers still pay higher commissions [than the standard]. It could be that this will be corrected by audits from the BaFin [9]. The GDV also does annual or bi-annual evaluations, I think. The commissions appear to have decreased, but we also know that there are other ways to pay.

Conclusions
In our paper, we have taken a closer look at the direct link between reputational scandals and changes in insurance regulation as a measure of RRM, and we have discussed the mechanisms that led to these changes.
In our case study, we have detailed the MEG scandal, which engulfed the German insurance industry and peaked in 2012. The MEG scandal was picked up by the mass media and spilled over from broker to health insurers and the private health insurance industry as a whole, which then faced massive public criticism. As a result, insurers proactively called on the regulatory authorities to introduce new regulations, instigating accounting and organizational changes. These new regulations were targeted at preventing aggressive sales strategies and excessive commission payments to insurance brokers and are still in effect to this day, restricting employee behavior in insurance firms as an external control mechanism, and thus safeguarding reputational capital.
Using causal process tracing, we have analyzed the initial situation in which this real-life case was set, using economic mechanisms described in game theory. However, we found that the Prisoners' Dilemma did not fully explain the behavior within the health insurance industry in our case, as even though we observed several rounds of the game without a fixed end, cooperative behavior induced by sufficient internal behavioral controls did not emerge. In the next step, we used theories from sociology to better understand the behavior of the Case study in the German insurance industry actors in our case and how external regulation was used as a measure of RRM. Using theories of vicious cycles of bureaucracies combined with organizational learning theory, we have seen that the dynamic can be divided into three stages, which can lead to a downward spiral. The crucial factor in this cycle is the industry's behavior, which determines whether the cycle can be stopped or whether it continues. We have seen that insurers were unable to contain their behavior through internal controls, and thus demanded external regulation, which effectively addressed dysfunctional behaviors and served to finally resolve the scandal. Our paper, thus shows that industry regulation and the resulting organizational changes may be driven by the regulated firms themselves to mitigate reputational risks, as other less costly and internal control mechanisms for RRM may fail. Our results also suggest that if firms want to avoid increasing regulation, they have to implement internal controls to ensure strong RRM, so as to counteract short-term profit pressure and to avoid restrictive regulation imposed on the industry as a whole. Furthermore, our study indicates that effective RRM should not be restricted to controlling employee behavior within an organization, as due to spillover effects, reputational capital especially with respect to credence goods, might also be destroyed by misbehavior at other firms within the same industry.
Our paper is subject to several limitations, which leave room for future research. Most importantly, as we used a case study, generalizability is at first glance limited. Nevertheless, as Blatter and Haverland (2014) argue, causal process tracing allows tracing evidence for theoretical deliberations in complex case situations when "smoking gun observations" and specific process dynamics are highly relevant. Furthermore, we are able to shed light on the causes of the observed effect, i.e. the introduction of regulation, which is in fact the use of regulation as a control mechanism to prevent scandals escalating out of control and causing further destruction of reputational capital.
Today, more than a decade later, the MEG scandal is once again a trending topic. Because Mehmet Göker's sentencing is subject to the statute of limitation in 2021, he is currently starting to build up his brokerage once again. Insurer C complains that this can bring the MEG scandal to the forefront again as follows: Mehmet Göker is now active again and immediately, there it is again in the papers: commission binges, even though this de facto is no longer possible. [But] it is stuck [in people's heads].
Insurer B cautions as well: So I hope, I really hope, that he will not gain a foothold. And if [he does], then there will be fierce, fierce discussions. And, I think, we will shoot ourselves in the foot, [. . .] if we get involved in these types of sales models. I really feel it would be catastrophic. I hope that it does not happen and that type [of conduct] will be publicly chastised and ((groan!)). 6. GDV is short for Gesamtverband der Deutschen Versicherungswirtschaft (German Insurance Association) which is the federation of private insurers in Germany.

As cited by
7. The initiative "well-advised" was introduced as a self-commitment by the German insurance industry and focuses on professional and continuous trainings for insurance brokers and sales agents.
8. The German Association of the Insured (BdV) is one of the most important German consumer associations.