This informal CPD article ‘Product Governance at Board Level: What the Non-Executive Should Be Asking‘, was provided by Nikolas Demetriades, founder of CPDs.Academy, a CPD training platform delivering compliance education for professionals in EU-regulated financial services.
Product governance is often one of those subjects that arrives in the board pack as a one-page summary, accompanied by reassuring language about policy adherence and the absence of issues for the period. It is easy for a non-executive director to read that summary, conclude there is nothing to query, and move to the next agenda item. That is a missed oversight opportunity, and in some regulated sectors it is also a missed accountability moment.
The MiFID II product governance framework (1), read together with the ESMA Guidelines on MiFID II product governance requirements (2), makes product governance a management-body oversight matter rather than a purely technical compliance exercise. The Guidelines link the distributor's target market identification to the firm's business policies and distribution strategies, matters for which the management body bears ultimate responsibility under the broader MiFID II governance framework.
This article sets out the questions a non-executive director or board member should be prepared to ask of the firm's product governance arrangements, and what an answer that meets the supervisory standard should look like. It is written for non-executive directors, board members, senior managers and members of product governance, risk, compliance or investment committees where such committees are involved in product governance oversight. It is not written for the compliance officers who own the framework day to day. The seven questions that follow are not intended to be exhaustive. They are the ones whose answers most reliably distinguish a working arrangement from a paper one.
Question 1: Who in this firm owns product governance, and how would I know?
Product governance is one of those subjects that sits across multiple functions. Compliance writes the policy, the business selects the products, distribution channels execute the strategy, operations holds the data. The risk in that structure is that everyone is involved, and no one is accountable.
The non-executive should expect a clear answer to a simple question: which senior manager owns product governance and where is that ownership documented. Acceptable evidence may include terms of reference for a Product Governance Committee, where established, role descriptions covering product governance accountability, an internal allocation of responsibilities, the firm's organisational chart, the product governance policy itself, Board or management body minutes recording the relevant appointment, or senior management approval records. Where the response is that “compliance and the business share responsibility,” the next question is who decides when they disagree.
Question 2: How does product governance reach this board, and on what cadence?
A management body cannot exercise oversight over arrangements it does not see. The non-executive should expect to see product governance on the board or committee agenda at a defined frequency, with a written report that goes beyond confirming that the policy is in place.
A useful report contains, at minimum, the products distributed during the period broken down by category, the target market and distribution strategy assessment status for each material product, the volume and pattern of sales outside the positive target market, any product reviews conducted and the conclusions reached, significant feedback received from or provided to manufacturers, and the actions arising. A report that contains none of these and instead reports “no exceptions noted” is not a report the board can challenge.
Question 3: Has the firm identified its own target market, or has it inherited the manufacturer's?
This is the question that most reliably exposes a paper arrangement. A distributor should not simply adopt the manufacturer's target market without its own assessment. It may conclude that the manufacturer's target market can be used as it is, but that conclusion should be based on a critical review and the distributor's knowledge of its own client base. Commission Delegated Directive (EU) 2017/593 requires the distributor to identify the actual target market in light of the clients to whom it provides services and the products it intends to distribute (3). What the framework does not permit is for the distributor to file the manufacturer's target market and treat its own obligation as discharged.
The non-executive should ask, for any material product line, where the firm's own target market documentation lives, who approved it, and what the basis was for any difference from the manufacturer's, or for adopting the manufacturer's target market unchanged. An answer that begins “we use the manufacturer's” without qualification is a finding waiting to be made. ESMA's 2021 Common Supervisory Action on the application of MiFID II product governance requirements flagged this issue specifically (4), and the point has been carried through into the current Guidelines (2).
Question 4: How does this firm know when sales fall outside the target market, and what does it do then?
Two failure modes recur. The first is firms that monitor only for sales into the negative target market and report “no issues” because, by definition, sales into the negative target market are rare. The second is firms that monitor at portfolio level rather than at product level and report aggregate suitability outcomes that mask product-specific patterns.
A non-executive should expect product-level sales monitoring data, with clear distinction between sales inside the positive target market, sales into the negative target market, which should be rare and subject to stronger justification and review, and what the ESMA Guidelines describe as the grey area (2), namely sales to clients who fall outside the positive target market but not into the negative. Sales in the grey area are not automatically wrong. There are legitimate reasons including portfolio diversification and the application of suitability rules at the point of sale. But they should be identified, trended, and analysed. A firm that cannot identify or analyse grey area sales will struggle to demonstrate effective monitoring of its distribution strategy.
Commission Delegated Directive (EU) 2017/593
Question 5: What does this firm do when a product is not working for clients?
Product reviews are the part of the framework most often reduced to ceremony. A review is conducted, the file records that the product remains appropriate, and the matter closes. The harder question, and the one that demonstrates a working arrangement, is whether the review actually engages with client outcome data.
A non-executive should ask what data feeds into a product review, beyond the marketing material and the manufacturer's information. Useful inputs include complaint patterns relating to the product, withdrawal and surrender rates, suitability assessment outcomes, trading or holding patterns inconsistent with the assumed target market, and feedback from the front line. A product review file that contains none of these and concludes “no changes required” is not evidence of governance. It is evidence of process.
Question 6: Does this firm tell its manufacturers what it sees?
The product governance framework is sometimes read as a one-way flow, with manufacturers providing information and distributors receiving it. That reading is incomplete. Commission Delegated Directive (EU) 2017/593 expects distributors to provide manufacturers with sales information, exception feedback, and any insights that may affect the manufacturer's own product review (3), particularly where the distributor identifies recurring issues or evidence that the target market may have shifted in practice.
This is a useful question for a non-executive because the answer is binary and verifiable. Either the firm has a documented process for providing feedback to manufacturers, with records of what has been provided, or it does not. Firms that distribute products manufactured outside the MiFID II perimeter, including third-country manufacturers, still carry the obligation to take reasonable steps to obtain adequate product information. The absence of an obligation on the manufacturer's side does not discharge the distributor's duty.
Question 7: If a supervisor arrived next week, what would they actually examine, and could the firm produce it?
This is the closing question, and the one that distinguishes governance discussion from theatre. In practice, supervisory reviews commonly follow a document-and-sample logic. The firm may be asked to produce its Product Governance Policy, documented product governance review records, the internal allocation of product governance responsibilities, and a sample of product files. Those files should evidence the target market documentation, the distribution strategy assessment, the sales monitoring data, the review records and the conclusions.
A non-executive should ask, periodically, whether the firm could produce that chain on request, and within a reasonable time. The question matters because an arrangement that cannot be evidenced quickly is not, in supervisory terms, an effective arrangement, regardless of how comprehensive the underlying work has been. An evidence register, maintained as documents are produced rather than reconstructed at the point of inspection, is the practical answer. Independent testing of a sample of products against the evidence register, for example through internal audit or compliance monitoring, is the verification.
Closing observations
The questions set out above are not regulatory technicalities. They are the lens through which a non-executive can form an independent view on whether the firm's product governance arrangements are working. The right answers, supplied with the right evidence, tell the board the framework is operating. The wrong answers, or answers without supporting evidence, are early warning signals that should be acted on while they remain early.
There is a wider point. Boards and senior management in regulated financial services are increasingly expected to demonstrate that they have engaged substantively with the firm's conduct framework, not merely that they have been informed of it. Product governance is one of the most testable areas in that conduct framework. The obligations are specific, the supervisory expectations are documented, and the evidence either exists or it does not. A board that runs through the seven questions above with genuine answers behind them is a board that is doing its job. A board that cannot, regardless of how the management report reads, has work to do.
We hope this article was helpful. For more information from CPDs.Academy, please visit their CPD Member Directory page. Alternatively, you can go to the CPD Industry Hubs for more articles, courses and events relevant to your Continuing Professional Development requirements.
References
(1) Directive 2014/65/EU of the European Parliament and of the Council of 15 May 2014 on markets in financial instruments (MiFID II), in particular Articles 16(3) and 24(2).
(2) European Securities and Markets Authority, Guidelines on MiFID II product governance requirements (ESMA35-43-3448), published in all EU official languages on 3 August 2023 and applicable from 3 October 2023.
(3) Commission Delegated Directive (EU) 2017/593 of 7 April 2016 supplementing Directive 2014/65/EU, in particular Articles 9 and 10 on product governance obligations for manufacturers and distributors.
(4) European Securities and Markets Authority, Public Statement on the 2021 Common Supervisory Action on the application of MiFID II product governance requirements, July 2022.
