Product Governance Self-Assessment for Distributors: What Supervisors Actually Examine

A practical walkthrough of the distributor side of MiFID II product governance. Includes a free self-assessment template you can adapt for your firm.

1. Why product governance still trips firms up

Product governance is one of those areas where the law is reasonably clear, the guidelines are detailed, and yet a lot of firms still struggle to evidence what they are doing.

There are a few reasons for that.

The first is that product governance sits at the intersection of compliance, business development, sales and operations. The compliance team writes the policy. The business team chooses the products. The sales team distributes them. The operations team handles the data. When supervisors come knocking, they want to see all four lined up. In a lot of firms, they are not.

The second is that the obligations apply continuously, not just at product approval. Target markets need to be assessed before distribution and reviewed periodically. Sales outside the positive target market need to be monitored. Information needs to flow back to manufacturers. None of this is a one-off exercise.

The third is that distributors often assume that because they did not design the product, the responsibility for product governance sits with the manufacturer. It does not. Distributors have their own set of obligations, and supervisors examine them separately.

2. The legal framework, briefly

The Level 1 obligations sit in Article 16(3) and Article 24(2) of MiFID II (Directive 2014/65/EU). They require firms that manufacture or distribute financial instruments to maintain, operate and review adequate product governance arrangements.

The Level 2 detail is in Articles 9 and 10 of Commission Delegated Directive (EU) 2017/593. Article 9 covers manufacturers. Article 10 covers distributors. They are not symmetrical, and the distinction matters because most investment firms across the EU act primarily as distributors.

Commission Delegated Directive (EU) 2021/1269 amended this framework to integrate sustainability factors into product governance obligations. Those amendments have applied since 22 November 2022.

The ESMA Guidelines on MiFID II product governance requirements (ESMA35-43-3448, published 27 March 2023) have applied since 3 October 2023. They reflect ESMA's 2021 Common Supervisory Action findings and contain illustrative examples that supervisors use as their reference point.

If you want to know what your supervisor is going to ask you about, those four documents are the starting point.

3. What the distributor framework actually requires

Article 10 of the Delegated Directive imposes a specific set of obligations on distributors. Stripped to the essentials, it asks distributors to do six things.

First, obtain sufficient information from the manufacturer about the product and the manufacturer's target market.

Second, identify the actual target market and distribution strategy for each product, taking the manufacturer's target market into account and applying their own knowledge of their client base.

Third, assess the compatibility of the product with the needs of the clients to whom the firm intends to offer it.

Fourth, ensure that the firm's distribution strategy is consistent with the identified target market.

Fifth, monitor sales to identify deviations from the target market and the distribution strategy, including sales into the grey area or the negative target market.

Sixth, provide sales information and exception feedback back to the manufacturer to support the manufacturer's product review.

Each of these is an obligation in its own right. Each of them needs to be evidenced. Each of them is what separates a product governance policy from a product governance control.

4. Where the gap usually shows up

Years of working on MiFID II product governance have taught me one thing. The challenge is rarely whether a firm has documents. The challenge is whether the firm can evidence the review.

A Product Governance Policy on its own is not the same as a product governance arrangement. The policy is the input. The arrangement is what happens when the policy meets a product universe, a client base and a calendar year.

The gap tends to show up in the same handful of places.

Governance and oversight. The policy exists, but the records of who decided what, when, and based on what information, are thin. There may be a Product Governance Committee on paper but no minutes for the reference period. There may be Board reporting in theory but no agenda item in the last twelve months. There may be a documented governance arrangement but no compliance monitoring against it.

Product universe and selection. The firm distributes a wide range of instruments, but the mapping of those instruments to product categories and risk levels is informal. There is no documented basis for which products are complex or higher-risk, and no documented basis for which products were selected for detailed review during the period.

Target market and distribution strategy. The manufacturer's target market is received and filed, but the firm's own actual target market is not separately documented. Where the firm's distribution channel materially differs from the manufacturer's typical channel, the rationale is not in the file. The distribution strategy is treated as a marketing decision rather than a product governance output.

Information flow and exceptions. Sales monitoring is generic rather than product governance specific. Deviations from the target market are not separately captured. Sales into the grey area, which sit outside the positive target market but not in the negative, are not distinguished from sales into the negative target market. Feedback to manufacturers is occasional rather than structured.

Product review and client outcomes. Reviews happen, but the connection between complaints, withdrawal patterns, suitability outcomes and the periodic product review is loose. A complaint pattern around a specific product does not automatically trigger a product review.

Compliance monitoring and Board reporting. Compliance has a monitoring plan but product governance is not on it. Or it is on it once a year, late in the period, as a tick-the-box exercise rather than a meaningful review.

None of these gaps is fatal in isolation. Each of them, on its own, is the kind of thing a firm can close in a quarter. Together, they are the difference between a framework that holds up under scrutiny and one that does not.

The point of an annual distributor self-assessment is to find each of these gaps before someone else does.

5. What the self-assessment questionnaire covers

I have published a free Product Governance Self-Assessment Questionnaire that maps to exactly those areas. It is a practical annual self-assessment tool for compliance officers, senior managers, internal auditors and anyone with product governance oversight responsibility at an EU-regulated investment firm.

It has eight sections covering: firm details and scope, governance and oversight, product universe and selection, target market and distribution strategy, information flow and exceptions, product review and client outcomes, compliance monitoring and Board reporting, and an overall conclusion and action plan.

It then has six annexes that are, in my experience, where most firms run into trouble. A product categories table. A list of products selected for detailed review with the basis for selection. A product-level review table that captures target market, distribution strategy, sales monitoring and review conclusions in one place. An information flow and exceptions register. A product review and client outcome dataset. An evidence register that links everything back to where the supporting documentation lives.

It is structured so that a compliance officer can take it, populate it over a few weeks, and end up with a defensible annual review file.

6. Who should use it, and how

The questionnaire is built for firms that act primarily as distributors. If your firm is both a manufacturer and a distributor, the template focuses on your distribution activity, and you should run a separate manufacturer-side assessment in parallel.

The way I would suggest using it.

Set a reference period. Annual works for most firms. Some firms running multi-jurisdictional or higher-volume distribution may want to do this more frequently.

Assign owners for each section. Be honest in the answers. The point of a self-assessment is to find the gaps before someone else does. A row marked "Not monitored" is more useful than a row marked "Yes" that you cannot evidence.

Use the action plan in Section 8 to close gaps. Each action should have an owner, a deadline and a status. Three months later, review where you are.

Treat the evidence register in Annex 6 as the single source of truth. If a document is listed but cannot be located, that itself is a finding.

7. A note on what the questionnaire does not do

It does not replace your Product Governance Policy. It is a review tool that sits on top of your policy framework.

It does not give you legal or compliance advice. It is a general-purpose template based on publicly available EU regulatory requirements, and it needs to be adapted to your firm's specific business model, product range and jurisdiction.

It does not cover manufacturer-side obligations in detail. Firms that also manufacture financial instruments should separately assess their manufacturer obligations under Article 9 of the Delegated Directive.

And it is not a substitute for the deeper substantive work of identifying target markets correctly, designing distribution strategies that fit those target markets, and reviewing products properly. It is a structured way to evidence and check that work.

Know what supervisors are looking for. Our seminar Practical Implementation of Product Governance covers the manufacturer and distributor framework under MiFID II, the target market assessment process step by step, and product approval and review.

Explore the seminar

Free download:The Product Governance Self-Assessment Questionnaire.

This article is based on the author's professional experience working on MiFID II product governance with EU-regulated investment firms. All regulatory references are drawn from publicly available sources. Nothing in this article constitutes legal or compliance advice. Firms should adapt the framework described to their own circumstances and seek qualified professional advice where appropriate.

Sources and references

• Directive 2014/65/EU on markets in financial instruments (MiFID II),Articles 16(3) and 24(2)
• Commission Delegated Directive (EU) 2017/593, Articles 9 and 10
• ESMA Guidelines on MiFID II product governance requirements (ESMA35-43-3448, March 2023; applicable from 3 October 2023)
• ESMA 2021 Common Supervisory Action on product governance