When we speak with Australian-based financial institutions about their product governance, the conversation typically flows swiftly from design and distribution obligations to product value chain risk management, and then from governance committees to risk and control management; but the conversation can stall as we dive deeper into the ecosystem needed to provide real and meaningful support to the evolving product governance expectations.
In our view, product governance is the core to running a sustainable business. A business's products are its connection to customers, its offering to the market and the heart of why the business exists. Product governance should be a fundamental component of sound business management.
Throughout the product value chain, processes should ideally be customer-centric, with the customer being considered in all phases – product ideation, design, manufacture, implementation, distribution, maintenance through to closure and removal from the market.
In recent years, product governance has attracted heightened attention given a nudge from Banking Royal Commission findings and resulting regulatory changes. Whilst there has been growing focus on getting the basics right, leading financial institutions want to future-proof and assess the adequacy of their product governance more holistically.
Key considerations for financial services institutions
We provide some considerations for industry players when reviewing the adequacy and effectiveness of their product governance ecosystem, bearing in mind that there may be nuances across the industry.
Some key components to consider when reviewing your current product governance ecosystem:
Risk and compliance professionals would appreciate that having a framework consisting of governance committee(s), product value chain policies, standards, guidelines, handbooks and other artefacts does not necessarily guarantee compliance or continual relevancy of requirements.
Periodic monitoring of business adherence to policy requirements and testing the effectiveness of the policy and associated documents are equally important. Monitoring can take place in various forms. For example, testing in the form of sampling, surveillance and or interviews are some methods to consider depending on your objectives.
Testing results can be reported in an aggregated form as thematics or by business unit. Observations can also provide indications as to whether policy requirements or standards need to be adjusted. These can then feed into a periodic review of policy requirements which assesses latest regulatory changes, industry body practices, community expectations, competitor benchmarks, other relevant policies and internal stakeholder feedback can all help to ensure the policy and its associated suite of documents remain fit-for-purpose.
Financial institutions often have legacy systems that are costly to maintain, upgrade or integrate. Due to this, systems are often siloed and can sometimes show different data outputs from other systems. It would be helpful for the organisation’s central risk and compliance repository to be product-centric so that incidents, issues, actions and remediations are mapped by product.
Relevant risk taxonomies and risk ratings should also be mapped against the products value chain. This will enable businesses to identify high risk areas within the product value chain against their risk appetite, assess control adequacy, review end-to-end processes and make timely business-decisions. Data from this single source of truth should then be ingested into one dynamic reporting tool that has dashboards that are easily customisable by business stakeholders.
Having a single reporting tool may also help some large organisations reduce mismatch of data between departments.
Large organisations generally have a plethora of product-related data and can, over time, face problems from information overload.
Agreeing on the purpose, objective and audience of the product governance-related reports are critical first steps which can often be overlooked. Doing this will help determine appropriate data extraction parameters, the ‘so-what’ message, data presentment and granularity. For example, depending on the forum, pictorial illustrations and infographics of risks across the product value chain can be very effective in making a statement in the body of the presentation, whilst detailed analysis can be inserted as part of the appendix, and referenced when questioned.
Good reporting often starts with good housekeeping. This means having product information that is clear and readily accessible. For example, organisations should at the very least have a master product list which includes a list of all products by owner, status, target market, manufacturer, distributor(s), jurisdiction(s), features, product modification dates, product review due dates and risk-ratings.
Periodic reviews on the health of all products and its supporting infrastructure, can provide useful insights around what’s working well, improvement opportunities and risks that are tracked until they have been addressed.
Organisations often attribute innovation to building new infrastructure and new interfaces, which may unintentionally add new processes and complexities to the existing end-to-end product value chain. Instead, businesses can consider reallocating resources to streamline and enhance operational processes, improve efficiency, reduce costs to serve and enhance customer experience.
A periodic review of upstream and downstream product-related processes can be performed in tandem with the business’ periodic risk and control assessment. This is because the review on control adequacy and effectiveness may also identify potential improvement opportunities to business processes. Innovation can also take place in the backend, for example, simplifying product offboarding, standardising remediation procedures and semi-automation of reconciliation activities, can result in a reduction of human processing errors and improvement in customer satisfaction.
Governance of products should therefore include oversight of whether product processes are streamlined, nimble and able to quickly adapt to changing customer and business needs.
In recent years, there has been increased scrutiny on ensuring product governance practices are uplifted, so with that came a shortage of product governance specialists. Financial services organisations may have had to recruit former product managers, seasoned first line risk and compliance specialists or governance specialists from other industries to establish a new product governance team. Some may have also sought external consultants who have local and overseas expertise to help fill the knowledge gap. As the product governance field continues to evolve, so do the skillsets and responsibilities. Below are some skillsets to consider when building a product governance team:
- The ability to identify and synthesise product risk areas, trends, thematics and provide recommendations to the leadership team.
- An understanding of product complexities, operational dependencies, pricing methodologies and processes.
- Understanding of relevant legislation, regulations, standards and governance protocols.
- Experience in the translation, communication and implementation of relevant regulatory changes and policy requirements into the product business within a reasonable timeframe.
- A customer-centric mindset.
- Ability to design, implement and uplift product compliance monitoring plans.
External pressures may have also caused organisations to shift their mindsets in respect to the underlying drivers for new product launches or product modifications. This means some organisations may need to penetrate long-standing internal agendas between departments, and in turn operate as one collective unit by putting customer needs as the top driver for product development.
Businesses can also consider readjusting the basis and weightings for product performance reviews, for example there could be greater emphasis on product quality from a reduction of incidents, issues, complaints and remediation as well as customer feedback from product uptake, loyalty and referrals.
Regulators have also been keen to understand how organisations manage non-financial risks, in particular conduct risk. Businesses that have once brushed over unintentional human errors may need to reassess whether such behaviour constitute a regulatory breach of misleading and deceptive conduct.
Similarly, businesses that may have once led successful marketing and sales campaigns through pricing activities and membership benefits may now be under intense pressure to demonstrate and monitor customer fairness and transparency. Such businesses may need to reassess whether their existing sales practices are over influencing buyers and whether disclosures are easy to access and understand for clients and other relevant stakeholders.
One way to achieve this is to co-create product sales processes with customers, for example organisations can consider inviting customers into workshops to discuss how customers interpret product sales information, how to improve communication and other sales-related area that should be adjusted to improve overall customer experience and satisfaction.
Where to next?
The considerations mentioned above are not exhaustive but rather topics that can generate further discussion. As a team of specialists, we remain attentive to industry and regulatory changes that are directly and indirectly related to product governance. We welcome the opportunity to discuss leading practices and ways to ensure you have a robust product governance ecosystem.
Save, Curate and Share
Save what resonates, curate a library of information, and share content with your network of contacts.
Find out more
Regulatory changes predicted to impact the market bringing additional focus on the risk environment and risk management practices for General Insurers
General Insurance key areas of regulatory change, risk management and preparation in 2022.