Back
09 December 2025

Thematic review of financial institutions’ product and service reviews

This report summarises the findings of a thematic review on how financial institutions assess their products and services to ensure they continue to meet consumer requirements and objectives.  

The report highlights good practices, common challenges, and areas for improvement across the sector. Regular, proactive reviews are essential for identifying risks early, maintaining fair treatment of consumers, and meeting obligations under the Conduct of Financial Institutions (CoFI) regime. It provides practical insights and examples to help financial institutions strengthen their approach and deliver better outcomes for consumers.

Download Thematic review of financial institutions’ product and service reviews [607KB]

Summary

A priority for the Financial Markets Authority – Te Mana Tātai Hokohoko (FMA), outlined in our 2025 Financial Conduct Report, is ensuring financial institutions proactively review products and services to confirm they align with consumers’ requirements and objectives.

When financial institutions proactively review products and services, they can identify and respond to harm or risks to consumers, and help promote improvements in the provision of financial services that meet the needs of consumers. This supports some of the key outcomes we want to see for consumers and financial markets1, including fair services, quality ongoing service, and well-informed consumers. These outcomes align with our main statutory purpose of promoting and facilitating the development of fair, efficient and transparent financial markets.

About our thematic review

We sought to understand how financial institutions carry out reviews of products and services. We asked a sample of ten deposit takers and ten insurers (the participants) to tell us about their product and service review practices. The participants we selected varied in nature, size and complexity, representing the diversity of the financial institution population.

We were pleased to see that in line with our expectations, all 20 participants confirmed they complete reviews of products and services. We saw diversity in how participants approach their reviews, and have outlined key examples in this report.

The examples shared in this report are not attributed to individual financial institutions but are included as examples of participant responses we believe to be good practice. Some examples will not be relevant for all financial institutions. Our intent is for financial institutions to consider this report then make their own determinations as to what is proportionate and useful for their business.

The findings and commentary in this report do not create new legal obligations or replace existing obligations. The report has been designed to share good practices and highlight areas of risk, to support meeting existing obligations.

What we mean by ‘Review’ in this report

Financial institutions have a duty to establish, maintain, and implement an effective fair conduct programme2 (FCP). Financial institutions need to ensure their FCP complies with the minimum requirements detailed in section 446J of the Financial Markets Conduct Act 2013 (FMC Act).

This includes providing for regular reviews of relevant services or associated products3 that are provided to consumers on an ongoing basis to determine whether they are likely to continue to meet the requirements and objectives of those consumers (when viewed as a group)4 . When we talk about ‘Reviews’ in this report, we primarily mean the actions undertaken by financial institutions to meet this minimum requirement.

Our commentary in this report centres on how Reviews support financial institutions’ compliance with this minimum requirement and, importantly, how Reviews can support the fair treatment of consumers in line with the fair conduct principle5 at the heart of the Conduct of Financial Institutions (CoFI) regime.

Summary of findings

We asked participants about their Review practices across six core themes:

  • What are the objectives of your Reviews?
  • How are they scheduled and prioritised?
  • What do you include in the scope of your Reviews?
  • Who leads and who contributes? 
  • How do you assess whether products and services meet consumer objectives and requirements?
  • How and to whom do you report your findings?

We found most participants carry out Reviews to align products and services with consumer requirements and objectives alongside prudential, commercial and other regulatory considerations. Reviews also inform decisions on enhancements or rationalisation. Some participants’ Reviews had a narrow focus and lacked a consumer lens.

Scheduled Reviews typically run on a one-to-three-year cycle, with reactive triggers for Reviews such as complaints and material changes to the product/service or its environment. Overreliance on reactive triggers or a rigid Review cycle risk missing proactive identification of issues. The best examples used dynamic, risk-based adjustments and iterative learning across Reviews.

Scope varies from narrow checklists to full lifecycle audits. Comprehensive Reviews with a consumer focus are good practice, but should remain proportionate to the size, nature, and complexity of the financial institution’s business, or they risk becoming ‘tick-box’ exercises. Participants use a mix of quantitative metrics and qualitative feedback to inform Reviews, but some participants overlook stakeholders that are relevant to consumers, such as intermediaries and dispute resolution schemes. We also saw limited recognition in Reviews of the risks posed by legacy systems and products.

Governance structures for Reviews differ. Larger participants typically use product teams and committees; smaller firms rely on compliance functions or senior leadership. It was common for governance bodies to rely on the absence of negative reporting as confirmation that consumers are being treated fairly, which is an area for improvement. Tracking of actions from Reviews is strongest where ownership, reporting systems, and escalation criteria are clear. Communication to consumers is inconsistent; only some participants reported having a structured, proactive strategy.

Next steps

We encourage all financial institutions to consider the commentary, examples and key takeaways in this report in the spirit of informing continuous improvements to their approach to fair treatment of consumers.

As part of our supervisory activity, financial institutions can expect proactive reviews of products and services to be a continued area of interest for the FMA.

1 Outcomes-focused regulation [1.6MB]

2 section 446G, FMC Act

3 section 446F, FMC Act

4 section 446J(1)(b)(iv), FMC Act

5 section 446C, FMC Act

 

Findings

Purposes and objectives of Reviews

We asked participants to explain the purposes and objectives of their Reviews. Our expectation is that consumer requirements and objectives are explicitly considered, and most responses reflected this. We recognise Reviews may also serve prudential, commercial or other considerations. A consumer-outcomes lens can complement, and need not exclude, other Review objectives.

Responses cited a range of reasons for Reviews, including:

  • Assessing whether products and services meet consumer requirements and objectives.
  • Checking whether products and services are performing as expected, and identifying issues.
  • Informing decisions on enhancing, rationalising or removing products and services.
  • Assessing whether distribution methods for products and services remain fit for purpose.
  • Identifying and managing risks, including compliance with the fair conduct principle.
  • Meeting other relevant legal and regulatory obligations.
  • Ensuring products and services remain commercially viable and align with strategy and/or risk appetite.
  • Reflecting on market needs and competitiveness.
Spotlight – good practice

The purposes and objectives of an insurer’s Reviews are to assess whether its products are aligned with its strategy and product principles, remain fit for purpose and suitable for meeting the needs of customers, continue to deliver fair outcomes for customers and are appropriate for the intended customer portfolio, and to identify emerging risks and issues.

A common Review objective was meeting relevant financial institution licensee obligations and providing compliance assurance. Many responses referred to specific financial institution licensee obligations, including FCP minimum requirements, particularly around timely enhancements or improvements to relevant services or associated products.6

Given the intent of an FCP is to ensure the financial institution’s compliance with the fair conduct principle, it was positive to see reference to the fair conduct principle in the purposes and objectives of many participants’ Reviews.

Key questions to consider
  • How can your Reviews support the fair treatment of consumers?
  • Are consumer requirements and objectives given explicit consideration in the purposes and objectives of your Reviews?

6 section 446J(1)(b)(v) and (vi), FMC Act

 

Review scheduling and prioritisation

Review cadence

We asked participants how they schedule and prioritise Reviews. Most timetable Reviews in advance. A clear schedule gives confidence Reviews are being completed in line with financial institutions’ policies and controls.

The most common Review frequency reported was one to three years. Factors influencing Review frequency included the participant’s risk rating of the product or service, whether the product was on- or offsale, and product or service characteristics such as complexity and number of customers.

Financial institutions should determine a Review schedule that is fit for purpose for their business. We encourage financial institutions to periodically assess their Review schedule as it may be appropriate for this to change over time.

Many participants complete ‘post-implementation’ Reviews for new or materially changed products and services, usually within 12 months of launch, and sometimes with a more targeted scope. These Reviews enable financial institutions to monitor new or altered products and services more closely until confident they are working as intended.

Spotlight – area of risk

Off-sale (not open to new consumers) or legacy products present different, and often greater, risks to the fair treatment of consumers. We found off-sale products and services were Reviewed less frequently than on-sale products and services. Reviewing off-sale products and services less frequently risks conduct issues going undetected, especially where consumer interaction with the product or service is infrequent, as it is less likely issues will be surfaced by consumers.

The FMA’s enforcement activity under Part 2 of the FMC Act (fair dealing) has frequently involved off-sale or legacy products. Regularly scheduled Reviews help prevent issues that lead to consumer harm and enforcement action.

Risk-based Review scheduling

Many participants take a risk-based approach to scheduling Reviews, where the cadence reflects product or service risk factors. Examples of risk factors include:

  • Characteristics of the product or service, such as complexity, attributes, alignment to target market, and distribution method (including associated distribution risks).
  • Consumer impact and exposure, such as number of customers holding the product or service, customer profile and vulnerability characteristics.
  • Volumes and trends of complaints, issues and risks; the presence and nature of remediation activity relating to the product or service.
  • Nature and significance of findings from previous Reviews.

We support this approach as it assists in the timely identification and management of risks. It may be particularly relevant for financial institutions with a large or diverse range of products and services, where prioritisation and agility may be more necessary.

Spotlight – good practice

A deposit taker’s Review process is iterative. After each Review, identified risks are documented and tracked. These findings directly inform the scheduling and scope of subsequent Reviews. This approach ensures the Review cycle is dynamic. Products with higher or newly identified risks are brought forward in the Review schedule, while lower-risk products may remain on a standard cycle, enabling the deposit taker to manage both risk and operational factors. This continuous feedback loop helps carry insights gained in previous Reviews into the planning and execution of future Reviews.

Reactive Reviews

We asked participants about circumstances in which a Review would be completed out of schedule (reactive Reviews). We consider it good practice to have a documented approach to reactive Reviews.

Triggers for reactive Reviews described by participants include:

  • Material changes to product/service design, pricing, or distribution.
  • Feedback or complaints from customers, distributors, and other internal/external stakeholders.
  • Identification of material conduct risks or issues.
  • Insights from product or risk monitoring, e.g. utilisation, lapse rates, indicators outside tolerance.
  • Changes to processes, systems or technology.
  • Shifts in business strategy or risk appetite; mergers and acquisitions.
  • Changes in the macroeconomic environment or competitor behaviour.
  • Changes in the regulatory environment, including new or updated regulations, guidance, or enforcement 
    activity.

For many participants, reactive Reviews are triggered by indicators monitored on an ongoing basis. Ongoing monitoring7 of products and services supports the timely identification of risks and issues. Findings from completed Reviews can also trigger Reviews of other products and services, revealing broader risks or issues.

Spotlight – area of risk

A small number of participants only complete reactive Reviews, with no regular Reviews scheduled in advance. This risks indefinite delays if no triggers occur and may not meet the requirement that FCPs provide for ‘regular’ Reviews8. A good approach is to maintain a minimum Review period for all products and services.

Key questions to consider
  • How often do you complete Reviews for your products and services, and does this change over time?
  • Are there circumstances that would trigger a reactive Review?
  • How do you identify and monitor emerging risks and issues relating to your products and services, including for off-sale or legacy products? How does this inform your approach to Reviews?

Scope of Reviews and resourcing

We asked participants about the scope of their Reviews and how it is determined. Responses varied, but common themes include:

  • Consumer sentiment and experience, including feedback, complaints, retention insights, and clarity of communications.
  • Alignment of distribution strategy.
  • Performance of product or service features; enhancements planned or completed since the last Review.
  • Performance indicators such as claims ratios, utilisation, and lapse or delinquency rates.
  • Management of conduct, operational, credit and strategic risks, and assurance of regulatory compliance including CoFI obligations.

Some participants have a standard scope for Reviews. Others adopt flexible or targeted approaches, such as reactive or post-launch Reviews. Review scopes are often tailored to characteristics such as the product or service’s risk profile or performance data.

Spotlight – good practice

The scope of an insurer’s Reviews includes an assessment of the product against the insurer’s product design principles, how consumer needs align with the description and features of the product and its intended purpose, the product’s risk rating and strategy, financial and claims performance, complaints and feedback, and key areas of the product lifecycle such as sales and underwriting (examined from the perspective of both the consumer experience and the staff experience).

It is important to consider how consumers experience products and services. Even if the characteristics of a product or service meet consumer requirements and objectives, issues with distribution or administration – such as outdated or incomplete marketing collateral – can affect suitability. Many participants considered the full product or service lifecycle in Reviews, which meant they could identify and address risks from design through to distribution.

Spotlight – area of risk

Incentives9 can pose risks to consumer interests, such as by increasing the risk consumers will be sold a product or service that does not meet their needs. Some participants considered incentives in the scope of Reviews, focusing on compliance with CoFI incentive regulations10. A minority of participants include incentives in Reviews as part of managing conflicts of interest. We expect financial institutions to design and manage incentives to mitigate or avoid adverse effects on the interests of consumers11, and encourage financial institutions to consider how Reviews can support this outcome12.

Capability, resourcing, and external support

We asked whether Reviews assess staff and intermediary capability and capacity, as this is an important aspect of delivering products and services as promised. Most participants assess staff capability through observational reviews, audits, feedback and training or onboarding programmes. We look for financial institutions to have sufficient oversight to ensure gaps in knowledge and practice, once identified, are closed.

Spotlight – area of risk

Where intermediaries are used, they have a key role in ensuring good outcomes for consumers. Not all participants that use intermediated distribution channels consider intermediary capability in the scope of Reviews. Poor consumer outcomes may occur if intermediary capability is lacking, for example, consumers receiving products and services that are unsuitable for their needs. We recommend financial institutions consider how intermediary capability is assessed, through the lens of ensuring products and services continue to meet consumer requirements and objectives.

Some responses raised questions about whether the participant had adequate financial and human resources to complete Reviews. It is important that adequate resourcing is available for Reviews. Resourcing challenges may be present at smaller financial institutions, where staff often have a broader range of responsibilities. However, larger financial institutions are not immune. For example, an overly high frequency of Reviews may lead to a ‘tick-box’ approach or operational risks such as staff fatigue if resourcing is insufficient. Financial institutions may find value in integrating Review scheduling with wider business planning.

Some financial institutions may not have the internal capability for certain aspects of Reviews, and instead use external support such as legal counsel, auditors, actuarial support, reinsurers, industry associations, and IT/technology partners. Importantly, financial institutions remain responsible for compliance with FCP obligations where functions are outsourced13. Smaller financial institutions may find our FCP information sheet for smaller firms helpful, which includes commentary on the use of external support.

7 FMA commentary on the use of conduct risk indicators can be found in our FCP information sheet, our FCP information sheet for smaller firms, and our joint FMA/RBNZ Conduct and Culture reviews of banks and insurers.

8 section 446J(1)(b)(iv), FMC Act

9 section 446M, FMC Act

10 sections 446K to 446M, FMC Act

11 section 446J(1)(i), FMC Act

12 Additional commentary from the FMA on sales incentives under the CoFI regime can be found in our Sales incentive FAQs

13 Standard Condition 4, Standard Conditions for financial institution licences

 

Systems and technology

We asked whether participants’ Reviews assess the capability of their systems and technology to deliver the product or service. Responses varied: some participants assess core systems and/or consumer selfservice portals in the scope of Reviews, others integrate assessments throughout the product and service lifecycle or carry out standalone reliability and user experience testing. The extent to which external services were needed to conduct assessments of systems and technology also varied.

Regardless of how assessments of systems and technology are scheduled and carried out, they are an important factor in understanding how consumers experience a product or service, and whether consumer requirements and objectives are being met.

Spotlight – area of risk

As noted in our Financial Conduct Report, risks in the deposit taking and insurance sectors remain from reliance on legacy technology, systems, and manual controls and processes, as well as inadequate staff training. Failures in systems and technology have led to consumer harm in the past. Proactive detection and swift correction of issues is important to mitigate these risks.

Complaints and feedback

We asked participants how complaints are considered in Reviews. As noted in our complaints info sheet, complaints can offer important insights into what is and isn’t working well. Most participants consider complaint trends and themes on an ongoing basis, not just when Reviews are completed.

Spotlight – good practice

An insurer’s Reviews include analysis of complaints received regarding the specific product or group of products. Complaint volume (including change in volume) and themes are analysed to identify trends. Findings from complaint analysis are shared with the wider business via dashboards and regular reporting. Complaints data also informs the risk rating of the insurer’s products, which then informs the frequency and depth of Reviews for each product.

Financial institutions may also consider how complaints or feedback from staff, intermediaries or other stakeholders can be used in Reviews. Seeking feedback proactively from stakeholders involved in the design and distribution of products and services can provide valuable insights into the product or service’s performance. Dispute resolution schemes were an overlooked source of information; we consider them a valuable resource for insights about the consumer experience of products and services.

Key questions to consider
  • Do your Reviews consider the consumer experience of your products and services across the entire product or service lifecycle?
  • How do your Reviews consider feedback and complaints from consumers, staff, and intermediaries?
  • Do your Reviews assess how your staff, intermediaries, systems, and technology support the delivery of your products and services to consumers?

Requirements and objectives of consumers

We asked participants how their Reviews determine if their products or services are likely to continue to meet the requirements and objectives of consumers (when viewed as a group).

  • Participants consider a wide range of information, including a mixture of quantitative and qualitative factors, when assessing consumer requirements and objectives and whether products and services remain suitable. These include:
  • Consumer feedback from channels like net promoter score data, customer forums, and surveys.
  • Consumer/behavioural research and testing.
  • Market and competitor analysis.
  • Assessing the performance of the product or service, such as by assessing the price, value, or product benefits/rules.
  • Usage metrics such as sales and conversion rates, persistency/retention/cancellation data, claim or loss ratios, lapse or delinquency rates.
  • Trends and themes from complaints, issues or incidents.
  • Feedback from other stakeholders such as staff (particularly frontline staff) or distributors.

For financial institutions to be satisfied that products or services continue to meet the requirements and objectives of consumers, those requirements and objectives must first be understood. We encourage financial institutions to approach this as an ongoing process in which regular Reviews play a part.

Spotlight – area of risk

Consumer characteristics, behaviour, requirements and objectives evolve. Several participants indicated suitability was assessed as a point-in-time consideration, often at the design stage. Providers should consider how the design and delivery of products and services meet consumer requirements and objectives as they change over time.

Other participants described ongoing monitoring of indicators to support confidence in ongoing suitability. For example, if indicators relating to usage such as loss ratios or delinquency rates remain within expected ranges, this could be taken as one indication the product or service is performing as expected.

Consumers in vulnerable circumstances

Most participants referenced consumer vulnerability in their responses, referring to specific policies, processes or frameworks. We recognise vulnerability is contextual to individual consumer circumstances, but in relation to completing Reviews, it is important to consider whether groups of consumers have (or are likely to have) characteristics of vulnerability that may impact how the consumer group’s requirements and objectives are assessed.14

Spotlight – good practice

A deposit taker’s approach to Reviews integrates customer vulnerability and accessibility considerations, requiring those completing Reviews to document support for customers experiencing vulnerability and to propose enhancements where needed.

Determining a target market for products and services

We asked whether participants identify a target market for their products or services15. Identifying who products and services are intended for demonstrates understanding of consumers and can help show how products and services continue to meet consumers’ requirements and objectives.

Most participants identify a target market at the product or service design stage, and/or as part of a Review to ensure the target market remains relevant. Some participants use formal templates to describe target markets, while others embed target market considerations in aspects of the product/service lifecycle.

Spotlight – good practice

A deposit taker’s Review process requires an explicit articulation of who the product is for, what needs it meets, and any eligibility or suitability criteria. This clarity enables the deposit taker to better assess whether the product continues to deliver fair outcomes for its intended consumers and whether any changes in the product, its use, or its environment leave groups underserved.

Examples of target market descriptions include eligibility or suitability criteria, consumers for whom the product or service may not be suitable, and whether alternative products or services offering greater benefits are available.

Key questions to consider
  • Who are your products and services intended for?
  • How do you understand the requirements and objectives of your consumers? Do your consumers’ requirements and objectives change over time?
  • How does your approach to Reviews help you identify and respond to the requirements and objectives of consumers in vulnerable circumstances?

14 More commentary on the FMA’s expectations for financial service providers with respect to consumers experiencing vulnerability can be found in our information sheet Consumer vulnerability – our expectations for providers.

15 Additional commentary from the FMA on target markets can be found in our Financial Conduct Report.

 

Roles, governance and reporting

Roles and responsibilities

We asked which functions lead Reviews and who contributes to them, including external parties. Larger or more complex financial institutions tend to have dedicated product teams responsible for leading Reviews. Smaller financial institutions more commonly rely on risk and compliance functions or senior leadership. Many participants use governance structures and documented standards to define roles and responsibilities.

As noted in our FCP information sheet, FCP minimum requirements call for clearly defined roles, responsibilities and accountability arrangements for identifying, monitoring and managing risks associated with conduct that fails to comply with the fair conduct principle. Financial institutions with defined roles and responsibilities for Reviews will likely have greater confidence in meeting licensee obligations and applying the fair conduct principle.

It was pleasing to see most participants engage a wide range of internal and/or external stakeholders to contribute to Reviews. We encourage financial institutions to consider the scope and objectives of Reviews to assess stakeholder involvement, as this may vary. For example, stakeholder requirements for a postlaunch Review may be different to stakeholder requirements for a reactive Review.

Most Reviews include staff feedback with varying degrees of formality, gathered through surveys, team meetings, and direct input from distribution units. Proactively seeking feedback from staff often serves as an early warning for risks.

Intermediaries were not routinely engaged as contributors to Reviews, despite being a valuable source of feedback on product and service performance. There is an opportunity for financial institutions that use intermediaries to proactively seek their input to strengthen Reviews.

Reporting, escalation, and the role of the board or governing body

We asked how the outcomes and actions from Reviews are communicated internally, to boards or governing bodies, and to the FMA.

Many participants have structured governance frameworks that inform how Reviews are communicated internally and externally. Some participants (commonly large or complex financial institutions) have product governance committees that are responsible for oversight and decision-making, while others rely on existing frameworks and committees such as risk committees and executive forums. Some use crossfunctional groups including risk, compliance, legal, actuarial, product, and customer experience or customer-facing teams.

Board involvement varies. Larger entities often rely on management-level committees to oversee Reviews, with escalation to board-level committees when material issues are identified. Smaller institutions tended to involve their boards more directly. Most participants described consistent escalation triggers such as material conduct risks, regulatory breaches, systemic complaints, and significant changes to product design or distribution. It was positive to see processes for escalation to the board and to the FMA where a material conduct risk or issue had been identified. This supports the minimum requirements for FCPs relating to regular and comprehensive reporting to the governing body about conduct risks and failures to comply with the fair conduct principle.16

Spotlight – area of risk

Many participants did not report to their board or governing body on the completion or results of Reviews. We expect the boards or governing bodies of financial institutions to have oversight and take accountability for compliance with their licence obligations and FMC Act requirements. Governing bodies should not rely on the absence of negative reporting as confirmation that consumers are being treated fairly and licensee obligations are being met. Financial institutions may wish to consider whether additional reporting to their board or governing body – such as reporting on whether Reviews have been completed to schedule and/or commenting on themes and findings of completed Reviews – could provide positive assurance of fair consumer treatment and compliance with financial institution licensee obligations.

Communicating Review outcomes to consumers

We asked how Review outcomes and resulting actions are communicated to consumers. Participants report using various channels such as email, customer app notifications, website updates, branch notices, and direct mail.

Some participants demonstrated mature communication strategies tailored to the nature and impact of Review outcomes on consumers. Larger financial institutions have more formalised approval processes, while smaller entities rely on direct coordination between leadership and marketing teams.

However, some participants did not notify consumers before implementing changes, and many lacked clarity on how they determine who is ‘impacted’ or selected for communication strategies. Financial institutions should consider formal processes for determining when Review outcomes should be communicated and to whom, not only for changes to product features or benefits, but also for distribution or administration changes that may affect suitability.

Communicating Review outcomes in a timely, clear, concise and effective manner17 is an opportunity to strengthen consumer trust in financial institutions and help consumers make informed decisions about products and services. Other stakeholders such as intermediaries would also benefit from timely and proactive communication about Review outcomes, given their role in ensuring good consumer outcomes.

Actions arising from Reviews

Some participants reported a structured approach to tracking and implementing actions from Reviews, including assigning owners, monitoring progress, and reporting through to closure. Many have clear processes for tracking and delivering actions arising from Reviews, often using systems such as risk and incident management platforms to support the tracking and delivery of actions or product enhancements.

Management committees play a key role in overseeing Review actions, often receiving monthly or quarterly updates, which enables overdue actions to be identified. The FMA encourages financial institutions to consider not only whether actions from Reviews are implemented, but also their effectiveness.

Key questions to consider
  • Can you articulate clearly defined roles, responsibilities, and accountability arrangements for your Reviews – including oversight and accountability by your board or governing body?
  • How do you know actions arising from a Review are completed as required?
  • How do you know when the outcome/s of a Review should be communicated to consumers, or other stakeholders such as intermediaries?

16 section 446J(1)(c)(iii), FMC Act

17 section 446J(1)(j), FMC Act

Related

Media release: FMA releases thematic review on financial institutions’ product and services reviews