Blog

Over my 20+ years leading product growth teams—and spending the last decade deep in the governance trenches working with product, regulatory and compliance teams—I've learned something crucial: the best teams don't treat governance as a separate function. They build it into their operating system.

With ASIC's 25% increase in investigations this year, this distinction matters more than ever. ASIC's enforcement priorities and enforcement record demonstrate that the regulator is targeting organisations that lack clear visibility into what's happening with their products, what their design intent is, and whether they have practices in place to continually identify vulnerable customers or act on problems before customers get hurt.

Here's what I've learned works: governance isn't about perfect documentation or awless processes. Its abou the execution - operational visibility and accountability.  It's about being able to answer questions without scrambling to piece together a narrative across fragmented systems.

In this article, I'm sharing three foundational practical actions that create the operational foundation for defensible product governance:

1. How to establish and maintain a foundation product register/catalogue
2. Why your product design intent document is your first line of defence
3. How to implement effective product monitoring that catches problems early

These aren't theoretical frameworks—they're the operational building blocks that create real compliance muscle and make governance systematic, not heroic.

With a 25% increase in investigations and 23% uptick in civil enforcement action last year, the regulator is backing its priorities with real enforcement muscle. Whether you're running product growth, managing product governance, overseeing compliance obligations, or leading product strategy, this is your regulatory landscape for the next 12-24 months.

The enforcer's targeting is clear: poor product design, inadequate product monitoring, failures in complaints handling, distribution outside target markets, and systemic governance breakdowns. The consequences are real—high penalties, director accountability, court action, and criminal prosecution where warranted.

ASIC 2026 Priorities 

• Misleading pricing practices impacting cost of living for Australians
• Poor private credit practices
• Financial reporting misconduct including failure to lodge financial reports
• Misconduct exploiting consumers facing financial difficulty including predatory credit practices
• Continuing our work to hold those responsible to account for the collapse of the Shield and First Guardian Master Funds
• Claims and complaint handling failures by insurers
• Unlawful practices seeking to evade small business creditors
• Holding super trustees to account for member services failures
• Strengthening investigation and prosecution of insider trading conduct
• Auditor misconduct

Enduring priorities

• Misconduct damaging market integrity including insider trading, continuous disclosure breaches and market manipulation
• Misconduct impacting First Nations people
• Misconduct involving a high risk of significant consumer harm particularly conduct targeting financially vulnerable consumers
• Systemic compliance failures by large financial institutions resulting in widespread consumer harm
• New or emerging conduct risks within the financial system
• Governance and directors’ duties failures

*ASIC 2026 Enforcement Priorities available here

The challenge most product, governance and compliance teams face is fragmentation.  Product data lives in multiple systems or spreadsheets.

Monitoring obligations are scattered across different teams and tools. Performance data isn't often linked to design intent. Complaints or claims handling data isn't systematically feeding back into product decisions. And when questions are asked, teams are often scrambling to piece together a narrative from fragments.

That's the gap we're going to close. Here are three practical things your product governance team should prioritise.

1. Establish and Maintain a Product Register/ Catalogue

Your product register is the foundation of product governance compliance. It's not optional—it's foundational. That starts with knowing what you have.

A definitive register where every product is governed, documented and tracked. This isn't a marketing spreadsheet. It needs to capture design intent, target market determinations, distribution channels, key design features, performance thresholds, review dates, and ownership. It needs to be versioned and auditable. The ability to produce a clear, complete product register is the foundation of any governance assessment. If you can't show what products you manage and why they're designed that way, your governance has a critical gap.

How Skyjed helps: Skyjed's product lifecycle platform centralises your product register. You capture product metadata once—design intent, target market, distribution approach, business rules—and it becomes the hub that every other function references. When you need to run monitoring against design intent, you're comparing actual data to versioned auditable documented design.

2. Conduct Regular Product Monitoring Reviews in Accordance with Your Obligations

Product monitoring isn't an annual tick-box exercise. Under the design and distribution obligations (DDO) regime and ASIC's enforcement focus, you need systematic, ongoing continual monitoring that compares actual product performance against design intent. And you need to document what you found and what you did about it.

ASIC's 2026 enforcement priorities highlight failures in product monitoring and complaints handling. ASIC's enforcement record shows they're targeting organisations that lack visibility into whether problems are being caught early—and crucially, whether they're acting on what they learn. When organisations have visibility into problems but don't act, enforcement follows.

That's a critical distinction. It's not just about having monitoring processes; it's about demonstrating a closed loop: monitor → identify → act → report.

What you're monitoring for: Your monitoring program needs to track against your design intent.  

Start with the fundamentals: Is the product reaching its target market? What are actual customer outcomes versus projected outcomes? Are complaints clustered around specific distribution channels or customer demographics? Are certain product features causing systematic problems? Is there evidence of poor value delivery?

Then focus on design compliance:

• Are claims being handled fairly and within design parameters?
• Are members/customers dropping out at rates that suggest design failure?
• Are service disconnection notifications being issued with the required notice period in accordance with your regulatory obligations?
• Are financial hardship support options being communicated to vulnerable customers as designed?
• Are product claims in your marketing materials (network coverage, sustainability, service quality, pricing) being systematically validated against actual performance data?
• Are complaint resolution timelines being met consistently?

These aren't philosophical questions—they're measurable, trackable metrics that regulators expect to see in your monitoring dashboards.

When enforcement action occurs, it's often because companies can produce the individual transactions (a notice was sent, a hardship conversation happened) but can't produce the systematic monitoring showing whether this was happening consistently across the customer base. Recent enforcement actions across telecommunications and financial services show this pattern.

Where most teams struggle: Product governance professionals often inherit monitoring frameworks that are fragmented. Complaints data doesn't link to product performance data. Distribution data isn't mapped to outcomes data. Monitoring happens in silos—actuarial team has one view, customer service has another, compliance has a third. When problems emerge, there's no clear connection between what monitoring revealed and what action was taken.

How Skyjed helps: Skyjed's reporting and analytics layer pulls product performance data, complaints data, distribution data, and customer outcome data into structured monitoring views. Your team sets monitoring rules—"alert me if complaints for Product X exceed X% of monthly sales," "flag if member outcomes fall below projected by more than 10%," "alert when distribution outside our target market is X%." Monitoring runs automatically. When issues surface, they're logged in the platform, triggering action workflows. Your compliance team can demonstrate that monitoring identified a problem, that it was escalated to the right owner, that corrective action was taken, and when. That's the audit trail regulators want to see.

3. Identify and Systematically Monitor Strategic Risk Areas

This is where the product governance team earns its place at the table.

Not every product poses the same risk. Your role is to use data and judgment to identify which products, distribution channels, or customer segments warrant closest attention—and then build monitoring intensity accordingly.

ASIC's enforcement priorities highlight specific failure modes: claims handling delays and poor practices in insurance; systematic erosion of superannuation balances; misconduct exploiting superannuation savings; poor distribution of products outside target markets. These aren't random problem areas—they're places where ASIC has seen systemic failures that can cause consumer harm.

Your job is to identify the equivalent high-risk areas specific to your organisation's product portfolio.

Strategic areas to consider: Start by mapping your products against ASIC's enforcement priorities. Do you have insurance products? Then claims handling is a critical monitoring area—document your process for handling claims within design parameters, track decision timelines, monitor appeal rates and reversal rates. Do you distribute into superannuation? Then monitor for member service failures, systematic balance erosion, and engagement with financial hardship. Do you have credit or lending products? Then track credit management practices, hardship handling, and complaints patterns. Do you distribute through financial advisers or brokers? Then monitor for suitability issues and target market compliance. Do you have sustainable finance or ESG products? Then monitor for greenwashing risk—are actual investment decisions matching what's documented in your Product Disclosure Statement?

How Skyjed helps: Skyjed lets you build risk-segmented monitoring. You can set different monitoring cadences and thresholds by product, distribution channel, or customer segment. You can build custom monitoring dashboards for high-risk areas—specific views for claims handling performance. You can set up alerts that notify your team immediately when key risk indicators trigger, not quarterly when you review the data. And critically, you can generate compliance reports that show monitoring activity and outcomes—proof that you are monitoring these high-risk areas actively and systematically.

Bringing It Together: Why Fragmentation is Your Real Risk

The three actions above sound straightforward. But they only work if they're connected. A product register without active monitoring is just documentation. Monitoring without systematic action is just noise. High-risk area identification without resource allocation behind is just theatre.

The pattern across enforcement actions is consistent: individual transactions happened (a notice was sent, a claim was processed, a customer was contacted) but there was no systematic monitoring view showing whether this was happening consistently.

When regulators ask for evidence of monitoring around whether service notifications met the required notice period, or whether network coverage claims matched actual performance, often companies couldn't produce it. Not having systematic visibility into whether your governance is working in practice—is what triggers enforcement action.

This fragmentation is also your operational risk. Your team is probably spending enormous effort on manual processes—pulling data from different systems, reconciling product versions across different registers, manually checking distribution against target markets, building monitoring reports in Excel.

Product governance compliance professionals are responsible for demonstrating that your governance is working in practice. This means you need visibility into product performance. You need speed in identifying problems. You need confidence that when monitoring flags an issue, it gets actioned. You need documentation that supports your oversight.

That's what a product governance platform does: it gives you the foundation (the product register), the visibility (active monitoring), and the speed and audit trail that make the system work in practice.

Getting Started

Don't try to fix everything at once. Start here:

Priority 1: Audit your current product register. List every product you manage or distribute.
Priority 2: Map your products to your target market design and monitoring obligations. What data would you need to demonstrate you're monitoring it systematically? Where is that data today? What's missing? Start with what you have available and build the capabilities for the entire portfolio.
Priority 3: Connect your register to your monitoring. When a complaint comes in or a monitoring metric flags an issue, can you trace it back to the parameters of the product design intent? If not, that's your next priority to address.

The teams that move on this aren't trying to build perfect systems overnight. They're identifying the operational gaps today and addressing them systematically. That's what defensible governance looks like.

Skyjed helps manage product governance systematically. Our platform centralises product data, automates monitoring, and gives product leaders across growth, compliance, and governance the visibility and speed they need to catch problems early and demonstrate governance working in practice. If you're building or strengthening your product governance capabilities, let's talk about how Skyjed can help.

Ready to assess your governance maturity?

Contact Skyjed for a complimentary Product Lifecycle Governance Maturity Assessment with a customised scorecard to:

• Benchmark maturity across four critical dimensions
• Identify where gaps are costing competitive advantage
• Map quick wins that unlock immediate value

About Skyjed

Watch our 30 second Skyjed Overview video here