Writing

MiFID II: does this product suit this person

Suitability is not about whether a product is sound. It is about whether it fits the particular person being sold it, and that makes the rule a match, not a check.

Enso Intelligence · Dhaka/June 19, 2026 · 5 min

A sound product can still be wrong

Most compliance checks ask whether a thing is acceptable in itself. Is this transaction permitted, is this document compliant, is this party clear. Suitability asks something subtler. Under MiFID II, when a firm gives investment advice or manages a portfolio, it must ensure the product it recommends is suitable for the specific client, judged against that client's knowledge and experience, their financial situation and capacity for loss, and their investment objectives and risk tolerance. The striking part is that a product can be entirely sound, well constructed, properly disclosed, perfectly legal, and still fail this test, because it does not fit the person in front of you.

That makes suitability a different shape of rule. It is not a property of the product. It is a relationship between the product and the client. A complex, high-risk structured product might be suitable for a sophisticated investor with capacity for loss and unsuitable for a cautious retiree, and the product did not change between those two cases. The client did. The rule has to read both sides and judge the fit.

The rule is a match

{
  "rule_id": "SEC-SUIT-EU-001",
  "title": "Product risk exceeds the client's assessed risk tolerance",
  "jurisdiction": "eu",
  "source": "MiFID II, suitability obligation",
  "severity": "block",
  "expected_outcome": {
    "action": "review",
    "message": "The recommended product's risk and complexity exceed the client's assessed risk tolerance and experience. Under the MiFID II suitability obligation it may not be recommended on this basis. Reassess the client profile or the recommendation."
  },
  "conditions": [
    { "type": "conditional_logic", "operator": "OR", "clauses": [
      { "type": "numeric_comparison", "source": "product.risk_level", "operator": ">", "target": "client.risk_tolerance" },
      { "type": "field_exceeds", "source": "product.complexity", "target": "client.knowledge_level" }
    ]}
  ],
  "deterministic": true,
  "validation_status": "expert_reviewed"
}

The rule reads attributes from both the product and the client and tests whether they fit. It is the same shape that governs product governance in insurance under the IDD: is this product being placed with someone in its intended market. Securities and insurance, which look like different worlds, share this exact evaluator, because the obligation is the same underneath the different vocabulary. A product, a person, and a question of fit.

The work upstream is in building an honest profile. The client's risk tolerance and knowledge are not numbers lying around; they come from an assessment, and that assessment is the soft, judgment-laden part. Once it exists as a profile, the suitability test is a match against the product's attributes. The judgment is in forming the profile. The rule checks the fit.

Why a guess will not do

Suitability is heavily enforced, and the harm it guards against is concrete: a client sold something that was never appropriate for them, who loses money they could not afford to lose. Regulators pursue unsuitable advice, and "the system was fairly sure it suited them" is not a defense. The firm has to be able to show that the recommendation fit the documented profile, on the specifics, traceable to the obligation. That is a determinate question once the profile and the product attributes are in hand, and it has to be answered the same way every time it is examined.

And where the profile is incomplete, the rule does not assume suitability. A recommendation made against a client whose risk tolerance was never properly assessed is not a recommendation the system can certify as suitable. It flags for review rather than blessing a fit it cannot actually evaluate. An unprofiled client is not a client you have matched.

The point

Suitability is the clearest case of a rule that is about a relationship rather than a property. The product is not the question; the fit between the product and the person is. Build an honest client profile, then test the product's risk and complexity against it, and the obligation becomes a match the engine can make exactly and defend against a regulator. It is also a reminder that domains share primitives: the suitability test built for MiFID II is the product-governance test for insurance, the same evaluator pointed at the same kind of question. Whether a thing suits a person is asked across finance, and it is answered the same way wherever it is asked.