109. According to Article 88(1) of Directive 2013/36/EU, an institution's management body defines, oversees and is accountable for the implementation of the governance arrangements that ensure effective and prudent management of the institution. In addition, according to Article 9(3) of Directive 2014/65/EU, the management body of an investment firm as defined in Directive 2014/65/EU (MiFID firm) defines, oversees and is accountable for the implementation of governance arrangements in a manner that promotes the integrity of the market and the interest of clients. This includes that the institution's suitability policy should be aligned with the institution's overall corporate governance framework, corporate culture and risk appetite and that the processes under the policy are fully operating as intended. This also includes that the institution's management body should adopt – without prejudice to any required shareholders' approval – and maintain a policy for the assessment of the suitability of members of the management body.

110. The suitability policy should include or refer to the diversity policy to ensure that diversity is taken into account when recruiting new members.

111. Any changes to the suitability policy should also be approved by the management body, without prejudice to any required shareholders' approval. Documentation regarding the adoption of the policy and any amendments thereof should be maintained (e.g. in the minutes of relevant meetings).