How process-driven suitability frameworks can undermine client outcomes – and what future-proof design requires.
There are two main approaches to designing a suitability process that delivers regulatory compliance. The more popular one feels safer, but often proves riskier where it matters most.
It feels safe to go through each set of regulations and build a step for each specific requirement. A checkbox here, a second pair of eyes sign-off there, an unyielding ‘submit’ button waiting at the end. Each time an old regulation changes or a new one is added, tweak or add in a step as needed. This may not be particularly efficient – over time these individually justified safeguards become a cumbersome stack of procedural layers – but at least it feels effective. After all, if you’ve met every part of the regulations, how could you not be automatically meeting the whole of them?
Unfortunately, not only is it possible to follow all the steps perfectly and still go awry, but the very act of focusing on the individual steps can be the cause of an unsuitable final outcome.
To understand how this can happen, and how to design a suitability process that avoids it happening to you, it helps to consider the difference between the letter of the laws and the spirit of them.
The letter and spirit of financial-advice regulation
There are two sides to any set of laws: the words that comprise them (the letter), and the intentions behind them (the spirit). Typical suitability processes focus on the wrong one.
The ‘letter’ of financial advisory regulations is all the things you need to do: assess a client’s knowledge and experience, account for their risk tolerance, confirm they’re not laundering money, and so on.
The ‘spirit’ of financial advisory regulations is what you are ultimately doing these things for. This is largely about protection: saving clients from unsuitable investments, unscrupulous salesmen, or their own unhelpful behaviours.
It’s not enough to do all the things. You’ve got to do them in a way that provides a reasonable chance of leading to a good outcome. This is most obviously true in explicitly outcomes-focused regulatory regimes like the UK’s. However, it applies universally.
In any regime, there’s a limit to how prescriptive rules can realistically be, and therefore how useful mechanically following those rules will prove. When rules fail to consistently produce the desired outcomes, as they inevitably will, more rules will be added in attempts to minimise those failures.
For example, consider Risk Tolerance. Successive guidance has encouraged firms to move from subjective finger-in-the-air assessments, to rudimentary questionnaires (still common practice), to psychometric questionnaires with increasing demands for scientific reliability. If merely accounting for ‘risk tolerance’ in some way were sufficient, regulators would not have pushed that evolution. The progression itself tells us that following the letter was not delivering the spirit… and that was not good enough.
A similar story can be told for every aspect of suitable advice. A particularly stark example concerns Knowledge and Experience assessments. In its 2023 MiFID II guidance, the European Securities and Markets Authority (ESMA) directly called out the most common K&E assessment methodology as unfit for purpose: ‘In assessing a client’s knowledge and experience, a firm should also avoid using overly broad questions with a yes/no type of answer and/or a very broad tick-the-box self-assessment approach.’ All advisers – we hope! – know that ticking a box to indicate you’ve previously bought a complex structured product doesn’t equip you to do so again; and that not ticking ‘I have previously invested in equities’ shouldn’t preclude you from getting the portfolio right for your financial needs. Yet many still persist with such methodologies, as if ticking the letter of the law were enough, even though this checklist-happy approach adds nothing to the suitability of the recommendation. As ESMA have now formally confirmed, it isn’t.
By recognising that client outcomes are the beating heart of suitability, it’s possible to get ahead of this game. Focusing on the letter of the law does not automatically satisfy the spirit, yet focus on the spirit and you’ll almost certainly meet the letter. Without a clear methodology for delivering suitable outcomes, the rest is noise. As an added bonus, a well-designed suitability process will not need to change with every tweak of the regulations aimed at dealing with minimum-viable-interpretations of the existing rules: it will be inherently future-proofed.
Signs of a future-proofed suitability process
Designing a suitability process around the spirit of the laws recognises that:
- Suitability is dynamic – Profiling shouldn’t stop when investment starts: suitability assessments must be as dynamic as the investment journey they support. Trying to get everything out of the way as soon as possible is counterproductive. Treating suitability as something to ‘complete’ at onboarding is both unrealistic and risky. This is especially true given regulatory expectations to evidence ongoing suitability. Within this dynamic context, Risk Tolerance is broadly stable; Knowledge and Experience evolves; emotional responses fluctuate with markets and media; and Risk Capacity shifts as financial circumstances change.
- Client engagement is linked to client understanding – A client’s understanding of what they’re investing in (and why) is helped by neither haste nor volume. Requests made of clients must be linked to purpose for clients: clients must feel assessments are done for them, not the file checkers. This means continually reminding clients of the link between diagnostic questions and prescriptive consequences.
- Suitability is more than the sum of its parts – Compartmentalising the elements of suitability is necessary for accurate assessment of each of those elements, but it’s only when they’re put back together in service of the whole that they become reliable and valid. In practice, this means integrating long-term willingness to take risk (Risk Tolerance), financial ability to take risk (Risk Capacity), behavioural ability to remain invested (Behavioural Capacity), and Knowledge and Experience. Treating these as isolated compliance exercises misses the point. Suitability requires bringing them together into a recommendation that reflects what the client can afford to risk, is willing to risk, and can realistically stick with.
Suitability by design
Designing a suitability system through a reactive ‘letter of the law’ lens is a good way to feel like the regulations are a burden which you are constantly trying to stay on top of, as your system for doing so gets ever more unwieldy. It not only doesn’t need to be this way, but a more deliberately designed – ‘spirit of the law’ aligned – suitability process keeps you from falling into that trap.
The test of a well-designed suitability process isn’t how explicitly each of its collection of boxes and forms matches up to a line in the legislation. It’s how reliably it produces advice that clients can understand, accept, and stick with. Consumer Duty has crystallised this in UK regulation, but the expectation is broader: firms must be able to evidence that their advice design leads to sustained good outcomes. Documentation alone cannot achieve that. It requires measurement, integration, and ongoing monitoring that actually changes behaviour.
This isn’t about abandoning structure or documentation. Nor is it a claim that comfort or short-term performance are reliable indicators of suitability. It’s about emphasis – designing the suitability process around its purpose, rather than around ever-evolving guidance merely pointing towards it.
