Client suitability assessments: current FCA expectations
The obligation to assess and document client suitability before providing personal recommendations on investments is one of the fundamental conduct obligations in COBS 9A (for MiFID business) and COBS 9 (for non-MiFID business). The suitability assessment must cover the client's knowledge and experience relevant to the specific type of product or service, their financial situation including capacity to bear loss, and their investment objectives including their risk tolerance. For discretionary managers, a suitability assessment must be completed at onboarding and must be refreshed when there is a material change in client circumstances, and before managing a portfolio in a way that results in a shift in overall risk profile.
The FCA's repeated thematic reviews of suitability — spanning its 2011 retail investment review, the 2019 suitability thematic review, and more recent supervisory work under Consumer Duty — have identified persistent failings. The most common are: suitability assessments that record client preferences and risk tolerance without genuinely investigating whether stated preferences reflect the client's actual understanding; failure to document the evidential basis for the suitability conclusion; and failure to update suitability records as client circumstances change. In the context of Consumer Duty, suitability is now also assessed against the products and services outcome — a recommendation that is technically suitable against COBS 9A criteria may still be inconsistent with Consumer Duty if it does not align with the client's actual needs and objectives.
The suitability report is a key compliance document. COBS 9.4 requires firms to provide retail clients with a suitability report before or at the point of a personal recommendation (or where an ongoing service is provided, at regular intervals, and whenever the recommendation or investment changes materially). The suitability report must explain why the recommendation is suitable — not merely record the client's information. A suitability report that amounts to a repetition of the client's risk profile score and a list of the products recommended, without explaining the link between the two, does not meet the regulatory standard. The FCA has been clear that suitability reports must be written in a way that a client could understand and act upon.
The use of risk profiling tools — questionnaire-based systems that assign clients a risk profile number or category — is widespread but frequently misapplied. These tools are an aid to suitability assessment, not a substitute for it. The FCA has reviewed a number of risk profiling tools and found that the questions used, the scoring methodology, and the relationship between the risk profile output and the recommended portfolio are not always defensible. Firms should review whether their risk profiling tools are fit for purpose, whether the tool's outputs are calibrated against the products and portfolios actually recommended, and whether advisers are applying appropriate judgement when clients' stated risk tolerance is inconsistent with other suitability information.
Ongoing suitability monitoring
For firms providing ongoing services — such as discretionary management or investment advice under a retainer — the obligation to monitor suitability on a continuing basis requires an active monitoring programme, not merely periodic review. This should include regular client contact, systematic review of portfolio drift against the agreed risk profile, and a documented process for triggering a suitability review when client circumstances are known to have changed. Firms should review whether their fee structures create any incentive to avoid triggering suitability reviews — for example, where a review might result in portfolio switches that generate cost disclosure obligations.