CPD: Is your approach to client risk profiling putting you at risk?

04 Jun 2025

From AdviserVoice - this Regulatory Compliance and Consumer Protection CPD article is proudly brought to you by Russell Investments

Effective risk profiling is a foundational element of compliant advice.

Introduction

The shockwaves that followed the announcement of ‘Liberation Day’ tariffs by Donald Trump brought an abrupt and unsettling end to a three-year bull market. Major global indices plummeted by 10% or more from recent highs – with the NASDAQ tumbling by over 20% – leaving many investors rattled.

Amid sensationalist coverage warning of market carnage, panic and uncertainty took hold, especially among retirees watching their portfolio balances rapidly shrink. These events have brought risk profiling sharply back into the spotlight, revealing in many cases a clear disconnect between clients’ real tolerance for risk and the equity exposure they were advised to take on.

Risk profiling is not just a best practice, it’s a legal and ethical obligation. Embedded in legislation, referenced in ASIC Regulatory Guides, and reinforced by the Code of Ethics, it is central to the “know your client” principle and the delivery of compliant, appropriate advice. Yet, despite its critical importance, risk profiling remains one of the most common areas of adviser failure — and a frequent source of AFCA rulings in favour of clients. For advisers, poor profiling exposes them to financial loss, disciplinary action, and reputational harm.

In this article, we explore adviser obligations around risk profiling, the reasons it often goes wrong, the consequences when it does, and how advisers can strengthen their approach to better protect their clients — and themselves.

Risk profiling – what the law says

At the heart of compliant financial advice lies the Best Interest Duty, set out in section 961B of the Corporations Act, and requiring advisers to act in the best interests of their clients when providing personal advice. ASIC’s Regulatory Guide 175 (RG 175) offers more detailed guidance on how advisers can meet this obligation, specifically highlighting the importance of understanding a client’s risk tolerance.

In paragraph 173 of RG 175, ASIC states:

“We expect that processes for complying with the best interests duty will ensure that, within the subject matter of the advice sought by the client:
(a) the scope of the advice includes all the issues that must be considered for the advice to meet the client’s objectives, financial situation and needs (including the client’s tolerance for risk).”^[1]

Further, in paragraph 227 of the same Guide, ASIC reinforces the relevance of risk profiling when investment products are involved, stating that ‘relevant circumstances’ include:

“Tolerance for the risk of capital loss, especially where this is a significant possibility if the advice is followed”.

Matching a client’s risk profile to an appropriate solution is not only required by law — it’s also embedded in the Code of Ethics, particularly Standard 9, which governs how products and advice are delivered.

Standard 9 stipulates that advisers must:

“Offer all advice and products in good faith and with competence, ensuring they are neither misleading nor deceptive.”^[2]

The reference to competence is important here. Effectively this standard requires advisers to genuinely understand the products they recommend – merely relying on the fact that that product is on their Approved Product List (APL) is not enough.

Misclassification of products can also occur when the detailed investment parameters of a product are not fully understood. For example, an ostensibly defensive ‘income generating product’ may have underlying guidelines that allow it to behave aggressively in certain circumstances, which could render it inappropriate for some clients.

Of course compliant advice doesn’t end with matching a product to the client’s profile. A third – and critical – step is ensuring the client understands the risks of any recommendation. This is reinforced by the Code’s requirement that:

“You must be satisfied that the client understands your advice, and the benefits, costs, and risks of the financial products that you recommend — and you must have reasonable grounds to be satisfied.”^[3]

In summary, compliance with obligations around client risk profiles can be seen as a three-step process:

Accurately understand and document the client’s risk profile
Match that profile with a product or strategy that is genuinely aligned
Ensure the client fully understands the risks of the recommended solution.

Each step is fundamental — and increasingly, each is being scrutinised by regulators and complaint bodies alike.

And yet…

With AFCA’s own data suggesting around two thirds of their determinations relating to ‘Know Your Client’ failures are found in favour of the complainant^[4], there is a clear incentive for advisers to prioritise this aspect of their advice process.

And yet as straightforward as the obligations around risk profiling are, it is still a process that features extensively in AFCA complaints.

In a 2021 study of over 1,000 advice complaints, risk management consultancy Fourth Line estimated around 18% related to ‘Know Your Client’ failings – with poor risk profiling practices a major contributor^[5].

(As alarmingly high as this figure may seem, it is still a remarkable improvement on the 2015 data referenced in a research paper by Dr Kathryn Hunt^[6], which suggested up to 70% of advice complaints escalated to The Financial Ombudsman Service – AFCA’s predecessor – were because of ‘inadequate or incorrect risk profiling of clients’.)

So why does it still go wrong?

While ASIC and the Code of Ethics are clear around the importance of risk profiling, neither stipulates a specific process for advisers to follow. As a result, across the market, there is a wide variance in the processes used by licensees and individual advisers in assessing a client’s attitude towards, and tolerance for, financial risk.

These processes can be problematic for a number of reasons:

They are treated more as a tick a box client exercise (a ‘safe harbour’) involving little rigour or explanation to clients, or
The tools and processes themselves can have flaws, including overly simplistic scoring, poorly framed questions, or biases that pigeonhole clients inaccurately.

One of the most common tools used by advisers in assessing risk profile is the Risk Tolerance Questionnaire (RTQ), and there is an extensive body of research identifying their common deficiencies. One high profile study was conducted by US researchers Carrie Pan and Meir Statman^[7], who concluded that typical risk questionnaires used to assess a client’s risk profile were deficient in 5 ways:

Every individual investor actually has a multitude of risk tolerances for each of their mental accounts (such as retirement planning or saving for a holiday) and trying to zero in on one ‘umbrella’ tolerance will fail to identify these multitudes
The links between answers to questions in risk questionnaires and recommended portfolio allocations are governed by opaque rules of thumb rather than by transparent theory
Investor’s risk tolerance varies as investment markets rise and fall. Exuberance from the rises inflates risk tolerances, while sliding markets bring fear and deflated risk tolerances
Risk tolerance varies when assessed in foresight or hindsight. Moreover, hindsight amplifies regret. Investors with a high propensity for hindsight and regret might claim, in hindsight, that their adviser overstated their risk tolerance
Other propensities such as trust, and overconfidence, play an important role, yet are not addressed through traditional questionnaires. Trust makes clients easier to guide, while overconfident individuals tend to overstate their risk tolerance.

Advising couples can also be challenging

According to research by risk profiling specialists Capital Preferences, 60% of couples have a meaningful difference in their risk preference. Yet despite this, one in five advisers working with couples were found to only be risk profiling one member of the couple, potentially exposing the other to inappropriately high (or low) levels of risk. Just over half of advisers (53%) surveyed were found to profile couples jointly.^[8]

ASIC have been on this case for a long time

As far back as 2013, ASIC, in Report 362^[9], investigated the use of risk profiling questionnaires.

The report noted that nearly all of the licensees surveyed used risk profiling tools to assess their clients’ attitude to risk, with the number of questions in the tool ranging from six to 27. The average number of questions in each tool was 13.

The report went on to say that:

“Risk profiling tools should not be the only way an adviser determines the client’s attitude to risk. We are concerned that mechanically allocating a risk profile based on the outcome of a survey may not identify the most appropriate strategy for the client. For example, where the client does not fully understand the questions, or the client has a high-risk appetite but does not actually have sufficient resources to absorb the level of risk, the results of the risk profiling exercise may be misleading.”

You can’t rely on TMDs either

Introduced as part of the Design and Distribution Obligation legislation, the Target Market Determination (TMD) was designed to be an important tool for achieving alignment between a product solution and a client’s risk profile.

But advisers relying heavily on TMDs as a proxy for their own research should be aware of the growing number of product providers subject to ASIC action in response to ‘inappropriate risk profiles’.

As detailed in ASIC Report 762^[10], poor risk profiling was a factor in 21 of the first 26 Stop Order actions taken against issuers of investment products under the DDO laws.

Specific inadequacies found by ASIC included relying on measures of risk that were too narrow, understating the true level of risk in the product, and taking too narrow a view of performance.

When it goes wrong
As touched on above, the misalignment between recommended product solutions and client risk profile is a common trigger for advice disputes, many of which are escalated to AFCA.

AFCA’s approach to resolving such disputes is to first assess the appropriateness of the advice, which involves a thorough investigation of the processes used to assess risk, align to a product, and then the communication behind that recommendation. (It goes without saying that comprehensive record keeping of these processes are as critical as the processes themselves.)

Mini case studies – AFCA determinations involving risk profiling

There are many ways problematic risk profiling has resulted in AFCA determinations against advisers.

In one case, a complainant successfully argued that the questionnaire used by the adviser was too complicated, and they were unable to understand some of the questions. In its determination, AFCA noted: “Given the inadequacies of the risk profile questionnaire, it is up to a prudent adviser to assist the complainants understand and comprehend the questions to identify and understand their relevant circumstances. In this instance, the adviser has not discharged his ‘know their client’ obligation”.^[11]

In another case (AFCA Determination 606592), a complainant successfully argued that the results of his risk profiling – which identified him as a conservative investor – was ignored by the adviser who invested his assets in a 60/40 mix rather than a 70/30 mix.

In a third case where AFCA ruled in favour of the complainant (Determination 734237), the adviser was found to have profiled the client’s attitude towards risk, but not their financial capacity for risk, (their financial ability to absorb losses), therefore effectively only doing half the job required under law.

In the event they find in favour of the client, AFCA will then determine the amount of loss, using what has been described as a counterfactual, or ‘but-for’ approach. Under this approach, AFCA will seek to quantify what investment outcome the client would have achieved if they had received appropriate advice (including products aligned to risk profiles).

Whilst this methodology is not intended to cover scenarios where one appropriately aligned product outperforms an alternative – for example a Vanguard indexed ETF outperformed a Blackrock indexed ETF – that hasn’t stopped some observers complaining that it theoretically creates a zero-risk environment for clients.

Infocus Wealth Management’s Darren Steinhardt raised the issue on an industry webinar in November 2024, railing against the ability for a client that “might have actually made some money” to receive compensation because different advice could have received more. “To me that sounds like a zero-cost option”, he said^[12].

Bracing for a client backlash

Having started this article by referencing the tariff induced market volatility, it seems appropriate to close the loop by looking at what advisers themselves think.

A global survey by Oxford Risk found more than three quarters of wealth managers and advisers expect increased regulation on risk profiling.

Their survey results^[13], published in 2023, suggest that Australian advisers anticipate both a surge in compensation claims from clients due to failure to comprehend risk profiling processes, and expect tougher regulation to follow as a result.

Speaking in 2023 (after the horrors of 2020 and 2022) a spokesperson for Oxford Risk pointed out that many clients will “inevitably be disappointed with their returns”.

She went on to say, “It is worrying however that so many wealth managers fear they will face compensation claims over their advice and particularly worrying that it will focus on a poor understanding of client risk profiles,” she added^[14].

Furthermore, the study by Oxford revealed that a substantial 68 per cent of wealth managers were occasionally caught off guard by their clients’ investment decisions, with the most frequent mistakes being evaluating returns over a short period (36 per cent).

Other common mistakes included impulsive decisions to the detriment of short-term plans (35 per cent) and buying high and selling low (34 per cent).

Sound familiar?

Protecting clients and yourself

Effective risk profiling is both an important consumer protection mechanism and a compliance cornerstone. In the event of any client complaints, the rigour of your profiling process and your documented reasoning can be a vital defence.

A basic checklist to support this could include:

Is the client’s risk profile up to date and clearly documented?
Is there evidence of discussion and understanding?
Is the recommended strategy clearly aligned with the profile?
Was the client’s profile revisited after major changes?

Advisers could also consider going beyond the basic questionnaire approach and adopt a more rigorous and contemporary process capable of allowing for emotional and behavioural biases. Such approaches include psychometric profiling and ‘revealed preference’ methodologies, both of which are now widely available.

For those looking to go even further, methods with widespread academic support include

Understanding the investment behaviour of relatives, especially parents (a technique called financial anamnesis)
The recording – by the client – of investment transactions in an investment diary, and
Understand the client’s investment history in the context of the prevailing market environment. How did they behave in 2020, in 2022, in April 2025?

Conclusion

Risk profiling is more than a regulatory checkbox — it is a cornerstone of ethical, compliant, and effective financial advice. Against a backdrop of heightened market volatility and growing client expectations, the flaws in many traditional approaches are becoming harder to ignore. ASIC, AFCA, and the broader regulatory framework are increasingly focused on ensuring that advisers not only assess client risk accurately, but also align their advice appropriately and communicate the rationale clearly. Despite this, poor risk profiling remains a persistent cause of client disputes and compensation claims.

The takeaway is clear: advisers must move beyond simplistic, one-size-fits-all tools and embrace more rigorous, transparent, and client-specific processes. This includes profiling both members of a couple, understanding risk attitudes across financial goals, and staying alert to the evolving emotional and behavioural drivers behind client decisions.

Getting risk profiling right protects more than your clients’ portfolios — it protects your business, your reputation, and your peace of mind. In an environment where regulators are sharpening their scrutiny and clients are becoming more litigious, now is the time to ensure your risk profiling process is up to standard — before you find yourself on the defensive.