“How much money do you want to invest? What is your risk appetite? What experience do you have with securities?” – Every investor in Germany knows these questions from investor questionnaires. They are part of the legally required appropriateness and suitability assessment under the Securities Trading Act. The irony: Often, this exact information is already available when customers and banks are connected via current and custody accounts.

An investor who has been investing €500 in ETFs every month for five years must answer the same questions about their knowledge and experience with every new securities purchase as someone who is active on the stock exchange for the first time. A customer whose entire portfolio is already documented must manually re-enter their financial circumstances – even though their risk profile could be derived from years of real investments.

This not only seems anachronistic, it undermines acceptance of the regulatory concept as a whole.

Two Assessments, One Problem: When Protection Becomes a Burden

The Securities Trading Act distinguishes between two types of customer assessment, both of which pursue an important goal: protecting investors. The Appropriateness Assessment ensures that customers understand the risks of complex financial instruments when purchasing securities without advice. The Suitability Assessment goes even further and, in the case of investment advice, examines whether a recommendation fits the personal circumstances, goals, and financial situation.

The intention behind both regulations is right and important. But there is a gap between regulatory requirements and practical implementation. What we are experiencing today is a threefold problem: First, standardization means that everyone receives the same questions – the ETF veteran just like the stock market beginner. Added to this is an information overload, where complex technical terms and long forms overwhelm rather than inform. Finally, this results in pure formalism, where many simply check off what is necessary to be able to trade. Real understanding falls by the wayside.

The result: Instead of trust, the process creates distance. The questionnaire, actually intended as a protective instrument, becomes a symbol of regulatory overload.

The Vision: AI Transforms Obligation into Dialogue

The technical possibility is obvious: use existing data and process it with artificial intelligence in such a way that real added value is created. This involves automated pre-filling, where account data, portfolio movements, and asset allocations make many manual entries unnecessary. Adaptive interviews can adjust to the knowledge level and experience of investors. Those who have already built a diversified portfolio skip basic questions and move directly to more specific topics.

At the same time, understandable language and visualizations enable technical terms to be translated into everyday German. Abstract risks become tangible through concrete scenarios. From all this emerge individual risk profiles based on real portfolio data, beyond crude categories like “conservative” or “risk-seeking.”

A particularly effective use case: Instead of speaking abstractly about “price fluctuations,” the AI shows, based on real portfolio data, how a 20 percent market crash would affect concrete assets. Such simulations transform theoretical risks into comprehensible scenarios. Suddenly it becomes clear: “If my portfolio falls by 15 percent, that means specifically €3,000 less in assets.”

The Reality: Why It’s More Complicated Than You Think

As convincing as the vision sounds, implementation is anything but trivial. Banks and FinTechs that want to take this path face real challenges:

• Regulatory Gray Areas: MiFID II requires documented, traceable processes. But how do you document an AI-based risk assessment in a legally secure way? What depth of explanation is necessary? And are you even allowed to automatically pre-fill or must customers actively confirm every point? Clear guidelines from BaFin are often lacking here.
• Data Protection as a Balancing Act: Yes, the data is available. But may it also be used in this way? Automated profiling is GDPR-sensitive. Customers must explicitly consent. But many are skeptical when the bank seems to know “too much” about them. The fine line between personalized service and a feeling of surveillance is real.
• Liability Issues in Case of Incorrect Recommendations: If an AI recommends a product that turns out to be unsuitable – who is liable? The bank? The algorithm provider? These questions have not yet been conclusively clarified legally. Institutions are correspondingly cautious and often rely on manual verification, which again reduces efficiency gains.
• Automation Bias: People often trust algorithms blindly. This is particularly risky in the financial sector. A pre-filled risk classification can lead to customers no longer critically questioning whether it really fits. The opposite of empowerment.

These hurdles explain why not all banks have long since adopted data-driven investor surveys. The challenge is to reconcile technical possibilities with regulatory requirements and customer acceptance.

First Steps into Practice

Despite the complexity, there are realistic starting points that banks and FinTechs can implement today:

• Intelligent Pre-filling with Opt-in: Instead of automatically adopting data, customers are asked: “We see that you invest €500 in ETFs monthly. Should we adopt this information for your risk assessment?” This creates transparency and gives control.
• Risk Simulations as a Basis for Discussion: Concrete scenarios (“What would a 20 percent crash mean for your portfolio?”) can serve as advisory tools independent of the formal assessment. They inform without making legally binding recommendations.
• Adaptive Question Logic: Those who demonstrably have experience receive different questions than beginners. This is technically simple to implement and significantly improves user experience without venturing into regulatory gray areas.
• Human Control as a Safety Net: AI-supported suggestions can be reviewed and adjusted by advisors. This combines efficiency with liability security.

wealthAPI as Infrastructure Partner

This is exactly where our approach comes in. wealthAPI aggregates datawealthAPI data from over 3,500 banks and brokers, far beyond PSD2 standards. This includes securities and, in the future, also cryptocurrencies, real estate, insurance, and investments.

What is crucial is the refinement of this raw data: it is enriched, categorized, and provided in a uniform, usable form. Account movements become savings rates, individual transactions become portfolio trends. Integrated tools from portfolio and dividend analysis to AI-based product recommendations enable banks and FinTechs to make individual offers.

With the upcoming FiDA regulation, data access will be significantly expanded again across Europe. This is the moment to consistently digitize processes, but with a sense of proportion and taking into account the challenges mentioned.

Conclusion: Evolution Instead of Revolution

Appropriateness and suitability assessments will not become AI-controlled dialogue systems overnight. The regulatory, technical, and cultural hurdles are too high for that. But they can be improved step by step. What banks and FinTechs need now is a solid data infrastructure that is flexible enough to grow with regulation. And the willingness not just to collect customer data, but to use it intelligently and transparently.

This is how forms that are perceived as obligations today become a dialogue tomorrow that really helps investors. Not through automation at any cost – but through intelligent combination of data, AI, and human expertise. Then the Securities Trading Act will also become what it should be: a law in the service of investors, not bureaucracy.