Dark teal cover with a node-and-edge motif and the Good Transformer wordmark, marking an article on AI for financial advisers.
AI adoptionFinancial adviceComplianceProfessional services

AI for financial advisers: compliance-safe ways to use it

Most UK financial firms now use AI. Where advisers can safely use it for admin and research, and where suitability and FCA rules mean a human must stay in charge.

Good Transformer11 min read

If you run an advice firm and are not sure how far to let AI in, the line is simpler than it looks: use it for the work around the advice, not the recommendation itself. It takes real load off meeting notes, fact-find admin and file preparation. The suitability decision, and the duty to evidence it, stay with the firm.

Adoption in advice is real, but uneven. The FCA's 2025 advice-market survey, published in April 2026 and covering more than 4,100 firms, found that around 14% of small firms, 38% of medium firms and just over half of large firms plan to use AI within their advice processes in the near term. Include the firms still weighing it up and those figures rise to 48%, 81% and 95%. Large firms are moving fastest; many smaller firms are still working out where AI can save time without weakening suitability, client understanding or the file.

Where AI fits in the advice workflow

The most useful way to think about AI is not as a replacement adviser, but as a layer that turns messy inputs into better case material. Advice firms do not only sell judgement. They carry a heavy documentation burden, because every recommendation has to be backed by what the client said, what was checked, what alternatives were weighed and why the final answer was suitable. That is where AI earns its place, and where the risks sit.

Step in the advice process What AI can do The risk The control
Client meeting Transcribe, summarise, pull out action points Mishears a figure, misses hesitation or a vulnerability cue Adviser checks the transcript and file note before it is saved
Fact-find and know-your-client Populate structured fields from notes and documents Turns incomplete information into confident-looking facts Flag missing fields, and an adviser confirms
Attitude to risk Summarise what the client said about risk Leans on the questionnaire score and ignores the context The risk tool stays evidence, not the whole judgement
Capacity for loss Gather income, assets, commitments and liabilities Wrong figures make an unsuitable risk look affordable Source-link every figure, and verify by hand
Vulnerability Surface possible indicators and support needs Intrusive profiling, or a passing comment logged as a label Clear lawful basis, careful wording, restricted access
Recommendation Organise the rationale and the alternatives considered Nudges towards a product or an unsupported conclusion The adviser owns product choice and the suitability rationale
Suitability report Draft from approved templates and verified case data Polished wording hides thin evidence Paraplanner and adviser sign off, with sources traceable
File checking Flag missing evidence and Consumer Duty gaps False comfort if the checks are shallow Risk-based sampling and compliance review
Back office and CRM Update the client record and tasks Wrong data spreads across systems Controlled integration, permissions and an audit log
Ongoing reviews Draft review packs, highlight what has changed Misses a service promise or a disengaged client A review-cycle policy and management information

The pattern is clear. AI is strongest early in the chain, where it captures, cleans and organises, and it needs the firmest hand as it moves towards the recommendation and the suitability report, where a confident draft can paper over a weak file.

Where support becomes advice

Here is the nuance that matters, and it is more precise than "AI can never recommend." The FCA's suitability rules, COBS 9 and COBS 9A in its handbook, require a firm to gather enough about a client's knowledge and experience, financial situation, objectives, attitude to risk and ability to bear loss to make a suitable recommendation. The rules do allow automated and semi-automated advice. What they do not allow is passing the buck: COBS 9A is explicit that a firm using an automated or semi-automated system remains responsible for the suitability assessment.

So the honest position is not that AI is banned from advice. It is that the firm still owns the suitability decision and must be able to evidence it, whatever produced the draft. Running a genuinely automated advice model takes the right permissions, controls, governance and audit trail. For most smaller firms that do not have those in place, the practical answer is to keep the recommendation with a qualified adviser and use AI for everything around it.

The danger is letting a tool move from organising evidence to drawing conclusions from it. A confident paragraph is not the same thing as a suitable recommendation. If the client's objectives are unclear, if capacity for loss has not been evidenced, if a vulnerability indicator has not been followed up, or if the cost and benefit of a switch has not been properly tested, the right AI output is not a recommendation. It is a flag that the file is not ready.

Client data, vendors and governance

Client financial data does not belong in a public AI tool. Free consumer chatbots may use what you type to train future models, and pasting a client's holdings, health details or identifiers into one can breach both your duty of confidentiality and data protection law. Use business-grade tools with a proper agreement, and set a firm rule that no client-identifying information goes anywhere else. Our note on whether staff can put client data into ChatGPT sets out the safe version of this.

"GDPR compliant" on a vendor's website is the start of due diligence, not the end. Before a tool touches client information, get plain answers to a short list of questions:

  1. Are inputs and outputs used to train the model, and can that be switched off?
  2. Where is the data hosted and processed, and how long are transcripts and prompts kept?
  3. Who are the sub-processors, and can you delete, export and audit the records?
  4. Is access role-based, and does the tool produce an audit trail?
  5. Does it integrate with your back office or client system, such as Intelliflo, Xplan, Plannr or Curo, without exposing more data than it needs?
  6. Has a data protection impact assessment been done, and who has signed off the use case?

That last point is not a formality. The ICO expects senior sign-off, a named owner, a risk assessment before processing starts, and a clear view of the supply chain. It is worth remembering that a third of AI use cases in the Bank of England and FCA's 2024 survey were third-party implementations, and 46% of firms admitted only a partial understanding of the tools they used. If you cannot explain in plain terms what a tool does with a client's data and where it can go wrong, you are not yet ready to rely on it.

Consumer Duty, vulnerability and ongoing advice

Consumer Duty raises the bar on evidencing good client outcomes, and AI cuts both ways. Used well, better notes, cleaner records and consistent review packs make it easier to show your work. Used carelessly, a tidy AI summary that reads better than the conversation actually went becomes a weak point in the file. The test is not whether the file looks complete. It is whether the firm can show the client got a suitable service and a good outcome.

Vulnerability needs care of its own. A good assistant may surface a possible indicator that a client is in difficult circumstances, and that can help. What it must not do is turn a passing comment into a crude label. Vulnerability notes need a clear reason for holding them, careful and respectful wording, restricted access and a periodic review, not a confident inference dropped into the record.

Ongoing advice is where AI may help most, because the risk there is rarely a bad recommendation on day one. It is a weak record: a stale fact-find, a missed review, or thin evidence that the client received the service they paid for. The FCA's ongoing advice review found suitability reviews were delivered in most cases, but the evidence trail is exactly what firms struggle to show. AI can help flag overdue reviews, prepare periodic review packs, summarise what has changed in a client's circumstances, and produce management information on service delivery. It should not decide whether an arrangement is still suitable without an adviser looking at it. This is arriving as the rules themselves are being reworked: in March 2026 the FCA proposed simplifying the advice rules (CP26/10), including a single attitude-to-risk concept, a proportionate approach to capacity for loss, and periodic reviews based on client need in place of the automatic annual review.

A compliant starter setup

You do not need a large programme to start safely. You need a few clear lines, a business-grade tool and some discipline about prompts.

  • Pick one low-risk task. Meeting notes or fact-find clean-up are the natural first step. Prove the time saving before going further. Our note on AI notetakers in client meetings shows how to do this without letting the tool overreach.
  • Use a proper tool, not a free one. A business account with a data agreement that keeps client information out of model training.
  • Write the rule down. A one-page policy that says what AI may touch, what it must never touch, and that an adviser signs off anything client-facing. Our simple AI policy for small firms is a good starting point.
  • Mind the prompt. How you ask shapes what you get, and what you get onto the file. "Write a suitability recommendation for this client" invites the tool over the line. "Using only the approved notes below, draft a neutral file-note summary of the client's stated objectives, the missing information and the follow-up questions, and do not recommend a product or draw a suitability conclusion" keeps it on the right side.
  • Keep the human check visible. Every AI-assisted output that reaches a client or a file is read and corrected by a person, and the record shows it.

What to do next

Pick one recurring task your team does every week that never touches the recommendation. Client meeting file notes are the usual candidate. Run them through a business-grade AI tool for a fortnight, with an adviser reviewing every output before it is saved, and measure the time saved against any corrections needed. That single, bounded test teaches you more than any demo, and it keeps the suitability decision where it belongs while you learn.

If it would help to map where AI fits in your firm's advice process, and where a human must stay in charge, book a call and we will think it through with you.

Common questions

Can financial advisers use AI to give advice?

The FCA's rules do allow automated and semi-automated advice, so the honest answer is not a flat no. But COBS 9A is clear that a firm using such a system remains responsible for the suitability assessment, and must be able to evidence it. Running a genuine automated advice model needs the right permissions, controls and governance. For most firms, the safe use of AI is in the work around suitability, not the recommendation itself.

Where does AI fit in the advice process?

Best in the documentation-heavy steps around the advice: meeting transcripts and file notes, cleaning up the fact-find, extracting missing information, drafting from approved suitability templates, preparing review packs, file checking and client communications. It is weakest, and most risky, at the point of drawing a suitability conclusion, which is where an adviser must own the decision.

Does using AI change our Consumer Duty obligations?

No, and it can help or hurt your evidence for them. Better notes, review packs and outcome monitoring can strengthen the case that clients received a suitable service and a good outcome. A polished AI summary that does not reflect what was actually said can weaken it. The obligation is to show a good outcome, not a complete-looking file.

Is it safe to put client data into AI tools?

Not into public consumer chatbots, which may use your input to train future models and can breach confidentiality and data protection. Use business-grade tools with an agreement that keeps your data out of training, do real vendor due diligence on hosting, retention, sub-processors and audit trails, and set a firm rule that no client-identifying information goes anywhere else.


This is general information, not legal or regulatory advice. Check your own permissions, rules and Consumer Duty obligations with a compliance professional before relying on AI in a regulated process.

Work with Good Transformer

Turn this thinking into working practice.

Explore team advisory

Newsletter

Get new Insights by email

Practical notes on using AI with judgement, and the AI news leaders actually need. No hype, no spam, unsubscribe anytime.

Choose how often you want the digest

Keep reading