Organizations / ESMA
ESMA
European Securities and Markets Authority · www.esma.europa.eu/
ESMA is the EU's securities-markets regulator. Its Public Statement on the use of AI in the provision of retail investment services maps AI use onto firms' existing MiFID II obligations — best interest, suitability, transparency, risk management, and recordkeeping — the basis for the pack below.
How the publications map to ponens policies
ESMA's Public Statement does not create new AI rules; it reads AI use through existing MiFID II obligations, with one throughline — “firms' decisions remain the responsibility of management bodies, irrespective of whether those decisions are taken by people or AI-based tools,” and AI must always serve clients' best interest. ponens turns each of those obligations into a policy over the trace of an AI-assisted investment service: that the client is told when AI is involved, that recommendations are assessed for best interest and suitability, that AI outputs are accuracy-checked before reaching clients and monitored afterwards, and that models are tested on representative data before deployment.
The Statement's recordkeeping clause (¶24) and its ex-ante / ex-post accuracy controls (¶16) read almost directly as trace policies, so the mapping is tight rather than interpretive. Running the pack with ponens trace check aggregates the per-obligation verdicts to a Green / Amber / Red picture: an error-severity breach (e.g. an undisclosed AI interaction, an unsuitable recommendation, or missing AI records) is Red; softer expectations such as periodic stress-testing or staff competence are Amber. The firm-level MiFID II machinery the Statement also invokes — management-body oversight and outsourcing governance — is organisational rather than per-trace and sits outside this pack.
MiFID II AI in Investment Services
ESMA's MiFID II expectations for AI in retail investment services — best interest, suitability, transparency, accuracy controls, testing, and recordkeeping — as computable policies.
Maps the ESMA Public Statement on AI in the provision of retail investment services onto ponens policies. Each MiFID II obligation ESMA highlights — acting in the client's best interest, disclosing AI use, suitability and product governance, ex-ante/ex-post accuracy controls, model testing on representative data, outsourcing due diligence, staff competence, and recordkeeping of AI decision processes — becomes a deterministic check over the trace of an AI-assisted investment service.
Source: ESMA Public Statement ESMA35-335435667-5924 (30 May 2024).
Best Interest & Transparency 3
acts_in_client_best_interest error Acts in Client Best Interest
Every AI-supported recommendation is assessed against the overarching MiFID II obligation to act in the client's best interest.
G(Recommendation → best_interest_assessed)ai_information_clear_fair warning AI Information Clear, Fair, Not Misleading
Information provided to clients on the firm's use of AI is presented in a clear, fair and not misleading manner.
G(client_facing → clear_fair_not_misleading)ai_use_disclosed_to_client error AI Use Disclosed to Client
Firms transparently disclose to clients when they are interacting with an AI system (e.g. chatbots or other AI-driven automated systems).
G(client_interaction → ai_disclosed)Suitability & Conduct 2
product_governance_aligned error Product Governance Aligned
AI-driven distribution aligns the products distributed to their identified target market (product governance).
G(Distribution → target_market_aligned)recommendation_suitable error Recommendation Suitable
AI-supported recommendations are subject to a suitability assessment aligning them to the client's situation, objectives, sustainability preferences, risk tolerance, and knowledge.
G(Recommendation → suitability_assessed)Accuracy Controls 2
ai_information_monitored warning AI Information Monitored (ex-post)
Ex-post controls monitor and evaluate any process that delivers information to clients directly or indirectly through AI-driven mechanisms.
G(ai_driven_information → post_review)ai_output_accuracy_controlled error AI Output Accuracy Controlled (ex-ante)
Ex-ante controls verify the accuracy of information supplied to or by AI before it is disseminated to clients, preventing erroneous or misleading investment advice.
G(client_facing → P(accuracy_checked))Risk Management & Testing 3
ai_stress_tested warning AI Stress Tested
AI systems are periodically stress-tested to evaluate performance under extreme market conditions.
G(Deploy → stress_tested)ai_tested_before_deployment error AI Tested Before Deployment
AI systems are tested and validated before deployment in the provision of investment services.
G(Deploy → P(tested ∧ validated))training_data_representative error Training Data Representative
Data used as input for AI systems is relevant, sufficient and representative, and algorithms are trained and validated on accurate, comprehensive and sufficiently broad datasets.
G(Deploy → data_representative)Outsourcing & Competence 2
outsourced_ai_due_diligence error Outsourced AI Due Diligence
Third-party AI used for critical or important operational functions is subject to MiFID II outsourcing due diligence and adequate controls.
G(third_party_ai → due_diligence_done)staff_competent_for_ai warning Staff Competent for AI
Staff using AI to provide information about investment products to clients do so under heightened vigilance and with adequate AI competence and training.
G(client_information → staff_competent)Record Keeping 2
ai_complaints_recorded warning AI Complaints Recorded
Firms maintain comprehensive records on AI-related client and potential-client complaints.
G(complaint → recorded)ai_records_maintained error AI Records Maintained
Records document the use of AI, including the decision-making processes, data sources used, algorithms implemented, and any modifications made over time.
G((Decision ∨ Output) → logged ∧ data_sources_recorded ∧ algorithm_recorded)