The Canadian Investment Regulatory Organization (CIRO) published an administrative bulletin on Dec. 17, entitled Access to Online Advice in the Advisory and Managed Channels. It represents a potentially significant modernization step, signaling the regulator’s intention to expand tailored online advice across CIRO-regulated firms.
The regulator is accepting feedback until Jan. 31, on a framework that could encompass hybrid and automated models.
The direction is logical. Many Canadians — particularly small-balance and digital-first investors — transact comfortably online and may benefit from regulated advice that is more scalable and affordable than the traditional in-person model.
However, as the regulator seeks to dismantle “regulatory barriers,” it must ensure it is not simultaneously dismantling investor protection.
The bulletin focuses heavily on the technical frictions of the current framework: the reliance on exemptive relief, inconsistent compliance interpretations and limited product shelves. While these are valid operational issues, it is concerning to see the industry prioritize the logistics of new sales channels before adequately addressing the known shortcomings of existing ones.
If the goal is to widen access while promoting better results, the consultation must explicitly address a fundamental question: How will CIRO prevent online advice from scaling the same suitability and supervision failures that continue to plague the conventional model?
This is not a hypothetical concern. On Dec. 10, the Canadian Securities Administrators and CIRO published Joint Staff Notice 31-368, a sobering summary of compliance reviews covering 105 firms’ KYC, KYP and suitability practices under the client-focused reforms. The findings reveal a persistent gap in implementation: while some firms have made meaningful progress, others have yet to fully integrate these enhanced requirements into their core processes. In several instances, the deficiencies were significant enough to warrant direct regulatory action.
Amplification risk
The notice documents basic breakdowns in the very plumbing of suitability. Staff observed inadequate or inconsistent approaches to determining overall risk profiles and failures to reconcile discrepancies between risk profiles and other KYC factors. They found missing or weak collection of essential financial data — such as liquidity needs — and overly broad ranges for assets and net worth that undermine concentration analysis.
An inherent vulnerability of automated and hybrid models is that they do not merely replicate these conventional weaknesses; they amplify them.
A poorly designed risk profiler or a failure to capture liquidity needs is no longer an isolated human error; it is a systemic flaw that can propagate across thousands of clients quickly and quietly. Yet, CIRO’s bulletin only gestures at the application of client-focused reforms without directly engaging with the uneven implementation staff have just documented.
That omission suggests a preference for prioritizing ease of access over addressing the systemic risks that online advice will broadcast across the market.
Guardrails for complex offerings
The bulletin further signals that online platforms may expand into a wider range of offerings, including private equity, direct indexing and model portfolios. This is precisely where investor protection must become more concrete.
Product-shelf expansion is not a neutral access issue when the target market includes small-balance and early-stage investors. It raises urgent questions about suitability guardrails, fee drag and the conditions under which more choice predictably leads to more harm.
The consultation should be asking what additional escalation triggers and evidentiary requirements should apply before high-risk, higher-fee or less liquid products can be recommended through an online advice interface.
Algorithmic accountability
The push toward automation — including AI — requires clear supervisory expectations around model governance, validation and monitoring. The critical question is not whether advice is technology-augmented, but whether it is reviewable, contestable and correctable when wrong.
Online advice must also confront behavioural design risks that do not exist in the same way in an office-based model.
Interface choices — defaults, prompts and recommended paths — can materially shape client outcomes. A serious consumer-protection agenda would define which digital engagement practices are unacceptable and ensure that so-called nudges do not push consumers into riskier or costlier outcomes.
A consumer-protection agenda
None of these concerns require abandoning the goal of greater access. They simply require an admission that the existing foundation is not yet strong enough to support the weight of these new models.
Before moving to the next stage of this initiative, CIRO should publish a structured consumer-protection agenda detailing the specific harms it intends to prevent, the guardrails it will require and the outcome metrics it will monitor as these models scale.
Otherwise, the risk is predictable: we will achieve a faster, lower-cost delivery system for the same suitability failures we have yet to resolve.