What Inspectors Want From Your Digital Journey: What the AMF SPOT Inspections Reveal

In April 2026, France's financial markets regulator (the Autorité des Marchés Financiers, or AMF) published the summary of a series of SPOT inspections examining how four institutions deliver investment services to retail clients through digital channels.

The inspections covered the entire digital pathway: from the general information presented on websites and client areas, to online account opening, the construction and use of MiFID II questionnaires, the warning messages displayed at order placement, and the internal controls in place to monitor all of it.

The findings provide a detailed picture of where digital client journeys are working as intended, and where they are weakening the level of protection that retail clients are entitled to under MiFID II. They also provide a clear list of regulatory breaches and good practices, drawn directly from the inspectors' own observations.

1. Scope of the Inspections

The AMF inspected four credit institutions authorised to provide investment services to retail clients. All four are authorised to provide several investment services, but online they offer only the service of reception and transmission of orders (RTO).

The institutions had different profiles. Three operate networks of branches; one is a 100% online institution where all interactions take place remotely. Two of the four allow a securities account or equity savings plan to be opened online, while the other two require the account opening to take place in branch or by post.

The investigations covered the period from 1 January 2023 to 31 May 2025. The inspectors followed a chronological approach to the digital journey: general information, account opening, client questionnaire, warning messages at order placement, and internal controls.

2. General Information Made Available to Clients

Three of the four institutions had digitised the journey on both their website and mobile application. The fourth had digitised only the website journey.

All four provide a legal notice listing their company name, legal form, address and contact channels. However, two of the four omit the AMF from the list of regulators that supervise them, despite being subject to AMF supervision in respect of the investment services they provide.

One institution incorporates its conflicts of interest management policy into the general terms and conditions of the securities account, so that the policy is only brought to the client's attention through that contractual document. The AMF identifies this as a poor practice that limits the clarity of information on a subject that is central to retail investor protection.

Poor practices identified by the AMF: incorporating the conflicts of interest policy into the general terms and conditions so that it is only brought to the client's attention through those terms; not mentioning all the regulators that supervise the institution in the legal notice.

3. Information on Services, Instruments and Costs

Before validating an order, clients of all four institutions must tick a box confirming they have read the key information document (KID). The AMF observed that none of the four institutions has a technical system to verify that the KID has actually been consulted, for example by checking that the document was opened or viewed for a minimum period of time.

The AMF also notes that most of the institutions on the panel do not clearly state in their online documentation that only the RTO service is offered online. The AMF identifies this lack of clarity as contributing to confusion about the nature of the service actually provided.

Poor practice identified by the AMF: not putting in place a technical system to ensure that the client has actually read the KID before validation.

4. Online Account Opening

Two of the four institutions on the panel do not offer online account opening for securities accounts or equity savings plans. Applications are processed in branch or by post, with hand-signed or branch-initiated electronic signatures.

The other two institutions allow clients to open these accounts directly from the client area. The 100% online institution opens the entire business relationship remotely, including identity document collection and verification at the start of the relationship for the deposit account, using automated controls supplemented by manual checks.

The AMF noted that no additional checks are carried out at this institution when a securities account or equity savings plan is opened later, to verify that the identity document initially provided is still valid. Where the other panel institution allows online account opening, this is conditional on the client first holding a deposit account for which the identification has already been carried out.

Poor practice identified by the AMF: not carrying out any additional checks, in particular to ensure that the identity document provided by the client when opening a current account is still valid when applying to open a securities account or equity savings plan.

5. The Client Questionnaire

The questionnaire sits at the centre of the suitability and appropriateness assessment. Where the questionnaire is digital and self-administered, the AMF observed several practices that limit its effectiveness.

A single questionnaire for two services

At each of the four institutions, a single questionnaire is used for both investment advice and RTO. As a result, even when only RTO is offered online, clients are still asked questions that fall within the scope of a suitability assessment, including questions on financial situation, investment objectives, time horizon, risk tolerance and sustainability preferences.

The AMF observed that this approach generates ambiguity about the nature of the service actually provided in the digital space. At one institution in particular, the contractual documentation and screens indicate that the client receives a service of investment advice and that the questionnaire is designed to check the suitability of the products for the client's profile, even though only RTO is provided online. The AMF describes the information provided to the client in this case as potentially unclear or even misleading as to the investment service actually available online.

Question structure and answer formats

The AMF reported substantial differences in question quality across the four institutions. One institution's questionnaire contains only a small number of questions about complex financial instruments, with insufficient granularity, even though the institution distributes those instruments through the online RTO service.

Two institutions use multiple-choice questions in whole or in part. The other two rely primarily on yes/no or true/false/don't know answers for questions on client knowledge. The AMF identifies the latter approach as a poor practice that does not allow for a detailed assessment of the client's knowledge and experience.

Two institutions use branching questionnaires that ask additional questions of clients who state they have knowledge of a particular financial instrument, and one of the two adds a further branch for clients who also state they have experience with that instrument. The AMF identifies branching as a good practice.

One institution allows clients, throughout the entire questionnaire, to go back and change a previous answer with the original answer still visible. The AMF identifies this as a practice that can have a direct impact on the investor profile ultimately attributed to the client and that cannot be considered as protecting them.

Updating the questionnaire

The systems for updating questionnaires vary across the panel. One institution has not set a mandatory frequency. Two institutions have set a validity period (generally two years). One institution applies different validity periods depending on whether the questionnaire was completed in branch or online, and does not communicate this difference to clients.

The AMF observed unanimously that clients of all four institutions can update their questionnaire on their own initiative, as often as they wish, without having to wait a minimum period between updates. The AMF identifies this as a poor practice, particularly where the answers can also be used in branch to provide investment advice.

An out-of-date investor profile has no impact on the execution of a transaction at any of the four institutions. Clients can continue to place orders online with an out-of-date profile.

Poor practices identified by the AMF: using primarily yes/no or true/false answer formats; allowing clients to update their profile as often as they wish without a minimum waiting period; having different update frequencies online and in branch without informing the client; allowing clients to revise an answer mid-questionnaire with the previous answer visible.

6. Warning Messages at Order Placement

The four institutions issue warnings on a per-transaction basis, in line with the regulations, when a financial instrument is deemed inappropriate in the light of the client's knowledge and experience. The AMF observed that the quality of these messages is unsatisfactory.

At one institution, the warning messages do not explicitly state that the financial instrument is inappropriate, or that the institution could not perform the test in the absence of a response. Where the client has refused to answer the mandatory questions or where their knowledge and experience are insufficient, the message displayed is "You do not have the requisite level of knowledge and experience". Where the questionnaire is out-of-date, the client sees "Warning: without an up-to-date investor profile, the bank will check your knowledge and experience using information that may be out-of-date".

Two institutions supplement their warnings with a statement that these controls are merely an obligation to alert and inform. The AMF observed that this is likely to reduce the impact of the warnings.

One institution uses warnings that are loosely or ambiguously worded, including "does not seem suitable" and "is not necessarily suitable". This institution does not invite the client to re-evaluate, and immediately states that the client acknowledges having been alerted and confirms the order, without giving the option to either confirm or cancel.

Poor practices identified by the AMF: warnings that are loosely or ambiguously worded; warnings that do not invite the client to re-evaluate the order; warnings that downplay the regulatory weight of the message; a single warning that does not distinguish between an inappropriate instrument and a missing client response.

7. Organisation, Controls and the Compliance Function

The AMF analysed each institution's internal controls to determine whether the digital nature of the client journey was specifically reflected in the compliance function's work. The AMF found this dimension to be still underdeveloped.

Two institutions have a mechanism to detect inconsistencies in client questionnaire answers. Only one of the two has a control aimed at verifying the mechanism is correctly deployed.

The online RTO tools at all four institutions are configured to compare the client's profile with the financial instrument the client wishes to trade. None of the four has an effective control aimed at verifying that this configuration is working as intended and that warning messages are generated correctly.

None of the four institutions has put in place measures to detect cases where client questionnaires are updated too frequently, despite the absence of any minimum waiting period between updates.

The AMF identified positive initiatives, including the gradual integration of statistics on questionnaire completion and updates, and demonstrations of digital journeys within governance structures. The AMF describes these measures as embryonic and notes that they would benefit from being systematised and formalised in documented control plans.

Good practices identified by the AMF: producing statistics on the completion and updating of online questionnaires; demonstrating digital journeys within governance structures.

8. What This Means in Practice

The AMF report sets out, in granular detail, what a supervisor looks for when it opens a digital client journey and walks through it. It identifies what amounts to a regulatory breach, what counts as a poor practice, and what counts as good practice, drawn directly from the inspectors' findings.

For any firm running an online platform, particularly one offering reception and transmission of orders to retail clients, the report can be read as a checklist. The institutions reviewed are not unusual. The practices described will be familiar to most firms operating digital client journeys today.

Reading the findings against an actual platform tends to surface the same questions: when was the last time the questionnaire was reviewed, how often can a client revise their profile, what does the warning message actually say, and is there a control verifying the warning fires when it should. None of these are exotic. They are the points where most digital journeys quietly fall short.

Source: AMF, Summary of SPOT inspections on the digital client journey, April 2026.

Know what supervisors are looking for. CPDs.Academy seminars cover the practical implementation of MiFID II suitability and appropriateness obligations, AML/CTF requirements, market abuse, and product governance, with regulatory references and real cases throughout.

Explore the CPDs.Academy seminar catalogue