Financial Services

European Securities and Markets Authority (ESMA) offers recommendations on digitalisation of retail investment services

Written by

Dr. Michael Huertas

RegCORE – Client Alert | Banking Union | Capital Markets Union


On 14 December 2023, ESMA, published a detailed discussion paper on the digitalisation of retail investment services and related investor protection considerations (the RIS DP) Available here.Show Footnote. The RIS DP explores the evolving landscape of retail investments under MiFID II and the opportunities as well as investor protection risks posed by digitalisation. This includes examining the recent surge in the adoption of digital engagement practices (DEPs) ESMA defines DEP in the RIS DP as “as the tools including behavioural techniques, differential marketing, gamification, design elements or design features that intentionally or unintentionally engage with retail investors on digital platforms as well as the analytical and technological tools and methods”Show Footnote such as nudging, gamification etc. as well as use of other digital tools and social media following the COVID-19 pandemic and an exploration of how technology impacts retail investor behaviour and decision-making. The RIS DIP’s analysis is based on the supervisory experience of the EU’s national competent authorities (NCAs) as well as supervisory authorities from countries outside of Europe and relevant academic literature. ESMA's recommendations cover the following main topics and communicate several supervisory principles and expectations:

  • Layering and accessibility of information
  • Digital marketing communications and practices
  • The use of influencers
  • Social features of investment apps
  • Gamification
  • Nudging techniques
  • Dark patterns

ESMA is seeking stakeholders’ input by 14 March 2024 on targeted questions regarding online disclosures, use of DEPs and other digital tools as well as on marketing practices more broadly. The feedback to the RIS DP will support ESMA’s supervisory convergence work and prepare ESMA for publication of further  technical advice and regulatory standards which are likely set to follow the baseline supervisory principles and expectations set out in the RIS DP as well as in the targeted questions it is consulting on. This in particular includes the use of DEPs, such as gamification, as well as on the general use of marketing practices by firms, in particular online disclosures and layering. ESMA will also supplement the RIS DP with a separate, concise survey tailored for retail investors, to gather their insights, experiences and feedback on the subject of digitalisation within investment services.

It should be noted that ESMA’s efforts in this RIS DP and the forthcoming survey will also be of relevance to the overall work of the EU’s co-legislators on the topic, including as part of the “Retail Investment Strategy package” and the finalisation of the Distance Marketing of Consumer Financial Services Directive (see standalone coverage from our EU RegCORE on both topics). It will also be relevant to the respective rulemaking and supervisory activity of ESMA’s sister “European Supervisory Authorities” (ESAs) i.e., the European Banking Authority (EBA) and the European Insurance and Occupational Pensions Authority (EIOPA).

This Client Alert assesses the findings and recommendations detailed in the RIS DP and what this means for traditional as well as digital asset-focused financial markets participants both in their documentation as well as day-to-day engagement with market participants and NCAs. This Client Alert should also be read in conjunction with our Client Alerts on “ESAs publish 2023 joint report and recommendations on “Innovation Facilitators” – what next for innovation hubs and regulatory sandboxes?” as well as on “EU reiterates rules to regulating “Finfluencers”” and on “ESMA communicates supervisory expectations on copy trading services.”

Key takeaways from the RIS DP

ESMA’s RIS DP is addressed to NCAs and other competent authorities as well as the following types of supervised firms as well as ultimately the clients of such firms: 

  • MiFID II/IFR/IFD firms;
  • Credit institutions (i.e., banks) providing investment services and activities;
  • UCITS management companies and Alternative Investment Fund Managers, when providing investment services; and
  • Firms (undefined) that “provide the [DEP] described in this paper.” ESMA specifically assesses affiliate marketing strategies beyond (f)influencers but also comparison websites or social media platforms. 

The RIS DP, unlike previous publications, is also explicitly addressed as “being of interest” to “investor and consumer organisations” as well as “any relevant trade association”.  

ESMA notes that the COVID-19 pandemic has acted as a catalyst for (prospective) investors using applications, websites and digital tools when managing their finances. Such digitalised delivery channels can also be used to seek recommendations or advice prior to purchasing or selling financial instruments and while welcome, ESMA has also warned that “…over the last years many retail investors also turn to social media to seek these recommendations.”

The RIS DP covers the following main topics on relevant firms directly and/or indirectly engaging with (prospective) clients:

  • Online disclosures and layering: The RIS DP explores how firms can improve the information they provide to investors by making use of techniques such as layering ESMA notes in the RIS DP that “Layered information can contribute to allowing investors to grasp the key points quickly and then delve deeper if they wish to do so. The aim is always to provide sufficient but concise information in the first layer, on the basis of which investors should be able to make a better financial decision, regardless of the required pre-contractual documentation availability. By linking to more detailed content, the information could become more readable.” ESMA goes on further to state that: “One of the risks with layering is that too much information is found to be important, and all has to be mentioned in a first layer, thus leading to a concentrated information overload here as well. The starting point needs not to be how one can fill a first layer with information. Instead, the starting point is looking at the information at hand and looking at ways to divide the information in a network of nodes/layers that are well connected, and logical. It is therefore essential to test whether layering works in a specific context.”. Moreover, ESMA also explains that: “When presenting information in layers, careful design of references between layers is crucial. First of all, references to additional information should be placed at logical and accessible points. Second, the references need to make perfectly clear what information can be found in underlying layers. Links should therefore contain a sound and concise description of this information. And finally, references should be as direct as possible: when clicking on a link, people should not have to look around for information they had expected to find, and it should be made easy to switch back to previous layers. These three interventions help to make sure that the concept of layering is actually accessible to people and is as successful as possible.”Show Footnote, visual aids and interactive elements. The RIS DP suggests some good practices and questions for firms to consider, such as testing the effectiveness of their online (including use of more bespoke) disclosures, providing vital information in the first layer using simple language, followed by more detailed and technical content in subsequent layers without hiding or disguising information. According to ESMA, (prospective) clients should have easy access to all (layers) of information prior to committing to any subscription or purchase, independently of the channel used by the client accessing the information. The RIS DP re-emphasises the need for disclosure to be provided in more accessible and comprehensible way (clear, fair and not misleading statements). ESMA uses the RIS DP to ask stakeholders to provide examples of good and bad practices, as well as feedback on the type of information that should be included in the first layer and the effectiveness of online disclosures.
  • Marketing communications and practices: The RIS DP examines how firms use different channels and strategies to market and promote their financial instruments and services, such as content marketing Which includes blogs, webinars, newsletters, and comparison websites, and ESMA’s RIS DP suggests that firms should clearly identify such material as marketing material when it includes promotion or nudging of the investors.Show Footnote, social media and through third parties such as affiliates and finfluencers. The RIS DP highlights some of the risks and challenges associated with these practices, such as misleading or “aggressive” marketing  ESMA clarifies in the RIS DP that “The notion of ‘aggressive commercial practices’ as such are defined in Article 8 of the Unfair Commercial Practices Directive (UCPD), however, for the purpose of this DP we do not use the definition as provided in the UCPD. Instead, when referring to aggressive marketing practices we refer to practices by firm used to push products through for example targeting methods in such a manner that the products are likely to be pushed to investors to whom the products are not suitable and a ‘tunnel vision’ is created. Meaning that the investor in question is likely to be overflooded with sponsored posts in relation to this type of product.”Show Footnote, lack of transparency and potential conflicts of interest as well as non-compliant communications that target a broad range of retail clients for complex or high-risk products. Equally, the RIS DP highlights good and poor standards observed in the use of “targeted marketing” ESMA in the RIS DP refers to “Targeted marketing is also known as targeted digital marketing. It refers to a marketing strategy that uses various digital channels to reach a specific audience based on their demographics, interests, behaviour, or other relevant criteria. It involves using data-driven approaches to identify and segment (potential) investors based on their online behaviour and characteristics, such as for example the search terms used by the (potential) investors.”Show Footnote and personalisation ESMA in the RIS DP refers to “Personalisation aShow Footnotes a form of online marketing which uses data points to collect personal information about the (potential) investor or client in order to increase the relevance of the advertisement or service provided.”Show Footnote. The RIS DP proposes some good practices and questions for firms to consider, such as having clear policies and procedures for their marketing practices, ensuring compliance with the applicable requirements and disclosing their relationship with affiliates and finfluencers (this echoes ESMA’s earlier statements on finfluencers – see Client Alert referenced above). ESMA uses the RIS DP to ask stakeholders to provide information on how they ensure that marketing communications only reach the intended target market, how they monitor the effectiveness of their marketing practices, and how they deal with vulnerable persons. 
  • Digital engagement practices: The RIS DP analyses how firms use various techniques to influence or stimulate the behaviour of investors, such as nudging ESMA in the RIS DP states (in a standout box in bold) its supervisory expectation that “When firms create and publish educational material that includes (content) marketing and/or may nudge, attract or stimulate the investor to invest in a certain financial instrument and/or become a client of the specific firm, then the material should also be labelled as marketing material.”Show Footnote, gamification, social features, push notifications and dark patterns ESMA in the RIS DP uses the term “dark patterns” as covering “…interface design elements that are incorporated into the design of digital interfaces which harm users but benefit vendors. Dark patterns could be data-driven and personalised, or implemented on a more general basis, tapping into heuristics and behavioural biases, such as default effects or scarcity biases. Some examples of ‘dark pattern design elements’ are the size and or colour of buttons compared to others, or pre-ticked boxes since this will guide users to one specific button. An example of a dark pattern process related to financial service provision could for instance include hiding fees, or that it is a lot more difficult to cancel a pending order than it is to place it.”Show Footnote. The RIS DP acknowledges the potential benefits of these techniques, such as enhancing the user experience, providing education and guidance as well as increasing engagement and retention. However, the RIS DP also warns of the potential risks and harms of these techniques, such as inducing excessive or risky trading, exploiting cognitive biases, influencing investor choices and reducing informed decision-making as well as increasing conflicts of interest. ESMA uses the RIS DP to remind firms to use DEPs responsibly and ethically, in the best interest of the client and in compliance with the relevant regulations. ESMA also suggests that firms should have proper internal rules, policies, processes and tools for their use of DEPs, and that they should design the “choice architecture” ESMA in the RIS DP defines “the choice architecture, or choice environment, refers to the distribution channel (interface) used by the firm in which it interacts with the clientShow Footnote of their interface to enable and support investors to make informed and sensible investment decisions avoiding features that favour more costly or remunerative products and displaying a message that excessive trading may lead to financial harm. ESMA asks stakeholders to provide examples of the use of DEPs, such as nudging, gamification, social features, push notifications, and dark patterns, and to provide feedback on their impact on investor behaviour and outcomes. 

Aside from the key points above, the RIS DP also repeatedly calls for firms to periodically test their digital delivery channels and disclosures (both in terms of layout and navigation) to ensure these are reliable, useful and understandable to the (prospective) clients. The RIS DP contains a number of visual representations as to what are considered good and poor practices on how information is presented on webpages. ESMA, as is the case with a number of NCAs, are making increased use of “mystery shopping” as a supervisory tool, including to test digital distribution channels and the sales process and this is set to increase in 2024 and beyond.

Given the above, firms are therefore encouraged to more proactively self-assess how they and those acting on their behalf use the channels, tools and practices that are discussed in the RIS DP and the baseline supervisory expectations and principles set out in the RIS DP and in certain respects in light of the targeted questions that ESMA is seeking feedback on. Accordingly, firms may wish to consider making appropriate changes to their policies and procedures as well as their (prospective) client facing disclosures to close the gap in meeting the supervisory expectations set out by ESMA in the RIS DP ahead of ESMA and NCAs adopting a stricter tone and apply more invasive supervisory scrutiny to firms.  


While ESMA’s view, including as expressed in the RIS DP, is generally positive on the benefits that digitalised delivery channels offer for financial markets participants, it does, besides identifying good practices, warn on poor practices including compliance failings that thus pose risks for investors. ESMA’s response to the RIS DP will shape and future legislative and regulatory rulemaking instruments and/or supervisory guidance addressing such perceived risks and how firms are expected to prevent them when either directly or indirectly, including through use of finfluencers, using DEP methods, in particular gamification or any other form of digitalised delivery channels.  

We encourage our clients to participate in the response to the RIS DP and to take note of ESMA’s forthcoming survey of retail investors and to contact us if they have any questions or concerns regarding the topics covered by the RIS DP or analysis above. We will continue to monitor the developments in this area and provide updates as appropriate. Nevertheless, while the RIS DP is a first step to further rulemaking and supervisory guidance, the tone set by ESMA shows a sufficiently clear path that ESMA is set to explore in its and NCA’s supervisory expectations of firms. Early pre-emptive action in targeted improvements to policies and procedures as well as disclosures to (prospective) clients may therefore be recommendable for firms to stay ahead of the curve.

About us

PwC Legal is assisting a number of financial services firms and market participants in forward planning for changes stemming from relevant related developments. We have assembled a multi-disciplinary and multijurisdictional team of sector experts to support clients navigate challenges and seize opportunities as well as to proactively engage with their market stakeholders and regulators.  

Moreover, we have developed a number of RegTech and SupTech tools for supervised firms, including PwC Legal’s Rule Scanner tool, backed by a trusted set of managed solutions from PwC Legal Business Solutions, allowing for horizon scanning and risk mapping of all legislative and regulatory developments as well as sanctions and fines from more than 1,500 legislative and regulatory policymakers and other industry voices in over 170 jurisdictions impacting financial services firms and their business.  

Moreover, in leveraging our Rule Scanner technology, we offer a further solution for clients to digitise financial services firms’ relevant internal policies and procedures, create a comprehensive documentation inventory with an established documentation hierarchy and embedded glossary that has version control over a defined backward plus forward looking timeline to be able to ensure changes in one policy are carried through over to other policy and procedure documents, critical path dependencies are mapped and legislative and regulatory developments are flagged where these may require actions to be taken in such policies and procedures.   

f you would like to discuss any of the developments mentioned above, or how they may affect your business more generally, please contact any of our key contacts or PwC Legal’s RegCORE Team via or our website.