How Should Risks Be Disclosed in a Statement of Advice?
- Eloise Somerford

- Jun 17
- 5 min read
Updated: Jun 21
Risk disclosure is one of the most consistently inadequate sections of an SoA. Not because advisers skip it - they rarely do - but because the way it is written almost never meets the standard ASIC actually expects.
Generic risk language - "investments can go up and down", "past performance is not an indicator of future returns" - is better than nothing. But it does not constitute an adequate risk disclosure for the purposes of best interests compliance. ASIC expects risk disclosure to be tailored: to the specific products recommended, to the client's individual circumstances, and to the scope of the advice being given.
This article explains what the law requires, what tailored risk disclosure actually looks like, and the failure patterns that come up most often in compliance review.
What the Law Requires
Risk disclosure in an SoA is not a standalone obligation with its own dedicated section of the Corporations Act. It flows from two broader requirements:
The basis for the advice (s947B(2)(b), s947C(2)(c)): the SoA must explain the reasoning behind recommendations - and that reasoning must include the risks associated with what is being recommended
The appropriateness obligation (s961G): advice must be appropriate to the client's objectives, financial situation and needs - which means the risks of the recommended strategy must be ones the client can actually tolerate and absorb
ASIC's RG 175 is explicit on this point: risk disclosure must be specific to the advice given and the client's circumstances. It is not satisfied by a general disclaimer that applies to all financial products or all clients.
Two Types of Risk to Address
Adequate risk disclosure in an SoA requires addressing two distinct categories of risk - and most SoAs address only one.
Product-specific risks
These are the risks inherent in the specific financial products being recommended. They vary by product type and must reflect what is actually being recommended - not a generic list of risks that could apply to any product in the same broad category.
Examples by product type:
Managed funds / ETFs: market risk, liquidity risk, manager risk, currency risk (if international exposure), concentration risk
Life insurance: premium increase risk, policy lapse risk, definition changes at renewal, exclusions specific to the client's health or occupation
Superannuation: preservation risk (inability to access funds until preservation age), investment option risk, contribution cap risk for those making additional contributions
Geared strategies: magnification of losses, margin call risk, interest rate risk on borrowings, the risk that the investment falls below the loan value
Client-specific risks
These are risks that are material because of who this particular client is - their financial position, health, employment status, dependants, or the timeframe in which they need to access funds. A product risk that is low for most clients may be high for a particular client given their circumstances.
Examples:
A client approaching retirement with limited ability to recover from a market downturn - market risk carries greater weight than it would for a 35-year-old
A client in an occupation with higher-than-average injury risk - occupation exclusions or loadings in an insurance policy are a material risk for them specifically
A client with high fixed-cost commitments (mortgage, school fees) - liquidity risk is more significant than for a client with lower financial obligations
What Tailored Risk Disclosure Actually Looks Like
The difference between generic and tailored risk disclosure is not length - it is specificity. A tailored disclosure connects the risk to the product and to the client. A generic one describes the risk category and moves on.
❌ Generic: "Investments carry market risk. The value of your investment may rise or fall and past performance is not an indicator of future returns." ✅ Tailored: "The XYZ Australian Shares Fund has significant exposure to domestic equities. Given that you are 58 and intend to retire in approximately 4 years, a sustained market downturn in that period could materially reduce the amount available to you at retirement with limited time to recover. We have discussed this risk and you have confirmed you are comfortable accepting short-term volatility in exchange for the potential for higher long-term returns. If your circumstances change and you require access to these funds sooner, please contact us so we can reassess the appropriateness of this investment."
The tailored example does three things the generic one does not: it names the product, it connects the risk to the client's specific circumstances and timeframe, and it records that the client was made aware and accepted the risk.
Risk Disclosure and the Appropriateness Obligation
Under s961G, advice must be appropriate to the client's objectives, financial situation and needs. Risk disclosure is directly connected to this obligation - because if the risks of the recommended strategy are inconsistent with the client's circumstances, the advice is not appropriate regardless of how well the best interests process was followed.
This means the risk section of an SoA should do more than disclose - it should also demonstrate that the disclosed risks are consistent with what the client told you about their objectives, risk tolerance and capacity. Where a risk is material and the client has a lower capacity to absorb it, the SoA must explain how that tension was resolved in the advice process.
The Three Risk Disclosure Failures ASIC Won't Want to See
Based on ASIC's RG 175 guidance, the following three patterns are the most common reasons risk disclosure fails on review.
1. Template risk language applied to every SoA
A fixed risk disclosure block that appears word-for-word in every SoA a practice produces, regardless of the products recommended or the client's circumstances. This is one of the clearest signals of a non-compliant template and one of the first things a licensee auditor checks.
2. Risks not connected to the client's capacity
The SoA discloses a risk but does not explain how the client's circumstances affect that risk, or whether the client can absorb it. Disclosure without context does not demonstrate appropriateness. The fact that a risk exists is less important than whether it is an appropriate risk for this client to take.
3. Material product-specific risks omitted entirely
Advisers sometimes disclose broad investment risk but omit product-specific risks that are material to the recommendation. Insurance exclusions, premium variability, early redemption penalties, or the risks specific to a geared strategy are examples of product-specific risks that must be addressed in the SoA - not left to the product disclosure statement alone.
A Practical Checklist
Before finalising the risk section of any SoA, check the following:
Does the disclosure name the specific products recommended, not just broad asset classes?
Are product-specific risks (not just general investment risk) addressed?
Does the disclosure connect the risks to the client's specific circumstances - their age, financial position, timeframe or dependants?
Is there a record that the client was made aware of the material risks and accepted them?
Does the risk disclosure look different from the risk disclosure in your last ten SoAs? If not, it is probably not tailored.
Is your risk disclosure genuinely tailored?
RegiReview reviews risk disclosure sections against the appropriateness standard in s961G and ASIC's RG 175 guidance - and identifies where generic language is being used in place of the tailored disclosure the law requires.
Not sure if your SoAs are compliant?
RegiReview assesses your advice documents against current requirements and gives you a clear picture of where the gaps are and what to do about them.
No obligation. Results in under 30 minutes.
_edited.png)


