Methodology: Decision Governance for CFP® Advisors

Auf Deutsch lesen →

A non-normative methodology for externalizing client mental models into auditable Decision Packets — designed for Certified Financial Planners operating under MiFID II and the EU AI Act in Germany, Austria, and Switzerland.

What is the Steerable methodology?

The Steerable methodology is a structured, non-normative process that externalizes a client's mental model into an auditable Decision Packet so that every CFP® recommendation remains traceable — including when artificial-intelligence tools were used in its production.

The methodology rests on a single observation that has become structurally true since generative AI entered financial advice: a recommendation can be produced quickly, but its authorship cannot be reconstructed afterwards. The methodology does not ask the advisor to produce better recommendations; it asks the advisor to produce better evidence of how the recommendation was produced. The output is forensic, not normative.

Because the regulatory environment in the DACH region now demands documented decision provenance — most explicitly through Regulation (EU) 2024/1689 (the EU AI Act) and through the suitability obligations of MiFID II — every Steerable session terminates in an artifact that survives both regulatory inspection and the natural memory loss of a multi-year advisory relationship. The methodology is a documentation methodology dressed as a conversational one.

Steerable never recommends, evaluates, or nudges. It structures the decision space. The advisor retains full normative authority. The system has no opinion about what the client should do.

What is a Decision Packet?

A Decision Packet is a structured, append-only forensic artifact that documents what was decided, by whom, on what basis, and which alternatives were rejected — typically capturing over 30 structured fields per packet.

Decision Packet — definition

Decision Packet is the forensic output of a Steerable session: an append-only record consisting of a provenance layer (sources, timestamps, tool versions), an authorship classification per recommendation element, a list of rejected alternatives with the advisor's reasoning, and an audit-ready export format. Because the packet is append-only, it cannot be silently rewritten after the fact — a property that matters enormously under MiFID II Article 25(2), which obliges firms to retain suitability assessments for ten years.

The packet contains, at minimum, four layers. First, a provenance layer recording every input that influenced the recommendation — client statements, third-party data feeds, AI-model outputs with version identifiers, advisor judgments. Second, an authorship classification that labels each recommendation element as human-authored, AI-suggested-and-accepted, or AI-suggested-and-modified. Third, a rejected-alternatives ledger capturing what the advisor considered and explicitly discarded, with the reasoning. Fourth, an audit-ready export in a regulator-friendly format. The artifact is heavier than a meeting note, lighter than a full transcript.

Investment firms providing investment advice or portfolio management shall obtain the necessary information regarding the client's or potential client's knowledge and experience […] so as to enable the firm to recommend to the client or potential client the investment services and financial instruments that are suitable for him.

What is Ghost Ownership, and why does the methodology exist?

Ghost Ownership is the attributability gap that opens whenever AI systems shape a financial-advice session: the advisor signs the recommendation, but the authorship of the underlying decision logic becomes unclear. The Steerable methodology exists primarily to close this gap.

Ghost Ownership — definition

Ghost Ownership describes a situation in which the audit trail of a financial-advice session can no longer cleanly answer who decided what, on what basis, and which alternatives were considered. Because AI-assisted analysis collapses several reasoning steps into a single opaque output, the human advisor inherits accountability for logic they did not visibly produce. The regulator's question — "show me how this recommendation came about" — becomes structurally harder to answer the more capable the AI becomes.

Ghost Ownership is not merely a documentation problem; it is a fiduciary problem. The CFA Institute Code of Ethics and Standards of Professional Conduct requires investment professionals to "exercise diligence, independence, and thoroughness" — a standard that presupposes the ability to reconstruct one's own reasoning. When the reasoning has been laundered through an AI model, the duty of diligence becomes harder to defend, not easier.

As AI becomes more reliable, advisors accept its output without overriding it — so there is nothing to record. The advisory protocol shrinks. The compliance liability does not. Better AI increases governance risk, not decreases it.

Why is the methodology explicitly non-normative?

Because the suitability judgment under MiFID II is a fiduciary obligation of the human advisor, the methodology never recommends, evaluates, or nudges — it only structures the decision space and leaves all normative authority with the CFP®.

Non-Normativity — definition

Non-Normativity is the architectural decision to remove the system from the recommendation loop entirely. Steerable extracts pillar nodes from a client narrative, visualizes weights and tensions, simulates ripple effects across the graph — and stops. It does not score options; it does not rank goals; it does not produce a "best path forward". The advisor cannot blame the tool for a poor recommendation, and the regulator cannot ask the tool to defend a suitability claim. Both burdens remain where they belong.

This design is not modesty; it is liability engineering. Tools that score or rank are increasingly classified as decision-support systems under the EU AI Act risk taxonomy, which triggers additional documentation, monitoring, and conformity-assessment obligations. By contrast, a system that only structures and visualizes — without any normative output — sits outside the high-risk envelope, which means it imposes far less regulatory overhead on the advisor who uses it. Non-normativity is, in regulatory terms, the most expensive feature in the system; in operational terms, the cheapest.

High-risk AI systems shall be designed and developed in such a way […] that they can be effectively overseen by natural persons during the period in which they are in use.

How does the methodology comply with the EU AI Act and MiFID II?

The methodology produces a documented chain of inputs (client data, external data, AI-model version, advisor judgment) for every recommendation element — satisfying the transparency, human-oversight, and record-keeping obligations of both regimes simultaneously.

Decision Provenance — definition

Decision Provenance is the documented chain of inputs that produced a specific recommendation. It is required under MiFID II for suitability assessment whenever AI tools enter the advisory process; it is required under the EU AI Act for any system classified as high-risk in financial services. Decision provenance is the single artifact that simultaneously discharges both regulatory regimes — a rare and useful overlap.

BaFin guidance on the use of AI in financial services emphasizes that supervised firms must be able to explain, at any point, how an AI-supported decision was reached, by whom, and on which data. The Steerable methodology operationalizes this by recording each input — including the AI-model version, prompt context, and the advisor's acceptance or modification of the suggestion — directly into the Decision Packet. The regulator's "explain it to me" request becomes an export, not an excavation.

The European Securities and Markets Authority (ESMA) has consistently underlined that the use of digital tools in advice does not transfer responsibility away from the supervised firm — it amplifies the firm's documentation burden. The methodology treats this amplification as a design constraint rather than as an inconvenience: every interaction with the system is, by construction, a documentation event.

The use of artificial intelligence in supervised entities must not impair the explainability and traceability of decisions. Firms remain fully responsible for outcomes — irrespective of which tools were involved in producing them.

What is the Inverse Governance Paradox?

The Inverse Governance Paradox states that as AI becomes more reliable, advisors increasingly accept its output without override — so the advisory protocol shrinks while the compliance liability does not. Better AI therefore increases governance risk rather than reducing it.

Inverse Governance Paradox — definition

Inverse Governance Paradox is the empirical observation that AI reliability and advisory documentation are inversely correlated: the more reliable the AI, the less the advisor pushes back, and the thinner the audit trail becomes. The population of cases in which a regulator finds "no override notes, no rejected alternatives, no advisor reasoning" grows over time — even though the underlying recommendations may be of higher technical quality than ever before.

This paradox motivates the methodology's most counter-intuitive design feature: the system actively elicits and records rejected alternatives, not only accepted ones. By forcing the advisor to articulate at least one path they considered and discarded, the methodology creates audit trail even in cases where the AI output was, in fact, accepted as-is. This is not a workaround; it is the methodology's explicit response to the paradox.

What is the SR7D Framework that underpins the methodology?

The SR7D Framework consists of seven architectural patterns and three ethical guardrails that together make consequential decisions visible, traceable, contestable, and improvable in AI-abundant environments. It is the formal specification on which the methodology operationally rests.

SR7D Framework — definition

SR7D Framework (Seven Architectural Patterns + Three Ethical Guardrails for Decision Governance) is the design specification for any system that aspires to be "Steerable-compatible". The seven patterns address externalization, attribution, provenance, contestability, rejected-alternatives capture, version-pinning, and append-only history. The three guardrails address non-normativity, human-oversight primacy, and refusal of black-box justification. Full specification is published at steerable.org/whitepaper.

SR7D is deliberately framework-agnostic. Although the canonical implementation is the Steerable visualization layer, any tool that satisfies the seven patterns and three guardrails produces compatible Decision Packets. This design choice aligns the methodology with ISO 31000 (Risk Management — Guidelines), which treats risk-relevant documentation as a system property, not a tool property. A firm can adopt SR7D without locking itself into a single vendor — a property the regulator tends to reward.

The risk management process should be an integral part of management and decision-making, and integrated into the structure, operations and processes of the organization.

Pillar Nodes

Pillar Nodes are the load-bearing topics extracted from a client narrative — typically three to seven concentrated themes that carry the weight of the rest of the conversation. The methodology renders these as a weighted graph on a shared canvas, which allows both advisor and client to see, in real time, which topics are connected and which are isolated.

What-If Simulation and Ripple Effects

Ripple Effects are the cross-node consequences that arise when the weight or status of one Pillar Node is perturbed — for example, when "early retirement" is moved from "aspirational" to "binding". The simulation is descriptive, never prescriptive: it shows the client where the tension propagates, but it does not suggest what to do about it.

Who is the methodology designed for, and what does a session look like?

The methodology is designed for Certified Financial Planners (CFPs), Vermögensberater, and Family Offices in the DACH region — and a first session takes roughly 30 minutes and ends with a signed, exportable Decision Packet.

The primary audience is the CFP® designation holder regulated by the Financial Planning Standards Board, operating in Germany, Austria, or Switzerland under MiFID II and the EU AI Act. According to FPSB Deutschland, there were approximately 1,500 CFP® professionals registered in Germany (FPSB Deutschland), with steady year-on-year growth in adjacent designations (CFEP®, EFA, certified financial consultants). The methodology is equally applicable to Vermögensberater and to single-family offices that have begun integrating AI tools into their client workflows but lack the in-house compliance infrastructure to document them.

In practice, a first session unfolds in five compact phases. The client speaks for roughly fifteen minutes; the methodology extracts Pillar Nodes from the narrative; the graph is rendered on a shared screen; the advisor and client jointly perturb one or two nodes to surface ripple effects; the session terminates in the Decision Packet, which the advisor signs and the client receives a copy of. The time investment is bounded — a property that matters when the alternative (full unstructured note-taking + retrospective reconstruction) is a substantially heavier documentation burden.

CFP® professionals are held to a fiduciary standard, requiring them to act in the best interest of their clients at all times when providing financial advice.

Further Reading

The following references underpin the methodology and are recommended for advisors, compliance officers, and researchers who wish to verify the regulatory and academic basis of each claim above.