By Adna Avdic '28

The rise of AI-driven financial advice is beginning to outpace the legal ability to assign blame – Florida statutes and federal regulations, however, are beginning to close that gap.

On December 21, 2018, the Securities and Exchange Commission (SEC) brought its first-ever enforcement action against a robo-advisor. Wealthfront Advisors LLC, an increasingly popular robo-advisor with over $11 billion in client assets under management (AUM), faced consequences after making false statements about its tax-loss harvesting strategy that was being offered to clients. (1)  

Wealthfront promised clients that it would monitor their accounts to prevent wash sales – transactions that would erase the benefits their strategy had been designed to generate. However, over the course of three years, wash sales occurred in at least 31 percent of the accounts enrolled in their program. (2) The algorithm executed its instructions as programmed, but the underlying logic was flawed – it failed to detect wash sales as promised. Critically, Wealthfront had no monitoring system capable of catching this failure before it compounded over three years. Without admitting or denying the SEC’s findings, Wealthfront agreed to a $250,000 penalty and a censure requiring the company to cease any further violations. (3) 

This case was a warning shot. It also opened the question surrounding AI-driven financial decisions and who is legally responsible within the industry – the institution that deployed the use of the tool, the developer, or the algorithm itself? 

Robo-advisors have emerged significantly in the past few years due to the growing development of AI-driven tools and initiatives within the finance industry. A robo-advisor is an automated, algorithm- based digital platform that provides financial planning and investment management services with little to no human supervision. As a result, robo-advisors oversee trillions of dollars in consumer assets across various platforms such as Wealthfront, Schwab, and Betterment. With their promises of low fees, alongside data-driven strategies and democratized access to financial planning, these tools are growing increasingly sophisticated. The Wealthfront case illustrated a key institutional failure: deploying an AI system without the same ongoing oversight that would be expected of a human advisor. 

This is an issue worth examining. Millions of Americans entrust their retirement savings, college funds, and their financial futures to algorithm-based advisory firms without fully understanding how the systems work or their potential consequences. This lack of transparency raises serious concerns regarding where accountability lies when there are errors or biases that the algorithm may not always account for, especially when they lead to significant financial harm. As the new generation begins to rely on these systems, it becomes increasingly important to prioritize investor protection and informed decision-making.  

Florida’s Statutory Framework: The Prudent Investor 

Florida law appears to have devised an answer, even if the industry has not necessarily aligned with it yet. 

Florida Statute § 518.11, the Prudent Investor Rule, requires that any entity in charge of managing assets on behalf of another person must do so the way a careful, thoughtful investor would – with reasonable care, skill, and caution. (4) This statute is significant because it established the legal benchmark against which AI-driven financial decisions can and should be judged. The law does not just consider how well the investment performed; it questions whether the process behind each decision was sound. This distinction is particularly important when the decision maker is an algorithm as opposed to a human advisor. When a robo-advisor is deployed with flawed underlying logic, the institution is responsible for the programming it bears – regardless of the outcome. 

Florida Statute § 518.12 goes one step further by introducing the idea that fiduciaries are permitted to delegate investment functions to any outside agents – robo advisors in this case – but they cannot delegate away the responsibility that comes with that choice. (4) The institution is expected to exercise due diligence when selecting its agent, establish clear parameters that govern the agent’s authority, and maintain continuous oversight of the algorithm to detect recurring performance errors. (5) This is where Wealthfront comes in as a cautionary case for financial institutions currently deploying various AI tools and algorithms, which they may not have a full understanding of. Three years of recurring wash sales are not evidence of a functioning monitoring program – they are evidence of its total absence. 

Federal Regulators Are Not Waiting   

Florida’s statutes do not stand alone when it comes to who should be held liable. Federal regulators have been sending the same message with increased urgency in AI developments.   

The SEC has made it clear that robo-advisors are approved to be investment advisors under the Investment Advisors Act of 1940 and are to be held at the same fiduciary standard as human professionals. (6) In March of 2024, the Internet Advisor Exemption was tightened to require robo-advisors to deliver advice through continuously maintained digital platforms and to generate further advice through developed software models. (7) The SEC’s intent was clear: after years of watching firms register as robo-advisors for regulatory convenience while operating with little algorithmic oversight in practice, the agency moved to close that gap. 

The fiduciary duty that the SEC breaks down into two subsections – duty of care and duty of loyalty – is worth understanding when rendering liability. The duty of care requires that any advice given to the client and their situation must maintain a real understanding of the client's goals. The algorithm should also be regularly monitored. It is pertinent that monitoring occurs not only at the time of the launch, but it must remain continuously in place for the life of the account. The duty of loyalty also requires full disclosure of potential conflicts of interest, alongside compliance programs designed to prevent violations. Both duties apply in all cases, whether the advice comes from a human professional or an AI-deployed algorithm.  

Three-Part Liability Dilemma  

When an error takes place, there are three obvious outlets to identify who is accountable: the institution deploying the algorithm, the developer who built it, and, at times, the algorithm itself.  

The strongest case runs against the institution, grounded in basic agency law: when you authorize an entity to act on your behalf, you bear the responsibility for the consequences of that authority. When you hand over authority to any entity to act on your behalf, you take responsibility for what happens with that authority. A bank that hands its investment decisions to a robo-advisor does not shed its liability by doing so. They chose the tool, they deployed it, and then they profited from it. With the Wealthfront case, the SEC acted against them based solely on the reasoning that the institution was accountable, not the engineers who programmed and wrote the code. 

The case against the developer is more nuanced in comparison. Product liability law holds manufacturers responsible for a defective product regardless of whether there was an intent to harm. For instance, if a robo-advisor were negligently designed so that its monitoring function could silently fail without triggering any alerts, the developer may bear real responsibility for the harm that follows. 

As for the algorithm’s own liability – while it makes for an interesting hypothetical – it goes nowhere in court. An algorithm is property, not a legal person; it can be introduced as evidence but not named as a defendant.  Since an algorithm is property, it lacks legal standing and has no capacity to be sued. 

Why the Technology Itself Creates Legal Issues 

The core regulatory gap stems from two design limitations in robo-advisor technology – distribution shift and explainability – that existing legal frameworks have not yet fully addressed. When an algorithm is built solely on incomplete data or flawed logic and deployed at a scale where there is minimal oversight, it can result in structural harm. Until courts can grapple with the realities of engineering these algorithms, the law will continue to arrive late when dealing with these structurally inevitable harms.  

The first problem that arises is distribution shift. Robo-advisors have been trained on historical market data – meaning their algorithms learn patterns from past market behavior and use those patterns to generate recommendations for clients. However, real-world conditions can diverge sharply from historical data, particularly during a financial crisis, sudden interest rate shock, or pandemic. When this occurs, the algorithm typically has trouble adjusting. It continues to generate recommendations with confidence derived from historical patterns even as markets are actively changing. This is not a bug that can be patched – it is a fundamental design limitation inherent to how these systems learn. 

The second problem is explainability. Most modern-day robo-advisors cannot explain in a meaningful sense how and why they made a particular recommendation. This is consistent with how a complex machine learning model operates; it lacks the personal and human aspect of advising. For Florida law in particular, the opacity of the problem is key. If an institution is unable to explain the logic behind the decisions made, they are unable to satisfy the monitoring duty under § 518.12. (8) If the systems are not audited, the duty of care can only exist on paper and cannot be actively enforced. (9) Wealthfront, for instance, failed to maintain compliance programs that were reasonably designed to prevent these violations. This sends a clear message to other institutions – having blind trust in a system does not count as a compliance strategy.  

Who Pays? 

When an algorithm fails, the institution takes primary liability regarding a breach of fiduciary duty, potential deceptive practices, and failure to monitor under Florida and federal law. (10) The developer, however, could potentially share the blame if the product was initially defective due to design. The algorithm does not own anything and is nothing in the eyes of the law. Therefore, it holds no liability. What is striking is not that these questions remain unresolved – it is that the legal tools used to resolve them already exist and are simply not being applied. Florida's statutes provide sufficient guidelines while federal law remains unambiguous. What the law is waiting for is the day that courts apply these frameworks to modern AI development in high-stakes consumer cases whilst delivering verdicts that make negligence impossible to ignore.  

The framework exists. The precedent has been set. What remains is the will to apply both consistently and before the next algorithmic failure causes harm that could have been prevented. 

Endnotes 

1. U.S. Securities and Exchange Commission, In the Matter of Wealthfront Advisors LLC, Release No. IA-5086, Administrative Proceeding (December 21, 2018), https://www.sec.gov/files/litigation/admin/2018/ia-5086.pdf. 

2. U.S. Securities and Exchange Commission, "SEC Charges Two Robo-Advisors With False Disclosures," Press Release 2018-300, December 21, 2018, https://www.sec.gov/newsroom/press-releases/2018-300. 

3. Ibid. 

4. Fla. Stat. § 518.11 (2024). 

5. Fla. Stat. § 518.12 (2024). 

6. Investment Advisors Act of 1940, 15 U.S.C. § 80b-1 et seq. 

7. U.S. Securities and Exchange Commission, "SEC Adopts Reforms Relating to Investment Advisors Operating Exclusively Through the Internet," Press Release 2024-42, March 27, 2024, https://www.sec.gov/newsroom/press-releases/2024-42.See also Exemption for Certain Investment Advisors Operating Through the Internet, Investment Advisors Act Release No. IA-6578, 89 Fed. Reg. 25,886 (April 9, 2024) (effective July 8, 2024). 

8. Consumer Financial Protection Bureau, Consumer Financial Protection Circular 2022-03: Adverse Action Notification Requirements in Connection with Credit Decisions Based on Complex Algorithms (May 26, 2022),https://www.consumerfinance.gov/rules-policy/final-rules/adverse-action-notification-requirements-in-connection-with-credit-decisions-based-on-complex-algorithms/. 

9. Fla. Stat. § 501.201 et seq. (Florida Deceptive and Unfair Trade Practices Act).