Using the tools at your disposal
Fully deploying your ‘Vulnerability Toolkit’ in 2025
It is apparent from recent interventions that regulators that are part of UKRN are expecting to see more progress at a faster pace in terms of delivering better outcomes to those with characteristics of vulnerability. This is just ahead of the FCA review of firms' treatment of customers in vulnerable circumstances firms' treatment of customers in vulnerable circumstances(FG21/1) in Q1 2025 . This builds on the impact assessment from September 2021 . I look at what tangible progress has been achieved.
As we approach the New Year, the FCA review will look beyond their March 2023 review at:
We looked at ‘Sludge practices’ in March 2023 in partnership with FourNet.
It is worth remembering that UKRN produced a report for water and energy companies entitled ‘Making better use of data: identifying customers in vulnerable situations ’ in October 2017. The FCA is part of UKRN. On face value, it doesn’t appear like we have made much progress, and this report was pre-COVID.
FCA review in Q1 2025
The deployment of the Consumer Duty and the Credit Information Market Study (CIMS), where the importance of financial and non-financial vulnerability identification has been high on the agenda.
This review will focus on whether regulated firms’ performance (including supply chains) against the bullets above cumulatively support the fair treatment of customers in vulnerable circumstances. They will also have looked at the outcomes consumers in vulnerable circumstances receive from a cross-section of firms and whether they’re as good as the outcomes of other consumers. This followed firm surveys collected by the FCA around vulnerability management and customer support through 2024, which included the usage of AI along with traditional contact methods (e.g. telephony, email, SMS).
All facets of the Consumer Duty should now be embedded after the 31 July 2024. We have seen further data requests around Customer Support and Fair Value Assessments (FVAs). No doubt we will see more significant data requests and market studies around Consumer Understanding in the New Year. The intelligibility of key communications is a crucial metric.
Identification is potentially not the starting point, it is the culture and governance of the firm in terms of its appetite and commitment to embed regulations like the Consumer Duty in their everyday practices and throughout the supply chain. This is particularly true when deciding to outsource aspects of the customer journey. These decisions have been challenged by the regulator in market reviews where they feel that there is a risk of poor consumer outcomes. This has been very evident in the general insurance sector with regard to some processes in the end-to-end product lifecycle (e.g. claims handling, total vehicle write-offs ). One of the key messages is that vulnerable customers may receive worse outcomes than the general policyholder base. This requires good MI at all touchpoints.
Insights from recent FCA portfolio letters remind boards and senior management that they are expected to embed customer-centric practices deeply into company cultures and operations. Supporting financially vulnerable customers remains an ongoing priority, as reflected in the new policy statement, PS24/2, which took effect on 4 November 2024. With economic pressures continuing, firms are expected to support customers facing financial difficulties through tailored, fair, and informed support systems, ensuring access to advice and practical, sustainable solutions. The ongoing role of the Duty Champion has been a major debating point from 1 August 2023, especially in terms of maintaining focus.
A recurring theme from the portfolio letters in October 2024 (i.e. Retail banking, building societies, lifetime mortgage providers, non-bank mortgage lenders) was inadequate support for vulnerable customers and those in financial distress. In October 2024, the FCA also published a multi-firm review of consumer credit firms and non-bank mortgage lenders.
FCA portfolio letters set out key strategy items for 2025:
These FCA findings come as the Chief Executive of UK Finance, David Postings, has delivered a key speech at their annual dinner on 18 November 2024.
Extracts of David Postings speech at the UK Finance Annual Dinner 2024
“We recently considered in detail, the regulatory burden on the industry. We identified some 16 bodies that had either direct regulatory oversight, or a large influence on the sector. Many of the regulations are unique to the UK and this is an issue for investors. This in turn can lead them to be reticent about investing in UK banking and finance.”
“I have made the point to government and regulators for several years that the sum of all these disparate parts is causing risk aversion and, ultimately, restricting choice and product availability for customers. As I mentioned at last year’s annual dinner the attempt to eradicate risk is resulting in the emergence of a different set of risks such as lower growth and less financial inclusion.”
“We have already seen product withdrawal and risk appetites diminish as a result of the Consumer Duty. There is a real risk that once again well-meaning legislation will result in greater theoretical protection and, as a consequence, less choice and self-determination for customers.”
These statements seem significant in terms of the lack of progress around key data sharing initiatives to protect consumers, notably around fraud and scams, where victims can often be the most vulnerable in UK society.
Regulator and oversight body training
The UKRN Vulnerability Academy 2024 was established for regulators and oversight bodies in January 2024 and the second cohort closed in July 2024 .
“What vulnerable consumers want from regulators is for them to be short on the obvious, and long on the practical, actionable, and impactful.
“These principles therefore underpinned the Vulnerability Academy created by the UKRN and MAT for staff from 11 different regulatory and oversight bodies. Covering core practical regulatory skills, participants graduated their six-month learning programme in July, marking the end of our second Academy cohort. But, with vulnerability ever-changing, we now look forward to our next cohort in the near future”.
Dr Chris Fitch, Vulnerability Lead (MAT) and Fellow of the Royal Society for Public Health
Data protection is not an excuse when tackling scams and fraud
The ICO is calling on firms to share personal information responsibly to protect their customers from scams and fraud. Fraud is the most frequently experienced crime in the UK, accounting for 39% of all reported crime in England & Wales. Data protection law does not prevent firms from sharing personal information, if they do so in a responsible, fair and proportionate way. Financial Crime and Vulnerability Management remain key topics in the FCA Business 2024/25 going into 2025/26.
Fraud prevention and vulnerability management are often very closely linked, both in terms of protecting victims and identifying cases where vulnerability is being used as a cover for a range of first, second and third-party frauds.
Nick Sharp, Deputy Director Fraud in the National Economic Crime Centre, said:
“Information sharing between private industry, and with the public sector, is a fundamental tool used to tackle fraud.
“The new advice from the ICO is very welcome, and we encourage all industry partners to use it to ensure appropriate and confident data-sharing enables our joint efforts to reduce the harm from fraud.
“Together with our partners in both the private and public sector, we are working to identify, disrupt and prevent fraud, and will pursue every legal angle to ensure criminals who target the UK public are held to account.”
In 2023, the FCA issued a release around firms strengthening support for fraud victims, who may often show characteristics of vulnerability.
The ICO will continue to engage with private and public sector organisations, including its Digital Regulation Cooperation Forum (DRCF) partners, to support efforts to protect the public from scams and fraud. I am very supportive of the initiatives and public awareness.
Sharing personal data when preventing, detecting and investigating scams and frauds
It is good practice to formalise data sharing arrangements in advance through a data sharing agreement, particularly where data sharing is not an ad hoc or one-off occurrence. These agreements set out the purpose and practicalities of data sharing and set standards that help everyone involved to be clear about their responsibilities. This helps you to show how you are meeting your accountability obligations under UK GDPR.
“As a Co Founder of the VRS and a director of the VRS, I have constantly strived to deliver a consumer consented data sharing scheme for UK residents with characteristics of vulnerability. This resource is designed to deliver better outcomes to consumers that pro-actively share personal information around what they are ‘vulnerable to’. The FCA is now highlighting some of the poor outcomes experienced in their market reviews.”
Kevin Still was involved in the recent ‘10 principles for designing vulnerable consumer data-sharing programmes’.
BSI ISO 22458 (consumer vulnerability and inclusive design)
The ISO 22458 gap analysis and accreditation process cover in some depth the touchpoints highlighted in FG21/1. This also looks at the systems & controls in place, including the role of third-party data and data sharing.
FCA speech – vulnerability is not a buzzword
I recently wrote a Blog around bereavement referencing a speech by Graeme Reynolds, director of competition at the FCA, from October 2024. The speech was entitled ‘vulnerability is not a buzzword.
Graeme also spoke at the Interim Working Group (IWG) event on 23 September 2024 at the FCA offices around the Credit Information Market Study (CIMS) progress update. Kevin Still, was able to ask him several questions around vulnerability data sharing initiatives.
Merging financial and non-financial vulnerability data
Transunion has recently partnered with the VRS to share insights on how merging financial and non-financial indicators can help identify vulnerable consumers. This will become increasingly topical as the full impact of the FCA Credit Information Market Study (CIMS – MS19/1) takes effect for FCA-regulated lenders and debt buyers.
Industry driven data sharing schemes have been encouraged to progress in 2025. The FCA confirmed that vulnerability management remains a priority, as reflected in their latest regulatory grid for Q1 2025.
Vulnerability identification and management features strong in new policy rules (PS24/2 – Borrowers in Financial Difficulty) that took effect on 4/11/2024. This follows a number of industry interventions featuring significant consumer redress and fines on the firms involved.
FCA calls for firms to improve bereavement handling times and shares best practice
On 22 November 2024, an FCA market study report found that while life insurers provide good service to bereaved customers, they need to settle claims quicker and improve how they measure customer experience (CX).
The review was based on data requested from 15 life insurers, representing over 75% of the life protection market. The FCA decided to look at bereavement claims, as this is a point when customers may have a higher chance of demonstrating characteristics of vulnerability.
The impact on consumers from poor outcomes and harms arising from the bereavement claims process could include:
领英推荐
The FCA found that firms took, on average, between 53 and 122 days to process a claim, from start to finish, for a term insurance policy, within 36 days for group life cover, 20 days for over 50 plans, and 53 days for whole of life. However, measurement was inconsistent as few firms captured key management information (MI).
Firms measure the Service Level Agreements (SLAs) for the delivery of the bereavement claim process differently. This can even differ between an in-house bereavement claim process and the same process delivered by a 3rd-party outsourcer. Where SLAs are not the same across a business, it reduces a firm’s ability to clearly compare the outcomes.
The FCA messaging is very similar to that of Graeme Reynolds in his ‘buzzword’ speed. Matt Brewis, director of insurance at the FCA, said:
“The loss of a loved one can be intensely stressful and we expect firms to offer the right support to help their customers during this difficult time.
“We expect all life insurers to act on our findings and avoid unnecessary delays with claims.”
Some good practices observed were:
? Establishing digital channels to accept documents and using SMS texts to communicate quickly with claimants
The FCA published a paper outlining its approach to AI following the Government’s publication of its pro-innovation strategy on AI. The paper points to some considerations firms should take into account in the context of the Duty, including:
Use of AI featured more often in the FCA surveys and data requests through 2024.
The areas that the FCA is looking at innovation and risk management is around:
1. Portfolio monitoring – ML segmentation. AI and ML can more accurately predict borrowers’ propensity to default on payment arrangements by analysing large datasets in ways humans cannot. We have featured our partnership with Data on Demand
2. Vulnerability detection including speech analytics and transcription assessments – we also have more conversational AI tools in the form of providers like Xdroid and Inicio AI
3. Financial crime prevention - AI provides advanced capabilities like pattern analysis, trend verification, advanced data analytics, real-time monitoring, increased accuracy, and predictive analytics
4. Open banking transactions
5. Process automation - AI capabilities for document classification, ID verification, and email processing automation
Many firms have considered a few applications relative to the above, for example:
Use of speech analytics and sentiment analysis
Voice analytics is the process of monitoring and analysing the emotions, attitudes and opinions expressed by a person by analysing their voice patterns and tone. Sentiment analysis is the process of identifying, quantifying, and evaluating subjective information in written text.
Real-time agent assist with sentiment analysis solutions can also be used to identify and protect vulnerable customers. By detecting changes in sentiment or emotional distress, sentiment analysis can provide alerts to your agents, allowing them to take appropriate action to support the customer. This can help to prevent vulnerable customers from experiencing harm or abuse and ensure that they receive the assistance they need.
Conclusions
The FCA is now testing firms’ deployment of the vulnerability guidance, overlaid with the requirements of the Duty, and their delivery programmes around:
They have actually seen some firms adopt a ’tell us once’ approach to minimise the number of times a customer must inform them about their vulnerability such as in the case of bereavement.
The regulator had advised firms to think about vulnerability as a spectrum of risk. All customers are at risk of becoming vulnerable and this risk is increased by characteristics of vulnerability related to 4 key drivers.
4 Drivers
1. Health– health conditions or illnesses that affect ability to carry out day-to-day tasks.
2. Life events – life events such as bereavement, job loss or relationship breakdown.
3. Resilience – low ability to withstand financial or emotional shocks.
4. Capability – low knowledge of financial matters or low confidence in managing money (financial capability). Low capability in other relevant areas such as literacy, or digital skills.
With a data-driven and outcome-focused regulator, it is important that firms are able to identify customer segments most at risk. This can be using a combination of 'own' data and third-party information, including transactional data as we have seen a rise in credit usage. Even simple and inexpensive checks against all resources available can provide some peace of mind and evidence of greater monitoring and due diligence (e.g. Know Your Vulnerable Customers - KYVC).
Information for firms – Vulnerability identification and management
The FCA Consumer Duty webpages for regulated firms were updated on 24 May 2024 with a vulnerability section. This followed the FCA Vulnerable Customer (40 question) survey that closed on 14 May 2024.
There is still a lot to do with the completion and ‘gap analysis’ work ahead of the next round of activity in 2025.
We (FCA) want firms to be able to:
This should help achieve good outcomes for customers, which is at the heart of the Consumer Duty.
Under the Duty we expect firms to actively encourage customers to share information about their needs or circumstances, where relevant.
Firms should:
Firms should try to recognise the needs of consumers, whatever channel they use.
Firms with digital channels could introduce tools, such as text boxes or chatbots, to allow consumers to share information about their needs.
Firms that speak to customers face to face or on the phone can support staff to:
This should allow firms to capture information about customer needs, such as characteristics of vulnerability or for communication.
Unless firms capture such information, it’s highly unlikely that they'll meet the needs of all their customers.
The FCA vulnerability guidance has always stated that regulated firms should:
Where a person (e.g. Carer) is authorised by the customer or by law to assist in the conduct of the customer’s affairs, the firm should provide the same level of support to that person that they would have provided to the customer. There are just under 6m carers in the UK, which is a key consideration in service delivery design for both contact centres and self-serve tooling like customer portals.
Providers like Hope Macy and their Family Connect service have made significant progress with large Tier-1 banks like Lloyds Banking Group.
Examples of actions firms can take in relation to identifying the needs of customers in vulnerable circumstances in the target market include:
Don’t lose sight of the customer experience (CX) perspective
FCA quote:
“We have talked a lot about what is needed next from you as you continue to embed the Duty. But through all the policy, the process, the systems and the communications changes that you are making, it is really important not to lose sight of the consumers that we are all here to support and serve. So, keep your customers front of mind, understanding their needs and characteristics and the outcomes they are experiencing.”
Ethical Impact Assessments
Mitigating bias when developing and implementing AI tools is crucial in a heavily regulated market like Financial Service. Assessment helps build trust and accountability. This looks at the legal, social and ethical implications of any AI proposition. This process will align with guidance from the ICO and the FCA around the deployment of AI technology around vulnerability identification.
Nigel Bryant
Director of VRS
Nigel Bryant - I am pleased to see the collaboration between Vulnerability Registration Service (VRS), MEGA.AI and Healthy Homes Solutions. I am delighted to support some of the upcoming events in Q1 2025 featuring some of the tooling discussed. Helen Lord Tony Leach Bruce Turnbull Simon Towers Martin Kirby FCICM Chris Warburton Shane P. Mahi Martin Thielst Nielsen Peter Hauge JensenSamantha Harris Matt Baker Derek Owen