Vulnerable customers: Seven Steps to effective management

By Gareth Menton and Adam Cooper

One of the biggest challenges in the financial services industry is defining and addressing vulnerability without adversely impacting the customer.

Get it wrong and you risk marginalising customers and breaching regulations. But a lack of consensus over how to deal with vulnerability is leading to inconsistency and the potential for harm, ranging from customer disengagement and exclusion, to susceptibility to scams and mis-selling, to over-indebtedness and an inability to manage repayments.

In answer to this problem, the Financial Conduct Authority (FCA) launched a consultation in July (GC 19/3) aimed at better ensuring fair treatment for vulnerable customers, the first stage of which closed on 4 October 2019. It’s a move welcomed by the industry as many firms have approached the regulator asking for clarity on how to assess and serve vulnerable customers.

The draft guidance, applicable to all financial service providers dealing with retail customers (even if they do not have a direct relationship with them) clearly outlines three requirements: understanding the needs of vulnerable customers; equipping staff with the skills and capabilities needed; and, the translation of understanding into practical action.

Vulnerability defined

The FCA defines a vulnerable person as: “someone who, due to their personal circumstances, is especially susceptible to detriment, particularly when a firm is not acting with appropriate levels of care”.

Knowing how to define vulnerability is crucial as, when used in combination with affordability criteria, this is used to assess risk and credit worthiness. But it’s not just about assessing customer suitability at the outset that’s important as a person’s circumstances may well change over time.

While vulnerability can be permanent, it is typically a fluid and changeable state (ie due to temporary financial hardship as a result of redundancy, bereavement or divorce). The FCA’s Financial Lives Survey (2017) found 50% of UK adults exhibit characteristics of potential vulnerability in that they would struggle to meet their financial obligations if they suffered a change in circumstances. This means that, in addition to identifying vulnerable customers from the outset to avoid unnecessary exclusion and to demonstrate they have loaned responsibly, financial service providers should seek to monitor and review the status of customers on a regular basis.

Flag versus focus

Achieving this in practice means establishing clear workflow processes and recording procedures. Frontline staff are ideally placed to assess and escalate vulnerable customers to case managers with specialist expertise and outcomes can be recorded using complaints management software, with customers ‘flagged’ for future reference. However, flagging, while common practice, can lead to a tendency to categorise and group customers according to vulnerability rather than on a case-by-case basis.


The Association of British Insurers suggests that rather than flagging a customer as vulnerable using a system of traffic light colours for severity, companies should instead record the support a customer may require. This personalises the interaction and the firm can then focus on and accommodate the individual’s circumstances. The resulting correspondence can then be captured on a case management system, providing a full audit trail for regulatory purposes, while MI can then be used to inform and further refine the firm’s service offerings.

Understanding into action

The draft guidance specifically focuses on improvements that are achieved by translating understanding into action. With this in mind, we have devised a seven step process to help embed vulnerability awareness into company culture.

  1. Strategy
  • An overarching company vulnerability policy or strategy that is visible to customers that ensures all customer touchpoints are considered with respect to vulnerable customers.
  • Identification of vulnerabilities specific to target markets.
  1. Training
  • Extra training for frontline and specialist staff to give them the ability to handle each customer as an individual.
  • Provision of continuous ongoing training and development structures.
  1. Management
  • A proactive management team that supports their staff and is aware of the regulation changes and FCA requirements.
  • Senior stakeholders who take responsibility, perhaps through the appointment of an accountable executive.
  1. Systems
  • A Complaints Management System gives direct line of sight as well as allowing call centre agents to identify and escalate cases appropriately.
  • Automating workflow allows the case to be handled quickly with timely information sent to the customers, avoiding the long delays and lack of clear information that can cause further distress to vulnerable customers.
  1. Implementation
  • Communicate any changes that have been identified to improve the existing service provision to staff and customers alike.
  • Consider how customer communications are handled and any potential points of exclusion ie communication via digital channels.
  1. Continuous development
  • Products should be designed and tested with vulnerable customers in mind to ensure positive outcomes.
  • Consider the number of customer touchpoints throughout a product’s lifecycle; if communication with the customer is scarce it becomes very difficult to determine a change in circumstance and react accordingly (this may pose a particular problem for those not in direct contact with customers).
  • Any changes notified by a customer need to be applied across all the services they consume.
  • Policy and frameworks also need to be regularly reviewed and staff kept up-to-date.
  1. Controls
  • Audit trails, Management Information (MI) and FCA reports are integral to managing vulnerable customers and can be achieved with a ‘one click’ option on complaints/case management systems.
  • MI should be shared at a senior level to identify any instances where needs have not been met and to ensure further improvement.
When asked how many firms recorded vulnerable customers on their systems, 14% said no and 22% did not know

The industry is undoubtedly getting to grips with vulnerability but implementation varies. A recent survey by Just Group found that while the majority of organisations had a policy in place, most were focusing resource on front line staff rather than embedding customer vulnerability into product service and design. When asked how many firms recorded vulnerable customers on their systems, 14% said no and 22% did not know, suggesting almost half were unable to demonstrate compliance. While the larger firms did have staff training, call centre protocols and systems to record vulnerability, they were not at the stage where they could assess the effectiveness of these initiatives let alone begin to make improvements.

The survey reveals there is still some way to go before the industry can achieve the goals identified by the FCA of “improving existing, and implementing new, practices and processes”.  The draft guidance will undoubtedly refocus efforts particularly as the regulator has also stated that it will take action against financial providers that do not heed the guidance and/or fail to improve standards. In the meantime, the consensus is that firms would be well advised to revise their policies and procedures now, rather than waiting for the guidance to become mandatory.

Contact us to find out more about how we work with our clients to help them manage their vulnerable customers.