The MorganAsh blog

Our views and comments on customer vulnerability, Consumer Duty and more.

Andrew Gething 02/08/2024 Andrew Gething 02/08/2024

Questions and answers: as Consumer Duty’s rules tighten, is your data primed to support vulnerable customers?

In a webinar on 9 July 2024, LexisNexis Risk Solutions joined forces with consumer vulnerability specialist MorganAsh, to shine a light on ways to enable wider engagement across your full customer base. The audience raised a series of questions, which LexisNexis and MorganAsh have answered here.

QUESTION

Many well-meaning initiatives ended up channelling vulnerable customers to less regulated or outright unregulated service providers – many based outside the UK/EEA. Do we have any impact assessments on Consumer Duty’s rules at this stage?

ANSWER

We don’t think there is a simple, definitive yes/no answer. The key test is whether consumers experience good or bad outcomes – because the signposting to other entities contributes to the outcome. In our view, the regulatory status and the location of service providers are secondary. If you have an unregulated third party that provides good outcomes (on the whole) and you can evidence this – then, in our view, it should not matter where they are. We believe there is a recent ruling by the Financial Ombudsman Service which found that building societies were responsible for a legal firm that went bust, to whom building societies were referring wills and LPAs. It depends on what service or product you are selling. If it’s a pure no-frills transaction service, then expectations would be lower than for a full-blown advice service. Some companies are signposting to charities, simply because there is no cost – but, really, such actions need to be aligned to good outcomes. Equally, some companies are forming partnerships with third-party services and providing robust referrals. We think this whole topic has a long way to go. But check with your own compliance teams.

QUESTION

How often should you capture changes in people’s data? I think LexisNexis has mentioned about following up every two weeks.

ANSWER

There is no hard-and-fast rule about how often firms need to refresh data on consumers – indeed, this will depend on the product. For example, a six-month, high-interest loan would be different to a five-year fixed mortgage. Most of MorganAsh’s clients in financial services generally refresh on an annual basis, which is when they do their regular annual reviews – and this seems sensible for them. In the future, using data partnerships with LexisNexis and others, MorganAsh will get feeds on bereavement, change of address and other life events – this will enable us to update data in near real-time. The LexisNexis Risk Solutions reference dataset is updated on a fortnightly basis. This process includes taking the latest data from a wide range of data sources and, based on this latest information, alerting subscription clients to where the data footprint suggests they have moved house, where there is a new address for the customer, where contact details have changed, or where there has been a bereavement.

The LexisNexis Risk Solutions reference dataset combines a wide range of different data sources, with the specific aim of creating the most complete view of UK consumers, and maintaining this over time.

QUESTION

What kind of questions does MorganAsh ask to assess vulnerability in its assessments?

ANSWER

MorganAsh tries to cover all types of vulnerabilities, including financial, health, life events, bereavement, coercion, abuse and so on. They have various question sets, and multiple options that can be customised, depending on the type of business and customers.

QUESTION

What are your views on indicators of financial abuse and customer vulnerability to investment scams? We typically only see this after the event – for example, when a customer has become a victim of a scam.

ANSWER

MorganAsh asks consumers about being victims of previous scams, and they ask about financial understanding; MorganAsh has been working with industry experts on this and also ask some subtle questions about other loans to try and detect these. But they know this is only scratching the surface. As yet, MorganAsh is not predicting vulnerability for future scams. This is something which may be possible by using some clever modelling, with AI looking at the assessment results for signs of scams – but this will likely not be easy.

QUESTION

More of a statement than question: from experience in data quality and governance, I can say it is key to get the data quality right, to make sure the customer feels valued. You can offer the best-value products but, without knowing your customers, treating them as you would want to be treated yourself will always miss the most vulnerable. Customers are our best source of knowledge!

ANSWER

Agreed, 100%. Customers are the best source of data – if this data is held correctly and used to the consumers’ advantage, then this will enhance relationships with them.

QUESTION

Do you see the value in AI-led voice-recording technology that can identify a vulnerable customer? Would this not be a better method than trying to screen a vulnerable customer rather than via a form etc?

ANSWER

There are a few issues with this approach:

You can only identify consumers who phone in, which is a subset of all vulnerable consumers within a firm’s customer base – especially as we move to become more and more digital, and less spoken interaction.
It is born from the incorrect assumption that you can’t ask the consumer; you can, and it works well – MorganAsh has been doing this successfully for over 20 years.
Engagement with a consumer is easier if they have told you themselves, rather than identifying something behind their back.
Some vulnerabilities won’t be detected easily in this way, because it is a condition with which the consumer is comfortable – as an example, someone who is fully blind (and always has been) will display normal voice patterns on a call, so wouldn’t be flagged.

The MorganAsh approach is identifying around 50% of consumer vulnerabilities – while voice-analytic approaches are in the 10%–20% range. (The results from MARS tally closely with those from the FCA’s Financial Lives survey.) That said, analytics can be a useful add-on for large call centres. While this has its place, it’s likely not the right place to start.

QUESTION

Do you blanket send the questionnaire to all customers? And, when identified, what do you do with that data? Is root cause discussed and are actions prioritised?

ANSWER

Really, the only way to identify the (broadly speaking) 50% of customers who are vulnerable is to ask them all. Otherwise, you’re guessing, or perhaps using unconfirmed data that was gleaned behind their backs. Of course, not all consumers will respond, but MorganAsh has consistently very high engagement rates of around 60%–70%. When MorganAsh identifies a vulnerability, the MARS software generates a consistent, objective, Resilience Rating and then recommends next actions; these are controlled using specific triggers – based on characteristics, severity, product, age and so on. The next actions (which MorganAsh calls treatments) are highly configurable, as are the triggers (because what works for one firm may not for another) and can be added to as required. Firms can review individual cases and see stats for next actions for each characteristic and each next action.

QUESTION

Consumer Duty states that we need to monitor and record good outcomes. Once identified, is it just a case of ensuring that each customer receives the same level of treatment as a non-vulnerable customer – along with looking to remove barriers that vulnerable customers would come up against?

ANSWER

Yes. We need to identify which cohorts of vulnerable customers are getting worse outcomes – and then try and mitigate these as best we can. That is likely to mean a modification to the process of some sort. Equally, there will be situations where outcomes are not as good and there may be limitations on what firms can and cannot do.

QUESTION

Do vulnerabilities need to be proven by the customer? For example, do they require evidence of a doctor’s diagnosis? Is there a minimum level of evidence required?

ANSWER

No, there is presently no need for evidence. This may, in the future, become necessary for cases of suspected fraud, for example, especially when consumers become wise to the benefits and start gaming the system. As a company, MorganAsh is used to this, because they deal with many insurance claims on a daily basis.

QUESTION

Given the increased focus on customer vulnerability from the regulator, is it right for a financial services organisation to continue to take a passive approach to capturing vulnerability needs (such as waiting for a customer to self-disclose) or should proactive capture of vulnerable customers now be the new normal?

ANSWER

Waiting for customers to tell us, or us identifying vulnerability on a reactive basis, generally uncovers very low proportions of vulnerable customers. There is a need to be far more active in understanding customers. The FCA recently updated its website on guidance to say that firms must “actively engage” to reinforce this point. So, simply speaking, firms should – as you say – be proactive and not reactive.

QUESTION

Do Consumer Duty’s rules extend to firms which do not give advice directly to consumers, but rather distribute products via intermediaries? For example, is there an onus on the firm to ensure that its intermediaries comply with Consumer Duty?

ANSWER

Consumer Duty applies to all regulated companies; there are some rules that apply differently for manufacturers and intermediaries but, when it comes to customer vulnerability, all parties have the same responsibility. We believe that it is OK for firms to rely on other firms to do the vulnerability assessment – but they must see the output – for example, how this impacts outcomes. It is not OK to just hope that the intermediary is doing the assessment. In many instances, the intermediary will be doing the initial vulnerability assessment at the point of sale – but then the intermediary and manufacturer need processes in place for how this will be monitored over the lifetime of the product. For mortgages, for example – say on a fixed term – the consumer may go to a different adviser and a different provider at the end of the term. Both need to know that one of them will contact the consumer at the end of the five-year term to see how the consumer wants to progress – to avoid dropping onto standard variable rates by ignorance or apathy.

QUESTION

Since customer vulnerability requires us to make best endeavours to assess, would it not be possible to request that a consumer identifies any vulnerability in a question-and-answer exchange? This would perhaps be appropriate in low premium risks, where extensive research would outweigh the value of handling the risk.

ANSWER

Yes. Indeed, if we understand your question correctly, this is exactly what MorganAsh does – they send a simple set of questions to the consumer to complete, and MARS does all the analysis and recording work for you. Equally, an agent can use the system to guide consumers through the Q&A. Find out more about MARS

QUESTION

With a monthly renewable coverage which has no end date, other than perhaps retirement, is there a requirement for annual reviews to be made? Would an annual vulnerability assessment be an acceptable frequency?

ANSWER

Yes, annual reviews in such a situation – as you say – is very sensible. MorganAsh has spoken about this with the FCA.

QUESTION

You mention APR (annual percentage rate); does anyone really understand what APR is and do we think this is an outdated term that needs explaining more or even changed?

ANSWER

This was simply an example to illustrate how terminology used in communication can impact customers. Explaining products in easily understandable terms will help to ensure that customers get fair value from products.

QUESTION

Having collected customer vulnerability data at point of service, or premium negotiation on a call, we would want to use that data to monitor and, in some cases, control customer outcomes in policy management and so on. Without having explicitly requested permission for those activities, how do we balance privacy risks under GDPR with consumer risks under Consumer Duty (especially for health, where GDPR is more explicit around consent, compared to principles-based Consumer Duty guidance)?

ANSWER

Everyone needs to comply with GDPR, so yes – MorganAsh gets, and records, explicit permission from the consumer to hold their data. MorganAsh’s position is that they want to know the information so that they understand customers’ personal circumstances – and so customers can be served better. We think the key issue here is if you use the data for the purpose stated and for which you have consent, or for a different purpose. So, we guess it’s the wording of the consent that is important if you want to use this data for other purposes.

Please note that these answers are the views of the speakers, and firms should always get their own compliance advice.

You can download this as a PDF (1.3MB)

Andrew Gething 25/07/2024 Andrew Gething 25/07/2024

Capturing the best possible annuity quotation, using nurse-led assessments

While there hasn’t been much to celebrate about in this environment of higher interest rates, one positive is the resurgence of annuities. From their decline and near extinction following the introduction of greater pension freedoms in 2015, annuities, which provide retirees with a guaranteed income for life, are soaring in popularity amid high interest rates – and are now generating far better returns.

Research by the Association of British Insurers found that sales of annuities were 27 per cent higher in H1 2023 compared to the previous year. Furthermore, annuity comparison quotes on the iPipeline platform hit their highest levels for a decade in Q3 and Q4 2023. Given the path of interest rates so far this year, this demand has only continued.

However, with inflation returning to ‘normal levels’, expectation continues to build that a long-awaited cut to the Bank of England base rate could now be imminent.

With financial advisers looking to lock in competitive annuity rates before any potential change in interest rates, it’s never been as important to have proven, repeatable methods which achieve the highest possible annuity rate for clients.

Nurse-led medical assessments

In a study conducted by our team at MorganAsh, we found that nurse-led medical assessments return a significantly higher annuity rate than those submitted using standard online forms. In 76 per cent of cases, a higher annuity rate was achieved – with a mean uplift of 2.5 per cent, or £225, per year. In fact, many cases saw an increase of 10 per cent or more, while one case in particular saw an uplift of 33 per cent – or nearly £7,000 of extra income per annum.

This study took place between February and May 2024 with two quotes obtained from Aviva, Just, L&G and Canada Life. With rates recorded for each case and both methods, Aviva achieved the greatest difference in average annuity rates at 3.7 per cent.

Hearing clients and answering underwriters

What makes this approach so successful? A key factor is clients having positive interactions with our registered nurses, giving customers the freedom and confidence to disclose information that they may not necessarily volunteer otherwise. Just as important is the nurses being fully aware of the information medical underwriters require – and how this should be recorded and presented. MorganAsh nurses for example are highly experienced and often senior – they are used to talking to customers and obtaining accurate health information.

With the right provider of medical assessments, underwriters are aware of and appreciate the due diligence that has been undertaken and are more likely to trust the data provided. If this is then presented in a format that works best for them, there’s no reason why they wouldn’t be inclined to provide a better rate.

Even with a slight increase in assessment, underwriting and administrative costs, our study found that this approach is still cost-effective. By our maths, and with average life expectancy and the average duration of annuities taken into account, an uplift greater than £10 per annum would be cost-beneficial. This was achieved by 75 per cent of cases in our study.

Answering Consumer Duty

Given the higher returns achieved by annuities, as well as the opportunities available to combine the guarantee of an annuity with the flexibility of drawdown, it is clearly in the best interest of the client to explore this avenue.

In fact, there’s a pretty solid argument to say that with Consumer Duty requiring firms to evidence that they have considered all options, not considering an enhanced annuity at annual review is unlikely to meet the new rules.

Furthermore, studies such as this, and current research, confirm the effectiveness of nurse-based medical assessments in achieving higher annuity quotations – particularly for those retirees with significant and complex health issues. Therefore, if this route is not considered, there’s the possibility that a customer could receive a poor outcome – one that is open to later challenge.

Successful triage

Nonetheless, it can still be challenging for advisers to know when to obtain an annuity quotation and whether to do this online or go more in-depth with a nurse assessment. Software such as MARS (MorganAsh Resilience System) incorporates an annuity triage and uses health data already collected from its consumer vulnerability assessment to make a recommendation on the likelihood of an enhancement, as well as the best course of action.

Not only is it highly efficient to use this health information to triage for other products, it’s a real opportunity to reach out to areas previously underserved and to deliver a broader and better service to clients.

Andrew Gething 24/07/2024 Andrew Gething 24/07/2024

Creating avenues for good outcomes for advisers and vulnerable customers

Consumer Duty places real emphasis on firms to assess their entire customer base to identify their vulnerable clients and ensure the outcomes they receive are at least no worse than the non-vulnerable. There’s no denying that this is an onerous task and in this first year of the new regulation, many firms across financial services have turned to technology to not just save time and resources, but to deliver the necessary results.

Just as important is what happens next once a vulnerability is identified. This is particularly intensive when you consider the broad range of vulnerabilities that a client may be dealing with at any one time. Under Consumer Duty, this spans further than financial pressures to include health issues and disabilities, family issues such as bereavement, divorce and domestic abuse, protected characteristics and so many more. Thankfully, technology is proving to alleviate this challenge too.

By completing an individual vulnerability assessment, platforms such as the MorganAsh Resilience System (MARS) can automatically generate recommendations on suitable next steps – MARS refers to these as ‘treatments’. A tech-first approach eliminates the significant and ongoing training required to stay up to speed with all possible mitigating strategies for all manners of customer vulnerability. Advisers are able to do what they do best and rely on tech to provide a suitable treatment in real time when the need is discovered.

Debt advice

Given the challenges of the current climate with higher interest rates and household costs, it’s hardly surprising to hear that debt is a major concern for many consumers. According to The Money Charity, average total debt per UK household in April 2024, including mortgages, was £65,143.

For those unable to service serious debt, there’s no question they will be in a vulnerable position. That’s without even considering other challenges or factors they may also be facing. While advisers may be able to identify debt concerns as part of their fact find, they may not necessarily know the correct next step or treatment to support a positive outcome.

Using MARS as an example, we recently partnered with PayPlan, one of the UK’s largest debt advice organisations to include their debt advice service within MARS as a support service. This means MARS users can refer any clients with debt issues to PayPlan for free debt advice. According to data from PayPlan’s dedicated vulnerable client team, 53% of all PayPlan clients disclose a vulnerability, making tailored support and advice absolutely essential.

Avenues to good outcomes

Access to free debt advice is just one element of support that is available to those in financial difficulty, with treatments that can identify potential coercion or support those involved with loan sharks. MARS also has an integrated benefits calculator from Inbest, enabling advisers to check if clients are missing out on any important benefits, social tariffs or local discretionary grants. Research suggests that UK households are missing out on as much as £19 billion of support each year.

When we say there is a wealth of mitigating strategies, support organisations and charities supporting a wide range of potential vulnerabilities, we truly mean it. There is also the potential to utilise data from the assessment to successfully triage a client’s suitability for protection or an enhanced annuity.

By adopting and integrating the right technology, advisers have these suitable next steps at their fingertips at the time of need. Firms can even add their own, perhaps if they’ve found particular success with a local or niche support provider. This is particularly useful for the many treatments that you may call upon once or twice per year, but are still incredibly valuable.

To be completely on top of customer vulnerability is a mammoth task – especially when you consider the extensive requirements already facing advisers just to do the day job. Adopting a digital approach to customer vulnerability not only streamlines this process and achieves better data and results, it enables advisers and firms across financial services to deliver a far better, and more tailored service.

While Consumer Duty is clearly a vehicle to improve standards across financial services, those looking at the bigger picture also see the competitive advantage it can offer too.

Andrew Gething 24/07/2024 Andrew Gething 24/07/2024

Creating avenues for good outcomes for advisers and vulnerable customers

Debt advice

Avenues to good outcomes

While Consumer Duty is clearly a vehicle to improve standards across financial services, those looking at the bigger picture also see the competitive advantage it can offer too.

Peter Labrow 17/07/2024 Peter Labrow 17/07/2024

Keeping vulnerable customer data both accurate and current

Data accuracy and currency is always a challenge. Even databases which are managed can get out of date quickly. With databases used to help manage vulnerable customers, the consequences of this can be dire. So, here’s how MorganAsh is working to address the challenge.

For any kind of contact list, data quality is a challenge in three ways:

The data may be incomplete.
The data can be incorrect.
The data degrades over time.

When considering managing vulnerable customers, these issues can present real problems and need to be dealt with. Let’s look at them in turn, then see how we tackle them with MARS, the MorganAsh Resilience System. (MARS is cloud-based software for assessing, identifying, managing, helping and reporting on vulnerable customers.)

Incomplete data

Data can be incomplete for many reasons. The most likely is that you only gathered what was initially needed, or your data needs changed. Both scenarios are common and understandable.

Incorrect data

It’s very easy for data to be entered incorrectly, whether it’s by an agent or even the consumer. Just look at how many online forms ask people to repeat their email addresses – they do that for a reason! Even something familiar can be mistyped.

Data degradation

Contact data and personal information changes over time. That’s part of its very nature. People marry, separate, change jobs, move house, have children, die and so on. At a personal level, these changes don’t seem to happen that often, but with data of any size the changes are frequent. Data typically degrades at around 15% per year, so it doesn’t take long before it becomes questionable.

Of course, the scale of these issues depends on many things – for example, someone may sign up on a priority service register (PSR) and forget about it. Within a couple of years, the data could be useless. At the other end of the scale, a person may interact with a firm often and the data could be relatively clean.

But it is an issue, especially when managing vulnerable customers. This isn’t just with contact information, although that is an issue, but also with data on the customer’s vulnerability characteristics. These change over time, so again, the data degrades. Incorrect or missing data can lead directly to avoidable harms – and if you can’t contact someone reliably then you can’t manage their needs if they are vulnerable.

How MorganAsh tackles this, with MARS

There are three important ways we can help keep data complete and current:

Gather detailed data consistently and frequently.
Reference that data against relevant sources.
Supplement that data with other, known good data.

Gathering data

With MARS, collecting data is largely automatic – and it’s collected in a consistent and detailed manner, directly from the source, the customer. This makes assessments and reassessments painless. How often a customer is assessed is up to the firm and the products/services supplied, but as part of an annual review it quickly becomes an accepted part of the process. Our assessment is based on over 20 years of assessing and working with vulnerable people – and built in no small part by trained healthcare professionals. This makes sure our data has strong foundations.

Referencing data

We can then reference the data against the Vulnerability Registration Service, to check if the customer has opted in. We’re also working with utilities firms, who use a Preferential Services Register, and in time, with consumer consent, we aim to be able to cross reference that.

Supplementing data

MorganAsh partners with LexisNexis Risk Solutions, which holds extensive consumer data that is exceptionally accurate and up to date. The data within MARS can be supplemented by that from LexisNexis, using the unique LexID to accurately marry the data. A LexID is assigned to the UK’s adult population and LexisNexis has consolidated the data history associated with everyone to their record. Our database is continuously growing with new information. This means there is an up-to-date and accurate view of an individual’ s current status – and there are also additional insights built up over time.

It’s definitely true that all customer databases are inaccurate – just ask anyone who has to manage a contact list or mailing list. But this is something we simply must recognise and act on, with the goal of making the data as good as it possibly can be.

We’re also working towards using other data sources to reference or supplement that within MARS. These include open banking data – which will be great at highlighting changes that can be used to trigger other actions i.e. to check in with the consumer.

Andrew Gething 12/06/2024 Andrew Gething 12/06/2024

Important clarification from the FCA on customer vulnerability

The FCA has made some clarifications on its Consumer Duty regulations, regarding the identification of customers with vulnerabilities. On 24 May 2024, the FCA updated its guidance page. In practical terms, what does this mean?

The FCA has updated its guidance with some important points:

“Under the Duty we expect firms to actively encourage customers to share information about their needs or circumstances, where relevant.”
“Firms should try to recognise the needs of consumers, whatever channel they use.”

In practical terms, what does this mean?

Training isn’t enough

The regulations often refer to front-line staff and to the training of front-line staff. While there is nothing wrong with this, it has created the perception within some firms that training alone can lead to compliance, this has led many firms to only capture vulnerability information in a reactive way. For example, some firms only capture information when consumers volunteer it –or in some way indicate it in way which prompts a conversation about vulnerability. It also gave the impression that firms only need to consider verbal communication channels and can ignore digital, or other, channels of communications.

Analytics isn't enough

Promotions from voice and text analytics companies claiming to ‘solve’ vulnerability by using their systems has further reinforced this misunderstanding.

The challenge with these approaches is that consumers are typically poor at volunteering information on vulnerability. It’s just not something that automatically comes up. Additionally, although trained, many staff only record a vulnerability if it affects how they are dealing with the consumer at that time – and tend to only record severe vulnerabilities. Also, where firms have reported that they have trained the staff, they have found it difficult to get staff to actively engage with topic. The topic doesn’t stick. This is not surprising – this is a complex area and a new skill for most people.

Reactive strategies under-report consumer vulnerabilities

The result is that many firms are reporting that their proportion of consumers with vulnerabilities in single figures. This is massively problematic –we know that the proportion of vulnerable customers is around the 50% mark for the general population; we also know that everyone is vulnerable at some point. Indeed, our work shows that, when properly surveyed, the lowest proportion vulnerable customers is around 30% mark – so anyone with percentages lower than this is almost certainly not identifying vulnerability adequately.

The FCA’s clarification: proactive not reactive

What this clarification from the FCA means is that firms need to be proactive in engaging with customers if they are to establish their vulnerability characteristics.

The FCA’s clarification: knowing the percentage isn’t enough

But – even if you know that around 50% of customers are vulnerable, you still don’t know which ones. The only practical way to find out exactly who is vulnerable, and in which ways, is to engage with all customers. Then you know who that 50% is, and why. Which means not only can you report on it, you can do something about it.

If you’d see some practical, proven ways to identify customers with vulnerabilities, or review your own progress, then let’s arrange a call to discuss?

For larger firms, we offer a free workshop – to work through the details in the context of our business.

Andrew Gething 09/05/2024 Andrew Gething 09/05/2024

FCA vulnerability survey

The FCA has issued a survey on vulnerability, to be submitted by 14 May 2024. Although they state there is no requirement to respond to the survey, they do say they will be following up the survey with a more in-depth piece of work. The results will be collated for wider publication and shared with individual firms’ supervisors.

The format is a questionnaire – and reading the questions gives a strong indication of what the FCA expects of firms. The principles within the questionnaire are all from the Consumer Duty or the FCA’s vulnerability regulations – but having them all in one place will no doubt focus firms’ minds on the regulatory requirements.

Clearly, the questions are wide-ranging, to cover all types of firms including distributors and manufacturers, and many will be over the top for most smaller firms. The key questions are numbers 5 and 8.

It is highly unlikely that any firm will be able to give positive answers to all of the questions, and more likely firms will be responding with ‘still need to do’.

The survey starts with some questions on the type and size of business, then there is a killer question – number 5 – on the proportion of customers identified as vulnerable. The answer ranges are from ‘less than 10%’ to ‘more than 90%’. We know from other work that the ‘vulnerability mean’ for the population is around 50%. We also know that, while firms’ proportions of vulnerable customers vary, anything less than around 30% is likely to indicate that the processes used to identify vulnerable customers will come under question. Therefore, there is a fair chance that the FCA will be asking further questions for anyone reporting less than 30%, which – if recent surveys are to go by – will be the majority (MorganAsh’s MARS users excluded).

Question 8 takes the form of statements, with a selection of answers – typically the range of answers is from – ‘we have done nothing’ to ‘we have taken all steps necessary’.

Q8: To what extent has your firm taken action in each of the following areas?

We understand the nature and scale of vulnerability in our target market and what this means for consumer needs.
We ensure all relevant staff understand how their role impacts on customers in vulnerable circumstances and ensure frontline staff have the necessary skills and capability to recognise and respond to a range of characteristics of vulnerability.
We ensure consumers in vulnerable circumstances and their needs are considered throughout the product and service design process.
We implement appropriate processes to evaluate where we have not met the needs of consumers in vulnerable circumstances and make improvements. We produce and regularly review management information on outcomes for consumers in vulnerable circumstances.

If the answers to the above are positive – then more detailed questions are triggered – if the answers to the above show little activity has been done, then the more detailed questions are skipped.

Q9: In Question 8, you confirmed you have taken action to understand the nature and scale of vulnerability in our target market and what this means for consumers’ needs. Which of the following actions have you taken in order to execute this?

We have conducted our own research into characteristics and needs of consumers with different characteristics of vulnerability (either commissioned externally or conducted by own research teams).
We have worked with consumer organisations to improve understanding, for example through organised training, reviews of customer-facing materials and processes.
We have worked with a consultancy to improve understanding, for example through organised training and reviews of customer-facing materials and processes.
We have held focus groups with consumers with particular characteristics of vulnerability to understand their needs, the challenges they face when engaged with our products and the actions we can take to meet those needs and address those challenges.

We have reviewed and/or analysed internal data and information to understand the characteristics of vulnerability and are likely to be present in our target market or customer base.
We have reviewed external information resources and/or analysed external data to understand the characteristics of vulnerability that are likely to be present in our target market or customer base, and what impacts this may have on consumers’ needs (e.g. resources from charities, resources from trade associations, Financial Lives Survey data).
We have conducted work to understand the potential harms and disadvantages arising from our actions, or inaction, on customers with characteristics of vulnerability.

Firms are unlikely to have used all of these approaches – and indeed, may have used some different methods. There is no right or wrong way in how they have approached the implementation.

Q10: In response to Question 8, you confirmed you took steps to ensure all relevant staff understand how their role impacts on customers in vulnerable circumstances and ensure frontline staff have the necessary skills and capability to recognise and respond to a range of characteristics of vulnerability. To what extent have you taken action in each of the following areas?

We have vulnerability-focused training for frontline staff.
We have vulnerability-focused training for all non-frontline staff in key roles.
We have vulnerability-focused training for all staff.
We have dedicated vulnerability teams that have the skills, knowledge and time to support consumers with complex or specialist needs, as well as offer advice and support to frontline staff.
We share relevant briefing and training materials created by charities and/or trade bodies and/or others with all relevant staff.
We nominate individuals to become vulnerable champions or superusers to provide support and expertise to all colleagues.
We have guidance and/or process manuals to support frontline staff on how to meet the needs of consumers in vulnerable circumstances as part of their day-to-day role (for example, guides that detail indicators of vulnerability and how to respond to these, guides on how to record and share vulnerability).
We have conducted work to understand the potential harms and disadvantages arising from our actions, or inaction, on customers with characteristics of vulnerability.

Q11: What does the training or internal guidance for frontline staff cover?

The different characteristics of vulnerability in your target market and/or customer base.
The needs associated with the different characteristics of vulnerability.
How a characteristic of vulnerability or particular need could result in disadvantage or harm, including as a result of the firm’s actions or inaction and unintended consequences of a firm’s actions.
How to recognise indicators of vulnerability.
How to encourage the consumer to disclose any additional or different need.
Example questions and responses to guide discussions with consumers who may have a characteristic of vulnerability.

How to record information on a consumer’s file around their needs/characteristics of vulnerability.
How to access information on a consumer’s file around their needs/characteristics of vulnerability.
The types of support available for consumers in vulnerable circumstances.
When and how to refer a customer to a specialist vulnerability team.
When and how to refer a customer to a third-party organisation for additional support that cannot be provided by the firm, for example a charity such as Samaritans.

Q14: In Question 8, you confirmed you took action to ensure communications are understandable for consumers in vulnerable circumstances in your target market and/or customer base and to consider the channels you use to communicate with consumers in vulnerable circumstances. To what extent did you take action in the following areas to do this?

We have embedded vulnerability into the design process for communications.
We determine our communication channels, and decisions around opening new ones or closing channels, based on the needs of the customers in our target market or customer base, including customers with characteristics of vulnerability.
We offer additional information to support consumers’ understanding, for example FAQ documents to explain complex terms and concepts, simplified documents which offer infographics and diagrams.
We offer alternative formats of communications to meet the needs of customers in vulnerable circumstances in our target market or customer base.
We offer tailored communications to individual customers where necessary.
We proactively raise awareness of the different communication formats and channels available to consumers.
We ensure communications provide information in plain English, minimising technical jargon.
We provide communications in a timely manner and at appropriate touchpoints in the customer journey.
We ask customers whether they understand the information provided in our communications and offer additional support where they do not.
We use consumer testing to assess whether communications meet the needs of consumers in vulnerable circumstances in the target market.
We employ a third party to review our communications, for example a consultancy or consumer group.
We regularly review the accessibility of our different communications (including the channels offered, understandability of communications).

Q15: In ensuring all communications are understandable to consumers in vulnerable circumstances, do you take any further actions outside of those outlined in Question 14?

Q16: What channels do you offer customers in vulnerable circumstances?

Q17: What alternative formats do you offer customers in vulnerable circumstances?

Providing a means of communicating using BSL or ISL, e.g. through video.
Providing a means of utilising online services and applications using audio options.
Providing means to use Next Generation Text.
Providing the option of communications in colour schemes friendly to people with particular characteristics of vulnerability.
Providing the option of communications in large print.
Providing the option of communications in braille.
Other.

Q18: How regularly do you review the accessibility of your communications?

Q19: In embedding vulnerability into your product and service design process, to what extent have you taken action in each of the following areas?

There are clear policies and guides on how and when vulnerability should be considered in the product and service design process, including in the idea generation stage, development stage, testing stage, launch phase and review stage.
We conduct analysis of potential harms/risks to consumers in vulnerable circumstances as a result of the product and its features, including if features of products or services may exploit consumers in vulnerable circumstances (e.g. reviewing internal data, reviewing external resources from consumer organisations).
We hold focus groups with consumers in vulnerable circumstances or consumer representatives at the development stage to get a greater understanding of their needs and how products can meet them.
We consult with specialist organisations at the development stage of the product lifecycle to understand the needs of consumers in vulnerable circumstances and embed these into the design of the product.
We adopt an inclusive design approach (i.e. designing inbuilt features of the product or service which ensure the needs of vulnerable customers are met, while at the same time benefitting a wider range of consumers).
We have analysed the needs of customers with characteristics of vulnerability in our target market and/or customer base and have introduced products to directly meet these needs.
When there is a proposed change to an existing product or service, product and service design stage must consider the impact on consumers with characteristics of vulnerability.
We have considered and adopted the most appropriate distribution channel according to the needs of the customers in our target market for the product, including those customers with characteristics of vulnerability.
We have features in our existing communication channels to meet the needs of the customers with characteristics of vulnerability in our target market or customer base (e.g. offering call-back options).

Customers have flexibility to exit communication channels to their preferred channel (e.g. existing automated solutions to meet the needs of consumers with characteristics of vulnerability who have different needs).
We have flexibility to respond to the needs of customers impacted by short-term challenges or events (e.g. building in flexibility to offer customers forbearance for a specified period without changing contractual terms when a customer is impacted by a major life event).
We test the impact the product or service has on consumers with characteristics of vulnerability and whether the product meets the needs of consumers with characteristics of vulnerability in our target market.
We review products and services to understand the outcomes for consumers in vulnerable circumstances, including whether there are any consumers with particular characteristics which may be purchasing unsuitable products.
We provide communications in a timely manner and at appropriate touchpoints in the customer journey.
We ask customers whether they understand the information provided in our communications and offer additional support where they do not.
We use consumer testing to assess whether communications meet the needs of consumers in vulnerable circumstances in the target market.
We employ a third party to review our communications, for example a consultancy or consumer group.
We regularly review the accessibility of our different communications, including the channels offered and understandability of communications.

Q20: In embedding the needs of consumers in vulnerable circumstances into product and service design processes, do you take any further actions outside of those outlined in Question 19?

Q22: How regularly do you review your products and services to test whether they are delivering good outcomes for consumers in vulnerable circumstances?

Q23: In ensuring customer service meets the needs of the customers with characteristics of vulnerability in your target market, to what extent have you implemented the following actions?

Establishing or improved existing systems and processes to support and enable consumers to disclose their circumstances or additional needs.
Establishing or improved existing systems to enable proactive identification of indicators of vulnerability.
Establishing or improved existing systems to provide support to consumers with characteristics of vulnerability, including enabling flexibility to meet the needs of consumers in vulnerable circumstances throughout the customer journey.
Proactively inform consumers about the support available to them, including relevant options for third-party representatives and specialist support services.
Establishing or improved existing systems and processes that enable staff to note and retrieve information about a customer’s needs in a way that ensures consumers do not have to repeat information.

Q24: In ensuring customer service meets the needs of the customers with characteristics of vulnerability in your target market, do you take any further actions outside of those outlined in Question 23?

Q25: What actions does your firm take to ensure systems and processes effectively support the identification of customers with characteristics of vulnerability?

We conduct proactive monitoring of customer data (e.g. transaction data) to identify potential characteristics of vulnerability.

We use third-party data or engagement to identify potential vulnerabilities (e.g. data-sharing systems that enable consumers to proactively disclose their circumstances/needs).
We have systems and processes in place that enable staff to record information on a consumer’s characteristics of vulnerability.
We have systems and processes in place that enable staff to record information on a consumer’s needs.
We have in-system prompts during customer interactions to guide staff on how to support the customer.
We have in-system prompts to guide staff when reviewing customer applications and queries.
We have established vulnerability markers on customer files that are regularly reviewed and updated.

Q26: What actions are you taking to identify and support consumers throughout the digital journey?

We have introduced pop-up boxes or prompts where consumers are spending longer over particular text or particular functions on the website, requesting additional help or entering inconsistent information, which offer additional help such as explaining complex terms or signposting to additional resources (e.g. FAQs pages, free advice services).
We have introduced pop-up boxes or prompts where consumers are spending longer over particular text or particular functions on the website, requesting additional help or entering inconsistent information, which offer the consumer the opportunity to speak to a customer service adviser.
We have a dedicated space to enable consumers to proactively disclose their needs or circumstances and this information is then available to relevant staff.
We have an online chatbot that is able to ask questions and record information on a consumer’s needs and/or circumstances, which is then made available to relevant staff.
We have targeted online questions and FAQs or open text boxes at different touchpoints in the customer journey that encourage customers to volunteer relevant additional information.
We do not take steps to identify and support consumers through the digital journey.
We do not have a digital journey and so this is not applicable.

Q27: To what extent have you taken action in the following areas to enable customer service staff to respond flexibly to the needs of consumers in vulnerable circumstances throughout the customer journey?

We have ensured that our culture and systems do not discourage staff from taking extra time or acting flexibly to meet the needs of consumers in vulnerable circumstances (e.g. by ensuring pay and reward structures do not just look at volumes or speed of consumers served but quality of service and outcomes).
We have ensured that processes can be altered where necessary to meet the additional needs of consumers with characteristics of vulnerability (e.g. by ensuring consumers are able to receive communications in their required format).
We have ensured customer service staff are empowered to offer consumers additional time to make a decision or to signpost consumers who could be at greater risk of harm to appropriate help or advice services.

Q28: In enabling customer service staff to respond flexibly to the needs of consumers in vulnerable circumstances throughout the customer journey, do you take any further actions outside of those outlined in Question 27?

Q29: What actions are you taking to proactively inform consumers about the support available to them, including relevant options for third-party representation and specialist support services?

We have introduced straightforward options to enable legitimate and legal delegated access or support, including building in flexibility into options where possible.
During onboarding, we ask consumers to nominate a third party that could make decisions and manage their financial affairs, should the customer be suddenly unable to make decisions in their best interests.
At certain touchpoints in the customer journey, we speak to and/or share information on third-party mandates of authorities and encourage customers to nominate a third party that could make decisions and manage their financial affairs, should the customer be suddenly unable to make decisions in their best interests.
We proactively share information with customers on features or additional support, for example blockers on certain types of expenditure.
We proactively signpost to third-party organisations that can offer consumers additional support (e.g. mental health charities, advice services) across different communication channels.
We proactively share information on the complaints process and offer additional support to consumers in vulnerable circumstances to support their complaint.

Q31: What MI do you use to monitor outcomes?

Complaints from consumers in vulnerable circumstances to the firm.
Complaints from consumers in vulnerable circumstances to the FOS.
Business persistence data (e.g. claims and cancellation rates and details of why customers leave).
Customer feedback directly to the firm from consumers in vulnerable circumstances (e.g. through surveys, focus groups).
Customer feedback through customer review websites.
Quality assurance findings (e.g. through reviews of call handling, complaints handling).
Behavioural insights data (e.g. customer interactions and drop-off rates, usage of communications channels, consumer testing of financial promotions).
Staff feedback, including feedback from frontline staff to understand emerging issues and alternative approaches to address these issues.
Referral and take-up rates of additional support (either in-house or third-party services).

Q33: Where MI suggests consumers in vulnerable circumstances are experiencing worse outcomes than other consumers, do you have a process to identify this and take action to put things right? If so, please provide further detail.

Q34: Based on the MI you monitor, how have outcomes changed for customers in vulnerable circumstances since February 2021?

Outcomes have improved.
Outcomes have remained stable.

Outcomes have deteriorated.
Outcomes for some consumer groups have improved but outcomes for some groups have deteriorated.
We do not know how outcomes have changed.

Q37: How have artificial intelligence and Big Data impacted on your treatment of customers in vulnerable circumstances?

Q38: What actions have been taken to embed the fair treatment of customers in vulnerable circumstances into the culture of the firm?

Establishing an organisation-wide vulnerability policy.
Senior leadership play an active role in reviewing governance arrangements, processes and systems to ensure they support staff to meet the needs of vulnerable customers when carrying out their role.
We have a senior manager responsible for the delivery of good outcomes for customers in vulnerable circumstances.
Establishing formal governance bodies/committees that oversee outcomes for consumers in vulnerable circumstances and have powers to influence and change where there are poor outcomes for consumers in vulnerable circumstances.
Outcomes for consumers in vulnerable circumstances is incorporated into performance metrics for the Executive Committee.
Outcomes for consumers in vulnerable circumstances is incorporated into performance metrics of the Board.
Outcomes for consumers in vulnerable circumstances is incorporated into performance metrics for frontline staff.
Outcomes for consumers in vulnerable circumstances is incorporated into performance metrics for all staff where vulnerability is relevant to their role (e.g. product and service design teams, frontline customer service teams).
Flexibility is built into processes/policies to allow staff to adapt the standard, business-as-usual processes to respond to customers’ needs e.g. taking additional time or flexible steps to ensure their customer understands key information, without being penalised for doing so.
Establishing ways in which staff can share good practice and challenges and escalate issues facing consumers in vulnerable circumstances (e.g. working groups, forums).
Other.
We have not taken action.

Q39: What are the key reasons why you have not taken action in relation to any of the six areas of the Guidance (understanding consumer needs, skills and capability of staff, product and service design, communications, customer service and monitoring and evaluation)?

Q40: What challenges have you experienced in supporting consumers in vulnerable circumstances?

Legacy systems making it challenging to implement changes.

Legacy systems making it challenging for staff across different business areas to identify consumers’ additional needs and provide appropriate and consistent support.
Concerns around the application of data protection regulations when providing support for consumers in vulnerable circumstances (for example, around recording and sharing information).
Financial cost of taking action to provide appropriate support for consumers in vulnerable circumstances.
Limitations experienced in being able to implement changes, associated with firm size (e.g. less feasible or clear solutions as a smaller firm).
We have a schedule of change programmes to be delivered and we have prioritised these workstreams to ensure safe delivery meaning our full vulnerability programme has been challenging to deliver amongst other priorities.
The challenges in understanding the nature and scale of vulnerabilities and how best to take these into account across different business areas.
Other.
We have not experienced challenges.

Andrew Gething 22/03/2024 Andrew Gething 22/03/2024

The FCA’s Consumer vulnerability review: our 10-point checklist

The FCA announced on 15th March that it will be reviewing firms’ ‘treatments of customers in vulnerable circumstances’. We were asked by the media for our perspective (FCA to review firms’ treatment of vulnerable customers) and I thought that would share the 10-point checklist we put together, picking up on some key issues we have been discussing with the FCA.

The FCA announced on 15th March that it will be reviewing firms’ ‘treatments of customers in vulnerable circumstances’.

We were asked by the media for our perspective (FCA to review firms’ treatment of vulnerable customers) and I thought that would share the 10-point checklist we put together, picking up on some key issues we have been discussing with the FCA.

10-point checklist

This checklist will help you to work out if you’re looking at the right things. It’s not definitive or exhaustive.

If the number of vulnerable people you’ve identified is in single digits, then it’s likely not sufficient. Around 50% of people are vulnerable at any given time and we’re all vulnerable at some point.
Are you assessing for all vulnerabilities – health and life events – as well as financial wealth?
Are you attempting to proactively assess all customers, not a subset (such as those who phone in, claim or default)?
Do you wait for customers to volunteer that they are vulnerable or self-identify a vulnerability? (We have found that this reveals only a small proportion of the vulnerable population.)
Are you using agents/users to assess vulnerability? (We have found that these can often underreport so, if this method is used, then it needs training and monitoring.)
Are you recording those with protected characteristics, to ensure they receive equitable outcomes, in accordance with the Equality Act?

Are you monitoring changes in vulnerabilities over the lifetime of a product? (This may be the distributor, the manufacture or both. Hoping that the other is doing this isn’t going to cut it.)
Can you evidence how you act on identified vulnerabilities – for example, changing how you communicate, or amend your processes?
Can you evidence of all the above – using good quality, consistent data?
Will you be able to report, for July, on the outcomes received by vulnerable cohorts at board level (bereaved, divorced, those in debt, those with a life-limiting illness and so on) compared to the resilient?

Many firms are now realising this managing consumer vulnerability is trickier than they thought. To make this easier, and keep costs down, we built the consumer vulnerability management software we call MARS.

In practice, few firms meet all the above requirements, especially reporting and monitoring. We recommend having plans in place to demonstrate progress and intent – and there is little excuse to be not assessing customers when interacting with them at point of sale or annual reviews.

I hope the checklist is useful and I’m of course happy to chat about any of these with you, just get in touch.

Andrew Gething 17/01/2024 Andrew Gething 17/01/2024

Our response to the Department for Business & Trade’s consultation on smarter regulation

In January, 2024, our managing director, Andrew Gething, wrote to the Department for Business & Trade regarding its consultation ‘Smarter Regulation: Strengthening the economic regulation of the energy, water and telecoms sector’. This is that letter.

10th January 2024

Dear Sirs

RE – Consultation – Smarter Regulation: Strengthening the economic regulation of the energy, water and telecoms sector.

We enclose our response to the above consultation. We are only replying on Section 3 – supporting customers i.e. vulnerability as this is our area of expertise.

23 What are your views on the creation of a single, multi-sector Priority Services Register?

We disagree with creating a single Priority Services Register (PSR).

We propose that firms should be mandated to understand the needs of their customers and to attempt to mitigate these needs. That we should evolve the present work in this area to provide a service where customers can provide their data once and that this data is shared between the appropriate parties. The best way to achieve this is to:

Evolve the present good work on PSRs to have more detail and cover more people to provide more services to more consumers - upgrading the PSR to a more functionally rich and useful service.
Encourage existing and new commercial firms develop their solutions and promote standards for data portability.
Government/regulators should encourage the providers of systems to enable sharing of data between systems so that the consumer only need to provide the data once.

We disagree with having a single PSR list for multiple reasons:

The issue of data privacy and control is a political hot potato and too easy for politicians to challenge. The government initiative for an ID card being a prime example of where a sound idea was scuppered by party politics. Hence it is unlikely to be promoted by a single political party or will take years to obtain cross party consensus. The present Post Office Horizon scandal makes this even harder.
A single register under government control will have a higher barrier of trust by consumers, especially those who have come from other countries where trust in the government is even worse than the UK.
We propose consumers should be in control of their data and hence they can select who they share their data with. If it is government controlled there will always be skepticism who the data is being shared with. The use of NHS medical data for research and recent government proposals to share data with HMRC, being examples of this challenge.
A single register will take years to agree and build, and meanwhile all the existing good work will go on hold – thus leaving no progress for many years, with a high chance of no solution being delivered.
The variance between different firms and regulators is large and the scope of such a project would be large and hence highly complex. There is a greater chance of success with innovative solutions being developed tried and tested within sectors and different niches and then promoting portability between such systems. In-line with recent FCA proposals to the Credit Reference Agencies to share data.
A single PSR list would encourage a tick box compliance, rather than focusing on the outcomes the consumers with vulnerabilities receive.

We disagree with promoting the PSRs as the core of a vulnerability management systems for multiple reasons:

PSR list treat vulnerability as a binary issue when in fact the majority of issues have a range of severities. A more granular understanding is required to enable prioritization and targeting.
PSR lists are inherently specific to the utility and the data is not portable, as they include both need and characteristics specific to the utility.
The PSR list is not used in financial services and consumers use financial services as they use utilities so ‘tell us once’ applies across financial services as well as many other sectors.
The method or regulation on vulnerability varies between regulators and will take years to re-write regulation to bring together.

We do propose the good work undertaken on PSRs should not be discarded, but that they should be upgraded, to improve data structure that is portable and greater coverage.

We believe the functionality of a vulnerability register should consider:

Vulnerability management systems

PSR lists should be the basis for further development.

Present PSR lists are too simplistic and need to be extended in scope and data structure.

An objective methodology is required to enable consistency in assessment and is a pre-requisite for data portability. A potential harm (i.e. vulnerability) is the resultant of interaction of a consumer’s characteristics and the circumstance/situation of the firm. Consumer needs are proportionate to the resultant harm i.e. the vulnerability.
Data needs to be specific to a consumer to be portable – i.e. their characteristics and their severity.

Any system needs the ability to share the appropriate information to those who need to see it – and hence there needs a hierarchy of access to data in accordance with the need, and this should be controlled by the consumer.

Effective management information can only be provided from consistent data, hence the need for an objective methodology. Effective management information will be vital in the prioritization and targeting of services.

Data privacy

The existing GDPR regulations are largely adequate to manage present data sharing initiatives.

Clarification would be helpful if firms can store data that they themselves may not use but another company may use, or should each firm only be able to access data that they are using.
Consumer engagement and control of data will be easier to deliver if the consumer is in control and hence using the GDPR permission category of ‘explicit consent’ will be preferable going forward to using the category of Specific Public Interest (SPI).
Further regulation may be required as AI matures.

Efficiency and cost-effectiveness

The use of technology to collate and manage data can reduce manual work and deliver efficiency.
Digital interactions with consumers can be engaging and effective for the vast majority.
Manual work should focus on engagement with those most in need and needing non digital communication methods and empathy.

Consumer engagement

Obtaining information directly from a consumer is more likely to help in engaging with the consumer to assist with the need or whatever process the firm is trying to pursue.
Regulators should encourage proactive engagement with consumers to obtain information that otherwise will not be volunteered.
Consumers ae more likely to engage if they experience some benefits from the exercise – a value exchange.
Value can be provided to consumers not directly related to the service being provided, and firms should pursue the provision of other services and signposting, especially where these are minimal cost – to encourage engagement.
The sharing of data between firms itself is likely to be realised by consumers as valuable.

We hence propose:

Government or commercial involvement

A single database is undesirable as development of a single PSR register will take years to deliver and will stifle present good work and initiatives.
Commercial solutions are already in play and far more likely to be successful than a government controlled central database.
Peer to peer sharing of data enables evolution, innovation, competition and is far more likely to deliver.
Regulators should focus on technical and data standards to enable data sharing.

24 What are the best data sources of vulnerability that the PSR should use? Who should be able to input data?

We don’t believe the government or regulators should be specifying the sources of data. There are multiple sources, with pros and cons for their use. We believe the biggest challenge for any vulnerability type register is consumer engagement and trust. Hence, we propose that the sources of data should be transparent to the consumer, and let the consumer select if they are happy to engage on this basis. There are multiple actors and sources of data already in play, all with pros and cons, a sample of these includes:-

Data providers:

VRS the Vulnerability Registration Service interacts with multiple other systems.
LexusNexis provides contact information and updating of contact information for 58 million UK consumers so can form part of the solution to alert when a consumer moves house and provides information on deaths and fraud.
Open banking (e.g. Money Hub) provide indicators of some vulnerabilities – i.e. gambling and propensity for many others.
Socioeconomic data provides indicators or propensity of vulnerability that can be used for identifying consumers with potential vulnerabilities.
It is suggested the UPRN a unique property register can be used. – itself gives links to geospatial data.

Service providers:

Experian with their support hub are sharing customer preference data between firms.
MorganAsh Resilience System (MARS) is upgrading existing PSR information and integrated with VRS.
Tell Jo provides identification for debt for councils.
IE Hub is sharing income and expenditure data between firms and is used by debt companies.

Identification services:

Systems using voice analytics are being trialed in call centers to identify vulnerability, in call centers. e.g. (Aveni, VOYC).

Integration providers:

Exoserve provide a means to share data between gas networks and DNO’s.
Electra link provide DTC – Data Transfer Network for Retail Energy Code parties, a way to transfer data on a batch basis between DNOs and retail energy companies.

Specifying the types of data to be used will stifle innovation.

25 What vulnerabilities and services should the PSR cater for?

We don’t think the government or regulators should specify the vulnerabilities and services. We think the emphasis should be on understanding the issues of consumers and then promoting services and solutions to mitigate or resolve these issues. While the present focus is on the issues that are directly due to the interaction of the firm, in order to promote engagement with consumers there is the opportunity to identify issues and provide solutions that have no relevance to the firm and hence build engagement and trust.

Individual regulators may like to specify a minimum list of services to be provided.

Systems are already in place to identify multiple issues and make recommendations on mitigations and solutions. There are multiple charities and self-help groups and the use of signposting and partnerships to engage with such organizations can provide useful assistance while zero cost to firms. We should be ambitious in the provision of services, not limiting ourselves to a small list.

We note that most people manage to resolve a single issue be that health, financial, lifestyle, but when there is a combination of issues then a lot of consumers struggle to mitigate and resolve the issues. This is not helped by the majority of solutions being siloed to particular disciplines. Hence, simply listing the vulnerabilities and services does not cater for this combination effect, and treating service provision as a single relationship to resolve an issue will not be sufficient.

26 How can existing affordability support be better communicated to increase customer awareness?

Consumer awareness, engagement and trust is the biggest challenge for any vulnerability management initiative.

We note that present methods of data sharing of PSRs is undertaken without consumer knowledge. We believe obtaining information directly from a consumer is more likely to help in engaging with consumers.

Consumers are more likely to engage when they receive some value, and hence firms can provide value which may not be directly related to the firm itself.

We propose:

Regulators should encourage proactive engagement with consumers to obtain information that otherwise will not be volunteered.
Consumers are more likely to engage if they experience some benefits from the exercise – a value exchange.

We can provide detailed papers on data structure for data sharing that explains many of these issues in more detail, if this is useful.

We trust this is helpful.

Andrew Gething

Managing Director

MorganAsh

Andrew Gething 11/12/2023 Andrew Gething 11/12/2023

Technology is critical to ensure Consumer Duty isn’t ‘once and done’

Firms hoping that the FCA would not enforce Consumer Duty will certainly be disappointed, especially following ‘Dear CEO’ letters, reports and supervisory action to address clear shortcomings. Rather than kicking the can down the road, the regulator is knocking on the door of firms that are either complacent or simply ill-equipped to deliver the change it wants to see.

That change is a visible and enduring shift – something that becomes a fundamental and ongoing part of a business’s operations, procedures and importantly, its culture. This was reinforced recently by Nisha Arora, the FCA’s director of cross-cutting policy and strategy, who stressed that the regulation should not be treated as a “once and done” event.

Improving standards, increasing trust and delivering good consumer outcomes – particularly for those with vulnerable characteristics – is still very much the target for all firms. With annual board reports on the horizon, and news of a regulator on the warpath, more firms are understanding the critical role technology and good data can play in meeting these requirements.

Identifying consumer vulnerability

Most recently, stockbroking and wealth management firms found themselves in the FCA’s crosshairs. When asked, many of these firms reported few or even zero vulnerable customers – even though everyone is vulnerable at some point in their lives. In fact, the FCA’s own Financial Lives survey identified that around 50 per cent of UK adults are vulnerable in some way.

Unfortunately, the view that there is “nothing to see here” is one we have heard from a number of firms across different sectors. However, rather than having a magically resilient customer base, the common denominator is a lack of quality data. They are simply not assessing customers or recording consumer vulnerability in any consistent manner. A far more robust approach is for firms to adopt an independent assessment tool, which can measure consumer vulnerability both objectively and consistently – and then track this over time.

The MorganAsh Resilience System (MARS) for example, uses vulnerability assessments to generate a Resilience Rating – which is similar to a credit score. Rather than proportions in the single digits, firms using this approach are generating superior data and reporting consumer vulnerability in line with the FCA’s findings.

Monitoring outcomes

This deeper view then enables firms to determine whether the outcomes experienced by the vulnerable are, at the least, no worse than those received by the resilient.

After all, recent research by the University of Bristol found that disabled consumers are receiving a far worse experience with financial services than those who are not. The FCA’s own data supports this view, with vulnerable adults more likely to report a lack of help and support.

The research conducted by the University of Bristol highlighted that those most impacted were people with conditions that are not visible or obvious, such as learning difficulties, mental health problems and memory-related conditions. This makes an already arduous task much harder. Not only are firms required to identify and monitor vulnerability – tracking any changes to ensure product remains suitable – but firms must do this for all manners of consumer vulnerability, disability and protected characteristics. These include age, gender, religion and sexual orientation – and, under both the Equalities Act and Consumer Duty, must be reported at firm level.

In her speech, Nisha Arora said that the firms not meeting the FCA’s expectations are often those that are just “repackaging existing data”, without thinking seriously about the information needed to really understand consumer outcomes. Technology can play a significant role in mitigating this task, helping firms identify vulnerability – and collect protected characteristics data as part of the same assessment – ready to report on, annually at the very least.

Reporting requirements

Board reports will be the next big hurdle for firms to face as the regulator looks to utilise these, and the management information behind it, to determine a firm’s compliance with the rules. Good data is the bedrock of Consumer Duty compliance and, unsurprisingly, a key component of meeting the reporting requirements.

Rather than a mad scramble or a shot in the dark, users of platforms such as MARS always have this intelligence instantly at their fingertips, automating the entire reporting process. As part of its latest update, the reporting page in MARS has been enhanced to enable firms to generate detailed reports on key metrics such as demographics and protected characteristics.

When you consider the task at hand, there’s no question that consistent and unbiased processes play a critical role in not only meeting the requirements today, but ensuring that firms can identify vulnerability, monitor outcomes and report on results on an ongoing basis. It quickly becomes clear that avoiding “once and done” is only possible through technology, hence why the FCA has long advocated for firms to increase adoption.

Andrew Gething 18/10/2023 Andrew Gething 18/10/2023

When to be proactive or reactive when undertaking vulnerability assessments

Financial services firms implementing Consumer Duty have differing views on whether to assess vulnerability proactively or reactively.

Financial services firms implementing Consumer Duty have differing views on whether to assess vulnerability proactively or reactively.

For those who are looking for instructions from the FCA, there are clauses within the regulations which support both views. Handbook PRIN 2A.7.4 states:

“In relation to the needs and characteristics of retail customers, a firm should, among other things: …. (4) assist frontline staff to understand how to actively identify information that could indicate vulnerability and, where relevant, seek information from retail customers with characteristics of vulnerability that will allow staff to respond to their needs.”

— FCA (Handbook PRIN 2A.7.4)

Yet, in contrast, in the guidance document, clause 6.29 states:

“We do not expect firms to explore customers’ circumstances exhaustively or to identify every customer with characteristics of vulnerability. We do, however, expect firms to support their staff to identify signs of vulnerability, for instance through training and resources, and to set up systems and processes that enable customers to disclose their needs, if they choose…”

— FCA (Handbook clause 6.29)

While some may bemoan the inconsistency, we think that focusing too hard on the wording misses the point – we really need to look at the bigger picture. The overarching principle of Consumer Duty is to promote good consumer outcomes, to measure those outcomes, and to evidence that the vulnerable do not receive worse outcomes than the resilient. Rather than specify how this is undertaken, Consumer Duty sets out the principles – and then gives firms leeway on how to implement them. However, the regulation is clear that companies must measure, spot and monitor, and take appropriate action, when they find unfavourable outcomes for consumers.

The challenge is how this information is collated at firm level in order to provide robust reports that vulnerable consumers are not receiving worse outcomes than the resilient. This is not easy.

A recent report on the financial wellbeing of disabled people in the UK highlighted that disabled people receive worse financial outcomes than resilient consumers. The report particularly highlights a list of those conditions where affected consumers receive particularly poor outcomes, including learning difficulties, mental health conditions, multiple health conditions, disabilities that have been acquired suddenly, chronic fatigue, non-visible conditions and memory-related conditions. Notably, most of these conditions are highly unlikely to be detected by a firm relying on a simple reactive approach; nor would they be volunteered, unsolicited, by customers or even known by the consumer themselves.

Since using a reactive approach will not identify these conditions, it is unlikely firms can possibly have the required data to report on them when it comes to reporting outcomes. So, what should firms do? Can they rely on clause 6.29 above and only collect information reactively? Well, yes – but only if they are meeting the wider firm-level monitoring requirements.

We propose that firms can use a reactive approach if they meet all these criteria:

Have a robust process for assessing and evidencing consumer vulnerability.
Have a robust methodology to identify vulnerabilities that are not typically volunteered or easily visible.
Fully understand the cohorts of vulnerable consumers across the target market.
Have robust evidence of consumer characteristics and can demonstrate comparisons to applicable benchmarks.
Can evidence that cohorts of vulnerable consumers experience no worse outcomes than resilience customers.

Source: MorganAsh

In the recent ‘Dear CEO’ letters, the FCA refers to ‘weak identification of vulnerable customers’. What does this mean – and how can it be quantified? Well, from multiple sources, including the FCA’s Financial Lives survey, we know the mean average of consumers having some sort of vulnerability is around 50%. This is an easy metric to use as an assessment benchmark – and if firms are not doing this, then they should review their assessment method – period. Our experience shows us that those firms which use only a reactive approach report figures far less than this – which makes their results highly questionable. You can’t just say that “half of our customers are vulnerable” because the regulator will then ask: “which half, and in what ways?”

Reporting and monitoring are required at firm level – the challenge is how you collate data at firm level if you don’t have data at customer level to start with. It’s understandable that firms feel that ‘having to go back to each and every customer’ will be an expensive bind, but waiting for the data to somehow present itself isn’t an answer. The reality is that is doesn’t have to be expensive or onerous – there are automated solutions to help.

MARS, the MorganAsh Resilience System, was built from the ground up to work in this way – to get the data from the source, provide tools to manage that data – and deliver extensive reporting. It automates assessments, making them quick, low-cost and objective. Consumers can be easily managed, and vulnerabilities tracked (because most change over time). Management information and reporting is just a click away. MorganAsh is working with Investor in Customers, combining outcome reporting with vulnerability reporting – to specifically answer if any vulnerable cohorts are receiving worse outcomes. It’s cost effective even when just considering the assessment – but because the data is always there, it virtually obliterates costs related to reporting.

As it does with many other challenges, technology can provide the scale, efficiency, and low cost to tackle the ‘reporting at firm level’ challenge with ease – enabling an easy way to move from reactive assessments to proactive ones.

Andrew Gething 23/09/2023 Andrew Gething 23/09/2023

Are banks and lenders going far enough on vulnerability?

With the arrival of Consumer Duty – which came into force back in July – all areas of financial services are considering how to best identify and look after vulnerable clients.

With the arrival of Consumer Duty – which came into force back in July – all areas of financial services are considering how to best identify and look after vulnerable clients.

In an intermediated market, there’s also further consideration as to how vulnerability is defined, recorded and shared consistently among all relevant parties. This is particularly pertinent for banks or lenders and their broker partners – ensuring that any processes put in place to capture, share and act upon this data will genuinely deliver good outcomes for the consumer.

Just recently, we’ve seen two major banks – Halifax and Metro Bank – step forward with their own approaches to supporting vulnerable customers. These include online hubs, phonelines and making resources available to brokers. We must applaud their efforts – not just for their progress on vulnerability, but for recognising the need for brokers to share when they have vulnerable clients.

However, do these vulnerability measures go far enough? While delivered with the best of intentions, there are still potential weak spots which could lead to poor outcomes.

The scale of vulnerability

Across financial services, there remains a lack of appreciation for the scale of consumer vulnerability. As part of its Financial Lives survey, the FCA reported that 52 per cent of UK adults (27.3m people) were classed as having one or more characteristic of vulnerability.

With the vulnerability solutions offered by lenders including either a phoneline for brokers, or calls directly to vulnerable clients, it’s safe to say that those phonelines will be extremely busy if the customer base is even remotely close to the FCA’s findings. Will a busy broker have the bandwidth to call the lender to report and discuss each and every customer’s vulnerability – let alone a lender having the capability to call more 50 per cent of their customers? In some cases, is that even appropriate?

Inconsistencies

We mustn’t forget that vulnerability is not a binary issue. Instead, there are a wealth of characteristics and circumstances that can attribute to a customer’s vulnerability. By our count, there are more than 400 variations. It’s therefore not impossible that both the lender and the broker have differing opinions on the prevalence and severity of a vulnerability. What happens in this instance?

Brokers using the Halifax system will also receive a call-back from a member of its vulnerability team to discuss the matter further. While this is a positive, it does require both the broker and the agent to have comprehensive training to clearly identify all manners of vulnerability. The Metro Bank system asks brokers to add concerns to applications – which not only faces similar issues, but creates inconsistencies in reporting and headaches for those trying to act upon the information.

Lack of technology

In reality, technology is playing a critical role in helping firms of all sizes meet the requirements of Consumer Duty. In fact, software is already available to measure vulnerability objectively and consistently, with little input needed from advisers or lenders. It can also provide uniform reporting – so that information can be shared and acted upon to ensure compliance and the best possible outcome.

Using MARS (the MorganAsh Resilience System) as an example, vulnerability assessments generate an objective Resilience Rating – much like a credit score. Then, rather than using a phoneline or submitting case notes, users can send a MARS certificate to the lender, or generate a full characteristics report if further information is required.

I must stress my intention is not to bash the efforts of those making progress with vulnerability. All progress is good. However, with the greater requirements of Consumer Duty, any system put in place needs to answer the demands of the market: how will it be consistent, how will information be shared, how will the monitoring requirements be met – among others.

Most importantly though, how will it ensure that vulnerable customers are identified, supported and ensured the best possible outcome. To my mind, this can only really be achieved through integrating technology – especially at the scale required for major banks and lenders.

Peter Labrow 19/09/2023 Peter Labrow 19/09/2023

I’m a training evangelist, but it’s not a silver bullet for Consumer Duty

When it comes to applying training as the sole solution to assessing customers’ vulnerability for Consumer Duty, I’m really forced to say, “Woah there!”

I’m a self-professed training evangelist. I don’t just have a passing interest in learning; it’s a subject I know about in real depth and one in which deeply believe.

I have been employed by training organisations at a senior level and worked with learning providers as a consultant. I co-founded a learning sector specific newswire, was a founding sponsor of the Learning and Performance Institute, I co-wrote a book about training – and have written countless articles for learning and HR magazines.

And yet, when it comes to applying training as the sole solution to assessing customers’ vulnerability for Consumer Duty, I’m really forced to say, “Woah there!”

It’s not that I don’t think training has a role to play. It does – and more knowledge is always a good thing. But as a panacea? I don’t think so. Why? There are three main stumbling blocks, and they’re interconnected.

Depth and breadth of training

The first is the depth and breadth of training needed to be sufficiently knowledgeable. There are literally hundreds of potential vulnerabilities – and a passing bit of knowledge for each is nowhere near enough. While you don’t need to be an expert, you do need some knowledge.

Take sight as an example. Like every vulnerability, people are not either blind or sighted. There are lots of conditions – and each has a range of severity. Typical of all vulnerabilities, many of these conditions will be of a severity that would require the vulnerability be recorded but doesn’t have a material impact on the person’s abilities to read. So, it would be potentially discriminatory – and may disadvantage them – to simply classify them as vulnerable.

Furthermore, like all vulnerabilities, it’s likely the person will have coping mechanisms in place. A fully or largely blind person may use braille or assistive technologies such as screen readers – so they can be potentially as able as most other people. In addition, people typically have a support network – a partner who helps, or friends and family. So, a ‘checkbox for vision’ isn’t helpful, especially if there isn’t a means of exploring how that vulnerability is mitigated.

Multiple vulnerabilities

The second is that vulnerabilities aren’t serial events. People can be, and are, affected by multiple things at the same time. Our experience at MorganAsh is that most people can cope fairly well with a single event – a bereavement, accident, divorce and so on. Yes, these can certainly render a person vulnerable, although these are generally temporary in nature. But lose your job at the same time your partner leaves and the sum vulnerability is greater than 1+1 because it will almost certainly affect that person’s mental health – in either the short or long term.

It follows then that any training must take not only each vulnerability into account, but also what happens when there are multiple vulnerabilities. Some permanent, some temporary, some with coping mechanisms and support networks – and some without. That’s a lot of stuff to learn.

Time

With the best will in the world, who has the time to learn all of this – when it’s just a part of your job? It happens to be a part of the job where reporting and attestation is vital, but financial advisers and firms must be experts, frankly, in quite enough stuff already.

I believe that most people would just reject the idea of having to undertake the amount training that’s actually needed. They may take some training and believe that it’s enough, but you don’t know what you don’t know, as they say. I’ve been immersed in the topic of consumer vulnerability for about three years and can talk passionately and with some authority on it – but I’d feel uncomfortable positioning myself as an expert.

To expect an entire sector to learn this amount of information, when it’s not their specialism, is a bit naive.

Subjectivity

As humans, most of our decisions are based on subjective judgements. True, greater knowledge almost always brings lesser subjectivity, but that’s not a given. Without in-depth training, we can only make assessments based on our life experience – and it’s not enough, not by a mile. A good training course can give us a broad understanding – I’m fully in support of this. But it will take far more training than is reasonable to be confident that subjectivity has been removed from the equation.

This is why I believe that training alone can’t solve the problem. And that’s coming from someone who has been banging on about training most of his working life.

Any solution should not only include technology, it should be underpinned by it. A technological solution should obviate much of the need for training, make assessments objectively and provide the data required for attestation. A system such as MARS – the MorganAsh Resilience System – does this and more. Advisers can walk clients through an assessment, or they can leave it entirely to MARS, taking themselves out of that part of the equation.

Some training is still needed and will play a crucial role. In my experience most people’s understanding of consumer vulnerability isn’t close to being as strong as it should be – a clear priority to address. But, with a technology solution, training doesn’t need to be in depth and shouldn’t take long. Training certainly shouldn’t be the sole solution.

I’m sure those long-term colleagues of mine in the L&D sector will instinctively disagree. I’d argue that if the only tool you have is a hammer, you’ll start treating every problem like a nail. I’m from an L&D background – and it’s taken me a good while to grasp the sheer scope of what’s needed.

I readily accept that technology isn’t the single solution either – but to assess and manage vulnerable clients objectively, quickly, easily and cheaply, it’s a much better proposition than training alone. And that’s coming from a training disciple.

Andrew Gething 22/07/2023 Andrew Gething 22/07/2023

Vulnerability training is not enough

In the drive to identify and manage vulnerable consumers, many firms have directed effort towards training frontline staff. Why does training not work, or at least not work to anything like the expected degree?

In the drive to identify and manage vulnerable consumers, many firms have directed effort towards training frontline staff. This is logical – it was a suggested approach within vulnerability guidance. But there’s an issue: training alone is insufficient – particularly for financial advisers and mortgage brokers. In reality, the use of technology is likely to be far more cost effective.

As one compliance officer said recently, “Although we put all our advisers through SOLLA training, when we subsequently undertook an audit, we discovered that we had still not identified vast numbers of vulnerable people”.

Why did this training – and training like it – not work, or at least not work to anything like the expected degree? Why is this particularly true within the financial adviser community? The reasons for this are becoming apparent.

First, there are many characteristics and circumstances that can lead to a consumer being vulnerable – and there are ranges of severity for each characteristic. What’s more, the potential for harm is different depending on the products of concern. Training every adviser on each characteristic, and when it requires an appropriate action, is a considerable task. Indeed, MARS, the MorganAsh Resilience System, measures over 400 variations of these.

GDPR requires us to only record any data we need for our purposes, while Consumer Duty requires us to assess consumer vulnerability in proportion to potential harms and monitor the data over time. There is clearly a balance to be achieved – and firms are agreeing the amount (and granularity) of data to collect and store, in proportion to the potential harm. Financial products can be a proxy for potential harm: for example, the potential harm for a defined benefit transfer is far higher than for a life insurance product.

With a training-only approach, policies are written, and each adviser must be trained on what the level of detail is appropriate to collect for each product. Without this, there can be large variations in the amount of detail collected and stored – which could result in issues should a poor outcome or just a claim be pursued later.

GDPR also provides us with a further challenge – because only those people who need to know should see the data. Equally, all employees (and indeed anyone associated with providing advice) need to be aware of a consumer’s vulnerabilities, including if they just phone in. An understanding of a consumer’s mental health is a particular point – on the one hand we need to keep this detail confidential, but we also need to ensure our staff our aware of the person’s characteristics.

MorganAsh generates a Resilience Rating – much like a credit score for vulnerability – for several reasons. One of these is to enable the communication of issues across organisations with different levels of detail. At its top level, a simple rating gives an immediate guide if there is a vulnerability issue and its severity, determining where a client sits on a scale from very vulnerable to very resilient. For example, if the rating is low, the employee is going to be empathetic, whereas a higher rating is going to be fine.

At the next level, the Resilience Rating is shown at its primary characteristic level – health, wealth, life events, financial understanding, engagement capability and support network. The next level down then gets into more detail on each of these categories – health being divided into mental health and physical health, for example. Firms can determine who sees what level of detail, depending on their role within the organisation. Everyone (and indeed support firms) could see the high-level rating (as there is no personal information divulged), but there is a good indication of vulnerability. This overcomes the GDPR versus Consumer Duty conundrum of having enough information to meet Consumer Duty while keeping information confidential.

Next, there is effectively an infinite number of mitigating strategies and support organisations to signpost to. These include local and national organisations, charities for health, powers of attorney, debt, domestic abuse and so on. Again, a great deal of training is required to understand where best to send people – and what those places are.

This is a great deal of detail on which to provide training. While it may well be suitable for customer service agents in a call centre who are solely focused on discussions with consumers, this is undeniably a big overhead for financial advisers who already have a large training overhead to keep up with financial, tax and regulatory changes. It’s arguably not their core skillset – and trying to convert advisers to doing this is probably unrealistic.

One provider promotes a one-page paper vulnerability assessment tool. At first glance, it looks easy to use, but its first item is: ‘I have considered how the client is assessed against our vulnerability policy’. To comply with this first question requires extensive training. The simple looking table actually has 80 assessment decisions to be made including the ‘fair treatment of clients in vulnerable circumstances capacity’ with advisers choosing red, amber or green.

We would not expect a medical professional to make triage decisions on a person’s financial health, so it’s slightly bizarre that we expect to train financial advisers to make these medical decisions.

Finally, firms have different tolerances and attitudes for different products – in terms of what they should, and should not, do in a particular circumstance. Documenting this alone is a massive task – never mind subsequently training all advisers.

When the genuine scope of the training need is understood, it becomes clear that expecting advisers to learn and remember all of this detail is such a massive undertaking that, in practice, it is unrealistic. It is not surprising that it isn’t working as expected.

While it is true that advisers and brokers have looked after vulnerable consumers all their professional lives, Consumer Duty has considerably moved the goalposts on the scope of vulnerabilities that must be considered, how these are evidenced and the required actions. As an industry, we can no longer be concerned just with financial vulnerabilities. We have to factor in all potential vulnerability issues – including health and lifestyle, domestic abuse, divorce, learning difficulties and so on.

Fortunately, there are now dedicated systems – such as MARS, from MorganAsh – which can overcome this apparent training overhead. These systems help to identify vulnerabilities, keep records for evidence and make recommendations on suitable treatments at the appropriate time. The information is always at advisers’ fingertips, whenever they need it, they don’t need to remember it or make difficult decisions on severity of vulnerable issues, how much data is required, GDPR, and how much data should be communicated to whom.

The way legislation was presented is partially to blame for directing people towards training. It’s not the only relevant change. The original vulnerability guidance, FG 22/1, promoted one-to-one assessment for consumers purely on a reactive basis – whereas Consumer Duty significantly upgrades this, requiring the proactive assessment of all customers, monitoring them over the lifetime of their products – and the need to maintain evidence of all this.

There is a need for training – but we should re-focus this on organisational culture, the use of available systems – and the soft skills needed to engage with consumers under difficult circumstances.

Andrew Gething 28/06/2023 Andrew Gething 28/06/2023

‘Inside FCA Podcast’ – ‘explaining Consumer Duty outcomes monitoring’

The FCA has just released the latest episode of its ‘Inside FCA Podcast’ entitled ‘explaining Consumer Duty outcomes monitoring’. We asked Tony Crane – in his role as chair of the ‘Consumer Duty: managing vulnerability’ webinar series – to summarise his view on how vulnerability fits within Consumer Duty’s reporting requirements, on the back of this latest podcast.

The FCA has just released the latest episode of its ‘Inside FCA Podcast’ entitled ‘explaining Consumer Duty outcomes monitoring’.

We asked Tony Crane – in his role as chair of the ‘Consumer Duty: managing vulnerability’ webinar series – to summarise his view on how vulnerability fits within Consumer Duty’s reporting requirements, on the back of this latest podcast.

First, for those who haven’t heard it, here is a short summary of the podcast. Tony highlighted his key points in terms of vulnerability – as well as some other important quotes from Ed Smith:

Some key points made by Ed Smith, Head of Competition Policy at the FCA:

“Without the information or the evidence, it’s not really possible for firms to know that they’re meeting the requirements under the Duty.”

“We don’t expect them to have all of it on day one. As long as they can evidence good outcomes from day one, but then have a strategy to develop the data that they need to really understand those better in the future, that’s fine and they can work with us.”

“As I said, we have specific guidance around vulnerability, and we definitely do expect firms to consider customers with characteristics of vulnerability in the data they collect.”

The podcast’s main points: (some references from FG21/1 as well):

The FCA expects firms to consider those consumers with characteristics of vulnerability when deciding which information to collect. This includes customers who may be:

Financially vulnerable: these customers may have difficulty managing their finances, such as those who are on low incomes, have poor credit histories, or are struggling with debt.
Emotionally vulnerable: these customers may be going through a difficult time in their lives, such as those who have recently experienced a bereavement, separation, or redundancy.
Cognitively vulnerable: these customers may have difficulty understanding complex financial information, such as those who have learning disabilities or dementia.
Physically vulnerable: these customers may have difficulty accessing financial services, such as those who are elderly, disabled, or live in rural areas.

Firms should also understand the differences in the outcomes across their customer base – and be able to monitor distinct groups of customers to see whether they might be receiving worse outcomes than others. This includes customers from different socioeconomic demographics, geographical regions, or distribution channels.

Firms should also be aware of any differences in prices charged to different groups of customers and satisfy themselves that those differences are both appropriate and provide fair value – noting that the regulation doesn’t insist that all customers are charged the same.

The FCA expects firms to (where they can) include the proactive monitoring of customers’ protected characteristics as part of their wider work but acknowledges that this may not always be possible. Where firms do collect data about customers’ protected characteristics, they should use it as part of their process to monitor differences in outcomes between different groups.

Firms should ensure that they are complying with the relevant legislation, such as the Equality Act 2010 and the Data Protection Act 2018, when collecting and monitoring data about customers’ protected characteristics.

According to Tony, there are specific expectations around vulnerability:

Firms should have a clear understanding of the characteristics of vulnerability which are relevant to their business. This will help them to identify customers who may be vulnerable – and to tailor products and services accordingly.
Firms should collect data on customer outcomes, including data on customers with characteristics of vulnerability. This data can be used to identify any differences in outcomes between different groups of customers and to monitor the effectiveness of firms’ efforts to improve outcomes for vulnerable customers.
Firms should have processes in place to monitor customer outcomes and to identify any potential risks to good outcomes for vulnerable customers. This could include monitoring customer complaints, cancellations, and feedback.
Firms should have procedures in place to address any risks to good outcomes for vulnerable customers. This could include providing additional support to vulnerable customers, such as financial education or debt advice.
Firms should review their policies and procedures on vulnerability on a regular basis to ensure that they are effective. This could involve consulting with customers with characteristics of vulnerability and with experts in the field of vulnerability.

Our thanks to Tony Crane of Crane Consulting.

Andrew Gething 19/05/2023 Andrew Gething 19/05/2023

Technology adoption is key to meeting Consumer Duty’s requirements

In their simplest form, the FCA’s new Consumer Duty regulations have been introduced to ensure financial services firms are delivering good outcomes for customers. In particular, the new Duty puts a clear emphasis on protecting those with vulnerability characteristics – people who are arguably the most susceptible to both potential harm and to poor outcomes.

This is certainly relevant in the field of specialist lending, which has offered a lifeline to many borrowers with niche requirements – or have a profile that is far from standard.

For this reason, Consumer Duty may feel a little redundant for some – as, in their minds, they’ve long been treating customers fairly and have looked after vulnerable customers all their professional life. Indeed, current vulnerability guidance had already raised the need to assess and consider the vulnerability of consumers.

However, Consumer Duty significantly expands on this, adding the need to evidence that these vulnerabilities are assessed and monitored throughout the lifetime of the product. The scope of vulnerabilities has changed dramatically too, with firms now required to review all potential issues beyond just financial. This includes health and lifestyle challenges, divorce, domestic abuse, learning difficulties and many others.

Finding vulnerability data

It is true that firms have considered the consumer’s situation and have taken into account any issues that came to light. However, despite the best intentions, most of this has been subjective, inconsistent and rarely documented. With Consumer Duty enforced from July, this process needs formalising – just as, in the past, how fact-finds moved from a subjective, informal approach to a formal, documented process. This simply isn’t possible though without robust vulnerability data.

Many have searched for databases of ‘vulnerable people’ but, unfortunately, these just do not exist. It is true that socioeconomic data exists to identify cohorts of consumers – but this sits at a postcode level, not a personal one. And yes, there is credit data – which is personal – but it’s limited to financial vulnerability and affordability.

Instead of waiting for vulnerability databases, the reality is that consumers are themselves the only true source of data. The challenge is how to acquire that data. Many companies would have collected some data when consumers initially contacted them, whether it was for a complaint or a claim. Some larger tech firms may even use AI to interpret and assess voice and text interactions with consumers – this would certainly be beneficial for large lenders.

This seems like a fairly logical place to start, since the proportion of vulnerable people among this cohort is likely to be high. However, this is still just a subset of a firm’s customer base. Consumer Duty requires us to understand the vulnerability of all customers – not just those that get in contact. Since most identify vulnerabilities differently, there’s little consistency in who is registered as vulnerable or not.

Consistency is key

A lack of consistency happens far too easy with individual interpretations of vulnerability. Much like deciding if someone is ‘rich’ or ‘poor’, without some form of guidance, the answers vary based on a range of subjective viewpoints. When you also consider the vast number of characteristics and circumstances that can lead to vulnerability, the training required for staff to identify these becomes a massive undertaking, and a considerable expense.

There’s also the consistency of data capture. While some firms may have added a vulnerability tick box to systems, the detail of the vulnerability is typically stored in an unstructured free-text format in a comment box. Such results are extremely difficult to report on – and impossible to analyse. Different standards of assessment and data capture leads to inconsistencies and reduces the value of any data produced.

Directors of firms must demonstrate annually their implementation of Consumer Duty – with the FCA reinforcing the need to see evidence of this. Good data is also essential for fair value and target market analysis. We can then understand if we are giving fair value to those with specific vulnerabilities and analyse how well we comply with the Equalities Act on the distribution of protected characteristics.

Utilising technology

A far more robust approach is to adopt an assessment tool which encompasses an objective and consistent way of measuring vulnerability. Such tools already exist, whether as a standalone system or integrated within CRM systems – helping to automate much of the process and minimise the administrative overhead.

For example, the MorganAsh Resilience System (MARS) generates a Resilience Rating which is much like a credit score, but for vulnerability.

Brokers don’t need to remember the specific level of vulnerability which applies to the likes of domestic abuse, heart attack or divorce – because these are all embedded directly within the assessment tool. Furthermore, firms can use different options to gather information – either by a broker assessment or by the consumer completing an assessment online. There’s also the opportunity to configure tools to better align with different use cases and appetites to risk.

Without an objective and consistent approach, many firms are reporting their proportion of vulnerable customers is in single figures. In contrast, firms using tools such as MARS are reporting closer to 50 percent, which is closely in line with the FCA’s own Financial Lives survey. Such a clear disparity shows that it’s impossible to ensure fair value or that products meet the needs of clients – key areas of focus for firms.

Monitoring requirement

A consumer’s vulnerability will almost certainly change throughout the lifetime of a product – it would be rare for it not to – so there is a need to continue to monitor the consumer to ensure the product remains suitable. While the FCA doesn’t specify how often this should be done, many are considering that annual reviews on a proactive basis, as well as reviewing issues on a reactive basis, are sufficient.

Some have questioned whether the responsibility for this falls on the intermediary or on the manufacturer. As far as Consumer Duty is concerned, it doesn’t matter who undertakes the monitoring, just so long as it happens. Brokers may prefer to undertake this responsibility and plan in line with fixed-rate terms. One can assume the responsibility will fall to the party which wants to maintain the relationship for the long term.

What is clear is that consistent and unbiased processes will play a critical role in not only meeting this requirement, but also in ensuring that all parties can understand and account for vulnerabilities both today and in the future. Since this is only possible through technology, it’s right that the FCA identifies adoption as a key focus for firms.

Andrew Gething 20/04/2023 Andrew Gething 20/04/2023

Consumer Duty: Who monitors the customer?

The FCA’s recent ‘Dear CEO’ letter, on 3 March, reiterated the requirements for Consumer Duty. One item was: “The Duty makes clear that firms must provide support that meets the needs of customers, including those with characteristics of vulnerability, throughout the life of the product or service.”

As we know, a consumer’s vulnerability may likely change throughout the lifetime of a product – so there is a need to monitor the consumer over this period to ensure the product remains suitable. The FCA doesn’t specify how often this should be done but, in general, many are considering that annual reviews on a proactive basis, as well as reviewing issues on a reactive basis, is sufficient.

A key question is: ‘just whose role is it to undertake this monitoring?’ Is it the intermediary or manufacturer? Consumer Duty requires us all to ensure that Consumer Duty is applied in the interest of the consumer. Indeed, it doesn’t matter who undertakes the monitoring just so long as it happens. Intermediaries may prefer to take on this responsibility and typically, advisers do undertake annual reviews and mortgage brokers will plan in line with fixed-rate terms. Presumably, comparison websites and none-advised sales will be far less likely to take on these responsibilities – so manufacturers will need to have their own processes to properly monitor these customers.

It’s clear that, at the least, either the intermediary or the manufacturer must take on the responsibility for monitoring. It therefore presumably follows that whoever wants to keep the relationship over the long term must be the one to undertake the monitoring responsibility.

Traditionally, manufacturers have struggled with intermediaries – with intermediaries not wanting manufacturers to interfere with ‘my customer’. Consumer Duty requires that all parties must ensure that the monitoring obligation is undertaken, and so there is a clear need for both parties to be absolutely clear whose responsibility this is. I would expect this to become a standard part of distribution agreements – and it's likely to influence the remuneration package.

Arguably, for a fixed-term mortgage, there is little anyone can do should circumstances change over the fixed term, so it seems reasonable that a proactive check is only required a few months prior to the end of the fixed term. But whose responsibility is this? The broker may only be engaged for the particular house purchase, and the consumer may go elsewhere when they want to renegotiate, so the broker may not consider themselves to have the monitoring obligation. Consumer Duty therefore puts a requirement on the broker-manufacturer relationship to ensure clarity over who undertakes the monitoring liability.

For life insurance, there arguably is no need to check annually – but for critical illness and income protection there is a clear monitoring obligation – if only to remind the consumer that they have the product, should they need to claim. For income protection there is also the need to ensure the product remains suitable – matching changes in salary and family circumstances.

Income protection and mortgages may be with the same, or different, manufacturers. Equally, a mortgage broker may want to keep the relationship and the monitoring liability for the mortgage – but not for the protection product.

If the intermediary maintains the monitoring obligation, then presumably the manufacturer doesn’t need to undertake a vulnerability assessment – since they can rely on the intermediary to do this. Some manufacturers may require that intermediaries share their vulnerability assessment, so they already have this information should the consumer elect not to continue with the relationship – or they may put in place their own assessments, independent of the intermediary.

In April, manufactures should be informing intermediaries how they will be implementing Consumer Duty. We expect this will need to include clarification about who undertakes the vulnerability assessment, if the manufacturer will undertake their own assessment or they wish the intermediary to pass their assessment to them.

If manufactures have not made this clear by July, then – for intermediaries – the safe option is to pass this (with the clients’ permission) to the manufacturer, so the manufacturer is made aware of any issues.

Andrew Gething 22/03/2023 Andrew Gething 22/03/2023

Consumer Duty: sourcing vulnerability data

Vulnerability guidance raised the need to assess and consider the vulnerability of consumers. Consumer Duty regulations added the need to evidence that we have assessed these vulnerabilities and can monitor these over the lifetime of the products.

For years, brokers have considered the situation of the consumer and have taken into account any issues that have come to light. Most of this has been subjective and rarely documented – but all with good intentions. Consumer Duty comes into force from July, so we must now formalise this – just as how fact-finds moved from a subjective, informal approach to a formal, documented process. But where do we get the data on vulnerability?

Many have searched for databases of ‘vulnerable people’ but unfortunately, these simply do not exist. True, there is socioeconomic data which identifies cohorts of consumers but this is generally at a postcode level, rather than a personal one. And yes, there is credit data – which is personal – but it’s limited to financial vulnerability and affordability.

Consumer Duty has expanded the scope of vulnerabilities firms need to consider, monitor and evidence. While financial vulnerabilities still remain important factors, firms now need to review all potential issues – including health and lifestyle, domestic abuse, divorce and learning difficulties – to name just a few.

Larger tech firms use AI to interpret and assess their voice and text interactions with consumers. This can certainly be useful for large lenders – for example, to pick up complaints – but it is limited to those consumers we already communicate with and where the product is already in place. To meet Consumer Duty’s requirements, we must assess vulnerability prior to onboarding new customers.

While the FCA’s Financial Lives survey identified that around 50 percent of all consumers are vulnerable, but – in any given group – just who are they? The only practical and workable way to definitively locate that 50 percent is to screen all consumers.

In practice, the only robust approach is to assess all consumers directly, at the point of sale, and continue to do so on an ongoing basis. For mortgage brokers, this becomes an integral part of the sales process, just like the fact-find. The next big challenge is how to be consistent in the assessment, so others can understand vulnerability data today and in the future.

Companies training frontline staff have quickly found that everyone’s interpretation of vulnerability is different. It’s a bit like everyone deciding who is ‘rich’ or ‘poor’ – without guidance you simply end up with multiple answers, based on differing subjective viewpoints. The more we understand about the considerable variations of health and lifestyle issues, the cost overhead of training becomes prohibitive.

A far better approach is to use an assessment tool which encompasses an objective and consistent way of measuring vulnerability. For example, the MorganAsh Resilience System (MARS) generates a MARS Resilience Rating – much like a credit score, but for client vulnerability.

Brokers don’t need to remember the specific level of vulnerability which applies to – for example – domestic abuse, heart attack or divorce because these are all embedded within the tool. Furthermore, MARS includes different options to gather information – either by broker assessment or by the consumer completing an online assessment.

In practice, those firms using the training approach typically only identify a small proportion of vulnerable customers – usually in single figures. In contrast, companies using MARS report vulnerability levels at around 50 percent – in line with the FCA’s findings. Such a clear disparity shows that it will be tough for many firms to ensure fair value or that products meet clients’ needs – key areas of focus set out by the FCA.

Monitoring is a vital part of the duty; firms are expected to evidence and stand behind customers’ outcomes. Not surprisingly, the FCA’s recent multi-firm review identified that investing in technology and data strategy be a key priority for firms.

Whether as a standalone system, or integrated into an existing CRM system, technology is now available to not only mitigate the challenges of collecting vulnerability data, but to help deliver a competitive advantage for firms.

Andrew Gething 21/03/2023 Andrew Gething 21/03/2023

Consumer Duty: from where do you get vulnerability data?

Many firms implementing Consumer Duty find that they struggle with the need to evidence the vulnerability of their customers.

Many firms implementing Consumer Duty find that they struggle with the need to evidence the vulnerability of their customers.

Vulnerability guidance from February 2021 encouraged training staff at the front end, but Consumer Duty added on three major enhancements: first, the need to proactively assess all customers, second to evidence vulnerability to directors and third, the need to monitor consumer vulnerability over the lifetime of the product. That evidence is itself required for fair-value and target-market evaluations. So, from where can you get this data?

In an ideal world, there would be a rich source of data from an organisation like a credit agency; this could tell us whether a customer was vulnerable but no such convenient data source exists. True, there is socioeconomic data which can suggest the propensity of an individual to be vulnerable based on factors such as market value of houses and local employment rates – but since these operate at postcode level their value is sorely limited. For example, they can’t tell us who has cancer or is bereaved. These may initially seem like trite examples, but as examples they stand because vulnerabilities happen on a personal level, not a postcode level.

The reality is that there can only be one source of data: from consumers themselves. The challenge is how to acquire this. Many companies would have collected some data when consumers initially contacted them, be it for a complaint or a claim. Indeed, this is a good and pretty logical place to start as there is likely to be a high proportion of vulnerable consumers within this cohort. But it doesn’t go anywhere near far enough. It’s still just a subset of a firm’s customers.

The deadline set to understand the vulnerability of all customers is frighteningly close: July 2023. From the FCA’s Financial Lives Survey we know that around 50 percent of people fall into the vulnerability category – and live results from MorganAsh supports this finding. How do you identify which half of your customers are vulnerable?

The conclusion is inevitable: there must be a process put in place to assess each customer. Most holistic advisers do this when they undertake annual reviews, most brokers when mortgages are up for renewal. Both are unlikely to get all customers evaluated by the July 2023 deadline. However, this is both a practical and pragmatic solution that in our view will be accepted by the FCA.

Moving forward, should advisers assess consumers individually, or should we perhaps use an online process – just as we do for risk assessments and attitude-to-loss assessments. Would it be better to use third party systems to undertake assessments? These are all viable options and there is no single answer to this; each firm will need to adopt its own approach, depending on cost and how they interact with consumers.

Objectively, by far the most efficient method is to use an online questionnaire. Such tools already exist and when integrated within CRM systems, the process can be mostly automated – minimising the administrative overhead.

By comparison, the personal method – for the adviser to talk with consumers – is likely to be time consuming and only suitable for some. This method will still be needed as a fall-back, even within automated workflows. Older consumers may well not be digitally literate or they may be reluctant to provide the information online. There will always need to be the back-stop of the broker completing a review either face-to-face or over the phone.

Many within financial services consider questions on health and lifestyle to be intrusive, but this is only due to us not being used to engaging with consumers in this way discussing health issues. Interestingly, a 2019 study of 2,000 UK adults by The Debt Advisor revealed that consumers actually found it easier to discuss mental health and infertility than money, with twenty-five per cent of respondents believing conversations about personal finances to be a no-go as it makes them feel ‘anxious’ and ‘nervous’. It would seem that in conversations centred around financial matters, discussing vulnerabilities won’t be the hardest part of discussions.

Like any interaction with consumers, there is a ‘value exchange’ of information. Once consumers understand that they are likely to receive a better service – and one tailored to their personal circumstances –they are almost certainly going to be happier divulging such information, because doing so is good for them. This has to be an important area of focus: using vulnerability data to deliver better services. It’s also, of course, good for firms as it meets the FCA’s Consumer Duty requirements.

Andrew Gething 02/11/2022 Andrew Gething 02/11/2022

Consumer Duty - the shift to self-policing

The FCA has moved its Consumer Duty principle to be a self-policed model, with firms needing to gather evidence to demonstrate good behaviour.

The FCA has moved its Consumer Duty principle to be a self-policed model, with firms needing to gather evidence to demonstrate good behaviour.

Implementing FCA regulation changes

The FCA's Consumer Duty outlines firms' new responsibilities and the shift to self-policing. The FCA has effectively moved the responsibility for identifying poor behaviour in respect of how consumers are handled from itself, the regulator, to the industry. The onus is now on firms to monitor outcomes for their customers and to both identify and correct any behaviours that lead to poor outcomes. Firms must not only police themselves, but they must also report to the FCA if they find there are others in their distribution chain who are not implementing Consumer Duty correctly.

“4.1 The Consumer Principle, Principle 12, requires that firms ‘act to deliver good outcomes for retail customers’.”

In addition, firms must also identify poor practice within their distribution chain, and work with their partners to change this. If this is not effective, then firms must report this to the FCA – in other words, they must ‘whistle blow’ on their non-compliant distribution partners. This effectively moves the sector to a self-policing model.

“2.22 …Firms must notify the FCA where they become aware that another firm in the distribution chain may not be complying with the Duty.”

Arguably, this overcomes one of the FCA’s previous challenges – its resources to police the industry. The industry must now self-police itself and the Financial Ombudsman Service is the jury.

When monitoring themselves, firms must collect the evidence needed to demonstrate to both their boards and the regulator that their behaviour results in good outcomes for their customers – and try and reduce bad outcomes for consumers. While many may say that ‘this is what the industry already does’, the big difference with Consumer Duty is the need for firms to evidence that this is taking place. Just saying so isn’t enough.

“11.1 A key part of the Duty is that firms assess, test, understand and are able to evidence the outcomes their customers are receiving. Without this, it will be impossible for firms to know that their products and services are working as they and their customers would have expected and in a way that is consistent with the Duty.”

Collecting and evidencing consumer data

It requires a large amount of work to collate the data needed, to evidence they need to comply with the regulations to both management and the board. In a distributed market, intermediaries and manufacturers can cooperate in sharing such data, and equally provide evidence to other parties that they are complying with Consumer Duty. This is likely to require extensive data, and digital solutions will be needed to share this data securely – and in accordance with GDPR.

This is something of a challenge. Firms can do this within their own systems by adding the required ‘characteristics' functionality. However, sharing this data across the distribution chain is a non-trivial matter as firms use different systems (with different levels of interoperability) and some parts of the supply chain may even use systems that don’t offer live integration. For many, this scenario will be something of a nightmare.

Doing nothing isn’t an option. Each party in a distribution chain must understand the vulnerability and potential harms of their customers and this must be monitored through the lifetime of the product. Each party can undertake their own assessments and keep their own date, but this is likely to result in duplication for the consumer. An alternative is to share (with consent) the customer's vulnerability data across the value chain.

At MorganAsh, we’ve always foreseen the need to share this data – well before the FCA shifted its focus to make this inevitable. This is why our Consumer Duty management tool, MARS (The MorganAsh Resilience System) is designed to work in this way, once a firm is ready to do so.