Questions and answers: as Consumer Duty’s rules tighten, is your data primed to support vulnerable customers?
In a webinar on 9 July 2024, LexisNexis Risk Solutions joined forces with consumer vulnerability specialist MorganAsh, to shine a light on ways to enable wider engagement across your full customer base. The audience raised a series of questions, which LexisNexis and MorganAsh have answered here.
QUESTION
Many well-meaning initiatives ended up channelling vulnerable customers to less regulated or outright unregulated service providers – many based outside the UK/EEA. Do we have any impact assessments on Consumer Duty’s rules at this stage?
ANSWER
We don’t think there is a simple, definitive yes/no answer. The key test is whether consumers experience good or bad outcomes – because the signposting to other entities contributes to the outcome. In our view, the regulatory status and the location of service providers are secondary. If you have an unregulated third party that provides good outcomes (on the whole) and you can evidence this – then, in our view, it should not matter where they are. We believe there is a recent ruling by the Financial Ombudsman Service which found that building societies were responsible for a legal firm that went bust, to whom building societies were referring wills and LPAs. It depends on what service or product you are selling. If it’s a pure no-frills transaction service, then expectations would be lower than for a full-blown advice service. Some companies are signposting to charities, simply because there is no cost – but, really, such actions need to be aligned to good outcomes. Equally, some companies are forming partnerships with third-party services and providing robust referrals. We think this whole topic has a long way to go. But check with your own compliance teams.
QUESTION
How often should you capture changes in people’s data? I think LexisNexis has mentioned about following up every two weeks.
ANSWER
There is no hard-and-fast rule about how often firms need to refresh data on consumers – indeed, this will depend on the product. For example, a six-month, high-interest loan would be different to a five-year fixed mortgage. Most of MorganAsh’s clients in financial services generally refresh on an annual basis, which is when they do their regular annual reviews – and this seems sensible for them. In the future, using data partnerships with LexisNexis and others, MorganAsh will get feeds on bereavement, change of address and other life events – this will enable us to update data in near real-time. The LexisNexis Risk Solutions reference dataset is updated on a fortnightly basis. This process includes taking the latest data from a wide range of data sources and, based on this latest information, alerting subscription clients to where the data footprint suggests they have moved house, where there is a new address for the customer, where contact details have changed, or where there has been a bereavement.
The LexisNexis Risk Solutions reference dataset combines a wide range of different data sources, with the specific aim of creating the most complete view of UK consumers, and maintaining this over time.
QUESTION
What kind of questions does MorganAsh ask to assess vulnerability in its assessments?
ANSWER
MorganAsh tries to cover all types of vulnerabilities, including financial, health, life events, bereavement, coercion, abuse and so on. They have various question sets, and multiple options that can be customised, depending on the type of business and customers.
QUESTION
What are your views on indicators of financial abuse and customer vulnerability to investment scams? We typically only see this after the event – for example, when a customer has become a victim of a scam.
ANSWER
MorganAsh asks consumers about being victims of previous scams, and they ask about financial understanding; MorganAsh has been working with industry experts on this and also ask some subtle questions about other loans to try and detect these. But they know this is only scratching the surface. As yet, MorganAsh is not predicting vulnerability for future scams. This is something which may be possible by using some clever modelling, with AI looking at the assessment results for signs of scams – but this will likely not be easy.
QUESTION
More of a statement than question: from experience in data quality and governance, I can say it is key to get the data quality right, to make sure the customer feels valued. You can offer the best-value products but, without knowing your customers, treating them as you would want to be treated yourself will always miss the most vulnerable. Customers are our best source of knowledge!
ANSWER
Agreed, 100%. Customers are the best source of data – if this data is held correctly and used to the consumers’ advantage, then this will enhance relationships with them.
QUESTION
Do you see the value in AI-led voice-recording technology that can identify a vulnerable customer? Would this not be a better method than trying to screen a vulnerable customer rather than via a form etc?
ANSWER
There are a few issues with this approach:
You can only identify consumers who phone in, which is a subset of all vulnerable consumers within a firm’s customer base – especially as we move to become more and more digital, and less spoken interaction.
It is born from the incorrect assumption that you can’t ask the consumer; you can, and it works well – MorganAsh has been doing this successfully for over 20 years.
Engagement with a consumer is easier if they have told you themselves, rather than identifying something behind their back.
Some vulnerabilities won’t be detected easily in this way, because it is a condition with which the consumer is comfortable – as an example, someone who is fully blind (and always has been) will display normal voice patterns on a call, so wouldn’t be flagged.
The MorganAsh approach is identifying around 50% of consumer vulnerabilities – while voice-analytic approaches are in the 10%–20% range. (The results from MARS tally closely with those from the FCA’s Financial Lives survey.) That said, analytics can be a useful add-on for large call centres. While this has its place, it’s likely not the right place to start.
QUESTION
Do you blanket send the questionnaire to all customers? And, when identified, what do you do with that data? Is root cause discussed and are actions prioritised?
ANSWER
Really, the only way to identify the (broadly speaking) 50% of customers who are vulnerable is to ask them all. Otherwise, you’re guessing, or perhaps using unconfirmed data that was gleaned behind their backs. Of course, not all consumers will respond, but MorganAsh has consistently very high engagement rates of around 60%–70%. When MorganAsh identifies a vulnerability, the MARS software generates a consistent, objective, Resilience Rating and then recommends next actions; these are controlled using specific triggers – based on characteristics, severity, product, age and so on. The next actions (which MorganAsh calls treatments) are highly configurable, as are the triggers (because what works for one firm may not for another) and can be added to as required. Firms can review individual cases and see stats for next actions for each characteristic and each next action.
QUESTION
Consumer Duty states that we need to monitor and record good outcomes. Once identified, is it just a case of ensuring that each customer receives the same level of treatment as a non-vulnerable customer – along with looking to remove barriers that vulnerable customers would come up against?
ANSWER
Yes. We need to identify which cohorts of vulnerable customers are getting worse outcomes – and then try and mitigate these as best we can. That is likely to mean a modification to the process of some sort. Equally, there will be situations where outcomes are not as good and there may be limitations on what firms can and cannot do.
QUESTION
Do vulnerabilities need to be proven by the customer? For example, do they require evidence of a doctor’s diagnosis? Is there a minimum level of evidence required?
ANSWER
No, there is presently no need for evidence. This may, in the future, become necessary for cases of suspected fraud, for example, especially when consumers become wise to the benefits and start gaming the system. As a company, MorganAsh is used to this, because they deal with many insurance claims on a daily basis.
QUESTION
Given the increased focus on customer vulnerability from the regulator, is it right for a financial services organisation to continue to take a passive approach to capturing vulnerability needs (such as waiting for a customer to self-disclose) or should proactive capture of vulnerable customers now be the new normal?
ANSWER
Waiting for customers to tell us, or us identifying vulnerability on a reactive basis, generally uncovers very low proportions of vulnerable customers. There is a need to be far more active in understanding customers. The FCA recently updated its website on guidance to say that firms must “actively engage” to reinforce this point. So, simply speaking, firms should – as you say – be proactive and not reactive.
QUESTION
Do Consumer Duty’s rules extend to firms which do not give advice directly to consumers, but rather distribute products via intermediaries? For example, is there an onus on the firm to ensure that its intermediaries comply with Consumer Duty?
ANSWER
Consumer Duty applies to all regulated companies; there are some rules that apply differently for manufacturers and intermediaries but, when it comes to customer vulnerability, all parties have the same responsibility. We believe that it is OK for firms to rely on other firms to do the vulnerability assessment – but they must see the output – for example, how this impacts outcomes. It is not OK to just hope that the intermediary is doing the assessment. In many instances, the intermediary will be doing the initial vulnerability assessment at the point of sale – but then the intermediary and manufacturer need processes in place for how this will be monitored over the lifetime of the product. For mortgages, for example – say on a fixed term – the consumer may go to a different adviser and a different provider at the end of the term. Both need to know that one of them will contact the consumer at the end of the five-year term to see how the consumer wants to progress – to avoid dropping onto standard variable rates by ignorance or apathy.
QUESTION
Since customer vulnerability requires us to make best endeavours to assess, would it not be possible to request that a consumer identifies any vulnerability in a question-and-answer exchange? This would perhaps be appropriate in low premium risks, where extensive research would outweigh the value of handling the risk.
ANSWER
Yes. Indeed, if we understand your question correctly, this is exactly what MorganAsh does – they send a simple set of questions to the consumer to complete, and MARS does all the analysis and recording work for you. Equally, an agent can use the system to guide consumers through the Q&A. Find out more about MARS
QUESTION
With a monthly renewable coverage which has no end date, other than perhaps retirement, is there a requirement for annual reviews to be made? Would an annual vulnerability assessment be an acceptable frequency?
ANSWER
Yes, annual reviews in such a situation – as you say – is very sensible. MorganAsh has spoken about this with the FCA.
QUESTION
You mention APR (annual percentage rate); does anyone really understand what APR is and do we think this is an outdated term that needs explaining more or even changed?
ANSWER
This was simply an example to illustrate how terminology used in communication can impact customers. Explaining products in easily understandable terms will help to ensure that customers get fair value from products.
QUESTION
Having collected customer vulnerability data at point of service, or premium negotiation on a call, we would want to use that data to monitor and, in some cases, control customer outcomes in policy management and so on. Without having explicitly requested permission for those activities, how do we balance privacy risks under GDPR with consumer risks under Consumer Duty (especially for health, where GDPR is more explicit around consent, compared to principles-based Consumer Duty guidance)?
ANSWER
Everyone needs to comply with GDPR, so yes – MorganAsh gets, and records, explicit permission from the consumer to hold their data. MorganAsh’s position is that they want to know the information so that they understand customers’ personal circumstances – and so customers can be served better. We think the key issue here is if you use the data for the purpose stated and for which you have consent, or for a different purpose. So, we guess it’s the wording of the consent that is important if you want to use this data for other purposes.
Please note that these answers are the views of the speakers, and firms should always get their own compliance advice.
You can download this as a PDF (1.3MB)
