How to ensure the consistency of vulnerability assessments
As they move toward greater adoption of the FCA’s guidelines on consumer vulnerability, firms are struggling to achieve consistency in making, recording and communicating vulnerability assessments.
The Financial Conduct Authority (FCA) published its guidance FG21/1: Guidance for firms on the fair treatment of vulnerable customers in February 2021. It sets out the requirements, for all regulated firms, for what they should do to both understand and manage customer vulnerability. Affected firms are taking this on board and moving towards adoption of the FCA’s recommendations. The FCA’s first review, just published, comments on some good progress being made – but it also highlights a lack of monitoring, evaluation and management information.
The measurement of consumer vulnerability is, currently, somewhat problematic, for several reasons. It’s often subjective – based on the knowledge and perspective of the individual making the assessment. It’s inconsistent across products, departments and firms. It is seldom detailed enough – frequently an assessment, unhelpfully, consists of just an ‘is/isn’t vulnerable’ flag. Consider how we evaluate wealth: people aren’t ‘rich’ or ‘poor’ and clearly not all vulnerabilities are equal. So, most worryingly, vulnerability measurement often doesn’t give any real indication of the severity of vulnerability – which can be vital when making decisions for products or services which themselves carry different levels of risk.
Compare this with credit scores. Although there isn’t a universal standard, they are easy to communicate between firms, cheap to acquire, continually updated, and – although sometimes possibly crude – they work reasonably well. What’s more, they’re quite ubiquitous, generally accepted and are understood by consumers and firms alike.
MorganAsh believes that we should be able to measure and communicate a consumer’s vulnerability in a similar way – a way that is quick to do, cheap to use and easy to communicate. Ideally this would be regularly updated – and we should be able to share any updated information readily. Most importantly, how vulnerability is measured should be consistent and as objective as possible.
This is why we have built our ‘resilience rating’ into the MorganAsh Resilience System (MARS). The rating is a simple range from ‘very vulnerable’ to ‘very resilient’. The aim is to quickly and efficiently communicate a consumer’s vulnerability.
We use the positive term ‘resilience’ rather than ‘vulnerability’, in the same way that ‘credit score’ actually communicates debt. We feel that it’s a term which will be more accepted by consumers, who need to understand (or at least become aware of) this – in the same way they readily do with credit scores. Unlike the credit score, the resilience rating is primarily designed to protect the consumer, rather than the firm.
At present the resilience rating is used within firms, to enable a vulnerability assessment to ensure the consumer is processed fairly. We believe, in time, that it will come to be used between firms – shared, to save everyone time and money.
A lack of accountability and transparency used to be one of the downsides of credit scores. Fortunately, GDPR laws forced this to change – with consumers having the right to access their own data. Indeed, credit-rating firms now advertise that consumers can ‘take control’ of their ratings – with their control and privacy becoming, of itself, an important differentiator, even though this is based on a legal requirement. It’s logical, therefore, that we would ultimately propose the same for consumers’ resilience ratings – this transparency and protection not only makes sense, it is also legally sound. We envisage that data within the resilience rating is ‘owned’ by the consumer – and it follows that the consumer should be able to amend and change it as they think fit. This will ensure that any vulnerability rating will align not only with the FCA’s regulations, but it will also be fully compliant with GDPR.
Although primarily designed to protect consumers, in reality the resilience rating protects both consumers and firms. It protects the consumer from mis-selling, and it protects firms by providing detailed evidence for compliance with the FCA’s regulations.
The resilience rating is at the heart of MARS: an online system specifically designed to enable financial services firms to better assess, measure and manage consumer vulnerability – helping them to operate within the FCA’s vulnerability guidelines.
Firms can trial MARS, free of charge, for a month, without limitations. Pricing is straightforward: MorganAsh charges just for each adviser; administrators and paraplanners can access the system for free, and there is no limit to the number of consumers that can be added. Click here for free access to the MARS tool.
