Mind the gap: FCA highlights why firms are falling short on Consumer Duty
The FCA recently published its analysis of Consumer Duty board reports. Most firms have been working hard on Consumer Duty and thought they had done a good job, but the FCA report identifies some big gaps in implementation.
The five key areas of improvement included better quality data and analysis of different customer types, particularly those with characteristics of vulnerability. The regulator also saw little challenge from the board, any evidence of a comprehensive view across distribution chains or any plans to take effective action moving forward.
Throughout the year, we have spoken with multiple executives, non-execs and operational teams from firms, as well as the FCA on this topic. From these conversations, we have distilled a few reasons why there is a gap between FCA expectations and firms’ delivery. This is not about blame, but about understanding the gaps and how they emerged.
For many firms, the focus on Consumer Duty was on fair value - work included amending and/or proving their products were of fair value. This priority took precedence over other areas; notably, customer vulnerability was well down the list – especially as it was not one of the cross-cutting rules.
When it came to implementation, many struggled with the transition to principle-based regulations – asking what they needed to do and uneasy with unclear guidance, in case they got this wrong. Many compliance consultants and industry bodies failed to bridge the gap between how the guidance and how this should be implemented in practice. The recent CII report argued for more clarification from the FCA.
Customer vulnerability was seen as a separate activity, focused on training frontline teams and their interaction with consumers. This is partly due to the wording “train frontline staff” within FG21/1, and partly due to this regulation coming out earlier and separately to FG22/5. This led to a lot of training activity for frontline staff, but as these staff were not involved in Consumer Duty projects, the need for data and reporting was often sadly missing.
Most firms failed to realise that to meet Consumer Duty, they would need good reporting on customer vulnerability data to compare with outcome data. As most had implemented a manual approach, most vulnerability assessments were subjective and recordings were an after-thought. This resulted in minimal consideration to the structure of data, the classification of customer vulnerabilities – and that this data would need dedicated IT systems to store and manage it securely.
Many firms failed to understand the implications of monitoring vulnerability over the lifetime of products – and who needed to do this. For so many products with intermediated distribution, this means either both intermediary and manufacturer both have vulnerability data or they share data. Sharing data is by far the best option for the consumer, but has significant GDPR and IT challenges to be overcome. As none of the documentation referred to sharing of data, many firms claimed this was not required by the FCA. This is why the FCA has specifically highlighted the need for sharing of data across the distribution chain as one of their five areas for improvement.
The FCA has pitched Consumer Duty as a major change, yet many firms see it as a compliance issue and an inconvenience. Many firms took the easy option of using existing customer service feedback as outcome data, even though the FCA kept repeating that using existing data was unlikely to meet their requirements.
Some medium-sized firms hoped they could hide behind the principle of proportionality, that they were ’small’ so they did not have to implement Consumer Duty. In this latest report, the FCA indicates it considers small to be fewer than 10 people.
To compare outcomes for vulnerable consumers and to monitor customer vulnerability over the lifetime of products requires accurate, objective data. This needs to be stored in a format that can be reviewed and shared with others in the distribution chain – in most cases for years. This means firms need a consistent methodology to assess and classify characteristics of vulnerabilities and consumers’ needs. As different users in the distribution chain may use vulnerability data for different products, data on characteristics of vulnerability needs to be specific to the consumer and not dependent on any product or any one firm’s specific systems. This almost certainly means they need dedicated IT systems to store this data in compliance with GDPR.
Firms have the choice to either invest in building their own systems – or they can avoid reinventing the wheel and purchase the now proven tech systems already in the market. With the right systems and processes in place, the regulatory requirements of Consumer Duty become far less onerous. More importantly, with greater awareness of the needs of all our customers and the ability to monitor outcomes, we can unlock the competitive advantage the regulation offers.
