In a blog last month I looked at the FCA’s recent analysis of good and bad practice in relation to progress on the implementation of the Consumer Duty and promised to return to some of the gnarly areas in more detail. One of these areas was “vulnerability” and here, prompted by the FCA’s recent announcement in relation to this very topic, I take a deeper dive into exactly what this term might mean.

The need for the financial services industry to be able to identify and support vulnerable customers has been one of the FCA’s key agenda items since 2015. However, the ‘good and bad’ analysis I mention above, reveals that it is still an area where many firms are falling short: “We have seen firms: Fail to address identified weaknesses in processes to track vulnerable customers….not prioritise identification of and support for vulnerable customers…Automatically assess all consumers over a certain age as vulnerable…Asking consumers to identify themselves as vulnerable and then unnecessarily requesting evidence of this….Asking consumers to repeatedly disclose their additional needs or personal circumstances when passed between teams….”.

The recently announced review into the treatment of those with characteristics of vulnerability

The FCA has just announced a review of the treatment of vulnerable customers (or consumers, terms used interchangeably) with a publication of its findings expected by the end of the year. The FCA will be looking in detail into how firms understand and respond to the needs of customers in vulnerable circumstances, the skills and capability of staff who deal with vulnerable customers, product and service design, customer service standards and whether the treatment of customers in vulnerable circumstances is supported throughout the financial services industry. 

Ensuring that consumers have appropriate protection and that there are good outcomes for customers, are central pillars of the FCA’s regulatory approach, and vulnerable consumers should be receiving outcomes that are just as good as those received by other consumers. This may require that firms ensure that extra efforts are dedicated to vulnerable customers. This not a small issue for firms to tackle. Recent surveys show that roughly half of the population has characteristics of vulnerability, with all the population at risk of becoming vulnerable at one time or another. Additionally, there are factors that make the problem complex as well as large and unpredictable, not least that consumers might not know that they are vulnerable or, if they do, that they might not wish to talk about it.

What is a vulnerable customer?

To find out more about what vulnerability really means you need to get stuck into the detail of the FCA’s 2021 guidance (the Guidance). The Guidance applies to the supply of products or services to retail customers who are natural persons (i.e. individuals and unincorporated groups of individuals) even if the supplying firm sits within a distribution chain and does not have a direct relationship with the customer.

The Guidance tells us that:

“A vulnerable customer is someone who, due to their personal circumstances, is especially susceptible to harm, particularly when a firm is not acting with appropriate levels of care.”

So, who is especially susceptible to harm? The answer is not easy. Recent surveys suggest that while almost 70% of the population could be deemed potentially vulnerable (as against the FCA’s criteria) less than 20% of that demographic see themselves as such. Surveys also tell us that it is not just older people that might be vulnerable. It could just as likely be Gen Zs, renters or mortgage holders, many of whom have in different ways been adversely affected by the impact of the cost-of-living crisis, people who live alone or people who are carers.

Taking responsibility

The FCA operates by a general principle that well informed consumers should take responsibility for their own choices and decisions. However, the characteristics of vulnerability mean that consumers who are vulnerable may not be able or willing to take responsibility for their own choices and decisions. These consumers may also be at a greater risk of harm if something goes wrong. Research shows that vulnerable customers are more likely to be unbanked, more likely to be turned down, more likely to be charged extra, and less likely to hold savings and investments, more likely to purchase unsuitable products or services, more likely to fall victim to scams, more likely to be at risk of financial abuse, and more likely to fall into arrears with repayments. 

Level of care 

The FCA expects firms to provide a level of care to customers that is tailored appropriately to the characteristics of the customers. This means that firms must take great care to ensure that vulnerable customers are identified and treated appropriately. Significantly, all customers can become vulnerable at one time or another in their lives. This places an obligation on firms to understand the characteristics of vulnerability in their target market and in their customer base and, significantly, that means not just identify the issue, but also deal with it and be able to evidence that.

Customer journey

The FCA expect to see the fair treatment of customers embedded as part of healthy culture throughout firms, that means not just at the point of sale but through the life-cycle of the product or service and through the whole customer journey, including through policies and procedures, in product development, in creating and maintaining a good culture and in ongoing customer service levels. This is a gold standard that requires significant commitment and leadership from senior management and a channel of honest feedback to them from the frontline.

Practical steps

The FCA has produced an infographic designed to help firms with the steps that they should be taking to meet these regulatory requirements. Unpacking the infographic for some practical hints and tips, we learn that firms need to action and keep records relating to:

  • How they understand the needs of the customers in their target market and their customer base including the nature and scale of the characteristics of vulnerability that exist within these demographics and how they understand the impact of that vulnerability on the needs of their customers. This will involve analysis by firms of what types of harm or disadvantage these vulnerable customers may be susceptible to and how this may affect consumer outcomes for them. This is a top priority action point that firms must get right to ensure that they can comply with other related obligations which flow from it.
  • Ensure that staff can recognise vulnerability and respond to the needs of vulnerable customers. This means that customer facing staff need to understand how vulnerability can manifest in customers and how their role affects the fair treatment of vulnerable customers. This involves staff having the skills and competencies to recognise and respond to vulnerability. It will also involve these staff members being adequately supported in their work as they will inevitably be dealing with sensitive cases and issues.
  • Factor customer vulnerability into the design of products and services, including customer service and complaints, and marketing and communication. This will involve considering the positive and negative impact of the products and services and managing the risk of harm to vulnerable customers. For example, if there are vulnerable customers with limited understanding of complex financial products within the client base or target market, there is a likelihood of harm to them from overly complex, high-risk or speculative products or services which they may be unable to understand the complexities of. Firms might therefore need to consider, for example, flagging the need for advice or selling certain products only on an advised basis, or designing products and services specifically with the needs of vulnerable customers in mind, or building in features which meet the needs of vulnerable customers such as the use of plain English, accessible explanations of jargon or terminology, functions that enable changes of circumstances to be recorded, pop-ups signposting the need for advice or guidance, offering different communication channels, and allowing more time for communications with vulnerable customers to ensure that they are understood and supported. Firms should also look at factoring in forbearance measures that they can make available to customers who become vulnerable, for example, because of redundancy, but who can see a way out of their trouble if they are given time and understanding. 
  • Monitor and assess how they are doing against the standard of ensuring the fair treatment of all customers and make improvements wherever necessary. This will include firms undertaking reviews of relevant management information, complaints data, and periodic reviews of products and services, and outcomes testing, to ensure that they are meeting the needs of vulnerable customers. It will also include the need to review one-off or ad hoc events such as the withdrawal of a product or service to ensure that vulnerable customers are not exposed to harm and, if they are, how they can be appropriately supported in consequence of this. It will also include filling gaps that are identified in customer service provisioning and developing flexible solutions to deal with non-standard consumer needs. For firms with diverse customer demographics monitoring and assessing quality assurance will likely be an ongoing process. All firms will need to learn from any poor outcomes and ensure that improvements can be made. 

No one size fits all:

There is no one size to fit all customers. Customers vary, vulnerabilities vary and there is a huge variety of circumstances that could lead to a customer becoming vulnerable. Firms need to understand the kind of vulnerabilities that their customers have and the scale of these vulnerabilities. This will necessitate acknowledging the spectrum of personal circumstances that could make someone susceptible to harm. The FCA provides some clarity as to what these circumstances might include with its four ‘key drivers’ of vulnerability which are: health, life events, resilience and capability. The FCA also provides some examples of the circumstances and characteristics of these drivers:

  • Health: health factors could include physical or mental health conditions including low mental capacity, physical disability, illness, hospitalisation, and addiction, essentially any condition that affects a consumer’s ability to engage with day-to-day tasks.
  • Life Events: significant life events could include retirement, bereavement, job loss, breakdown of a relationship or caring responsibilities.
  • Resilience: resilience issues include factors that impact a customer’s resilience to financial or emotional shocks including debt, lack of income, lack of savings or low emotional resilience. 
  • Capability: capability characteristics might include poor literacy (financial, language or digital), learning difficulties or a lack of support, and low levels of confidence.

Some of the characteristics of vulnerability are complex and many of them overlap giving rise to the possibility that some customers might exhibit multiple characteristics of vulnerability. To add to the complexity, not all customers who have characteristics of vulnerability will necessarily be vulnerable, however some will be at heightened risk of harm, struggle to look after their financial interests or be at risk of imprudent financial behaviour. 

In addition, we know from recent research that the UK is an outlier in terms of the financial literacy of the population. There is a movement gathering pace to push financial education in schools and other initiatives aimed at uplifting financial literacy across the population. There is also work to be done in relation to engaging consumers more closely with their financial well-being (an important but often overlooked component of general health and therefore intrinsically related to vulnerability) and connecting them to and engaging them with the significance of their financial affairs and the impact that these matters can have on their lives. As such, not all the work to be done is for firms, some of the work lies in the wider community and in broader initiatives such as improving access across the population to financial advice. You can read about that in our blog on the advice-guidance boundary review which is specifically looking at how to tackle the problem faced by a large tranche of the population who cannot access financial advice. 

How would you know?

Firms need to obtain information on the vulnerabilities of their customers by analysing their customer base and the data that they hold on the characteristics of their customers. This information may have come directly from the customer (firms need to enable their customers to tell them things about themselves), it may be indicated indirectly (for example, by behaviours that have been observed during contact with the customer such as distress, agitation, confusion or lack of clarity) or be evident from the customer file (for example, there may be signs of financial difficulty including a default on a payment). 

There may also be externally available material on vulnerability that firms will find useful including information published by charities, trade and professional bodies who have researched vulnerability and who work with vulnerability out in the community, and who publish information and evidence on the effects of vulnerability and the risks of harm that go with it.

Only once firms have a clear picture of the vulnerabilities that their customers face can they consider the types of harm that their customers may be vulnerable to and how by their actions they can exacerbate or alleviate these harms. 

Firms need to think about systems and processes that enable their customers to communicate their needs as without this information firms will not hold the information that they need to meet these regulatory obligations. These systems and processes should include recognising vulnerabilities and indicators of them, responding to vulnerabilities that are disclosed and enabling the disclosure of vulnerabilities that customers may be reticent to share. They should also include support for vulnerabilities that have been disclosed or observed. It is important that firms promote the support that they have in place so that customers understand the options that they have available to them and how to use them in times of need.

Complicating factors

Firms also need to be able to recognise behavioural biases and how they may present in customer behaviour such as in stress reactions, in processing ability, in lack of perspective or in recklessness. Additionally, some characteristics of vulnerability might make the challenges for firms even harder to get right and potentially impede the ability they have to interact with vulnerable customers, for example, vulnerable customers may be unable to use a communication channel by being physically unable get to a branch or unable to read, to use the telephone or have access to online services, they may be unwell, they may struggle to understand information and complete complicated forms, they may become stressed or frustrated easily.


The frontline staff who deal with vulnerable customers will need to be sensitive to and have empathy with customers who display characteristics such as these to be able to provide the appropriate level of care and respond in the appropriate way. This could be by listening carefully, showing empathy, explaining things in very simple language, being reassuring, taking the time and steps to understand a situation more fully and the time to check that the way forward is understood and agreed.

The frontline staff, together with other staff who play a role in the business that can affect vulnerable customers, are critical to ensuring that the needs of vulnerable customers are met, and it is important that there is adequate training and support for them to prepare them for dealing with difficult or challenging situations. What is suitable will depend on the size and nature of each firm and the correct response will not be the same in every firm. Some firms may have specialist teams who deal with vulnerable customers and others may ensure regular or ad hoc training is provided or organise referrals to specialist organisations where help beyond what the firm can offer is required. Again, there is no one size to fit all. The key is to ensure that there exists no gap between high level policies and the skills of frontline staff.

Data protection

The recording of information relating to vulnerabilities is something that firms will need to consider carefully for a number of reasons including, for example, sharing information with other relevant parts of the firm so that a vulnerable customer does not have to repeat it, and ensuring that different parts of a business do not act inconsistently with one another when one part of the firm is in possession of relevant information that affects how other parts of the firm should behave (for example, the debt collection part of a firm will need to hold off if a forbearance measure has been agreed). Firms will need to comply with all relevant data protection requirements in relation to their dealings with the personal information of customers. Read our blog on the consultation on reform to the UK’s data protection regime in relation to which the proposed changes are currently in the House of Lords.


Going forward it may be that the use of AI could play a significant role in the support of vulnerable customers particularly as the provision of financial services continues to change shape in terms of technology, for example, with more local bank branches closing and customer journeys becoming ever more digital. While these developments in AI are exciting, they pose obvious difficulties for customers who face problems with technology. On the other hand, there could be potential for AI to analyse huge amounts of data for patterns of consumer behaviour and locate vulnerable customers where they may previously have remained below the radar, not spotted by manual reviews, and gone unsupported. It is also possible that AI could be trained to analyse psychological traits in consumers and help to predict, for instance, how they might respond to significant life events and how they might behave in certain situations (for example, a person with gambling compulsion, which can be linked to certain mental health issues, might exhibit other behaviours that could result in financial loss). This could enable firms to deploy preventative rather than just curative responses to vulnerability and to develop robust responses to troubling trends such as the emerging connection between consumers who have struggles with gambling and related struggles with financial products. These kinds of developments would be particularly helpful for larger firms with diverse customer demographics. This is an exciting and rapidly evolving area, you can read more about AI in financial services in our recent blog .

Click here to meet our financial services regulatory team and here to subscribe to our regular financial services update.