Assessing customer vulnerability under Consumer Duty; where are we so far and what can we expect next…

Consumer Duty, the Financial Conduct Authority’s (FCA) initiative to protect customers including those who are vulnerable, has been in place for about four months now. But the question on many people’s lips is how are firms coping? Who has got their house in order? Who is falling short? And what might we see the regulator do next?

Who has got their house in order?

I should start by saying, it’s a bit of a mixed bag. Our recent discussions with compliance experts across the industry suggests that while some firms are doing brilliantly in their vulnerability identification and assessments under Consumer Duty, others seem to be struggling somewhat, and a few haven’t even started the process yet.

The FCA recently gave an update on how firms have been faring with the Duty. It stated that many firms have made a real shift in their practices and culture. However, it also gave a stark warning that the Consumer Duty is not a “once and done” exercise. It maintained that firms need to make sure they are learning and improving continuously and will need to evidence this in their annual board report.

Nisha Arora, Director of Cross Cutting Policy and Strategy at FCA:

“It’s something that needs to become part of who you are as a firm, your culture, and how you do business, running across your whole organisation from Board to front-line delivery, from product design to communications and customer support.”

Why hard data is key.

Prior to the arrival of Consumer Duty, it’s fair to say that very few firms conducted regular analysis of hard data on vulnerability. The reason for this was simple – very few actually had any hard data. Those that are now doing well, therefore, have started to build up some of this valuable data. Three months in, we believe that there’s an opportunity for these firms to assess what they’ve gathered so far, take stock, and see if their target market assumptions are playing out as expected. They could also look – if vulnerability has been identified – at how well that individual customer has actually been supported. With this knowledge, they can then determine whether their preparations were fit for purpose or if there are changes required and then develop from there.

Annual reports.

Getting a head start on this process is exactly how the firms that are already ahead will stay that way. The FCA is mandating an annual report on Consumer Duty but has advised not to wait until 31^st July 2024 for firms to publish that outlook. The reason for this being that if any adjustments are required, a whole year won’t already have passed before those changes are implemented. With that in mind, if a firm already has a mandatory internal reporting date – perhaps at the end or the beginning of the year – it may be good practice to consider tying their Consumer Duty reporting into that. It’s not mandatory of course, but it would be good practice.

Taking the regulations seriously.

There are still a small number of firms who may feel that they don’t need to change their ways of working in line with their Consumer Duty obligations. Some, for instance, might think that being smaller means they’re safe from the Duty. And while it may be true that the FCA will focus most of its attention on the largest players, the regulator has been very clear that there will be no exceptions made.

To put it simply, anyone who believes Consumer Duty isn’t being monitored or that they aren’t being monitored is sorely mistaken. And while we have yet to hear of the FCA hauling a firm over the coals, it’s sure to be only a matter of time before someone trips up and an example is made of them.

The firing of the starting pistol.

We’re roughly four months in now and everyone is progressing with Consumer Duty at different speeds – just as we saw before its implementation. And for the most part, firms are well aware of the regulations and want to get it right. But to ensure they are getting it right and continually improving, data is key. The regulator is expecting firms to build their banks of vulnerability data and learn and adapt based on this. And this that is where we’re starting to see a growing gap between those that are doing well and those that are falling behind.

We’ve spoken before at Comentis about how the FCA never meant for the 31^st July to be treated as a finish line. And they have said it themselves too – it’s not a “once and done” exercise. Rather the regulation is intended to be the firing of a starting pistol; marking just the start of a broader conversation on vulnerability.

No time left to fall behind.

The FCA expects all firms (no matter what size they are) to be on board, and has made it clear that burying heads in the sand simply isn’t an option. So, to those who are already making progress – they should be commended. And to those who have yet to act or who are falling behind, don’t delay. It isn’t too late to get your data in order.