How firms can protect vulnerable customers

Written by David Jackman on Monday July 12, 2021

Vulnerable customers have finally reached the top of the regulatory priority list. This comes as no surprise, as recent research[1] from the Financial Conduct Authority (FCA) revealed that, by October 2020, 27.7 million adults (53%) possessed some characteristics of vulnerability; 27%, meanwhile, showed signs of low financial resilience. As furloughs unwind and debts are called in, we can expect a tsunami of indebtedness. These effects are also asymmetric, disproportionately impacting younger adults aged 18-34, while retirees may have accumulated more savings. And it is the young, too, recording the highest levels of mental health issues as a consequence of the pandemic.

The FCA defines vulnerable customers as those ‘who because of their personal circumstances are especially susceptible to harm, particularly when a firm is not acting with appropriate levels of care’. New guidance issued in February 2021 (FG21/1) sets out what will be expected of firms in providing an ‘appropriate level of care’.[2] Crucially, the FCA wants to see ‘the fair treatment of vulnerable customers embedded as part of a healthy culture throughout firms, not just on the frontline but also in areas such as product development’. And senior management under SM&CR are held responsible for making this happen.

The FCA will be looking for, at the very least, the following four elements in vulnerable customer strategies:

  • understanding the needs of your customer base (and target market)
  • staff having the competencies to recognise and respond to these needs
  • product design and customer communications reflecting these needs, and
  • a focused, regular monitoring and review process. 

Some of these requirements may include elements that may not previously have been a compliance concern, such as ensuring frontline staff receive practical and emotional support. Firms may consider giving staff wind-down time at the end of the day, or after certain difficult cases the chance to offload with colleagues or mentors.

Understanding customer needs

The first element is understanding customer needs in detail. A tick-box approach to the easier-to-spot issues, such as poor language skills or problem debt, is insufficient. Vulnerable customers will have additional or different needs that may limit their ability or willingness to make decisions or be less able to represent their own interests. This might be due to a difficult life-event such as a bereavement, unemployment or divorce, or because of longer-term health problems, addiction or abuse; it could even be an underlying lack of financial and digital capability. All these groups may be at greater risk of harm, and many will have linked or overlapping issues. In the main firms should be looking out for: 

  • situations that put customers under stress
  • preoccupations with problems that might impair decision making or reduce ‘processing power’ e.g. medical conditions
  • lack of perspective or experience (such as previous financial exclusion) that limits seeing the ‘bigger picture’, and
  • how stressful situations change attitudes to risk-taking.

There might be new perspectives for compliance here and a key question is to ask is, ‘how are customers affected by circumstances at the time they are making decisions?’ The overall aim, of course, is to reduce the chance of poor outcomes.

Crucial to this can be more flexible customer communications and looking for key phrases or behaviours that may give clues to vulnerability. These issues, along with data protection, can be aided by new protocols, such as TEXAS.[3]

  • Thanking for disclosure
  • Explaining how information will be used
  • EXplict consent[4] or eXtra checks
  • Asking good questions
  • Signpost to internal or external support

The FCA’s guidance sees sensitive product design as central, making products that are accessible, inclusive, flexible (with many options to exit and, if necessary, having extra time or being able to ‘speak to a human’). Stress testing before launch is an important area for compliance action, and it is clear that compliance training will become even more important in supporting the embedding of new understandings and practices. There is also an associated agenda to consciously build-in financial education to help consumers mature their financial responsibilities and develop their financial health (including safe digital habits).[5] 

You may also like to read

This focus on vulnerable customers forms part of a wider approach by the FCA to strengthen customer protection generally. Yes, we already have the TCF guidance (look back to the 2007 Treating Customers Fairly guides)[6] and the 11 Principles for Businesses,[7] but that, it seems, may not be quite enough. The FCA published in May 2021 an important consultation on ‘A new Consumer Duty’ – CP21/13 – ‘to set higher expectations for the standard of care that firms provide to consumers’. This is a must-read for all firms in retail markets i.e., firms selling to retail clients and including manufacturers and suppliers who may have no direct customer contact. ‘For many firms, [the new duty] require[s] a significant shift in culture and behaviour’ and irreversibly puts the focus on outcomes and not process, a shift I have been arguing for since 2004.[8] 

As proposed, the new consumer duty would have three components.

  1. A new Consumer Principle within the existing set of principles for businesses:

Option 1: ‘A firm must act to deliver good outcomes for retail clients’

Option 2: ‘A firm must act in the best interests of retail clients’

  1. Cross cutting rules requiring firms to:
  • take all reasonable steps to avoid causing foreseeable harm to customers
  • take all reasonable steps to enable customers to pursue their financial objectives, and
  • act in good faith.
  1. Detailed Outcomes covering:

1. communications (what, how and when)
2. products and services (including how they meet the needs of vulnerable customers)
3. customer service (including avoiding hindrances that keep customers in a product or service), and
4. price and (fair) value.

All of these elements will incorporate the concept of reasonableness and I am particularly interested in how the ‘good faith’ element – honesty, fair and open dealing – will be applied. This may ratchet up as well as pull together all the previous work on culture and ethics since 2002. Other jurisdictions are sure to be watching to see how this stream plays out. It could be said that regulators are simply asking firms to put themselves in their customers’ shoes.

Do get involved in the consultation process. Responses to CP21/13 are due by 31 June 2021 and a consultation on the proposed text will follow with new rules by July 2022.

About the author

David Jackman is a NED Chair and ICA tutor. He was previously FSA Head of Education and Business Ethics and is the author of ‘The Compliance Revolution’ (Wiley 2015).


[1] Financial Conduct Authority, ‘Financial Lives 2020 survey: the impact of coronavirus’, 11 February 2021: – accessed June 2021

[2] Financial Conduct Authority, FG21/1 Guidance for firms on the fair treatment of vulnerable customers, February 2021: – accessed June 2021

[3] See the Money Advice Trust and Money Advice Liaison Group guide to vulnerability and GDPR for more information on TEXAS and Vulnerability: a guide for debt collection: 21 questions, 21 steps and for more tools.

[4] FCA FG21/1 3.20 [It should be noted that the ICO acknowledges that firms may not need to rely on explicit consent in some circumstances.]

[5] Refer to page 46 of the Guidance on suitable testing and monitoring.

[6] See

[7] See especially FCA PRIN1.2.1G

[8] David Jackman, ‘Does regulation make it worse?’, Journal of Financial Regulation and Compliance, 1 June 2004: – accessed June 2021 



Please leave a comment

You can leave the name empty should you wish to remain Anonymous.

You are replying to post:



Email *

Comment *

Search posts

View posts by Author