Is the FCA creating a new category of customer with the Vulnerable Customer Guidance?
One of the key elements of the FCA’s remit is ensuring consumers have an appropriate degree of protection. Specifically at this time and central to their role, includes protecting vulnerable consumers.
Protection of the most vulnerable is a sign of an advanced society, but not necessarily if it removes individual responsibility or deprecates the need for autonomous decision making in lieu of expensive and cossetting rules. What of the expense of a provider of products, who will then have to increase costs to meet the imposed procedures and standards for this “category” of consumer. Could this then exclude the most vulnerable and financially deprived even further of the services of the society it forms part of?
The Guidance (FG21/1-Guidance for firms on the fair treatment of vulnerable customers) identifies in the introduction that “When we (the FCA) consider our consumer protection objective, we have regard to the general principle that consumers should take responsibility for their choices and decisions. However, we know that there are very real factors that might limit their ability to do so.”
The FCA obviously want vulnerable consumers to experience outcomes as good as those for other consumers and receive consistently fair treatment across the firms and sectors they regulate. Does the existing Conduct Risk and Treating Customers Fairly initiative, fail to cover this already?
Further, the “vision” as stated in point 1.7 of the Guidance states “We want to see the fair treatment of vulnerable customers embedded as part of a healthy culture throughout firms, not just on the frontline but also in areas such as product development. Firms’ senior leaders should create and maintain a culture that enables and supports staff to take responsibility for reducing the potential for harm to vulnerable customers. They should ensure that firms embed the fair treatment of vulnerable customers in their policies and processes throughout the whole customer journey. We have seen some good examples where commitment comes from the top and where there is a culture of feedback and learning from the frontline.”
In FG 21/1 the FCA state “We expect firms to provide their customers with a level of care that is appropriate given the characteristics of the customers themselves. The level of care that is appropriate for vulnerable consumers may be different from that for others and firms should take particular care to ensure they are treated fairly.”
Does this then mean that there is a comparable category of customers (predominantly retail based) that are considered as vulnerable at various times, so they overlap with normal and embedded TCF treatment rom time to time. With recent statements that nearly one third of UK adults are “vulnerable” due to the pandemic, this then puts the onus on firms to draw up a raft of assessment tools to test the vulnerability of every consumer, customer or client they have contact with. This also lends itself to those who may not be “natural persons” and act on behalf of incorporated bodies or even associations of firms that may display signs of vulnerability. This is a “should” and cannot be ignored, thus, perhaps a seperate regimen of assessment is needed?
Throughout their document, the regulator uses terms like
• Must: where an action is required by a Principle or rule. (25 appearances)
• Should: where we think a firm ought to consider a course of action (not specified in a Principle) to comply with a Principle, but that does not necessarily mean they should follow a detailed or prescribed course of action. (207 appearances)
• May: where an action is only one of several ways of complying with a Principle. (203 appearances)
To be fair, the “Must” references are predominantly concerning the Data Protection applicable references. However, this makes the should, even more poignant.
In the guidance document, under customer service, it states that firms should;
- Set up systems and processes in a way that will support and enable vulnerable consumers to disclose their needs. Firms should be able to spot signs of vulnerability.
- Deliver appropriate customer service that responds flexibly to the needs of vulnerable consumers.
- Make consumers aware of support available to them, including relevant options for third party representation and specialist support services.
- Put in place systems and processes that support the delivery of good customer service, including systems to note and retrieve information about a customer’s needs.
To ram home the point, in the TCF section the FCA state; “Under Principle 6 we expect firms to have management information (MI) or measures in place to test whether they are treating their customers fairly, including delivering the 6 TCF outcomes. The MI should demonstrate to firms and to us that they are consistently treating customers fairly and delivering the TCF consumer outcomes.” Regrettably in, in our experience as a consultancy, many firms that we have seen wildly inadequate or outdated MI, some that has not been refreshed with contemporary data!
So how much of this can be consider necessary and how much is proportionate?
The answer to that needs to be looked at under the “Must” statement, such as the Principles for Business PRIN 1.2.1G states that the extent to which firms meet their requirements under Principles 6, 7 and 9 will depend, in part, on the characteristics of the customers concerned. The relevant interests and needs that firms must have due regard to and what is reasonable care in the relevant circumstances will depend on those characteristics. The way to establish those characteristics is then to assess them, which requires a full process to identify any vulnerability on all customers. Therefore this means that every firm must instigate the requirements without fail, whether they deal with any of the categories of customer, consumer or client.
The requirements, of course, are welcome for the treatment of vulnerable customers, and I know first hand of the abuse that firms engage in from a close relative of mine and their treatment. But the requirements do not end at the consumer. Firms are required to ensure that staff are fully GDPR trained as when handling data, it should be managed appropriately. The ICO is clear that consent is not always needed to process data.
Product design should cater for vulnerable customers, and that has been echoed through time under the TCF regime. Customer services, KYC onboarding etc are required to have available systems and processes in a way that will support and enable vulnerable consumers to disclose their needs. Firms “should” be able to spot signs of vulnerability, which means that if you don’t have the systems or procedures in place, you are not conforming to a “should”, whereby the FCA think a firm ought to consider a course of action (not specified in a Principle) to comply with a Principle. Further, to deliver appropriate customer service that responds flexibly to the needs of vulnerable consumers, another part of the “should” means you need a written process that can be switched into on identification of any area of vulnerability. Don’t forget, someone may be vulnerable under more than one area.
how to deal with vulnerable customers
Every firm also needs to readdress their communications to customers and encapsulate the possibility of vulnerability, and inform them of all facilities available. With that, staff skills and capability needs to be considered and evidenced (SMCR reasonable steps as well as TCF). Firms are required to embed the fair treatment of vulnerable consumers across the workforce. All relevant staff should understand how their role affects the fair treatment of vulnerable consumers. Alongside that role responsibility, frontline staff have to be able to demonstrate the necessary skills and capability to recognise and respond to a range of characteristics of vulnerability. As a good employer, firms should also offer practical and emotional support to frontline staff dealing with vulnerable consumers. These areas are often lacking in most firms we encounter, but there is now guidance on what is required and the areas that need to be interrogated for ways to enhance your service.
Summary
Is the FCA creating a new category of customer with the Vulnerable Person Guidance? We would have to say no, but the impact of dealing with any customers, consumers or clients needs to be minutely investigated and areas for improvement identified. This would be a fairly major project for most firms, and the worst part is, if they don’t take external opinion, they will continue to choke on their own exhaust.
info@complianceconsultant.org or call 0800 689 0190 to arrange an exploratory call.
