Understanding the vulnerability gap 

How many vulnerable customers should a firm expect to have? The FCA’s Financial Lives survey reports that around 50% of people will be vulnerable at any one time. This seems like too many. Many firms still report single-figure proportions of vulnerable customers, sometimes as low as 1% or 2%. This seems far too few. Why is there such a difference? Why do many firms report such low numbers, and does it matter? 

Comparable studies from related organisations also back up the FCA’s 50%, though it may seem high. Many of that 50% will be mild vulnerabilities. Based on live assessments from a wide range of firms across multiple sectors, MorganAsh’s data shows that the proportion of vulnerable customers requiring action can typically be expected to be around 10%–15%. 

With reported figures ranging from upwards of 2% and the FCA setting expectations of there being around 50%, the shortfall is often huge. Let’s look at why there is such a gap. 

The most significant issue is that most firms are working reactively – only checking whether customers are vulnerable when the customer contacts them. This is just a fraction of the total number of customers. Firms aren’t identifying their vulnerable customers, they only identify those they speak to, or who contact them during claims or complaints journeys. 

1. Many vulnerability issues encountered are overcome by staff, informally, at the time of interaction. While providing responsive support is good, the vulnerability is automatically deemed to be overcome – and is often not recorded, even if it continues to be an issue, or is something which could worsen later. 

2. There is a reluctance to record customers’ vulnerabilities at the point of sale, because of a concern that it may interfere with the sales process.

3. Firms and staff feel that it could be embarrassing to ask personal questions. 

4. It may be believed that the consumer is reluctant to disclose issues which are considered private, or firms worry that customers fear that their information could be misused (or used to make negative decisions) or lost/stolen. 

5. The vulnerabilities may be mild and not warrant any change to a process; firms therefore feel there is no need for them to be recorded. 

All of these factors compound, resulting in firms only identifying a small proportion of vulnerable customers. Let’s look at each in turn. 

1. Reactive-only approach: the problem with this is that firms rely on the consumer contacting them; in practice, an ever-increasing number of interactions are digital and transactional, so there is little opportunity for disclosure. Also, the consumer is usually unaware that there is any need to disclose vulnerability information to the firm (and they may also not consider themselves vulnerable or understand what a vulnerability is or isn’t). In some cases, customers may have disclosed but the information was not recorded. Where firms are proactive, and engage with all or most of their customers over time, the percentage of identified customers goes up. This works best when done at an existing point of engagement, for example at the point of sale, at a review or when a claim is made and so on – it can become a natural part of that customer journey. 

2. No need to record a vulnerability: if it was overcome: there are three issues with this approach. First, there is no evidence for audit purposes that the vulnerability characteristics were considered; second, if a different product or circumstance comes into play in the future, where the vulnerability is relevant, there will be no record; and third, there is no comparison data for Consumer Duty outcome reporting – to demonstrate, when comparing outcomes, that the vulnerability was considered and overcome. 

3. Fear of affecting sales: a common fear within commercial teams is that asking personal questions will be considered invasive and affect a sale. We have yet to find any evidence of this; indeed, we have evidence that an improved understanding of consumers’ personal situation leads to increased engagement and sales. This fear is natural but unjustified. 

4. It’s embarrassing to ask personal questions: many people find that asking personal questions is embarrassing and are reluctant to do this. This is understandable, if only because it is a change. All of our experience is that, once you try, there is not an issue. It is ironic that our national greeting is “how are you?” – a question about health; many people find talking about money to be impolite, yet financial services firms do this every day. This is simply an issue of getting used to change. MorganAsh has assessed vulnerable people for over twenty years and this is very seldom an issue. 

5. Reluctance to disclose: this is often quoted as the major issue by those who have not yet implemented a vulnerable customer strategy. It is true that a few consumers may not want to disclose all the information, but our practical experience is that they will if asked, or at least disclose enough to be useful. It is important to explain to consumers why the information is required, so they can understand the benefits of doing so. 

6. The vulnerability is not important enough to be recorded: there are many issues that are relatively mild and common – for example, partial hearing loss. Such vulnerabilities do not require any adaption and are often judged to not be important enough to label the person as vulnerable. Our challenge here is that, (as with not recording vulnerabilities when overcome) we need evidence to demonstrate that the vulnerability was considered; we also need data for outcome reporting – and, if the vulnerability changes or progresses, what was once a mild issue could become acute (if we have recorded this, we can prepare for it). 

Another factor is that many of the firms identifying vulnerable customers in single-percentage figures do so because their clients are wealthy or financially secure – not financially vulnerable. Other vulnerabilities need to be identified, because money does not provide immunity from health issues and life events.   

An identification gap of between 2%–50% may seem insurmountable but, in reality, the steps needed to move towards more accurate identification are neither complex nor hard. 

While organisations can address these issues themselves, technology such as MARS (the MorganAsh Resilience System) already exists to provide a digital, low cost, easy-to-manage solution – one which can be adopted within days, if needed. It can operate fully digitally or within an agent/adviser-guided workflow. 

Working proactively, recording not only vulnerabilities but also any mitigation strategies, support offered/taken and support outcomes, overcoming cultural or familiarity hurdles and changing the nature of the vulnerability categories recorded can shift the dial massively on your identification levels. This spills quicky into offering better support, delivering better outcomes, having better management information and being able to easily report to the regulator. 

The gap is real – but the target percentage isn’t that difficult to achieve. And one thing is certain, if you think you only have a few per cent of vulnerable customers, you are almost certainly wrong – and a good data-driven process can show this. 

July marks the second anniversary of Consumer Duty, the FCA’s tentpole regulation designed to set higher standards for financial services and drive better customer outcomes. Two years on, some firms have seized the opportunity to stay closer to clients and made good progress in better understanding their needs and tailoring service to deliver better outcomes.

By contrast, there are still firms which are behind the curve, whether it’s in complying with the Duty and getting to grips with principle-based regulation, or the wider expectation to embed these principles into business culture, governance and leadership. Complacency remains a big issue as firms overlook the step change required to meet the FCA’s expectations.

Consumer Duty remains the cornerstone of the FCA’s entire regulatory approach. Even with a remit of deregulation, the FCA views Consumer Duty as the principal way to drive growth and innovation in the sector. So, whether firms like it or not, Consumer Duty is here to stay. With two years under our belt, how can we deliver the change the regulator wants to see?

Customer vulnerability

One of the biggest areas for improvement is customer vulnerability. In its recent multi-firm vulnerability review, the FCA identified that firms still cannot effectively monitor or take action on outcomes for vulnerable customers. This is hardly surprising; identifying vulnerable customers has long been considered the most difficult aspect of Consumer Duty.

Although we are all vulnerable at some point in our lives, many firms still report very few, or zero, vulnerable customers. This just isn’t realistic – especially when the FCA’s Financial Lives survey found that 49% of UK adults have one or more characteristic of vulnerability.

Part of the problem is many firms’ reactive approach – waiting for consumers to tell them of their vulnerabilities, or focusing on just a subset of their customer base – or one channel, such as claims or complaints. While this is a good place to start, it doesn’t give firms anything like the full picture. To reach that true proportion, the FCA has repeatedly said that firms need to “actively engage” with consumers; this is still proving to be a real stumbling block for many.

A lack of quality data

Whether it’s ignorance or a piecemeal approach to engagement, firms inevitably become data-poor – unable to demonstrate fair value, good outcomes or wider compliance with the Duty. The FCA has seen examples of some firms repackaging existing data without really thinking about the information needed to truly understand outcomes.

Our experience is that by engaging directly with all consumers using a vulnerability assessment, firms can acquire the robust data needed to not just identify their vulnerable customers, but to monitor and report on the outcomes that customers receive. Crucially, these assessment methods have to be consistent and objective to generate the quality of data needed.

As data standards improve, we can look at data sharing across the distribution chain – this would bring new levels of efficiency to Consumer Duty and allow us to truly put the customer first. The entire process would finally become joined-up – and far smoother for consumers as they share their information once for all parties to act upon in a consistent way.

Technology is available

The regulator knows that firms face an arduous task, which is why it has long advocated for technology adoption to help meet the requirements. Rather than adding nondescript tick boxes to CRMs, or expending both time and money of developing systems in house, firms can use one of the many digital platforms already available to overcome these key challenges. In the two years of Consumer Duty, these systems continue to not only get better but also lead the way in what’s possible.

Technology plays a critical role in bringing consistency not only to assessments but also to how information is collected, standardised and recorded. Just as important is objectiveness; this cannot be achieved through human decision-making – however well trained, advisers, agents and frontline staff will always be subjective. Our MorganAsh Resilience System (MARS) for example, uses assessments which automatically produce an objective Resilience Rating, which is much like a credit score for vulnerability.

Technology has to be the priority for financial services firms in year three. Not only does it drive efficiencies, it brings consistency, scale and cost savings which cannot be achieved through a manual approach or training.

The future

Given the recent focus by the government on deregulation to stimulate economic growth, Consumer Duty has found its future in the spotlight. The Chancellor’s recent Mansion House speech saw some in the industry taking her comments out of context – and thinking it’s all over for Consumer Duty.

The shift to principle-based regulation and a focus on outcomes is a significant move. It ensures consumer protection while also providing flexibility for growth. It’s a forward step, yet it’s almost as if firms want to go back to the prescriptive tick box regulation of old.

Firms which have not embraced Consumer Duty and vulnerability management underestimate the value and growth opportunities which will spring from increasing consumer trust in financial services. Much of the talk so far has been less about the carrot and more about the stick – and this is not helpful. In our corner of the market, we see tangible examples of real commercial benefits for firms – not just from delivering a more personalised service – but leveraging the vulnerability data they generate to make better lending decisions and ultimately launch new and highly-targeted products.

There will always be those bemoaning the regulation and looking to slash what they perceive as red tape. I firmly believe that, as Consumer Duty continues to develop, we see more examples of commercial gain and better customer outcomes – and the Duty deniers will either retire or be late to the party once they realise what they’ve been missing.

As part of Consumer Duty, the FCA asks for firms to consider not only their actions, but also those of other firms across the value chain. One way to achieve this, perhaps the simplest, is to share the individuals’ data. However, many firms don’t recognise the need to do it; some believe this it would be against GDPR or that consumers wouldn’t like it.

Consumer Duty is about putting the customer first – and not only is sharing the required data a simple, pragmatic solution to “work together across distribution chains to deliver good outcomes” (FCA: ‘Consumer Duty implementation plans’ 21 Jan 2023 – 6.4) it is also likely to be what customers expect.

Let’s look at each of these elements.

It is true that Consumer Duty itself doesn’t include a specific requirement for firms to share data, but the FCA does expect firms to work together: “In particular, manufacturers and distributors will need to work together and share information. To help ensure this happens, we have set a milestone for the end of April 2023 for manufacturers to complete all reviews necessary to meet the four outcome rules and share information with distributors to allow them to meet their obligations.” (FCA: ‘Consumer Duty implementation plans’ 21 Jan 2023 – 6.4) While ‘share information with distributors’ may not point specifically to consumer data, it would seem more than useful for others in the supply chain to be aware of any vulnerabilities, in order to avoid harms. Indeed, a great deal of Consumer Duty will run more smoothly if this is done.

It also avoids the consumer being asked time and again for the same information – in itself, this is not a ‘good outcome’ and can be a frustrating and stressful experience if someone is vulnerable.

Then there is data privacy (“GDPR doesn’t allow us to do this”). The privacy pushback simply isn’t true. Yes, data must be collected and stored in accordance with GDPR, but GDPR doesn’t prevent it. Indeed, in our conversations with the ICO, its view is that they would not want GDPR to in any way interfere with or subvert customers’ rights or needs.

In reality, what’s happening here is a mixture of misunderstanding of GDPR and firms’ information systems not supporting the secure sharing of data. Bearing these in mind, it’s possible that some pushback is based on avoiding what needs to be done to make it happen. Data-sharing can be granular – with the right systems, not all data needs to be shared, just enough to enable decision-making or reporting. When GDPR is cited as a reason for not sharing data, it feels hard to challenge – but in many cases it is that the systems in use are unable to share the right data, securely – it’s not GDPR itself.

Which brings us to ‘customer ownership’ – we don’t want to share the data because this is ‘our’ customer’. This strange phrase is accepted almost universally by everyone – well, everyone except customers themselves, who simply do not like the idea that they are in some way ‘owned’. Of course, the desire to hang on to hard-won customers is understandable, but it’s also questionable if doing so in itself creates an avoidable harm – which, like using GDPR as an excuse, is highly probable.

What is almost never discussed is what the customer’s views are.

Well, that’s not entirely true. When customers are polled for views on privacy, they understandably want it respected. The problem is that questions can be loaded. Ask anyone, “do you want us to share your information with anyone else?” and the answer will generally be no. But if we were to ask such questions in context, then the answer can be different. For example, “To make sure that we’re providing the right products and services, and that you are not exposed to risk, it’s helpful to share your information with companies providing this service – is this OK?”

We also need to consider that when a customer buys a product or service, they don’t see the entire supply chain. To them, it’s simply one transaction or service. When they buy insurance from a broker, they don’t expect to have to deal with anyone else – they expect everyone involved to know what needs to be known. Other information gets passed up and down the supply chain, no problem – so why not this? The customers’ expectation is that this is one transaction or service, whatever happens behind the scenes. Indeed, customers would likely be horrified to find that information about themselves is not shared by those working together to provide a product or service.

If something is relevant in any way to their situation or what they are buying, they would expect everyone involved to know, surely?

Like many things in business, it’s about putting the customer first. It’s hard to see how requiring customers to provide the same information again and again – and perhaps get different outcomes from different parts of the value chain – does this. Nor would it be what the customer wants or expects.

When it comes to supporting vulnerable customers, technology plays a critical role in delivering positive outcomes. It enables firms to implement consistent and objective assessment methods to generate an unbiased measure of consumers’ vulnerability and capture the quality of data required for consistent reporting.

Using the MorganAsh Resilience Systems (MARS) as an example, our assessments produce a Resilience Rating, which is much like a credit score for vulnerability.

Not only can this objective measure be shared across the value chain to ensure consistency and avoid assessment fatigue, it provides a top-level indication of vulnerability without sharing extensive personal data – meeting the GDPR principle of data minimisation.

Pension annuities have been in the doldrums for many years but are now on the increase. This is due to improved rates and, with changes to pension taxation, they are arguably likely to increase further. Annuities providers turned their attention to bulk annuity contracts with defined benefit pension schemes and this market continues to grow. However, little has changed over the last ten years in terms of retail consumer products and processes. We ask: what needs to change in light of Consumer Duty?

Reinsurers tell us that around 60% of consumers receive ‘standard’ annuity rates – with no uplift because of health issues. This is alarming, because this figure should be more like 20–30%. Simplistically, it shows that around a third of customers receive lower annuity rates than they could qualify for. Clearly, this cannot be defended as a good outcome.

To understand the dynamics of this, we need to look at the processes. To obtain an enhanced rate for their annuity, providers need to understand the consumer’s medical history. This is almost always undertaken using an industry-standard medical form, which must be completed by the adviser, the consumer or a third-party specialist nurse assessor. Unless the assessment is undertaken by a nurse, it is fraught with challenges.

Consumers generally downplay their medical issues; advisers find it embarrassing and don’t really want to pry into clients’ medical conditions; providers earn more if they receive less information – and are more efficient if they can automate the underwriting process. Each party in the distribution chain will say they play their part – providers give the best quote on the information they receive, while advisers say they fill in the form as requested, and consumers don’t appreciate that worse health can be financially beneficial. Consequently, poor medical information is given, evaluated, and results in lower annuity rates being offered – reinsurer data indicates that this affects about one-third of consumers. This is an industry systematically delivering poor outcomes.

At MorganAsh, our annuities quotation service includes a medical assessment, by a nurse, to get good medical information – and it often unearths more material information than any standard application form. Repeated surveys of our work show that this process directly returns higher annuity rates for 76% of customers – with a mean increase in annuity rates of 2.5%, compared to completing the standard online application form.

Consumer Duty requires us to put in the same effort into delivering good outcomes for consumers as we do to generate sales. Annuities use a standard application form, followed by automated underwriting based on this standard form. In contrast to protection underwriting, protection underwriting demands more medical information, more rigorous verification, and a balanced use of automated and manual underwriting, depending on risk level. The standard application form makes it easier for advisers to get comparative quotes.

The last regulatory intervention promoted competition, and comparative quotes with the aim to improve outcomes, however, this has not improved outcomes as much as hoped.

Another major issue is if or when annuities are considered. There are multiple pros and cons as to whether an annuity should be used. It is generally accepted that they be part of retirement advice.  As consumers’ health generally declines with age, then arguably an annuity should be considered as part of any retirement plan – if not every year, then at least every few years, or when health issues change.

Since health is a major component of the annuity rate, a robust health assessment should be undertaken every few years.  Comparing standard annuity rates is only going to understate the real rate for at least two thirds of consumers. However, most annuity quotations are obtained at retirement age, indicating that annuities are only being considered at that age and not being compared through retirement.

The elephant in the room is the commercial bias for assets under management (AUM). Investments earn annual advice and management fees, while an annuity releases a one-time commission. AUM is the main method to value advice firms, and therefore, there is strong commercial pressure to keep consumers’ funds under management – and not release them to annuity providers. With so much acquisition and consolidation in the market, it is difficult to believe that this does not have an impact on decision-making.

Logically, those with health issues (the vulnerable) will receive poorer outcomes, because they get lower annuity rates than they are entitled to. Consumer Duty’s outcome reports should measure good or poor outcomes for retirees. It is highly unlikely though that the consumer will understand if they received a lower annuity than they deserve and are therefore unlikely to complain. To understand, firms will need to review consumers’ health, to determine if they could have received a better outcome; this may need to be built into current quality checking to avoid increased overheads. 

No doubt firms will aim to identify these issues within their Consumer Duty board reports and will be putting in place the measurements needed to understand consumer outcomes for the vulnerable. I’m sure that to change some of these processes will require cross-industry changes, which will take time.

One of the first hurdles to overcome for any firm on its customer vulnerability journey is the actual identification of vulnerable customers. This is by no means a small feat, as many firms have found out when trying to meet the requirements of the FCA’s Consumer Duty.

It’s important to also note that, while significant, it is just one responsibility that makes up a firm’s wider customer vulnerability management strategy. Once we have identified our vulnerable customers, it is followed by the challenge of what do we do next – and the support we recommend. We know that we need to provide support – to enable clients to achieve a good outcome – but to really understand the outcomes clients receive, we need to look beyond purely ‘signposting’ or making an initial recommendation. We need to look at the complete picture.

Alongside recording the recommendations made, and how these were made, we also need to note whether it was suitable, and also whether it was taken up and implemented by the client. Without understanding and tracking this critical stage, we risk undoing all the important work done earlier in the process – identifying, classifying and monitoring potential vulnerabilities – and risk delivering a poor outcome by not knowing where the failure point is.

For example, many firms will recommend that consumers set up a will and a lasting power of attorney – but the take-up rate for these can be low, resulting in poor outcomes. In this instance, the identification of the vulnerability is very high – not having a will in place – but the implementation of getting the will is the thing to break the chain.

Just recently, a probe by the FCA revealed that some banks and building societies needed to provide greater support to those dealing with a bereavement or setting up a power of attorney. The regulator found examples where individuals were unable to access funds because staff were unsure of which action to take, or how quickly.

It quickly becomes clear that tracking suggested support is just as important as making the recommendation in the first place. After all, it is this which allows firms to keep track of what happens with the individual and ensures that interactions with clients are appropriate. Furthermore, the record of suggested support becomes hugely valuable for audit purposes, allowing firms to report on the support actions consumers take up and implement. It goes without saying how important this is in demonstrating compliance with Consumer Duty.

In truth, we need to understand and track all stages of customer vulnerability management, as any one of these can fail. This starts with identification and classification – understanding who has what –and to what severity – before we even move onto monitoring. Then we can recommend and track support pathways. Following this, we can monitor outcomes far more closely to determine whether a poor outcome was mitigated.

Without robust data at every stage, it becomes much harder for firms to really know what is going on with clients and to accurately pinpoint where any failure point is. The FCA has consistently reminded firms just how important good data is in managing customer vulnerability and for meeting the requirements of Consumer Duty. The latest example was in its multi-firm vulnerability review which identified that many firms are still unable to monitor or take action on outcomes for vulnerable customers.

There’s no question that this is an onerous task. The FCA is fully aware of this and has long advocated for the use of technology to help firms meet the requirements. Digital platforms – such as the MorganAsh Resilience System (MARS) – are now available to not just help with the assessment, but also to make recording and tracking information at every stage much easier.

MARS, for example, offers a catalogue of standard pathways – the ‘next steps’ presented to users when a characteristic of vulnerability is detected. In our latest software update, we’ve added the ability to record how and when suggested support is recommended to clients, along with their reactions – and whether they take-up the recommendations. There is also the ability to record if support is pending, partially completed or not implemented, as well as if it’s incorrect, not required or declined by the consumer, with notes available to add for all progress.

We know that most proactive advisers will want to go the extra mile and support clients at the time of need with relevant recommendations. Given the scope of the potential next steps available – including mitigating strategies, support organisations and charities – covering a spectrum of potential vulnerabilities of varying severities, this can be easier said than done. Add in the need to record, track and report on all this information and there’s no question that a digital-led approach enables firms to actually achieve this – moving from simple signposting to a recommendation strategy that is targeted, can be monitored, is data-rich and always audit-ready.

Recently, the FCA published the terms of reference for its review of the pure protection market, following consultation on the review’s scope and approach.  While many of those who are tired of being ‘bundled in’ with general insurance welcome this market study, the elephant in the room is commission – or, to be more specific, commission bias.

For years, consumer groups have cited commission bias as a major cause of consumer harm. The industry’s position is that because life insurance is not that stimulating to purchase, without commission, sales will drop and the proportion of protection provided will plummet – which is not good for the nation’s financial resilience.  Fundamentally, both arguments are true. 

The challenge for the industry is how it can reduce bad outcomes which result from commission bias, and evidence this – so it does not get strangled by a blunt regulation. The industry needs to demonstrate that commission bias is just a minimal cause of bad outcomes.

Consumer Duty gives the financial services industry the framework needed to measure and report on bad outcomes for all consumer types. Ideally, firms would demonstrate the effects of commission on consumer outcomes, across different distribution models – although, as most firms have a single remuneration model, this may not be possible.

Recent attention has been on claims and claims turnaround times and, as claims is where the value of protection insurance is received and demonstrated, it deservedly gets this attention.

20 years ago, MorganAsh introduced tele-interviewing to the UK. The key benefits of this were to separate the medical assessment from the sales process and to be more diligent in collecting medical information. Now, the amount of misrepresentation we see that results in paid-out claims is effectively zero (we do get some fraud by consumers, but this is quickly and easily debunked at the time of claim).

The industry chose a different route, pursuing automated systems and requiring the salesperson to undertake medical assessments – all in the pursuit of sales, which were prioritised over reducing misrepresentation and any resultant problems at claim stage.

Statistics on declined claims due to misrepresentation have improved over the years – but this is due to cases being paid out rather than up-front identification. Reinsurers report misrepresentation in around 10–20% of cases – and they maintain that the industry could reduce its fees if misrepresentation was reduced.

Under Consumer Duty, it is difficult to justify consumers paying a premium resulting from an industry focusing on sales rather than consumer outcomes. There is a difficult fair-value argument, which says that consumers pay more because the industry is focused on sales – and indeed, this is exactly what Consumer Duty is trying to change.

We know consumers believe that pay-out rates from protection insurance are far lower than they are in practice and, despite good PR and marketing efforts, this has hardly changed over the last 20 years. The industry’s focus is on sales, not consumer outcomes, – and it only needs a few bad stories (justified or not) to reinforce the consumers’ view. After all, bashing the insurance industry drives both views and clicks.

Consumer Duty’s main thrust is for firms to focus on good consumer outcomes or, at the least, reducing bad outcomes, as this will improve consumers’ trust over the long term. Improving trust over the long term should improve consumer take-up and sales, so it is in both the consumers’ and the industry’s interest.

When remunerating by commission to an individual, and requiring them to undertake the medical assessment, it is difficult to even suggest that bias does not exist. In addition, undertaking medical assessments and selling/advising on products typically requires radically different skill-sets, and is generally an inefficient use of advisers’ time.

Using techniques like tele-interviewing to separate sales and medical assessments not only removes bias, but provides the evidence of having removed bias. It seems to me carrying on denying that there is an issue with commission bias, without any evidence to demonstrate this, is not going to wash. Firms need to prove to the regulator that there is no commission bias – and demonstrate the removal of bias to win back consumers’ trust.

Customer vulnerability is like any journey. Set off with the wrong destination in mind and that’s where you’ll end up – the wrong place.  

Many firms succumb to the same pitfalls when setting out on their customer vulnerability journey – and then find they are adrift in terms of outcomes, customer support, reporting and compliance.

With the FCA announcing the findings of its vulnerability review, we look at the ten most common pitfalls. 

1. Some firms assume or believe customer vulnerability is all about (or mostly about) financial vulnerability; some even say that their clients are too wealthy to be vulnerable. Customer vulnerability characteristics also include things like health and lifestyle. Wealth isn’t a shield against many vulnerabilities.  

2. Some firms think that vulnerability is binary – a yes or no – when there is a range of severities and impacts. Someone isn’t just vulnerable or not, in the same way that people aren’t rich or poor, or sighted and blind. 

3. Some firms wait for consumers to inform them of any vulnerabilities, when the FCA has said that firms should actively engage with all customers. People are unlikely to proactively disclose such information, sometimes because they worry it will be used against them, sometimes because they don’t see themselves as being vulnerable and often because they aren’t aware of Consumer Duty. 

4. Some firms restrict vulnerable customer processes to those involving human interaction or phone calls – ignoring digital and other forms of consumer interaction. All forms of interaction should be included. 

5. Some firms identify and mitigate customers’ vulnerabilities but fail to evidence having done this. This could be because such work is undertaken informally; it could be because there isn’t a structured way to report such interactions – and therefore no way to report on them.  

6. Some firms place most of their focus on training front-line staff, expecting them to both be able to identify all vulnerabilities, and remember the multitude of ways their firm can mitigate issues – and expect this to happen without any system support. This places what are quite detailed and specialist tasks into the hands of staff who are already busy performing their core roles, expecting the overhead to be ‘absorbed’. Results from this approach have been shown to be poor. 

7. Some firms rely on and accept individual subjective customer vulnerability assessments, despite evidence which shows that lack of awareness, training, professional empathy or having conscious or subconscious bias can skew results, making them inconsistent and possibly opening the firm up to legal action. Firms fail to introduce an objective methodology of communicating the wide variations in impact of each vulnerability characteristic, resulting in poor, inconsistent data that cannot be understood by others. 

8. Some firms fail to consider the FCA’s requirement for ongoing monitoring and the need to record customers’ vulnerability characteristics over time, especially over a product’s lifetime. 

9. Some firms fail to consider how to communicate customer vulnerability characteristics between intermediary and manufacturer – they may be doing it inadequately, doing it inconsistently or assuming the other is doing it – and therefore not doing it at all. 

10. Some firms fail to consider how customer vulnerability data can be collated and compared to outcome data – to enable reporting on vulnerable cohorts. 

A straightforward and simple shift in mindset on these basic principles can have a massive, material impact on a firm’s Consumer Duty compliance and the success of its vulnerable customer strategy. 

Many firms’ progress on customer vulnerability is hampered because they base their decisions and strategies on myths. These myths persist despite robust evidence to the contrary.  

MorganAsh has been assessing and helping vulnerable people for over twenty years. We look at these myths and why they are wrong. 

1. One can easily assign vulnerability identification to front-line staff or intermediaries. Well, assigning assessment, identification, classification and recording customer vulnerability to those teams may be easy, but doing it is far from easy. Front-line staff and intermediaries are already busy with their core roles – expecting them to assess the numerous types and severities of customer vulnerabilities, without system support, isn’t just optimistic, it’s unrealistic, no matter how good the training. 

2. Customer vulnerability is a binary issue: people are either vulnerable or not. In reality, customer vulnerability is a range – people aren’t either sighted or blind, for example. Almost every characteristic of vulnerability ranges from slight to severe. Both the characteristic and the vulnerability need to be understood, otherwise you’d treat everyone as equally vulnerable. You wouldn’t send braille documents to someone who is colour-blind – this may be a trite example, but it shows the flaw in binary thinking. 

3. People are inherently and always vulnerable. In fact, people have characteristics of vulnerabilities, and there are circumstances which may lead them towards a potential harm – depending on the interaction you have with them. Someone who can’t understand numbers well (the characteristic) may well cope with most of life and a lot of situations, but when needing to make a financial investment (the circumstance) they are potentially at harm if the interaction does not take into account that vulnerability – for example, providing the numeric information in a clear and understandable way, or ensuring that it is explained and understood.  

4. Customers are fearful of questions about vulnerabilities and won’t engage on health and lifestyle issues. This is simply not true. MorganAsh has been assessing and helping vulnerable people for over twenty years and our experience is, that when it is positioned correctly, consumers have no issue with this at all and are happy to disclose information. Indeed, they are more reluctant to talk about money – and financial services firms do this with them all the time. 

5. If we have happy customers, we don’t need to do anything. The FCA requires that firms provide evidence of this. However, a customer can be happy (perhaps with personal service) and not be aware that they have experienced a preventable harm – for example, an underperforming investment, or low insurance payout. Evidence of happiness or satisfaction isn’t necessarily enough. 

6. Adding an ‘is vulnerable’ tick-box in a CRM, with a text field for more information, is enough. This falls short in many ways. If the vulnerability characteristic isn’t recorded, then it can’t be used to collate board reports or for outcome reporting. When another agent reviews the customer, the tick-box and text field is unlikely to be enough. It also engenders poor practice – subjective assessments and the use of inconsistent language. This has the appearance of solving a problem, but it simply creates a bigger one. 

7. We think it’s up to other people in the supply chain (intermediary or manufacturer) and not us. There is a view which says that if someone is doing it, then it is being done – but if both are in some way servicing the customer then both need to know, act on it, and report on it. Assuming someone else is doing it, or it’s someone else’s responsibility is incorrect – Consumer Duty applies to all firms and advisers. 

8. We already have lots of data on our customer, and can add third-party data to this. Almost all of firms’ data is either transactional or financial and does not include the required health and lifestyle data, for example. Inferring vulnerability from third-party data is risky; yes, postcode data can tell you (for example) mortality expectations to some degree, but it can’t tell you exactly who has a terminal illness, is blind or who is recently bereaved. Consumers may also consider themselves as being ‘judged behind their back’ and decisions taken on such data are far from robust. 

9. We must assess and report in the FCA’s categories of health, lifestyle, capacity and resilience. The FCA does not require firms to report on these categories. When assessing consumer characteristics, the categories of health and lifestyle work well – but capacity and resilience are due to multiple factors and so it is easier to assess and collate the contributing characteristics. Making subjective judgements on capacity and resilience isn’t easy; it’s both very difficult to avoid bias and record characteristics with consistency. 

10. At some point the FCA will specify exactly what to do. This won’t happen; the FCA has already moved to principle-based regulations, and this is unlikely to change. The regulations are designed so that firms can implement what will work for them; that doesn’t make them imprecise or vague. 

Is customer vulnerability management a real thing? The answer is ‘probably not’ – it is a component part of customer engagement or operations – but, in the short term, and to help facilitate change, it is useful to focus on it in more detail.

Under Consumer Duty, the FCA requires that firms:

1. understand an individual’s vulnerability and to act accordingly to reduce any potential harm

2. monitor the consumer through the lifetime of the product/service

3. measure outcomes of vulnerable cohorts, compared to those of the resilient

4. assess fair value for vulnerable cohorts, compared to the resilient

5. maintain evidence of the above

This is not easy and, as per repeated communications from the FCA, most firms struggle to meet these requirements. Firstly, let’s look at managing this change – who should be in charge?

One of the problems with customer vulnerability management is that it covers multiple functions in firms – including operations, IT, compliance, customer services, quality checking and so on. To instigate change in all of these areas, there needs to be senior managers in charge who have the authority to drive these changes through; this is likely to be the ‘Consumer Duty champion’.

Many companies have a customer vulnerability lead, but they tend to be in charge of staff operations and they focus on just the training of staff – to meet item 1 above, and don’t have items 2–5 in their remit or authority. There should be a senior manager with this responsibility – probably the Consumer Duty champion.

The second large area of customer vulnerability management - one that many firms have missed - is how to collate the customer vulnerability data needed for reporting. Then, how to correlate the outcomes for vulnerable consumers – for example, did the bereaved, divorcees or those with mental health issues receive better or worse outcomes than the resilient? To be able to rectify the outcomes for any vulnerable cohort, the cohorts themselves must be understood.

After all, multiple consumer interest groups have proven that vulnerable people do receive worse outcomes nationally. The aim of Consumer Duty’s reporting is to identify which companies cause this, with the aim of reducing harms as much as possible.

Accurate reporting requires consistent data – and a big challenge with customer vulnerability data is that individual assessments are inconsistent (and subjective). Therefore, firms need a methodology, or a classification system, for all the types of customer vulnerability they are likely to come across. With around 50% of consumers being vulnerable at any one time, this is vital – otherwise, having to do something different for 50% of consumers will be a monumental and unnecessary overhead.

In practice, most customer vulnerabilities are relatively mild, or consumers already have mitigation strategies to overcome them, so firms don’t need to change what they do. The key is the understanding of the characteristics of vulnerability, their severity, the impact on the consumer – and their preferred way to overcome it. Once these are known and understood, then the proportion of cases requiring change is typically less than 10% – but it does mean firms need to hold data on all vulnerable customers as evidence.

For the vast majority of firms, it will be far more efficient and GDPR-compliant to manage the customer vulnerability data in software systems. The challenge is where to store this data. Firms can either build their own (starting from scratch or adding to existing systems) or licence the new VulnerabilityTech that is commercially proven. Not having a system is probably the biggest gap in the current vulnerability strategies of firms. Some CRM systems have added tick boxes and drop-down lists – but this approach is far too simplistic.

Once the right management and systems are in place, firms need to look at modifying the customer journeys of each vulnerable cohort. There are multiple ways to understand and prioritise these cohorts: firms may look at complaints, or just talk to frontline staff who could quickly come up with a list, or start with the most common – bereavement, divorce, debt serious illness and so on.

Once new processes are agreed, staff can be trained on how to implement them, and on how to use the new systems. The most difficult part of training is providing empathy; this comes naturally to some, but is challenging for others, and this may require some reorganisation. Hopefully, the “computer says no” challenge will be removed by the adoption of systems and processes – and staff are empowered to manage situations in far more empathetic manner.

Customer vulnerability management should not, in the long term, be a different discipline – but it is useful to highlight it in detail in the short term, in order to highlight the changes required. It should effectively be a means of personalisation; a means to enhance customer service – if Amazon did customer vulnerability, they would call it personalisation.

The FCA recently published its analysis of Consumer Duty board reports. Most firms have been working hard on Consumer Duty and thought they had done a good job, but the FCA report identifies some big gaps in implementation.

The five key areas of improvement included better quality data and analysis of different customer types, particularly those with characteristics of vulnerability. The regulator also saw little challenge from the board, any evidence of a comprehensive view across distribution chains or any plans to take effective action moving forward.

Throughout the year, we have spoken with multiple executives, non-execs and operational teams from firms, as well as the FCA on this topic. From these conversations, we have distilled a few reasons why there is a gap between FCA expectations and firms’ delivery.  This is not about blame, but about understanding the gaps and how they emerged.

For many firms, the focus on Consumer Duty was on fair value - work included amending and/or proving their products were of fair value. This priority took precedence over other areas; notably, customer vulnerability was well down the list – especially as it was not one of the cross-cutting rules.

When it came to implementation, many struggled with the transition to principle-based regulations – asking what they needed to do and uneasy with unclear guidance, in case they got this wrong. Many compliance consultants and industry bodies failed to bridge the gap between how the guidance and how this should be implemented in practice. The recent CII report argued for more clarification from the FCA.

Customer vulnerability was seen as a separate activity, focused on training frontline teams and their interaction with consumers. This is partly due to the wording “train frontline staff” within FG21/1, and partly due to this regulation coming out earlier and separately to FG22/5.  This led to a lot of training activity for frontline staff, but as these staff were not involved in Consumer Duty projects, the need for data and reporting was often sadly missing.

Most firms failed to realise that to meet Consumer Duty, they would need good reporting on customer vulnerability data to compare with outcome data. As most had implemented a manual approach, most vulnerability assessments were subjective and recordings were an after-thought. This resulted in minimal consideration to the structure of data, the classification of customer vulnerabilities – and that this data would need dedicated IT systems to store and manage it securely.

Many firms failed to understand the implications of monitoring vulnerability over the lifetime of products – and who needed to do this.  For so many products with intermediated distribution, this means either both intermediary and manufacturer both have vulnerability data or they share data. Sharing data is by far the best option for the consumer, but has significant GDPR and IT challenges to be overcome. As none of the documentation referred to sharing of data, many firms claimed this was not required by the FCA. This is why the FCA has specifically highlighted the need for sharing of data across the distribution chain as one of their five areas for improvement.

The FCA has pitched Consumer Duty as a major change, yet many firms see it as a compliance issue and an inconvenience. Many firms took the easy option of using existing customer service feedback as outcome data, even though the FCA kept repeating that using existing data was unlikely to meet their requirements.

Some medium-sized firms hoped they could hide behind the principle of proportionality, that they were ’small’  so they did not have to implement Consumer Duty. In this latest report, the FCA indicates it considers small to be fewer than 10 people.

To compare outcomes for vulnerable consumers and to monitor customer vulnerability over the lifetime of products requires accurate, objective data. This needs to be stored in a format that can be reviewed and shared with others in the distribution chain – in most cases for years. This means firms need a consistent methodology to assess and classify characteristics of vulnerabilities and consumers’ needs. As different users in the distribution chain may use vulnerability data for different products, data on characteristics of vulnerability needs to be specific to the consumer and not dependent on any product or any one firm’s specific systems. This almost certainly means they need dedicated IT systems to store this data in compliance with GDPR.

Firms have the choice to either invest in building their own systems – or they can avoid reinventing the wheel and purchase the now proven tech systems already in the market. With the right systems and processes in place, the regulatory requirements of Consumer Duty become far less onerous. More importantly, with greater awareness of the needs of all our customers and the ability to monitor outcomes, we can unlock the competitive advantage the regulation offers.

The FCA’s upcoming pure protection market study provides an opportunity for the protection industry to distinguish itself from general insurance – and be benchmarked against the previous review. How is the protection industry doing in terms of meeting Consumer Duty?

Many believe that protection itself helps people avoid harm, so there’s no need to do anything. But is this true? No – the reality is that there is plenty of potential for harms.

Products and services

These may not pay out to the intended beneficiary, perhaps because policies weren’t set up to provide to unmarried partners (a third of couples), perhaps the trust or nominee policies were not set up effectively, or joint policies are in place which do not accommodate divorce – or there is the lack of a lasting power of attorney.

It’s also possible that the policy may not match the customer’s need – perhaps there’s no protection for a mortgage, or loan, or hand-off to a specialist; or it could be that the product or coverage amount may be incorrect – or hadn’t stayed in line with changes in circumstances; or that initial health assessments were inadequate, resulting in declined or reduced pay-outs, or increased premiums for all consumers – a clear challenge to fair value.

Price and fair value

Customers may be unknowingly paying for a policy that is no longer appropriate, due to a change in circumstances, such as divorce. Or a high commission may be built into the fees, which has little value to the consumer.

Consumer understanding

Customers may not understand their options, or what their products cover – and be disappointed when claiming; they may not understand the underwriting process – with non-standard decisions leading to higher prices than originally quoted; it could be that they might not put in a claim because they either didn’t know they could, or because they have forgotten about their policy – or trustees may be unaware of their role and responsibilities.

Customer support

Slow or poor service, or a lack of empathy when dealing with a claim, can cause unnecessary stress – or a lack of support when a joint policy is used as an instrument of economic abuse. It should be remembered that, when people are claiming, they are likely to be in a vulnerable position – and the speed and quality of response can make or break the customer experience.

What needs to be done?

Firms need to identify vulnerable customers and mitigate harms; they must monitor customers over product lifetimes; they need to report on outcomes and fair value for both the vulnerable and the resilient – and maintain evidence of the above. Doing this requires measurement and data.

But who does this? The adviser, the provider or both? How is monitoring undertaken? How is this shared between parties? Who undertakes the vulnerability assessment and who lets the other know when things change?

Specialist advisers would retain the data, but what about non-advised sales where the adviser submits information into a pricing portal but likely doesn’t retain it?

Medical underwriting may consider health indicators of life expectation, but this omits many vulnerabilities – including life events such as separation and bereavement, or characteristics such as numeracy and literacy. There is a need for more comprehensive vulnerability assessments – probably annually.

Claims aren’t anywhere near frequent enough to use as a measure of outcomes – plus, we need to measure outcomes for those who don’t claim. This means that firms must be proactive in assessing consumers – and repeat the process at reasonable intervals.

Consumer Duty requires us to look at outcomes and fair value – for both the vulnerable and the resilient – across the value chain, over time, ensuring that cover is always appropriate and is in step with both life changes and expectations.

This requires data – which requires systems. ‘Not knowing’ is no longer acceptable. Firms without evidence may find blunt changes in the FCA’s rules – as happened with GAP insurance.

But it’s not all about evidence. The sector is largely missing its biggest opportunity in decades. Meeting Consumer Duty means having more customer conversations and knowing more about customers. Effectively, this can introduce a pre-underwriting phase which creates opportunities to provide more relevant products and create sizable sales opportunities.

The challenge is that, as firms are finding out, assessing, identifying, monitoring and reporting on vulnerable customers is not simple. The only effective route to this is through good technology – and the good news is that this already exists, and firms don’t have to build it themselves. All the challenges of creating an assessment methodology and lexicon of characteristics have been solved – with software that’s already in use and proven. All of the issues raised above can be solved with systems which can be up and running in days.

This means that advisers and firms can meet the requirements and opportunities of Consumer Duty now, with very little investment.

Recently, I was talking to a consolidator of financial adviser businesses about customer vulnerability management and the due diligence around Consumer Duty. The FCA is likely to enforce Consumer Duty over 2025; this therefore represents quite a liability for acquirers if the target firm has not implemented Consumer Duty.

Assets under management (AUM) effectively represents the amount of income an adviser can make from ongoing fees. It is relatively easy to adjust the percentage income from the assets to assess scenarios of income, taking into account fair value changes due to Consumer Duty.

What is far harder to understand is any compliance with vulnerable customer management – how the company has implemented this and the changes it has made. The consolidator I spoke to proposed that they would require all target adviser firms to ensure they had undertaken a customer vulnerability assessment with all customers, as part of their due diligence.

This will give three excellent indicators on the value and potential liability of the business: first, the proportion of consumers with vulnerability assessments indicates the proportion of customers with good relationships (arguably, if the firms does not know their customers characteristics, then the relationship is not that strong); next, the proportion of vulnerable customers identified indicates how well the assessment had been conducted, and finally the proportions and types of support implemented is an indication of how well the firm looks after its customers.

Every wealth manager, and most advisers, will insist they know their customers – and this is broadly true but, without data to evidence it, they will fall short of the FCA’s requirements – as highlighted by recent FCA feedback on Consumer Duty reports. Firms will have little evidence to defend themselves should a claim be made.

According to an FCA survey last year, 49% of wealth managers and 60% of stockbrokers claimed, somewhat improbably, to have no vulnerable customers – the mean is around 50%. A lack of evidence,  or reporting little to no vulnerable customers is a substantial liability for firms and consolidators.

The FCA’s aim for Consumer Duty is to increase trust in financial services, by ensuring that firms put customers’ needs first. Judging the value of an advice firm based on how much commission they make on their customers’ assets would seem at odds with this aim. 

I am sure vulnerable customer management will not replace AUM in 2025, but it will be interesting to see how this develops. There is certainly a need to easily assess firms’ compliance with both Consumer Duty and customer vulnerability – and ignoring these has the potential for consolidators and their private equity backers to catch a cold.

Many firms are struggling with storing vulnerability data due to the perceived conflict between FCA regulations and GDPR. A recent CII report highlighted this, with firms asking for more information from the FCA. We have also heard that some firms are avoiding collecting customer vulnerability data because they believe that the FCA’s fines will be less than those from the ICO. Let’s consider some of the concerns and how these can be overcome.

Firstly, this is not a new issue. Indeed, the FCA has recognised this and included a whole chapter on this topic in their paper Occasional Paper 8, which was published in February 2015.

Within the utilities sector and some large financial services firms, the basis for processing data maybe under SPI – Specific Public Interest – but, for the majority of financial services firms, the category of permission will be ‘explicit consent’. Simplistically, this means that the consumer must give their consent; this can be verbally, digitally or in writing. In our view, firms should keep a record of how and when this consent was provided, so it can be evidenced later.

When recording information about a customer’s vulnerabilities, it is important that this is factual, and not a subjective opinion. Since vulnerabilities are a combination of the consumer’s characteristics and the circumstances of the interaction with the firm, we recommend that these are stored separately. Also, because vulnerability is not binary – it’s a range – we recommend having a classification system to enable the recording of degrees of severity against each characteristic. Only then can data be stored in an objective and consistent manner and, when required to provide this to the consumer under subject access requests, only strictly factual data is provided.

We know that some firms use simpler vulnerability ‘flags’ and drop-down lists to record that someone is vulnerable. These require a lot of staff training to ensure that everyone uses identical assessment and identification criteria – otherwise the results are subjective, inconsistent and even opinionated – which is open to challenge under GDPR’s accuracy and integrity requirements.

Consumer Duty requires us to monitor the consumer through the lifetime of the product and GDPR requires us to keep data accurate. How often we need to refresh the data will depend on the product and the circumstances.

The challenge of storage limitation is more difficult for vulnerability data. Clearly, to meet the needs of identifying the consumer characteristics and determining any mitigating strategies means that a great deal needs to be understood and collected. The challenge is not to share all of this data amongst the whole firm. The best way to address this is to have a method of communicating vulnerability at different levels of detail. This way, the appropriate treatments and processes can be undertaken while limiting the sharing of any sensitive personal information.

Some firms believe that they only need to record the mitigating strategy – often referred to as ‘the need’. However, this approach is limited because multiple mitigating strategies are used for different treatments; typically there is more than one consumer characteristic that needs to be mitigated. Equally, circumstances may change over time – so it becomes important to understand the underlying characteristics when products and circumstances change.

Security wise, it’s clear that all data must be stored securely; especially as this is special category data, under GDPR. We recommend conforming to ISO 27001 as the minimum standard. If adding this data to existing systems, firms may need to update their data protection risk assessments to check if the systems are suitably protected for special category data.

How long data should be stored will vary with the product or service. Most consumers will forget – so we recommend that data is stored in line with the product or service. If this covers years, then the data is stored for years, but it will need to be refreshed periodically – and it’s easier to reconfirm the consumer’s consent when a refresh takes place.

Some firms propose using existing data, perhaps from credit reference agencies or open banking. Here the challenge is twofold – firstly, that these sources don’t cover all health and lifestyle issues and secondly, that explicit consent is typically required, so there is a need to contact the consumer directly anyway. There is also a risk in inferring a vulnerability from such data, along with the optics of effectively judging someone’s vulnerabilities behind their back.

To hold all this data securely needs systems – spreadsheets and similar are not sufficient. Firms have the option to build these systems themselves or to adopt the new VulnerabilityTech systems which are now on the market, such as the MorganAsh Resilience System (MARS). Firms should of course consult with their own data protection officer to ensure their customer vulnerability implementation is compliant.

The FCA has set out its plans to conduct a pure protection market study. The aim is to understand if the market is functioning well and whether consumers are receiving good outcomes. In particular, the regulator wants to ensure that outcomes align with Consumer Duty – including whether they represent fair value.

What does the FCA mean by fair value? It wants to see products and services designed to meet the needs of its target market; products that are transparently sold and ones where customers have the ability to switch or exit – and access support.

Given that protection products are sold primarily through intermediaries and often come into their own when consumers are faced with vulnerable circumstances, this is hugely important.

The question is though, for issues or harms already known, should the industry get on the front foot and provide outcome measures so these can be presented to the FCA as quantifiable issues with plans to address?

Products and services

There are certainly examples of where products are not set up to deliver benefits or pay out to the intended beneficiaries. A key example is where unmarried partners may not automatically be entitled to a life insurance payout. Cohabiting couples are the fastest growing family type in England and Wales, and account for 18% of all families. Separately, there are also joint policies that are not flexible enough to accommodate divorce or separation, or where trust or nominee policies are not set up effectively.

Alternatively, a policy might not match the consumers’ needs, whether because there is no protection in place to protect a mortgage or loan, or because an incorrect product or coverage amount hasn’t changed in line with the customer's circumstances. A good example here is income protection not reflecting a change in job or career progression.  Does sending a letter each year to remind consumers of their coverage resolving this issue and reducing harms?

Before all this is the risk of inadequate health assessments at the application stage. Not only does this increase the chance of reduced or even declined pay outs, it can also increase premiums for all consumers – which is clearly at odds with fair value.  Should we be putting more effort into reducing non-disclosure up front?

Price and value

In terms of price and fair value, there is the potential for consumers to be paying for a policy that is no longer appropriate, whether that is due to changing circumstances – such as divorce – or through adopting group cover.

Commissions is undoubtedly a hot topic too, just as we have seen recently in the car finance sector. Clearly the onus is on firms to provide evidence in outcome reporting that the detrimental impact of commission bias is small or being managed.

Consumer understanding

For consumers, there is the possibility that they do not understand their options or what products actually cover, leading to disappointment or even outrage at the claims stage. The underwriting process can also present challenges too, with a lack of understanding potentially leading to non-standard decisions or higher prices than originally quoted.

Furthermore, a lack of understanding can lead to consumers being unaware that they could claim, or forgotten that they have a policy in the first place. Similarly, trustees may also be unaware of their role and responsibilities.

Consumer support

A slow or poor service, particularly with a lack of empathy at the claims stage is certainly a cause of stress and potential harm. The same is true for a lack of support when life insurance is used for economic abuse and exercising coercive and controlling behaviour.  Consumer feedback is really positive on nurse and GP support services, how do these impact outcomes, especially for the vulnerable cohorts?

Data is our best defence

Consumer Duty requires firms to not just measure outcomes, but report on how outcomes and fair value compare between vulnerable cohorts and the resilient. This is not easy, indeed the recent CII report lists vulnerability as the hardest part of Consumer Duty.

At first glance, protection has a lot of data on health and finances, but in practice there are major challenges in accessing this data. Most vulnerability assessments are undertaken by the intermediary, but the health data is submitted into pricing portals and not retained by the intermediary. In addition, most underwriting focuses on health issues affecting mortality or morbidity, and don’t cover the lifestyle issues that are so important in assessing vulnerability.

While specialist protection providers may use provider portals, more general holistic advisers and mortgage brokers use multiple systems. Consumers have multiple products - mortgages, General insurance as well as protection. Therefore, when considering systems to identify, assess and support vulnerable customers, the need is to be product and provider agnostic.

With very few intermediaries and providers sharing data on vulnerability, there is a lot of work to be done. Some providers may look to lock in intermediaries by providing vulnerability assessments as part of protection application portals. However, with the requirement on outcome reporting for intermediaries as well as providers, it is likely that intermediaries will have to hold their own data - independent of providers - and hence select their own systems.

Some may look to build these vulnerability systems in-house, but given the size and scale of the task at hand, this is not an efficient use of time, energy or resources – especially when systems already exist in the market to meet these requirements.

With the right management information, the hope is that we can demonstrate that the kind of poor outcomes described are low or shrinking. 

If we can really get a handle on these potential harms, the reward for firms is far greater than just meeting regulatory requirements. It means we can achieve our ultimate goal of supporting customers properly in their darkest hours, delivering unrivalled service and support that converts customers to powerful advocates for both protection, their provider and their adviser too.

Is it that time already?

It feels like we’ve only just taken down last year’s Christmas decorations and here we are, putting them right back up again. As 2024 draws to a close, we look at some highlights from the year. Our top line:

• Consumer Duty, and managing vulnerable customers, is a massive challenge for many firms. We’ve made a lot of headway in helping firms meet the regulations.

• Our benchmarking shows that MARS customers identify a broadly similar number of vulnerable customers as the FCA’s Financial Lives survey – around 50%. This is in contrast to some firms only identifying a single figure percentage.

• MARS customers have access to an increased wealth of evidence for reporting.

What the FCA and the Government said this year

• The year started with the FCA announcing its review of customer vulnerability. The results are out now. Consumer Duty Board Reports: Good and Poor practice | Complaints and root cause analysis: Good and Poor practice

• In March, the FCA issued a survey to selected companies on how they were progressing with customer vulnerability – see the survey here.

• In June, the FCA issued a clarification on the FCA’s guidance, on the need to “actively engage” with consumers.

• In July, firms completed their first Consumer Duty board reports; the FCA undertook a review of around 200 firms, we understand the results will be out shortly.

• September saw the publication of a report by the Chartered Insurance Institute, highlighting vulnerability as the hardest part of Consumer Duty.

• In October, the FCA’s Graeme Reynolds delivered a speech at the PIMFA conference, saying: “In the firms that get this right, the first, vital, step is identifying vulnerability. You can’t begin to think about how to deal with vulnerability, how to meet your clients’ needs, if you haven’t first considered which of your clients might be vulnerable and why.”

• Ofgem and Ofwat both made great strides to improve customer vulnerability management in the utility sector over the year.

• The Consumer Duty board report has just been published; the overall feedback is that firms need to up their game on outcome reporting and vulnerability data.

MARS software continues to lead, with unique features

• Firms can now optionally manage customer vulnerability at a household level, as well as with individuals.

• Significantly expanded management information with many new charts and benchmarks.

• Added many more next steps – which we call ‘treatments’.

• Development continues at pace and, in early 2025, we will enhance search functionality and the ability to record when and how mitigating processes were actioned.

More customers adopt MARS

• MARS is now used across multiple sectors, including credit, debt management, building societies, wealth management, insurance, mortgage brokers and utilities.

• New customers included PayPlan – the second largest debt company in the UK – and London & Colonial Assurance – our first international MARS client in Gibraltar.

The launch of our consumer portal, itswhoiam.me

• To help firms position Consumer Duty and customer vulnerability with consumers, we have launched an online information portal, itswhoiam.me.

• The website helps build trust and confidence, explaining why it will help consumers to volunteer information about their vulnerability characteristics. Check it out – we’d welcome your feedback.

The most popular customer vulnerability webinar programme

• Over the year, we have delivered eleven customer webinars – to an audience of thousands. The most popular being “avoiding bad outcomes for vulnerable customers”, for which over 600 people registered. Via our own webinars and through partners, around 5,000 people signed up in 2024.

• We continue to lead the sector with the provision of useful content – everything from understanding bad outcomes for vulnerable customers to harnessing the commercial benefits of Consumer Duty.

• We record all our webinars, and they are all available on our website. Around 25 episodes are available.

• We’d like to thank all of those who gave up their time and expertise to participate. This includes Alastair Reed, Alan Knowles, Margaret Kirby, Johnny Timpson OBE, Duncan Minty, Jonathan Clarke, Charlie Williams, James Edmonds, Kelly Melville-Kelly, Carol Nuttall, Daniel Edmondson, James Sudworth, Branko Bjelobaba FCII, Philip Michell, Nick McDonald, Peter Labrow, Adrian Harvey, Chris Fitch PhD FRSPH, Vaughan Jenkins, Martin Preston and Kay Haighton - thank you very much for your time and expertise! ❤️

Johnny Timpson OBE and James Edmonds join

• One of the UK’s most recognised (and decorated) customer vulnerability experts, Johnny Timpson OBE OBE, became chair of MorganAsh. Johnny is one of the UK’s best-known vulnerable customer advocates, Financial Inclusion Commissioner and a founding member of the Financial Resilience Taskforce.

• Leading Consumer Duty and customer experience specialist James Edmonds also joined us, as Consumer Duty consultant.

LinkedIn group – the place to go for customer vulnerability updates

• Our LinkedIn group, Managing customer vulnerability, Consumer Duty and resilience, doubled in size.

• We now have over 2,600 members – showing how customer vulnerability is a growing focus for many firms.

Useful customer vulnerability content

We published many blogs and white papers; many being run in the industry media. Some highlights are:

• Customer vulnerability, your questions answered – a joint publication, authored with Elephants Don’t Forget, FWD Research and the Collaboration Network.

• Will AI solve the customer vulnerability challenge? – co-authored with LexisNexis.

• A 10-point checklist for customer vulnerability management.

All the best for Christmas and the New Year

We want to thank all our customers, everyone we’ve had conversations with, new partners, listeners of our podcasts and viewers of our webinars. Thanks all for your amazing support this year.

Wishing you a very merry Christmas, and all the best for 2025.

Andrew Gething and the MorganAsh team

We built the MorganAsh Resilience System specifically to help firms meet FCA Consumer Duty requirements on vulnerability. Here is how it matches up to the FCA’s feedback on the five areas for improvement needed in Consumer Duty board reports.

👎 Some firms did not have data of sufficient quality to justify their conclusions, or to give governing bodies adequate assurance that they had met their Consumer Duty obligations. Some firms did not provide sufficient explanations with their management information to clearly demonstrate good customer outcomes.

👍 MARS identifies, classifies, monitors and reports on characteristics of customer vulnerability in such a way that it can be used to compare outcome monitoring data. Its unique classification system ensures that customer vulnerability data is both objective and consistent, providing reliable management information for boards. Too many firms focused purely on training, neglecting data collation and reporting.

👎 Some reports did not contain evidence that the appropriate amount and types of information had been shared between the firm and third parties across the distribution chain.

👍 MARS enables the sharing of information between intermediary and manufacturer. Its comprehensive classification system of customer vulnerability means that all parties can understand what is going on – and can share data between firms, as part of the monitoring obligation. MARS is independent of firms and products – it’s purely customer-focused.

👎 Some firms did not show that they adequately considered the outcomes for different groups of customers, including vulnerable ones.

👍 MARS’s unique classification of characteristics of vulnerability enables consistent management information that can be correlated against outcome reporting data at different granularity levels of data, and across different areas, for example: product or distribution channel.

👎 It was not always clear that there had been any effective challenge from firms’ governing bodies on the content of the reports – for example, through the minutes of board meetings.

👍 The whole concept of customer vulnerability management is new; it is not until people see data from MARS do they realise what is possible. To use a Henry Ford analogy, many people are asking for a faster horse – MARS is like providing a car.

👎 Some action plans and improvements were not accompanied by details such as timescales, action owners, or clarity on the type of data that would evidence good outcomes.

👍 The MARS roll-out proceeds in stages; we've collaborated with multiple firms, to help them plan their implementation phases and meet the FCA’s requirements.

😊 In summary: without a comprehensive classification methodology, and systems to store and communicate this data, firms will struggle to meet the FCA’s requirements.

In a recent letter, the Treasury wrote to the FCA to recommend that financial inclusion forms part of its remit.

The exact words said: “..should have regard to reinforcing financial inclusion...to enable individuals to access the financial services and products they need to fully participate in the economy.”

The letter comes as an increasing spotlight is placed on financial inclusion in the UK, with the new Labour government setting out plans to create a national inclusion strategy. The aim is to improve financial resilience and minimise exclusion.

Professor Martin Coppack from Fair By Design has been campaigning for this change for several  years – and hats off to him for his persistence. 

The question is though, how will this change to the FCA’s remit affect Consumer Duty? The regulation requires firms to prevent harm – such as minimising bad outcomes to consumers. Effectively, this instruction to the FCA asks for Consumer Duty to be extended further than just preventing harms – and to include the minimisation of financial exclusion.

Much of focus so far for financial inclusion has been on the banks, ensuring those who have small funds can still access a bank account. But how will this affect the rest of financial services? A large proportion of financial firms service those consumers with ample funds and the cost of advice  means it is typically commercially unviable to offer advice to those with minimal funds. There is hence a massive commercial conflict if firms are required to provide services to those with less funds, that are commercially loss making.

Alongside those who may be financially excluded, the change raises questions for those customers that can be excluded from opportunities, benefits or accessing services due to their personal characteristics or a disability.

The Equality Act requires that all firms do not discriminate against customers because of their protected characteristics, such as their age, race, religious beliefs, sexual orientation or disability. Historically, few firms have been challenged under the Equality Act and arguably it has not been enforced that well.

However, Consumer Duty brings the Equality Act within its umbrella, requiring firms to monitor and report on whether they are meeting this criterion. This is likely to raise the issues of discrimination – at least internally, if not externally. While most firms will be fine in not discriminating against gender, age or religion, there will be considerably more of a challenge for disability.

The Equality Act defines disability as anyone with a physical or mental impairment who has a ‘substantial’ and ‘long-term’ negative effect on their ability to do normal daily activities. With ‘long term’ meaning 12 months or more, this includes most cancers, cognitive impairments and diabetes for example.

Indeed, over half of people over 65 have at least one long-term illness and this increases to nearly two out of three for those over 85.  This has repercussions for those firms pursuing a digital only solution and indeed those with an older clientele.

Firms are able to select their own target market and, in theory, this could be a digital-only channel – but how does this comply with the Equality Act? In practice, it is difficult to see how any firm can operate as digital only (without any other means of communication) without contravening the Equality Act, as it discriminates against those who cannot interact digitally.

Consumer Duty should reduce exclusion for the vulnerable and anyone with disability, as there is a large overlap with those who have reduced funds, this should go some way to reduce financial exclusion. We do not expect the financial inclusion issue being changed or solved any time soon. Indeed there will need to be a consultation and recommendations first, and it is likely the FCA will be after data from firms to see the impact on exclusion from existing Consumer Duty regulations.

The FCA has been repeatedly banging the drum for firms to hold data and manage customer vulnerability – and this is due to increase with the publication of its vulnerability review in a few months’ time. While it is too early to anticipate how the financial inclusion requirements will be implemented, those firms which hold robust data and comply with vulnerability and Consumer Duty requirements should at least be in a strong position to understand the issues and implications.

In a webinar on 9 July 2024, LexisNexis Risk Solutions joined forces with consumer vulnerability specialist MorganAsh, to shine a light on ways to enable wider engagement across your full customer base. The audience raised a series of questions, which LexisNexis and MorganAsh have answered here.

QUESTION

Many well-meaning initiatives ended up channelling vulnerable customers to less regulated or outright unregulated service providers – many based outside the UK/EEA. Do we have any impact assessments on Consumer Duty’s rules at this stage?

ANSWER

We don’t think there is a simple, definitive yes/no answer. The key test is whether consumers experience good or bad outcomes – because the signposting to other entities contributes to the outcome. In our view, the regulatory status and the location of service providers are secondary. If you have an unregulated third party that provides good outcomes (on the whole) and you can evidence this – then, in our view, it should not matter where they are. We believe there is a recent ruling by the Financial Ombudsman Service which found that building societies were responsible for a legal firm that went bust, to whom building societies were referring wills and LPAs. It depends on what service or product you are selling. If it’s a pure no-frills transaction service, then expectations would be lower than for a full-blown advice service. Some companies are signposting to charities, simply because there is no cost – but, really, such actions need to be aligned to good outcomes. Equally, some companies are forming partnerships with third-party services and providing robust referrals. We think this whole topic has a long way to go. But check with your own compliance teams.

QUESTION

How often should you capture changes in people’s data? I think LexisNexis has mentioned about following up every two weeks.

ANSWER

There is no hard-and-fast rule about how often firms need to refresh data on consumers – indeed, this will depend on the product. For example, a six-month, high-interest loan would be different to a five-year fixed mortgage. Most of MorganAsh’s clients in financial services generally refresh on an annual basis, which is when they do their regular annual reviews – and this seems sensible for them. In the future, using data partnerships with LexisNexis and others, MorganAsh will get feeds on bereavement, change of address and other life events – this will enable us to update data in near real-time. The LexisNexis Risk Solutions reference dataset is updated on a fortnightly basis. This process includes taking the latest data from a wide range of data sources and, based on this latest information, alerting subscription clients to where the data footprint suggests they have moved house, where there is a new address for the customer, where contact details have changed, or where there has been a bereavement.

The LexisNexis Risk Solutions reference dataset combines a wide range of different data sources, with the specific aim of creating the most complete view of UK consumers, and maintaining this over time. 

QUESTION

What kind of questions does MorganAsh ask to assess vulnerability in its assessments?

ANSWER

MorganAsh tries to cover all types of vulnerabilities, including financial, health, life events, bereavement, coercion, abuse and so on. They have various question sets, and multiple options that can be customised, depending on the type of business and customers.

QUESTION

What are your views on indicators of financial abuse and customer vulnerability to investment scams? We typically only see this after the event – for example, when a customer has become a victim of a scam.

ANSWER

MorganAsh asks consumers about being victims of previous scams, and they ask about financial understanding; MorganAsh has been working with industry experts on this and also ask some subtle questions about other loans to try and detect these. But they know this is only scratching the surface. As yet, MorganAsh is not predicting vulnerability for future scams. This is something which may be possible by using some clever modelling, with AI looking at the assessment results for signs of scams – but this will likely not be easy.

QUESTION

More of a statement than question: from experience in data quality and governance, I can say it is key to get the data quality right, to make sure the customer feels valued. You can offer the best-value products but, without knowing your customers, treating them as you would want to be treated yourself will always miss the most vulnerable. Customers are our best source of knowledge!

ANSWER

Agreed, 100%. Customers are the best source of data – if this data is held correctly and used to the consumers’ advantage, then this will enhance relationships with them.

QUESTION

Do you see the value in AI-led voice-recording technology that can identify a vulnerable customer? Would this not be a better method than trying to screen a vulnerable customer rather than via a form etc?

ANSWER

There are a few issues with this approach:

1. You can only identify consumers who phone in, which is a subset of all vulnerable consumers within a firm’s customer base – especially as we move to become more and more digital, and less spoken interaction.

2. It is born from the incorrect assumption that you can’t ask the consumer; you can, and it works well – MorganAsh has been doing this successfully for over 20 years.

3. Engagement with a consumer is easier if they have told you themselves, rather than identifying something behind their back.

4. Some vulnerabilities won’t be detected easily in this way, because it is a condition with which the consumer is comfortable – as an example, someone who is fully blind (and always has been) will display normal voice patterns on a call, so wouldn’t be flagged.

The MorganAsh approach is identifying around 50% of consumer vulnerabilities – while voice-analytic approaches are in the 10%–20% range. (The results from MARS tally closely with those from the FCA’s Financial Lives survey.) That said, analytics can be a useful add-on for large call centres. While this has its place, it’s likely not the right place to start.

QUESTION

Do you blanket send the questionnaire to all customers? And, when identified, what do you do with that data? Is root cause discussed and are actions prioritised?

ANSWER

Really, the only way to identify the (broadly speaking) 50% of customers who are vulnerable is to ask them all. Otherwise, you’re guessing, or perhaps using unconfirmed data that was gleaned behind their backs. Of course, not all consumers will respond, but MorganAsh has consistently very high engagement rates of around 60%–70%. When MorganAsh identifies a vulnerability, the MARS software generates a consistent, objective, Resilience Rating and then recommends next actions; these are controlled using specific triggers – based on characteristics, severity, product, age and so on. The next actions (which MorganAsh calls treatments) are highly configurable, as are the triggers (because what works for one firm may not for another) and can be added to as required. Firms can review individual cases and see stats for next actions for each characteristic and each next action.

QUESTION

Consumer Duty states that we need to monitor and record good outcomes. Once identified, is it just a case of ensuring that each customer receives the same level of treatment as a non-vulnerable customer – along with looking to remove barriers that vulnerable customers would come up against? 

ANSWER

Yes. We need to identify which cohorts of vulnerable customers are getting worse outcomes – and then try and mitigate these as best we can. That is likely to mean a modification to the process of some sort. Equally, there will be situations where outcomes are not as good and there may be limitations on what firms can and cannot do.

QUESTION

Do vulnerabilities need to be proven by the customer? For example, do they require evidence of a doctor’s diagnosis? Is there a minimum level of evidence required?

ANSWER

No, there is presently no need for evidence. This may, in the future, become necessary for cases of suspected fraud, for example, especially when consumers become wise to the benefits and start gaming the system. As a company, MorganAsh is used to this, because they deal with many insurance claims on a daily basis.

QUESTION

Given the increased focus on customer vulnerability from the regulator, is it right for a financial services organisation to continue to take a passive approach to capturing vulnerability needs (such as waiting for a customer to self-disclose) or should proactive capture of vulnerable customers now be the new normal?

ANSWER

Waiting for customers to tell us, or us identifying vulnerability on a reactive basis, generally uncovers very low proportions of vulnerable customers. There is a need to be far more active in understanding customers. The FCA recently updated its website on guidance to say that firms must “actively engage” to reinforce this point. So, simply speaking, firms should – as you say – be proactive and not reactive.

QUESTION

Do Consumer Duty’s rules extend to firms which do not give advice directly to consumers, but rather distribute products via intermediaries? For example, is there an onus on the firm to ensure that its intermediaries comply with Consumer Duty? 

ANSWER

Consumer Duty applies to all regulated companies; there are some rules that apply differently for manufacturers and intermediaries but, when it comes to customer vulnerability, all parties have the same responsibility. We believe that it is OK for firms to rely on other firms to do the vulnerability assessment – but they must see the output – for example, how this impacts outcomes. It is not OK to just hope that the intermediary is doing the assessment. In many instances, the intermediary will be doing the initial vulnerability assessment at the point of sale – but then the intermediary and manufacturer need processes in place for how this will be monitored over the lifetime of the product. For mortgages, for example – say on a fixed term – the consumer may go to a different adviser and a different provider at the end of the term. Both need to know that one of them will contact the consumer at the end of the five-year term to see how the consumer wants to progress – to avoid dropping onto standard variable rates by ignorance or apathy.

QUESTION

Since customer vulnerability requires us to make best endeavours to assess, would it not be possible to request that a consumer identifies any vulnerability in a question-and-answer exchange? This would perhaps be appropriate in low premium risks, where extensive research would outweigh the value of handling the risk.

ANSWER

Yes. Indeed, if we understand your question correctly, this is exactly what MorganAsh does – they send a simple set of questions to the consumer to complete, and MARS does all the analysis and recording work for you. Equally, an agent can use the system to guide consumers through the Q&A. Find out more about MARS

QUESTION

With a monthly renewable coverage which has no end date, other than perhaps retirement, is there a requirement for annual reviews to be made? Would an annual vulnerability assessment be an acceptable frequency?

ANSWER

Yes, annual reviews in such a situation – as you say – is very sensible. MorganAsh has spoken about this with the FCA.

QUESTION

You mention APR (annual percentage rate); does anyone really understand what APR is and do we think this is an outdated term that needs explaining more or even changed?

ANSWER

This was simply an example to illustrate how terminology used in communication can impact customers. Explaining products in easily understandable terms will help to ensure that customers get fair value from products.

QUESTION

Having collected customer vulnerability data at point of service, or premium negotiation on a call, we would want to use that data to monitor and, in some cases, control customer outcomes in policy management and so on. Without having explicitly requested permission for those activities, how do we balance privacy risks under GDPR with consumer risks under Consumer Duty (especially for health, where GDPR is more explicit around consent, compared to principles-based Consumer Duty guidance)?

ANSWER

Everyone needs to comply with GDPR, so yes – MorganAsh gets, and records, explicit permission from the consumer to hold their data. MorganAsh’s position is that they want to know the information so that they understand customers’ personal circumstances – and so customers can be served better. We think the key issue here is if you use the data for the purpose stated and for which you have consent, or for a different purpose. So, we guess it’s the wording of the consent that is important if you want to use this data for other purposes.

Please note that these answers are the views of the speakers, and firms should always get their own compliance advice.

You can download this as a PDF (1.3MB)

While there hasn’t been much to celebrate about in this environment of higher interest rates, one positive is the resurgence of annuities. From their decline and near extinction following the introduction of greater pension freedoms in 2015, annuities, which provide retirees with a guaranteed income for life, are soaring in popularity amid high interest rates – and are now generating far better returns.

Research by the Association of British Insurers found that sales of annuities were 27 per cent higher in H1 2023 compared to the previous year. Furthermore, annuity comparison quotes on the iPipeline platform hit their highest levels for a decade in Q3 and Q4 2023. Given the path of interest rates so far this year, this demand has only continued.

However, with inflation returning to ‘normal levels’, expectation continues to build that a long-awaited cut to the Bank of England base rate could now be imminent.

With financial advisers looking to lock in competitive annuity rates before any potential change in interest rates, it’s never been as important to have proven, repeatable methods which achieve the highest possible annuity rate for clients.

Nurse-led medical assessments

In a study conducted by our team at MorganAsh, we found that nurse-led medical assessments return a significantly higher annuity rate than those submitted using standard online forms. In 76 per cent of cases, a higher annuity rate was achieved – with a mean uplift of 2.5 per cent, or £225, per year. In fact, many cases saw an increase of 10 per cent or more, while one case in particular saw an uplift of 33 per cent – or nearly £7,000 of extra income per annum.

This study took place between February and May 2024 with two quotes obtained from Aviva, Just, L&G and Canada Life. With rates recorded for each case and both methods, Aviva achieved the greatest difference in average annuity rates at 3.7 per cent.

Hearing clients and answering underwriters

What makes this approach so successful? A key factor is clients having positive interactions with our registered nurses, giving customers the freedom and confidence to disclose information that they may not necessarily volunteer otherwise. Just as important is the nurses being fully aware of the information medical underwriters require – and how this should be recorded and presented. MorganAsh nurses for example are highly experienced and often senior – they are used to talking to customers and obtaining accurate health information.

With the right provider of medical assessments, underwriters are aware of and appreciate the due diligence that has been undertaken and are more likely to trust the data provided. If this is then presented in a format that works best for them, there’s no reason why they wouldn’t be inclined to provide a better rate.

Even with a slight increase in assessment, underwriting and administrative costs, our study found that this approach is still cost-effective. By our maths, and with average life expectancy and the average duration of annuities taken into account, an uplift greater than £10 per annum would be cost-beneficial. This was achieved by 75 per cent of cases in our study.

Answering Consumer Duty

Given the higher returns achieved by annuities, as well as the opportunities available to combine the guarantee of an annuity with the flexibility of drawdown, it is clearly in the best interest of the client to explore this avenue.

In fact, there’s a pretty solid argument to say that with Consumer Duty requiring firms to evidence that they have considered all options, not considering an enhanced annuity at annual review is unlikely to meet the new rules.

Furthermore, studies such as this, and current research, confirm the effectiveness of nurse-based medical assessments in achieving higher annuity quotations – particularly for those retirees with significant and complex health issues. Therefore, if this route is not considered, there’s the possibility that a customer could receive a poor outcome – one that is open to later challenge.

Successful triage

Nonetheless, it can still be challenging for advisers to know when to obtain an annuity quotation and whether to do this online or go more in-depth with a nurse assessment. Software such as MARS (MorganAsh Resilience System) incorporates an annuity triage and uses health data already collected from its consumer vulnerability assessment to make a recommendation on the likelihood of an enhancement, as well as the best course of action.

Not only is it highly efficient to use this health information to triage for other products, it’s a real opportunity to reach out to areas previously underserved and to deliver a broader and better service to clients.   

Consumer Duty places real emphasis on firms to assess their entire customer base to identify their vulnerable clients and ensure the outcomes they receive are at least no worse than the non-vulnerable. There’s no denying that this is an onerous task and in this first year of the new regulation, many firms across financial services have turned to technology to not just save time and resources, but to deliver the necessary results.

Just as important is what happens next once a vulnerability is identified. This is particularly intensive when you consider the broad range of vulnerabilities that a client may be dealing with at any one time. Under Consumer Duty, this spans further than financial pressures to include health issues and disabilities, family issues such as bereavement, divorce and domestic abuse, protected characteristics and so many more. Thankfully, technology is proving to alleviate this challenge too.

By completing an individual vulnerability assessment, platforms such as the MorganAsh Resilience System (MARS) can automatically generate recommendations on suitable next steps – MARS refers to these as ‘treatments’. A tech-first approach eliminates the significant and ongoing training required to stay up to speed with all possible mitigating strategies for all manners of customer vulnerability. Advisers are able to do what they do best and rely on tech to provide a suitable treatment in real time when the need is discovered.

Debt advice

Given the challenges of the current climate with higher interest rates and household costs, it’s hardly surprising to hear that debt is a major concern for many consumers. According to The Money Charity, average total debt per UK household in April 2024, including mortgages, was £65,143.

For those unable to service serious debt, there’s no question they will be in a vulnerable position. That’s without even considering other challenges or factors they may also be facing. While advisers may be able to identify debt concerns as part of their fact find, they may not necessarily know the correct next step or treatment to support a positive outcome.

Using MARS as an example, we recently partnered with PayPlan, one of the UK’s largest debt advice organisations to include their debt advice service within MARS as a support service. This means MARS users can refer any clients with debt issues to PayPlan for free debt advice. According to data from PayPlan’s dedicated vulnerable client team, 53% of all PayPlan clients disclose a vulnerability, making tailored support and advice absolutely essential.

Avenues to good outcomes

Access to free debt advice is just one element of support that is available to those in financial difficulty, with treatments that can identify potential coercion or support those involved with loan sharks. MARS also has an integrated benefits calculator from Inbest, enabling advisers to check if clients are missing out on any important benefits, social tariffs or local discretionary grants. Research suggests that UK households are missing out on as much as £19 billion of support each year.

When we say there is a wealth of mitigating strategies, support organisations and charities supporting a wide range of potential vulnerabilities, we truly mean it. There is also the potential to utilise data from the assessment to successfully triage a client’s suitability for protection or an enhanced annuity.

By adopting and integrating the right technology, advisers have these suitable next steps at their fingertips at the time of need. Firms can even add their own, perhaps if they’ve found particular success with a local or niche support provider. This is particularly useful for the many treatments that you may call upon once or twice per year, but are still incredibly valuable.

To be completely on top of customer vulnerability is a mammoth task – especially when you consider the extensive requirements already facing advisers just to do the day job. Adopting a digital approach to customer vulnerability not only streamlines this process and achieves better data and results, it enables advisers and firms across financial services to deliver a far better, and more tailored service.

While Consumer Duty is clearly a vehicle to improve standards across financial services, those looking at the bigger picture also see the competitive advantage it can offer too.