Customer vulnerability management system selection checklist

Written By Andrew Gething

Every firm is on a unique journey with its customer vulnerability management strategy, which translates into different levels of operational maturity. This checklist should quickly pinpoint areas for enhancement and support the assessment of current capabilities against good practice. When considering what technology to adopt, the following checklist should help assess whether systems meet the requirements for effective customer vulnerability management.

This checklist was created by the Chartered Insurance Institute; reproduced with permission.

Contact us for a chat if you want to explore these topics and see how to identify, manage, and support vulnerable customers more easily, cheaply, and efficiently using a powerful digital system.

Identification and classification

  • Are there proactive and reactive methods to assess and identify the customer’s vulnerability characteristics?

  • Is there a classification system or taxonomy that records vulnerabilities in an objective way (not just a binary yes/no) so that data is consistent and excludes the recording of subjective opinions.

  • Are the correct data elements (as per Section 5.2.4 Data structures) in place, including circumstances, severity, coping mechanisms, support needs, the support implemented and the resulting outcomes?

  • Can the system document the impact of multiple and overlapping vulnerability circumstances?

  • Is the system designed to capture and manage customer vulnerability across groups (mostly family groups)?

Data protection requirements

  • Can it store data securely with appropriate encryption and access controls?

  • Can it record the rationale for processing the data (for example, consent, legitimate interests)?

  • Can it modify, update and delete individuals’ data in line with data subject rights?

  • Can it provide information to the customer (from subject access requests) in accessible formats?

  • Does it have mechanisms to keep data both accurate and up to date?

  • Does it cater for only the appropriate personnel to access data, limiting access to those who need it?

  • Does it support role-based access in a tiered way (e.g. front-line staff see basic flags; specialists see full details etc)?

Lifecycle management

  • Can it record data and changes in data over the lifetime of products and services, for example, whether circumstances have improved, worsened or remained the same?

  • Does it support automated alerts when vulnerability circumstances change or require review?

  • Can it prompt for scheduled reviews based on risk and product type?

  • Can it integrate with customer communication systems to prevent inappropriate contact?

  • Does it suggest next steps or support needs based on identified vulnerabilities?

  • Can it record whether the customer adopted the recommended support or not?

Reporting

  • Can it aggregate data by vulnerability cohort for outcome monitoring?

  • Can it track trends over time (for example, identification rates, outcome gaps and intervention effectiveness)?

  • Audit trail:

  • Does it capture a complete history of all changes (i.e. who, what, when, why)?

  • Can it demonstrate regulatory compliance through evidence trails?

Andrew Gething

Andrew is the founder and managing director of MorganAsh. Andrew, a recognised consumer vulnerability specialist and champion, is the driving force behind the award-winning consumer vulnerability management tool, MARS – adopted in the financial services, credit and utilities sectors.

Previous

Pivotal CII guidance on customer vulnerability management
Next

Customer vulnerability data framework checklist