Customer vulnerability management: we need a car, not a faster horse
When Henry Ford revolutionised transport in the early twentieth century, the story goes that he observed: “If I had asked people what they wanted, they would have said faster horses.” The motor car was not an incremental improvement on what existed – it was a fundamentally different solution to the same problem. That distinction matters enormously when we look at where the UK financial services industry currently stands on managing its vulnerable customers.
The training approach: a faster horse
Most firms began their customer vulnerability journey a using familiar tool: training. Front-line staff attended workshops. E-learning modules were rolled out. Policies were written and signed off. Customer vulnerability champions were appointed – once required, but since retired. And in the years following the FCA’s finalised guidance FG21/1, this has broadly been the direction of travel across the industry.
It is easy to understand why. Training is visible. It is auditable. It demonstrates intent – and, in the early days of the vulnerability agenda, demonstrating good intent went a long way. Importantly, training meant that consumers were provided with the support they needed – albeit only a small proportion.
The challenge with training-led approaches is that they have a set of structural limitations that firms are now running into – hard.
Cost and scale. Meaningful customer vulnerability training is not a one-time investment. It requires regular refreshes, consistent delivery across large and distributed workforces, and ongoing assessment of whether that training actually changes behaviour. For any firm of scale, this becomes prohibitively expensive – and even then, results are patchy.
Inconsistency in what gets recorded. When the identification of customers’ vulnerabilities depends on individual staff making subjective judgement calls and logging disclosures in their own words, the resulting data is inconsistent, incomplete, and difficult to aggregate meaningfully. Two customers with identical circumstances may be treated entirely differently, depending on which member of staff they spoke to, on which day, and through which channels.
Systematic under identification. The cumulative effect is that firms relying on training and other manual approaches consistently identify just a small proportion of their potentially vulnerable consumers. Industry data suggests that the true prevalence of vulnerable customers across their entire customer base is significantly higher than most firms’ management information would indicate. The gap between the two is not evidence that those customers don’t exist – it is evidence that the process for finding them is inadequate.
Firms have recognised this. For years, the consistent ask from compliance and operations teams has been: give us a way to do this consistently. But the answer offered has largely been the same: better training, more training, more consistent training. In other words, a faster horse.
The FCA has moved on – and so must the industry
The regulatory environment has changed materially. Consumer Duty has elevated the standard from ‘demonstrating process’ to ‘evidencing outcomes’. The FCA’s 2025/26 supervisory focus is explicit: multi-firm reviews are assessing whether firms can show that vulnerable cohorts receive outcomes at least as good as other customers – measured through management information, not anecdotal stories.
The question firms now face is not: “do we have a customer vulnerability training programme?” It is: “can we demonstrate, with data, that our vulnerable customers are being identified consistently and treated fairly?” Those are very different questions – and the first cannot reliably answer the second.
Digital approaches provide the car
What the industry needs is not an improvement on training. It needs a different mode of transport entirely.
A digital, data-led approach to customer vulnerability management works from a different premise. Rather than relying on individual staff to identify customers’ vulnerabilities in an unstructured way, it uses a structured, consistent digital process to capture vulnerability characteristics at scale – across every customer interaction, every channel, and every product line.
This means consistent data. Customers’ vulnerability characteristics are recorded through a standardised digital process to produce management information that is comparable, aggregable, and meaningful at board level. It becomes possible to monitor trends, identify systemic gaps, and report with confidence to senior management and regulators.
It means genuine scale. A digital solution does not get tired, does not vary by staff member, and does not require a refresher course every eighteen months or a lengthy induction when a new team member joins. It applies the same rigour to the ten-thousandth customer interaction as to the first. It records identification and support improvements and repeats them when required.
And, crucially, it means identifying far more of those customers who need support – not because the threshold has been lowered, but because the process no longer depends on a customer volunteering a disclosure and a member of staff correctly recognising and recording it.
This is the car. This is what solutions such as MorganAsh Resilience System (MARS) deliver: a sophisticated, purpose-built system for managing customer vulnerability across the entire customer base, with the data structure needed to support Consumer Duty outcomes monitoring, GDPR and the FCA’s supervisory scrutiny.
Beyond meeting regulatory requirements, firms are then able to view customer vulnerability as a catalyst for personalisation. This is where the real competitive advantage and commercial benefits can be unlocked – understanding all customer preferences and personalising products, service and support to serve customers better. Firms that have already made this leap are tapping into the opportunities offered by a more scalable and cost-effective solution.
The AI temptation: using Formula 1 car before learning to drive?
There is a new and increasingly prominent conversation happening across the industry: artificial intelligence as the solution to customer vulnerability management. If training is a horse, and digital customer vulnerability management is a car, then AI is being considered as a Formula 1 car – faster, smarter, more capable than anything that came before.
The temptation is understandable. AI tools are genuinely impressive. The possibility of identifying customers’ vulnerability signals from phone calls, behavioural patterns is a compelling proposition.
But there is a prior question that this conversation is skipping: most firms have not yet moved from the horse to the car. They do not yet have consistent, structured, digital customer vulnerability data. They do not yet have the systematic identification processes that would generate the clean, reliable data that AI systems require to function well. Deploying AI on top of inconsistent manual processes does not solve the inconsistencies – it amplifies them, and does so in ways that are harder to audit and explain to a regulator.
The real irony is that AI’s clearest benefit is saving human time, yet much of the industry still depends on heavily manual methods to identify and manage customer vulnerability.
The firms that will benefit from AI-enabled vulnerability management in the future are the firms that build the right digital infrastructure and data now. The car has to come before the racing circuit.
What this means in practice
The way forward for firms is a move from training-led approaches to digital vulnerability management – with the sophisticated systems required to manage vulnerability models, capture consistent data, generate meaningful management information, and support Consumer Duty obligations at every level of governance.
That is not a small change. It requires investment, commitment, and organisational will. But the alternative – continuing to ask for a faster horse while the regulatory and competitive environment demands something categorically different – is increasingly untenable.
With digital systems already available across the market, the car is built and ready to go. The question for firms now is: when they are ready to drive it?
