New guidance puts customer vulnerability systems under the spotlight
The new vulnerability guidance from the Chartered Insurance Institute (CII) is a significant step forward for both the insurance and personal finance sectors – and offers much across all of financial services. It provides firms with clear and comprehensive guidance of what ‘good’ looks like when it comes to supporting vulnerable customers. Just as important is the access to a clear action plan to help firms not only embrace, but embed the principles-based guidance of Consumer Duty – something that has been a real stumbling block for many.
Crucially, the guidance explains what this all means for the IT systems that underpin these processes to deliver the efficiencies that make Consumer Duty far easier and cheaper to achieve. Firms require clear structure and data that is both robust and consistent, to more readily enable detailed reporting backed by evidence. There’s no question that this requires technology – and the CII’s guidance serves to emphasise this.
Without such systems in place, firms are left data-poor – limited by inconsistent and subjective identification of vulnerable customers, delayed support pathways and insufficiently robust audit trails. Above all, customers face outcomes that fall far short of Consumer Duty. It’s about much more than achieving compliance though. Without the right technology, firms cannot understand customers well enough to unlock both the competitive advantages and commercial benefits of responding to their needs and delivering a greater service.
Leveraging the right technology
The CII has long documented the firms’ struggles to fully rise to the occasion, particularly while they transition away from more prescriptive regulation. It is well known that managing customer vulnerability is the hardest part of Consumer Duty. The FCA themselves has long advocated for technology adoption – to not just shore up, but to streamline vulnerability management.
After all, customer vulnerability is complex, dynamic and changes over time. And, given the increased scope of Consumer Duty, the tick-boxes and comment boxes of the CRMs of old are simply not up to the task. That’s why the CII’s new guidance puts significant emphasis on systems that can identify, record, monitor and report on customer vulnerability – and consumer outcomes – in an objective, consistent and structured manner.
While some have tried to ‘Frankenstein’ current systems, or build their own, the most efficient and cost-effective solution for firms is to adopt or integrate one of the purpose-built systems currently available.
A practical systems checklist
For firms looking at how they should invest in technology, the guidance provides a practical checklist to ensure that systems meet the required standards. The list is comprehensive, but is split into five key areas.
Firstly is identification and classification. The priority here is that any system goes beyond subjective opinions – and their often binary approach, using yes/no flagging. Firms need to adopt a comprehensive framework for classification built around circumstances, severity and coping mechanisms. This should also include support needs – and the relevant tracking, to identify any support offered and what success it achieved. Firms should also ask if any system is capable of recognising a person’s multiple, overlapping vulnerabilities – or managing customer vulnerability across groups such as households – two key developments added this year to the MorganAsh Resilience System (MARS).
Next is data protection – which remains a hot topic. Can a system store data securely, with appropriate encryption and suitable compliance with GDPR? While concerns are fair, this has long been many firms’ scapegoat (and get out of jail card). However, dedicated systems not only provide a high-level measurement of vulnerability – such as the MARS Resilience Rating – which can be shared across the distribution chain, they also keep data secure, accurate, readily available for access requests and filtered based on role or need.
Thirdly is lifecycle management – which gives firms the ability to record data, and changes in data, over the lifetime of products and services. Not only is this critical in understanding how circumstances have changed, it ensures that firms remain alert – particularly if systems can prompt for scheduled reviews based on risk and product type.
Fourth is meaningful reporting – aggregating data across vulnerability cohorts and trends over time to recognise gaps in identification, outcomes and the effectiveness of intervention. Combine this with the final point – a clear audit trail – and these key components can put that vital intelligence in the hands of firms to ensure that reporting and compliance isn’t a mad scramble or a shot in the dark.
Seizing the opportunity
This comprehensive checklist is not made of up ‘nice-to-haves’ but essential components for any customer vulnerability management system that is genuinely up to the task. While it may all sound onerous, leveraging the right technology enables firms to streamline processes, drive efficiencies and unlock significant intelligence – transforming customer vulnerability from being just a compliance commitment into a strategic opportunity.
For too long, the conversation has been all about the stick, rather than the carrot, and that has not helped. Through our own platform MARS, we have seen firsthand that businesses have embedded the Duty’s principles, embraced the technology and are reaping the commercial benefits. With this checklist, there is no reason why more firms shouldn’t join them on this journey.
