The FCA has published guidance that seeks to bring about a major shift in the approach taken by regulated firms to dealing with potentially vulnerable retail customers. This chimes very much with a wider societal concern to protect those particularly impacted by the COVID pandemic. The guidance relates to the FCA's Principles for Businesses, is very wide reaching and takes immediate effect. In this article we set out the key features of these important reforms. In a related paper originally summarising the related consultation and now updated in light of the published final guidance, we make some recommendations about the steps that firms should take now and the kinds of questions that FCA Supervision may start to ask to police compliance.
At the heart of the new guidance is the desire to see the protection of vulnerable customers form part of all aspects of a retail customer's journey: from product/service design, sales and promotions, customer interactions and (as appropriate) in the event of default. It is very important to note that this guidance does not replace existing FCA rules in respect of dealing with customers in difficulty (such as in MCOBS or CONC). Nor does it usurp other statutory requirements, for example under GDPR or the Equality Act 2010. Firms must find a way of navigating a course through all of these provisions and then this guidance.
The definition of vulnerability adopted in the guidance is very broad indeed and means customers who, due to their personal circumstances are especially susceptible to harm (meaning in essence bad financial decision making), particularly when a firm is not acting with appropriate levels of care. The FCA has identified four "drivers" of risk that locate an individual on a spectrum of risk of vulnerability. These are: (1) health; (2) life events (such as bereavement or unemployment); (3) financial resilience; and (4) capability (meaning financial literacy). In a major parallel survey of retail customers the FCA determined that at February 2020 46% of UK adults (24.1 million people) had some characteristics of vulnerability. That was before the first COVID-19 related lockdown. By October 2020 the FCA estimated this figure was closer to 53%. This ought to make clear to readers how just wide the application of this guidance will be. So, what are the new expectations on firms dealing with retail customers who may have these characteristics?
- Identifying the risks of vulnerability. First (and crucially), firms must understand what characteristics of vulnerability may be present in their target market(s) and then consider how interactions with the firm and its products/services may exacerbate (or alleviate) these characteristics. This has the potential to be a complex exercise, requiring careful thought, building on market research and data analysis. The FCA has identified the following non-exhaustive list of types of harm that firms should be alive to:
- Financial exclusion. For example, customers with no bank account or very limited access to alternatives.
- Difficulty accessing services. For example, this may be caused by a physical disability or digital barrier.
- Disengagement with the market. For example, customers may not read terms and conditions closely or move provider/re-negotiate when a time limited deal elapses.
- Inability to manage a product of service.
- Over indebtedness.
- Exposure to mis-selling.
- Scams and financial abuse.
- Embed good practice. Once firms have identified how the issue of vulnerability is relevant to their business, the FCA expects firms to take proportionate steps to embed good practice at all relevant levels of the organisation, from customer facing roles to Senior Management. In particular:
- Training. Firms should ensure that relevant staff are trained to recognise characteristics associated with vulnerability, although the FCA are clear that its expectation is not that proactive steps are taken to detect such characteristics.
- Practical action. As noted, the FCA expect the needs of vulnerable customers to be considered throughout the customer journey from product/service design through to customer service and handling of events of default. There is no one size fits all solution here either. What practical action firms take to comply with the guidance will be driven by their own assessments of the characteristics of vulnerability in its target market(s) and what constitute proportionate steps in response. However, the following examples from the new guidance should give firms a sense of the FCA's expectations:
- When designing products, specifically consider the needs of vulnerable customers by (for example) speaking to those in the business who deal with the vulnerable or through focus groups.
- Products/services should be periodically reviewed to ensure that the needs of vulnerable customers are still being appropriately catered for.
- Firms should consider whether third party providers or outsourcers, or other firms in the distribution chain for its products/services treat vulnerable customers fairly.
- Customers should be encouraged to communicate their needs and firms should consider what method(s) of communication vulnerable customers might tend to favour.
- Inflexibility in contract terms should be avoided.
- Systems and controls should be put in place to support the delivery of good customer service to those that may be vulnerable. The example given is that information about potential vulnerability should be appropriately shared between different teams e.g. a marketing team and debt recovery team.
- Communications from the firm should be widely understandable and available on multiple channels.
- Monitoring and evaluation. The FCA expects on-going monitoring of compliance with the guidance and that firms will be able to demonstrate this compliance. This monitoring should be supported by appropriate flows of management information to relevant teams and Senior Managers.
How might this guidance manifest itself in regulatory activity? The FCA has already indicated the kinds of questions that it expects to asks firms about vulnerability as part of its Supervisory interactions (see further details in our paper) and this seems the most likely way in which firms' compliance with guidance will be scrutinised. However, it is apparent from recent Final Notices (for example the recent fine handed down to Barclays) that the treatment of vulnerable customers can also be the basis for Enforcement action, involving both significant penalties and even more costly redress schemes. It also seems likely that the FCA will be galvanised by this new guidance and the inevitable financial aftermath of COVID, to bring more Enforcement cases based on vulnerability. Senior Managers will also be in the FCA's sites, given a renewed focus on individual accountability following the now completed roll-out of SMCR. Firms and Managers should therefore consider carefully how to comply with this guidance and also how to evidence that compliance.