But, if fair outcomes for the financially vulnerable are to become a fundamental part of financial services, and if industry professionals are to make informed decisions on the issue of customer vulnerability, all parties must work more closely together.
To achieve this, joined up sharing of vulnerability data will be paramount.
Of course, there are risks when it comes to sharing data, specifically around UK GDPR. There is the perineal question of how advisers can discharge their responsibilities to a product provider, while meeting the Financial Conduct Authority’s (FCA) vulnerable customer requirements (and now policy under PS22/9) and also remain UK GDPR/Data Protection Act (DPA) 2018 compliant. But data sharing needn’t be an arduous or troublesome task.
This can be done safely, compliantly and with customer experience very much in mind. Sharing data can be done in a safe and compliant way. Firms needn’t be so nervous of the process.
Today’s data isn’t enough
Aggregated data sets on vulnerability simply don’t cut it when trying to meet the objectives of the Customer Duty. This is because firms deal with individuals.
Of course, there may be easily identifiable categories of vulnerable circumstances, such as bereavement, disability or redundancy. But individuals, by their very definition, have individual circumstances and ultimately cannot be grouped or categorised. Likewise, vulnerable circumstances rarely manifest themselves alone – the current identified number of combined circumstances runs at an average of 2.4.
Additionally, there are circumstances that are more difficult to identify, such as cognitive ability and resilience, but must still be noted if the FCA guidance is to be met.
We need to change the narrative around using aggregated data sets to identify vulnerable circumstances, and instead recognise that meeting the requirements of the Consumer Duty means carrying out vulnerability assessments at an individual level.
Why the process needs to change
An important issue that one of our own co-founders at Comentis, Jonathan Barrett, has previously discussed, is the serious disconnect that exists when it comes to the way vulnerability assessments are carried out.
As a working example of this problem, let’s assume all firms in the distribution chain are using a fit-for-purpose vulnerability identification and reporting solution. First, a mortgage adviser during their factfinding process asks the customer to take a “profile survey” on an app, usually taking around 10 minutes. The adviser then sources a lender and submits their application.
Under the Consumer Duty, this lender is also obliged to identify and report any vulnerabilities. Even if they’re using the exact same tool, the customer has to go through the whole process again.
If the customer doesn’t meet the lending criteria, and the application is turned down, the adviser will need to ‘re-broke’ the case to a new lender, who will have their own vulnerable circumstance identification tool that the customer must use.
This lender may also use a servicing company for origination, which will require an additional vulnerability assessment. Should the application be accepted, the customer may decide to take out some protection insurance.
This will lead to yet another vulnerability assessment.
The process can go on and on, while the customer grows more and more frustrated at having to do the same assessments time and again. Even if they all come out with the same result, it can be painfully inconvenient, and can potentially add to the customer’s already vulnerable state.
Best practice relies on sharing data
Sharing vulnerability data is imperative to a good customer experience. Ideally, the initial contact – the adviser – would conduct the assessment and share the findings throughout the distribution chain. The keys to making this work are transparency, disclosure, ensuring customer understanding and discharging responsibilities efficiently and effectively. A correctly and well-worded privacy template is essential.
If the privacy or fair processing notice of the adviser is drafted correctly, and the terms of business with all the lenders are adequate, this can all be achieved.
Of course, firms might want to be in control of the quality of their vulnerability assessments, and the easiest way to overcome this inconsistency is to use accredited clinical solutions. It’s possible that, very soon, an industry standard will become obligatory, making it easier to ensure the quality of the tools being used throughout the chain.
UK GDPR and Data Protection has always enabled firms to share sensitive personal data, so long as the privacy statement includes explicit consent and that provider or the distributor agreements are adequate.
With this in mind, as firms finalise their Consumer Duty implementation plans to submit to their governing boards for scrutiny by the end of October, they should include a review of their privacy policy, a review of introducer terms of business and a selection of accredited clinical vulnerability identification and recording systems.
Industry professionals must all work closely together on this and ensure a more joined up approach from the off. Only then will this provide the end customer with a better experience and indeed put their needs first.
