Vulnerability must be assessed and treated at an individual level – but evidenced and reported at firm level.
Most firms started their vulnerability journeys in accordance with the vulnerability guidance that came into force in February 2021. Typically, this involved training frontline staff to identify vulnerabilities and empowering staff to divert from standard processes to encompass consumer vulnerabilities. In general, where this has been implemented it has been an improvement.
The difficulty of spotting vulnerability
However, this has several big drawbacks when looking to implement Duty. Typically, it is limited to customers for whom we interact with verbally or via chat, while Duty requires us to understand the vulnerability of all our customers and not just those who contact us.
Most identify vulnerabilities differently, so there is little consistency in who is registered as vulnerable or not.
Typically, the assessment of vulnerability is in proportion to the circumstance – i.e. the financial product in question – so the assessment is only valid for this one product and may not be valid for other circumstances. While some firms may have added a vulnerability tick box to systems, the detail of the vulnerability is typically in text format in comments boxes with little proper data capture.
The result is that there is no easy way to report on the data that may or may not be collected. Text within comments boxes is difficult to analyse and requires specialist analysis to unpick facts and data points. Everyone’s assessment being different in turn leads to inconsistencies that reduce the value of any data produced.
The value of data
Duty requires the directors of firms to attest each year they are implementing Duty – and the Financial Conduct Authority has reinforced the need to see evidence that this is the case. Hence, we need good data on vulnerability so we can provide this to our managers and directors.
We also need data on vulnerability for our fair value and target market analysis. We can then understand if we are giving fair value to those with specific vulnerabilities and to analyse how we comply with the Equalities Act on the distribution of protected characteristics.
In a distributed market, we need to communicate the make-up of our target markets between intermediaries and manufacturers, including distribution of vulnerabilities and protected characteristics.
To do this manually will be incredibly inefficient for most firms.
Good objective data is required, as well as having systems to manage this data. The most efficient way to report on vulnerabilities is to accumulate the data on individual cases and this can be provided at the press of a button if the data and digital systems are in place.
