Creating a Vulnerable Customer Policy

Posted by

Martin Schofield

on 26 Oct 2021


Consumer vulnerability in the UK has received a great deal of attention over the last few years. It's especially important in times of disruption or change.

Creating a Vulnerable Customer Policy

Vulnerability can impact any sector, regulated or not. It may be temporary or impact a customer forever. In either case, they present with additional needs.

The key is that those who experience vulnerability may not be in the frame of mind to make sound financial decisions.

Steps to creating a vulnerable customer policy

There are some building blocks in building your policy. Understanding what vulnerability is, who it affects, how to deal with it and the consequences when things go wrong. Finally, you can audit your existing processes to identify areas in need of improvement.

  1. Understanding the definition of vulnerability
  2. Spotting the signs of vulnerability
  3. Addressing the needs of all stakeholders
  4. Pitfalls in vulnerable customer policies
  5. Auditing your vulnerable customer processes
  6. Consequences of policy failures

1. Understanding the definition of vulnerability

The FCA has been at the forefront of dealing with vulnerability since Occasional Paper No 8 (FCA OP8) on consumer vulnerability back in early 2015.

Their work, particularly its collaboration with other bodies across the financial services industry and the non-profit sector, has been pivotal in pushing the understanding of vulnerability to a whole new level.

"A vulnerable consumer is someone who, due to their personal circumstances, is especially susceptible to detriment, particularly when a firm is not acting with appropriate levels of care."

Definition of Vulnerability (FCA OP8)

Because personal circumstances are the driver of vulnerability, this takes it outside of the regulated space. It doesn't matter whom the person is doing business with; they could still be at risk of vulnerability.

Vulnerability is a spectrum of risk. All customers are at risk of becoming vulnerable, but this risk increases for those with vulnerability characteristics.

2. Spotting the signs of vulnerability

Vulnerability comes in a range of guises. It can be temporary, sporadic or permanent. It is a fluid state needing a flexible, tailored response from firms.

Many people in vulnerable situations do not consider themselves 'vulnerable'. They want to retain their independence. They want help, not charity.

It does not just stem from the consumer's situation; it can also be caused or worsened by the actions or processes of firms.

Triggers of vulnerability

Capability is the theme that carries through all of the different triggers. All of the other triggers impact on capability to create vulnerability.

  • Health – Health conditions or illnesses can affect the ability to carry out day to day tasks. 5% of UK adults say their ability to carry out day to day tasks is reduced a lot by health conditions or illness.
  • Resilience – This represents the ability to withstand financial or emotional shocks. 30% of UK adults identify as having low financial resilience.
  • Life Events – Certain major life events may create vulnerability, including bereavement, divorce and redundancy. 19% of consumers say a major life event has happened to them or their partner in the last 12 months.
  • Capability – Financial capability is the knowledge of financial matters and confidence in managing money. 17% of UK adults have a low financial capability.

Free Vulnerable Customers Checklist

3. Addressing the needs of all stakeholders

There are four key pillars in the vulnerable customer management process. The needs of stakeholders within every pillar need to be met for your process to be completely effective.

Pillar 1. What the regulator wants

In the case of financial services, the FCA expects three things of a business. They are a great template for how other industries should respond.

Firstly, firms must understand the needs of their vulnerable customers. Secondly, staff need support to ensure that they have the skills and capability to meet these needs. And finally, products and communication need to be aligned to the needs of the vulnerable.

"The Vulnerability Guidance is issued under our Principles. It sets out our views of what firms should do to comply with the Principles and to ensure the fair treatment of vulnerable consumers.

We supervise and enforce against the standards set by the Principles, as well as our rules, taking into account relevant guidance.


In our Mission, we are clear that understanding user needs, and recognising where some users may be vulnerable, is a key factor in the way we make regulatory judgements.


This finalised guidance will support us as we apply a ‘vulnerability lens’ to supervising and enforcing the standards set by our Principles and rules.

Firms can expect to be asked to demonstrate how their business model, the actions they have taken, and their culture, ensure the fair treatment of all customers, including vulnerable customers.


We will continue to monitor and evaluate the impact of the Guidance and how firms are embedding this throughout their businesses."

FCA Guidance

Pillar 2. What the customer wants or needs

Does the customer even know what they want or need? Have they ever thought about when and if they will become vulnerable? What that means to them, and what their needs will be?

Do customers have the experience to be able to predict vulnerability and needs? Will they even know that they are or have become vulnerable?

Or is this like an insurance policy, you know it's there, and you will only use it when you are at your neediest when life has dealt you a blow, and you need the help of others?

At this time, customers need help, understanding and someone to take charge and do the right thing for them. Not the introduction of obstacles, hurdles and terms and conditions. Even if these must be applied, it can all be about the delivery!

Pillar 3. What your staff want or deserve...

These link back to the expectations of the regulator but go beyond it.

  • To be trained in how to identify vulnerability;
  • To be trained in dealing with vulnerable customers;
  • To be supported;
  • To have a mechanism to "get out / let off steam";
  • Not to be punished for being affected;
  • Not to become vulnerable themselves!

Pillar 4. What the law requires...

  • Compliance with the Equalities Act 2010;
  • Do not confuse managing vulnerability with facilitating fraud;
  • Identification of a "Vulnerable Customer List";
  • Assess vulnerable customers for bribery risk – they could be prime targets;
  • Ensure DPA 2018/GDPR is complied with – breaches of details of vulnerability could be costly and also facilitate fraud;
  • Remember PoCA 2002 – fraud and bribery are predicate offences for money laundering!

GDPR & Vulnerable Adults

4. Pitfalls in vulnerable customer policies

I discussed the principles and pitfalls of vulnerable customer management including some practical examples from my own experiences with FCA related clients at the Transforming Compliance Summit.

5. Auditing your vulnerable customer processes

Once you have understood the needs stemming from each of the four pillars, you can create your Vulnerable Customer Policy.

It needs to achieve the best outcomes for vulnerable customers and everyone in the organisation must understand it.

The next step, and arguably the most important one, is making sure everyone is trained to handle vulnerable customers in a manner consistent with this policy.

Staff need the ability to empathise with vulnerable customers and not jump to conclusions about their situations.

For instance, when dealing with an angry customer, do staff appreciate that vulnerability may be driving that anger? It could be frustration, from not understanding the situation, or result from a stressful life event, or perhaps a disability impairing them from expressing themselves clearly.

Free Vulnerable Customers Checklist

We have created a simple checklist to help you audit your existing procedures in respect of customer vulnerability:

  1. Do you have a Customer Vulnerability Policy?
  2. Have you identified the most likely areas where your customers could display vulnerability?
  3. Do your customer service staff understand the different types of vulnerability?
  4. Have you conducted a review of how you've handled vulnerable customers in the past?
  5. Have you identified different types of vulnerability through your customer complaints?
  6. Can you identify individual customers who are vulnerable so that they can be treated appropriately in future?
  7. Have your customer-facing staff received training in how to handle vulnerable customers?

To meet public and regulator expectations for dealing with vulnerability you need to tackle all of the issues above.

Fair Treatment of Vulnerable Customers Course

6. Consequences of policy failures

The focus from regulatory bodies on this subject is closer and more intense now than ever before. Vulnerable customers have the right to be treated with respect and not taken advantage of, just like every other customer.

Businesses now have no choice but to demonstrate they can identify the signs of vulnerability and respond appropriately and sympathetically.

Failure to do so could result in not only a loss of reputation but the unwanted focus from regulators too.

Internal documents leaked to media outlets revealed that Danske Bank trained its employees to encourage indebted customers to sell their properties via the bank's own real estate broker at an above-average fee.

An internal investigation found that customers were each overcharged an average of 28,800 kroner (£3,450), totalling 64.6m kroner (£7.75m) in overpayments.

Commenting on the case, Lars Krull, a banking expert attached to Aalborg University, stated, "It's tasteless in its entirety. Business procedures must, of course, be in order and legal, and the customers' overall interest must be taken care of without the bank's interest in its own earnings."

GDPR Personal Data Desk Aid

Looking for more compliance insights?

If you'd like to stay up to date with best practices, industry insights and key trends across regulatory compliance, digital learning, EdTech and RegTech news, subscribe to Skillcast Compliance Bulletin.

To help you navigate the compliance landscape, we have collated searchable glossaries of key terms and definitions across complex topics, including GDPR, Equality, Financial Crime and SMCR. We also track the biggest compliance fines, explaining what drives them and how to avoid them.

You can follow our ongoing YouGov research into compliance issues, attitudes and risk perceptions in the UK workplace through our Compliance Insights blogs.

Last but not least, we have 80+ free compliance training aids, including assessments, best practice guides, checklists, desk-aids, eBooks, games, handouts, posters, training presentations and even e-learning modules!

If you've any questions or concerns about compliance or e-learning, please get in touch.

We are happy to help!

Compliance Essentials

Our comprehensive off-the-shelf compliance solution of 30+ in-depth courses and dozens of microlearning modules helps companies from SMEs to global corporates to achieve compliance success.

Start a Free Trial

cta-banner-placeholder