Creating a Vulnerable Customer Policy

Posted by

Martin Schofield

on 15 Jun 2022


Consumer vulnerability in the UK has received much attention over the last few years. It's especially important in times of disruption or change.

Creating a Vulnerable Customer Policy

Vulnerability can impact any sector, regulated or not. It may be temporary or impact a customer forever. In either case, they present with additional needs.

The key is that those who experience vulnerability may not be in the frame of mind to make sound financial decisions.

Steps to creating a vulnerable customer policy

A vulnerable customer policy helps a firm ensure that vulnerable customers are treated fairly. This type of policy outlines how to deal with vulnerable customers in a clear, concise manner. The policy needs to be communicated to all staff and reviewed regularly.

There are some building blocks in creating your policy with certain information being essential. Understand what vulnerability is, whom it affects, how to deal with it and the consequences when things go wrong. Finally, you can audit your existing processes to identify areas needing improvement.

  1. Understanding the definition of vulnerability
  2. Spotting the signs of vulnerability
  3. Addressing the needs of all stakeholders
  4. Pitfalls in vulnerable customer policies
  5. Auditing your vulnerable customer processes
  6. Consequences of policy failures
    Free FCA Business Plan Desk Aid

1. Understanding the definition of vulnerability

The Financial Conduct Authority (FCA) has been at the forefront of dealing with vulnerability since Occasional Paper No 8 (FCA OP8) on consumer vulnerability back in early 2015.

Their work, particularly its collaboration with other bodies across the financial services industry and the non-profit sector, has pushed the understanding of vulnerability to a new level.

"A vulnerable consumer is someone who, due to their personal circumstances, is especially susceptible to detriment, particularly when a firm is not acting with appropriate levels of care."

Definition of Vulnerability (FCA OP8)

Because personal circumstances are the driver of vulnerability, this takes it outside the regulated space. It doesn't matter whom the person is doing business with; they could still be at risk of vulnerability.

Vulnerability is a spectrum of risks. All customers are at risk of becoming vulnerable, but exposure to this risk increases for those with vulnerability characteristics.

2. Spotting the signs of vulnerability

Vulnerability comes in a range of guises. It can be temporary, sporadic or permanent. It is a fluid state needing a flexible, tailored response from firms.

Many people in vulnerable situations do not consider themselves 'vulnerable'. They want to retain their independence. They want help, not charity. For this reason, it is important to know how to identify vulnerable customers and ensure they are treated fairly.

It does not just stem from the consumer's situation; it can also be caused or worsened by the activity or processes of firms.

Triggers of vulnerability

The main triggers of vulnerability include health, resilience, capability and life events. Capability is the theme that carries through all of the different triggers. All of the other triggers impact on capability to create vulnerability.

  • Health – Health conditions or illnesses can affect the ability to carry out day-to-day tasks. 5% of UK adults say their ability to carry out daily tasks is greatly reduced by health conditions or illness.
  • Resilience – This represents the ability to withstand financial or emotional shocks. More than a quarter of UK adults have low financial resilience.
  • Life Events – Certain major life events may create vulnerability, including bereavement, divorce and redundancy. 1 in 3 UK adults says they have experienced a traumatic life event which has put themselves or someone close to them in harm's way.
  • Capability – Financial capability is the knowledge of financial matters and confidence in managing money. 17% of UK adults have a low financial capability.

Free Vulnerable Customers Checklist

3. Addressing the needs of all stakeholders

There are four key pillars in the vulnerable customer management process. The needs of stakeholders within every pillar need to be met for your process to be completely effective.

Pillar 1. What the regulator wants

In the case of financial services, the FCA expects three things of a business. They are a great vulnerable customer policy template for how other industries should respond.

Firstly, firms must understand the needs of their vulnerable customers. Secondly, staff need support to ensure they have the skills and capability to meet these needs. And finally, products and communication need to be aligned to the needs of the vulnerable.

"The Vulnerability Guidance is issued under our Principles. It sets out our views of what firms should do to comply with the Principles and to ensure the fair treatment of vulnerable consumers.

We supervise and enforce against the standards set by the Principles, as well as our rules, taking into account relevant guidance.


In our Mission, we are clear that understanding user needs, and recognising where some users may be vulnerable, is a key factor in the way we make regulatory judgements.


This finalised guidance will support us as we apply a ‘vulnerability lens’ to supervising and enforcing the standards set by our Principles and rules.

Firms can expect to be asked to demonstrate how their business model, the actions they have taken, and their culture, ensure the fair treatment of all customers, including vulnerable customers.


We will continue to monitor and evaluate the impact of the Guidance and how firms are embedding this throughout their businesses."

FCA Guidance

Pillar 2. What the customer wants or needs

Does the customer even know what they want or need? Have they ever thought about when and if they will become vulnerable? What does that mean to them, and what their needs will be?

Do customers have the experience to be able to predict vulnerability and needs? Will they even know that they are or have become vulnerable?

Or is this like an insurance policy, you know it's there, and you will only use it when you are at your neediest when life has dealt you a blow, and you need the help of others?

At this time, customers need help, protection, understanding and someone to take charge and do the right thing for them. Not the introduction of obstacles, hurdles and terms and conditions. Even if these must be applied, it can all be about the delivery!

Pillar 3. What does your staff want or deserve

These link back to the expectations of the regulator but go beyond it.

  • To be trained in how to identify vulnerability;
  • To be trained in dealing with vulnerable customers;
  • To be supported;
  • To have a mechanism to "get out / let off steam";
  • Not to be punished for being affected;
  • Not to become vulnerable themselves!

Once you have set up a vulnerable customer policy, it should be easy for your staff to access it. You should include the policy in an employee handbook or make it available online.

Pillar 4. What the law requires

  • Compliance with the Equalities Act 2010;
  • Do not confuse managing vulnerability with facilitating fraud;
  • Identification of a "Vulnerable Customer List";
  • Assess vulnerable customers for bribery risk – they could be prime targets;
  • Ensure DPA 2018/GDPR is complied with – breaches of details of vulnerability could be costly and also facilitate fraud;
  • Remember PoCA 2002 – fraud and bribery are predicate offences for money laundering!

GDPR & Vulnerable Adults

4. Pitfalls in vulnerable customer policies

I discussed the principles and pitfalls of vulnerable customer management, including practical examples from my experiences with FCA-related clients at the Transforming Compliance Summit.

5. Auditing your vulnerable customer processes

Once you have understood the needs stemming from each of the four pillars, you can create your vulnerable customer policy.

It needs to achieve the best outcomes for vulnerable customers, and everyone in the organisation must understand it.

The next step, arguably the most important, is ensuring everyone is trained to handle vulnerable customers in a manner consistent with this policy.

Staff need the ability to empathise with vulnerable customers and not jump to conclusions about their situations.

For example, when dealing with an angry customer, do staff appreciate that vulnerability may be driving that anger? It could be frustration from not understanding the situation, a stressful life event, or perhaps a disability impairing them from expressing themselves clearly.

Free FCA Business Plan Webinar

These measures are essential for ensuring you have a process that safeguards the vulnerable effectively. We have created a simple checklist to help you audit your existing procedures in respect of customer vulnerability:

  1. Do you have a Customer Vulnerability Policy?
  2. Have you identified the most likely areas where your customers could display vulnerability?
  3. Do your customer service staff understand the different types of vulnerability?
  4. Have you reviewed how you've handled vulnerable customers in the past?
  5. Have you identified different types of vulnerability through your customer complaints?
  6. Can you identify individual customers who are vulnerable so that they can be treated appropriately in future?
  7. Have your customer-facing staff received training in how to handle vulnerable customers?

To meet public and regulator expectations for dealing with vulnerability, you must tackle all the above issues.

Fair Treatment of Vulnerable Customers Course

6. Consequences of policy failures

The focus from regulatory bodies on this subject is closer and more intense now than ever before. Vulnerable customers have the right to security and to be treated with respect and not taken advantage of, just like every other customer.

Businesses now have no choice but to demonstrate they can identify the signs of vulnerability and respond appropriately and sympathetically.

Failure to do so could result in a loss of reputation but the unwanted focus from regulators.

Internal documents leaked to media outlets revealed that Danske Bank trained its employees to encourage indebted customers to sell their properties via the bank's own real estate broker at an above-average fee.

An internal investigation found that customers were each overcharged an average of 28,800 kroner (£3,450), totalling 64.6m kroner (£7.75m) in overpayments.

Commenting on the case, Lars Krull, a banking expert attached to Aalborg University, stated, "It's tasteless in its entirety. Business procedures must, of course, be in order and legal, and the customers' overall interest must be taken care of without the bank's interest in its own earnings."

GDPR Personal Data Desk Aid

Want to learn more about FCA Compliance?

To help you plan and execute compliance in your organisation, we have created a comprehensive SMCR roadmap.

Our best-selling Compliance Essentials Library and award-winning LMS provide a one-stop compliance training solution, including FCA training and competence e-learning.

And our searchable compliance glossaries explain key terms and regularly report on learnings from the largest compliance fines resulting from regulatory breaches.

We also have 80+ free compliance training aids, including assessments, best practice guides, checklists, desk aids, eBooks, games, posters, training presentations and even e-learning modules!

If you'd like to stay up to date with FCA best practices, industry insights and key trends across regulatory compliance, digital learning, EdTech and RegTech news, subscribe to the Skillcast FCA Compliance Bulletin.

Last but not least, you can interact in person with thought leaders and your peers at one of our popular live webinars and face-to-face events.

If you've any questions or concerns about compliance or e-learning, please get in touch.

We're happy to help!

Compliance Essentials

Compliance Essentials Library is our best-selling comprehensive corporate training solution.

100+ e-learning and microlearning courses that help companies from SMEs to multinationals achieve compliance success.

Start a Free Trial

cta-banner-placeholder