Skip to content
Get In Touch Support Hub Partners Investors
Free trial Book a demo
Back to blog

FCA Vulnerable Customer Definition & Policy

10 minute read

FCA Compliance Compliance Strategy
Creating a Vulnerable Customer Policy
Last updated: April 16, 2025

Customer vulnerability in the UK has received much attention over the last few years. It's especially important in times of disruption or change.

Vulnerability can impact any sector, regulated or not. It may be temporary or impact a customer forever. In either case, they present with additional needs.

The key is that those who experience vulnerability may not be in the frame of mind to make sound financial decisions.

Explore our FCA Compliance Library

Creating a vulnerable customer policy

Understanding the FCA's vulnerable customers definition is an essential step in treating vulnerable customers fairly and meeting the FCA's expectations.

What is a vulnerable customer policy?

A vulnerable customer policy helps a firm ensure that vulnerable customers are treated fairly. This type of policy outlines how to deal with vulnerable customers in a clear, concise manner. The policy needs to be communicated to all staff and reviewed regularly.

There are some building blocks in creating your policy, with certain information being essential. Understand what vulnerability is, whom it affects, how to deal with it and the consequences when things go wrong. Finally, you can audit your existing processes to identify areas needing improvement.

What is the definition of a vulnerable customer?

"A vulnerable consumer is someone who, due to their personal circumstances, is especially susceptible to detriment, particularly when a firm is not acting with appropriate levels of care."

Definition of Vulnerability (FCA OP8)

The Financial Conduct Authority (FCA) has been at the forefront of dealing with vulnerability since Occasional Paper No 8 (FCA OP8) on consumer vulnerability back in early 2015.

Their work, particularly its collaboration with other bodies across the financial services industry and the non-profit sector, has pushed the understanding of vulnerability to a new level.

Because personal circumstances are the driver of vulnerability, this takes it outside the regulated space. It doesn't matter whom the person is doing business with; they could still be at risk of vulnerability.

Vulnerability is a spectrum of risks. All customers are at risk of becoming vulnerable, but exposure to this risk increases for those with vulnerability characteristics.

What are the signs of customer vulnerability?

Vulnerability comes in a range of guises. It can be temporary, sporadic or permanent. It is a fluid state needing a flexible, tailored response from firms.

Many people in vulnerable situations do not consider themselves 'vulnerable'. They want to retain their independence. They want help, not charity. For this reason, it is important to know how to identify vulnerable customers and ensure they are treated fairly.

It does not just stem from the consumer's situation; it can also be caused or worsened by the activity or processes of firms.

What are the triggers of customer vulnerability?

The main triggers of vulnerability include health, resilience, capability and life events. Capability is the theme that carries through all of the different triggers. All of the other triggers impact on capability to create vulnerability.

  • Health – Health conditions or illnesses can affect the ability to carry out day-to-day tasks. 5% of UK adults say their ability to carry out daily tasks is greatly reduced by health conditions or illness.
  • Resilience – This represents the ability to withstand financial or emotional shocks. A quarter of UK adults have low financial resilience.
  • Life Events – Certain major life events may create vulnerability, including bereavement, divorce and redundancy. 1 in 3 UK adults says they have experienced a traumatic life event which has put themselves or someone close to them in harm's way.
  • Capability – Financial capability is the knowledge of financial matters and confidence in managing money. 19% of UK adults have a low capability.

Why does customer vulnerability matter?

Vulnerability plays a significant role in ensuring the fair treatment of all customers, as vulnerable customers may have different needs and behavioural biases that negatively affect their decision-making.

Understanding how to identify vulnerable customers allows for the appropriate response to meeting their needs and implementing processes to support them. This knowledge allows firms to develop a culture that aligns with the principles of protecting vulnerable customers. In line with this, firms can train employees to handle vulnerable customers.

How does vulnerability affect firms?

The FCA's Principles of Business state that all customers should be treated fairly, and this expectation goes a step further with vulnerable customers.

When customers are in vulnerable circumstances, their ability to engage in financial services can be affected. A firm's attitude towards such customers could be detrimental as they may be less able to represent their interests.

The FCA aims to protect the interests of vulnerable customers, and they address customers in vulnerable circumstances in Focus 2: Setting & Testing Higher Standards of the FCA Business Plan. It's a firm's responsibility to meet the FCA's expectations and not to take advantage of these individuals.

A Financial Lives Survey revealed that only two in five adults had confidence in the UK financial services industry. Of those in poor health, well over 59% experienced issues interacting with financial providers, indicating that investing in vulnerability would improve customer trust and loyalty.

It also gives firms a competitive advantage and ensures they avoid fines for the mistreatment of vulnerable customers.

What are the needs of vulnerable customers?

Understanding vulnerable customers' needs helps firms meet them and provide fair treatment according to these needs. The needs of vulnerable customers in a firm's target market will vary depending on several factors, including the driver of vulnerability.

The type of harm or disadvantage a customer is vulnerable to and how this could affect their customer experience will help firms identify the specific needs of a vulnerable customer. Some examples of harm and disadvantages a customer could be susceptible to include:

  • heightened stress levels
  • increasing time pressures due to additional responsibilities
  • increasing preoccupation (their brain is 'elsewhere')
  • processing power and ability decreasing due to competing pressures
  • lack of perspective, especially when experiencing something for the first time
  • changing attitudes towards taking risks.

By understanding these harms, firms can identify the needs of these customers. For example, poor decision-making due to heightened stress levels could be exacerbated by information asymmetry. In response, firms should meet the customer's need for accessible information to make an informed decision.

If firms fail to meet this need, the combined effect of information asymmetry and behavioural distortions can result in vulnerable customers buying unsuitable or poor-value financial products and services.

How do you address the needs of all stakeholders?

There are four key pillars in the vulnerable customer management process. The needs of stakeholders within every pillar need to be met for your process to be completely effective.

Pillar 1. What the regulator wants

In the case of financial services, the FCA expects three things from a business. They are a great vulnerable customer policy template for how other industries should respond.

Firstly, firms must understand the needs of their vulnerable customers. Secondly, staff need support to ensure they have the skills and capability to meet these needs. Finally, products and communication need to be aligned with the needs of the vulnerable.

"The Vulnerability Guidance is issued under our Principles. It sets out our views of what firms should do to comply with the Principles and to ensure the fair treatment of vulnerable consumers.

We supervise and enforce against the standards set by the Principles, as well as our rules, taking into account relevant guidance.


In our Mission, we are clear that understanding user needs, and recognising where some users may be vulnerable, is a key factor in the way we make regulatory judgements.


This finalised guidance will support us as we apply a ‘vulnerability lens’ to supervising and enforcing the standards set by our Principles and rules.

Firms can expect to be asked to demonstrate how their business model, the actions they have taken, and their culture, ensure the fair treatment of all customers, including vulnerable customers.


We will continue to monitor and evaluate the impact of the Guidance and how firms are embedding this throughout their businesses."

FCA Guidance

Pillar 2. What the customer wants or needs

Does the customer even know what they want or need? Have they ever thought about when and if they will become vulnerable? What does that mean to them, and what will their needs be?

Do customers have the experience to be able to predict vulnerability and needs? Will they even know that they are or have become vulnerable?

Or is this like an insurance policy? You know it's there, and you will only use it when you are at your neediest, when life has dealt you a blow, and you need the help of others.

At this time, customers need help, protection, understanding and someone to take charge and do the right thing for them. Not the introduction of obstacles, hurdles and terms and conditions. Even if these must be applied, it can all be about the delivery!

Pillar 3. What does your staff want or deserve

These link back to the expectations of the regulator but go beyond them.

  • To be trained in how to identify vulnerability;
  • To be trained in dealing with vulnerable customers;
  • To be supported;
  • To have a mechanism to "get out / let off steam";
  • Not to be punished for being affected;
  • Not to become vulnerable themselves!

Once you have set up a vulnerable customer policy, it should be easy for your staff to access it. You should include the policy in an employee handbook or make it available online.

Pillar 4. What the law requires

  • Compliance with the Equalities Act 2010;
  • Do not confuse managing vulnerability with facilitating fraud;
  • Identification of a "Vulnerable Customer List";
  • Assess vulnerable customers for bribery risk – they could be prime targets;
  • Ensure DPA 2018/GDPR is complied with – breaches of details of vulnerability could be costly and also facilitate fraud;
  • Remember PoCA 2002 – fraud and bribery are predicate offences for money laundering!

How do you audit a vulnerable customer process?

Once you have understood the needs stemming from each of the four pillars, you can create your vulnerable customer policy.

It needs to achieve the best outcomes for vulnerable customers, and everyone in the organisation must understand it.

The next step, arguably the most important, is ensuring everyone is trained to handle vulnerable customers in a manner consistent with this policy.

Staff need the ability to empathise with vulnerable customers and not jump to conclusions about their situations.

For example, when dealing with an angry customer, do staff appreciate that vulnerability may be driving that anger? It could be frustration from not understanding the situation, a stressful life event, or perhaps a disability impairing them from expressing themselves clearly.

These measures are essential for ensuring you have a process that safeguards the vulnerable effectively. We have created a simple checklist to help you audit your existing procedures with respect to customer vulnerability:

  1. Do you have a Customer Vulnerability Policy?
  2. Have you identified the most likely areas where your customers could display vulnerability?
  3. Do your customer service staff understand the different types of vulnerability?
  4. Have you reviewed how you've handled vulnerable customers in the past?
  5. Have you identified different types of vulnerability through your customer complaints?
  6. Can you identify individual customers who are vulnerable so that they can be treated appropriately in future?
  7. Have your customer-facing staff received training in how to handle vulnerable customers?

To meet public and regulator expectations for dealing with vulnerability, you must tackle all the above issues.

What are the consequences of policy failures?

The focus from regulatory bodies on this subject is closer and more intense now than ever before. Vulnerable customers have the right to security and to be treated with respect and not taken advantage of, just like every other customer.

Businesses now have no choice but to demonstrate they can identify the signs of vulnerability and respond appropriately and sympathetically.

Failure to do so could result in a loss of reputation and unwanted focus from regulators.

How do firms support vulnerable customers?

The FCA has published guidance, FG21/1, for regulated firms on dealing with vulnerable customers. The finalised guide outlines actions firms should take to treat vulnerable customers fairly and some practical examples. Firms can also consult responses to the most frequently asked questions regarding vulnerable customers.

Policies and procedures give employees a reference point for knowing a firm's expectations. Creating and implementing a vulnerable customer policy is another way firms can ensure the most vulnerable are treated fairly.

This policy allows firms to outline how they handle vulnerable customers clearly and concisely. A vulnerable customer policy should be regularly reviewed and communicated to all staff.

 

Want to learn more about FCA Compliance?

We have created an SMCR roadmap to help you navigate the compliance landscape, supported by a comprehensive library of FCA Courses.

We also have additional free resources such as e-learning modules, microlearning modules, and more. 

Explore our collection

Written by: Martin Schofield

Martin has over two decades of experience at the front-line in compliance, financial crime prevention and data protection, along with a further decade of experience consulting, in-person training and interacting with professionals at hundreds of firms. He is a keen promoter of joined-up thinking in compliance training and management and of creating a culture that gets employees at all levels engaging with the compliance department.

Martin Schofield

Related articles

how-charities-can-manage-vulnerable-customer relationships-|-skillcast
FCA Compliance Compliance Strategy

How Charities Can Manage Vulnerable Customer Relationships...

4 minute read

Learn how charities can effectively manage relationships with vulnerable customers. Discover best practices and guidelines to ensure a compliant approach.

Read more
gdpr-&-safeguarding-vulnerable-adults-|-skillcast
GDPR

GDPR & Safeguarding Vulnerable Adults | Skillcast

3 minute read

Effective management of vulnerable customer data is a necessity, not just for compliance, but for good business practice and ethical social responsibility.

Read more
customer-data-protection-|-skillcast
Information Security GDPR

Customer Data Protection | Skillcast

4 minute read

Protecting customer data is always imperative but to retain subscribing customers it’s even more important to protect their data from cyberattacks - learn how.

Read more
Visit the blog