Vulnerable Customers – Understanding The Implications for Financial Firms


The UK Financial Conduct Authority’s (FCA’s) approach to improving outcomes for vulnerable customers has its roots in past financial services scandals and enforcement actions. Although the emphasis may seem new to some, the regulator began considering how it wished to shape policy in this area as far back as 2015. Today, there is little doubt that the FCA is putting considerable focus on the treatment of vulnerable customers by firms and that this agenda is and will be weaving its way through many of the regulator’s policy initiatives going forward.

The FCA defines vulnerable customers as “customers who, due to their personal circumstances, are especially susceptible to harm, particularly when a firm is not acting with appropriate levels of care”. It identifies four key drivers of vulnerability:

  • Health – health conditions or illnesses that affect the ability to carry out day to day tasks. This could include both mental and physical health challenges
  • Life events – major life events such as bereavement or relationship breakdown
  • Resilience – low ability to withstand financial or emotional shocks, for example because of an erratic income or low levels of savings
  • Capability – low knowledge of financial matters or low confidence in managing money

The regulator also says that vulnerability can be permanent or transient – for example, an individual may have a lifetime physical condition that makes them vulnerable, or suffer from an illness that they recover from. In addition, customers may be actually vulnerable, or potentially vulnerable. Although not currently vulnerable, an individual may be more susceptible than others, due to certain characteristics, such as a history of stress-related conditions.

The FCA’s vulnerability agenda is a good example of its overall strategic shift to being a more forward-looking and proactive regulator. Financial services firms can expect the regulator to put significant focus on its vulnerability agenda going forward, including increased enforcement activity in this area once again.

In this article, we’ll look at the substantial background to the vulnerability agenda within the industry and the regulator’s own path to its current approach to vulnerable customers. Then we’ll look at examples of how the vulnerability agenda is being knitted into a variety of policy areas. Lastly, we’ll explore questions senior managers and boards should be asking about their firm’s own approach to vulnerable customers, from both a compliance and an ethical perspective.  Overall, firms need to recognise that they should consider the treatment of vulnerable customers across their operations and within the whole of their enterprise risk management programme.

Why the FCA is focused on vulnerable customers

The payment protection insurance (PPI) scandal in the UK – which resulted in redress payments to consumers of more than £33 billion by financial services firms – was of historic proportions and may be considered as the starting point of much of the FCA’s current work on treating customers fairly generally and handling vulnerable customers specifically. Post the PPI scandal, political pressure became substantial for the regulator to change the way financial firms engage with their customers. For example, a 2015 briefing paper from the UK Parliament said “a defining feature of the retail financial services sector has been its capacity to cause detriment to consumers.”  The regulator began to take a closer look. For example, in a study, the regulator found that in 2016, more than half of banks’ unarranged overdraft fees came from just 1.5% of customers and that people living in deprived areas were more likely to be paying these fees. These unarranged overdraft fees were more than ten times as high as fees for payday loans at the time. As a result, in 2019, the FCA mandated firms to radically alter the structure of their overdrafts.

In another example, TR18/5: Management of long-term mortgage arrears and forbearance was a 2018 thematic review that looked at how firms treat customers who have long-term arrears and whether there are areas where firms could improve. Among other failings, it found “inconsistent handling of vulnerable customers: we observed instances where customers did not receive the appropriate level of support as their vulnerabilities were not identified.” The review generated press attention.

Enforcement actions that focused on the treatment of vulnerable customers also became a priority for the regulator in 2020. In February, Moneybarn was fined £2.77 million for unfair treatment of customers in arrears. According to the regulator, it did not give vulnerable customers the chance to clear their arrears over a realistic and sustainable period and it also “did not communicate clearly to customers, in financial difficulty, their options for exiting their loans and the associated financial implications, resulting in many incurring higher termination costs. These were serious breaches.”

Lloyds Bank, the Bank of Scotland, and the Mortgage Business were fined a combined total of £64 million in June 2020 for a series of systems and controls failings around the way customers who were arrears in their mortgage payments – including vulnerable customers – were treated. In December of that year, Barclays was fined £26 million. Between April 2014 and December 2018 some retail and small business consumer credit customers “were treated poorly when they fell into arrears. The FCA found that Barclays failed to treat customers fairly or to act with due skill, care and diligence.” The bank also had to pay out £273 million in restitution and compensation to at least 1,530,000 customer accounts.

In short, the FCA found ample evidence that many financial services firms were not treating customers fairly and were treating vulnerable customers particularly poorly at times. Firms often failed to become aware they were dealing with a vulnerable customer, did not communicate with them correctly and sometimes did not treat them with the appropriate level of care.

How the FCA has shaped the vulnerable customer agenda

As a result of these events, and others, the UK FCA’s focus on vulnerable clients has been developing for some time.  In 2015, the regulator published an occasional paper, Customer Vulnerability, which included resources to help firms develop and implement a vulnerability strategy. This was followed by 2018’s FCA Mission: Approach to Consumers, where the needs of vulnerable consumers were brought in to discussions about financial inclusion and other topics and the FCA committed to consulting on guidance on vulnerable consumers. This was followed by two consultation papers, one in July 2019 and the other in July 2020. In February 2021, the FCA then published its feedback statement  and its finalised Guidance for firms on the fair treatment of vulnerable customers. “Our aim with the Guidance is to change the discourse from whether the right boxes have been ticked to achieve compliance, to firms stepping back to ask what their vulnerable customer’s needs are, and how they are then responding to deliver good outcomes,” said Nisha Arora, Director, Consumer and Retail Policy in a 2020 speech. The regulator also held a webinar on customer vulnerability in May 2021 and published FAQs in July 2021.

This regulatory work was grounded in research that the FCA undertook over this period of time. In December 2014, it published Vulnerability exposed: The consumer experience of vulnerability in financial services. This study was very deep – it consisted of 58 face-to-face consumer in-depth interviews, 150 short telephone interviews and over 30 expert and frontline interviews with staff from various organisations representing the interests and needs of particular vulnerability groups, as well as group discussions with individuals attending vulnerability support groups. About 100 records from a database of cases compiled by Citizens Advice Bureaux advisers across the country were also analysed. The research found “that problematic firm behaviour can often cause or exacerbate the financial issues experienced by vulnerable consumers.”

Other research included the Financial Lives:  The experiences of vulnerable consumers, which was published in July 2020, although its data was pre-pandemic. It was based on 21 face-to-face in-depth interviews with vulnerable consumers and showed the impact that positive and negative experiences with financial services firms had on vulnerable individuals. Financial Lives 2020 survey: the impact of coronavirus – Key findings from the FCA’s Financial Lives 2020 survey and October 2020 Covid-19 panel survey was published in February 2021. This received press coverage because it showed that between March and October 2020, the number of adults with characteristics of vulnerability increased to 27.7 million, or 53% of all adults. The study also found that the pandemic left more than one-quarter of UK adults with low financial resilience. Using the data from this study, the FCA released a new paper in March 2022, Research Note: Do consumers understand the risks associated with different ways of saving?. The FCA is now in the process of conducting another Financial Lives survey, for which is it now gathering responses from invited participants.

So, the FCA’s work on the treatment of vulnerable customers has been evolving for some time and has now been crystallised in the form of guidance. Financial services firms should be clear that the treatment of vulnerable customers is not a regulatory fad that will fade away – it is an FCA focus that is here to stay. Indeed, the regulator is now in the process of baking in the treatment of vulnerable customers into a variety of other regulatory themes and initiatives.

Vulnerability in the FCA’s overall agenda

Firms need to be clear that the treatment of vulnerable customers should not be handled as a tick-the-box compliance project that can be worked on by a small team which is disbanded when the project is implemented. Rather, this is an ongoing theme the regulator is going to seek to address in a variety of ways across financial firms’ operations. Already, the FCA is working the treatment of vulnerable customers into the following initiatives:

  • Building societies – In March 2022, the FCA sent a Dear CEO letter to building societies in the UK, and the letter highlighted concerns about how those institutions treat vulnerable customers in several places. For example, the very first item under the “Customer Treatment” section of the letter states that “Societies fail to recognise and address the needs and challenges facing customers in vulnerable circumstances and fail to ensure that they obtain the same fair outcomes as other consumers.” Amongst other things, the letter calls on building societies to “embed the fair treatment of customers in vulnerable circumstances in their business models, culture, policies, and processes. Societies’ senior leaders should create and maintain a culture that enables and supports staff to take responsibility for reducing the potential for harm to customers in vulnerable circumstances. Societies should be able to evidence to us how they are monitoring outcomes for customers in vulnerable circumstances and what changes they are making as a result of their monitoring to improve outcomes for these customers.”
  • Retail credit – In a March 2022 speech at the Credit Summit in London, Brian Corr, interim director of retail lending at the FCA said that the regulator is working on a “comprehensive programme on how borrowers in financial difficulty are treated so that we can ensure those who need help are getting it.” This “covers lending products across and beyond consumer credit, including firm surveys, in-depth discussions with firms and consumer research.” The results are expected to be published in the second half of 2022. In the speech, Corr indicated that issues remain in the retail lending market – for example, the Financial Ombudsman Service (FOS) continues to uphold more than 60% of the complaints it receives about unaffordable lending.
  • Pandemic response – In March 2021, the FCA launched its Borrowers in financial difficulty (BiFD) project — supporting those facing payment difficulties due to coronavirus – this may be what Corr is referring to above. It also produced Tailored Support Guidance (TSG) for mortgages, consumer credit and overdrafts for financial services firms. The regulator says it is “continuing in-depth work to assess whether consumers are getting fair and appropriate outcomes, including customers with characteristics of vulnerability. This will shape our next phase, including targeted action with firms not meeting expectations, and considering whether to make permanent changes to our rules and guidance.”
  • Branch closures – Over the past few years, high street banks have been closing their bricks-and-mortar branches as more customers opt to do their banking online. For example, in 2020 TSB announced the closure of one-third of its branches, and HSBC announced the closure of one-tenth of its branches in March 2022. Regulators and consumer groups have noted that these closures often impact the elderly and the vulnerable the hardest. The FCA issued guidance in September 2020, FG20/3: Branch and ATM closures or conversions and followed this up with Branch and ATM closures or conversions; good practice and areas for improvement in February This second document noted continued issues with banks not taking the vulnerable into account when considering branch closures. As a result of this pressure, banks are developing alternative solutions. One is the creation of shared “banking hubs” where several banks share one retail premises to save on costs.
  • Operational resilience – The FCA has put vulnerable customers at the heart of its new operational resilience policy. The first factor the regulator has listed for firms to consider when identifying important business services is “the nature of the client base, including any vulnerabilities that would make the person more susceptible to harm from a disruption.” The FCA goes on to say, in its feedback responses, that “The concepts of first identifying important business services and then setting impact tolerances for each of these are inextricably linked. Consideration of the needs of vulnerable consumers is central to a firm’s setting of an impact tolerance, and firms should consider these groups when considering how much disruption could be tolerated. Firms should also construct communications and alternative mechanisms to minimise harms arising for vulnerable consumers in the event of disruptions.” The regulator followed this up with Operational resilience insights for insurance firms, published in March 2022. This work looked at the operational resilience programmes in a sample of insurance firms and, among other things, the regulator found some firms “did not meaningfully consider the impact of unavailable important business services on vulnerable customers”.
  • Consumer duty – According to the FCA, “these new rules will require firms to focus on supporting and empowering their customers to make good financial decisions and avoiding foreseeable harm at every stage of the customer relationship. Firms will have to provide consumers with information they can understand, offer products and service that are fit for purpose and provide helpful customer service.” As part of this, the FCA has included a whole chapter on vulnerable customers and says that firms must “consider the needs of their customers – including those in vulnerable circumstances – and how they behave, at every stage of the product/service lifecycle.” This policy – with the finalised text published in July 2022 – has an April 2023 implementation deadline.


There is little doubt that the regulator will weave its treatment of vulnerable customers themes through other areas of regulation as it works through them. As a result, firms should be prepared to tackle vulnerable customer issues in a strategic way, recognising that a more holistic approach is needed.

Questions to be asking

When it comes to the treatment of vulnerable customers, firms face a wide variety of risks if they do not evolve their approach so that it meets FCA expectations – as well as the expectations of their customers, investors and the general public. Indeed, this is a case where compliance risk and operational risk leads very directly to reputational damage and subsequent financial repercussions.  With the growing importance of the environmental, social and governance (ESG) agenda, treatment of vulnerable customers can also be seen as a social and ethical issue too. Some questions that boards and senior managers should be asking themselves are:

  • How do we recognise vulnerable customers – Firms need to be able to identify vulnerable customers and customers who might potentially be vulnerable and the ability to do this should be tailored to the specifics of individual business lines. Firms should also recognise that having a vulnerability does not necessarily mean that the client isn’t financially sophisticated.
  • How well do we record information about customer vulnerability? – Firms need to keep records so that each person who engages with a customer has all the appropriate information and can act accordingly, yet still need to keep the protection of personally identifiable data in mind.
  • Do we design products and services to take vulnerability into account? – Firms should bake customer vulnerability considerations into their overall product governance approach, so that it is built into product design from the beginning.
  • Are we providing the right solutions to vulnerable customers? – Firms need to take vulnerability into account in order to offer individuals the most appropriate solutions. For example, this includes determining the appropriate levels of risk and the ability of an individual to understand the nature of the product they are engaging with.
  • How well are we communicating with vulnerable customers? – The way firms communicate with vulnerable customers needs to ensure they can understand what they are being told or what they are reading – for example, avoiding overly complex or opaque language in financial contracts.
  • What kind of training are we providing to our employees? – Firms need to ensure that employees who engage with retail customers are trained in how to identify and engage with vulnerable customers. Training should be tailored to the function that an employee performs.
  • Does how we compensate our employees impact how they treat vulnerable customers? – Compensation structures, such as sales incentives, should not be at odds with treating customers fairly, including vulnerable customers.
  • What kinds of systems and controls do we have? Should we have? – Customer interactions should be monitored and reporting based on those monitored engagements should be made available to senior management and the board.
  • How can we use technology to support treating vulnerable customers fairly? – If possible, firms should have a single, integrated view of the client across the organisation. If this is not possible, firms should try to ensure that information about vulnerability is shared across product or system silos, while still preserving an appropriate level of confidentiality.
  • What kind of governance should we have in place? – The board and senior management should have oversight of how the firm treats vulnerable customers fairly and make this part of their overall ethics approach within the firm. Tone from the top, as always, is particularly important in this context.
  • In what ways does our culture need to evolve? – Ultimately, treating vulnerable customers fairly cannot be accomplished with a box-ticking approach. Firm cultures need to evolve to ensure that previous poor behaviour is seen as unacceptable and the right approaches are encouraged. Having a more diverse culture within the firms as a whole and within specific teams, can help nurture a deeper understanding of customer vulnerability.


Financial services firms need to recognise that the FCA’s vulnerable customers agenda requires a holistic, strategic approach that can evolve over time. As a whole, the industry has a long history of poor practice and it needs to rectify this as quickly as possible – otherwise firms may seem like they are not ethical and suffer reputational damage. Moreover, firms should understand that the treatment of vulnerable customers is going to be woven into many FCA regulatory initiatives in the future. This means firms cannot “tick a box” and move on. Instead, they need to bake the treatment of vulnerable customers into their entire enterprise risk management framework, across governance, risk and compliance.