The Protiviti Vulnerable Customers Virtual Roundtable - Session 1

The Protiviti Vulnerable Customers Virtual Roundtable
The Protiviti Vulnerable Customers Virtual Roundtable - Session 1

In September, Protiviti hosted the first, among a series of roundtable discussions on the topic of vulnerable customers – a timely discussion given the current social and economic climate.

The roundtable discussion was attended by representatives of UK financial institutions and senior leaders from Protiviti both in the UK and USA. The inaugural session focused on the changing regulatory environment and how organisations can proactively identify groups of vulnerable customers, against the backdrop of the COVID-19 pandemic and the impact this was having on customers with pre-existing vulnerability and those that newly find themselves in vulnerable circumstances. 

Key Findings 

  • Firms find it challenging to consistently identify vulnerable customers whilst adopting a risk-based approach to prioritise those that are most vulnerable.
  • The FCA’s Financial Lives survey has identified that c.46% of UK Adults have one or more characteristics of vulnerability, which is likely to increase because of the impact of COVID-19 over the next few years. Resources need to be identified and ring-fenced to deal with the challenge this presents.
  • A move towards more relationship management may be required, with customers having to be asked questions that might be considered intrusive by the customer. Staff members will need to be given specific role-based training to show more sensitivity and sympathy. Additionally, where the business model is centred around online services pro-active engagement with vulnerable customers may be required where this may not have been case in the past. 
  • It is important that customers are not being placed in a box, rather that their specific individual circumstances are understood by the firm and solutions are tailored accordingly. Firms should focus on training employees on the importance of treating customers fairly so that they are able to present the best options for customers in vulnerable circumstances. 
  • Financial institutions should, of course, not routinely refuse products and services to vulnerable customers but be mindful of the need to offer vulnerable customers products/services that meet their needs. Denying vulnerable customers access to financial services would cause customer harm. 
  • Most participants acknowledged that data analysis will play a key role in proactively identifying vulnerable customers. For larger institutions utilisation of existing data on customers is critical in being able to have a dynamic process for identification of potential vulnerable customers.
  • The results of an online poll conducted during the meeting revealed that half the participants use a mixture of proactive and reactive measures to identify customers before they become vulnerable.
  • Polling also revealed that majority of the participants see value in using a risk index or risk score to identify a customer’s vulnerability, however, while a risk index could be the starting point, they would not want to rely on a risk score as they need to treat customers as individuals and understand their personal circumstances. 
  • Not surprisingly, the polls also highlighted the low level of confidence in the quality (completeness and accuracy) of customer data enabling firms to identify vulnerable customers. Thus, making it clear that a gap exists between organisations’ intent to use more data and their ability to do so.

Defining vulnerability 

The session began with an exploration of the FCA’s definition of the term ‘vulnerable customer’- which has been set out in an intentionally broad manner, encompassing both actual and potential vulnerability. 

Vulnerable Customer – someone who, due to their personal circumstances, is especially susceptible to detriment, particularly when a firm is not acting with appropriate levels of care.

The FCA has also noted four key drivers of vulnerability: health, life-events, resilience, and capability, and advises that a distinction between permanent and transient vulnerabilities should be kept in mind.

Key Protiviti contributors to the roundtable discussion noted that this topic is likely to be on the regulatory agenda for the next few years, given the current economic climate. There was also appreciation that financial institutions wanted to do the right thing to avoid regulatory censure and reputational fallout. 

It was noted that the last FCA Financial Lives Survey 2017 found that 25.6 million people in the UK, i.e. some 50% of the UK consumers show at least one or more characteristic of vulnerability. This number was at 24.1 million in the Financial Lives Survey 2020, and 0.7% of the UK population exhibited all four drivers of vulnerability. The FCA expects these numbers to increase due to the impact of COVID- 19. 

The conclusions drawn by the FCA in 2017 on how to address customer vulnerability still remain valid – understanding the needs of vulnerable customers, ensuring staff are properly trained, practicality of product and service design and provision, demonstrating sympathy – and is pertinent considering that vulnerable customers are often reluctant to reveal vulnerability in fear of being treated less favourably for certain financial products.

US perspective

While the FCA takes a principal-based approach, it was clear that approach in relation to defining vulnerability in the US differs significantly. The US approach is predicated on identifying customers who fall under the ‘protected classes’ – characterised by factors such as gender, race, age, income etc. – and are considered to be potentially vulnerable to being subjected to differential treatment by financial services institutions. The Consumer Financial Protection Bureau (CFPB) which became the primary consumer protection regulator in 2011, plays a key role in publishing customer complaints and investigates on fair lending practices. The CFPB has also started to look at the impact of COVID-19 and the resulting forbearance, and recovery rates from forbearance, through a similar lens, so that organisations can make better predictions about potential defaults going forward. 

While the underlying concept of vulnerability is different in the US, it was noted that some of the initiatives taken in the US to meet regulatory requirements could also be adapted to the facilitate compliance in the UK landscape.

In the US financial institutions are encouraged to follow seven key areas of best practice to ensure they abide by fair lending practices, notably: self-testing, internal controls, risk assessments and mystery shopping, data model reviews, and quantitative analysis. These practices can be tailored to the UK regulatory environment and utilised in a manner that is aligned to UK regulatory expectations.

Challenges in identifying Vulnerable Customers

Most participants noted the challenge they face when identifying vulnerable customers. This is especially true in the current climate, where many customers who have utilised measures such as payment holidays, would not have been / are not necessarily being identified as vulnerable customers. 

Participants also agreed that COVID 19’s impact on the economy which has led to job losses, will create whole new groups of vulnerable customers, who may never previously have faced such economic uncertainty and mental health challenges.

It was noted that while the FCA has not said that there is an obligation to use data to identify vulnerable customers, it does advise that firms may find data particularly helpful. Most participants acknowledged that data analysis will play a key role in identifying vulnerable customers and could also help to spot inconsistent behaviour patterns on websites. 

This is particularly important for online only businesses, which do not have the opportunity to gauge customer vulnerability and resilience through face to face interaction. Compounding this is the challenge of getting customers to willing share their problems rather than waiting until payments are missed. 

A further challenge is when lenders and particular business models have focused on sub-prime customers, offering products with relatively high rates of interest to offset the risk of default. The result in such a scenario is that the entire book of business may have to be classified as vulnerable. 

From a supervisory point of view the FCA has been carrying out various thematic and other interventions in the high cost lending sector, who focus on sub-prime customers. The FCA deem these customers to be inherently vulnerable and have raised particular issues with the sector around ensuring affordability assessments are robust, ensuring lending is sustainable – particularly where the customer is relending or has had multiple loans with the firm - and on complaints handling among other areas. 

A call for using data wisely 

Some participants cautioned that there is concern that by categorising people in too narrow a category, firms could achieve the opposite of treating customers fairly and discriminate against them, for example, for living in a certain area, or for having a specific disability. Wherever possible customers should be treated as individuals with their own specific set of challenges, and data should be used to support decisions rather than as a way of refusing to provide certain products and services.

The group acknowledged that there was still some significant work to do around the identification of vulnerable customers especially with the potential increased volumes of vulnerable customers coming down the line. This would be closely followed by the even greater challenge of – Treating Customers Fairly.

Please join us for the next Vulnerable Customers Roundtable on 7 October 2020 where we shall discuss the challenges to Treating Vulnerable Customers Fairly and what the FCA expects firms to do.

About Protiviti 

The world is changing fast. You need a solid risk management and compliance consulting partner that helps your organisation grow today and into tomorrow.

Protiviti’s approach and unparalleled collaboration helps companies of all industries optimise resources and design risk management and compliance programs that are aligned, efficient, and tech-enabled — so risk is covered in all facets of operations.

Our risk management and compliance consultants help organisations like yours:

  • Align and integrate key risk and performance indicators to business objectives so that risk can be managed in an agile manner
  • Foster cultures that factor in risk during all phases of product development
  • Develop proactive risk management and compliance solutions built on technology and data analytics
  • Determine how to best use resources to promote success and enable innovation

Protiviti works with you and your team from start to finish. So, no matter what comes your way, you can face the future with confidence.


Bernadine Reese, Managing Director - Risk & Compliance

[email protected]
Justin Pang, Director – Risk & Compliance

[email protected]
Jagdeep Sihan, Associate Director - Risk & Compliance

[email protected]    
Tasnoova Zaki, Senior Manager - Risk & Compliance

[email protected]
Shelley Metz-Galloway, Managing Director - Risk & Compliance

[email protected] 
Kat Sanchez, Director - Risk & Compliance

[email protected]
Click here to access all series

Ready to work with us?

Bernadine Reese
Bernadine Reese
Managing Director