With the FCA’s Consumer Duty and the
long-standing principles of treating customers fairly (TCF), identifying and
supporting vulnerable clients is not optional — it’s an essential part of
delivering good outcomes. But recognising vulnerability is only half the task.
Equally critical is how advisers record it on client files and how
firms analyse
and report on this through management information (MI).
This
article outlines practical steps for advisers and compliance teams to assess
and record vulnerability suitably, and how to use MI to ensure vulnerable
clients receive the right level of care and service.
1. Understanding Vulnerability
The FCA defines a vulnerable customer as someone who, due to their personal
circumstances, is especially susceptible to harm. Vulnerability may arise from:
- Health
(physical or mental)
- Life events
(bereavement, divorce)
- Resilience
(financial capability or debt)
- Capability
(literacy, digital exclusion, cognitive limitations)
These aren’t always immediately visible — they may be temporary,
fluctuating or permanent. Therefore, advisers must be vigilant, sensitive, and
prepared to act on soft signs.
2. Assessing Vulnerability Suitably
a. Use Structured Frameworks
Employ a consistent assessment tool or framework, such as:
- FCA’s 'Four
Drivers' model
- Firm-specific vulnerability checklists
- Soft fact prompts in fact-finding systems
These help identify potential flags without relying solely on
client disclosure.
b. Build it into Every Review
Vulnerability isn’t static. It should be assessed during onboarding and
regularly reviewed — especially at key life stages like retirement, illness
diagnosis, or financial strain.
3. Recording Vulnerability on
Client Files
Clear documentation is essential for continuity of care, audit trails, and
ensuring future interactions reflect the client’s needs.
a. Tone and Language
- Be factual and respectful. Avoid labelling or
judgmental phrasing.
- E.g., “Client
disclosed they are currently undergoing treatment for cancer and are
experiencing reduced cognitive capacity as a side effect. Additional time
was provided for explanations.”
b. Content to Capture
- What vulnerability was identified or suspected
- How it was identified (e.g., client disclosure, adviser
observation)
- Actions taken (e.g., extra time given, alternative
communication formats)
c. System Tagging
Use CRM flags or categories to allow easy filtering/reporting on vulnerable
clients. This ensures appropriate service and facilitates MI generation.
4. Management Information (MI) for
Vulnerability
Firms must be able to demonstrate — through MI — that vulnerable clients are
identified, monitored, and supported effectively.
a. What to Measure
- Number and % of clients flagged as
vulnerable/potentially vulnerable/not vulnerable
- Types of vulnerabilities recorded (trend tracking)
- Business areas or advisers with higher/lower
identification rates
- Client outcomes compared with non-vulnerable clients
- Actions taken (e.g., use of braille, power of attorney,
third-party authorities)
b. How to Use It
- Identify training needs for advisers with low detection
rates
- Review product suitability or service delivery across
vulnerable groups
- Spot regional or demographic trends
- Drive continuous improvement through vulnerability
oversight
c. Reporting Frequency and Format
- Monthly or quarterly board-level reporting
- Adviser-level reporting for self-monitoring
- Cross-reference with complaints or poor outcomes
5. Data Protection and Consent
Advisers must balance compliance with GDPR and the need to support clients.
Sensitive information should be:
- Recorded only with explicit
consent
- Shared internally only on a “need-to-know” basis
- Reviewed regularly for relevance and accuracy
6. Embedding into Culture
Beyond compliance, firms that genuinely embed vulnerability support into
culture tend to see:
- Higher client trust and satisfaction
- Fewer complaints and regulatory issues
- Stronger evidence of meeting Consumer Duty standards
Conclusion
Properly assessing, recording, and managing vulnerability isn’t just good
compliance — it’s good advice. By putting robust frameworks in place, training
advisers, and using MI effectively, firms can ensure vulnerable clients are
consistently supported, risks are minimised, and good outcomes are demonstrable
across the board.
Checklist for Advisers
Use a consistent vulnerability framework
Record the facts clearly and respectfully
Revisit vulnerability assessments regularly
Tag clients within your CRM for easy tracking
Ensure MI reflects vulnerability data meaningfully
Share insights with compliance and senior management