• About us
  • Raising the Bar
  • Raising your Game
  • The Extra G - Geopolitical
  • Risk Matters - Roundtables
  • Leadership Team
  • Events
  • Blog
  • Contact
  • Menu

The Risk Coalition

  • About us
  • Raising the Bar
  • Raising your Game
  • The Extra G - Geopolitical
  • Risk Matters - Roundtables
  • Leadership Team
  • Events
  • Blog
  • Contact

Vulnerable customers receive poor outcomes

October 27, 2021

The recent guidance from the FCA on the fair treatment of vulnerable customers was wide ranging in its scope, and therefore in the potential risks for financial services firms.  The definition of what constitutes vulnerability was far wider than most firms apply.  Equally the expectations for the areas of the business which should be considering their impact on vulnerable customer was much broader than the traditional focus on customer-facing staff.

As is commonplace, it has traditionally fallen to Second Line Compliance departments to interpret the requirements, and to cajole and challenge First Line Operations to address them.  However, this common approach misses the role of Second Line Risk in the process, and in doing so weakens the firm’s controls.

The treatment of vulnerable customers should not be considered a separate category of risk, within the taxonomy (as, arguably Conduct Risk should not either).  But the breadth of expectation from the FCA means it impacts many risk categories.  And, in doing so, should be front and centre on the Risk function’s radar.

Regulatory and Legal risk clearly, but also:

·       Operational risk – it is within Operation’s touch-points with customers that failings will occur

·       Third party risk – outsourced providers, distributors and manufacturers are very much in scope

·       Business risk – there is an explicit expectation that firms should consider the needs of vulnerable customers within their future plans and business models

Again, the identification, quantification and monitoring process is unlikely to be effective if there is a merely single risk on the register for ‘vulnerable customers receive poor outcomes’.  Far better to take a granular approach and apply the ‘vulnerable customers lens’ across all RSCA activity: ‘the risk that vulnerable customers receive poor outcomes in [insert relevant business function]’.

This granular approach enables Risk to take a holistic view, and aggregate up to a true risk quantification, across the organisation.  But, also, be able to drill down into individual hotspots.

Vulnerable customers come in many guises and have many different needs.  So, the controls that reduce the risk of their poor outcomes should be owned by many functions within the business.

Frank Brown is Practice Lead at Bovill

Tags: Frank Brown
Prev / Next

Blog

Featured
Apr 15, 2025
Vera Cherepanova
The future of ESG: navigating a fragmented landscape
Apr 15, 2025
Vera Cherepanova
Apr 15, 2025
Vera Cherepanova
Mar 6, 2025
Mo Warsame, Gavin Hayes
Internal audit and risk management must work together to navigate uncertainty
Mar 6, 2025
Mo Warsame, Gavin Hayes
Mar 6, 2025
Mo Warsame, Gavin Hayes
Sep 4, 2024
Polly Williams, Mia Harris
Three key threats of phishing to be aware of
Sep 4, 2024
Polly Williams, Mia Harris
Sep 4, 2024
Polly Williams, Mia Harris
Aug 25, 2024
Felix Ritchie
Principles versus rules in data and corporate governance
Aug 25, 2024
Felix Ritchie
Aug 25, 2024
Felix Ritchie
Jul 16, 2024
Jane Hunter, Mia Harris
How can you maintain high standards in your business without suffering burnout?
Jul 16, 2024
Jane Hunter, Mia Harris
Jul 16, 2024
Jane Hunter, Mia Harris
Jun 2, 2024
Afshan Moeed
Enforcement of individual accountability in UK banking: a new boardroom recipe for change or continuity?
Jun 2, 2024
Afshan Moeed
Jun 2, 2024
Afshan Moeed
May 28, 2024
Craig Morris, Mia Harris
Three exciting new developments for AI in 2024 that you need to know about
May 28, 2024
Craig Morris, Mia Harris
May 28, 2024
Craig Morris, Mia Harris
May 24, 2024
Stefan Hunziker
The stuff of nightmares: risk management is shut down, and nobody notices
May 24, 2024
Stefan Hunziker
May 24, 2024
Stefan Hunziker
Mar 20, 2024
Neil Tinegate
What should boards know about digital technology?
Mar 20, 2024
Neil Tinegate
Mar 20, 2024
Neil Tinegate
Mar 15, 2024
Francis Kean
The insolvency risk for company directors - are you swimming naked?
Mar 15, 2024
Francis Kean
Mar 15, 2024
Francis Kean
Feb 29, 2024
Andy Watkins-Child
Are you sitting comfortably?  Cyber risk, board attestations and the implications for NEDs
Feb 29, 2024
Andy Watkins-Child
Feb 29, 2024
Andy Watkins-Child
Oct 24, 2023
Mamun Madaser
Risk management and internal audit should collaborate to navigate the poly-crisis of risk
Oct 24, 2023
Mamun Madaser
Oct 24, 2023
Mamun Madaser
Oct 18, 2023
Jim Watson
How to mitigate the risk of cyber security breaches – part 2
Oct 18, 2023
Jim Watson
Oct 18, 2023
Jim Watson
Oct 13, 2023
Nisha Sanghani
Risk management and internal controls: much (needed) work to do as a result of the proposed changes to the UK Corporate Governance Code
Oct 13, 2023
Nisha Sanghani
Oct 13, 2023
Nisha Sanghani
Oct 9, 2023
Jim Watson
How to mitigate the risk of cyber security breaches – part 1
Oct 9, 2023
Jim Watson
Oct 9, 2023
Jim Watson