Ensuring good outcomes — particularly for clients in vulnerable circumstances — is in the best interests of both clients and financial services firms.
On 7 March 2025, the FCA published a review of how firms are treating customers in vulnerable situations. Alongside the findings, the regulator issued a good practice guide and outlined areas for improvement across governance, outcome monitoring, customer understanding, support, and product and service design.
Since the FCA’s original guidance on the fair treatment of vulnerable customers in 2021, many advice firms have made real progress in identifying, recording and using vulnerability data.
Generating and analysing data, particularly when it comes to product and service design, remains a challenge
However, with the arrival of the Consumer Duty, the bar has been raised: firms must now demonstrate that clients with vulnerable characteristics receive outcomes just as good as everyone else.
To do this, the FCA expects firms to produce and review meaningful Management Information (MI) regularly. Yet generating and analysing this data, particularly when it comes to product and service design, remains a challenge. This is a key area where the FCA says firms need to do better.
Getting started with outcomes monitoring
For firms unsure where to begin, section 2.4 of the FCA’s guidance, Monitoring outcomes for customers in vulnerable circumstances, offers a useful six-step process:
- Define the outcomes you want to achieve
- Identify the actions needed to achieve them
- Choose metrics to monitor those outcomes
- Identify customers receiving poor outcomes
- Investigate the causes and decide on corrective action
- Evaluate whether the actions were effective
While many firms have used vulnerability data to improve communication and support, fewer have successfully embedded those insights into product and service design. The FCA is clear: more needs to be done.
Making vulnerability data actionable
Start with the basics: ensure your data is accurate, complete and consistently recorded. Analysing it by adviser can reveal inconsistencies and point to training needs.
Next, examine how vulnerability characteristics are distributed across client segments. This can highlight which clients may need extra support, whether those needs are being met, and if foreseeable harms are being addressed. It also helps surface areas of poor value in fair value or target market assessments.
Look at which products your vulnerable clients are using. Do those products match the stated target market? Are support and communications appropriate? Do product features align with their needs?
Cover story: Hidden vulnerabilities: How should advisers approach them?
Tracking changes in vulnerability status can reveal emerging risks or service gaps. Support data is equally important: accepted support helps identify common needs, while declined support may point to poor relevance or communication.
Complaints, feedback and service issues are essential indicators of whether outcomes are falling short and should be fed directly into your MI reviews.
Building a full picture, even without perfect systems
In an ideal world, your back-office system would generate these insights automatically. In reality, most firms still need to cross-reference several sources, including:
- Advice and new business registers
- Vulnerable client registers
- CRM or back-office reports
- Complaints logs and customer feedback
- Product and service usage reports
- Internal SLA tracking
The key isn’t where the data sits; it’s how it’s used. Focus your analysis on what the data is showing and what it might be missing. Are there trends or gaps that suggest inconsistent support, poor design or training shortfalls?
From insight to action
Insights from MI reviews should inform how you design and deliver products and services. That includes:
- Aligning target markets with real-world vulnerability data
- Designing features that meet specific needs
- Preventing foreseeable harms
- Ensuring support is accessible and appropriate
- Tailoring communications and access methods
- Spotting when updates are needed
- Identifying staff training gaps
Staff involved in designing or maintaining products and services should be trained to interpret vulnerability data, document insights and make changes accordingly. There should also be a clear process for escalating concerns and regularly reviewing whether broader changes are needed across the business.
A continuous process
Treating vulnerable customers fairly isn’t a box-ticking exercise; it’s an ongoing process. By improving how you collect, review and apply client data, you’ll be better placed to demonstrate good outcomes for all customers, including those most at risk of harm.
Sandy Scally is business risk consultant at threesixty services
