Treatment of Vulnerable Customers at Banks - Audit Scope Insights

Customers, who due to personal circumstances, become vulnerable to harm through use of a financial product or service, should be afforded protection against unfair outcomes. Firms should provide such outcomes with an appropriate level of care and embed fair treatment for its consumers within its processes. Characteristics of vulnerability can be wide ranging, and firms are expected to identify these across the product lifecycle.

A key principle of the U.K Financial Conduct Authority (FCA) is for firms to pay due regards to the interest of its customers and treat them fairly. The business model and culture of a firm are key drivers of harm. This could be the communication of the firms’ strategic objectives as understood by its employees, competence of the leadership, incentives structure – especially meeting KPIs and customer communication and service.

Such is the focus of fair outcomes for vulnerable customers, the FCA has integrated it in its supervision. 

Banks can suffer irreparable impact to its reputation and hefty fines where there are breaches to providing fair outcomes to vulnerable customers. Some recent examples in the U.K are highlighted below:

• TSB Bank fined £10.9 million in 2024 for providing unaffordable payment arrangements with customers in difficulty or charging them inappropriate fees leading vulnerable customers to more stress and difficulties. Despite becoming aware of the practices it took TSB more than four years to take any action.
• HSBC UK fined £6.2 million in 2024 for failing to consider consumers circumstances when they fell into arrears. Part of the root cause was the bank did not always do the right affordability assessment upon enrolling in the product. In addition, the bank’s policies, procedures and training of staff were also inadequate. Disproportionate action was taken by the bank for customers in arrears which risked consumers to further financial difficulty.

The first and second lines of defence can be too involved in the product lifecycle and dealing with pressures in making the products and services a success in the market. Internal audit has the advantage of using its independence from the everyday operations of the business, to review the risks entailed within the business and its impact on vulnerable customers. A review by internal audit may include five key pillars to obtain assurance over the firms processes and controls for treatment of vulnerable customers. 

1. Identification of characteristics - understand nature and scale of characteristics of vulnerability that exists in target markets, what harm may arise and how it might affect consumer behaviour and experience. 

• What studies were used to understand characteristics of vulnerabilities that exists or will appear in target markets – how recent are these studies, how relevant is it to its market (is it national or local area), how objective is it, have relevant points from the studies been embedded in its process
• How are characteristics identified if the firm is a digital bank (e.g. use of chatbot customer service).

2. Staff capabilities – frontline staff have necessary skills and capabilities to recognise and respond to range of characteristics.

Areas to assess may include:

• If third parties used within the chain - e.g. brokers - assess its training, capabilities, complaints
• Review training material and procedures and interact with frontline staff to understand how vulnerabilities are recognised and responded to, how disclosure is encouraged, methods of recording and evidence of assistance provided about consumer needs and how to seek specialist help 

3. Systems - to support disclosing needs, range of support available and delivery of good customer service.

Areas to assess may include:

• Is exploitation of vulnerable customers considered during the product lifecycle, such as product design.
• Are products flexible to adjust to consumer needs
• Where third parties used, is there follow-up to review whether needs have been met and quality of service

4. Communication – consider the needs and choice for channels to communicate.

Areas to assess may include:

• Are the channels of communication on offer easily reachable for consumers, do they take account of consumer needs
• Channels available for consumers to use third-party representations e.g. nominees, for communications.

5. Evaluation – regular management information (MI) to review outcomes delivered to vulnerable customers and implement policies where needs not met.

Areas to assess may include:

• Systems capturing data where needs not met, e.g. consumer feedback surveys, complaints, staff
• MI showing outcomes what action taken
• Frequency of MI review

A bank that has the right culture, policies and procedures and trains its staff well in identifying vulnerable characteristics, adequate systems to support staff in responding to circumstances and an evaluation process that identifies unfair outcomes with corrective action, can build a reputation within the market for providing quality treatment to vulnerable customers that may impact its growth positively. Investing in such a framework not only means the bank is in compliance with regulations but also providing good outcomes for such customers can provide a unique selling point to its customers.