Our response to the Department for Business & Trade’s consultation on smarter regulation
In January, 2024, our managing director, Andrew Gething, wrote to the Department for Business & Trade regarding its consultation ‘Smarter Regulation: Strengthening the economic regulation of the energy, water and telecoms sector’. This is that letter.
10th January 2024
Dear Sirs
RE – Consultation – Smarter Regulation: Strengthening the economic regulation of the energy, water and telecoms sector.
We enclose our response to the above consultation. We are only replying on Section 3 – supporting customers i.e. vulnerability as this is our area of expertise.
23 What are your views on the creation of a single, multi-sector Priority Services Register?
We disagree with creating a single Priority Services Register (PSR).
We propose that firms should be mandated to understand the needs of their customers and to attempt to mitigate these needs. That we should evolve the present work in this area to provide a service where customers can provide their data once and that this data is shared between the appropriate parties. The best way to achieve this is to:
Evolve the present good work on PSRs to have more detail and cover more people to provide more services to more consumers - upgrading the PSR to a more functionally rich and useful service.
Encourage existing and new commercial firms develop their solutions and promote standards for data portability.
Government/regulators should encourage the providers of systems to enable sharing of data between systems so that the consumer only need to provide the data once.
We disagree with having a single PSR list for multiple reasons:
The issue of data privacy and control is a political hot potato and too easy for politicians to challenge. The government initiative for an ID card being a prime example of where a sound idea was scuppered by party politics. Hence it is unlikely to be promoted by a single political party or will take years to obtain cross party consensus. The present Post Office Horizon scandal makes this even harder.
A single register under government control will have a higher barrier of trust by consumers, especially those who have come from other countries where trust in the government is even worse than the UK.
We propose consumers should be in control of their data and hence they can select who they share their data with. If it is government controlled there will always be skepticism who the data is being shared with. The use of NHS medical data for research and recent government proposals to share data with HMRC, being examples of this challenge.
A single register will take years to agree and build, and meanwhile all the existing good work will go on hold – thus leaving no progress for many years, with a high chance of no solution being delivered.
The variance between different firms and regulators is large and the scope of such a project would be large and hence highly complex. There is a greater chance of success with innovative solutions being developed tried and tested within sectors and different niches and then promoting portability between such systems. In-line with recent FCA proposals to the Credit Reference Agencies to share data.
A single PSR list would encourage a tick box compliance, rather than focusing on the outcomes the consumers with vulnerabilities receive.
We disagree with promoting the PSRs as the core of a vulnerability management systems for multiple reasons:
PSR list treat vulnerability as a binary issue when in fact the majority of issues have a range of severities. A more granular understanding is required to enable prioritization and targeting.
PSR lists are inherently specific to the utility and the data is not portable, as they include both need and characteristics specific to the utility.
The PSR list is not used in financial services and consumers use financial services as they use utilities so ‘tell us once’ applies across financial services as well as many other sectors.
The method or regulation on vulnerability varies between regulators and will take years to re-write regulation to bring together.
We do propose the good work undertaken on PSRs should not be discarded, but that they should be upgraded, to improve data structure that is portable and greater coverage.
We believe the functionality of a vulnerability register should consider:
Vulnerability management systems
PSR lists should be the basis for further development.
Present PSR lists are too simplistic and need to be extended in scope and data structure.
An objective methodology is required to enable consistency in assessment and is a pre-requisite for data portability. A potential harm (i.e. vulnerability) is the resultant of interaction of a consumer’s characteristics and the circumstance/situation of the firm. Consumer needs are proportionate to the resultant harm i.e. the vulnerability.
Data needs to be specific to a consumer to be portable – i.e. their characteristics and their severity.
Any system needs the ability to share the appropriate information to those who need to see it – and hence there needs a hierarchy of access to data in accordance with the need, and this should be controlled by the consumer.
Effective management information can only be provided from consistent data, hence the need for an objective methodology. Effective management information will be vital in the prioritization and targeting of services.
Data privacy
The existing GDPR regulations are largely adequate to manage present data sharing initiatives.
Clarification would be helpful if firms can store data that they themselves may not use but another company may use, or should each firm only be able to access data that they are using.
Consumer engagement and control of data will be easier to deliver if the consumer is in control and hence using the GDPR permission category of ‘explicit consent’ will be preferable going forward to using the category of Specific Public Interest (SPI).
Further regulation may be required as AI matures.
Efficiency and cost-effectiveness
The use of technology to collate and manage data can reduce manual work and deliver efficiency.
Digital interactions with consumers can be engaging and effective for the vast majority.
Manual work should focus on engagement with those most in need and needing non digital communication methods and empathy.
Consumer engagement
Obtaining information directly from a consumer is more likely to help in engaging with the consumer to assist with the need or whatever process the firm is trying to pursue.
Regulators should encourage proactive engagement with consumers to obtain information that otherwise will not be volunteered.
Consumers ae more likely to engage if they experience some benefits from the exercise – a value exchange.
Value can be provided to consumers not directly related to the service being provided, and firms should pursue the provision of other services and signposting, especially where these are minimal cost – to encourage engagement.
The sharing of data between firms itself is likely to be realised by consumers as valuable.
We hence propose:
Government or commercial involvement
A single database is undesirable as development of a single PSR register will take years to deliver and will stifle present good work and initiatives.
Commercial solutions are already in play and far more likely to be successful than a government controlled central database.
Peer to peer sharing of data enables evolution, innovation, competition and is far more likely to deliver.
Regulators should focus on technical and data standards to enable data sharing.
24 What are the best data sources of vulnerability that the PSR should use? Who should be able to input data?
We don’t believe the government or regulators should be specifying the sources of data. There are multiple sources, with pros and cons for their use. We believe the biggest challenge for any vulnerability type register is consumer engagement and trust. Hence, we propose that the sources of data should be transparent to the consumer, and let the consumer select if they are happy to engage on this basis. There are multiple actors and sources of data already in play, all with pros and cons, a sample of these includes:-
Data providers:
VRS the Vulnerability Registration Service interacts with multiple other systems.
LexusNexis provides contact information and updating of contact information for 58 million UK consumers so can form part of the solution to alert when a consumer moves house and provides information on deaths and fraud.
Open banking (e.g. Money Hub) provide indicators of some vulnerabilities – i.e. gambling and propensity for many others.
Socioeconomic data provides indicators or propensity of vulnerability that can be used for identifying consumers with potential vulnerabilities.
It is suggested the UPRN a unique property register can be used. – itself gives links to geospatial data.
Service providers:
Experian with their support hub are sharing customer preference data between firms.
MorganAsh Resilience System (MARS) is upgrading existing PSR information and integrated with VRS.
Tell Jo provides identification for debt for councils.
IE Hub is sharing income and expenditure data between firms and is used by debt companies.
Identification services:
Systems using voice analytics are being trialed in call centers to identify vulnerability, in call centers. e.g. (Aveni, VOYC).
Integration providers:
Exoserve provide a means to share data between gas networks and DNO’s.
Electra link provide DTC – Data Transfer Network for Retail Energy Code parties, a way to transfer data on a batch basis between DNOs and retail energy companies.
Specifying the types of data to be used will stifle innovation.
25 What vulnerabilities and services should the PSR cater for?
We don’t think the government or regulators should specify the vulnerabilities and services. We think the emphasis should be on understanding the issues of consumers and then promoting services and solutions to mitigate or resolve these issues. While the present focus is on the issues that are directly due to the interaction of the firm, in order to promote engagement with consumers there is the opportunity to identify issues and provide solutions that have no relevance to the firm and hence build engagement and trust.
Individual regulators may like to specify a minimum list of services to be provided.
Systems are already in place to identify multiple issues and make recommendations on mitigations and solutions. There are multiple charities and self-help groups and the use of signposting and partnerships to engage with such organizations can provide useful assistance while zero cost to firms. We should be ambitious in the provision of services, not limiting ourselves to a small list.
We note that most people manage to resolve a single issue be that health, financial, lifestyle, but when there is a combination of issues then a lot of consumers struggle to mitigate and resolve the issues. This is not helped by the majority of solutions being siloed to particular disciplines. Hence, simply listing the vulnerabilities and services does not cater for this combination effect, and treating service provision as a single relationship to resolve an issue will not be sufficient.
26 How can existing affordability support be better communicated to increase customer awareness?
Consumer awareness, engagement and trust is the biggest challenge for any vulnerability management initiative.
We note that present methods of data sharing of PSRs is undertaken without consumer knowledge. We believe obtaining information directly from a consumer is more likely to help in engaging with consumers.
Consumers are more likely to engage when they receive some value, and hence firms can provide value which may not be directly related to the firm itself.
We propose:
Regulators should encourage proactive engagement with consumers to obtain information that otherwise will not be volunteered.
Consumers are more likely to engage if they experience some benefits from the exercise – a value exchange.
We can provide detailed papers on data structure for data sharing that explains many of these issues in more detail, if this is useful.
We trust this is helpful.
Andrew Gething
Managing Director
MorganAsh