What is customer vulnerability management?
Is customer vulnerability management a real thing? The answer is ‘probably not’ – it is a component part of customer engagement or operations – but, in the short term, and to help facilitate change, it is useful to focus on it in more detail.
Under Consumer Duty, the FCA requires that firms:
understand an individual’s vulnerability and to act accordingly to reduce any potential harm
monitor the consumer through the lifetime of the product/service
measure outcomes of vulnerable cohorts, compared to those of the resilient
assess fair value for vulnerable cohorts, compared to the resilient
maintain evidence of the above
This is not easy and, as per repeated communications from the FCA, most firms struggle to meet these requirements. Firstly, let’s look at managing this change – who should be in charge?
One of the problems with customer vulnerability management is that it covers multiple functions in firms – including operations, IT, compliance, customer services, quality checking and so on. To instigate change in all of these areas, there needs to be senior managers in charge who have the authority to drive these changes through; this is likely to be the ‘Consumer Duty champion’.
Many companies have a customer vulnerability lead, but they tend to be in charge of staff operations and they focus on just the training of staff – to meet item 1 above, and don’t have items 2–5 in their remit or authority. There should be a senior manager with this responsibility – probably the Consumer Duty champion.
The second large area of customer vulnerability management - one that many firms have missed - is how to collate the customer vulnerability data needed for reporting. Then, how to correlate the outcomes for vulnerable consumers – for example, did the bereaved, divorcees or those with mental health issues receive better or worse outcomes than the resilient? To be able to rectify the outcomes for any vulnerable cohort, the cohorts themselves must be understood.
After all, multiple consumer interest groups have proven that vulnerable people do receive worse outcomes nationally. The aim of Consumer Duty’s reporting is to identify which companies cause this, with the aim of reducing harms as much as possible.
Accurate reporting requires consistent data – and a big challenge with customer vulnerability data is that individual assessments are inconsistent (and subjective). Therefore, firms need a methodology, or a classification system, for all the types of customer vulnerability they are likely to come across. With around 50% of consumers being vulnerable at any one time, this is vital – otherwise, having to do something different for 50% of consumers will be a monumental and unnecessary overhead.
In practice, most customer vulnerabilities are relatively mild, or consumers already have mitigation strategies to overcome them, so firms don’t need to change what they do. The key is the understanding of the characteristics of vulnerability, their severity, the impact on the consumer – and their preferred way to overcome it. Once these are known and understood, then the proportion of cases requiring change is typically less than 10% – but it does mean firms need to hold data on all vulnerable customers as evidence.
For the vast majority of firms, it will be far more efficient and GDPR-compliant to manage the customer vulnerability data in software systems. The challenge is where to store this data. Firms can either build their own (starting from scratch or adding to existing systems) or licence the new VulnerabilityTech that is commercially proven. Not having a system is probably the biggest gap in the current vulnerability strategies of firms. Some CRM systems have added tick boxes and drop-down lists – but this approach is far too simplistic.
Once the right management and systems are in place, firms need to look at modifying the customer journeys of each vulnerable cohort. There are multiple ways to understand and prioritise these cohorts: firms may look at complaints, or just talk to frontline staff who could quickly come up with a list, or start with the most common – bereavement, divorce, debt serious illness and so on.
Once new processes are agreed, staff can be trained on how to implement them, and on how to use the new systems. The most difficult part of training is providing empathy; this comes naturally to some, but is challenging for others, and this may require some reorganisation. Hopefully, the “computer says no” challenge will be removed by the adoption of systems and processes – and staff are empowered to manage situations in far more empathetic manner.
Customer vulnerability management should not, in the long term, be a different discipline – but it is useful to highlight it in detail in the short term, in order to highlight the changes required. It should effectively be a means of personalisation; a means to enhance customer service – if Amazon did customer vulnerability, they would call it personalisation.
