Customer vulnerability specialists MorganAsh have welcomed a recent intervention from the FCA, calling for firms to be proactive when identifying and managing customer vulnerability.
Sharing the findings of its March 2026 consumer understanding review, the regulator has for the first time called on firms to be proactive and not just reactive – particularly with customer vulnerability. It said that a ‘notable’ number of firms had vague or undeveloped policies and processes, including for identifying customers with characteristics of vulnerability or lower financial capability.
Firms also demonstrated an over-reliance on general knowledge, without proactive mechanisms. When speaking with firms, the FCA mentioned how some had ‘considered vulnerability’ but couldn’t provide details on how this translated into practical changes or measurable outcomes.
The regulator has warned that a reactive approach increases the risk of poor outcomes for consumers, particularly those in vulnerable circumstances who have historically been more susceptible to harm.
These calls from the regulator have been welcomed by MorganAsh, a support services provider which has long advocated that firms use both proactive and reactive approaches when identifying and managing customer vulnerability. It was first highlighted by the firm in a paper released in October 2023 and has since become a central part of new vulnerability guidance released by the Chartered Insurance Institute (CII), along with the Personal Finance Society (PFS).
MorganAsh reports that firms using reactive methods alone are typically identifying between 1%-5% of vulnerable customers – far short of the 50% figure established by the FCA as part of its Financial Lives survey.
MorganAsh believes that firms can only adopt a reactive approach where they can demonstrate certain robust conditions are met. Specifically, firms should have a well-established process to assessing and evidencing customer vulnerability, alongside a strong methodology for identifying vulnerabilities that are not typically volunteered or immediately visible.
Firms should also be able to understand vulnerable consumer groups in their target market, support this with evidence and benchmarking, and demonstrate that these consumers do not experience worse outcomes than more resilient customers.
Andrew Gething, managing director of MorganAsh, said: “We welcome the regulator’s call for proactive, as well as reactive approaches – something we have been campaigning on for some time now. The findings from the FCA’s review show that many firms are still relying too heavily on customers to disclose their own vulnerabilities, or on staff to identify issues only once they are visible. In practice, this reactive approach means most vulnerable customers remain unidentified and hence unsupported.
“Where firms rely solely on reactive methods, they typically identify vulnerable customers in the single figures and fall far short of reality. They also fail to gather the quality of data needed to understand the extent of vulnerabilities and what outcomes they are receiving. Ideally reactive methods should use the same classification methodology to ensure consistency in the data captured, regardless of the method.
“Technology continues to be the differentiator, enabling firms put the necessary systems and processes in place to achieve this in an efficient, cost-effective and compliant manner. The new CII guidance sets out a clear blueprint for firms of what is necessary in terms of IT systems, classification and data infrastructure to not just identify and classify, but monitor, support and report on customer vulnerabilities and outcomes.”
MorganAsh is a specialist in Consumer Duty and customer vulnerability. The firm launched its multi-award-winning MorganAsh Resilience System (MARS) to help firms understand and monitor vulnerable customers and deliver good outcomes – as required by Consumer Duty. It is in use across financial services and the utilities sector, enabling businesses to adopt a consistent approach to identifying vulnerable characteristics and generate an objective Resilience Rating – much like a credit score.
The MARS platform meets the system requirements set out in the new CII guidance, providing financial services firms with a proven tool that can be used as a standalone system or integrated into other systems via an API (application programming interface).
The guide is available for download from the CII.
