New customer vulnerability data guidance from the Chartered Insurance Institute (CII) dispels the myth that GDPR stands in the way of firms doing the right thing for vulnerable customers, says support services provider and customer vulnerability specialist MorganAsh.
The new guidance from the CII, called ‘Data privacy for customers in vulnerable circumstances’, offers a practical guide to help insurance and personal finance firms collect, manage and store customers’ vulnerability data in compliance with both UK data protection laws and the FCA’s Consumer Duty.
The paper, which has been compiled with the help of experts from across financial services, regulation and customer vulnerability management, aims to translate legal requirements into clear operational practices. Importantly, the guidance builds on the recent joint statement from the FCA and ICO, confirming that it is lawful for firms to collect, process and even share customer vulnerability data where it supports good customer outcomes.
Support services provider MorganAsh has joined the FCA and other industry bodies in welcoming this new guidance – and supports the CII’s efforts to dispel the myths surrounding GDPR and customer vulnerability data to encourage firms to implement effective vulnerability data management.
Speaking at the launch event, Johnny Timpson OBE – financial inclusion commissioner and chairman of MorganAsh – said that rather than being a barrier, GDPR is the facilitator of generating the robust data required to monitor outcomes.
Johnny Timpson OBE said: “I suggest that GDPR is the facilitator – it is a known standard and understood. What is more challenging for firms is how they manage customers’ vulnerability data and hence the value in this guidance – particularly as the FCA rightly keeps saying we need good data to be able to identify the outcomes of vulnerable customers. Simplistically, this needs consistent data that can be collated into management information so firms can be see if a particular cohort of vulnerable customers are receiving good outcomes or not.
“We congratulate the CII on this tremendous guidance and thank them for the opportunity to work together on this. I’m proud of the work my colleagues at MorganAsh have done to support our professional body, contributing to its data sharing taskforce and in the development of this guidance.”
MorganAsh is a specialist in Consumer Duty and customer vulnerability. The firm launched its multi-award-winning MorganAsh Resilience System (MARS) to help firms understand and monitor vulnerable customers and deliver good outcomes – as required by Consumer Duty. It is in use across financial services and the utilities sector, enabling businesses to adopt a consistent approach to identifying vulnerable characteristics and generate an objective Resilience Rating – much like a credit score.
Andrew Gething, guidance co-author and managing director of MorganAsh, adds: “The FCA and ICO have been absolutely clear that GDPR is not a barrier to processing customer vulnerability data. This excellent guidance from the CII marks significant progress in establishing clear standards for effective vulnerability data management. Importantly, it gives firms a practical roadmap to turn this clear declaration from the regulators into the tangible action both expect to see.
“To deliver on that expectation, firms need the right systems in place to manage vulnerability data safely, securely and consistently across the customer lifecycle. That means not only protecting sensitive information, but ensuring it can be accessed by the right people at the right time, shared appropriately across teams and the wider distribution chain, and used to evidence good outcomes. With Consumer Duty placing greater emphasis on monitoring, management information and demonstrable action, robust vulnerability data infrastructure is absolutely essential. Expert guidance such as this from the CII will help firms considerably in their data journey.”
The new guide is available for download from the CII.
