The Intermediary – December 2025 - Flipbook - Page 72
P RO T E C T I O N
Opinion
New guidance puts vuln
under the spotlight
he new vulnerability
guidance from the
Chartered Insurance
Institute (CII) is a
significant step forward
for both the insurance
and personal finance sectors – and
offers much across all of financial
services. It provides firms with clear
and comprehensive guidance of what
‘good’ looks like when it comes to
supporting vulnerable customers.
Just as important is the access to a
clear action plan to help firms not only
embrace, but embed the principlesbased guidance of Consumer Duty
– something that has been a real
stumbling block for many.
Crucially, the guidance explains
what this all means for the IT systems
that underpin these processes to
deliver the efficiencies that make
Consumer Duty far easier and cheaper
to achieve. Firms require clear
structure and data that is both robust
and consistent, to more readily enable
detailed reporting backed by evidence.
There’s no question that this requires
technology – and the CII’s guidance
serves to emphasise this.
Without such systems in place,
firms are le data-poor – limited
by inconsistent and subjective
identification of vulnerable
customers, delayed support pathways
and insufficiently robust audit trails.
Above all, customers face outcomes
that fall far short of Consumer Duty.
It’s about much more than
achieving compliance, though.
Without the right technology, firms
cannot understand customers well
enough to unlock both the competitive
advantages and commercial benefits
of responding to their needs and
delivering a greater service.
T
Leveraging the right tech
The CII has long documented firms’
70
The Intermediary | December 2025
struggles to fully rise to the occasion,
particularly while they transition
away from more prescriptive
regulation. It is well known that
managing customer vulnerability is
the hardest part of Consumer Duty.
The Financial Conduct Authority
(FCA) itself has long advocated for
technology adoption – to not just shore
up, but to streamline vulnerability
management.
Aer all, customer vulnerability is
complex, dynamic and changes over
time. And, given the increased scope
of Consumer Duty, the tick-boxes
and comment boxes of the customer
relationship management systems
(CRMs) of old are simply not up to
the task. That’s why the CII’s new
guidance puts significant emphasis
on systems that can identify, record,
monitor and report on customer
vulnerability – and consumer
outcomes – in an objective, consistent
and structured manner.
While some have tried to
‘Frankenstein’ current systems, or
build their own, the most efficient and
cost-effective solution for firms is to
adopt or integrate one of the purposebuilt systems currently available.
Practical systems checklist
For firms looking at how they should
invest in technology, our guidance
provides a practical checklist to
ensure that systems meet the required
standards. The list is comprehensive,
but is split into five key areas.
First is identification and
classification. The priority here is that
any system goes beyond subjective
opinions – and their oen binary
approach, using ‘yes/no’ flagging.
Firms must adopt a comprehensive
framework for classification built
around circumstances, severity and
coping mechanisms. This should
also include support needs – and the
ANDREW GETHING
is managing director
at MorganAsh
relevant tracking, to identify any
support offered and what success
it achieved.
Firms should also ask if any system
is capable of recognising a person’s
multiple, overlapping vulnerabilities
– or managing customer vulnerability
across groups such as households
– two key developments added this
year to the MorganAsh Resilience
System (MARS).
Next is data protection – which
remains a hot topic. Can a system
store data securely, with appropriate
encryption and suitable compliance
with GDPR?
While concerns are fair, this has
long been many firms’ scapegoat – and
get out of jail card. However, dedicated
systems not only provide a high-level
measurement of vulnerability –
such as the MARS Resilience Rating
– which can be shared across the
distribution chain, they also keep data
secure, accurate, readily available for
access requests and filtered based on
role or need.
Third is lifecycle management –
which gives firms the ability to record
data, and changes in data, over the
lifetime of products and services. Not
only is this critical in understanding
how circumstances have changed,
