Wednesday, April 2, 2025

Embedding vulnerability in complaint handling

Blog author
Emma Scott
Complaint-Led LeadershipRegulatory Compliance and Audit Trails
A street sign reading 'Vulnerability' and underneath text reading 'The sharpest test of your systems and culture'

Systems, data and controls that deliver fair complaint outcomes

Consumer vulnerability is a leadership responsibility that is very much on the regulatory radars.

On 10 October 2024, the FCA fined TSB Bank £10,910,500 for failing to treat customers in arrears fairly. TSB had already paid £99.9 million in redress to 232,849 mortgage, overdraft, credit card and loan customers. The issue was not bad intent. The issue was weak systems and controls that produced poor outcomes for consumers in financial difficulty.

If you lead a regulated complaints function, the question is simple:

'Can your operation detect vulnerability, adapt processes, and evidence fair outcomes every time?'

FCA definition: What vulnerability means in practice

It's your firm's responsibility to identify vulnerability, not the customer's.

The FCA defines a vulnerable customer as someone who is especially susceptible to harm because of personal circumstances.

Practically, vulnerability characteristics fall into three categories:

  • Permanent, for example, long-term health conditions.

  • Intermittent, for example, fluctuating mental health or episodic illness.

  • Transient for example, bereavement or job loss.

Intermittent and transient vulnerabilities can be undeclared, which often makes the complaint more complex.

  • Intermittent cases require regular reviews and a consistent approach.

  • Transient cases need time-limited adjustments with clear review or expiry dates.

Where complaint handling breaks down

If frontline teams lack the skills and capability to recognise and respond to vulnerability, the FCA requirements will be missed.

The biggest risks are operational, not ethical, and common pitfalls include:

  • In-depth training is reserved for 'specialist teams' when it’s the frontline staff who first need to identify vulnerability markers.

  • Missed markers because information logged in one channel isn’t visible in another.

  • Fragmented workflows due to inconsistent policy interpretation.

  • Weak evidence that won’t withstand FCA or FOS scrutiny.

Regulators act when system weaknesses harm vulnerable customers. For example, in May 2022, Ofgem required Western Power Distribution to pay £14.9 million into the Redress Fund after failing to provide essential services and information to Priority Services Register customers.

Different sector, different regulator, but the same message: system gaps cost both customers and the business.

Embed vulnerability frameworks into the workflow

Frameworks work only when embedded into day-to-day systems, not buried in policy manuals.

  • TEXAS - manage disclosure and create lawful records.

  • BRUCE - assess capacity and resilience.

  • IDEA - build an organisation-wide approach.

These models align with FG21/1 expectations and the Money Advice Trust guidance when implemented effectively. The most efficient approach is to embed them into system prompts, templated questions, and signposting libraries so they’re applied in real time with an audit trail.

Measuring and proving fair outcomes

Under the Consumer Duty, firms must prove that outcomes are fair and consistent for all customers, including those in vulnerable circumstances. That means capturing measurable, comparable data, not just written intentions.

At a minimum, track:

  • Average complaint resolution time for each vulnerability type, including the impact of adjustments.

  • Outcome parity between vulnerable and non-vulnerable cohorts.

  • Escalation and uphold rates at the Financial Ombudsman Service (FOS).

  • Quality of reasoning in case notes and resolution letters.

Stating that you are treating vulnerable customers fairly is meaningless without this MI data in support.

The FCA expects firms to provide evidence that they are actively monitoring, analysing, learning, and developing, (MALD) to address vulnerability markers.

Technology as the enabler of consistency

Setting good objectives and relaying solely on employees to deliver fairness and consistency aren’t bulletproof controls. The best way to safeguard your business and protect your customers is to automate the processes:

  • Guided steps in real time that prompt TEXAS or BRUCE actions when risk indicators appear.

  • A single source of truth, so vulnerability markers travel across all channels.

  • Automatic audit trails that record every decision and reasoning.

  • Analytics to spot patterns, forecast risk, and show improvement over time.

Specialist complaint management systems guide case handlers step-by-step and capture every action for audit. This is the most reliable way to achieve compliant outcomes.

Linking to operational guidance for teams

If you want to read more about how vulnerability is handled day-to-day at the case-handler level, from recognising early signs to making reasonable adjustments, see our A practical guide for handling vulnerable customers in complaints. This operational piece complements the leadership focus here.

Vulnerability is not an edge case. It is the sharpest test of whether your systems, culture and leadership actually work.
Back to blogs