Customer vulnerability: Immediate priorities of the FMA

On 2 September 2021, the FMA published an updated information sheet on its expectations for providers of financial services in relation to customer vulnerability practices (Information Sheet).

The FMA acknowledges there is no ‘one-size-fits-all’ approach to developing and embedding processes and practices related to customer vulnerability.  Instead, firms should tailor their responses to reflect their scale, size and complexity, and consider the likelihood of their customers experiencing vulnerability.

A copy of the updated Information Sheet can be accessed here.

Who needs to read it?  Why?

The Information Sheet is relevant to anyone who provides financial services, no matter the size or business focus, because providers must have business appropriate support systems for customers in vulnerable circumstances.

What does it cover?

We set out below the FMA’s expectations for providers on areas of customer vulnerability practices it considers as immediate priorities.

Understanding vulnerability

  • Vulnerability cannot be defined as being specific to a ‘type’ of person. Rather, it may arise in the form of different circumstances and characteristics that are not always obvious.
  • Proactively look to understand the cause, nature and extent of different vulnerabilities in your customer base in order to develop responses that tackle your customers’ needs. As a starting point, you may consider the Consumer Vulnerability Framework by the Council of Financial Regulators to understand different characteristics of vulnerability.
  • An example of good practice is framing vulnerability to suit your business model, such as defining customers in vulnerable circumstances as “extra care customers”.

Appropriate policies and procedures

  • Treatment of vulnerable customers must be embedded throughout the whole customer journey and the FMA expects firms to demonstrate appropriate policies and procedures are in place for this.
  • Consider assigning accountability for vulnerability policies to executive-level leadership, how successes will be measured, and at what level it should be reported.
  • An example of good practice is constant reflection on policy implementation, such as having a working group that tracks progress against vulnerability framework objectives, areas for improvement, and reporting these at executive level.

Staff capability

  • Provide guidance and training on identifying customer vulnerability circumstances (e.g. red flags such as certain words, tone), addressing vulnerable customers’ needs, and adapting services to customers who appear vulnerable.
  • An example of good practice is ensuring all customer-facing staff are equipped with the skills and confidence to service the needs of vulnerable customers (e.g. access to practical and emotional support mechanisms) but also general organisation-wide staff awareness of potential customer vulnerabilities (e.g. modules).

Customer service

  • As face-to-face contact points are removed in the COVID-19 environment, consider having (and then promoting) the availability of specialist support for vulnerable customers either internally, or externally through charities or third-party providers.
  • Staff should also able to identify complaints and refer customers to the firm’s internal and external dispute resolution schemes.
  • Examples of good practice include firms being proactive and using multiple communication channels to contact and assist vulnerable and potentially vulnerable customers (e.g. non-English speakers), as well as the provision of support services as part of a firm’s offering.


  • Communications should be in plain language and provided in a way vulnerable consumers can understand and engage with (e.g. through different channels that suit them).
  • Examples of good practice include making it easier for customers to disclose their needs through online platforms, using data analytics or software to identify drivers of vulnerability, and building a vulnerability risk assessment for communication campaigns.

Our view

We welcome the FMA’s examples of what it considers good practice in the market in relation to vulnerable customer practices.

COVID-19 particularly highlighted the vulnerability of retail clients and the need for a focus on conduct from the financial services sector in order to support the purposes of the Financial Markets Conduct Act, including the confident and informed participation of businesses, investors, and consumers in the financial markets, as well as promoting and facilitating the development of fair, efficient, and transparent financial markets.

For additional materials on conduct in relation to vulnerable customers (and in specific sectors) and regulator insights, check out:

What next?

If you have any questions in relation to the Information Sheet and how it may affect your business, please contact one of our experts.

Who can help