Don't make identification your main vulnerability strategy

When it comes to consumer vulnerability in Financial Services, the case for identification is overstated.

My opinion is based on what I’ve observed during hundreds of qualitative user research sessions. In many cases, individual consumers are just too varied and complex to be accurately identified and labelled.

The better news: firms can achieve more with less by fully embracing inclusive design.

The big problem to solve is treating all customers fairly. Firms’ long-standing obligations to ‘pay due regard’ to customers in vulnerable situations were reset in the Financial Conduct Authority (FCA)’s 2021 Vulnerable Customer Guidance and have since been hardened in 2022’s Consumer Duty into ‘delivering good outcomes’.

In tandem, events from the pandemic to the cost of living crisis are increasing both the scale of the problem – one large UK mutual told me recently that they think 60% of their customers meet the criteria – and the urgency to turn intent into impact.

The FCA’s latest Dear CEO letter is a shot across the bows, warning that firms still aren't doing enough to support these customers. While the Consumer Duty’s implementation period has been extended by a third to 12 months, the regulator says that it won’t wait for the Duty to come in before it acts on helping vulnerable customers.

There are obvious traps to fall into in a context like this. It’s true that urgency can improve decision making – but it can also cloud it!

Firms need to explore all available options, including identification, which will likely be part of the solution to the vulnerability challenge. The trouble is that some firms make it sound like a silver bullet.

I'm going to explain why that's probably wrong and suggest a more effective and manageable approach.

If you’re working on an identification solution, let me know what you think!

I’ve heard a few variations on this theme:

This is an entirely reasonable reaction to the vulnerability challenge.

It’s just probably not the right question to ask.

Look at how much heavy lifting the word “know” does in that question. Of course, you want to know what’s going on. But a strategy that depends on identification assumes that you can know who all of these people are and what’s affecting them.

Many people who fall under the FCA’s definition of vulnerability don’t know it themselves and would disagree with that assertion if you (being their financial services provider rather than their trusted clinician) dare to suggest it.

We see this regularly in our research.

Identifying customers with characteristics of vulnerability generates quantifiable data – which feels tangible and measurable.

We’ll need data, both to address this problem and to make the regulator and accountable senior managers feel confident that we’re doing so. But is the data you can get, the data you need?

There are some watch-outs here. In The Tyranny of Metrics, Jerry Muller laments how growing ‘metric fixation’ can distract us from our goals. Our goal is to deliver good outcomes for customers regardless of their situation.

Muller cautions against ‘measuring the most easily measurable’ and ‘goal displacement’. Pair them and the wrong metrics can become mistaken for a target, receiving more focus than the original goal.

The kingpin of cautionary tales, Tim Harford, wrote a review of The Tyranny of Metrics that’s worth a few minutes of your time. His summary of Muller’s thesis:

Here’s how that risks playing out here:

The FCA says that 50% of UK adults are affected. We have six million customers, so we need to identify three million.

When you scrutinise the benefits of identification they begin to evaporate.

Identification easy to get wrong, especially through digital and self-service channels. Don’t underestimate it!

It's a legitimate concern in an article about regulatory risk because compliance and commerciality aren't inevitably at odds.

This week a colleague told me that she got a text from her bank flagging that she’d spent more this month than last – an innocuous attempt to be helpful, that actually made her feel judged. Now imagine how it would go if someone’s bank reached out ‘helpfully’ after observing spending patterns that suggested bipolar disorder.

Observation is one method of identification. The other, disclosure, is no more straightforward.

People in vulnerable situations are especially likely to mistrust requests for information - fearing it will be used against them. So if you add ‘vulnerability’ disclosure questions to your user journey then you’d better do it very carefully. We’ve developed some ways to help build trust through such an interaction. But it needs to be contextual and it’s so easy to get wrong. Launch a solution without extensively testing it with users at your peril.

Get identification wrong and customers will take their business elsewhere. Or worse, suffer harm as a result.

The paradox here is that you may cause harm while attempting to reduce it.

Asking people to disclose sensitive personal information can prompt them to revisit painful life events. That can trigger strong negative emotions, and exacerbate mental health conditions such as anxiety, depression or clinical trauma. Here’s how a research participant reacted to some clumsily-written copy in a disclosure journey that we tested:

That’s not the kind of outcome that anyone, including the regulator, wants to see. Let’s apply the precautionary principle to identification.

Basing your strategy on ‘knowing’ is to commit to a high-wire act.

There are other risks to an identification-led strategy too. It will increase solution complexity. So there’s a strong possibility that you’ll tie yourselves in knots and never deliver anything, or deliver an expensive thing that you wish you hadn’t.

Here are some questions worth stopping to consider:

• How sure am I that identification is effective?
• How sure am I that identification is easier and cheaper than the alternatives?
• How am I going to keep identification data up to date with peoples’ changes in circumstances?

If you aren’t highly confident about answering these then consider adopting this question instead:

• How can I minimise the need for identification and still be confident we’re doing the right things?

(If you are highly sure, I strongly recommend watching some user research, then trying those questions again.)

Choose the wrong tool for the job and you’ll break things. My weekend DIY exploits are proof enough. Thankfully, decision-making frameworks such as Cynefin can help you choose appropriate tools for different types of problems. The first and most important step is to pause to consider what type of problem you’re facing.

Cynefin characterises problems as being simple, complicated, complex, or chaotic.

Through this lens, ‘complex’ problems are the knotty ones that we can’t prescribe a known solution or approach for, or rely on expertise to solve – because there are too many things we just can’t know.

Watching user research will lead you quickly to the conclusion that consumer vulnerability is a complex problem. There’s no complicated formula or algorithm for meeting the challenge.

To solve problems like vulnerability, Cynefin says that we need to probe:

Inclusive design isn’t done when you’ve checked colour contrast levels. There’s more to it than meeting WCAG accessibility guidelines. But the same principles apply and we’ve used them to crack similar nuts before – so there’s good reason to feel confident we can do it again.

What if you could understand the needs of consumers with a diverse range of needs and build services that anticipated them, and that they could use them successfully without needing to disclose sensitive personal information? Sounds pretty nice to me.

What if that approach was quicker, cheaper and less risky, and the solution was better for consumers with atypical needs and – in fact – better for everyone?

That’s what inclusive design can do, when you fully embrace it.

In June this year, Monzo commissioned a survey of people living with ADHD to learn about how it affects their financial lives. Among other findings, they discovered that people with ADHD are almost three times more likely to miss bill payments. Monzo has an app feature that helps people in this situation – notifications about upcoming bills. And 77% of the people with ADHD they surveyed found it helpful or very helpful.

But this feature isn’t only available to people with ADHD. Anyone can use it, and you can see how it’s useful for people in many different circumstances, for example a freelancer with an irregular income – the solution is better for everyone. What’s more, Monzo didn’t have to identify any vulnerability.

However, inclusive design isn’t a silver bullet either, and you’ll still need to measure outcomes.

But by properly leveraging inclusive design you’ll meet the widest set of needs with the simplest solution. That means you’ll minimise both the number of customers whose needs aren't met by your core journeys and the cost and risk involved in identifying them.

It might not sound as exciting or convenient as shiny new identification tech, but with the arrival of the Consumer Duty in FS, inclusive design is an idea whose time has come.

I’m not alone in wondering why everyone isn’t already doing this. Chris Fitch, Vulnerability Lead at Money Advice Trust, thinks that it’s because designing for vulnerability is difficult:

What’s stopping you? Let us know!