Published on Jun 15, 2020

Identifying and responding to vulnerable customers is more important than ever. Learn about fairness and ASIC focus on vulnerability – The Fold Legal. Identifying and responding to vulnerable customers is more important than ever. Learn about fairness and ASIC focus on vulnerability – The Fold Legal.

Regulators have a laser focus on ‘fairness’ following the numerous scandals involving overcharging, underservicing and poor customer outcomes that were laid bare in the Royal Commission into Banking. For fintechs, this means making sure fairness is embedded at every customer touch point. This is no simple task as fairness is contextual and needs to address any customer vulnerabilities. In the midst of the COVID-19 global pandemic, identifying and responding to your vulnerable customers fairly is more important than ever!

What is fairness?

What is fair isn’t universal – it depends on the context, your product or service and the consumer’s circumstances.

When it comes to fairness, fintechs fair better than most. Why? Because they want to challenge the status quo, address a consumer gap or need and foster deeper customer trust.

Some fintechs are using features like greater transparency, improved comparability, better rates, lower fees, increased personalisation and greater customer control. These features help create fairer products and services but alone will not ensure consumer fairness. Why? Because fairness needs to be embedded in all touch points in the customer journey. This is no small feat.

Catering to vulnerable consumers is a good place to start

A good litmus test for fairness is how you cater to your most vulnerable consumers. Vulnerability is the next frontier in the consumer space but it’s yet to be defined by regulators in Australia.

Who is a vulnerable customer?

In the UK, the Financial Conduct Authority (FCA) defines a vulnerable customer as “someone who, due to their personal circumstances, is especially susceptible to detriment, particularly when a firm is not acting with appropriate levels of care”.

This is a broad definition and doesn’t differentiate between potential vs actual vulnerability and permanent vs transient vulnerability. In our view, this is because the FCA wants vulnerable characteristics to be considered at all stages of the customer journey.

In the context of the COVID-19 global pandemic, fintechs may find that a significantly larger percentage of their customer base may be vulnerable – whether due to lost/reduced income, health issues (physical or mental), or additional caring responsibilities, just to name a few.

This is certainly in line with the FCA’s guidance, which has identified 4 key drivers of vulnerability:

  1. Health – health conditions or illnesses that affect the ability to carry out day to day tasks;
  2. Life events – major life events such as bereavement or relationship breakdown;
  3. Resilience – low ability to withstand financial or emotional shocks;
  4. Capability – low knowledge of financial matters or low confidence in managing money.

The FCA has also issued draft guidance on what is required to drive better outcomes for vulnerable customers. Key to this is embedding a lifecycle approach to vulnerability that:

  • Understands the needs of vulnerable customers. This includes drivers, impacts and effects of vulnerability;
  • Ensures staff have the requisite skills and capacity;
  • Takes practical action like product and service design, customer service and communications; and
  • Fosters continuous improvement including monitoring and evaluation.

While this provides a strong framework for you to consider vulnerability, what it means in practice will vary depending on your products or services and your potential and actual customer base. It will also need to consider any specific challenges customers are facing due to the COVID-19 global pandemic.

Australia’s position on vulnerability…

Vulnerability is not specifically regulated in Australia but there are a range of regulatory requirements/interactions that are relevant to vulnerability or touch upon vulnerability.


The Australian Competition and Consumer Commission (ACCC) issued a compliance guide for businesses dealing with disadvantaged or vulnerable customers in 2011. The guide doesn’t define who is a vulnerable customer but it does identify a range of characteristics and includes some high level principles and examples based on actual cases. These characteristics include:

  • have a low income;
  • are from a non-English speaking background;
  • have a disability—intellectual, psychiatric, physical, sensory, neurological or a learning disability;
  • have a serious or chronic illness;
  • have poor reading, writing and numerical skills;
  • are homeless;
  • are very young;
  • are old;
  • come from a remote area; and/or
  • have an Indigenous background.

While useful, the guidance is framed in the context of unconscionable conduct and misleading and deceptive conduct. It doesn’t take into account the broader concepts of fairness that underpin financial services and credit activities.

It is also worth noting that the ACCC has listed vulnerable and disadvantaged customers as an enduring priority in their Compliance & Enforcement policy & Priorities 2020. It will be interesting to see how this plays out in the context of COVID-19 and ASIC’s focus post-Royal Commission.

Design and distribution

ASIC’s new design and distribution obligations go some way towards addressing vulnerable customers of financial products. This is because it requires product designers to identify the target market for a product and ensure distribution (directly or indirectly) is limited to them. When determining the target market, product designers should identify any vulnerable customers and how the product caters to them. Implemented as intended, these obligations should ensure that products are fit for purpose and target the appropriate customers. This should shrink the potential vulnerable population somewhat but is not a cure all. Why? Because the right customers may acquire the product but nonetheless be vulnerable. It also doesn’t address the servicing of vulnerable customers.

ASIC priorities

In light of COVID-19, ASIC has changed its priorities and will (amongst other things) “heighten its support for consumers who may be vulnerable to scams and sharp practices, receive poor advice, or need assistance in finding information and support should they fall into hardship”.

ASIC’s focus on consumer vulnerability has now been captured in its Interim Corporate Plan 2020-21, which was released on 11 June 2020. In this report, ASIC acknowledges the increased risk and impact of consumer vulnerability in the context of the COVID-19 pandemic given:

  • heightened economic uncertainty and widespread job losses;
  • increased scam activity and misleading advertising targeting susceptible consumers;
  • reliance on temporary relief from Government assistance, hardship arrangements and mortgage payment deferral;
  • the widespread use and proliferation of credit;
  • the risk of under insurance given the concurrent increase in insurance premiums and reduction in wages; and
  • early access to superannuation.

While ASIC’s focus on vulnerability is contextual and targeted, it does indicate ASIC has vulnerability considerations front of mind in its supervision of financial services and credit more broadly. It will be interesting to see what ASIC does in the space post pandemic and if they will build on any lessons learned.


The Australian Financial Complaints Authority (AFCA) has, since inception, been assessing complaints from a fairness and vulnerability perspective, particularly in the credit space. From what we have seen, AFCA are applying industry codes as best practice, even if the provider is not a member and not required to be a member. This is an interesting development and, in our view, AFCA is likely to drive much of Australia’s approach to vulnerability.

Best interests

Financial advisers have a duty to act in their clients’ best interests. If a client is vulnerable and a financial adviser doesn’t ask the right questions or appropriately act on their client’s responses, it will be difficult for them to demonstrate they discharged the best interests duty. Financial advisers are generally in a sound position to uncover vulnerability – given the nature of their relationship, service scope and contact points. The fact find and review process present an opportune time for financial advisers to identify relevant vulnerabilities for clients.

Responsible lending

Responsible lending obligations require credit providers to consider any known vulnerabilities identified in the application process. It doesn’t prevent them from lending to vulnerable customers. Providers should have robust processes in place to identify relevant vulnerabilities. However, these processes may not identify customer vulnerability. Why? Because it requires full and transparent disclosure about matters consumers may not think relevant or want to discuss.

Industry codes

We have also seen industry develop its own codes of practice. For example, the draft Buy Now Pay Later Code, General Insurance Code of Practice (aiming to be operative 1 July 2020) and Banking Code of Practice (commenced 1 March 2020). These codes all list common vulnerability characteristics and build in a range of protections for vulnerable customers. Most require identification of vulnerable customers, adequate training of staff and customer support (guidance, referrals or product / service changes). While a great step forward, these protections are high-level commitments. You will need to flesh out what it means for your product or service and broader customer journey.

This will be an interesting exercise for fintechs as many have frictionless customer onboarding and often have minimal human-to-human touch points in the customer journey. What this means for fintechs in the context of a global pandemic is also untested and unchartered. Key will be having processes in place that identify vulnerable customers early on and respond appropriately.

How can you identify vulnerability in the customer journey?

Think about your:

  1. Product features: Are they fair? Can they be customised? What levers can be used for different customers?
  2. Service touch points: Are there key touchpoints where you should ask customers to give you information? Will customer answers, behaviours or data raise red flags for you?
  3. Data: What data do you collect? What inferences can be made from that data? Can you incorporate AI?
  4. Assessments: Do you conduct any customer pre-vetting, risk or suitability assessment? Do you assess customers on an ongoing basis? How can you extend these to cover vulnerability?
  5. Training: How will you empower your staff to identify and respond to vulnerability?
  6. Recourse: What measures do you have in place for vulnerable customers?
  7. Review: What processes do you have in place to review your practices and build a culture of continuous improvement?

Vulnerability practices are still at an early stage. It will take time and many iterations before businesses can better cater and respond to customer vulnerability. COVID-19 provides fintechs with a greenfield opportunity to design and test vulnerability measures in a heightened environment with a potentially significant vulnerable customer population. If you haven’t thought about it yet, it is important that you consider vulnerability now in terms of your product/service design, distribution and broader customer journey.

We’re experts in helping fintechs design and distribute their products and can help you navigate vulnerability. Get in touch, we’d be happy to help.

Michele Levine

June 2020

Subscribe now to The Fold's blog alerts

Subscribe to The Fold's Blog Alerts and receive $50 off your next purchase from our eStore.

Please prove you are not a robot.