[…] entities and individuals acted in the ways they did because they could. Entities set the terms on which they would deal, consumers often had little detailed knowledge or understanding of the transaction and consumers had next to no power to negotiate the terms. At most, a consumer could choose from an array of products offered by an entity, or by that entity and others, and the consumer was often not able to make a well‑informed choice between them. There was a marked imbalance of power and knowledge between those providing the product or service and those acquiring it.
Royal Commission into Misconduct in the Banking, Superannuation and Financial Services Industry, Final Report, Vol 1 p2
Financial services providers face a new set of responsibilities in dealing with customers experiencing vulnerability
The vulnerable customer expectations on financial institutions now go beyond protecting customers from exploitation by third parties, and include ensuring that the services they themselves provide are appropriate to the situation of the customer, and that, when offering services, they identify and take into account any temporary or permanent reduction in the customer’s decision-making capacity, or any other type of vulnerability.
Customer Vulnerability: New Emphasis
Despite the fact that, in its final recommendations around vulnerable customers, the Banking Royal Commission restricted itself to recommendations in a limited number of areas,the evidence that it heard and public commentary on it has enlivened public and industry interest in the subject of customer vulnerability in general. The Australian Banking Association’s Code of Banking Practice and the Insurance Council of Australia’s General Insurance Code of Practice have been re-written to include significant requirements on subscriber organisations to implement policies and practices to assist customers who may be vulnerable, and to require appropriate staff training to enable these practices to be properly implemented. (It is to be expected that the Customer Owned Banking Association’s Customer Owned Banking Code of Practice (COBCOP),which is currently being rewritten, will contain similar requirements.)
The increased emphasis on the importance of addressing the needs of vulnerable customers is accompanied by an enhanced understanding of what constitutes ‘vulnerability’. These two developments are of equal importance.
A vulnerable consumer is someone who, due to their personal circumstances, is especially susceptible to detriment, particularly when a firm is not acting with appropriate levels of care.
UK Financial Conduct Authority Occasional Paper No 8 February 2015 p3
Explicitly or implicitly, the Australian Codes have adopted the UK FCA’s understanding of vulnerability. The General Insurance Code of Practice recognises these (and possibly other) factors that may give rise to customer vulnerability:
c. mental health conditions;
d. physical health conditions;
e. family violence;
f. language barriers;
g. literacy barriers;
h. cultural background;
i. Aboriginal or Torres Strait Islander status;
j. remote location; or
k. financial distress.
What is to be noted here is that this widened understanding of what constitutes vulnerability entails an understanding that a customer’s vulnerability may be subject to exploitation in different ways and by different agents than has previously been recognised.
Elder financial abuse is a venerable paradigm, and is still one of the most significant forms of exploitation of customer vulnerability: a third party (most commonly a relative or carer, but also frequently a stranger) finds a way to prey upon the inexperience, credulousness or incapacity of an older person in order to defraud them of their assets. The paradigm of a third party exploiting a customer’s vulnerability also includes spousal financial abuse, financial abuse by professionals and carers, etc.
But the expanded categories of vulnerability (remote location, language barriers, cultural background, and so on) entail an expanded class of potential abusers. This includes parties to the financial contract: banks, brokers, insurance companies, financial services providers of all kinds. And while – for the most part – the exploitation of vulnerable customers by a financial services provider may not be motivated by an intent to defraud, nevertheless it is recognised that a failure by a financial services provider to recognise and account for the vulnerability of a customer can result in significant financial detriment to the customer (often accompanied by an enhanced benefit to the provider.)
The asymmetry of knowledge and power between consumers and financial services entities has been evident throughout the Commission’s work.
Royal Commission into Misconduct in the Banking, Superannuation and Financial Services Industry, Final Report, Vol 1 p490
There is nothing new in the recognition that a service provider is likely to have a significantly better understanding of the nature and conditions of the services being sought by a potential customer than the customer themself has. What is being driven at here goes beyond that and refers to cases where a customer’s particular circumstances – whether permanent or temporary – render them especially vulnerable.
Selling Financial Services to Customers Who Are Experiencing Vulnerability
The Responsible Lending Obligations under the National Credit Code require lenders to ensure that a borrower’s needs and requirements are clearly understood and that the product they are being offered is not unsuitable. This requires lenders to have regard to customer vulnerability. This is also the case where a borrower presents as suffering financial hardship.
There are limited similar legislative requirements to protect customers who are entering into other types of financial services arrangements, and it is here that the Codes of Conduct apply to require financial services providers to be on the lookout for, and appropriately respond to, customer vulnerability.
As the case study above shows, a customer who in general is competent and capable in managing their own affairs, may be vulnerable in certain circumstances.
The clear message from the research carried out for this paper is that we can all become vulnerable.
UK Financial Conduct Authority Occasional Paper No 8 February 2015 p4
The requirement, then, on financial services providers, is to have systems in place to identify vulnerability. The General Insurance Code of Conduct says, “We encourage you to tell us about your vulnerability so that we can work with you to arrange support — otherwise, there is a risk that we may not find out about it.” (s93) but clearly it will not be enough to rely on the customer to identify themselves as vulnerable. For various reasons a customer might never recognise their own vulnerability or be able to make a claim about it.
Financial services organisations hold a great deal of information about the age and other personal details of their customers. They have sophisticated systems to monitor for possible AML/CTF issues and for possible fraud issues, and these systems also provide data that raises red flags related to financial abuse. These are reasons why the complaints authorities continue to regard vigilance in this area as one of a financial service provider’s day-to-day costs of doing business and hold providers accountable for failures to undertake proper oversight.
Customer contact staff play a significant role in a financial service provider’s response to customer vulnerability: they are often in a position to identify the first signs of vulnerability, for example by noticing that a customer’s demeanour suggests they may be dementing and therefore losing competence to handle their affairs, or by picking up from a customer’s remarks that they are in an unusually stressful situation.
Customer contact staff are not psychologists, and they usually lack the experience to make final decisions about the appropriate response to apparent customer vulnerability or exploitation, but they need to be able to recognise the relevant red flags, take steps to escalate, and act appropriately until the matter can be handed over to the appropriate level within the business.
The industry codes of conduct recognise that this requires proper staff training. The training should be ongoing and should cover the expanded categories of vulnerability. It should empower staff to recognise the signs, and to understand their obligations with respect to providing appropriate services to vulnerable customers.
GRC Solutions offers online compliance training in Protecting Vulnerable Customers from Potential Financial Abuse.
Recommendation 1.8 is about: customers who, by virtue of remoteness or language limitation, face challenges in accessing banking services; Indigenous who may have trouble satisfying standard KYC (Know your Customer) requirements; and the terms and conditions for basic banking accounts.