FCA Consumer Duty 2024: What Firms Must Evidence on Vulnerable Clients
The FCA issued £176M in fines in 2024 — up 230% year on year. Consumer Duty enforcement is accelerating. Here is exactly what firms must produce, what counts as adequate evidence, and what is now technically possible.
FCA Consumer Duty (effective July 2023 for new business, July 2024 for closed books) requires UK financial services firms to demonstrate that they deliver good outcomes for customers — including proactive identification of vulnerable customers and evidence that vulnerable customers received appropriate treatment. Self-declaration alone does not satisfy the evidencing requirement.
The evidencing gap most firms haven't closed
The FCA's Consumer Duty guidance is explicit on one point that many compliance teams have underweighted: firms must not rely solely on customers self-identifying as vulnerable. The FCA expects firms to demonstrate proactive identification — systems and processes that identify vulnerability signals regardless of whether the customer volunteers that information.
The practical implication is significant. Standard quality assurance processes review 2–3% of customer interactions. Of those interactions, the primary vulnerability identification mechanism is still the customer saying "I'm struggling" or answering yes to a direct vulnerability question. The FCA has made clear this is not sufficient evidencing of proactive identification.
See how EchoDepth generates auditable Consumer Duty evidence — request a free analysis of a customer interaction.
What adequate evidence actually looks like
The FCA's Finalised Guidance (FG21/1, updated for Consumer Duty) provides a framework for what firms should be producing. Adequate evidence of vulnerability assessment includes four components:
Evidence of a systematic process for identifying vulnerability signals — not ad-hoc identification by individual agents, but a repeatable methodology applied consistently across all relevant interactions.
Records showing that vulnerability assessment occurred for specific interactions — not just that the firm has a policy, but that the policy was applied to real customer contacts and the outcome of the assessment was recorded.
Evidence that vulnerable customers received different (more appropriate) treatment than non-vulnerable customers — that the identification actually changed the outcome.
Documentation that agents and teams responsible for vulnerability identification were trained and assessed as competent to identify vulnerability signals.
The £176M enforcement context
The FCA issued £176M in fines in 2024 — a 230% increase year on year. Consumer Duty is a central enforcement priority. The regulator has explicitly stated that it will use supervisory tools including skilled person reviews, attestations and enforcement action where firms cannot demonstrate good consumer outcomes.
Separately, UK financial services firms paid £479M in customer redress in 2024. The FCA's view is that much of this redress could have been avoided if firms had identified vulnerable customers earlier and adjusted their treatment accordingly. The cost of not identifying vulnerability is not just regulatory fine exposure — it is the cost of redress plus the reputational damage of FCA enforcement action.
What technology now makes possible
Until recently, the gap between what the FCA expects and what firms could practically deliver was largely a technology limitation. Reviewing 100% of customer interactions for vulnerability signals was not operationally feasible at scale — hence the 2–3% QA sample that most firms still rely on.
Emotional AI platforms now make 100% coverage operationally viable. Voice analysis can process recorded or live telephone interactions in real or near-real time, detecting distress signals — elevated arousal, low valence, cognitive load markers — that correlate with vulnerability, without requiring the customer to self-declare.
The output is not a clinical diagnosis of vulnerability. It is a Vulnerability Signal Score — a documented record that vulnerability assessment occurred, what the signal showed, and what action was taken. That record is the auditable evidence the FCA requires. It turns a sampling problem into a coverage problem, and coverage into an evidence trail.
Frequently Asked Questions
What does FCA Consumer Duty require firms to evidence about vulnerable clients?
FCA Consumer Duty requires firms to demonstrate that they identified vulnerable customers, that those customers received appropriate treatment, that the firm monitored outcomes for vulnerable customers, and that it can evidence all of the above to the FCA on request. The FCA explicitly states that firms should not rely solely on customer self-declaration.
What counts as adequate evidence of vulnerability assessment?
Adequate evidence includes: documented processes for identifying vulnerability signals, records showing vulnerability assessment occurred for specific interactions, outcomes monitoring data showing vulnerable customers received appropriate treatment, and evidence of staff training. Self-declaration records alone are insufficient.
What were the FCA fines in 2024 related to Consumer Duty?
The FCA issued £176M in fines in 2024, up 230% year on year, with Consumer Duty enforcement a significant driver. Separately, £479M in customer redress was paid by UK financial services firms. The FCA has made clear that Consumer Duty enforcement will increase.
See EchoDepth on a real customer interaction.
Submit a call recording or transcript. We return a full vulnerability signal analysis and Consumer Duty evidence record within 5 working days — free.