Home » VRS Conference: UK

VRS Conference: UK

A super day at the VRS conference in Nottingham yesterday. Some notes from the early sessions below. Great to see so many people supporting VRS and just how much it has growth. It really feels like the time is now around data sharing and embedding into collections (and wider) processes.

…. we even got the music played (w/ credit to Kevin Still)

Key Take Aways

  1. Vulnerability should be treated as a core design consideration, not an exception. The discussion repeatedly emphasised “inclusive by design” and the need to build vulnerability considerations into products, services, communications and organisational culture from the outset.
  2. Consumer Duty remains the central regulatory benchmark for vulnerable customer outcomes. The FCA positioned Consumer Duty as the “high watermark” for expectations, with firms expected to deliver good outcomes rather than simply evidence compliance activity.
  3. Progress has been made, but consistency remains a gap. The FCA has seen encouraging examples of firms improving support for vulnerable customers, but outcomes remain inconsistent across firms and sectors.
  4. Product design is still underdeveloped. The FCA noted that firms have not made as much progress incorporating vulnerable customers’ needs into product design as they have in identification and support processes.
  5. Customer communications require more rigorous testing. Firms should test whether communications genuinely support understanding and decision-making, including with customers who have accessibility needs, language requirements, lower digital confidence or lower financial capability.
  6. Outcomes monitoring is a priority area. Firms are expected to use data more effectively to monitor the outcomes experienced by vulnerable customers and feed insights into continuous improvement processes.
  7. Data protection should not be used as a blocker to responsible data sharing. The ICO was clear that “we can’t share because of data protection” is incorrect; data protection law provides an enabling framework for fair, proportionate and responsible sharing.
  8. Consent is not always the right lawful basis. The ICO clarified that consent may be appropriate in permission-based contexts, but other lawful bases, including legitimate interests, may be more appropriate in some circumstances.
  9. AI creates both opportunities and governance risks. AI is being used to detect keywords that may indicate vulnerability, but firms must remain clear on consent, transparency, data use, ethical considerations and human oversight.
  10. Regulators are encouraging responsible innovation. The FCA invited firms to engage with its regulatory sandbox, digital sandbox, AI live testing initiative and Supercharged Sandbox to test new approaches under regulatory support.
  11. Buy Now Pay Later regulation is intended to introduce proportionate safeguards. The FCA described its approach as proportionate, relying heavily on existing rules and Consumer Duty, while recognising the need for some friction to support consumer understanding.
  12. Leadership and culture are critical. The opening remarks stressed that inclusive cultures, ethical deployment and human values must be led from board level and embedded across organisations.

Innovation

  • AI-enabled vulnerability detection: Firms are using AI to detect keywords that may indicate vulnerability during customer interactions, helping call handlers identify customers who may need additional support.
  • Quality assurance on vulnerability-related calls: The FCA cited examples where QA checks are applied to calls where vulnerability is identified, helping ensure the right action is taken.
  • Inclusive design panels: Some firms have introduced panels to test changes to product design, though the FCA warned these must not become a tick-box exercise.
  • Centralised recording of accessibility needs: Some firms have implemented more centralised ways to record customers’ accessibility requirements and apply them consistently across interactions.
  • Testing communications with vulnerable customer groups: Firms are testing communications with customers who have lower digital confidence and capability, then redrafting based on feedback.
  • Screening against the VRS database: In debt purchasing and collection, firms are screening new customers against the VRS database to identify disclosed vulnerabilities and tailor the recovery journey.
  • Customer portal redesign: Examples included simplifying information, changing design and colours, and making customer portals more accessible and easier to understand.
  • Alternative data sources: The FCA referenced open banking and alternative data sources as potentially helpful in lending decisions for consumers with limited or thin credit files.
  • Innovation services and sandboxes: The FCA referenced regulatory sandboxes, digital sandboxes, AI live testing and the Supercharged Sandbox as routes for testing new products, services and use cases.
  • Smart data scheme design: The ICO referenced forthcoming guidance on smart data scheme design, relevant to responsible data access and sharing initiatives.

Key Statistics

  • Consumer Duty has been in place for around two years.
  • It has been just over one year since the FCA published its vulnerability review.
  • The FCA’s vulnerability guidance was described as having been in place for five years.
  • FCA regulation proposals were published in March.
  • The new FCA reports replace more than 40 portfolio letters.
  • The FCA’s consumer finance report sets out three top priorities.
  • Regulation for Buy Now Pay Later / deferred payment credit comes into effect on 15 July.
  • Buy Now Pay Later transactions were described as being, on average, around £50.
  • Buy Now Pay Later lending is usually repaid in under six months, sometimes less.
  • Almost 11 million people are using Buy Now Pay Later as a payment mechanism.
  • The ICO’s data sharing code of practice has been around for five or six years.
  • The ICO data protection conference was mentioned as taking place on Tuesday 13 October.

Key Discussion Points

  1. How financial services firms should embed vulnerability into product and service design from the outset.
  2. How Consumer Duty expectations apply to customers in vulnerable circumstances.
  3. The need to move from identifying vulnerability to actively meeting customer needs.
  4. How firms can test whether customer communications are genuinely understood.
  5. How firms should use data to monitor vulnerable customer outcomes and drive continuous improvement.
  6. How third-party tools and resources can support vulnerability identification and customer support.
  7. How firms should balance data protection obligations with the need to support vulnerable customers.
  8. Whether AI can detect vulnerability characteristics without explicit customer disclosure or consent.
  9. The implications of AI personal assistants being used by consumers in complaints, advice and customer interactions.
  10. Whether FCA complaints data should become more granular, including complaint type and vulnerability characteristics.
  11. How Buy Now Pay Later regulation may affect access to credit, affordability assessments and consumer friction.
  12. How recognised legitimate interests and other lawful bases may support responsible data sharing for safeguarding and vulnerability-related purposes.

RO-AR.com contact list
Join the RO-AR.com contact list and select updates covering the most important developments in risk operations - research, regulation, technology, and events. Unsubscribe anytime.