"One could argue using a common sense approach. In other words, if you expect the vulnerability is transient then it doesn’t need to recorded but if it is persistent it should be."
Transient vulnerable people are those who because of specific circumstances at a certain time may not be able to make a complex or unexpected decision. For instance, if a person is going through a separation or a loved one has died, then they may be vulnerable in that moment, but not over the longer term.
In the guidance the FCA rightly points out that transient vulnerability makes up a substantial part of the vulnerable population and for many people that is why it is hard for them to self-identify as vulnerable.
With Covid-19 we are seeing increasing numbers of this type of client.
Advisers are well-equipped in many ways to help people who may be going through a challenging period in their life as unfortunately that is often a reason they need to see their financial planner.
However, what is still unclear is how information on transient vulnerability is recorded, which in a GDPR world is vitally important.
For example, say a client calls you and you know they have just gone through a separation. They want to make some financial decisions that seem erratic. Obviously, it’s important to deal with that vulnerability in the moment. But how long after the fact should you keep note of that vulnerability? And how will the client feel knowing that is on file?
The guidance published by the FCA acknowledges that it “may be challenging” but stops short of providing any detail on how these customers should be considered.
One could argue using a common sense approach. In other words, if you expect the vulnerability is transient then it doesn’t need to recorded but if it is persistent it should be.
However, that is often difficult to tell.
At Quilter we have tried to illustrate how wide-ranging vulnerability and the below images nicely illustrates that while some are clearly more permanent than others and some are hard to identify, like the diagnosis of an illness.
We also need to keep in mind that while advisers are highly likely to work with their client for the long-term and so will know previous behaviours, providers have several different teams and people that work with clients. Unless there is a clear record of even transient vulnerability there is a risk to the client.
As businesses we need to ensure that we are clear on how we record any type of vulnerability. The importance of this should not be underestimated as it can dramatically impact how providers and to some extent advisers deal with clients.
As part of this, we would welcome further clarity from the regulator on their expectations and those of the Information Commissioner’s Office on the boundaries of our own data and data provided by a third party.
Ultimately, firms should not be placed in a position where in seeking to meet Data Protection compliance, they are unable to meet the expectations of the FCA.
In the short term, we all need to be more aware of an increase in transient vulnerability due to Covid-19 and ensure we are able to help and guide clients when they need it most.
