What does proactive vulnerable customer identification mean under FCA Consumer Duty?

Proactive identification means firms must identify vulnerable customers through their own systems and processes — not wait for customers to disclose vulnerability. The FCA states explicitly that firms must not rely solely on self-declaration. Proactive identification requires monitoring interaction signals (voice patterns, communication behaviour, interaction history) for vulnerability indicators regardless of whether the customer volunteers that they are struggling.

What evidence does the FCA require for vulnerable customer identification?

The FCA expects firms to produce, on request: documented processes for proactive identification, interaction-level records showing vulnerability assessment occurred, outcomes monitoring data showing vulnerable customers received appropriate treatment, staff training records, and MI showing the proportion of customers identified as vulnerable. Self-declaration records alone — where the firm only identifies vulnerability when customers state it — are insufficient under Consumer Duty.

How can AI detect vulnerable customers that self-declaration misses?

AI-based vulnerability detection analyses the physiological signals in customer interactions — voice patterns, facial muscle movements, speech rate changes, hesitation patterns, cognitive load indicators — that are produced involuntarily regardless of what customers say. A customer in financial difficulty who speaks calmly and says 'I understand' may show elevated vocal distress signals, facial indicators of cognitive load, and speech pattern changes that indicate vulnerability. EchoDepth detects these signals across 100% of covered interactions.

What is the difference between temporary and permanent vulnerability under FCA rules?

The FCA recognises that vulnerability can be permanent (chronic health conditions, severe financial exclusion), temporary (bereavement, acute financial shock, recovery from illness), or situational (triggered by the specific interaction context, such as a collections call or complex product decision). All three require proactive identification. Firms must have processes sensitive enough to detect temporary and situational vulnerability in real time — which is why interaction-level analysis, rather than periodic customer profiling, is the appropriate approach.

How to Identify Vulnerable Customers Proactively

What proactive actually means

The FCA's Consumer Duty guidance uses the word "proactive" deliberately. It distinguishes between two fundamentally different approaches to vulnerability identification: reactive (identifying vulnerability when customers disclose it) and proactive (identifying vulnerability before customers disclose it, through the firm's own systems and processes).

Most firms operate reactively. Their vulnerability identification relies on: customers saying they are struggling, colleagues recognising distress signals in real time, or historical account data flagging a known vulnerability. These approaches are better than nothing — but they are not what Consumer Duty requires, and the FCA has made clear that reactive identification alone will not satisfy the evidencing requirement.

Proactive identification requires the firm to monitor interaction signals systematically and identify vulnerability regardless of whether the customer volunteers it. The question shifts from "did the customer tell us they were vulnerable?" to "did our systems identify that this customer may be vulnerable?"

The four drivers — and why they create an identification problem

The FCA's guidance identifies four drivers of vulnerability: Health (physical and mental health conditions), Life events (bereavement, job loss, relationship breakdown), Resilience (low financial resilience, over-indebtedness), and Capability (low financial literacy, language barriers, digital exclusion).

The identification problem is that vulnerability arising from any of these four drivers may not be visible from account data, customer profile, or even from what the customer says. A customer experiencing acute financial stress after redundancy may not mention it. A customer with mild cognitive impairment may not be aware of it. A customer in bereavement may be managing the interaction professionally while showing physiological distress signals beneath the surface.

This is why interaction-level analysis — monitoring the signals in real-time conversations rather than relying on profile data — is the appropriate approach to proactive identification. The interaction is where vulnerability manifests. The profile rarely reflects it accurately.

What adequate proactive identification looks like

Based on FCA guidance and enforcement activity, adequate proactive identification has four components:

Coverage: Vulnerability assessment must occur across all relevant interactions — not a sample. Standard QA reviews 2–3% of interactions. Proactive identification requires systematic coverage of 100% of interactions in regulated contexts, or a clearly evidenced risk-based approach to coverage that the FCA can interrogate.

Signal sources: The assessment must go beyond what customers say. Tone, speech pattern, interaction behaviour, and non-verbal signals (in video interactions) are all relevant vulnerability indicators. A firm that only assesses vulnerability based on customer statements has a coverage gap.

Documentation: Assessment must be recorded at the interaction level. The FCA expects to see: when vulnerability was assessed, what process was used, what signal was detected (or not detected), and what action followed. Assessment that happens but leaves no documentation is assessment that cannot be evidenced.

Outcomes monitoring: The firm must monitor whether vulnerable customers received appropriate treatment and whether outcomes were fair. This requires linking vulnerability identification to subsequent handling data.

The self-declaration trap

Many firms have invested in self-declaration mechanisms — asking customers directly whether they have any vulnerabilities, providing easy routes to disclose, training colleagues to ask sensitively. This is valuable and should continue. But it cannot be the primary identification mechanism for Consumer Duty purposes.

The customers most likely to need proactive identification are the customers least likely to self-declare. Customers in cognitive decline may not recognise their own impairment. Customers in acute financial distress may be ashamed or in denial. Customers in bereavement may be managing professionally but carrying significant emotional load. The FCA's requirement for proactive identification exists precisely because self-declaration fails for the most vulnerable.

Technology as the proactive identification layer

EchoDepth provides the interaction-level analysis layer that closes the proactive identification gap. For voice-based interactions, EchoDepth analyses speech rate, hesitation patterns, vocal pitch variation, and prosodic signals of cognitive load and emotional distress — producing vulnerability flags in real time without requiring the customer to disclose anything.

For video interactions, FACS facial analysis adds the involuntary physiological signal dimension — detecting Action Unit patterns associated with stress, suppressed distress, and cognitive load that colleagues cannot reliably observe in real time and that no self-report mechanism captures.

Each flagged interaction generates a timestamped record showing which signals were detected and at what severity. This produces the interaction-level documentation the FCA requires and the outcomes monitoring linkage that Consumer Duty mandates.

Proactive identification is the Consumer Duty requirement most firms have not fully implemented. The gap between reactive and proactive is where enforcement risk lives. Discuss your current coverage with us →

FCA Consumer Duty: Why Vulnerability Detection Needs to Be Real-Time

Read article →

Voice-Based Vulnerability Detection in Debt Collections

Read article →