The Foreseeable Harm Test

Demonstrating Good Outcomes

Business Model

All Sectors

The Consumer Duty obliges firms to avoid causing foreseeable harm — a forward-looking duty, not a retrospective one. Yet most product governance processes test commercial assumptions, regulatory permissions, and operational readiness. They rarely ask, with discipline, what could go wrong for which specific customers and how the firm would know. The result is that foreseeable harm gets identified after the fact: a complaint cluster forms, a supervisory letter arrives, and the harm is then declared foreseeable in the sense that the conditions producing it were visible at design time — but no one looked at design time. The pattern's problem is not that firms lack risk frameworks. It is that the existing frameworks are oriented to the firm's risk, not to the customer's harm.
The structural move is to install a disciplined pre-mortem step in product approval and material change processes — an exercise that names cohorts, names failure mechanisms, and names detection signals before launch, with the output entering the formal approval record and being revisited as conditions change:
Pre-mortem before launch
Before the product approval forum signs off — before, not after — the design team and a defined challenge group run a structured exercise that assumes the product has caused customer harm twelve months from launch and works backward to identify the failure modes. The output is specific: named customer cohorts (not 'customers' but 'self-employed applicants with variable income', 'long-tenure savers with no online channel', 'recently bereaved joint policyholders'), named harm mechanisms (not 'mis-selling' but 'affordability test excludes income type that the target market actually has'), named detection signals (not 'monitor outcomes' but 'application decline rate by employment type, monthly, with threshold'), and named owners. The exercise enters the approval record. Klein's original method asked teams to imagine the project has failed; the discipline here asks them to imagine the customer has been harmed. The design test: does the approval record contain a list of named cohorts, named mechanisms, and named signals — or does it contain only a generic risk statement?
Cohort-level harm modelling
The harm exercise is conducted at cohort level, not at portfolio level. Where the target market spans materially different customer types — by demographic, behavioural, channel, vulnerability profile, or financial situation — each material cohort is examined separately for the harms most likely to befall it, the mechanisms by which the proposition could produce those harms, and the conditions under which they would materialise. This is the same discipline that fair value frameworks require under TR24/2 and the May 2023 fair value frameworks review (group averages disguising pockets of poor value), translated into harm anticipation. The cohort lens forces specificity: a generic harm statement applied to 'the target market' is rarely useful; a specific harm statement applied to the cohort most likely to experience it usually is. The design test: across the cohorts that make up the target market, can the firm point to the harms most likely to affect each, and the design or distribution choices that bear on those harms?
Continuous foresight discipline
Foreseeable harm is not a launch-time question answered once. PRIN 2A.2.10(3) is explicit: it includes harm arising when the firm withdraws a product, when the product changes, or when the firm's understanding of customer impact changes. The pattern's third move is to make the harm exercise a recurring instrument — re-tested on material change (target market shift, distribution change, repricing, feature change), on signal events (a complaint cluster, a supervisory communication, a peer enforcement, an external market move), and on a defined cadence even when nothing apparent has changed. The output of the re-test is a delta, not a re-run: what new harms have become foreseeable, which previously identified harms have materialised, which have been retired, and what is the next signal that would change the picture again. This connects the pattern forward to Pattern 26 (the early warning indicators that watch for the harms named here) and Pattern 25 (the annual reckoning that reviews whether previously identified harms have appeared and what action followed). The design test: is there evidence in the firm's records that previously identified harms have been re-tested against in-life experience, and that new harms have entered the register as conditions changed?
- Approval records for new products and material changes contain a documented foreseeable harm exercise output — naming specific cohorts, specific harm mechanisms, specific detection signals, and named owners — rather than generic conduct or reputational risk statements.
- The harm exercise has, within the last twenty-four months, produced at least one outcome that materially changed the design, target market, distribution, or launch decision before approval — evidence that the exercise is capable of producing consequence, not just record.
- Previously identified foreseeable harms are re-tested on a defined cadence and on material change events, with a documented delta showing which harms have materialised, which have not, which have been retired, and which have been newly added — visible in product governance and board reporting.
- Foreseeable harm outputs feed forward into the firm's leading-indicator design (Pattern 26) and into the annual reckoning (Pattern 25), so that the same cohort-level harms named at launch are watched in production and reviewed at the apex governance event.
- A retail bank, preparing to launch a packaged current account with a bundled set of benefits (mobile insurance, breakdown cover, travel insurance, a small overdraft buffer), ran a structured pre-mortem twelve weeks before the planned launch. Rather than starting from the commercial case, the exercise assumed the product had been the subject of an FCA 'Dear CEO' letter eighteen months from launch and worked backward to identify the conditions that would have produced it. The exercise named four cohorts: customers who would never claim on the bundled benefits because their existing arrangements duplicated them (foreseeable harm: paying for bundled value not received); customers who would buy the package primarily for the overdraft buffer but be persistently overdrawn (foreseeable harm: the bundle's price masking the cost of unarranged borrowing); customers who would activate one benefit and treat the rest as latent (foreseeable harm: aggregate utilisation appearing healthy at portfolio level while specific customers received no value); and bereaved or recently separated joint account holders (foreseeable harm: bundled benefits inappropriate to changed circumstances, with no review trigger). For each cohort, the exercise specified the failure mechanism, the detection signal, the threshold, and the owner. Two of the four named harms led to design changes before launch: an annual benefit-utilisation review prompt and a clearer at-purchase opt-out for customers indicating duplicate cover. Eighteen months in, complaint volumes were materially lower than the comparable predecessor product, and the firm's board report cited the pre-launch exercise as evidence of forward-looking conduct discipline.
- A wealth platform planning to launch a digital drawdown decision tool ran a foreseeable harm exercise that combined the design team, the vulnerability lead, the contact centre operations head, and an independent retirement specialist. The exercise rejected the framing 'what could go wrong with the tool' in favour of 'imagine a customer is materially worse off in retirement because of a decision they made on this tool — describe how it happened'. Five harm narratives were produced. One concerned customers with low numeracy who would interact with the tool but not understand the implications of the choice presented (foreseeable harm: irreversible drawdown decision taken on incomplete comprehension). One concerned customers using the tool under acute time pressure following redundancy (foreseeable harm: drawdown chosen to access cash quickly, eroding long-term provision). One concerned customers whose pension was their only retirement asset and for whom the tool's default annuity-versus-drawdown framing did not adequately surface risk (foreseeable harm: drawdown chosen against the customer's risk profile). For each, the exercise specified the cohort, the mechanism, the signal (session-duration thresholds, abandonment patterns, post-decision survey themes), and a mitigating design change. The tool was launched with a numeracy-light pathway, an acute-circumstances callback offer, and a structured guidance route for customers without other retirement assets. The behavioural detection design echoed the FCA's research on digital engagement practices in investment outcomes — and produced a measurable reduction in post-decision regret indicators in the first twelve months.
Common failure modes
The most common failure mode is the foreseeable harm exercise that produces generic risk-register language — 'reputational risk', 'mis-selling risk', 'regulatory risk' — and treats the language as the work. The FCA's December 2024 review of board reports flagged this kind of generality directly: descriptions of conduct risk that did not name a customer cohort, a harm mechanism, or a measurable indicator. A second is the compliance facsimile: a template added to product approval papers, completed by the same team that produced the business case, signed off by a forum that lacks the time or the standing to challenge it. The exercise needs an external challenge function — second line, customer outcomes, vulnerability lead, or independent member — with the standing to send the paper back. A third is the one-time test: foreseeable harm is documented at launch and never re-tested even though the customer base, distribution mix, market conditions, or firm understanding have shifted materially. PRIN 2A.2.10(3) is explicit that foreseeable harm includes harm arising when the firm's understanding changes; the exercise must therefore be revisitable. A fourth is over-engineering: a sixty-page output that documents twenty harms at low specificity, where five at high specificity would have driven action. A fifth is mistaking the exercise for prediction. The discipline is not to be right about which harms will materialise; it is to ensure the harms that do materialise were named, with named owners and named signals, before they did.

Related Patterns

The Early Warning System

The Feedback Loop

The Outcome Dashboard

Evidence & Supporting Facts

PRIN 2A.2.8 to 2A.2.10 establish the foreseeable harm cross-cutting obligation — including, in 2A.2.10(1), that firms must ensure all aspects of design, terms, marketing, sale and support avoid causing foreseeable harm; in 2A.2.10(3), that firms must identify potential harm arising when products change or the firm's understanding of customer impact changes; and in 2A.2.10(4), that firms must respond to emerging trends including FCA supervisory communications and peer issues.

FG22/5 chapter 5 sets the FCA's expectation that firms anticipate harm rather than respond to it after the fact — including the explicit instruction that monitoring should detect harm at an early enough point to take corrective action before significant numbers of customers are affected, and the December 2024 board reports review found that 'few firms could describe the harms they had specifically anticipated' as a recurring weakness.

The FCA's GAP intervention (Feb–May 2024), the cash savings update (September 2024), the ongoing advice review, and the retail banks 'Dear CEO' letter all describe customer harms that were structurally predictable from the products' design and economics — older drivers of low-value vehicles on GAP, long-tenure savers paid below market, customers paying ongoing advice charges for reviews not delivered, SVR mortgage borrowers paying widening premiums — providing concrete evidence that pre-launch harm anticipation is regulatorily expected and operationally tractable.

Klein (HBR, 2007) introduced the pre-mortem as a structured method for surfacing failure modes before they occur, by asking a team to imagine the project has failed and work backward to causes. The technique addresses systematic over-confidence in design teams; the FCA's emphasis on proactive harm anticipation in PRIN 2A.2.23(2) ('cross-cutting obligations require firms to act both proactively and reactively') maps directly onto the pre-mortem's prospective discipline.

AI Automation Lens

Large language models can be deployed as structured challenge agents in pre-mortem sessions — generating prompts that probe specific cohort experience (the self-employed mortgage applicant, the bereaved policyholder, the cognitively impaired drawdown decision-maker), surfacing failure modes the team did not raise, and stress-testing the assumed-customer narrative against demographic and behavioural edges the business case has glossed. NLP applied to a portfolio of approval papers can identify the linguistic markers of generic risk-register reasoning — vague harm categories, missing cohort names, missing failure mechanisms — and surface papers for re-work before they reach the approval forum. Machine learning trained on historical complaint, claims, and outcome data can suggest cohort-failure patterns that are likely candidates for the new product based on its design choices: a sub-prime credit feature suggests cohorts with prior arrears history; a complex retirement decision tool suggests numeracy-low cohorts; a packaged add-on suggests cohorts unlikely to use the bundled benefit. AI can also maintain a living harm register across the product portfolio, automatically prompting re-test when material conditions change — a target market drift, a distribution mix change, a regulatory communication touching the product class. The objective is not to automate judgement but to ensure judgement is exercised against a sharper set of possibilities than the design team produces unaided.