The Vulnerability Triage

Consumer Support + Products & Services

Consider All Customers

Operating Model

All Sectors

Most retail financial services firms have a vulnerable customer policy. Far fewer have a vulnerable customer operating model. The policy describes intentions; the operating model is what actually happens when a customer with complex circumstances moves through processes, interacts with staff, or reaches a moment where standard treatment will produce a poor outcome. Only 39% of firms have formal senior governance for vulnerable customer outcomes, and 49% of wealth managers report zero vulnerable clients — a statistical impossibility that signals the absence of a working operating model rather than the absence of need. The gap between policy and practice is where harm accumulates.
The structural move is to build a triage architecture that classifies vulnerability by impact severity and routes customers to proportionate responses. Note: this pattern's breadth may warrant decomposition into sub-patterns as implementation matures:
Severity classification
Vulnerability signals are assessed against a practical severity framework. Low-impact: minor adjustments needed (communication preferences, accessibility requirements). Moderate: enhanced handling required (financial difficulty, recently bereaved, language barriers). High: specialist intervention needed (acute mental health crisis, cognitive impairment affecting decision-making, coercive control). Critical: senior oversight and safeguarding protocols. The framework must be practical enough for frontline staff to apply consistently — whether that staff member is a branch adviser, a contact-centre agent, a claims handler, or a relationship manager.
Proportionate routing
Each severity level has a defined response pathway. Low-impact cases are handled within standard processes with documented adjustments. Moderate cases are flagged in the customer record and handled by trained staff with enhanced protocols. High-impact cases are escalated to specialist teams. Critical cases trigger senior oversight and, where appropriate, external referral. Routing logic should be embedded in systems, not left to individual judgement — so that the customer in financial difficulty contacting collections, the bereaved beneficiary contacting a life insurer, and the retiree contacting a wealth platform all encounter a response calibrated to their need rather than to who happened to pick up the phone.
Cross-channel continuity
Vulnerability flags must travel with the customer across channels and over time. A customer who discloses financial difficulty on a call should not have to re-disclose when they contact the firm digitally, when they apply for an additional product, when their fixed term renews, or when they trigger any subsequent servicing event. The flag, the severity level, and the prescribed response must all persist.
Classification review
Vulnerability classifications should be reviewed rather than treated as permanent. Circumstances change: a customer in acute crisis may recover; a customer with a minor adjustment need may develop more complex requirements; a wealth client showing early cognitive decline may move into a phase where decision-making capacity is materially affected. The operating model includes a defined cadence for reviewing and updating classifications.
- Outcome data shows comparable results across vulnerability severity levels — critical cases receive materially more support and achieve outcomes equivalent to low-complexity customers
- Vulnerability flags persist accurately across channels without requiring customer re-disclosure
- Triage classification consistency is measurable across agents, channels, and time — with calibration exercises to maintain standards
- The firm can report to the FCA on outcomes segmented by vulnerability type and severity, not just as an aggregate vulnerable/non-vulnerable comparison
- A retail bank reviewed its arrears process and found that customers in genuine financial crisis were receiving the same template letters, call cadence, and pressure profile as customers with a single missed payment. All flagged accounts routed to the specialist financial difficulty team, which had a 14-day response backlog. The bank introduced a four-tier severity framework: low (single missed payment, no disclosed difficulty) handled within standard collections with longer call windows; moderate (recurring missed payments, disclosed financial pressure) handled by trained agents with hardship-trained protocols and pre-authorised forbearance options; high (acute crisis, mental health disclosure, coercive control indicators) routed to specialist case managers; critical (suicidal ideation, safeguarding concerns) triggering senior oversight and external referral pathways. After the change, specialist team caseload dropped by more than half, average response time for high-severity cases fell from 14 days to under 48 hours, and the customer satisfaction gap between low- and high-severity cohorts closed materially. The FCA's multi-firm review of retail banks' treatment of vulnerable customers cited graduated severity routing as a marker of strong implementation.
- A wealth manager tracked outcomes by vulnerability severity tier and found that clients in the moderate tier — those experiencing bereavement, divorce, or early signs of cognitive change — had materially worse outcomes than both low- and high-tier clients. Low-tier clients needed only minor accommodations and the standard advice process worked. High-tier clients received specialist support through a dedicated vulnerable-client team. Moderate-tier clients fell between the two: too complex for the standard adviser model, not yet complex enough for specialist referral, and at material risk of unsuitable drawdown decisions or pension consolidation choices made under pressure. The firm created a trained adviser pathway for the moderate tier — relationship managers with additional vulnerability training, mandatory cooling-off periods on irreversible decisions, and extended time allowances — and moderate-tier suitability complaints fell sharply within two quarters. The FCA's research on vulnerability in wealth and retirement contexts identifies exactly this cohort — clients facing cognitive decline approaching or during drawdown — as requiring fundamentally different routing from younger investors with temporary stress.
Common failure modes
The most significant failure mode is building the triage architecture as a compliance layer that sits alongside existing processes rather than being embedded in them — producing a parallel system that frontline staff bypass because it adds friction. A second is treating the severity framework as fixed at implementation: vulnerability types and their operational implications evolve, and the framework must be maintained as a live tool. A third is measuring triage success by classification volumes rather than by outcome quality: the purpose of the triage is not to categorise customers but to ensure they receive the right response. A fourth, particularly visible in firms reporting implausibly low vulnerability rates, is allowing the absence of disclosure to be read as the absence of need — when in reality it signals a triage system the customer cannot see or trust.

Related Patterns

The Human Moment

Declining with Dignity

The Hidden Market

Reading the Room

Designed for the Edges

Evidence & Supporting Facts

Only 39% of firms have formal senior governance for vulnerable customer outcomes, and 49% of wealth managers report zero vulnerable clients — a statistical impossibility that points to absent or unworkable triage architecture

The Consumer Support outcome requires support that is appropriate to the customer's circumstances — implying graduated response, not uniform treatment

The FCA requires firms to monitor outcomes specifically for vulnerable cohorts — which requires a classification system sophisticated enough to make those cohorts meaningful and comparable

Vulnerable customers are 32% more likely to report receiving inadequate information where multiple vulnerabilities are present — suggesting that severity matters and uniform treatment misses it

AI Automation Lens

Machine learning can support triage classification by scoring incoming vulnerability signals against severity criteria automatically, reducing cognitive load on frontline staff and improving classification consistency across channels. Natural language processing applied to case notes, call transcripts, and digital chat logs can surface customers whose vulnerability may have escalated since their initial classification, prompting proactive review rather than waiting for deterioration to become visible. Predictive models can identify customers at risk of moving from low to high severity based on behavioural patterns — payment irregularities in banking, engagement drop-off in wealth, repeated calls in any servicing context — enabling preventive intervention before the next crisis point.