The Vulnerability Triage

Consumer Support + Products & Services

Consider All Customers

Operating Model

All Sectors

Most firms have a vulnerable customer policy. Far fewer have a vulnerable customer operating model. The policy describes intentions; the operating model is what actually happens when a customer with complex circumstances moves through processes, interacts with staff, or reaches a moment where standard treatment will produce a poor outcome. Only 39% of firms have formal senior governance for vulnerable customer outcomes. The gap between policy and practice is where harm accumulates.
The structural move is to build a triage architecture that classifies vulnerability by impact severity and routes customers to proportionate responses. Note: this pattern’s breadth may warrant decomposition into sub-patterns as implementation matures:
Severity classification
Vulnerability signals are assessed against a practical severity framework. Low-impact: minor adjustments needed (communication preferences, accessibility requirements). Moderate: enhanced handling required (financial difficulty, recently bereaved, language barriers). High: specialist intervention needed (acute mental health crisis, cognitive impairment affecting decision-making, coercive control). Critical: senior oversight and safeguarding protocols. The framework must be practical enough for frontline staff to apply consistently
Proportionate routing
Each severity level has a defined response pathway. Low-impact cases are handled within standard processes with documented adjustments. Moderate cases are flagged in the customer record and handled by trained staff with enhanced protocols. High-impact cases are escalated to specialist teams. Critical cases trigger senior oversight and, where appropriate, external referral. Routing logic should be embedded in systems, not left to individual judgement
Cross-channel continuity
Vulnerability flags must travel with the customer across channels and over time. A customer who discloses financial difficulty on a call should not have to re-disclose when they contact the firm digitally, at renewal, or during a claim. The flag, the severity level, and the prescribed response must all persist
Classification review
Vulnerability classifications should be reviewed rather than treated as permanent. Circumstances change: a customer in acute crisis may recover; a customer with a minor adjustment need may develop more complex requirements. The operating model includes a defined cadence for reviewing and updating classifications
- Outcome data shows comparable results across vulnerability severity levels — critical cases receive materially more support and achieve outcomes equivalent to low-complexity customers
- Vulnerability flags persist accurately across channels without requiring customer re-disclosure
- Triage classification consistency is measurable across agents, channels, and time — with calibration exercises to maintain standards
- The firm can report to the FCA on outcomes segmented by vulnerability type and severity, not just as an aggregate vulnerable/non-vulnerable comparison
- A general insurer implemented a four-tier vulnerability triage and discovered that 65% of its flagged customers fell into the lowest severity tier — requiring only communication adjustments that could be handled within standard processes. Before the triage, all flagged customers were routed to the specialist team, which had a 12-day response backlog. After triage, the specialist team’s caseload dropped by two-thirds, average response time for high-severity cases fell from 12 days to 2, and low-severity customers received their adjustments immediately rather than waiting for specialist review.
- A life insurer tracked outcomes by vulnerability severity tier and found that customers in the moderate tier (financial difficulty, bereavement) had materially worse claims outcomes than both low-tier and high-tier customers. Low-tier customers needed only minor adjustments and the standard process worked. High-tier customers received specialist support and achieved good outcomes. Moderate-tier customers fell between the two: too complex for standard handling, not complex enough for specialist referral. They created a trained handler pathway for the moderate tier — agents with additional training and extended time allowances but without specialist team involvement — and moderate-tier outcomes improved to match the rest of the book.
Common failure modes
The most significant failure mode is building the triage architecture as a compliance layer that sits alongside existing processes rather than being embedded in them — producing a parallel system that frontline staff bypass because it adds friction. A second is treating the severity framework as fixed at implementation: vulnerability types and their operational implications evolve, and the framework must be maintained as a live tool. A third is measuring triage success by classification volumes rather than by outcome quality: the purpose of the triage is not to categorise customers but to ensure they receive the right response.

Related Patterns

Declining with Dignity

The Hidden Market

Reading the Room

Evidence & Supporting Facts

Only 39% of firms have formal senior governance for vulnerable customer outcomes

The Consumer Support outcome requires support that is appropriate to the customer’s circumstances — implying graduated response, not uniform treatment

The FCA requires firms to monitor outcomes specifically for vulnerable cohorts — which requires a classification system sophisticated enough to make those cohorts meaningful and comparable

Vulnerable customers are 32% more likely to report receiving inadequate information where multiple vulnerabilities are present — suggesting that severity matters and uniform treatment misses it

AI Automation Lens

Machine learning can support triage classification by scoring incoming vulnerability signals against severity criteria automatically, reducing cognitive load on frontline staff and improving classification consistency across channels. Natural language processing applied to case notes and call transcripts can surface customers whose vulnerability may have escalated since their initial classification, prompting proactive review rather than waiting for deterioration to become visible. Predictive models can identify customers at risk of moving from low to high severity based on behavioural patterns, enabling preventive intervention.