Category: Compliance & AML · Reviewed by Simon Temme, Account Executive · Last reviewed June 2026
Customers who, due to their personal circumstances, are especially susceptible to harm — particularly when a firm is not acting with appropriate levels of care — covering the four drivers of vulnerability: health, life events, resilience and capability.
A vulnerable customer is a customer who, due to their personal circumstances, is especially susceptible to harm in their interactions with financial services firms. The concept is central to FCA conduct policy and embedded in PRIN 2A (the Consumer Duty), FG21/1 (the vulnerability guidance) and the wider conduct framework.
FCA Handbook, PRIN 2A and the cross-cutting rules. FCA Finalised Guidance FG21/1 (Guidance for firms on the fair treatment of vulnerable customers, February 2021). The Consumer Duty operates with regard to vulnerability throughout.
The four drivers of vulnerability are: (1) Health — physical or mental health conditions that affect the ability to engage with financial services; (2) Life events — bereavement, redundancy, divorce, relationship breakdown, caring responsibilities; (3) Resilience — low ability to withstand financial or emotional shocks; (4) Capability — low knowledge, confidence or skills relating to financial services. Vulnerability can be permanent or transient, visible or hidden, declared or undeclared. Firms must understand their customer base, identify likely vulnerability indicators, train staff, design products and journeys with vulnerable customers in mind, and monitor outcomes.
Vulnerability does not equal the Data Protection Act 2018 concept of special category data, though some indicators (e.g. health data) overlap. The FCA’s expectation is that firms operate a vulnerability-aware approach throughout the customer journey, not only when a customer self-discloses.
Apex’s vulnerability framework includes staff training on the four drivers, conversation prompts that allow customers to disclose relevant circumstances, system flags for known vulnerability indicators (with consent for any DPA Article 9 data processing), escalation routes for staff who identify potential vulnerability, and outcome monitoring (MI on complaint rates, claim outcomes, premium payment patterns) segmented by vulnerability flag.
FCA Finalised Guidance FG21/1 (Guidance for firms on the fair treatment of vulnerable customers). FCA Handbook, PRIN 2A. FCA Policy Statement PS22/9.
By Matt Bartlett, Director, on 2026-06-11.
This entry is part of the Apex Insurance Wiki. Last reviewed by Matt Bartlett on 2026-06-11. Apex Insurance Brokers Limited, FCA FRN 724952, Companies House 07014570. Not regulated advice — consult your broker on your specific position.
Apex Insurance Brokers serves UK professional services firms and commercial businesses. Call 0117 325 0027, email hello@apexinsurancebrokers.co.uk, or request a quotation.
Get a quote