Read the findings of our review into firms’ approaches to completing the first annual Consumer Duty Board report.
Summary
The Consumer Duty[1] sets high and clear standards of protection for retail customers across financial services. The Duty came into force on 31 July 2023, and on 31 July 2024 for closed products and services.
To support effective embedding and implementation of the Duty, firms have asked us to more regularly publish thematic best practice and areas for improvement. This report is being published so that everyone can learn and improve.
This report sets out the results of a targeted and thematic review that we carried out on the first annual Consumer Duty board reports from 180 firms. Under the Duty, a firm must prepare a report for its governing body setting out the results of its monitoring of consumer outcomes and any actions required as a result of the monitoring.
We recognise that every firm’s Board report will be different. The examples of good and poor practice below are not intended to be prescriptive in terms of what board reports must contain – they are being shared to enable firms to decide for themselves how to improve the board oversight and board reporting processes in the next year of embedding the Consumer Duty.
This report does not repeat the detailed standards expected under the Duty – albeit where appropriate we have referenced existing rules and Guidance documents for ease of reference.
Overall Findings
The best reports were structured in a way that made them easy for their boards to scrutinise the key elements that the rules and guidance suggest they should cover.
Smaller firms
We want all smaller firms to feel confident in delivering the Duty. The Consumer Duty rules and guidance should be interpreted in light of what is reasonable in the circumstances, taking into account the size, activities and available resources of a firm.
We found areas of good practice from firms of all sizes, including those with fewer than 10 employees. As such, much of the good practice and areas for improvement cited here applies to firms of all sizes. All firms should be able to monitor customer outcomes, take actions and implement a business strategy that aligns with the Duty to ensure those outcomes are good.
However, we know that smaller firms have different challenges. We have set out suggestions for how smaller firms might meet our requirements below and are open to considering more targeted work where that would be beneficial. We will continue to engage with our Smaller Business Practitioner Panel and other smaller firm stakeholders.
To summarise:
Our methodolgy
We reviewed reports from 180 firms from across the retail banking, wholesale, insurance, payments, consumer investments and consumer finance sectors. Our sample included a range of small, medium and large firms with a range of business models, to help us understand their differing approaches. This included larger firms with dedicated supervisory support, as well as 55 smaller firms (some of which have less than 10 employees) to provide us with insights into the particular challenges faced by smaller firms.
As well as the reports themselves, we requested any supplementary information provided to the board (or equivalent governing body) to enable them to conduct their assessment, along with minutes where applicable.
Whilst the structure of a board report is for each firm to decide, we wanted to find a consistent way of looking at the content in the reports. We have examined the content of the reports based on the expectations laid out in our rules and guidance, rating them in the following areas: governance and oversight, culture and people, products and services, price and value, consumer understanding, consumer support, vulnerability, third parties (where applicable), data strategies, closed products and services (where applicable), action plan, and a rating for the overall assessment.
This broad sample has enabled us to draw out a wide range of good and poor practices that should be useful to all firms, regardless of sector and size, in producing their future reports. We have, however, drawn out points that are specific to smaller firms where relevant.
What we found
We have set out the below sections under four headings: Report Governance; Monitoring and Outcomes; Actions taken to comply with Duty obligations; Future Business Strategy. These are structured in line with the requirements set out in our rules and guidance and each section begins with a relevant extract that summarises our expectations.
Throughout, we accompany good practice and areas for improvement with examples from the reports reviewed in our sample. Firms should note that these are illustrative only and are intended to facilitate understanding of the broader points. How firms implement these findings in their own reports will depend on their business and circumstances.
Report Governance
Requirements
The Consumer Duty rules (PRIN 2A.8.3-5R) require firms to prepare a report for its governing body setting out the results of its monitoring under PRIN 2A.9 and any actions required as a result of the monitoring. Firms are also required to take certain procedural governance steps. At least annually, the governing body of a firm must:
- review and approve the report
- confirm whether it is satisfied that the firm is complying with its obligations under the Duty
- assess whether the firm’s future business strategy is consistent with its obligations under the Duty
- agree any required actions when approving the report
It should be clear that these steps have been followed for each report.
Good Practice
Clear processes for production of the report
It was clear some reports had been produced over a sufficient time period to allow for relevant business areas, forums, and committees to be involved in the production of the report. Positive evidence included:
- Clear input of key business areas into the analysis including departmental updates.
- Evidence of the full involvement of 2nd line of defence (2LOD) and 3rd line of defence (3LOD), including independent assessments from both lines, giving the firm’s governing body assurance about the content and conclusions of the report.
Challenge from the board
Some reports included details of board challenge either in the report itself or associated minutes. For example:
- Submissions showed requests from the board for further information to demonstrate compliance with the 4 outcomes. Examples included more information on target markets (Products and Services) and detail on a firm’s user research testing (Consumer Understanding).
- Challenge to provide a clear plan to address issues involving customers with characteristics of vulnerability that a board member did not believe would be adequately resolved under current plans. It was clear that an action to deal with this challenge was allocated to a senior member of the management team.
One firm included a tracker which showed requests made by the board throughout the preceding year. This tracker included the rationale on data thresholds and progress on actions designed to address poor outcomes.
In FG22/5[2], we said that we expect firms to have a champion at board (or equivalent governing body) level. Good reports evidenced the positive influence of the Consumer Duty Board Champion, who should be a key stakeholder, particularly for this first report. Some firms included statements from the Board Champion, detail on their responsibilities, and their involvement in reviewing changes made over the course of the year.
Areas for improvement
Business input into production of the report
In some cases, reports appeared to be produced almost solely by Compliance teams or a dedicated Consumer Duty function. This risks the report missing the scrutiny and input of key stakeholders with subject matter expertise and risks business ownership of any identified issues.
Key Areas for Change
Reports should be produced with the involvement of, and input from, relevant business areas, forums and committees. This ensures the board is not the sole layer of approval and that other stakeholders with subject matter expertise have been able to provide scrutiny. The report as a whole should bring together relevant data and insights on retail market activities to assess whether customers are receiving good outcomes.
Effective challenge is essential for the board to ensure that the report evidences the firm’s compliance with its obligations under the Duty. The board should not be seen simply as a ‘rubber stamp’ for the report.
Smaller Firms
We are aware that governance considerations differ considerably between firms depending on scale. The smallest firms will lack dedicated compliance and audit functions as well as boards, so observations above regarding e.g. 2LOD and 3LOD may not be applicable. We said during our Consumer Duty webinar in December 2023 that smaller firms might consider asking a ‘critical friend’ with sufficient understanding of the Duty to provide impartial feedback on a firm’s approach and report.
Monitoring and Outcomes
Requirements
The assessment should include the results of monitoring to assess:
- whether products and services are delivering the expected outcomes in line with the Duty
- any evidence of poor outcomes, including whether any group of customers is receiving worse outcomes compared to another group
- an evaluation of the impact and root cause
Good Practice
Good quality data
Some firms effectively used a range of quantitative and qualitative data from internal and external sources, including comparator and benchmarking data in their reports, covering each of the 4 outcomes. Good reports accompanied this with clear commentary, drawing conclusions based on the data and explaining risks identified across the business.
For example:
- We saw firms include data on complaints as well as the source and root cause analysis of any upward or downward trends. Some reports were able to link trends to events such as technical incidents, changes to complaint handling processes[3], and changes to the sales strategy.
- Similar practice was seen with call abandonment rate data that was used often used by firms. One firm identified a monthly increase was due to reduced resource at a time of fluctuating demand and linked this to an action to review its resource modelling.
- Where appropriate, reports included consideration of Financial Ombudsman Service (FOS) decisions and feedback when assessing foreseeable harm and making improvements.
Some reports detailed what constituted a good outcome for customers, providing opportunity for review by the governing body. One firm broke down good outcomes in their report by providing a series of positive statements from the customer point of view, alongside the MI that was being used for monitoring and any planned actions.
Some reports included evidence of poor outcomes customers were experiencing such as products which provided poor value compared to those of competitors and indicators of risk that products may not work as intended in future. A key aspect of the Duty is that this be accompanied by associated actions to address the issues. More detail on such actions is included in the next section.
Some reports clearly showed how the firm had identified gaps in the firm’s data and set out clear improvement plans to better monitor customer outcomes. We understand that firms will continue to grow and develop their data strategies over time. The best reports showed that firms have a clear grip on what their data does and doesn’t tell them about customer outcomes, together with a plan to address any material gaps.
Price and Value
We saw several effective ways of presenting data and analysis for the Price and Value outcome, highlighting the firms’ key considerations when making assessments and examples of how it worked in practice.
- A retail bank provided summarised data in the Price & Value section of its report covering complaints about fees and charges, net promoter scores, and customer perceptions of value compared to competitors.
- Some firms showed in their report how they had considered the levels of fees against costs of providing a product to illustrate they were providing Fair Value. For example, a consumer finance firm calculated how its fee charged to customers that have defaulted on their payments compared with the cost the firm incurred from default activities.
Analysis of different customer types, including those with characteristics of vulnerability
Some reports showed how their monitoring approach allowed them to track whether different groups of customers, including those with characteristics of vulnerability, were receiving different outcomes.
For example:
- Some firms illustrated how they were identifying customers in vulnerable circumstances, including employing specialist teams who used the TEXAS (Think, Explain, eXplicit consent, Ask, Signpost) model to identify potential vulnerability and offering multiple ways for customers to self-disclose their vulnerabilities.
- One firm demonstrated its use of data to proactively detect if customers may be at risk of developing vulnerabilities, such as detecting income shocks.
Comprehensive view across distribution chains
Some reports gave a clear overview of the firm’s third-party relationships and described the processes in place to ensure relevant information was shared and received across the distribution chain.
- One insurance firm referenced its repeated monitoring of third-party administrator (TPA) calls with dates and ratings provided.
- The same insurance firm also described foreseeable harms customers could suffer in certain circumstances and early indicators of TPAs not running their processes correctly. This included delayed reports and payments to policyholders.
- One investment firm referenced its use of the industry developed Distribution Feedback Template (DFT) to share sales data with c. 260 asset management companies.
Areas for improvement
Clear outcomes focus and data quality
Some reports failed to give clear definitions of good outcomes across different products and services that could be tested against the available MI. Linked to this, some reports failed to include thresholds that were being used to monitor MI. Instead, they relied on high-level claims such as ‘products are designed to meet the needs of the target market’. In some instances, RAG ratings and thresholds were stated. However, reports often failed to provide well-reasoned justifications for setting thresholds for MI indicators at certain levels.
The results of monitoring in some reports did not provide assurance that adequate data strategies were in place to effectively track customer outcomes.
For example:
- Some firms included limited references to the types of data they were using and showed an imbalance between the use of qualitative and quantitative metrics. One firm mentioned that it had analysed investor feedback, but it wasn’t clear if any assessment had been carried out beyond this or what the strategy was going forward.
Key Areas for Change
While firms may sometimes not find it possible for the governing body to carry out an exhaustive review of expected outcomes for all products and all customer groups, illustrative examples would be useful.
In order that boards can effectively monitor implementation of the Duty, they must have sufficient reporting to help them assess whether products and services are delivering outcomes in line with the Duty. We did not see this evidenced in some of the board reports we reviewed.
Providing the rationale for setting MI thresholds at certain levels would allow boards to assess whether these thresholds reasonably reflect the boundaries between good and poor outcomes for customers. Such reasoning might include baselining against past levels or explanations of the differing outcomes firms would expect customers to experience either side of a given threshold.
Products and Services
Firms often failed to provide the board with much information on target markets, not providing detail on how they were determined or overviews of target markets for some of their main products and services. Better reports gave profiles for customers that fell into the target market cohorts, showing the board how they were receiving good outcomes.
Comprehensive view across distribution chains and Consumer Support
Some reports did not include evidence that good outcomes were being delivered through outsourced consumer support. Firms cannot delegate any part of their responsibilities under the Duty to third parties, meaning they are responsible for ensuring the support provided meets the Duty standard (FG/22-5 paragraphs 9.40-9.41). As such, some examples/analysis of the information being passed across the distribution chain that allowed firms to monitor if customers were receiving good outcomes would help provide assurance to the board.
Analysis of different customer types, including those with characteristics of vulnerability
Some firms did not include analysis from their fair value assessments that would enable the board to conclude that all groups of customers, including those with characteristics of vulnerability, were receiving fair value.
Some firms presented limited results showing data related for customers with different characteristics of vulnerability, sometimes treating it as a ‘catch all’ category rather than assessing the specific needs of certain groups of customers.
Some firms made statements and drew conclusions about the outcomes they were delivering that did not seem to align with the provided MI.
For example:
- A firm gave a detailed description of its work to support customers with characteristics of vulnerability while the MI indicated than fewer than half were receiving good outcomes.
- Another firm showed a similar issue, with continued high FOS uphold rates.
Smaller Firms
We recognise that smaller firms may lack the sophisticated data strategies of larger firms and be more limited in the range of MI they can access. This will include monitoring of different groups of customers, including those with characteristics of vulnerability as in some instances firms may only encounter a single customer with a specific need. All firms, however, should be able to use data to come to a reasonable conclusion on whether their customers are receiving good outcomes.
Two important metrics, for instance, that should be available to most firms are general customer feedback and complaints, the latter of which can be particularly insightful when coupled with effective root cause analysis[3]. Data could also be drawn from external sources such as the Financial Ombudsman Service. Firms should be able to use this data in their reports to consider qualitative issues and case studies on individual or small groups of customers.
Actions taken to comply with Duty obligations
Requirements
The assessment should include: overview of actions taken to address any risks or issues.
These reports are expected to promote discussion and accountability around embedding the Duty. Suitable evidence and MI are a key part of this process and the examples given here should support firms in the production of their next report. Given that we expect the Duty to have now been fully implemented, the next report may well include less information on actions related to initial implementation.
Good Practice
Good quality data
Some reports explained changes that have been made to the firm’s data collection to improve its monitoring abilities and to mitigate the risk of undetected issues. For example, 1 firm explained how it had added QR codes to its paper communications to increase the amount of customer feedback received.
Taking effective action
Reports often provided specific illustrative examples to assure their boards that action had been taken to address risks and issues. Good reports provided an evaluation of the effectiveness of these actions. This applies to firms in all sectors and of all sizes.
For example:
- We saw reports where firms gave examples of assessments which concluded that a product or service was not meeting customer needs and were therefore removed from sale. Some also included examples of changes made to the customer journey or products themselves to maximise value for the customer.
- Firms illustrated they had taken action to address Price & Value concerns by either reducing prices or increasing benefits to customers. Examples included an insurance firm making an optional add-on standard in line with competitors and a retail bank increasing interest rates on some savings accounts. A wealth management firm removed minimum fees from certain product lines and reduced those charged on others for portfolios below a certain amount.
Analysis of different customer types, including those with characteristics of vulnerability
It was positive to see firms provide specific examples in their reports of actions they had taken to address risks of delivering poor outcomes to customers with characteristics of vulnerability, with an evaluation of the effectiveness of those actions.
For example:
- One firm provided details of the increase in vulnerability disclosures customers had made following changes to make this process easier. This included an increased proportion of customers making such disclosures through the firm’s mobile app.
- Several firms described how they had introduced British Sign Language communications, with one including an assessment of early results that suggested it was a success and was experiencing increased demand.
- Some firms gave examples of how they had provided flexible solutions to help customers with particular needs. One firm described how it was able to use existing data to bypass a usual requirement for a written submission from a customer who had lost the use of their hands. Additionally, a note was made on file so they could access this solution in future.
Consumer Support
Some reports provided a comprehensive view of the firm’s approach to the consumer support outcome with details of positive actions taken since the Duty’s introduction.
For example:
- Details were given on the improvements made to training frontline staff who have direct interaction with customers.
- Some firms explained how they had improved the functionality of their systems to allow customers to select contact preferences.
- One firm explained how it had channelled processes for account management queries, reducing customer wait times for basic servicing requests and reducing unnecessary negative friction (‘sludge’).
Beyond these individual examples, good reports were linked by their ability to assure the board that they had taken effective action to resolve issues and manage risks, supported by a variety of metrics from their monitoring.
Consumer Understanding
Good reports supported their claim to be meeting their consumer understanding obligations by including results of positive actions they had taken over the year.
For example:
- One retail bank included a side-by-side comparison of how its communications had changed following reviews through its new framework.
- One firm explained how an external organisation had reviewed its online logged in sections and public-facing website, being awarded seals of excellence for readability, website navigation, functionality, design, accessibility, and audience suitability.
- One debt advice firm outlined its approach of partnering with external groups to improve its communications. This included simplifying its webform asking for debt help, resulting in a 13% increase in the number of people starting the form that go on to submit.
- One firm included data on the percentage of customers that had taken the expected action after viewing a personalised video helping them to understand their product statement.
We understand some larger firms will have thousands of communications. In some cases, to assure their board of compliance with this outcome and that they have a plan, firms summarised the extent of their assessments for the highest priority communications. For example, 1 large retail bank explained it had reviewed more than 650 operational and servicing communications, finding that 99% required changes. Some firms accompanied their summarised data with illustrative case studies which helped provide clarity for the board.
Closed Products and Services
The Duty came into force for closed products and services on 31 July 2024. Where relevant, it was positive to see some firms had carried out reviews and given the Board an overview of actions taken to ensure compliance.
For example:
- One firm sought approval from its board for additional funding to remediate harm following an Internal Audit report. This plan was clear in terms of purpose, actions and timescales.
Areas for improvement
Taking effective action
Some reports outlined issues that had been identified but did not provide assurance that there was a clear plan to resolve the issues.
Some reports stated that actions had been taken but provided little or no evidence to confirm that the remediation had been effective.
Analysis of different customer types, including those with characteristics of vulnerability
Often reports failed to assure the board that actions had been taken to address issues faced by consumers with specific characteristics of vulnerability. In one case, a larger firm only fleetingly mentioned vulnerability in its report, making no mention of any tangible changes that had been made as a result of its new approach.
Some reports also made no mention of characteristics of vulnerability factoring into their assessments of closed products.
Smaller Firms
We would expect all firms to be able to identify actions to ensure they were meeting their obligations under the Duty and evidence their effectiveness. Given their limited resource, it’s understandable smaller firms may have taken fewer actions over the course of the year and the MI used to measure effectiveness may be limited, as is laid out in the ‘Monitoring and Outcomes’ section of this publication.
Where issues have been identified, external experts, where available at proportionate cost, can be helpful in advising on effective action. In some cases, the flexibility of smaller firms may even allow them to offer more tailored support to individual customers to ensure they receive good outcomes.
Future Business Strategy
Requirements
The assessment should include: how the firm’s future business strategy is consistent with acting to deliver good outcomes under the Duty.
Good Practice
Strategic Change
We saw examples of firms incorporating the Duty into their business strategy and purpose, including details of amendments made to build in the Duty outcomes. Good reports demonstrated how the strategy would ensure customers received good outcomes in the future.
A focus on culture throughout the firm
Reports often referenced how firms had undertaken people initiatives to ensure the Consumer Duty was embedded in the culture of the firm.
For example:
- Reports provided data on the number or proportion of staff that had completed training on Duty-related outcomes, including vulnerability-specific training.
- Reports described how firms had set a positive ‘tone from the top’, demonstrating that senior leaders were committed to the Duty and have promoted its importance, including commentary from business heads discussing the changes made in their area.
- Some reports recognised the importance of ensuring remuneration practices and performance management are consistent with the Duty, explaining how associated requirements had been fed into executive scorecards. One retail bank stated that every employee now had an objective related to consumer outcomes.
Governance and Analysis of different customer types
Many firms outlined new governance structures that were in place to ensure ongoing compliance with the Duty. This included various forums and committees aligned to the 4 outcomes. Several of these new bodies were also committed to monitoring outcomes for customers with characteristics of vulnerability.
Taking effective action
Some reports contained plans with actions that are specific and measurable, have a clear owner/accountable executive and a delivery plan which is tracked through appropriate governance channels.
Products and Services
Firms often made reference to their product governance structures, highlighting changes that had been made since the Duty’s implementation and explaining how these would allow the firm to deliver good outcomes going forward.
This usually included details on how they had established new committees aligned to the 4 Duty outcomes. Sometimes charts were included to show how these new bodies fitted into existing structures and processes.
Evidence of approval for process changes from 2LOD were provided in some cases.
Analysis of different customer types, including those with characteristics of vulnerability
Some firms included proposed actions in their report that were meaningful in addressing consumer outcomes and which could produce measurable success in improving outcomes for customers with characteristics of vulnerability.
Some firms’ reports set out their approaches to quality assurance and associated results in their reports to measure the effectiveness of the firm’s vulnerability framework. For example, 1 firm stated that quality assurance is conducted on at least 20 cases per month relating to customers who either self-identified as vulnerable or were defined as such by customer care teams.
Areas for improvement
Strategic Change
Reports sometimes stated that their future business strategy was aligned with the principles of the Duty but gave no detail on any review of the strategy or if any changes were needed to ensure alignment.
Taking effective action
Some reports outlined future actions but did not provide assurance that there was a clear plan to resolve the issues identified.
For example:
- Some actions lacked owners and timescales, risking inaction over issues that could result in poor outcomes for customers.
A focus on culture throughout the firm
Some reports referenced that the firm’s culture was compatible and aligned with the Consumer Duty but didn’t provide any evidence to support this. Examples of the types of evidence provided by other firms included details on staff training and remuneration and performance management practices.
Smaller Firms
While we wouldn’t expect the smallest firms to replicate the practices here which concern extensive governance structures, a positive culture that aligns with the principles of the Duty should be evident in firms of all sizes. As mentioned in the ‘Monitoring and Outcomes’ section, it’s understandable that smaller firms may encounter fewer customers with different specific needs. This may mean extensive policies and structures dedicated to these customer segments is unnecessary but learning and recording the lessons learned during these transactions will help the firm ensure it delivers good outcomes going forward.