Skip to main content

Conduct

Financial Services Internal Audit Planning Priorities 2022

Back to Financial Services Internal Audit: Planning Priorities 2022

Below we highlight new areas relevant to Internal Audit but also those areas we believe will have greater focus in 2022. We hope this informs your 2022 planning and assurance approach.

5.1 Consumer Value for Money
 

Why is it important?

 

The Financial Conduct Authority (FCA) has always been focused on ensuring that products and services are delivering fair outcomes for consumers. The FCA has undertaken several market studies in this regard within the Asset Fund Management (June 2017) and General Insurance (September 2020) sectors and this work is set to continue with the Regulator expanding the focus into the Retail Banking, Mortgage Intermediary and Later Life Markets during 2021. This growing emphasis on value for money has been accompanied with a sharper focus on firms’ business models and overall purpose, with particular focus on whether the success of the business model and product strategy is driven by inadvertent unfair consumer treatment and/or consumer misunderstanding or inertia. Given the clear focus of the Regulator on Value for Money within ongoing supervisory activity, it is important that Internal Audit teams are considering focused assurance activity over the risk and control framework that covers Value for Money as part of the ongoing assurance that they provide to senior Management and the Board.

 

What’s new?

 

  • The FCA issued ‘Dear CEO Letters’ in October 2020 within the Retail Banking, Mortgage Intermediary and Later Life Markets regarding the fees and charges that consumers are paying for the services they are provided and whether consumers understand the fees and charges they are paying and the impact of adding any such fees to the loan.
  • The FCA has also raised concerns that the impact of COVID-19 may exacerbate the risk of unsuitable advice within the Mortgage Market, particularly if consumers seek to address any short-term financial pressures caused by the crisis without understanding longer-term implications. This issue also applies across the high-cost short-term credit sector where consumers may find themselves locked out of the mainstream credit market and seek to use the services of a high-cost short-term credit provider to cover for any gaps in their income
  • The FCA has also launched a consultation paper in the Pensions sector, designed to promote Value for Money for the members of workplace personal pension schemes. These proposals aim to make it easier for Independent Governance Committees (IGCs) and Governance Advisory Arrangements (GAAs) to compare the Value for Money of pension products and services, enabling them to be more effective in assessing value for pension scheme members. ​

 

What should Internal Audit be doing?
 

Area of Focus

Fee charging models & product pricing

Description

The majority of firms will use models to determine the fees and charges associated with their advice and products. Internal Audit teams should be assessing the inputs into these models and determining whether firms’ pricing models and business strategies are designed to provide fees and products that are not considered excessive and are based on the operational costs associated with the administration of its products to consumers. Whilst the FCA has not provided any specific guidance regarding what is considered excessive, there is an expectation that firms will have clear systems and controls to evaluate and support pricing decisions and the rationale to support these decisions would be clearly documented and subject to regular review by an appropriate governance forum.

Suitable/fair customer outcomes ​

The FCA has identified that one of the key drivers of harm within the Mortgage Market and wider Credit Markets is the suitability of advice or suitability of products purchased by consumers. Exploratory work undertaken by the FCA has identified that some firms within the Mortgage Market have advised their customers to purchase an unsuitable product (defined as it not meeting their long term needs and circumstances) or where they were unable appropriately to evidence suitability. Internal Audit should focus their activity in this regard on the adequacy of design and operational effectiveness of Quality Assurance and Compliance Monitoring at firms to specifically focus on issues relating to the suitability of advice or product sales and how the root causes of any issues are remedied by Sales teams.

 

Product development framework

Internal Audit teams should be assessing the adequacy of design and operational effectiveness of Product Development Frameworks, from the initial new product design phase or an amendment to an existing proposition, all the way through to post sales monitoring (which will include the end of product life and replacement with a new product). The aim of the review is to ensure that product providers are designing products to meet the needs of an identified consumer target market and that products continue to perform as expected throughout the customer lifecycle. A firm’s product governance framework should enable them to identify and manage the ongoing risk of poor consumer outcomes, with a clear mechanism to ensure any systemic issues identified through ongoing monitoring can be addressed by senior Management.

 

 
Key contacts: Lyndsey Fallon and Stuart Batigan
 

5.2. Product Governance
 

Why is it important?

 

The Financial Conduct Authority’s (FCA’s) Product Governance rules (PROD) were implemented across the industry with considerable regulatory uncertainty and continue to pose challenges to firms who manufacture and distribute investment products. This uncertainty has resulted in many firms focussing on updates to, or the creation of, Product Governance policies and tactical solutions, with the strategic implementation of a robust Product Governance framework still in flight. Product Governance remains a key consideration of the Regulator and the FCA published findings from its ‘Markets in Financial Instruments Directive (MIFID) II product governance review’ in February 2021. The FCA has stated that asset managers and distributors should prioritise effective co-operation to address potential harm to consumers from poor product design. It is important that Internal Audit teams are considering product governance arrangements in the four main areas identified by the FCA as key findings: product design, product testing, distributors and governance and oversight.

 

What’s new?

 

  • The FCA’s MiFID II product review examined how firms, as product manufacturers, take the MiFID II product governance rules into account, particularly the interests of the end clients, throughout the product lifecycle.
  • The main findings suggest that some asset managers are not undertaking activities in line with the MiFID II PROD regime. In particular asset managers (i.e., manufacturers in this context) are finding it challenging to obtain information about end consumers from distributors. Due to data confidentiality and other commercial sensitivities, distributors rarely pass this information onto asset managers, hindering their ability to meet good practice on product governance.
  • The FCA also found that most asset managers in the sample had not considered a ‘negative target market’ (i.e. where a manufacturer has defined criteria for whom the product is not intended for) and that for several firms conflicts of interest's frameworks were not effective. ​
  • In some cases, cost information shown in marketing documents did not match the information in regulatory documents such as the Undertakings for the Collective Investment in Transferable Securities Directive (UCITs) Key Investor Information Document (KIID). ​
  • The FCA is likely to undertake further work in this area, which may include changes to product governance rules for asset managers, manufacturers and distributors. ​

 

What should Internal Audit be doing?
 

Area of Focus

Product design

Description

The FCA expect firms to identity, manage and mitigate potential conflict of interests (COI) when providing a service and state that just having a ‘COI framework’ is not sufficient. Internal Audit teams should therefore be focusing their activity in this regard on assessing the design and operating effectiveness of the firm’s COI framework to ensure that any potential COI are being managed appropriately and to establish whether the product approval process also considers COI. Not managing conflicts could be a breach of Senior Management Arrangements, Systems and Controls Sourcebook (SYSC) 10 and Principles for Businesses (PRIN) 8.

In addition, Internal Audit should undertake regular reviews of products to determine whether the target market is defined for all products, including an assessment of whether negative target market is captured. PROD requires asset managers to specify the type of clients the product is not compatible with—Internal Audit should also determine whether the risk/reward profile is consistent with the target market (PROD 3.2.10R).

 

Product testing ​

Internal Audit should consider whether all products are subject to regular review and should assess the appropriateness and robustness of the firm’s scenario and stress testing, including the operating effectiveness in order to ensure compliance with the PROD requirements (PROD 3.2.1R). As part of this, Internal Audit should consider who determines whether scenario testing is robust and whether this determination is suitable. Internal Audit should also undertake regular review cost and charges disclosures to ensure accurate information is captured.

 

Distributors

Due diligence allows asset managers to establish whether their distributors’ intended product recipients match the product’s target market. Failure to do so may result in investor harm. Internal Audit teams should be assessing the quality of management information (MI), whether product MI covers all elements of risk management and whether trigger events are identified.

 

Governance and oversight

Internal Audit teams should look to assess the adequacy of design and operational effectiveness of how the Second Line of Deference and product governance related Committees offer meaningful challenge. The FCA identified that this challenge is not always sufficient and the role of Second Line of Defence is often poorly defined. Internal Audit should determine whether the roles and responsibilities relating to product governance are clear and documented.

 

 
 
Key contact: Paul Fraser
 

 

5.3. Delegated Mandate Oversight
 

Why is it important?

 

On 30 June 2021, the Financial Conduct Authority (FCA) published their findings of the review of host Authorised Corporate Directors (ACD) firms. The aim of the review was to test the ‘viability of the host AFM business models and assess whether conflicts of interest were being effectively managed’. The review focused on governance, controls and monitoring by host ACDs including how they managed conflicts of interest (COI) in their relationship with Portfolio Managers. The FCA found significant failings and intends to keep a close watch in this area going forward with the potential use of section 166 Skilled Person reports to improve compliance. These reports will primarily consider the adequacy of firms’ governance, systems, controls and delegated third party manager oversight. For the firms in the host ACD review the FCA will review progress over next 12-18 months. The FCA also intends to conduct further work in this area to identify whether to make rule changes.

 

What’s new?

 

  • In August 2020 the European Securities and Markets Authority (ESMA) published a set of recommendations to the European Commission proposing changes to Undertakings for the Collective Investment in Transferable Securities Directive (UCITs) and Alternative Investment Fund Managers Directive (AIFMD) . The proposals aim to curb “extensive delegation arrangements” which “increase operational and supervisory risks”. Additional aims are to ensure that AIFMD and UCITs are applied to the management of applicable funds “irrespective of the regulatory licence or location of the delegate” and ensure that firms have EU operations of adequate substance.
  • The recent multi-firm review of host ACD firms found significant failings, and the FCA intends to keep a close watch in this area going forward. The FCA stated that host ACDs have “performed poorly” in the area of due diligence over delegates and funds. In terms of onboarding delegate investment managers, some firms have relied on informal conversations to assess proposals rather than following set procedures. This has resulted in firms not having the requisite level of detailed knowledge on the funds over which they would have responsibility.​
  • The recent multi-firm review of host ACD firms found significant failings, and the FCA intends to keep a close watch in this area going forward. The FCA stated that host ACDs have “performed poorly” in the area of due diligence over delegates and funds. In terms of onboarding delegate investment managers, some firms have relied on informal conversations to assess proposals rather than following set procedures. This has resulted in firms not having the requisite level of detailed knowledge on the funds over which they would have responsibility.​

 

What should Internal Audit be doing?
 

Area of Focus

Due diligence

Description

The FCA’s rules require ACDs to monitor the activities of delegate investment managers effectively by managing associated risks, having the necessary expertise and ensuring that unitholders are not subject to undue costs and charges. In our experience, it is important for ACDs to understand how a delegate’s policies apply to their mandate specifically, and what level of monitoring the delegate is doing on their mandate. We have seen some examples in the industry of firms placing an over-reliance on delegates’ attestations of compliance, or looking at policies and procedures only in a high-level and generic way. ACDs also need to consider delegates’ infrastructure and resilience, including business continuity plans (some of which have been tested during COVID-19). Internal Audit should review and assess the design adequacy and operating effectiveness of the due diligence processes and frameworks in place to ensure appropriate due diligence has been conducted.

 

Governance and oversight ​

It is important firms ensure key performance indicators and risk metrics are relevant to each fund’s strategy rather than being ‘one size fits all’. ACDs need sufficient expertise to be able to challenge the management information (MI) they are receiving from delegates. When considering how much expertise and resources an ACD needs, it is useful for Internal Audit to assess whether the ACD could oversee delegated funds effectively on a temporary basis if the delegation arrangement were to cease at short notice.

 

Skills and resources

At the point of selection for an underlying investment manager, there should be controls in place to confirm the investment manager has the skills, resources and capacities to run the mandate accordingly and controls in place to ensure this will be monitored by the ACD within expectations. Internal Audit should check that the ACD has the appropriate capabilities and expertise to understand the main risks in relation to the delegated fund or mandate.

 

Conflicts of interest

One of the challenges firms may face is navigating COI with competitors in the market who carry out similar exercises in setting up delegation arrangements. The FCA review found several firms were unable to show sufficient evidence that they had identified relevant conflicts of interests despite some being ‘obvious’, e.g. conflict between a fund’s investors and a sponsor whose fees are paid by the fund. Internal Audit should assess the effectiveness of the firm’s approach to COIs, giving due consideration to conflicts the FCA have asked ACDs to pay particular attention to, e.g. as noted above

 

 
Key contact: Paul Fraser
 

 

 

5.4. Customer Outcomes Testing
 

Why is it important?

 

Since 2006 when the Financial Services Authority ( the Financial Conduct Authority’s (FCA’s) predecessor) set out six customer outcome statements, outcomes testing has been a key component of conduct requirements. The FCA expects firms, through the Board and senior Executives, to assess and monitor the outcomes their customers receive.

Customer outcomes testing provides insights into the end-to-end customer journey from the customer’s perspective, and is used to identify instances of potential or actual customer harm requiring remediation. Firms should fully integrate customer outcomes testing within their conduct risk framework and identify customer outcome statements that support the conduct risk appetite statements. Metrics mapped against the customer outcome statements enable firms to evidence to the FCA that business activities are in line with these statements. These metrics perform a key role in driving the customer outcomes testing as they help flag key points of failure or concern within the customer journey.

 

What’s new?

 

  • In May 2021 the FCA set out proposals to introduce a new Consumer Duty Principle that sets a clearer and higher expectation for firms’ standards of care towards consumers. Underpinning this Principle are four clearly defined outcomes (communications, products and services, customer service, and price and value) which represent the key elements of the firm-consumer relationship. The introduction of this Principle reiterates the requirement for firms to perform and be able to evidence customer outcome testing across the customer journey.
  • Firms are expected to have systems and tools in place to support customer outcome testing. System functions that allow firms to identify key ‘trigger’ words are also well positioned to help automate and focus the testing. For example call listening software and customer feedback surveys whereby the system identifies and creates a report based on trigger words such as ‘vulnerable’.
  • Specifically for insurers, the FCA’s GI Pricing Practices market study (May 2021) also touches on the importance of customer outcomes testing in relation to assessing how a product is providing fair value to the customer. The output of customer outcomes testing should be used to help determine the level and frequency of product reviews and as well as feeding into the outcome of the review. ​

 

What should Internal Audit be doing?
 

Area of Focus

Customer outcomes testing procedure


Description


Internal Audit should review the design and operating effectiveness of the Customer Outcomes Testing Procedure in place. This should span across the entire customers journey with specific focus on:

  • Initial sale; ​
  • Servicing;
  • Claims (where relevant to the sector);
  • Complaints; and
  • Ongoing communications.

The testing should include factors such as whether the standard of communications and contact between the customer and the firm is appropriate, whether products and solutions provided to the customer performed as expected and whether the firm acted appropriately at critical points ( e.g. during the advice process where relevant).

There should be procedures in place which clearly define the reporting expectations to ensure the outcome of the testing is shared with appropriate Committees and escalated when required. The Internal Audit team should assess whether the reporting and escalation procedures are being followed.

 

Systems and tools ​

Internal Audit should perform a review of the firms systems and tools used to support customer outcomes testing.

Internal Audit should assess whether there were any concerns raised, and how any issues identified were escalated and addressed.

 

Key contacts: Poppy Young and Aaron Oxborough

5.5. Interest-Only - End Of Term Mortgages
 

Why is it important?

 

The repayment of an Interest Only loan is reliant on the performance of the customers repayment strategy which should be declared at the outset of an application. The Financial Conduct Authority (FCA) has previously raised concerns regarding the inability of some customers to repay their Interest Only Mortgages as some customers with legacy Interest Only Mortgages do not have a repayment vehicle in place or the repayment vehicle has not performed in line with their expectations. As part of the Mortgage Market Review (MMR), the FCA implemented new rules within MCOB to ensure that the performance of the repayment vehicle for all new Interest Only Mortgages were subject to a review (as a minimum, once) during the term of the Mortgage, to check that the customer's repayment strategy is still in place and is expected to repay the original amount borrowed. This remains an area of focus for the Regulator which has identified three residential Interest Only Mortgage maturity peaks: 2012-20, 2027-28 and 2032. There is scheduled to be c.513k Interest Only Mortgages due to expire worth c.£70 billion between 2021 and 2027 alone.

 

What’s new?

 

  • In October 2020, the FCA published Policy Statement 20/11: Removing barriers to intra-group switching and helping borrowers with maturing Interest Only and Part-and-Part Mortgages which introduced measures to support borrowers with Interest Only and partial capital repayment (Part-and-Part) Mortgages whose Mortgages had matured since 20 March 2020 or would mature in the following 12 months, given the impact of the COVID-19 pandemic.
  • The FCA identified that adverse market conditions caused by the COVID‑19 pandemic may have complicated or frustrated the repayment plans of some consumers with maturing Interest Only and Part-and-Part Mortgages. The guidance is intended to help avoid situations in which borrowers may struggle to realise their repayment strategy or may be concerned that they would attain poor value if they needed to repay the capital on their Mortgage in adverse market conditions. It applies to borrowers with Interest Only and Part-and-Part Mortgages whose loans are due to mature between 20 March 2020 and 31 October 2021, who are up-to-date with payments, and allows them to continue making interest payments and delay repayment of the capital on their Mortgage up until 31 October 2021.
  • The FCA expects lenders and administrators to have told eligible borrowers about the option to delay capital repayments promptly; prioritising those whose Mortgage will shortly mature or has already matured. Where the Mortgage has yet to mature this contact should be made a reasonable period in advance. ​

 

What should Internal Audit be doing?
 

Area of Focus

Repayment strategies and COVID-19 guidance

Description

Internal Audit should review the controls in place to review the performance of repayment vehicles for Interest Only Mortgages throughout the Mortgage lifecycle. This review should include sample testing of whether the checks are appropriately identifying instances where the lender does not believe the repayment vehicle will be sufficient to repay the capital amount upon maturity, the action the lender proposes to take and the communication of the options available to those customers to ensure they are not left with a Mortgage shortfall upon maturity. Internal Audit should also review the response to the COVID-19 guidance issued by the FCA with regard to the contact strategy in place for those customers whose Interest Only and Part-and-Part Mortgages are due to mature between 20 March 2020 and 31 October 2021 to ensure that all appropriate customers have been captured within the strategy and that the communications are clear, fair and not-misleading. Internal Audit should consider whether different contact methods have been attempted for non-responders and that vulnerable customers have been considered throughout the contact strategy. Internal Audit should also understand how the firm is assessing the consistency in customer treatment across different functions to ensure that customers with maturing Interest Only Mortgages receive similar treatment irrespective of their arrears status.

Management information ​

Internal Audit should ensure that senior Management and the Board are receiving appropriate management information (MI) which captures the output from the periodic review of repayment vehicles for Interest Only Mortgages. This information should include the volume of customers that will potentially have a shortfall upon maturity and the proposed action that will be taken for this cohort of customers, particularly where they may be considered vulnerable. Internal Audit should also review whether appropriate MI is produced in relation to the customer contact strategy for those customers that have been contacted following the updated FCA guidance in relation to COVID-19 to review their repayment strategies and delay capital repayment, where appropriate. This MI should also provide senior Management and the Board with a view on extent to which these strategies are delivering fair customer outcomes. Any review should also consider whether this MI is provided to appropriate governance forums.

 

Monitoring and oversight ​

Internal Audit should review the design adequacy and operational effectiveness of Quality Assurance and Compliance Monitoring activity/controls in relation to firm’s contact strategies for Interest Only customers, including the firm’s review of repayment vehicles for Interest Only Mortgages throughout the Mortgage lifecycle.

 

Key contacts: Lyndsey Fallon and Stuart Batigan

5.6. Consumer Affordability
 

Why is it important?

 

The Financial Conduct Authority (FCA) has acknowledged that creditworthiness and affordability assessments are not an exact science, and that implications outside of normal controls, such as a change in the customer’s circumstances or wider economic events can impact affordability. In normal times, firms are expected to have effective processes in place aimed at eliminating lending that is foreseeably unaffordable, without having a process that may be so conservative as to decline applications where credit would be affordable. The wider economic impact following the COVID-19 pandemic has brought additional scrutiny over the affordability controls that firms have in place to ensure that funds are being lent responsibly and whether this has resulted in fair outcomes for consumers. Whilst this remains important for Banks and Building Societies, this is a particular area of focus for the FCA within the high-cost short-term and second charge lending markets where the risk of harm is higher.

 

 

What’s new?

 

Whilst FCA publications have been limited in this space during the COVID-19 pandemic, we have observed through supervisory activities a greater focus on underwriting standards in key markets where the risk of consumer harm is greater (High-Cost Short-Term Credit, Guarantor Lending, and Second Charge Lending). Although the impact of COVID-19 has been mitigated due to extensive government support packages, this support is currently in the process of being wound down which may impact on the financial circumstances of some customers. This risk may be increased for customers who have lower levels of financial literacy and may be experiencing short term pressure on their finances.

We have also seen an increase in the number of Societies and Challenger Banks starting to offer Mortgages much later into retirement to support customers with maturing Interest Only Mortgages or later life lending requirements. This has created additional complexities within underwriting processes as organisations need to balance the increased risks that come with lending into retirement and their commercial objectives. Firms operating in these markets need to ensure that any later life lending is done so in the best interests of its customers and that this can be evidenced in their underwriting files.

 

 

What should Internal Audit be doing?

 

Area of Focus

Assessing affordability—COVID-19 impact

Description

When considering a customer’s affordability, the FCA expects firms to make a reasonable assessment, not just of whether the customer will repay, but also of their ability to repay affordably and without this significantly affecting their wider financial situation. In-light of the existing COVID-19 pandemic, Internal Audit should consider if further scrutiny is required on controls used to assess affordability which typically rely on historical information and may not reflect the recent impact of COVID-19. There should also be consideration given to consumers that have taken payment holidays/freezes on other lines of credit within the affordability process and determine whether this was a precautionary measure, or the customer is experiencing difficulties as part of their affordability assessment.

 

Lending into retirement ​ Internal Audit should review and consider the processes and controls in place for lending into retirement and later-life lending to ensure that affordability assessments being conducted are updated to reflect the additional risks/complexities within underwriting processes. Internal Audit should challenge the decisions made around the following aspects:

 

  • When is it appropriate to assess a mortgage solely based on their retirement income?
  • At what age should an organisation assess sole survivor affordability?
  • Appropriate assessment of drawdown income as part of any pension scheme due to it’s variability?
  • What is considered a reasonable retirement age and how feasible are customers’ retirement ages?

 

Monitoring and oversight ​

Internal Audit should review Quality Assurance and Compliance Monitoring arrangements and consider whether they are adequate to identify any issues within underwriting cases where customers have been impacted by COVID-19. There should also be a review of whether appropriate MI is produced and provided to appropriate governance forums in relation to affordability outcomes, and the ongoing monitoring of lending facilities and security to understand whether firms’ are acting within its stated risk appetite.

 

 

Key contacts: Lyndsey Fallon and Stuart Batigan

5.7. Vulnerable Customers
 

Why is it important?

 

Protecting vulnerable customers is a key focus of the Financial Conduct Authority (FCA) and this has become a greater focal point within the last few years, including following the COVID-19 pandemic’s impact on policyholders from a health, resilience and financial perspective. The FCA has stated that firms are still failing to consider the needs of vulnerable customers which is leading to customer harm. The pressure is on for firms to be able to evidence they are appropriately identifying customer vulnerability, responding to the needs of these vulnerable customers, making sure staff have the right skills and capabilities, monitoring and assessing processes around the fair treatment of vulnerable customers and making improvements where this is not happening.

 

What’s new?

 

  • The FCA finalised their guidance on the fair treatment of vulnerable customers in February 2021. Firms should understand the impact of vulnerability on their customers and ensure that customers in vulnerable circumstances can receive the same fair treatment and outcomes as other customers. This needs to happen throughout the customer journey from initial product design considerations through to customer communications and service.
  • The FCA has raised concerns that the impact of COVID-19 will increase the amount of vulnerable customers and has emphasised the need for firms to have contingency plans in place to deal with major events, including the steps taken to serve and support their customers.
  • The FCA has recognised that not all customers affected by COVID-19 are vulnerable, but firms need to pay attention to the indicators of potential vulnerability and recognise that vulnerability can be a permanent or transient state; and ​
  • Firms are expected to be proactive in assessing how their customers may be affected by COVID-19 and take steps to help them. This may include giving customers clear information about product features that may help to mitigate the impact of COVID-19, ensuring that any claims for example, in the case of insurance, are dealt with promptly, and signposting customers to other sources of help. The FCA also expects firms to have considered the potential implications for small business customers and have appropriate plans and procedures in place to ensure they are treated fairly.

 

What should Internal Audit be doing?
 

Area of Focus

Vulnerable customer policies and procedures

Description

Internal Audit teams should assess the adequacy of the design, and effectiveness of vulnerable customer related policies and procedures, from how the firm identifies vulnerability, to how vulnerable customers are treated throughout the customer journey. Internal Audit should assess how the firms have embedded the fair treatment of vulnerable customers within their culture and how senior leaders maintain a culture that enables and supports staff to take responsibility and reduce potential for harm to vulnerable customers throughout the customer journey.

Management information ​

Assess whether appropriate management information (MI) is provided to senior Management and the Board so that they can continually monitor the fair treatment of vulnerable customers across the firm. Consideration should be given to whether the existing MI suite provides adequate visibility of the number and different categories of vulnerability and whether there is sufficient MI in place to assess any changes to the conduct risk profile at the firms. Internal Audit should review the controls in place around the completeness and accuracy of the data and information that firms hold in relation to their vulnerable customers. Internal Audit should confirm how regularly Management review this to determine whether the firm is justified in holding this data (to be able to meet the customers needs) and that the customer is aware this data is being held.

 

Contingency planning for major events (COVID-19) ​

The FCA has clearly articulated the need for firms to develop contingency plans to deal with major events, to support customers who could become vulnerable as a result of the event. Internal Audit should focus on the processes in place to demonstrate that the business is being proactive in assessing how events outside of the firm are impacting customers; and how the firm can ready itself to ensure this is not only identified but that the necessary measures and actions are taken to best support the customers affected.

 

Quality assurance ​

Review the robustness of Quality Assurance and Compliance Monitoring frameworks to ensure there is appropriate coverage of vulnerable customers and that any treatment of vulnerable customers that falls below the FCA or firm’s expectations is identified and escalated accordingly

 

 
Key contacts: Poppy Young and Aaron Oxborough
 

Did you find this useful?

Thanks for your feedback

If you would like to help improve Deloitte.com further, please complete a 3-minute survey