How to Identify Vulnerable Customers:
Best Practices and Tips

What is customer vulnerability?

Customer vulnerability isn’t a fixed label — it’s a shifting state that depends on personal circumstances.

There’s no one size fits all ‘dictionary definition’ of vulnerability, but a great place to start is the UK Financial Conduct Authority’s guidance on the subject.

They say,

Our definition of vulnerability refers to customers who, due to their personal circumstances, are especially susceptible to harm, particularly when a firm is not acting with appropriate levels of care. Firms should think about vulnerability as a spectrum of risk.

The UK’s Housing Ombudsman in their “Relationship of Equals” report give a strikingly-similar definition:

A dynamic state which arises from a combination of a residents personal circumstances, characteristics and their housing complaint. Vulnerability may be exacerbated when a social landlord or the Housing Ombudsman Service does not act with appropriate levels of care…

And for our utilities clients, Ofgem say:

when a consumer’s personal circumstances and characteristics combine with aspects of the market to create situations where he or she is:

• significantly less able than a typical domestic consumer to protect or represent his or her interests; and/or
• significantly more likely than a typical domestic consumer to suffer detriment or that detriment is likely to be more substantial.

— Ofgem Consumer Vulnerability Strategy

And Ofwat:

Some people do not have a reasonable opportunity to access and receive an inclusive service which may have a detrimental impact on their health, wellbeing or finances. This may be due to personal characteristics, their overall life situation or due to broader market and economic factors.

The key takeaways from these descriptions are:

• Vulnerability can be temporary: ‘Vulnerability’ isn’t necessarily something a person is born with and lives with every day. Vulnerability is circumstantial, so it can be more helpful to think about ‘people who currently have vulnerable characteristics’, rather than ‘vulnerable people’.
• Vulnerability exists on a spectrum: ‘Vulnerability’ isn’t a binary choice between “is vulnerable” and “isn’t vulnerable”. A person’s circumstances might increase or decrease their level of risk, and the same circumstances can affect different people in different ways.
• The actions of a firm can increase/decrease vulnerability: An individual is financially-precarious, but just about coping… But then you mis-sell them a mortgage product? Their ‘susceptibility to harm’ just increased!

Of course, just because these definitions come from the finanical services, utilities and social housing sectors, it doesn’t mean that vulnerability is limited to customers in those sectors. Any B2C organisation will deal with people who have characteristics of vulnerability.

The FCA go on to list four sub-types of vulnerability.

• Health – health conditions or illnesses that affect ability to carry out day-to-day tasks.
• Life events – life events such as bereavement, job loss or relationship breakdown.
• Resilience – low ability to withstand financial or emotional shocks.
• Capability – low knowledge of financial matters or low confidence in managing money (financial capability). Low capability in other relevant areas such as literacy, or digital skills.

Of course, understanding vulnerability is only the first step. What are you expected to do about it, and how (within a VoC programme) can you spot it early to take action?

Anyone can find themselves in vulnerable circumstances at any time

— The Financial Conduct Authority

How can I identify Vulnerable Customers in a VoC programme?

There are two approaches here, which should be familiar to anyone used to dealing with both qualitative and quantitative feedback.

Identifying Vulnerable Customers using quantitative feedback

We’ll cover the simplest approach first. If it works in the context of your existing VoC surveys, you can ask questions which allow customers to self-identify as being in vulnerable circumstances. Not being as crude as ‘Are you vulnerable today? (Yes/No), but for instance:

• To what extent are you finding rent affordable?
• How often do you need help from family, friends?
• How much effort does it take for you to complete important tasks with us?

There are three benefits to this approach.

1. As part of a well-considered VoC strategy, you should be asking some questions like this, because they reflect what’s important to your customers. If you can use them to also flag up a couple of indicators of vulnerability, that’s a free win.
2. We’ll discuss the pros and cons of using AI for this task in the next section, but in short, this direct, quantifiable approach is simpler, easier for your team and regulators to understand, and dodges some of the ethical questions around AI use.
3. Any AI-based approach will rely on customers’ free-text responses, but not everyone will want or need to answer free-text questions. Indeed, the group of customers who aren’t going to answer these question likely overlaps with your group of vulnerable customers: people who struggle to complete the form due to low literacy, stress, or other issues.

Of course the one major drawback to this approach is that you only catch what you’re looking for. If you don’t want to reduce your response rates by creating terrible surveys which ask a long list of awkward questions, you have no hope of identifying every potential concievable driver of vulnerability.

This is why this approach pairs well with an AI-based text analysis techniques.

Identifying Vulnerable Customers with AI

The natural complement to this quantitative approach is AI-based analysis of customer comments. Some of the strongest CX teams we work with are using AI at scale to spot vulnerable customers based on clues in the things they say.

Further more, the FCA highlighted this as an example of good practice in their March 2025 customer vulnerability review.

AI tools (like ours!) understand the nuance behind different types of vulnerability, and can label incoming feedback appropriately and alert the right team members when they spot it.

But there’s no such thing as a free lunch. Whilst AI-based analysis is a huge timesaver, to use it ethically, you need to be aware of a few things:

AI Ethics and vulnerable customers.

Various organisations have written at length about how to use AI safely:

1. The UK Government’s AI playbook
2. The Alan Turing Institute’s FAST Track principles
3. The FCA’s AI Update

Two key themes across all of these guidelines are the need for fairness and accountability. However you use AI, it can’t disadvantage your customers, and a human being has to take accountability for any ‘decisions’ made by that AI. You can read a lot more about these ideas in our AI for CX guide, but in summary:

• Fairness: It’s relatively safe to be using AI to flag up potentially-vulnerable customers. But it would not be fair to automatically-disadvantage them on the basis that (rightly, or wrongly) you’d flagged them as ‘vulnerable’. For instance, it’s great to use this flagging to trigger an account review, it’s not great to feed it into a pricing algorithm.
• Accountability: Whatever AI system you use, the ‘final say’ has to lie with a human being. It’s great to use use AI as a timesaver, to produce a list of customers who are potentially currently-vulnerable, but a real person needs to review that list and override the AI’s opinion where needed.

How can CX and Insight teams support Vulnerable Customers?

Because this guide aims to help as broad an audience as possible, we’re going to distil the most common advice down into a few guidelines that any firm should be able to work with.

For financial services firms in particular, the FCA recently (March 2025) published specific areas for improvement in their vulnerable customers review as part of their ongoing Consumer Duty work.

1. Designing appropriate products and services

Designing to meet the needs of vulnerable customers is just one slice of the wider topic of accessible design.

Accessibility is often pigeonholed as being something for people with physical disabilities (and more unhelpfully seen as something that can be ‘bolted-on’ to fix problems that should have been identified earlier).

But a more useful definition of accessiblity considers the needs of all service users, including people who are currently vulnerable.

This is one part of what we mean by ‘inclusive / universal design’:

If it works out-the-box for everyone, that’s a win for both supplier and consumer: Customers don’t have to go out of their way to access your services, they feel more fairly treated, and you don’t have to support multiple ‘versions’ of the same thing to cater for different groups.

If you’re in an insight/VoC/CX role, you should be feeding the needs of vulnerable customers into the teams who design your organisation’s products and services, so that these needs are considered as early as possible and addressed.

This was one of the areas for improvement identified in the FCA’s consumer duty review:

Most firms we engaged with could not show us how they had embedded the needs of customers in vulnerable circumstances into their product and service design processes

Being able to demonstrate the flow of data from your VoC system to your service design teams is a crucial component of keeping the regulator happy.

2. Training

But of course, however good and inclusive your intentions, it’s simply impossible to design services that work for absolutely everyone all of the time.

You might miss things at design-time, the goalposts might move, or it’s simply not possible (sometimes) to come up with something that works for everyone.

That’s why it’s important to train your team in the needs of vulnerable customers. You need:

• General Awareness: Make sure everyone knows that vulnerable customers exist, and are entitled to the support they need to achieve the same results as non-vulnerable customers. Your team should also be able to spot signs of vulnerability, so they can refer customers to more specialised help if appropriate.
• Specific Training: Ensure that specific team members (or entire teams if needed) are on-hand to support customers with specific vulnerabilities. If someone is struggling to pay off a credit card because of a bereavement, it’s naturally not sufficient to pass them over to a highly-sympathetic bailiff.

For insight/VoC managers, you can support this by sharing customer feedback about good practice with the front-line folk dealing with customers.

3. Equality of Outcomes

The ultimate objective of all this inclusive design and training is to ensure one thing: that vulnerable customers don’t end up disadvantaged compared to other customers. Everyone should get a ‘fair’ outcome.

Final responsibility for ensuring this for a given customer is obviously far beyond the remit of a CX/Insight team, but you still have a role to play.

If your VoC work identifies a customer with a specific issue as potentially-vulnerable, you should be able to escalate this issue to the correct product/service owners to ensure that a rapid, fair outcome is delivered for that customer.

But best-in-class VoC teams should be going beyond this ‘inner loop’ customer feedback resolution, and actively contributing to how their organisation demonstrates that they are achieving this equality of outcomes.

The FCA’s March update revealed that:

“Only 49% of financial services firms are using Customer feedback directly from customers in vulnerable circumstances” which “…limited their ability to compare and reach conclusions about outcomes of different groups of consumers”.

Given that customer sentiment is one of the most important indicators of whether equality of outcomes has been achieved, this is an astonishingly low number, and represents a huge opportunity to improve for many firms — both inside and outside the financial services industry.

4. A Single Point of Truth for Customer Vulnerability

Finally, one of the most important roles of any CX team is to break down silos across the business, to ensure that not only are customer needs at the forefront of peoples minds, but people have access to the hard data to address those needs.

This is doubly-important when it comes to customer vulnerability.

Your business should have a single point of truth for customer vulnerability. Whilst it’s important that your VoC processes can automatically-identify potentially-vulnerable customers, it can’t be the final resting place for this knowledge in the business.

Your CXM platform needs to connect to other systems, such as CRM and ERP as appropriate, and ‘pass on’ the fact that a given customer has been identified as potentially-vulnerable.

In their March 2025 report, FCA highlighted this as an example of good practice:

Using centralised systems to store information about a customer’s circumstances or needs, which could be accessed by colleagues across almost all of a firm’s retail business areas. This meant customers did not have to repeat potentially sensitive information.

But went on to say that unfortunately in many cases,

Where consumers did disclose, some reported having to do so repeatedly because their provider failed to make appropriate adjustments

Clearly, this is not solely a software problem: Having systems which can talk to each other is foundational, but you need to ensure that good processes are in place, with clear responsibilities to ensure not only does data make it to the right place, but it is acted on in the right way.

GDPR is also important here. If the customer needs their data rectifying, or wishes to opt-out from automated processing, this data needs to be kept consistent across both systems.

Summary

Any of us can become vulnerable at any time, for a variety of reasons.

CX and Insight teams can’t solve the needs of vulnerable customers themselves, but they do have an important role to play:

• It’s possible to identfy customers in VoC surveys through both quantitative questions, and AI-based analysis of free text.
• When vulnerable customers have been identified, it’s important to both act immediately on their needs (if appropriate), and route their feedback elsewhere in the business: To improve product and service design, and to deepen your team’s understanding of how best to look after vulnerable customers.
• Accurate identification of vulnerable customers in VoC efforts can support not only delivering equal outcomes, but reporting/evaluation efforts to verify that these outcomes are being delivered.

Firms that take vulnerability seriously — not just as a compliance exercise but as a fundamental part of how they do business — will not only be in a better position to satisfy their regulators, but will deliver better customer experiences, leading to improved retention and a healthier bottom line.

Since 2010, the CustomerSure platform has supported some of the best CX teams in the world, get in touch if you’d like to talk to us about your needs.