Vulnerable Customers in Wealth Management: A Practical Guide

Identifying vulnerable clients is one of the most technically and ethically demanding obligations the Consumer Duty places on wealth managers. Done well, it protects clients at the moments they most need it. Done as a compliance exercise, it generates documentation that satisfies no one.

The FCA has been explicit that vulnerability is not a niche concern for specialist teams — it is a mainstream compliance obligation that applies across the client base at every wealth management firm. Under Consumer Duty and FG21/1, firms must understand the characteristics of vulnerability in their client population, identify vulnerable clients in practice, and adapt their services and communications accordingly. This guide covers what that looks like in the specific context of wealth management.

The FCA’s Four Drivers of Vulnerability

FG21/1 identifies four drivers of vulnerability that wealth managers must build their identification frameworks around. These are not mutually exclusive — most clients who experience vulnerability are affected by more than one.

Health: Physical or mental health conditions that affect a client’s ability to make financial decisions, process information, or manage their affairs effectively. This includes cognitive decline, dementia, serious physical illness, and mental health conditions including depression and anxiety. Wealth management clients are disproportionately older, making health-related vulnerability — particularly cognitive decline — a more prevalent risk in this sector than in mass market retail.

Life events: Significant life changes that create temporary or ongoing vulnerability — bereavement, divorce, serious illness of a family member, sudden loss of income, or redundancy. Wealth management clients often encounter these events at a point where financial decisions of significant complexity must be made under emotional stress. A client who has just lost their spouse and must now make investment decisions for the first time is in a fundamentally different position than they were six months earlier.

Resilience: Low ability to withstand financial or emotional shocks. A client whose portfolio represents their entire liquid wealth, with no other income source, has materially lower resilience than one with a pension, property and employment income alongside their investments. Resilience vulnerability in wealth management often intersects with age and life stage — retired clients drawing down assets have less resilience to market volatility and poor advice than accumulating clients.

Capability: Low knowledge or confidence in managing financial matters. This is frequently underestimated in wealth management, where the assumption is that clients are financially sophisticated. In practice, many high-net-worth clients have accumulated wealth through business success, inheritance or property rather than financial expertise. Their wealth does not equate to financial capability, and treating it as though it does creates material advice risk alongside regulatory exposure.

Why Wealth Management Has Specific Vulnerability Risks

Wealth management creates vulnerability risks that differ from mass-market retail in ways that directly affect how identification processes must be designed.

The client demographic is older on average. Cognitive decline — ranging from mild impairment to diagnosed dementia — is a realistic probability across a significant proportion of any mature wealth management client book. The FCA has been explicit in its supervisory work that firms must have processes for identifying cognitive decline in existing clients, not merely screening for it at onboarding.

The financial stakes are higher. Poor advice to a vulnerable wealth management client — an unsuitable investment recommendation, a failure to identify that a client lacks capacity to make a decision, or a communication that exploits rather than responds to vulnerability — can cause life-changing financial harm. The FCA’s enforcement approach to vulnerability failures in wealth management reflects this: consumer duty breaches in this sector are treated as priority enforcement matters.

The relationship model can obscure vulnerability. In a relationship-managed model, the client’s relationship manager may be the primary — sometimes the only — point of contact with the firm. This creates a significant concentration of identification responsibility in a single individual and means that the quality of vulnerability identification across the firm is only as good as the training and awareness of the relationship management team.

Practical Identification: Beyond Onboarding Questionnaires

The most common failure the FCA identifies in wealth management vulnerability processes is treating identification as a one-time onboarding task — asking clients to complete a questionnaire at the start of the relationship and then recording the result permanently. This approach fails on two levels: it does not reflect the reality that vulnerability is dynamic and changes over time, and it produces a file note rather than a genuine understanding of the client’s circumstances.

Effective identification in wealth management combines multiple touchpoints. Client reviews — whether annual, semi-annual or triggered — provide a structured opportunity to reassess vulnerability indicators. Relationship managers should be trained to identify behavioural signals during review conversations: confusion about previously understood concepts, inconsistencies in instructions, references to significant life events, or an unusual shift in risk appetite or liquidity requirements. These are often the first observable signs of developing vulnerability that a formal questionnaire would not capture.

Inbound client contact is a particularly important channel. A client who calls to make an unusual instruction, who seems confused about their portfolio, or who is responding to pressure from a third party may be displaying real-time vulnerability indicators. Front-line staff who handle client calls must be trained to recognise and escalate these signals rather than simply processing the instruction.

Third-party triggers — family members making contact, a solicitor writing on the client’s behalf, or a power of attorney being registered — are significant vulnerability signals that require immediate review of how the firm interacts with that client. The processes for handling these triggers should be explicitly documented in the firm’s vulnerability policy.

Adapting the Service: What Identification Must Trigger

Identifying a vulnerable client is only the first step. Consumer Duty requires firms to act on vulnerability identification — to adapt their service, communications and processes to meet the needs of that client in their current circumstances. Identification without adaptation is a compliance formality, not genuine vulnerability management.

Common adaptations in wealth management include: simplifying the language and format of investment communications for clients with lower financial capability; providing additional time and support during review meetings for clients experiencing life events; requiring additional safeguards before processing instructions from clients identified as having cognitive impairment; designating a senior point of contact for clients with complex vulnerability circumstances; and implementing enhanced suitability assessment processes for clients where capacity may be an issue.

The firm must also consider whether the product or service a vulnerable client holds remains appropriate for their current circumstances. A client who was suitable for a complex multi-asset portfolio three years ago may not remain suitable if their cognitive capacity has declined significantly in the interim. Consumer Duty’s ongoing suitability obligation applies continuously — including where vulnerability changes the baseline against which suitability is assessed.

Governance and the Consumer Duty Annual Board Report

Under Consumer Duty, the board must receive an annual assessment of whether the firm is delivering good outcomes for its clients — including vulnerable clients. The annual board report should include: data on the number of clients identified as vulnerable and the categories of vulnerability; the outcomes achieved for vulnerable clients compared to the general client population; the results of any thematic vulnerability reviews; and any remedial action taken where outcomes for vulnerable clients have fallen short.

Boards that receive a single paragraph on vulnerability in their Consumer Duty report — “we have a vulnerable customer policy in place and staff are trained” — are not receiving the information they need to discharge their governance obligation. The SMF24 (or equivalent senior manager with consumer outcomes accountability) should own the vulnerable customer framework and be in a position to brief the board on specific outcomes, not just process compliance.

Key References

• FCA FG21/1 — Guidance for firms on the fair treatment of vulnerable customers
• FCA — Consumer Duty guidance and resources