Banks and financial services are facing major operational challenges themselves. Sharing data on vulnerability is falling behind other business objectives. The FCA has provided extensive guidance on the subject.
However, the industry, it seems, is waiting for the regulators to be absolutely prescriptive about what it should do. This is not possible on a subject like vulnerability. It is far too complex. There are far too many eventualities, combinations and scenarios. We are unlikely to ever see a concrete set of rules on a subject like vulnerability.
Data protection is also appearing as a barrier to processing data on vulnerability. We are seeing organisations tie themselves up with General Data Protection Regulation for fear of breaching it. As a result, they are not helping the people that need help as much as they could be. Done right, it does not need to be the case. There are points within GDPR that allow the processing of this data.
If banks and financial service companies can access a data-sharing scheme with ease, like the Vulnerability Registration Service, which gives them the ability to instantly identify customers within their own database with all kinds of vulnerabilities, then why are they not doing it?
Take for example the risk of coercion. Banks and financial services companies are very unlikely to get many victims proactively identifying themselves as suffering from financial abuse.
However, if these victims have been identified across other organisations from other sectors, then banks and financial service companies have an opportunity and an obligation to use that information.
A cross-sector challenge
Vulnerability is not just being driven by the FCA. There is equal pressure in utilities and insurance, as well as in the public sector. It is an issue for any organisation that deals with consumers. But everyone is working in silos.
Areas of government are recognising the problem of working in silos and trying to move on it. There is traction on the issue from the collections industry as they are dealing with the most severe situations. The utilities sector is also one step ahead with talks on data sharing progressing in this area.
But within banking and financial services, the issue is being tackled from the edges rather than the centre. Data sharing needs to be moved high up on board agendas. The impetus is there. The consensus is there. The tools to make it happen easily are there. So what are they waiting for?
Helen Lord is director of the Vulnerability Registration Service (VRS)
