Written by Jonathan Barrett, CEO and Co-founder of Duty of Care Assessment firm, Comentis
Over the last couple of years, the conversation around vulnerable customers has felt like a tactical compliance task, a series of checks completed because they must. But what if this mindset shifted? What if 2026 marked the end of this tick-box era? What if firms placed duty of care at the absolute centre of their business strategy and culture this year? Jonathan Barrett, CEO and Co-founder of Comentis, explains why the recent regulatory shifts have turned vulnerability from a peripheral risk into a primary business driver.
The regulatory pivot
Identifying and supporting vulnerable customers has always been a core pillar of the Consumer Duty. However, the FCA’s finalisation of Policy Statement 25/19 in December 2025 has shifted the goalposts substantially.
Vulnerability identification is now a mandatory data requirement for complaints reporting. For the first time, starting in 2027 (with systems needing to be ready throughout 2026), firms must quantify:
- All complaints where the customer was vulnerable.
- All complaints where the root cause was the firm’s failure to consider or respond to that vulnerability.
This is a game-changer for 2026. The regulator is no longer just asking if you have a policy; they are asking for the data to prove your policy works. And of course, it’s not only important to understand who is vulnerable – it’s also just as important to prove who isn’t vulnerable too.
Mind the gap, the 1 in 2 reality
The scale of this challenge is often underestimated. According to the FCA’s Financial Lives 2024 Survey (published May 2025), 49% of UK adults (that’s roughly 26.4 million people) display one or more characteristics of vulnerability at any time.
That means that 1 in 2 adults in the UK are considered vulnerable. So, if your firm is still reporting identification rates of 1% to 5%, you aren’t looking at a low-risk portfolio. You are looking at a substantial detection gap. And this is also reflected in our data too (out of our 30,000 assessments per month). And this detection gap is where regulatory risk lives and breathes.
And let’s be honest, if half your client base is potentially vulnerable, this is no longer a sideline project. Rather, vulnerability has become your core business model this year. A ‘tactical’ approach can handle a small percentage of these vulnerable clients. But I would argue it cannot handle anywhere near the 50% we’re witnessing. Rather, you need a strategic, scalable framework to manage that volume. And this is exactly why we must start thinking about duty of care strategically instead of tactically as we move into 2026.
From the tactical to the strategic
For too long, vulnerability has been treated by many in financial services as a tactical checkbox, a data point to be captured, a box to be ticked, and perhaps (dare I say it) a file to be closed. But under the FCA’s Consumer Duty, the goalposts have moved. The regulator isn’t just looking for a process; they are looking for good outcomes for all.
And the thing is, if you treat vulnerability as a tactical impactor, you are always going to be playing catch-up. You will be reacting to problems rather than anticipating future needs. A tactical checkbox approach is fragile. It fails under pressure and leaves both the firm and the client exposed. No one wants this.
If you, however, start to treat duty of care as a strategic driver, everything changes. When you bake identification and the support of vulnerable clients into your core strategy, good outcomes aren’t just something you might hope for; they can become an everyday occurrence. The real fabric of your organisation.
Not only this, but trust will increase. Clients will feel seen and protected, leading to long-term loyalty. Your employees will also feel reassured that you are doing the right thing and ingraining this within your business ethos. They will also reward you with their retention and loyalty. Your risk will also decrease. This is because early identification prevents poor outcomes well before they happen. And, perhaps most importantly, you will have the consistent, robust evidence and data that the FCA demands.
Baking duty of care into your culture
Under Consumer Duty, the FCA is no longer satisfied with intent; they demand evidence. By elevating the duty of care from a compliance requirement to a strategic driver, firms can leverage data to build a gold standard audit trail. This will not only demonstrate real-world value to clients but also satisfy regulatory rigour.
Ultimately, prioritising vulnerable customers isn’t an overhead; it can be a growth strategy. It is time to stop viewing duty of care as a hurdle and start seeing it as your most significant competitive advantage and business enabler.
It’s time to stop asking “How do we tick this box?” and start asking “How does our duty of care drive our firm forward?”
Jonathan Barrett is the CEO and Co-founder of Duty of Care Assessment firm, Comentis.
![[UNS] celebrate](https://ifamagazine.com/wp-content/uploads/wordpress-popular-posts/801986-featured-300x200.webp)
