In our previous Insight Article “Consumer Duty – A Different Approach to Financial Services Regulation,” we set the scene for the “paradigm shifting” regulatory change now approaching the financial services industry and discussed the FCAs intention to place clear accountability for compliant implementation of the Consumer Duty (the “Duty”). We additionally published an Insight Article, “Consumer Duty – FCA Engages with Industry Sectors Using Webinar Series,” where we set out an overview of sector specialists combining a summary on the FCAs comments.
In this Insight Article, we set out how firms are expected to take a data-led approach to assess and evidence the testing of outcomes throughout the consumer journey and product and service lifecycle. Our Data Insights and Forensics specialists provide analysis and advice on what the changes may mean for your firm and associated sector in terms of monitoring and reporting outcomes and how technology and data can be used to drive customer outcomes.
How Do Firms Collect the Right Data and Use It to Drive and Monitor Customer Outcomes – The Data Strategy
The FCA states in its guidance for the Consumer Duty: “Firms will need to develop a strategy to gather the relevant information and data to inform their assessment of whether they are delivering good outcomes for customers and to meet their governance obligations. We expect firms to continually review and develop their frameworks.”i
In many firms, there will already be a data strategy in place, and it will need to be adapted to incorporate the requirements of the Consumer Duty. For some firms, however, a strategy may need to be created from scratch. A data strategy is an established approach for setting out the firm’s objectives for exploiting data to achieve its aims; the benefits of using data; the specific data that needs to be collected, processed and consumed; and the capability and infrastructure needed to execute the strategy.
The exercise of producing a strategy is used to identify any gaps (or a lack of “maturity”) in the staff capability, infrastructure, processes and technology needed to achieve the anticipated benefits of exploiting the data available to the firm. Each firm can then devise a roadmap of activities and investment to address these gaps.
The data available to an organization, within the boundaries of data privacy legislation, will often be used to drive key metrics in an organization such as profitability and revenue, but the strategy should also set out how customer outcomes can be monitored and driven. The FCA handbook states: “…as with the whole Duty, one question firms can ask themselves is whether they are applying the same standards and capabilities to monitoring customer outcomes as they are to generating sales and revenue. For example, is the firm using the same levels of segmentation and analysis to monitor outcomes as they are to target sales?”ii
Who owns and champions the data strategy in an organization? Given that data and technology is involved, the knee-jerk reply to this question would be that the responsibility for the data strategy naturally sits with the IT function (i.e., the Chief Information Officer (CIO)) of an organization. However, to ensure success, the “business,” i.e., the customer-facing and operational functions, must have a say, considering that these functions are responsible for creating, collecting and consuming data. The strategy should, therefore, be on the agenda of the executive management committee of a firm, with oversight from the board. A common issue we have observed in organizations is that IT functions will sometimes build or buy in capability without consulting with the business on their real needs or requirements; having a formalized structure for the business to shape and guide the data strategy is, therefore, essential.
A data strategy should include the objectives and benefits for the firm of exploiting its data, an articulation of how data can be used to provide benefits for the firm or “use cases,” a maturity assessment showing the gaps in capability and infrastructure that need to be filled to achieve the use cases, and a roadmap or set of steps of activities and investment required to plug the gaps.
To Prepare for The Consumer Duty, Firms Should Be Identifying How Data Can Be Used to Monitor and Drive Customer Outcomes – The Use Cases for Data
A data strategy for a firm should set out the desired use cases: a use case sets out what data should be collected and processed in a particular way to provide benefits for the organization and its customers.
The monitoring of outcomes for the Consumer Duty is one such use case in that data needs to be collected, analyzed and delivered as a report to the board at least once a year.
This doesn’t mean customer outcomes should only be considered by the firm on an annual basis. The reality is that outcomes will need to be monitored much more frequently to identify risks as they emerge. Firms will need to respond in different ways including understanding the root cause of any issues, adapting and changing products and services, adapting the firm’s operations or even providing redress where customers have suffered harm.iii The format of management information reporting within the year will consequently have to be different from the annual report document. Firms can also benefit from staff having online dashboards available that visualize the key metrics for customer outcomes, which are refreshed on a regular and frequent basis. In some cases, with large organizations with a large customer base and a variety of products, dashboards that show a real-time or “near” real-time view of products, services and customer outcomes will be valuable for making effective and timely decisions.
In addition to data being used to monitor customer outcomes, there are use cases where data can also be used to drive customer outcomes. Some examples of use cases that can drive good outcomes for customers across both the customer journey and product lifecycle are presented below, ranging from using data to define pricing to creating AI “customers” who can test and challenge contact center agents during training.
Use Cases Where Data Can Drive Customer Outcomes
Firms Should Understand the Gaps in Data and Capability Which Need to be Filled to Execute their Data Strategy (and Meet the Needs of the Consumer Duty) – The Maturity Assessment
To understand the gaps in data and capability that need to be filled to execute the organization’s data strategy (and meet the needs of the Consumer duty), the firm can be assessed against a maturity model. Maturity models help an organization consider both the technology and the culture of their organization. The less mature an organization’s capability is, the more likely that the firm is not getting the most value from its data. The more mature the capability of the organization, the more insight and value can be derived from data, and the cost to handle the data is often lower.
An illustrative maturity model is shown in the diagram below. It considers capability across several areas:
- Systems and technology – the systems in which data is stored and processed, the tools by which the data is accessed by data analysts and data scientists, and the tools by which staff in a firm’s various business functions access data and insights themselves
- Data management - the storage, documentation and cataloguing of metadata, the application of consistent standards across the firm and management of data in light of the objectives of the firm
- Data governance – the roles of owning and stewarding (i.e., managing the quality) data, application and enforcement of data governance policies across the firm
- Data culture – the use of data in decision-making across the firm, how data is seen as an asset including the initiatives in place to maintain data quality and the use of “self-serve” data products by staff in the firm to gain their own insight
- People - the dedicated personnel performing data duties, their career and professional development paths that enable them, and collectively the organization's capability to develop, the collaboration of data professionals with subject-matter experts and other teams to address the challenges of the firm, including the requirements of the Consumer Duty
Illustrative Maturity Model
Data Management - Linking Customer, Product and Customer Journey Data is Key
To both monitor and drive customer outcomes, data will need to be collected for products and customers across the lifecycle of the product and the customer journey (see the diagram below). Data will need to be collected, stored and processed both internally and also externally from partners in the firm’s ecosystem, including manufacturers, distributors, brokers, outsources and third-party providers of business processes. Pooling of customer data between firms will raise the prospect of potential conflict with data protection legislation, addressed in the next section.
Data to be Collected Across the Product Lifecycle and Customer Journey
Perhaps the most significant challenge to successful monitoring of customer outcomes is that in many firms the data required is often stored in different, disparate places across the organization. Data concerning the profitability of products or fees charged to customers might be found in the finance department in their enterprise resource planning (ERP) system, whereas website usage data will be collected within the IT function and data on customer interactions could be administered by the sales function using a customer relationship management (CRM) system such as Salesforce.
All this data will need to be brought together to monitor and drive customer outcomes. In larger organizations, bringing the data together to be stored and processed in one place may not only require investment in both technology and infrastructure but also investment in skilled staff who can manage, process and analyze large volumes of data.
Another commonly observed challenge for organizations is that the quality of the data held can be poor. Data may be incomplete, inaccurate or both. Where this data is critical to monitoring or driving customer outcomes, the method of collecting the data may have to be reviewed to ensure there are controls and validation at the point of collection to improve data quality.
Simple but important things like the definition of a product or customer may vary across different departments in a firm. A common set of data standards that set out how data is defined and formatted will be required so that “apples can be compared to apples.”
To derive the most value from their data and drive customer outcomes, organizations will need to overcome these data management challenges and produce a single, unambiguous and accurate view of each customer and how they interact with the firm’s products and the various stages of the customer journey (see the diagram below). The aim is to link the data together so it can produce better insight and enable the use cases set out above, while focusing on the development of new products and customer interactions.
Illustrative Data Model for Monitoring and Driving Customer Outcomes
Data Governance – Ensure You Both Meet the Requirements of the Consumer Duty and Protect Your Customers’ Data
The requirement to monitor customer outcomes will require navigating both existing equalities and data protection legislation, with the first being the use of data about the protected characteristics of customers, and the second is the sharing of information with third parties.
Customer Data with Protected Characteristics
The FCA urges firms to monitor “…distinct groups of customers, such as customers with characteristics of vulnerability or customers who share protected characteristics (as defined by the Equality Act 2010 or equivalent legislation), get worse outcomes than other customers.”iv As with other elements of the monitoring requirement, the FCA asks firms to use their judgment “to see whether any distinct groups of customers are receiving worse outcomes than others”v and provides examples of different customer groups to consider such as longstanding customers, customers from a particular geographical region or customers who buy a product through a particular distribution channel.
There are numerous opportunities at different stages of the product lifecycle and customer journey where data about particular groups can be used to provide insight and monitor customer outcomes. These opportunities include at the product design stage when using data to assess the target market of the product. Additionally, data on take-up of products can indicate whether certain groups are having difficulties engaging with the firm.
The FCA has indicated that it will take a proportionate approach when it considers how firms meet its requirements. They recognize that data on protected characteristics needs more protection than other categories of personal data so collecting this way may not always be possible. Where the data is already being collected, this could be used to monitor differences in outcomes between groups, but the FCA states that they “do not require firms to systematically collect data or to collect new data about customers’ protected characteristics, for example, to ask customers about their ethnicity,”vi .The FCA therefore suggests considering the alternative approaches to collecting bulk data, such as using focus groups to research the needs of particular groups when designing products, or in some cases using postcode as a proxy for a customer’s ethnicity in certain circumstances.
Sharing Data with Third Parties
Firms will often be working within an ecosystem of partners. Organizations can be working with brokers, distributors and business process outsourcers, for example. Firms may outsource their customer service or licence distributors to sell their products. To meet the requirements of the Consumer Duty, firms may need to pool data with their partners to be able to monitor customer outcome, for example, ensuring that after additional fees are charged by financial advisers, the product still represents fair value for the customer. For example, with a firm that outsources elements of its consumer support “…it is responsible for ensuring the support provided meets the Duty standard. The firm should have systems and controls in place to monitor this and provide assurance that it is meeting its regulatory obligations.”vii
A key challenge for firms is to be able to share the correct level of information with third parties about customers without breaching data privacy legislation such as the Data Protection Act (2018). The Information Commissioner’s Office (ICO)viii sets out good practices for data sharing, which include (among others):
- Use of transparent data sharing agreements
- Carrying out a data protection impact assessment (DPIA) to assess the risks of data sharing
- Maintaining accountability by appointing a data protection officer and/or individuals responsible for data sharing arrangements and keeping documentation, which evidence compliance with data protection legislation
How We Can Help
- Clients turn to Kroll’s Data Insights and Forensics (DIF) practice when they seek objective data experts to help address the most complex compliance, regulatory and legal issues. Our unbiased understanding helps clients rapidly get insights into and mitigate risks posed by how data is utilized in their organizations, either internally or externally by third parties who have access to or provide API access to sensitive data.
For example, we can:
- Advise on the most effective collection, analytics and reporting practices for the Consumer Duty
- Assess and advise on how Management Information (MI) can meet the needs of the Consumer Duty. In addition, advise on how MI can be successfully incorporated into governance and used for effective decision-making concerning the risks identified from the monitoring of customer outcomes
- Develop advanced data analytics using a technology-agnostic approach to deliver next level insights
- Correlate all relevant data, regardless of format or structure to meet the requirements of the Consumer Duty
- Provide advice when sharing data with your partners to enable them to both comply with their own requirements under the products and services outcome and avoid conflict with data protection laws
i. Section 11.21, FG22/5 Final Non-Handbook Guidance For Firms On The Consumer Duty. FCA. July 2022
ii. Section 11.13, FG22/5 Final Non-Handbook Guidance For Firms On The Consumer Duty. FCA. July 2022
iii. Section 11.8, FG22/5 Final Non-Handbook Guidance For Firms On The Consumer Duty. FCA. July 2022
iv. Section 11.11, FG22/5 Final Non-Handbook Guidance For Firms On The Consumer Duty. FCA. July 2022
v. Section 11.12, FG22/5 Final Non-Handbook Guidance For Firms On The Consumer Duty. FCA. July 2022
vi. Section 11.38, FG22/5 Final Non-Handbook Guidance For Firms On The Consumer Duty. FCA. July 2022
vii. Section 9.41, FG22/5 Final Non-Handbook Guidance For Firms On The Consumer Duty. FCA. July 2022