The CBI identifies six key risks to consumers and gives an outline of how firms are expected to mitigate those risks.
Lack of consumer-focused culture
This issue has been and remains a key focus. The CBI has signaled that it will be requiring the implementation of action plans arising from the review of the behaviour and culture of retail banks in 2018. Notably, the Outlook Report indicates that all firms, not just retail banks, are expected to drive effective consumer-focused cultures. Firms are expected to focus on values and conduct.
Those values should be reflected in all the daily habits and practices of the firm, including in particular practices around promotion, remuneration, employee assessment, financial metrics and disciplinary processes.
Irresponsible unsecured lending
Although access to credit is clearly important to consumers, the CBI indicates that irresponsible unsecured lending is a key consumer risk.
Currently, the CBI expects firms to design and market credit products to meet pre-defined target markets, to make the ability to repay a key consideration and to ensure that credit products are suitable and are sold responsibly with full disclosure of the risks being made in advance of sale. Enhanced rules on moneylending are expected this year.
Failing to give clear information to consumers that enables them to assess the benefits, risks and costs of products is another key concern. The CBI expects firms to review how they can improve communications and sales and marketing materials. This review must ensure that materials used meet at least, the core criteria outlined in the Outlook Report, which include the requirement to use clear and understandable language and to contain no misleading information.
Firms will also be expected to demonstrate that they have implemented and embedded a product oversight and governance process. This important aspect of governance assists in enhancing both the design of consumer products and the servicing of products and ongoing engagement with consumers during the life of a product. Particular mention is given to health insurance providers who must make sure that benefits and cover are clear and understandable.
Also highlighted are recently revised/introduced obligations in the non-life insurance space (aimed at driving greater transparency, better-informed decisions and improved quality/opportunity of comparison). These include: increased renewal notification periods (now 20 working days for motor, health, property damage and general liability cover); prominent reminders of prior years' motor premiums; and provision of quotes for all motor cover options (from third party only, through to comprehensive).
The level and quality of disclosure of key information has been a core part of the CBI and industry's assessment of regulated lenders' customer engagement in the context of the industry wide Tracker Mortgage Examination. The focus on clear and informative disclosure of key information will remain across consumer regulated businesses.
Poor governance and oversight of outsourcing arrangements
Outsourcing arrangements must be managed appropriately by firms to ensure continued service for consumers.
The CBI sets out its expectations around outsourcing in the Outlook Report. These include ensuring effective oversight of arrangements by assigning the task to a relevant individual, function or committee in the organsiation. This delegate must have the appropriate skills and knowledge to oversee and understand the arrangements and their associated risks.
The CBI indicates, by way of example, that it will be supervising motor insurers who are using black box technology to monitor how consumers drive. This technology gathers data on driver behaviour, which then feeds in to the calculation of the motor premium. Such insurers should have sufficient oversight of technology providers to ensure that the information gathered is correctly managed and does not unfairly increase premiums or lead to policy cancellations or refusals to quote.
Information Technology and cyber risks
The management of IT and cyber risk is another matter of significant interest to the CBI and indeed to the EBA who published guidelines on ICT and security risk management. The CBI notes that where firms manage IT risk poorly or do not invest sufficiently, the risks of interruptions to service, mistakes in fees and likelihood of data security breaches occurring are increased.
The regulator expects firms to implement best practice in managing and securing data and the effective management of access by consumers to their funds. Where disruptions occur, the CBI expects them to be effectively managed. This includes communication with consumers and remediating with consumers where IT and cyber related issues have caused customer detriment.
Risks from Brexit
The CBI has also indicated that firms should implement plans to reduce risks arising from Brexit and be prepared for the impact on business and their customers. Disruption to consumers should be minimized and contingency plans put in place. Consumers should also be updated on any potential disruptions.