Financial services firms are being urged to urgently review their IT systems and processes after new independent guidance on managing customer vulnerability was formally adopted by the Financial Ombudsman Service (FOS).

The guidance, published by the Chartered Insurance Institute (CII) and the Personal Finance Society (PFS), sets out higher standards for how firms should identify, record, monitor, and report on vulnerable customers. It aims to close existing knowledge gaps and provide a practical action plan for banks and insurers to strengthen support for those at risk.

At the heart of the recommendations is a focus on IT infrastructure and data management. Firms are expected to demonstrate not only that they can spot and support vulnerable customers, but also that they can evidence positive consumer outcomes in line with the Financial Conduct Authority’s (FCA) shift from prescriptive rules to “principles with proof” under the Consumer Duty framework.

Andrew Gething, managing director of vulnerability specialists MorganAsh, warned that firms failing to align with the new benchmark could face serious regulatory and reputational consequences.

“This higher benchmark now becomes the de facto standard for the FOS and means that firms must interrogate their current IT systems and processes to ensure they cut the mustard and take action if they don’t,” Gething said. “If a firm’s approach cannot demonstrate how they identify and support vulnerable customers—with suitable evidence—they won’t just be out of touch with best practice, they will be out of line with what regulators and the Ombudsman will expect. That’s a hard place to defend from in the case of an active complaint.”

The adoption of the guidance by the FOS signals a tightening of expectations across the sector, with experts warning that firms must act quickly to avoid falling behind.