The provision of investment services to vulnerable persons
The provision of investment services to vulnerable persons1 Introduction
1.1 This guidance note sets out expectations for investment businesses when providing services to vulnerable persons, as required under paragraph 2.5 of the IB Code. The guidance explains how firms should identify, assess, and respond to indicators of vulnerability in their client base, and how these considerations should be embedded in governance, product design, and day-to-day interactions. It is intended to support firms in delivering fair outcomes and reducing the risk of harm to clients whose circumstances may make them less able to protect their own interests.
2 Guidance
2.1 Principle 2 of the IB Code states:
A registered person must have the highest regard for the interests of its clients.
2.2 The requirements in respect of Vulnerability are set out in paragraph 2.5 of the IB Code as follows:
A registered person must identify and afford appropriate protection to a vulnerable client.
2.3 This guidance note provides guidance on the following matters:
What situations might increase the likelihood of an individual becoming vulnerable?
How can a registered person assist vulnerable persons?
What systems and controls should a registered person have in place to manage vulnerable persons?
JFSC’s expectations of a registered person in relation to vulnerable persons.
3 What is a vulnerable person?
3.1 For the purposes of this guidance, a Vulnerable Person (VP) is an individual whose personal circumstances or characteristics can increase their susceptibility to financial detriment, particularly where a registered person is acting without appropriate care or diligence. Vulnerability may arise from one or more drivers of vulnerability, such as health conditions, significant life events, low resilience, or limited capability. It can be temporary, recurring, or permanent. When multiple drivers interact, this creates compound vulnerability, which significantly heightens the risk of harm.
3.2 Vulnerability is not a fixed state. It can be visible or concealed, and its impact may change over time. It should be understood as a spectrum of risk, not a single condition. A client may move along this spectrum as their circumstances evolve.
3.3 The main drivers of vulnerability fall under four main categories:
health - physical or mental health conditions that affect decision-making or financial management
significant life events - events such as bereavement, relationship breakdown, or job loss that create stress or instability
resilience - the ability to cope with financial or emotional shocks. Low resilience increases susceptibility to harm
capability - limited knowledge, skills, or confidence in managing financial matters
The table below provides examples of characteristics and situations that may increase a client’s vulnerability. These examples are not exhaustive and should be viewed as indicative only. Vulnerability exists on a spectrum and may change over time.
|
Examples of characteristics of potential vulnerability |
|
|
Age (covers both the young and old) |
English as a second language |
|
Low income |
Low literacy/learning difficulties |
|
Financial desperation |
Health problems |
|
Inexperience of financial matters |
Physical disabilities |
|
Mental health issues |
Lack of internet access/technical knowledge |
|
Single parent/lack of family support network |
Sensory impairment |
4 What situations might increase the likelihood of an individual becoming vulnerable?
4.1 Certain events or changes in circumstances can increase the likelihood of a client experiencing harm, even if they are not usually considered vulnerable. These situations may not always be apparent, but registered persons and Investment Employees should remain alert to any indicators and adjust their approach when providing investment business services.
4.2 The table below provides examples of circumstances that can heighten vulnerability, whether for a short period or on an ongoing basis.
|
Examples of circumstances or situations which may increase vulnerability |
|
|
Loss of income |
Bereavement |
|
Loss of employment |
Victim of crime or an accident |
|
Breakdown of relationship |
Addiction/gambling habit |
|
Social isolation |
Serious illness or long-term medication |
|
Resilience – emotional/financial shock |
Non-standard requirements/limited options |
5 How can a registered person assist vulnerable persons?
5.1 Ultimately, it is incumbent upon the registered person to decide how it interacts in practice with VPs; however, some examples of good practice that the JFSC has observed include the following:
Additional care
5.1.1 A registered person can assist vulnerable or potentially vulnerable clients in a number of ways, for example, inviting another member of their family or a trusted friend or adviser to help them consider and understand the financial advice or investment service being provided. The registered person should also consider (where appropriate client consent has been granted) sending copies of relevant documentation to the trusted individual for reference and safe-keeping. Whilst this approach is generally considered as being of benefit to the client, a degree of caution should also be applied to ensure that the trusted third party is indeed acting in the client’s best interest.
5.1.2 A registered person should record whether they consider a client to be in need of additional assistance and why, along with any additional measures they have taken to ensure that the client has understood the investment advice or proposal or any other material matters addressed.
5.1.3 Where appropriate, individuals with a limited command or understanding of English should be informed that they may wish to use a representative or interpreter at relevant discussions, who has a full command of English (both written and spoken).
5.1.4 A registered person should consider whether the client requires any special facilities, for example, where their mobility is impaired.
5.1.5 Where needed, information should be provided in accessible formats (for example, large print, audio, or easy-to-read), and meetings held in accessible locations so that clients can understand and engage with the advice or service.
5.1.6 A registered person should encourage appropriate disclosure of potential vulnerability by explaining how sharing information will help them receive support and providing safe, accessible channels for doing so.
Suitability of investments
5.1.7 The usual suitability obligations apply to all clients. Where a client has been identified as vulnerable, or where indicators of vulnerability are present, a registered person should apply additional care to the suitability assessment and to how recommendations are communicated and recorded. The following considerations should be applied as appropriate.
5.1.7.1 A registered person should take extra time to explain in detail the specific advantages and disadvantages of their investment recommendations or proposals to a client.
5.1.7.2 A registered person should be mindful of a client’s time horizons and attitude to risk and apply appropriate caution in its approach.
5.1.7.3 A registered person should provide well documented, logical and clear explanations to clients wherever possible taking into account the client’s particular vulnerability. This should be demonstrated in key documents such as suitability letters or proposal documents.
5.1.7.4 When dealing with an elderly client, a registered person should be mindful of the likelihood for change in circumstances, for example, are there any health-related matters or other issues that could affect the suitability of investments. A registered person should also consider the liquidity of investments or whether there are sufficient cash reserves to cover the possibility of paying private medical fees or nursing home fees etc.
5.1.7.5 In situations where a registered person or an Investment Employee has concerns that a client does not fully understand the nature of an investment or the risks associated with it, the registered person or Investment Employee should not proceed and should seek guidance from the Compliance Officer or a senior member of the registered person.
Other considerations
5.1.8 A registered person should consider whether a third party Curator or Power of Attorney may be required and where one has been appointed should consider its own due diligence in relation to that third party.
5.1.9 The fact that a client is, or may be, vulnerable should not of itself prevent them from accessing investment services. The registered person should adapt its approach and take reasonable steps to accommodate the client’s needs rather than decline to act, where it is appropriate to do so.
6 What systems and controls should a registered person have in place to manage vulnerable persons?
6.1 A registered person should have well-developed policies and procedures to address the key risks associated with dealing with vulnerable persons and to set out the expectations of all relevant staff, including client-facing roles, compliance, and senior management. These policies should ensure a consistent and diligent approach across the organisation.
6.2 Policies should explain how vulnerability is identified, what factors are recorded, and what actions are taken.
6.3 Registered persons should take reasonable steps to identify indicators of vulnerability where a client does not disclose it and should adapt their service where appropriate
6.4 For higher-risk cases, a registered person may consider additional oversight at key stages, for example a peer review or compliance review.
6.5 A registered person should consider its central recording of VPs across the organisation and its reporting of such to relevant parties such as an Investment Committee, Compliance function or the Board. A registered person should also consider how it monitors any management information gathered to identify the root cause of any issues that might exacerbate vulnerability.
6.6 A registered person should consider offering cooling off periods following the provision of advice, suitability letter or proposal letter, prior to an investment taking effect.
6.7 A registered person should consider vulnerable persons as part of its general business risk assessment under paragraph 3.1.3.1 of the IB Code.
6.8 A registered person should monitor the implementation of its VP strategy on an ongoing basis.
6.9 Vulnerability considerations should be reflected in product and service design, marketing, and governance processes, and these should be reviewed regularly to ensure potential harms are identified and mitigated.
7 Expectations of a registered person in relation to vulnerable persons
7.1 The level of a client’s vulnerability can vary depending on their personal circumstances. It is therefore important that procedures are in place to regularly re-assess the circumstances of individual clients so that registered persons can adapt their approach accordingly.
7.2 In addition to having appropriate policies and procedures in place, a registered person should ensure that all staff, and particularly those providing investment services, are fully aware of these policies and receive appropriate training. The JFSC expects treating all customers fairly to be embedded in the culture of all registered persons.
7.3 Paragraph 2.5 of the IB Code makes explicit the requirement to identify and afford appropriate protection to a vulnerable client. That expectation is also reflected elsewhere in the IB Code, in particular through Principles 1 to 3 and the related detailed requirements, which collectively require a registered person to act with integrity, place clients’ interests at the forefront, and organise and control its affairs, including risk management arrangements, so that appropriate care is delivered in practice.
7.4 Failure by a registered person to establish and adhere to policies and procedures in relation to VPs will be treated by the JFSC as a breach of the IB Code.
7.5 This guidance note is not prescriptive. Registered persons may use alternative approaches to identify and respond to vulnerability, provided their policies and procedures are effective and meet the requirements of the IB Code.
7.6 In addition to managing its own interactions with vulnerable persons, a registered person should have policies and controls to detect and prevent situations where a third party could exploit a client’s vulnerability. Paragraph 3.2.1.5 of the IB Code requires systems that enable management to guard against involvement in financial crime, including fraud.
8 Conclusion
8.1 This guidance note is not intended to provide an exhaustive list of the characteristics of VPs, or the measures which should be adopted by a registered person when dealing with VPs. It is instead intended to prompt a registered person into giving consideration to the strength of their existing policies and procedures in this area, and where appropriate taking action to address any shortcomings.