These high-level numbers look pretty good but there is still work to do to persuade the regulator that compliance is more than skin deep.
For example, the regulator highlighted cases of firms adopting generic vulnerable customer policies with no indication of why these had been chosen and implemented.
It also highlighted gaps where firms with policies did not appear to be collating the data so that customer outcomes could be properly tracked.
The industry has a vested interest in rising to this challenge.
Research we carried out among firms for a conference of business leaders back in 2019 found widespread agreement that the vulnerability agenda was important for reinforcing long-term trust in advisers and providers.
They felt that this was less a financial issue and more about social purpose.
That conference highlighted the scope of activity that was already underway – in particular that the issue of vulnerability was being dealt with at a high (often board) level within firms, which were busy working with and learning from other industries and other specialists with relevant knowledge and experience.
It also highlighted some of the roadblocks in terms of customer disclosure and perceived data protection issues.
Roll-on five years and firms are once again in the spotlight, being asked to submit their work for review.
The regulator wants to see evidence of intelligent thinking and effective action that delivers demonstrably better outcomes.
Behind all this focus on vulnerability there is a much bigger theme – how well do you understand and treat any of your customers as individuals with their own unique circumstances and objectives?
Shouldn’t they all be treated as special, needing the same care and respect?
Stephen Lowe is group communications director at Just Group