FCA Consumer Duty

The Financial Conduct Authority’s (FCA) Consumer Duty came into force on 27 July 2022 through Policy Statement PS22/9 and finalized Guidance FG22/5, introducing an overarching Principle 12 and cross-cutting rules that require firms to act in good faith, avoid foreseeable harm, and enable customers to pursue their financial objectives.¹ The regulator set a board-approved setup plan deadline of 31 October 2022, mandated open-product compliance from 31 July 2023, and extended the Duty to closed books by 31 July 2024, creating a multi-year change program that touches product design, distribution, pricing, communications, data, and culture.¹ FCA supervisors have emphasized that firms must evidence – not merely assert – that they deliver good outcomes, meaning compliance and risk teams need to embed metrics, dashboards, and governance that surface consumer detriment early, remediate root causes, and show fair value across every product portfolio.²

The Duty applies to all firms with a material influence over retail customer outcomes, including manufacturers, distributors, and service providers spanning banking, insurance, investments, and consumer credit.¹ FCA guidance details expectations for target market clarity, distribution oversight, and end-to-end monitoring of customer journeys, including vulnerable customers.² Because the Duty interacts with the Senior Managers and Certification Regime (SM&CR), boards must allocate clear accountability for setup and ongoing attestations, supported by Consumer Duty champions at the board level and cross-functional program leads.³ Firms that outsource servicing or rely on third-party technology must align contractual obligations, data-sharing arrangements, and oversight routines to ensure delegated processes still deliver evidencable outcomes.

Implementation timeline and governance checkpoints

Policy Statement PS22/9 requires boards or governing bodies to sign off on a detailed setup plan by 31 October 2022, including resource allocation, risk mitigation, and dependencies for open-book (live products and services) and closed-book (legacy) workstreams.¹ FCA Dear CEO letters and portfolio strategies reinforce that senior managers will be assessed on how they prioritize gaps, make timely investment decisions, and escalate issues when delivery milestones slip.³ Implementation plans should include a heat map of products and services, with high-risk segments – such as complex investments, vulnerable customer cohorts, or distribution chains with limited MI – flagged for accelerated remediation. Program management offices need integrated change roadmaps that cover policy updates, systems improvements, data sourcing, staff capability, and customer-facing communications.

After the October 2022 plan approval, firms must complete all necessary reviews and changes for open products by 30 April 2023 so they can share key setup milestones with distributors.¹ Throughout 2023, supervisory engagement will test whether firms have re-baselined product governance committees, pricing governance, and fair value assessments to reflect Consumer Duty standards. Closed-book setup requires mapping legacy products, understanding data availability gaps, and sequencing remediation to meet the 31 July 2024 deadline without disrupting ongoing servicing.² Boards should receive quarterly progress reports with red/amber/green status, resource utilization, risk registers, and remediation outcomes, and must attest annually that the Duty is embedded.

Data, metrics, and evidence expectations

FG22/5 explains that firms must collect and interpret both quantitative and qualitative data to show that products and services are delivering good outcomes.² Expected metrics include: product performance versus customer needs, persistence and churn analysis, complaints and root cause trends, arrears and forbearance outcomes, call waiting times, digital drop-off rates, servicing response quality, and vulnerability flags. The FCA encourages firms to triangulate MI by combining transaction data, customer journey analytics, and sentiment from surveys or complaints to identify emerging detriment.² Where data gaps exist – for example, legacy platforms without granular fields – firms should develop data remediation plans with target dates, interim proxies, and documented limitations reviewed by risk committees.

To support proportionality, firms should segment MI by product line, distribution channel, customer demographic, and vulnerability status, applying thresholds that trigger investigation or remedial action.² Dashboards should highlight both positive outcomes and areas needing improvement, with commentary explaining trends, exceptions, and actions. Control functions must maintain auditable logs of MI reviews, challenge sessions, and decisions, ensuring that evidence can be provided quickly during supervisory reviews. The FCA expects firms to maintain MI retention policies aligned with record-keeping obligations and ensure that data used for Consumer Duty monitoring is accurate, timely, and sourced from governed systems.

Control design and assurance routines

Your compliance team should map Consumer Duty requirements into control libraries that span design (policies, standards), preventive controls (product approval gateways, pricing committee sign-off, marketing approvals), detective controls (outcome testing, first line quality assurance, complaints MI), and corrective controls (remediation programs, customer redress playbooks).¹ Firms need to embed Consumer Duty checkpoints into product lifecycle governance: ideation, design, distribution, servicing, and exit. Fair value assessments must consider total cost of ownership, non-monetary costs (time, behavioral friction), and the relationship between price and benefits, with documented challenge by independent functions.²

Internal audit should conduct thematic reviews focused on Consumer Duty readiness, prioritizing high-risk business areas, data governance, and MI reliability.³ Second line compliance monitoring plans must expand testing coverage to include outcome testing, vulnerable customer treatment, and the effectiveness of remedial actions. Third-party oversight frameworks should require distributors and outsourcers to provide MI demonstrating compliance with the Duty, supported by right-to-audit clauses and breach reporting protocols. Firms should update risk and control self-assessments (RCSAs) to include Consumer Duty risks, inherent/residual ratings, and action plans.

Operating model, culture, and training

The Consumer Duty demands cultural change alongside technical compliance. Boards need to articulate risk appetite for customer outcomes and embed it into incentive structures, performance management, and product development decisions.² Training curricula should cover the Duty’s three elements (Principle 12, cross-cutting rules, four outcomes), provide case studies by product type, and equip staff to identify vulnerable customers and escalate issues. Frontline staff should have scripts, knowledge bases, and decision trees aligned with the Duty’s expectations for clear communication and effective support. Product teams need playbooks for assessing customer needs, scenario testing, and documenting value assessments.

Operational resilience considerations include ensuring that complaints handling, payment processing, and digital platforms can scale to deliver consistent support during incidents. Firms must evaluate whether service-level agreements (SLAs) with outsourcers reflect Duty obligations for response times, accessibility, and customer support quality.¹ Incentive schemes should be reviewed to avoid conflicts that prioritize sales volume over customer outcomes, and whistleblowing channels should explicitly invite Consumer Duty concerns. Change management communications should explain why product adjustments or pricing changes are being made to comply with the Duty, helping customers understand the benefits.

Scenario analysis and remediation playbooks

Firms should perform scenario analysis covering foreseeable harms such as technology outages affecting vulnerable customers, biased algorithmic pricing, misaligned communications that trigger customer confusion, or backlogs in complaints resolution. For each scenario, map preventive and detective controls, escalation paths, and customer redress procedures. Stress tests should include surge analysis for complaints volumes, call center load, and digital channel resilience, particularly during product migrations or pricing changes.

Remediation playbooks must define how firms identify affected customers, quantify harm, determine redress calculations, and communicate outcomes transparently.² Where MI shows that vulnerable customer needs are not met (for example, reliance on digital-only channels), firms should develop alternative support routes, accessible documentation, and staff training to provide tailored assistance. Supervisory communications expect firms to self-identify and report material Duty breaches, including actions taken, customer impact assessments, and timelines for full remediation.³ Aligning Consumer Duty monitoring with operational resilience and conduct risk frameworks will help firms embed continuous improvement beyond initial setup.

References

• ¹ FCA Policy Statement PS22/9: A new Consumer Duty.
• ² FCA finalized Guidance FG22/5: The Consumer Duty.
• ³ FCA Consumer Duty setup landing page and supervisory messaging.

This brief supports UK-regulated firms with Consumer Duty MI architecture, fair value assurance, and closed-book remediation tracking.

Related articles

Curated signals from the same pillar or overlapping topics.

Compliance · Credibility 89/100 · December 5, 2023

MAS ESG VCOC

MAS and the Singapore FinTech Association launched a voluntary code of conduct for ESG rating and data providers, setting governance, transparency, and conflict management benchmarks for financial institutions’ vendors.

Compliance · Credibility 90/100 · September 17, 2020

Cftc Swap Data Reporting Rewrite

Operational blueprint for the CFTC's September 2020 swap data reporting rewrite, covering data model redesign, lifecycle event handling, verification controls, and setup timelines.

Compliance · Credibility 91/100 · August 2, 2022

MiFID II sustainability preferences

MiFID II firms must now capture and honor client sustainability preferences, aligning product data, governance, and outcome testing with EU Taxonomy, SFDR, and PAI criteria.

Compliance · Credibility 89/100 · June 23, 2022

EU Data Governance Act

Operational teams now have 15 months to register EU data intermediation services, harden secure processing environments, and build data altruism governance under the Data Governance Act that took effect on 23 June 2022.

Compliance · Credibility 87/100 · June 21, 2022

UFLPA and Forced labor compliance

CBP’s 21 June 2022 enforcement of the Uyghur Forced Labor Prevention Act imposes a rebuttable presumption against goods tied to Xinjiang or the UFLPA Entity List, forcing importers to evidence granular tracing…

Continue in the Compliance pillar

Return to the hub for curated research and deep-dive guides.

Visit pillar hub

Latest guides

• Third-Party Risk Oversight Playbook

  Operationalize OCC, Federal Reserve, EBA, and MAS outsourcing expectations with lifecycle controls, continuous monitoring, and board reporting.

• Compliance Operations Control Room

  Implement cross-border compliance operations that satisfy Sarbanes-Oxley, DOJ guidance, EU DORA, and MAS TRM requirements with verifiable evidence flows.

• ESG Assurance Operating Guide

  Deploy credible ESG assurance across CSRD, SEC climate disclosure, and ISSA 5000 requirements with regulator-aligned controls, data governance, and audit-ready evidence.

Coverage intelligence

Published

July 27, 2022

Coverage pillar

Compliance

Source credibility

87/100 — high confidence

Topics

FCA Consumer Duty · Conduct risk · Customer outcomes · Data governance · UK supervision

Sources cited

3 sources (fca.org.uk, iso.org)

Reading time

6 min

References

1. Policy Statement PS22/9: A new Consumer Duty — Financial Conduct Authority
2. Finalized Guidance FG22/5 on the Consumer Duty — Financial Conduct Authority
3. ISO 37301:2021 — Compliance Management Systems — International Organization for Standardization