Policy Briefing — UK FCA Consumer Duty Final Rules

Executive briefing: On 27 July 2022 the UK Financial Conduct Authority (FCA) published Policy Statement PS22/9 and the final Consumer Duty rules, establishing a new principle that firms must deliver good outcomes for retail customers across product governance, price and value, consumer understanding, and support. The duty imposes a board-approved implementation plan, ongoing outcome testing, and enhanced data governance, with phased compliance deadlines starting July 2023 for open products and July 2024 for closed books. It sets a higher expectation than Treating Customers Fairly, requiring firms to evidence that consumer outcomes are monitored and improved over time.

Core components of the Consumer Duty

The Duty comprises:

• Principle 12: A requirement for firms to act to deliver good outcomes for retail customers, applicable alongside Principles 6 and 7 but superseding them where more exacting.
• Three cross-cutting rules: Firms must act in good faith, avoid causing foreseeable harm, and enable and support customers to pursue their financial objectives.
• Four outcomes: Covering product and service governance, price and value, consumer understanding, and consumer support, each with detailed requirements and evidential expectations.

The rules apply to firms in the retail financial services distribution chain, including manufacturers, distributors, advisers, and platforms. Senior Managers and Certification Regime (SM&CR) accountability requires clear allocation of Duty responsibilities to senior managers.

Implementation governance and oversight

Firms must have their boards approve an implementation plan by 31 October 2022, with at least annual assessments thereafter. Governance considerations include:

• Board oversight. Boards must scrutinise implementation progress, challenge management on customer outcome evidence, and attest annually to Duty compliance.
• SMF accountability. Allocate Consumer Duty responsibility to a Senior Management Function (SMF), integrating duties into Statements of Responsibility and Management Responsibility Maps.
• Implementation champion. Appoint an independent non-executive director (INED) or equivalent to champion the Duty, ensuring robust challenge.
• MI and reporting. Develop management information (MI) dashboards tracking outcome metrics (complaints, churn, support wait times, vulnerability flags, product performance) and escalate issues promptly.

Internal audit should plan reviews covering implementation readiness, data accuracy, and ongoing monitoring. Firms should document change portfolios, resource allocations, and risk mitigation strategies.

Outcome testing expectations

The FCA expects firms to conduct outcome testing that goes beyond compliance with processes. Suggested approaches include:

• Product and service outcome testing: Evaluate whether product features meet target market needs, using behavioural testing, customer research, and complaints analysis.
• Price and value assessments: Analyse profitability, charges, and benefits, ensuring value remains fair over time. Benchmark against peer products and track cohorts of customers, particularly those in vulnerable circumstances.
• Consumer understanding monitoring: Test communications using A/B testing, readability analysis, and customer feedback to confirm key information is understood. Monitor digital journey analytics for drop-off or confusion points.
• Consumer support evaluation: Measure contact centre performance, case resolution times, and effectiveness of support for vulnerable customers. Assess whether support channels are accessible and avoid unreasonable barriers.

Firms must document methodologies, frequency, and findings, integrating results into risk assessments and product governance forums. Remediation plans should outline actions, owners, and timelines.

Data, technology, and operational implications

Delivering the Duty requires robust data capabilities:

• Data lineage and quality. Map data sources used for outcome monitoring, ensuring accuracy, completeness, and timeliness. Establish controls for data aggregation across legacy systems.
• Analytics and dashboards. Build analytics platforms that track customer journeys, detect emerging risks, and segment outcomes by vulnerability, demographics, and channel.
• Automation and alerts. Implement automated triggers for adverse outcomes (e.g., repeated declined claims, high complaint ratios), enabling proactive interventions.
• Recordkeeping. Maintain evidence of board discussions, MI reviews, and remediation actions for FCA supervision.

Firms should integrate Consumer Duty metrics into existing risk frameworks, ensuring alignment with Operational Resilience, Vulnerable Customer guidance, and Product Intervention Rules.

Sector-specific considerations

Different sectors face unique challenges:

• Retail banking: Must reassess overdraft pricing, digital journey clarity, and support for customers facing cost-of-living pressures. Evaluate communications around forbearance and debt management.
• Insurance: Align with Pricing Practices, ensuring renewal quotes are fair and support claims handling transparency.
• Investments and wealth: Review platform fees, advice models, and retirement products for ongoing value. Ensure suitability assessments integrate vulnerability indicators.
• Consumer credit: Monitor affordability assessments, collections strategies, and treatment of forbearance options.

Firms operating across multiple sectors should develop tailored playbooks capturing regulatory overlaps and differing MI requirements.

Timeline and milestones

1. By 31 October 2022: Board-approved implementation plans, gap analyses, and prioritised remediation programmes.
2. By 30 April 2023: Manufacturers to complete reviews of open products and share required information with distributors.
3. By 31 July 2023: Duty in force for open products and services. Firms must complete necessary changes to meet outcomes and cross-cutting rules.
4. By 31 July 2024: Duty applies to closed products. Ongoing monitoring, MI reviews, and annual board assessments continue.

Supervisory expectations and enforcement

The FCA will embed the Duty into supervisory and enforcement work, including multi-firm reviews, s166 skilled person reports, and enforcement investigations where poor outcomes persist. Firms should be prepared to demonstrate:

• Evidence of proactive identification and remediation of harm, including redress calculations and customer communications.
• Integration of Duty considerations into product lifecycle management, change programs, and senior manager attestations.
• Alignment of remuneration and incentive structures with desired outcomes.
• Continuous learning from complaints, vulnerability insights, and market data.

Failure to comply may result in fines, consumer redress mandates, or restrictions on product sales.

Sources

• FCA Policy Statement PS22/9: A new Consumer Duty
• FCA Finalised Guidance FG22/5 on the Consumer Duty
• FCA press release introducing the Duty
• FCA expectations for board reporting
• FCA Consumer Duty landing page

Zeph Tech works with UK financial institutions to operationalise the Consumer Duty, integrating governance, MI, and outcome testing frameworks that evidence good customer outcomes across product portfolios.

Data architecture and tooling enhancements

Delivering actionable MI requires a resilient data architecture. Firms should map upstream and downstream dependencies for outcome metrics, ensuring data warehouses, CRM platforms, complaints systems, and telephony solutions feed into a consolidated analytics layer. Deploying master data management (MDM) helps maintain consistent customer identifiers, while data virtualisation can speed access to near-real-time insights. When modernising tooling, firms should evaluate low-code workflow platforms to orchestrate remediation, natural language processing (NLP) for analysing customer communications, and speech analytics to identify agent conduct risks. Data science teams should work with compliance to build explainable models that predict emerging harms without introducing unfair bias.

Technology upgrades must be governed by change management controls to prevent unintended consequences. Firms should maintain design documentation that links data transformations to regulatory requirements, test dashboards with first-line users, and establish data quality SLAs. Outcome testing should include reconciliations between source systems and MI outputs, sampling to verify calculation accuracy, and stakeholder sign-off before metrics inform board reports.

Practical implementation example

A UK retail bank piloting the Duty across its credit card portfolio created a cross-functional war room. The team catalogued all customer journeys, mapped vulnerabilities, and introduced new MI tracking call wait times, abandonment rates, and hardship referrals. Analytics revealed that customers experiencing payment difficulties faced longer waits. The bank introduced proactive outreach, rebalanced staffing, and embedded hardship prompts into digital channels. Post-implementation outcome testing showed a 35% reduction in complaint volumes and improved forbearance uptake. Documenting this lifecycle—including data sources, decisions, remediation, and monitoring—provided evidence for the FCA and informed roll-out to other products.

Related briefings

Curated signals from the same pillar or overlapping topics.

Policy · Credibility 40/100 · July 31, 2025

Policy Briefing — July 31, 2025

The UK FCA expects Consumer Duty boards to sign off 31 July 2025 outcomes assessments with MI, fair value remediation, and vulnerable customer evidence ready for supervisor challenge.

Policy · Credibility 92/100 · July 18, 2022

Policy Briefing — EU Digital Markets Act Formally Adopted

EU member states formally adopted the Digital Markets Act, setting timelines for designating gatekeepers and imposing interoperability, data access, and self-preferencing bans that digital platforms must operationalise.

Policy · Credibility 91/100 · July 18, 2022

Policy Briefing — UK Data Protection and Digital Information Bill Introduced

The UK government introduced the Data Protection and Digital Information Bill, proposing targeted reforms to UK GDPR accountability, international transfers, and digital identity governance that demand refreshed privacy…

Policy · Credibility 92/100 · August 9, 2022

Policy Briefing — U.S. CHIPS and Science Act Enacted

The CHIPS and Science Act of 2022 authorizes $52.7B for U.S. semiconductor manufacturing and R&D plus tens of billions for AI and emerging technology programs, imposing guardrails, reporting, and supply-chain…

Policy · Credibility 91/100 · August 11, 2022

Policy Briefing — FTC Opens Commercial Surveillance Rulemaking

The FTC’s August 2022 commercial surveillance ANPR signals expansive privacy, security, and algorithmic accountability rules, requiring firms to document controls, outcome testing, and advocacy strategies before formal…

Continue in the Policy pillar

Return to the hub for curated research and deep-dive guides.

Visit pillar hub

Latest guides

• Semiconductor Industrial Strategy Policy Guide — Zeph Tech

  Coordinate CHIPS and Science Act, EU Chips Act, and Defense Production Act programmes with capital planning, compliance, and supplier readiness.

• Digital Markets Compliance Guide — Zeph Tech

  Implement EU Digital Markets Act, EU Digital Services Act, UK Digital Markets, Competition and Consumers Act, and U.S. Sherman Act requirements with cross-functional operating…

• Export Controls and Sanctions Policy Guide — Zeph Tech

  Integrate U.S. Export Control Reform Act, International Emergency Economic Powers Act, and EU Dual-Use Regulation requirements into trade compliance, engineering, and supplier…