In late 2017, the Office of Communications (Ofcom) published a statement and a further consultation on the review of the general conditions (GC) of entitlement.
Ofcom initially proposed changes to the general conditions of entitlement in December 2016. The initial consultation on the changes received over 70 responses.
This regulatory update focuses on the changes in Section 12, which sets out measures to meet the needs of vulnerable consumers and end users with disabilities.
Following the responses received, Ofcom revised its initial wording so that firms are no longer required to actively seek to obtain information about customer vulnerability. Instead, they are required to identify customers who may be in a vulnerable circumstance, i.e. when a customer asks for printing braille or request changes are made to a deceased customers account. The new rules are intended to ensure that when firms identify vulnerable customers, they are appropriately equipped with systems and controls to be able to treat them fairly.
Additionally, Ofcom has responded to respondent’s comments of the concept of vulnerability being too broad, open ended and not practical. Its response states that this it is intended to allow communication providers (CPs) flexibility in identifying different forms of vulnerability and set out policies and procedures where it is practical to do so.
The response also omits reasonable steps to identify vulnerability from the definition. ‘Reasonable steps’ is now replaced with ‘reasonably be aware’ and ‘has been informed’. It acknowledges that there may be vulnerabilities that may be difficult to set out in policies but expects that when presented with a vulnerability, firms aim to respond appropriately.
Clarity on the term ‘vulnerable’
With regards to clarity on the term ‘vulnerable’, Ofcom states that it does not deem it necessary to include ‘sudden change in financial circumstance’ in its illustrative list of circumstances that may make customers vulnerable as it considers the wording of the revised condition would already cover these situations.
Additionally, considering some of the respondents stated that the terms were too broad, Ofcom has removed divorce and has narrowed its illustrative vulnerability circumstances as follows:
“…due to circumstances such as age, physical or learning difficulty, physical or mental illness, low literacy, communications difficulties or change in circumstance such as bereavement.”
Ofcom has noted that although many people are caught in its illustrated circumstances, many may not view themselves as vulnerable and it is important that a firm’s policies and procedures consider individual circumstances. Enabling firm’s staff to identify and assess if the customer is in a circumstance that may make them vulnerable and treat them fairly is pivotal to meeting this requirement.
Additionally, where firms have identified that a customer is vulnerable through their circumstances and this falls outside that which is stated in the list, firms are still required to treat the customer fairly.
In response to a request for clarity or guidance on the term vulnerable, Ofcom states that it does not deem it necessary to provide clarification. It is a relatively new requirement and Ofcom want the industry to exercise flexibility on how they chose to implement and define vulnerability and associated processes.
Requirement to publish polices
Firms are no longer required to publish their staff training procedures. Instead, firms are required to ensure that all staff are aware of policies and procedures and that these are appropriately trained out within the firm. Firms are still required to publish other elements of their policies publicly.
Some firms raised concerns with regards to sensitive personal data being collected and recording customer vulnerability as part of their responses.
In its response, Ofcom refers to a ‘privacy impact test’ and that it may be useful in identifying risk from the collection of data. In any case, the ICO suggests firms collect the minimum amount of data necessary and communicate clearly to the customer the reason why the data is being collected. Ofcom’s response also noted that firms should ensure ‘explicit consent’ to process sensitive data which meets the standards set out in the General Data Protection Regulation (GDPR).
Ofcom clarified that the obligation to fix priority faults only applied to providers of fixed-line voice and fixed line broadband services.
Regulatory next steps
Following the responses, Ofcom has extended its implementation period from 3-6 months to one year. Therefore, the revised condition will come into force on 1st October, 2018.
Consideration for firms
- Firms should consider the need to revisit/amend their training procedures to ensure it reflects Ofcom updated standards.
- Firms should consider if their systems and controls cater for customers in vulnerable circumstances.
- Firms should consider whether their oversight arrangements are sufficiently focussed on ensuring good customer outcomes.