Customer Fair Treatment policy

Our business wants to be the best technology partner for our customers. This policy outlines the processes and procedures that directly affect our customers fair treatment and sets out:

• The outcomes we want to achieve for customers
• A framework for delivering these outcomes, including key controls and putting things
• right when they go wrong
• Key things to think about when assessing what fair treatment means for our customers

Policy Risk Appetite

• Our business has no appetite for:

• Regulatory breaches
• Systemic unfair customer outcomes arising from product design, sales or after sales
• processes or service

We must comply with relevant legislation, regulation and internal standards, codes and principles.

Systemic unfair customer outcomes arise where issues relating to Subly’s products, policies, procedures, colleague competence, or availability of resources result in unfair outcomes being delivered to a group of customers. An issue may be systemic where the root cause is embedded and the result affects a:

• Large group of customers, even though the individual impact is minor
• Small group of customers, but the individual impact is significant

Activities

The Policy applies to all activities that affect customer treatment, whether directly or indirectly. These include:

• Designing, distributing and reviewing products and across all channels
• Communicating with our customers
• The internal processes that relate to customer treatment
• Monitoring, reporting and training

1. Delivering fair outcomes throughout the customer relationship

This section sets out the outcomes we must deliver for customers. 1.1 Putting customers at the heart of doing business
We must:

• Seek to understand customers behaviours and use this knowledge to improve customer outcomes
• Make use of customer research and insights where relevant
• Foster a culture where they recognise customer diversity and treat all customers with respect

• Challenge themselves by thinking critically about doing the right things for customers

1.2 Designing and distributing products

We must design products & services that meet the needs of our customers and deliver fair value.

1.3 Giving customers the right information at the right times

• We must communicate with customers in a way that is clear, fair and not misleading
• Communications must meet the information needs of the audience and any key messages must be highlighted
• We must select channels that fit best with the message being communicated, taking into account factors such as complexity and urgency
• We must as far as possible offer alternative ways of communicating with customers where appropriate. This helps meet the diverse needs of our customers and is key to meeting our obligations under relevant legislation

1.4 Meeting the needs of customers for the duration

• We must consider the range of needs customers might have beyond the initial sale of a product
• Considerations should include how they identify if they are still meeting customers’ needs. And, if they don’t think they are, what they do about it
• We must ensure that customers experiencing frustrations or difficulties with the service are dealt with fairly

1.5 Being flexible where appropriate in the interests of customers

• We must be proactive in identifying where processes can reasonably be flexed to provide fair outcomes for individual customers
• Having the capabilities to be flexible is vital to meeting the needs of customer

1.6 Putting things right when they go wrong employees must:

• Record any regulatory or Policy breaches (material or not) and actively use these to identify trends, including the cumulative effect of lower level breaches

Take appropriate action to:

• Assign an Accountable Owner for issues
• Track issues through to a successful conclusion in a timely manner
• Remediate customers where suitable
• Fix the underlying cause to prevent recurrence
• Consider if there are any upstream or downstream impacts, or potential application to other products or services and take follow up action as necessary
• Promptly feed learning back to relevant processes/product design, embedding learning for the longer term
  ‍

2. Identifying customer risks and setting appetite
‍

We must:

• Pro-actively use and refer to our customer risk appetite when identifying and managing risks. Employees may define and manage risks against those risk appetite statements
• Assess what 'systemic unfair customer outcomes' means for them in the context of risk appetite, their customer profile, business and operating model, together with any impacts this may have on our business
• Consider customer risks during the setting of strategy and business plans
• Have a clear view of, and anticipate as far as reasonably possible, the potential range of unfair customer outcomes and how those will be detected and prevented
• Have means to identify regulatory and competition risks that could (if not managed effectively) give rise to conduct and customer risks. Legal and regulatory compliance is an essential part of controlling customer risk
• With regard to regulatory, legislative, code or internal Policy/Procedural requirements

          ○  Have robust means of keeping abreast of such requirements
           ○  Be able to demonstrate how local processes meet these

• Consider end-to-end processes when reviewing material customer risks, to ensure that new and emerging risks can be quickly identified and a plan put into place to manage them. This includes any risks introduced by change processes
• Ensure that the identification of new material risks prompts a review of management information, including, where relevant, the design of new MI (Management Information)

3. Governance

We must:

3.1 Support a strong risk culture

Governance structures must:

• Provide appropriate senior oversight to identify risks and resolve issues, taking the
• opportunity to strengthen the risk culture. This includes assessing and communicating lessons learnt from past events, both failures and successes, to enact changes for the future
• Enable customer risk to be managed within risk appetite
• Facilitate constructive challenge and promote continuous improvement

3.2 Arrangements

Governance structures must:

• Have appropriate duties/task segregation where appropriate
• Allow for swift escalation when required
• Support the 'end-to-end' customer journey

‍4. Monitoring and Management Information

For the purposes of this Policy, 'monitoring' and 'MI' must be interpreted in their broadest sense.

4.1 Monitoring

We must:

• Prioritise monitoring and oversight so that within their suite of customer risks, issues, processes and controls, they are focusing on those with the strongest link to the delivery of fair and consistent outcomes for customers, or the ability to anticipate/identify unfair ones
• Adopt a risk-based monitoring strategy, employing post-implementation reviews / deep dives as appropriate
• Ensure that outputs from monitoring are fed back into senior management team

4.2 Management Information (MI)

We must:

• Demonstrate use of a broad MI base, capturing qualitative MI in addition to quantitative MI, and reporting against conduct culture
• Ensure MI is specific to identify customer treatment weaknesses, so action can be taken to resolve
• Champion a culture of continuous MI improvement
• Document processes for the collection and production of MI. These must state who is accountable for the production and analysis of MI, aspects of data integrity, frequency of production, challenge mechanisms, and sign-off processes

5. Colleagues and Training

We must:

• Motivate and develop the capability of our employees by embedding a culture that promotes the risk appetite for the fair treatment of customers
• Ensure that employees are rewarded in a way that is consistent with our values and will help to drive fair and appropriate customer outcomes
• Ensure that any of our employees who are directly involved in delivering fair outcomes to customers, or involved in the identification and/or management of customer risks, have expectations clearly defined and documented

5.1 Training and Competence

We must:

• Ensure that employees are competent at delivering fair customer outcomes as required by their role
• Have mechanisms to identify where employees are not meeting the expected standards and take appropriate action
• Equip employees so they can, where relevant:
  ○  Recognise and meet the needs of customers
  ○  Understand the scope they have within their role to flex existing processes in the interests of our customers and when they need to escalate
  
• Ensure that training and competency arrangements relating to fair customer treatment and the management of customer risks are tailored to the:
  ○  Nature of the employee’s role and responsibilities
  ○  Type and complexity of issues the colleague is expected to deal with or make decisions upon
• Review training and competency arrangements that manage customer risks at least once a year to ensure they are fit for purpose
  ‍

‍6. Record Keeping

Records must be managed and protected in accordance with the our Policies for Records Management and Data Privacy. In relation to customer treatment, we must ensure they:

• Identify and retain key customer documentation such as terms and conditions if required to do so
• Record and retain relevant information about a customer’s particular circumstances and any decisions or agreements they have reached, as well as any advice given
• Record and retain business decisions and follow up any action points
• Document local policies, procedures and processes relevant to customer treatment and assign owners to these

Customer Treatment Procedures

• The following Procedures support the Policy.
  A. Customer Communication
  This Procedure applies to all wide-reach communications which is defined as:
  Non-marketing communications that are issued to, or targeted at, multiple customers and, because of that, present a systemic customer risk. The impact could be to customers (if they are inaccurate, and/or mislead) or our business (reputational damage, cost to put right, and/or technical compliance breaches). Communications falling into this category require a higher degree of control to mitigate the risk and include:
• Factual information – covers a broad spectrum, including (non-exhaustive list): Terms and Conditions; some distribution process materials given to a customer (such as initial disclosure documents or key features); welcome packs; press releases, and corporate literature
• Mailings – any communication issued to a group of customers
• Forms – e.g. application forms
• Standard letters/templates – as a minimum this includes the headers and footers but will also include any letters that contain pre-agreed text with the intention that they will be used for multiple customers e.g. overdraft letters, arrears letters

Suppliers must ensure that wide-reach communications:
A1. Meet regulatory, legislative and code requirements – this means ensuring that:

• All communications are clear, fair and not misleading
• All information is accurate. Accuracy includes having the right headers and footers (including correct regulatory status, registered address, disability statements etc)
• Communications are suitable for the media used; space restrictions may be a factor in deciding appropriate media
  

A2. Are appropriate for their intended audience – this means ensuring that:

• Content, tone, and style is appropriate for the audience and in keeping with our Values, Strategy and Brand
• Communications go to the right customers. This includes removing specific populations where appropriate. Examples include: any restrictions due to regulations or legislation; adherence to 'no marketing indicators'; and customers who are ineligible for either the product/service, or the offer being promoted.
• 'Appropriateness' of the audience is checked
• Ensuring that end-to-end processes are in place that cater for the ways in which customers may want to respond to a communication

A3. Take account of any predicted or likely customer behaviour including their reaction to the communication – this means considering:

• How a customer may react, depending on content and positioning. This thinking applies across the life-cycle; for example, 'call to action' communications may elicit better customer responses if research has been conducted into customer behaviour and factored in
• How a customer might be influenced in their understanding, with, and without interaction

A4. Are consistent with the Group's Values, Strategy and Brands – this means ensuring that communications:

• Are set out simply, using plain and intelligible language
• Are jargon-free
• Explain clearly if the customer needs to take any action and if appropriate, by when
• Where relevant, outline what the next steps are
• Make it easy for customers to get in touch
• Where relevant, help customers find out more, by clearly sign posting to further information
• Set out clearly who is providing the product or service including who the customer will be contracting with

A5. Are subject to robust controls prior to issue – this means ensuring that:

• A sign-off process is defined, documented, and executed
• Training and competence arrangements for those who either input to or sign-off communications, are clear, and commensurate with the risk of the particular communication
• Colleagues are trained sufficiently to avoid a wide-reach communication inadvertently becoming marketing or promotional material
• Controls are in place for the use of standard letters or templates, including headers and footers, with defined roles and responsibilities for ownership
• For communications, master versions of documents are used. This reduces the risk of materials such as letter templates being used that are out of date.

A6. Are regularly reviewed to ensure they remain fit for purpose, and learning applied – this means ensuring that:

• If a communication is intended to be used on an ongoing basis, it is reviewed and updated. We must use judgement to determine how frequently this should be, and document the rationale, we generally consider twelve months to be a reasonable expectation
• Controls include 'triggers' to prompt a review earlier than planned. We define triggers relevant to our business which include regulatory guidance being issued, internal MI, colleague feedback etc
• MI for fair outcomes is being leveraged

A7. Are swiftly removed from circulation if they become out of date or are found to contain a material defect – this means ensuring that:

• In addition to the removal of the item from circulation, a check is made to determine if the defect triggers the requirement for a rectification exercise to be undertaken
• How swiftly a communication needs to be removed can be determined on a case-by- case basis, depending on the nature of the defect, context, audience etc.
  

B. Rectifications

The recommended approach to undertaking rectification activity is to use the five key steps of Define, Measure, Analyse, Improve and Control (DMAIC). Where an alternative approach is used it must be possible to identify how this aligns to the DMAIC approach:

Define – the problem statement/event should be defined.

Measure – once the event has been defined there must be effective measurement of the event. Measurement requires data to be gathered to inform the analysis of the root cause and subsequent recommendations to fix.

Analyse – effective analysis must be performed to understand ‘why’ the event occurred. The nature of the activity required to understand the true root cause will depend on the type, size and impact of the event under analysis.

Improve - root cause analysis (RCA) must inform recommendation(s) to:
Fix the cause(s) of the event – what is required to eliminate the issue and prevent it from

recurring (e.g. implementing proactive preventative measures).

• Remediate any customers that have been impacted by the event.
• Support effective sharing of lessons learnt

‍Controls – the process must be appropriately controlled and the effectiveness of the actions

• take assessed to establish if they delivered the desired outcome(s).

‍C. Complaints procedure

If a complaint arises the person receiving the complaint must follow the procedure below:

• Respond to the complaint immediately: Once the complaint is acknowledged, some form of response must be issued in no longer than 24 hours (within working week). This response can be a simple acknowledgement of the issue and that it is being investigated with an estimated time to respond with next steps
• Explore the issue and possible solutions: The person receiving the complaint must explore the issue either themselves or ensure someone appropriate has taken ownership of the complaint with a view to implementing a solution or mapping out possible solutions to the client. The second response should be within no longer than 72 hours (within working week)
• Solution or resolution offer: Once a suitable response has been determined this must be communicated to the client ideally by phone (allowing discussion and improving chances of happy resolution). Full resolution should always be within one week from initial receipt of complaint (unless client prevents us from delivering this)
• Feedback: Seek feedback from the client a week later to ensure the issue has been resolved in a satisfactory manner and they are now happy. Call or email is fine but log to CRM in all cases exactly what was said by whom. Immediately after the resolution an email with a quick response survey poll should be sent with a score out of ten about how satisfactory they feel the issue was resolved. If the score is less than an 8/10 then the problem will be automatically escalated to a senior member of the team for review
• Response from a senior member of staff: Any of the senior team can choose to respond (e.g. with an apology and/or another offer for resolution). If no other member of senior staff has responded within 72 hours, it is the responsibility of the Director of Customer Success to follow up and resolve personally

D. Outcome Testing

Outcome testing involves reviewing customer interactions holistically to determine whether an appropriate and sustainable solution has been achieved for the customer. For example, contacting a customer to determine if the product they have taken out meets their needs, or listening to a call to determine if the colleague answered all the customer's queries satisfactorily.

To qualify as outcome testing, the activity must:

• Be undertaken by an area independent of the function performing the activity being assessed
• Include at least one element of testing activity with customer interaction such as Mystery Shopping, Call Listening or Customer Contact

We must:

• Agree the level of outcome testing to be performed
• Have a documented plan that sets down its approach to customer outcome testing. The plan must:
  ○ Include the expected volume of outcome testing
  ○  Consist of sufficient activity to provide reasonable assurance that all customer interactions have been handled appropriately
  ○  Be approved via appropriate governance and be reviewed regularly

• Categorise and report against its outcome testing results as directed by the Group using the outcome factors below:
  ○  Meets Customer Needs - An appropriate solution / action has been taken to meet the customer's needs
  ○  Compliant Information Disclosure - All key information has been provided to enable the customer to make a fully informed decision or the communication clearly sets out the rationale for any decision we have taken
  ○  Regulatory Compliance - All relevant regulatory requirements have been complied with
  ○  Internal Process Compliance - All internal processes, over and above those required to Meet Customer Needs, satisfy Compliant Information Disclosure and Regulatory requirements, have been followed