New Vulnerability Standards
On 23rd March we published our new Vulnerability Standards for enforcement firms and agents. This was a significant milestone for the ECB. If you’ve been following their development over the past year – from early discussion papers, through workshops, and into the formal consultation – you’ll know just how much detailed thinking, engagement and testing has gone into them. And not just from the ECB. Colleagues across the enforcement sector, debt‑advice organisations, local authorities, creditors and, importantly, people with lived experience of enforcement have all helped shape them.
With these Standards published, we now have a complete set of requirements designed to ensure that everyone who experiences enforcement is treated fairly.
I want to use this update to explain a little more about what we heard throughout the consultation, and the changes we made as a result. And what lies ahead in terms of implementing these important standards.
You can find the full consultation report, with much more detail, on our website here.
Clarifying what vulnerability means for the standards
Getting the definition of vulnerability right was of course a fundamental part of this work, and one of the most challenging aspects. The feedback we received on the draft suggested that the original definition was too complicated and not clear enough to guide decisions about when someone should be considered vulnerable. Some respondents questioned the introduction of “potential vulnerability”, feeling that it risked creating an additional identification stage that did not reflect real‑world enforcement practice. Others wanted us to look again at how we described the harms someone might face during enforcement.
Taking account of the points raised, we concluded that a number of changes were needed. This included:
- Removing the concept of “potential vulnerability”, which we agreed did not work as intended in the draft standards.
- Drafting a more concise core definition of “vulnerability” based around the increased risk of people in vulnerable circumstances experiencing harm.
- Refining our definition of harm – focusing on more immediate potential physical, psychological and financial impacts and removing social and relational categories.
These changes make the definition of vulnerability shorter, clearer and more practical to implement. The changes preserve the core aims we are seeking to achieve in a more targeted way.
Identifying and responding to vulnerability
There was strong agreement across all stakeholder groups about the importance of taking proactive steps to identify and respond to vulnerability. Respondents asked for more clarity in a range of areas, including making decisions on the most appropriate types of support to provide and judging when it is safe to proceed with enforcement. There were also questions about the most proportionate way to require someone to evidence their vulnerability and how firms should approach their obligations in relation to handling personal data they receive.
As with our earlier Standards, our focus remains on outcomes rather than rigid process rules. The final versions are therefore not prescriptive around timing, processes and internal approaches. What matters is that firms and agents use reasonable judgement — and that the way they do so is proportionate to the matters in hand.
Ultimately, the final Standards provide a framework that should allow enforcement to proceed where vulnerability has been identified but it is safe to do so, or cease when vulnerabilities are identified that make it unsafe to proceed.
Integrating “ability to pay”
One of the strongest messages from the consultation was that separating vulnerability and ability to pay into two different Standards was not the best way to proceed. For example, many responses proposed that ability to pay should be considered as a part of the wider vulnerability standards. We gave this careful consideration and concluded that integration was the best and most targeted way to achieve the desired outcomes. So, in the final version, ability to pay requirements are now integrated into the main Vulnerability Standards. Overall, this has significantly simplified and streamlined the standards, which we think will help with implementation.
From the start, our aim has been to ensure that nobody is pressured into making payments they cannot sustain. The standards do not stop firms and Agents from seeking payment in full where possible, but should it become clear that someone is not able to do this, they must then consider the sustainability of any payment arrangements before they are set up.
Expectations on enforcement firms
We received thoughtful and detailed feedback from firms about what implementing the Standards will take in practice. They highlighted challenges around gathering information before enforcement begins, relying on external data sources that may not be reliable, and managing the tension between our expectations and those of creditors. Some also highlighted the practical and financial implications of adopting more robust processes.
We have made a number of clarifications in response to that feedback. For example, while every firm must have a clear vulnerability strategy, we do not expect all firms to run specialist welfare teams. We recognise that wouldn’t be realistic for smaller organisations and that in some cases it will be more appropriate to work with external partners.
A number of responses suggested that we should mandate use of the Standard Financial Statement (SFS) when enforcement firms do Income and Expenditure Assessments. We don’t think this is the right approach at this stage. However, we have strengthened our expectations around how firms use Income and Expenditure (I&E) forms from debt‑advice providers. Firms must not only take these assessments into account but also record how they influenced decisions about payment plans. And where a creditor would accept a reasonable payment plan proposed at compliance stage, firms should allow enough time for that plan to be properly considered and agreed.
Expectations on agents
Much of what we heard from enforcement agents came through the focus groups we commissioned from Revealing Reality. You can find the full write-up on our website here. Agents generally welcomed a framework that recognises the skill and judgement required in their role, but some raised concerns about being held personally responsible for complex vulnerability decisions. We were also told that some remuneration structures can tend to reward speed rather than careful assessment, and that agents need good and reliable information from firms, particularly when vulnerability has already been disclosed earlier in the process.
We have reflected many of these points in the final Standards, but there are further conversations to be had. Over the summer, we will begin developing detailed guidance to sit alongside the Standards, and we plan to work closely with agents and firms again as we do this.
Third parties
We also heard questions about how the Standards apply to third parties – people who become drawn into enforcement visits even though they are not the person who owes the debt. There was broad support for extending some protections to third parties, but respondents asked us to think carefully about how far agents could reasonably be expected to assess the vulnerability of someone other than the debtor.
We have refined the standards in this area, to clarify that Agents are expected to respond to observable indicators of vulnerability in third parties, not to make proactive enquiries or assessments. This provides valuable safeguards while keeping expectations practical and proportionate.
Implementation
We know that implementing the new Standards will take time and investment. Respondents highlighted the need for system upgrades, staff training, and in some cases a rethink of remuneration structures.
This is why we have allowed a nine‑month implementation period, with the Standards coming into force in January 2027. Firms and local authority in-house teams will have three months to prepare their implementation plans and we expect to be reviewing a sample of these plans through our oversight work.
We’ll be working with industry and beyond over the coming months to develop guidance to assist with implementation of the standards. And from January, we’ll be monitoring the market to make sure the standards are being consistently complied with.
A final word
I want to thank everyone who contributed to the consultation and development of these Standards. The feedback was detailed, honest and constructive from almost all sources – exactly what we hoped for. The process has deepened our understanding of what is needed to ensure enforcement is carried out fairly and I am hoping that the constructive engagement will carry through now to the important task of implementation.
If you have further thoughts as you read through the final Standards, we would be really pleased to hear from you.
Chris Nichols
Chief Executive, ECB