Consumer Duty and Documentation: Building an Evidence Trail

The Consumer Duty: A Documentation Revolution

The FCA's Consumer Duty, which came into full force for existing products and services on 31 July 2024, represents the most significant shift in retail financial services regulation since the Retail Distribution Review. While much attention has focused on the substantive requirements — the four outcomes covering products and services, price and value, consumer understanding, and consumer support — the documentation implications have received less analysis.

This is a significant oversight. The Consumer Duty is outcome-focused regulation. Firms must not merely comply with prescriptive rules — they must achieve good outcomes for retail customers and, critically, be able to demonstrate that they have done so. Demonstration requires evidence. Evidence requires documentation.

The Evidentiary Burden

Under the Consumer Duty, the FCA expects firms to be able to evidence their compliance at every stage of the product lifecycle. The Finalised Guidance (FG22/5) is explicit: firms should be able to demonstrate through their monitoring and the outcomes data they collect that they are meeting the Duty's requirements.

This creates a documentation burden that is qualitatively different from previous regulatory requirements. Under the prior regime, firms were primarily required to evidence that they followed the correct procedures. Under the Consumer Duty, firms must evidence that the correct outcomes were achieved. The distinction is critical:

• Procedural evidence: We sent the disclosure document. (Sufficient under the old regime.)
• Outcome evidence: We sent the disclosure document, the customer received it, the customer accessed it, the customer spent sufficient time reviewing it to indicate genuine engagement, and the customer provided informed consent before proceeding. (Required under Consumer Duty.)

This shift transforms the requirements for document signing platforms. A platform that merely records that a document was signed is no longer sufficient. The platform must record the full sequence of events that demonstrates informed, engaged consent.

Consumer Understanding: The Documentation Challenge

The consumer understanding outcome (PRIN 2A.5) requires firms to ensure that communications equip consumers to make effective, timely, and properly informed decisions. Demonstrating compliance with this outcome requires evidence that goes beyond delivery confirmation.

For electronically signed documents, the following evidence is relevant to consumer understanding:

• Document delivery and access: Evidence that the document was delivered to the consumer and that the consumer opened and accessed it. Timestamp, device, and IP address metadata support this.
• Engagement indicators: Evidence that the consumer reviewed the document in a manner consistent with genuine engagement. Time spent on the document, pages viewed, and scroll behaviour (where captured) provide supporting evidence. A document signed within seconds of opening may indicate inadequate review.
• Explicit consent: A separate consent step — distinct from the signature — in which the consumer confirms they have read and understood the document. The consent text, the consumer's affirmative action, and the associated metadata (timestamp, IP) should be recorded as a discrete audit event.
• Communication clarity: Evidence that the document itself was designed to be clear, fair, and not misleading. This is primarily a content issue, but the document management platform can support it by maintaining version control and ensuring that consumers received the approved version of the document.

Price and Value: Documenting Fair Value Assessments

The price and value outcome (PRIN 2A.4) requires firms to ensure that the price of products and services represents fair value. The FCA expects firms to conduct fair value assessments and to document these assessments comprehensively.

Fair value assessment documentation should include the methodology used, the data considered, the conclusions reached, and the identity and seniority of the decision-maker who approved the assessment. These documents should be signed by the responsible senior manager (creating a clear link to SM&CR accountability) and retained for the full product lifecycle plus a reasonable period for complaints and regulatory review.

The signing and retention of fair value assessments is an area where tamper-proof document storage provides particular value. If the FCA challenges a firm's pricing and the firm produces a fair value assessment, the FCA will want to confirm that the assessment was genuinely conducted before the product was launched, not created retrospectively. A cryptographically hashed, immutably stored document with a verified signing date provides this assurance.

Products and Services: Design and Governance Evidence

The products and services outcome (PRIN 2A.3) requires firms to ensure that products are designed to meet the needs of the target market and do not cause foreseeable harm. Product governance documentation must demonstrate that this assessment was conducted at the design stage and reviewed periodically thereafter.

Key documents include target market definitions, distribution strategy assessments, product review reports, and value assessments. Each of these should be version-controlled, signed by the responsible governance committee or senior manager, and retained with a complete audit trail.

Periodic product reviews are particularly important. The Consumer Duty requires firms to monitor products throughout their lifecycle and take action if they identify that products are not delivering good outcomes. The documentation of these reviews — including the data considered, the conclusions reached, and any remedial actions taken — must be maintained in a manner that demonstrates genuine, contemporaneous oversight.

Practical Implementation: Building Consumer Duty Evidence Trails

Firms should approach Consumer Duty documentation as an integrated system, not a collection of discrete records. The following framework provides a practical starting point:

Document all consumer-facing communications with full audit trails. Every document delivered to a consumer — whether for information, consent, or signature — should be logged with delivery confirmation, access evidence, and engagement metadata. The signing platform is the natural system of record for this evidence.

Sign and vault governance documents. Fair value assessments, product governance reports, target market definitions, and review minutes should be electronically signed by the responsible individual and stored immutably. The signing date must be verifiable, and the document must be protected from retrospective modification.

Maintain outcome monitoring records. The data and analysis used to monitor consumer outcomes should be documented and retained. This includes complaints analysis, product performance data, and any management information used to assess whether good outcomes are being delivered.

Implement retention periods aligned to Consumer Duty requirements. While the FCA has not prescribed a specific retention period for Consumer Duty documentation, the practical requirement is clear: documents must be available for as long as the FCA may need them for supervisory or enforcement purposes. A minimum of five years from the end of the product's lifecycle or the customer relationship is a reasonable starting point.

The Consumer Duty does not merely require firms to act in their customers' interests. It requires them to prove that they did so. Documentation is not a byproduct of compliance — it is the substance of compliance.

Firms that recognise this distinction early and invest in the documentation infrastructure to support it will find Consumer Duty compliance manageable and defensible. Those that treat documentation as an afterthought will find themselves unable to demonstrate the outcomes that the Duty requires.