How to Prove FCA Consumer Duty Compliance in 2026

When the FCA introduced Consumer Duty in July 2023, the headline message was clear: firms must deliver good outcomes for retail customers. What was less clear — and what continues to trip up compliance teams across the UK insurance market — is the evidentiary standard the regulator actually expects. The FCA is not interested in your policy documents. It is not satisfied by a committee minute confirming that someone considered the question. What it wants, and what supervisory reviews increasingly demand, is data demonstrating that good outcomes were actually delivered to actual customers, at scale, consistently, over time.

This distinction between having a compliance policy and proving compliance in practice is where many firms are dangerously exposed. The good news is that the evidentiary framework the FCA expects is well-documented. The challenge is building operational infrastructure that generates the right evidence as a natural byproduct of doing business — not as a retrofit exercise before a supervisory visit.

What Evidence the FCA Actually Expects

The FCA's Consumer Duty guidance is explicit that firms must be able to demonstrate, not just assert, that they are meeting the standard. The regulator uses the language of "evidencing outcomes" throughout its supervisory communications, and its Dear CEO letters to the insurance sector have been pointed about the gap between what firms claim and what they can show.

The evidence framework breaks down into three layers. First, process evidence: records showing that the right steps were followed at each stage of the customer journey — product design, distribution, claims handling, renewals. Second, outcome evidence: data showing what customers actually received — settlement amounts relative to premiums paid, claims acceptance rates, complaint rates, time-to-resolution. Third, remediation evidence: records showing that when problems were identified, they were addressed — not just noted.

Process evidence is the easiest to generate and the least persuasive on its own. A regulator reviewing your Consumer Duty compliance does not want to see that you have a procedure for handling vulnerable customers. It wants to see that when a customer presented vulnerability indicators during a claims interaction, those indicators were recorded, the interaction was handled appropriately, and the outcome was reasonable given the customer's circumstances. That requires timestamped records linking the vulnerability flag to specific decisions in the claims workflow.

This is not a theoretical standard. The FCA's Insurance and Reinsurance Supervision division has been explicit in its feedback to firms that generic process documentation is insufficient. What the regulator wants to see is granular, customer-level data that can be interrogated — ideally through an automated system that makes evidence production straightforward rather than dependent on staff recall or manual case reconstruction.

Firms operating under UK insurance compliance requirements should treat this as a baseline expectation, not an aspirational target. The regulatory direction of travel is toward more data-intensive supervision, not less.

The Four Outcomes Framework: Evidence Requirements in Detail

Consumer Duty is structured around four outcomes, and each has distinct evidentiary requirements. Understanding what evidence maps to each outcome is the foundation of a credible compliance programme.

Products and Services

The Products and Services outcome requires firms to demonstrate that their products are designed to meet the needs of their target market and that they are not distributed outside that market. For insurers and MGAs, the evidence requirements centre on product governance: documented target market assessments, distribution channel reviews, and — critically — outcome monitoring data showing that customers who buy the product are actually in the target market and are receiving the expected value from it.

The specific evidence that survives supervisory review here includes: records of target market definition with rationale, distribution partner due diligence records, post-sale outcome data (claims frequency by customer segment, complaint rates by distribution channel), and records of any decisions to withdraw or restrict products where outcome data indicated poor fit. Firms that cannot produce outcome monitoring data — not just governance documents — are exposed.

Price and Value

Price and Value is the outcome where enforcement risk is highest for the insurance sector, because it is the most data-intensive and the most quantitative. The FCA expects firms to be able to demonstrate that the price customers pay is reasonable relative to the value they receive — and that this assessment is not a one-time exercise but a continuous monitoring activity.

For claims-paying insurers, the core evidence is claims ratio data broken down by product, distribution channel, and customer segment. A firm that has a combined ratio suggesting adequate value at the aggregate level but cannot show that value is distributed equitably across customer segments — particularly between new and renewing customers, or between digitally-acquired and legacy-acquired books — is in a weak evidential position. The FCA has been particularly focused on the persistence of loyalty penalties, and firms need granular renewal pricing data to demonstrate they have addressed this.

Beyond pricing, settlement consistency is a major focus. If two customers with materially identical claims receive materially different settlements, the firm needs to be able to explain why — and that explanation needs to be grounded in documented claims handling decisions, not post-hoc rationalisation. This is where automated claims workflow records become essential: they create a contemporaneous record of the factors considered at each decision point.

Consumer Understanding

Consumer Understanding requires firms to demonstrate that customers can understand the information they receive — policy documents, claims communications, renewal notices — sufficiently well to make informed decisions. The FCA has been clear that this is not a design-time obligation only. It requires ongoing monitoring of comprehension.

The evidence framework here includes: readability testing records for key communications, complaint analysis data segmented by communication type (where complaints signal misunderstanding), and records of how communications were adapted for customers who indicated difficulty. For digital communications, analytics data showing engagement with key documents — whether customers opened and scrolled through policy documents, for example — can form part of the evidence base.

Claims communications are a particular focus. The moment a customer makes a claim is often the first time they seriously engage with their policy terms, and miscommunication at that stage drives both complaints and the perception of poor value. Firms need records of what was communicated, when, in what format, and how customers responded. Template decline letters that do not explain specific reasons for a decision are a known enforcement trigger.

Consumer Support

Consumer Support requires firms to demonstrate that customers can get help when they need it — and that the support they receive is adequate. For claims operations, this means records of every customer contact, the nature of the support requested, how quickly it was provided, and whether it resolved the customer's issue.

The vulnerability dimension of Consumer Support is where many firms have the most significant gaps. The FCA expects firms to have systems for identifying customers who may be in vulnerable circumstances — financial difficulty, health issues, bereavement, other life events — and to be able to demonstrate that those customers received appropriate treatment. This requires not just a vulnerability policy but an operational system: a way of flagging vulnerability indicators when they appear in customer interactions, recording them against the customer record, and routing subsequent interactions appropriately.

Firms that cannot demonstrate vulnerability tracking at the individual customer level are exposed. The FCA has made clear that this is an area of active supervisory focus, and the absence of systematic vulnerability records is treated as a substantive failure, not a process gap.

Building an Evidence Trail That Survives Supervisory Review

Understanding what evidence is required is only half the problem. The other half is building operational systems that generate the right evidence automatically — so that when a supervisory review arrives, evidence production is a retrieval exercise, not a reconstruction project.

Structured Data Capture at Every Decision Point

The foundation of a defensible Consumer Duty evidence trail is structured data capture. Every decision in the claims workflow — reserve setting, coverage determination, settlement offer, communication decision — needs to be recorded in a structured format that can be queried and reported on. Free-text notes in a claims file are not an evidence trail. They are a liability: hard to search, easy to misinterpret, and impossible to analyse at scale.

Structured data capture means that when a claims handler determines that a customer is showing vulnerability indicators, they select from a defined taxonomy of vulnerability types. When a settlement is offered, the factors considered are captured in structured fields, not narrative notes. When a communication is sent, the system records what template was used, what personalisation was applied, and when it was delivered.

This level of structure requires investment in claims systems architecture, but it pays dividends beyond compliance. Structured data enables the outcome monitoring that the Price and Value outcome requires. It enables the complaint root-cause analysis that Consumer Understanding monitoring requires. It enables the vulnerability tracking that Consumer Support requires. The evidentiary benefit is a byproduct of operational capability.

Timestamped Decisions and Immutable Audit Logs

Structured data is necessary but not sufficient. The FCA's evidence standard requires that records are contemporaneous — made at the time of the decision, not reconstructed afterward. This means that audit logs need to be immutable: once a decision is recorded, the record cannot be altered without creating a visible amendment trail.

Immutable, timestamped audit logs serve two purposes. First, they are credible evidence because they cannot be gamed after the fact. A regulator reviewing a claims file where every decision was recorded at the time of the decision, with a clear timestamp and the identity of the decision-maker, is looking at strong evidence. A claims file where notes were added retrospectively — even if accurate — is much weaker.

Second, immutable logs protect firms in litigation and complaints. When a customer challenges a claims decision, the firm needs to be able to show exactly what happened and why. A clean, timestamped record of the decision-making process is the most powerful defence available.

The Regure audit trail system is built around immutability as a design principle. Every action in the claims workflow is logged with a precise timestamp, the identity of the user who took it, and the system state at the time. Records cannot be deleted or altered — only amended, with the amendment itself creating a new log entry that references the original. This creates the contemporaneous, tamper-evident record that supervisory review demands.

Communication Logs and Settlement Consistency Analysis

Two specific evidence types come up repeatedly in FCA supervisory feedback: communication logs and settlement consistency data.

Communication logs need to capture every substantive interaction with a customer in relation to their claim — not just outbound communications from the insurer, but inbound contact from the customer and the substance of telephone conversations. For regulated firms, this is not just a compliance requirement: it is essential protection against the dynamics that drive complaints. When every communication is logged — including a structured summary of phone calls — the firm has a complete interaction record that can be produced quickly in response to a complaint or supervisory enquiry.

Settlement consistency analysis is the analytical layer that sits above individual claims records. It requires firms to compare settlements across claims with similar characteristics — similar coverage, similar loss circumstances, similar customer profiles — and explain any material differences. Firms that do not perform this analysis cannot demonstrate Price and Value compliance. Firms that do perform it regularly, and act on the results, are in a strong position to demonstrate that their claims function is delivering consistent value.

Common Failures That Lead to Enforcement

The FCA's published enforcement decisions and supervisory feedback make the common failure modes clear. Understanding them defines the minimum viable evidence standard — the floor below which a firm is genuinely at risk.

Inability to Produce Evidence Quickly

The single most common failure identified in supervisory reviews is not the absence of evidence but the inability to produce it quickly. Firms have records — somewhere — but those records are in disparate systems, in paper files, in email threads, in spreadsheets maintained by individual handlers. When the FCA asks for the settlement history of all claims involving vulnerable customers over the past twelve months, the firm spends weeks pulling data from multiple sources, and the result is incomplete and inconsistent.

This is a systems failure, not a process failure. It cannot be fixed by writing better policies or training staff more thoroughly. It requires a central evidence repository where all claims activity is recorded and queryable. Firms that invest in this infrastructure before a supervisory visit have a significant advantage over those that do not. The FCA has established an informal expectation — repeated across supervisory communications — that firms should be able to produce specific evidence within 48 hours of a request.

Inconsistent Settlement Patterns

Inconsistent settlement patterns — where claims with similar characteristics receive materially different outcomes — are a direct indicator of Price and Value failure, and the FCA has tools to identify them. When the regulator analyses a firm's claims data and finds that certain customer segments, certain distribution channels, or certain product types consistently receive worse outcomes, it treats this as a systemic problem requiring systemic remediation.

The defences against this failure are consistent claims handling procedures, structured decision capture that makes the factors behind each settlement transparent, and regular internal settlement consistency analysis. Firms that can show they have been monitoring their own settlement patterns and acting on anomalies are in a far stronger position than those who are surprised by the regulator's analysis.

No Systematic Vulnerability Tracking

The absence of systematic vulnerability tracking is perhaps the most acute risk for insurers operating at scale. The FCA's Consumer Duty guidance is detailed on vulnerability, and the regulator has signalled it will treat inadequate vulnerability management as a serious failure — not a minor process gap.

Systematic vulnerability tracking means more than having a vulnerability policy and training staff to recognise indicators. It means having a system that records vulnerability flags against customer records, routes those customers appropriately through the claims workflow, and generates reporting showing the volume and outcome of vulnerable customer interactions. Without this, a firm cannot demonstrate that its Consumer Support obligations are being met for the customers who need that support most.

Board Reporting Without Underlying Data

Board-level Consumer Duty reporting that presents high-level assurances without the underlying data to support them is increasingly being scrutinised. The FCA expects boards to be able to challenge the evidence behind compliance assertions. If your board reporting says the firm is delivering good outcomes but the data underpinning that statement is not available for review, the reporting itself is a compliance gap. The FCA has been explicit: qualitative assurances from senior management are not a substitute for quantitative outcome data.

Building the Evidence Engine: Automation Over Documentation

The firms best positioned for FCA supervisory review are not those with the most detailed compliance policies. They are those that have built claims operations where evidence of good outcomes is generated automatically — as an intrinsic byproduct of normal operational activity — rather than as a separate documentation exercise.

This distinction matters because manual evidence generation has a fundamental weakness: it degrades under volume and time pressure. When a claims team is under pressure, documentation discipline suffers. The compliance evidence you have in a quiet month may not reflect the evidence quality you have when claims volumes spike. Automated evidence generation does not degrade under pressure. The system captures what happened regardless of the operational environment.

The practical components of an automated evidence engine include: workflow-level capture of every state change in a claim with timestamps and user identity; automatic archiving of all outbound communications including any customisations made to templates; structured vulnerability flag fields that are part of the standard claims workflow rather than optional addenda; settlement calculation logging that preserves the inputs, methodology, and output of every valuation; tamper-evident storage; and reporting tools that allow compliance teams to run outcome analysis across the full claims population in real time.

The Consumer Duty framework is ultimately an outcomes standard. It requires firms to be able to demonstrate what happened to customers — not what was intended for them. That demonstration depends on having the right data, captured in the right structure, at the right time. Retrofitting this capability after a supervisory concern is raised is expensive, slow, and often incomplete. Building it into the operational infrastructure from the outset is the only approach that works at scale.

If your firm is preparing for a Consumer Duty supervisory review — or simply wants to build the evidence infrastructure that makes compliance demonstrable rather than merely asserted — request a Regure demo to see how the platform generates, organises, and surfaces the evidence the FCA expects, as a natural byproduct of your claims operation.