The problem we keep seeing
We have seen firms write vulnerability strategies in boardrooms, sign them off at committee level, and file them in a governance folder. The strategy says the right things. It aligns with what the regulator expects. It even has an implementation plan. But nothing changes on the ground.
The reason is usually the same: the strategy was built on assumptions, not evidence. Nobody tested whether the principles held up when they met real vulnerable customer journeys. Nobody checked whether frontline teams could actually do what the strategy asked of them.
This is why the Vulnerability Strategy sits after Inclusive Design in our methodology, not before it. The strategy should be the output of evidence, not the starting point.
What this is
The Vulnerability Strategy is the Ambition, matured. It takes the one-page direction you started with, tests it against what the Inclusive Design sprint revealed, and builds a full vulnerable customer strategy document with governance, leadership accountability, and an extension of the vulnerable customer roadmap to include the cultural, governance, and structural change required to make vulnerable customer outcomes business as usual.
This is a document that stays with the company. It has been tested against real customer insight, refined based on your learnings, and designed to guide decisions rather than sit in a folder.
Who this is for
- Firms that have completed at least one Inclusive Design sprint and are ready to formalise what they have learned into a lasting strategy.
- Firms whose existing strategy has not landed and are ready for an evidence-based, proven approach.
- Leadership teams who want a strategy they can defend to a regulator with evidence, not just intent. , expert assessment of its position
How it works
We go back to the Vulnerability Ambition. We review what the Inclusive Design sprint revealed. Where did the ambition hold up? Where did it need refining? What did customers tell us that nobody in the organisation had considered?
We then build the full vulnerable customer strategy: governance structures, leadership accountability, evolution of the vulnerable customer roadmap and transformation action plan, and measurement framework. Every element is grounded in what the organisation actually learned, not what it assumed.
Typical duration: 4 to 6 weeks
What you get: A full Vulnerability Strategy document with governance framework, accountability structures, and implementation roadmap. Tested, not theoretical.
In practice
A financial services firm had written three vulnerability strategies in five years. Each one had been well-received at board level. None had changed how the business operated.
The difference this time was the sequence. Instead of writing the strategy first, they defined an ambition, ran an Inclusive Design sprint to test it, and only then built the full strategy. The sprint revealed that two of their five strategic priorities were solving business problems, not customer problems. A third priority, which had been listed as a “nice to have,” turned out to be the single biggest driver of poor outcomes for vulnerable customers.
The resulting strategy was shorter than its predecessors. It had fewer priorities but each one was grounded in evidence. Eighteen months on, it is still the reference point for decision-making across the business.
The other strategies were things we believed. This one is something we have proven.
Your questions answered
Some of the practical points organisations often ask us about.
-
Most of our engagements fall between £20,000 and £80,000, depending on scope, duration and the number of services involved. A Vulnerability Review sits at the lower end, while a full Inclusive Design sprint with Vulnerability Strategy sits at the higher end. We scope every engagement individually, so the investment reflects what you need. Let’s talk about where you are, and we can give you a clear picture of what’s involved.
-
From one month for a focused Vulnerability Review to six months or longer for engagements that include an Inclusive Design sprint and Operational Embedding. Most engagements run for two to four months. The timeline depends on the scope of the work, the number of customer journeys involved, and how quickly your teams can engage with the process.
-
No. A Vulnerability Review is designed to meet you where you are, whether you have an established vulnerability framework or are starting from scratch. What helps is access to the right people: someone who can open doors to vulnerable customers, frontline colleagues, and the data across your systems. We will guide you on what we need.
-
Yes. Every service is designed to deliver standalone value. Many clients start with a Vulnerability Review to understand where they are, then decide what comes next based on what the review surfaces. The pathway is the ambition, not a requirement.
-
Training builds awareness. Our work builds capability and changes outcomes. An Inclusive Design sprint works directly with your vulnerable customers, the colleagues who serve them and others who enable the journey, such as product designers or digital teams, to redesign how your services actually work. The result is not a training module but embedded changes to journeys, processes and ways of working that deliver measurably better outcomes for vulnerable customers.