LLOYDS BANKING GROUP CUSTOMER TREATMENT POLICY …...Policy Risk Appetite The Group has no appetite for: Regulatory breaches; or Systemic unfair customer outcomes arising from product

GROUP CUSTOMER TREATMENT POLICY – THIRD PARTY SUPPLIERS

LLOYDS BANKING GROUP

Page 1 of 21

LLOYDS BANKING GROUP CUSTOMER TREATMENT POLICY

SUMMARY FOR THIRD PARTY SUPPLIERS

RATIONALE

The Group wants to be the best bank for customers. The Group Customer Treatment Policy sets out:

The outcomes we want Suppliers to achieve for customers;

A framework for delivering these outcomes, including key controls and putting things right when they go wrong; and

Key things for Suppliers to think about when assessing what fair treatment means for them and their customers.

Policy Risk Appetite

The Group has no appetite for:

Regulatory breaches; or

Systemic unfair customer outcomes arising from product design, sales or after sales processes.

Suppliers must comply with relevant legislation, regulation and the external standards, codes and principles to which the Group is a signatory or member.

The process for Suppliers to follow when notifying the Group about systemic unfair outcomes is outlined in Section 5 of this Policy.

In jurisdictions where the local legislative and regulatory requirements exceed the requirements set out in this document, the Supplier must comply with the higher standard.

SCOPE

This third party version of the Policy applies to Suppliers where it has been identified that the Group Policy applies to the provision of their goods and or services as described below:

Activities

The Policy applies to all activities that affect customer treatment, whether directly or indirectly. These include:

Designing, distributing and reviewing products and across all channels;

Communicating with our customers;

The internal processes that relate to customer treatment; and.

Monitoring, reporting and training.

MANDATORY REQUIREMENTS – GENERAL

Table of Contents

POLICY

1. Delivering fair outcomes throughout the customer relationship



Page 2 of 21

2. Identifying customer risks and setting appetite 3. Governance

4. Monitoring and Management Information

5. Colleagues and Training

6. Record Keeping

PROCEDURES

A Customer Communication

B Customer Product and Service Distribution

C Customer Servicing

D Rectifications

E Outcome Testing

CONTROLS

NON-COMPLIANCE

GLOSSARY

APPENDICES

1 Conduct Strategy

2 Outcome Testing

1. Delivering fair outcomes throughout the customer relationship

This section sets out the outcomes Suppliers must deliver for customers.

1.1 Putting customers at the heart of doing business

Suppliers must:

Seek to understand customers behaviours and use this knowledge to improve customer outcomes;

Make use of customer research and insights where relevant;

Embed a culture where they recognise customer diversity and treat all customers with respect; and

Challenge themselves by thinking critically about doing the right things for customers.

1.2 Designing and distributing products

Suppliers must design products that meet the needs of our customers and deliver fair value.

1.3 Communicating effectively

Suppliers must ensure that all customer communications:

Are clear, fair and not misleading;

Align with the Group Communication Principles owned by Group Brands and Marketing; and

Align with the brand and tone of voice guidelines for the specific brand the customer has the relationship with.

Note that Suppliers should request the Principles and brand and tone of voice guidelines from their supplier manager where these are needed, as these cannot be accessed from the external website. The web links can be found in the internal Group



Page 3 of 21

Customer Treatment Policy.

Suppliers must ensure that marketing and wide-reach communications:

Are subject to appropriate approval and review processes, which take account of the materiality and nature of the risks presented; and

Have a defined owner whose responsibilities are documented.

Suppliers must ensure that for marketing communications:

Objectives and strategies are defined for each marketing campaign; and

All relevant risks are identified and managed throughout the campaign lifecycle.

1.4 Meeting the needs of customers for the duration

Suppliers must:

o Identify the range of needs customers might have beyond the initial sale of a product, including ongoing servicing, claims and changes in circumstances.

o Have embedded processes to support customer needs throughout the customer journey;

o Monitor whether customer needs are being met, using customer MI where this adds value; and

o Enable good customer experiences.

1.5 Being flexible where appropriate in the interests of customers

o Suppliers must be proactive in identifying where processes can reasonably be flexed to provide fair outcomes for individual customers.

o Having the capabilities to be flexible is vital to meeting the needs of customers with vulnerabilities, which is a key priority for the Group.

1.6 Customer vulnerabilities

Suppliers must ensure that customers in vulnerable circumstances are treated appropriately and fairly. So they must comply with the following principles, in the context of the particular business and customer base:

o Identification – colleagues / channels are, as far as reasonably possible, able to identify customers whose vulnerability means they have additional requirements;

o Products and sales processes – these address the needs of customers in vulnerable circumstances;

o Customer journeys and processes – these are designed to support channels and colleagues in delivering fair outcomes for customers in vulnerable circumstances;

o Capability and understanding – customers are served by channels and colleagues that take account of their needs and are empowered to deliver the right outcomes;

o Recording and sharing – colleagues / channels record the requirements of customers in vulnerable circumstances. These are



Page 4 of 21

shared internally and externally, where appropriate, to support & protect customers; and

o Monitoring – customer vulnerability and the outcomes received are monitored and drive management decisions.

1.7 Putting things right when they go wrong

Suppliers must:

Record any regulatory or Policy breaches (material or not) and actively use these to identify trends, including the cumulative effect of lower level breaches;

Notify their Supplier Manager when an issue is identified and, where the issue meets the relevant criteria for the types of issues below:

o Follow the event reporting requirements of the Operational Risk Third Party Policy;

o Follow the Rectification Procedure (outlined later in this document); including requirements for root cause analysis; and

o Agree a regulator engagement strategy with the Group.

Take appropriate action to:

o Assign an Accountable Owner for issues;

o Track issues through to a successful conclusion in a timely manner;

o Remediate customers where they have suffered detriment;

o Fix the underlying cause to prevent recurrence;

o Consider if there are any upstream or downstream impacts, or potential application to other products or services that the Supplier manages for the Group, and take follow up action as necessary; and

o Promptly feed learning back to relevant processes/product design, embedding learning for the longer term.

2. Identifying customer risks and setting appetite

Suppliers must:

Pro-actively use and refer to conduct/customer risk appetite when identifying and managing risks. Suppliers may define and manage risks against local risk appetite statements but these must be at least as stringent as those set by the Group;

Assess what 'systemic unfair customer outcomes' (see Rationale, Policy Risk Appetite) means for them in the context of risk appetite, their customer profile, business and operating model, together with any impacts this may have on the Group;

Consider customer risks during the setting of strategy and business plans;

Follow the Operational Risk Third Party Policy to support the timely identification, documentation, assessment, monitoring, control and reporting of operational risks and events;

Have a clear view of, and anticipate as far as reasonably possible, the potential range of unfair customer outcomes, including those for customers in vulnerable circumstances, and how those will be detected and prevented;

http://www.lloydsbankinggroup.com/our-group/working-with-suppliers/policy-compliance/third-party-policies/

http://www.lloydsbankinggroup.com/globalassets/documents/our-group/responsibility/policies-and-codes/sourcing-policies/operational-risk-policy---updated-december-2016.pdf



Page 5 of 21

Have means to identify regulatory and competition risks that could (if not managed effectively) give rise to conduct and customer risks. Legal and regulatory compliance is an essential part of controlling customer risk;

With regard to regulatory, legislative, code or internal Policy/Procedural requirements:

o Have robust means of keeping abreast of such requirements; and

o Be able to demonstrate how local processes meet these.

Consider end-to-end processes when reviewing material customer risks, to ensure that new and emerging risks can be quickly identified and a plan put into place to manage them. This includes any risks introduced by change processes; and

Ensure that the identification of new material risks prompts a review of management information, including, where relevant, the design of new MI.

3. Governance

Suppliers must establish effective governance and control frameworks to support the embedding of this Policy.

3.1 Supporting a strong risk culture

Governance structures must:

Provide appropriate senior oversight to identify risks and resolve issues, taking the opportunity to strengthen the Supplier's risk culture. This includes assessing and communicating lessons learnt from past events, both failures and successes, to enact changes for the future;

Enable customer risk to be managed within risk appetite; and

Facilitate constructive challenge and promote continuous improvement.

3.2 Arrangements

Governance structures must:

Have appropriate duties/task segregation where appropriate;

Allow for swift escalation when required; and

Support the 'end-to-end' customer journey. This includes consideration of consistency across Group/Supplier arrangements.

4. Monitoring and Management Information

For the purposes of this Policy, 'monitoring' and 'MI' must be interpreted in their broadest sense.

4.1 Monitoring

Suppliers must:

Prioritise monitoring and oversight so that within their suite of customer risks, issues, processes and controls, they are focusing on those with the strongest link to the delivery of fair and consistent outcomes for customers, or the ability to anticipate/identify unfair ones;

Perform and report against customer outcome testing where this has been agreed with the Supplier Manager in accordance with Appendix 2;

Adopt a risk-based monitoring strategy, employing post-implementation reviews / deep dives as appropriate;



Page 6 of 21

Quickly identify and manage instances where the Supplier is operating outside of risk appetite, or on an unacceptable deteriorating trajectory. In such instances, Suppliers must:

o Check that risk appetite has been positioned correctly; and

o If a worsening trend is an agreed customer treatment issue, take action in accordance with Section 5 of this Policy at the earliest opportunity and not wait until risk appetite has been breached.

Ensure that outputs from monitoring are fed back into the Group via Supplier Managers.

4.2 Management Information (MI)

Suppliers must:

Demonstrate use of a broad MI base, capturing qualitative MI (such as thematic review outputs) in addition to quantitative MI, and reporting against conduct culture;

Ensure MI is specific to identify customer treatment weaknesses, so action can be taken to resolve;

Champion a culture of continuous MI improvement; and

Document processes for the collection and production of MI. These must state who is accountable for the production and analysis of MI, aspects of data integrity, frequency of production, challenge mechanisms, and sign-off processes.

5. Colleagues and Training

Suppliers must:

Motivate and develop the capability of their colleagues by embedding a culture that promotes the Group's risk appetite for the fair treatment of customers;

Ensure that their colleagues are rewarded in a way that is consistent with the Group's values and will help to drive fair and appropriate customer outcomes; and

Ensure that any of their colleagues directly involved in delivering fair outcomes to customers, or involved in the identification and/or management of customer risks, have expectations clearly defined and documented.

5.1 Training and Competence

Suppliers must:

Ensure that colleagues are competent at delivering fair customer outcomes as required by their role;

Have mechanisms to identify where colleagues are not meeting the expected standards and take appropriate action;

Equip colleagues so they can, where relevant:

o Recognise and meet the needs of customers, including those who may have signs of vulnerability; and

o Understand the scope they have within their role to flex existing processes in the interests of our customers and when they need to escalate;



Page 7 of 21

Ensure that training and competency arrangements relating to fair customer treatment and the management of customer risks are tailored to the:

o Nature of the colleague’s role and responsibilities; and

o Type and complexity of issues the colleague is expected to deal with or make decisions upon; and

o Review training and competency arrangements that manage customer risks at least once a year to ensure they are fit for purpose.

6. Record Keeping

Records must be managed and protected in accordance with the third party supplier Policies for Records Management and Data Privacy. In relation to customer treatment, suppliers must ensure they:

Identify and retain key customer documentation such as terms and conditions if required to do so;

Record and retain relevant information about a customer’s particular circumstances and any decisions or agreements they have reached, as well as any advice given;

Record and retain business decisions and follow up any action points; and

Document local policies, procedures and processes relevant to customer treatment and assign owners to these.

CUSTOMER TREATMENT PROCEDURES

The following Procedures support the Policy. The relevance of each will depend on the nature of Supplier activity and agreement of the Supplier Manager.

A. Customer Communication

This Procedure applies to all wide-reach communications (see Glossary).

The Group has separate Procedures for Marketing and Promotional activity. If a Supplier intends to market or promote any Group products or services, or be involved in the research/design of offers or promotional materials, it must contact its Supplier Manager in the first instance.

Suppliers must ensure that wide-reach communications:

A1. Meet regulatory, legislative and code requirements – this means ensuring that:

All communications are clear, fair and not misleading;

All information is accurate. Accuracy includes having the right headers and footers (including correct regulatory status, registered address, disability statements etc); and

Communications are suitable for the media used; space restrictions may be a factor in deciding appropriate media.

A2. Are appropriate for their intended audience – this means ensuring that:

Content, tone, and style is appropriate for the audience and in keeping with the Group's Values, Strategy and Brands as outlined in Section A.4; and

Communications go to the right customers, This includes removing specific



Page 8 of 21

populations where appropriate. Examples include: any restrictions due to regulations or legislation; minors; customers with a confirmed mental capacity limitation; adherence to 'no marketing indicators'; deceased customers; dormant accounts; and customers who are ineligible for either the product/service, or the offer being promoted.

'Appropriateness' of the audience is checked. For example:

o It is unlikely to be appropriate for elderly customers to be mailed details of long-term investments; and

o Populations may need to be considered on a 'case-by-case' basis depending on the reason for the communication and the timing of other communications going to the same population.

When communicating with customers with vulnerabilities, consideration is taken to identify and mitigate any potential risks of an unfair customer outcome. Actions may include but are not limited to:

o Making reasonable adjustments to the communication where there is a reasonable expectation that it will be received by specific groups of vulnerable customers to ensure it is clear, fair and not misleading for those groups;

o Ensuring that end-to-end processes are in place that cater for the ways in which customers, including those that are in vulnerable circumstances, may want to respond to a communication; and

o In accordance with the Equality Act, state the range of alternative methods of communication available at the time of issue. As a minimum, Suppliers must offer Braille, Large print, Audio CD and accept Text Relay calls. For guidance on the latest technologies and options, Suppliers should contact their Supplier Manager in the first instance.

A3. Take account of any predicted or likely customer behaviour including their reaction to the communication – this means considering:

How a customer may react, depending on content and positioning (for example, where the particular information sits within a telephony script or a mobile device). This thinking applies across the life-cycle; for example, 'call to action' communications may elicit better customer responses if research has been conducted into customer behaviour and factored in;

How a customer might be influenced in their understanding, with, and without, colleague interaction; and

If vulnerable customer groups may react differently.

A4. Are consistent with the Group's Values, Strategy and Brands – this means ensuring that communications:

Are set out simply, using plain and intelligible language;

Explain clearly if the customer needs to take any action and if appropriate, by when;

Where relevant, outline what the next steps are;

Make it easy for customers to get in touch (such as stating points of contact, and opening hours; providing a range of access options). The cost of contacting the Group should not be a barrier to the customer getting in touch; this means taking into account whether the cost would be higher from a



Page 9 of 21

mobile phone and providing alternative contact numbers that do not disadvantage customers who use mobiles as their primary method of contact;

Where relevant, help customers find out more, by clearly sign posting to further information; and

Set out clearly who is providing the product or service (and, where relevant, their relationship to the Group) including who the customer will be contracting with.

A5. Are subject to robust controls prior to issue – this means ensuring that:

A sign-off process is defined, documented, and executed;

Training and competence arrangements for those who either input to (in a technical capacity) or sign-off communications, are clear, and commensurate with the risk of the particular communication;

Colleagues are trained sufficiently to avoid a wide-reach communication inadvertently becoming marketing or promotional material;

Controls are in place for the use of standard letters or templates, including headers and footers, with defined roles and responsibilities for ownership; and

For communications, master versions of documents are used. This reduces the risk of materials such as letter templates being used that are out of date.

A6. Are regularly reviewed to ensure they remain fit for purpose, and learning applied – this means ensuring that:

If a communication is intended to be used on an ongoing basis, it is reviewed and updated. Suppliers must use judgement to determine how frequently this should be, and document the rationale, but the Group considers twelve months to be a reasonable expectation;

Controls include 'triggers' to prompt a review earlier than planned. Suppliers must define their own triggers relevant to their business but these could include regulatory guidance being issued, internal MI, colleague feedback; and

MI for fair outcomes is being leveraged (e.g. outcome testing results).

A7. Are swiftly removed from circulation if they become out of date or are found to contain a material defect – this means ensuring that:

The Operational Risk Policy for third party suppliers is followed; and

In addition to removal of the item from circulation, a check is made to determine if the defect triggers the requirement for a rectification exercise to be undertaken.

How swiftly a communication needs to be removed can be determined on a case-by-case basis, depending on the nature of the defect, context, audience etc. Suppliers must be able to justify actions taken with rationale.

A8. Are capable of being fully audited throughout the process – this means ensuring that:

Record keeping requirements outlined in the third party supplier versions of the Records Management Policy and Customer Treatment Policy are adhered to;



Page 10 of 21

Core processes are documented;

Records show who the accountable owner is for each communication;

It is clear where responsibility and accountability sits for the primary record of a wide reach communication. This must include ensuring that version control disciplines are employed and:

There is a robust retrieval system so that a copy of the final signed-off master version of communication material can be reproduced within 48 hours;

Key working papers must be kept to the same retrieval standard;

Instances where the proposed communication was amended (or did not go ahead) because of internal challenge within the Supplier or from the Group, can be demonstrated; and

Core central information is retained such as, the name of the communication, a brief description of it, the date it was approved, the name of the individual who approved it, and the date it expires.

B. Customer Product and Service Distribution

This section applies where:

The Supplier is distributing the Group's products; and

The regulatory risk for that distribution resides with the Group (i.e. the Supplier is not distributing under their own regulated capacity); and

The products/services do not include lending and/or the giving of advice on any products (at the time of writing, lending and the giving of advice are not activities that the Group outsources).

Suppliers must:

Only distribute those products or services that are the subject of the contractual arrangement between the Group and the Supplier. This includes any target markets that the Group has specified;

Engage the Group in the design and execution of its distribution processes to ensure that fair customer outcomes are achieved; and

Have defined and documented distribution processes that are subject to rigorous governance both prior to implementation and monitored post-implementation.

Risks and Controls

Suppliers must have controls in place to manage the risk that customers take out products or services that are unsuitable for their needs. These can be execution controls, in addition to design controls. Examples (not exhaustive) of potential risks to consider include:

Ineligibility for a product or service. If a customer is ineligible the control must operate sufficiently early in the process to avoid customers wasting their time;

Customer misunderstanding, which could have various root causes, including customer behavioural tendencies or perceptions;

Customer is in vulnerable circumstances and mainstream processes/controls will not adequately safeguard their interests. Included within this is the risk that the customer is unable to understand, remember, or weigh up the information in order to make an informed decision;



Page 11 of 21

Customer is insistent, even though the facts would suggest the product/service is not suitable and may result in a poor outcome;

Product or service is outside of the customer's risk appetite;

Foreseeable future change for the customer has not been considered, which may render it unsuitable; or

The customer's ability to afford the product, now and in the future, has not been properly assessed.

Controls

B1. Information – Suppliers must have controls in place to prevent:

Incorrect, untrue, or misleading information / explanations being given to customers; and

Barriers being put in the way of providing more comprehensive information on a product/service where a customer needs this.

Regulation, legislation, and Code requirements will often stipulate content, format, and/or timing of provision of information, and Suppliers must be conversant and compliant with those.

B2. Connected sales – are those that are ancillary to the main product or service and the Supplier must ensure that these are positioned correctly:

Products or services that are optional must never be positioned as conditional or compulsory; and

Products or services that are compulsory (for example, in order to qualify for X bank account you must have £Y in another account; or, for hedging to be put into place as a condition of commercial lending) must be clearly stated.

B3. Gathering customer information – Suppliers must ensure that information gathered is relevant and proportionate to the customer need;

B4. Matching products and services to the customer's risk appetite – Suppliers must ensure that if there is an element of performance risk to the product or service, this is clear and prominent early in the distribution process. Note that 'performance risk' can apply to any product or service where there is a risk that it may not perform as expected (e.g. an investment product), and/or there is an 'unknown' or variable element to the costs that the customer may incur (e.g. a variable rate mortgage);

B5. Validating understanding – Suppliers must ensure that there are steps during the distribution process for the customer to check they have read and had the opportunity to clarify the information provided before they take out the product or service;

B6. Time to reflect – Suppliers must allow customers sufficient time to absorb and reflect on the information given. Customers must be allowed to proceed at their own pace, take information away and return another time if necessary. If a delay will result in detriment (for example, a potential impact on a price or rate) then the customer should be informed of this.

B7. Insistent Customers – Suppliers must have processes and controls in place so that colleagues are clear on expected action of them in the event that a customer is insisting that either:

The distribution process be circumvented (in whole or in part), or

The Supplier provides a product or service when this is unlikely to be suitable for their circumstances or needs.



Page 12 of 21

B8. Customer vulnerability – Suppliers must ensure that distribution processes are compliant with the requirements of the Customer Treatment Policy set out earlier in this document.

B8.1 Customer's ability to understand, remember and weigh up information

Mental capacity is a person's ability to make a decision. Whether or not a customer has the ability to understand, remember, and weigh up relevant information will determine whether the customer is able to make a responsible decision based on that information.

The ability of a customer to understand, remember, and weigh up relevant information may be impacted by factors including personal characteristics (e.g. a mental health impairment, or language barrier) or circumstances (e.g. bereavement). Vulnerability can be permanent or temporary.

Suppliers must:

Assume a customer has mental capacity at the time the decision has to be made, unless there is evidence that would suggest this is not the case;

Design processes with a view to being able to assist customers to overcome the effect of any capacity limitation and, to the extent possible, place them on an equivalent footing to customers who do not have such a limitation, in order to increase the likelihood of them being enabled to make informed decisions; and

Balance a customer's right to make a decision with that customer's right to safety and protection when they are unable to make decisions to protect themselves.

B9. Improper behaviour – Suppliers must employ controls to mitigate against the following:

Actively encouraging customers to buy products or services that might not be suitable;

Distorting and/or falsifying details about a customer's personal circumstances or needs, or encouraging a customer to do so;

Customers being pressured in any way, which would include making decisions or the customer feeling pressured to confirm they have been provided with an adequate explanation of key information; and

The exploitation of customer behaviours to encourage customers to act in a way that may not be in their best interests, such as by under-emphasising material charges or exclusions, or by using excessive persuasion.

C. Customer Servicing

This section covers key activities that take place post-sale.

Suppliers are reminded that the Customer Treatment Policy has requirements that span the complete life-cycle and that the Customer Communications Procedure applies 'post-sale'.

C1. Customers in or approaching financial difficulties/arrears

Suppliers must:



Page 13 of 21

Identify general customer circumstances or behaviours, which are subject to regular review, that could reasonably suggest a customer is in or approaching financial difficulties/arrears (known as ‘triggers’).

Embed appropriate customer contact strategies, which are based on having identified one or more triggers.

Offer sustainable treatments tailored to the customer’s specific circumstances. Treatments must be fair for both the customer and the Group, with the aim of supporting the customer to get back on track.

Embed processes to monitor and review how the customer is meeting the terms of any agreed treatment.

Work with the Group as necessary to enable, as far as reasonably possible, a holistic view of the customer’s situation – across product and brand lines where this is relevant.

Have arrangements to support colleagues dealing with and making decisions about complex cases, including where an agreed treatment isn’t working.

C2. Claims Handling

Suppliers must:

Deal with all claims promptly and efficiently;

Deliver a fair outcome for customers, in line with the product terms and conditions and what customers were led to expect at the time of taking out cover or at renewal;

Have appropriate controls in place to manage any conflicts of interest, where a Supplier acts as both an insurer and a claims handler; and

Ensure that the following requirements are satisfied.

Claims Handling Processes must:

C2.1 Be accessible, simple and efficient – this means:

Gathering all relevant information, where possible at outset, and then quickly establishing the facts; and using information already held and avoid where possible requesting repeat data. It must be clear from the Supplier's processes what relevant information must be gathered at each stage of the claim, in accordance with the Data Privacy Policy for third party suppliers, including the avoidance of collection of surplus data.

C2.2 Focus on the customer need and manage expectations – this means

Gaining a thorough understanding of what the customer wants and/or needs, including:

Taking into consideration a customer’s vulnerability such as being mindful of distress that claims can often cause, particularly those triggered by bereavement or crime, or where a customer’s disability may exacerbate this distress e.g. a mental health condition;

Setting and communicating internal standards for expectations of timescales for claims, and keeping the customer informed;

Ensuring appropriate processes are in place for identification of priority claims and remedial action. For example, loss of accommodation due to a house fire; and

Ensuring that the investigation of any fraud suspicions does not result in the unfair treatment of the customer.



Page 14 of 21

C2.3 Include robust analysis – Suppliers must:

Take in to account all facts to form a complete picture of the circumstances of the claim;

Give appropriate weight and allowance where there is an absence of evidence to support the position of either party;

Presume a customer's version of events to be truthful, if when taken at face value, it is plausible;

Where customer non-disclosure is potentially an issue, review the information given to the customer (at the time the product was taken out, on variation of the contract or at renewal), including clarity of questions and warnings. Where they were clear then consider the evidence to establish if the omission was deliberate, reckless or careless and apply the appropriate remedy in accordance with the Consumer Insurance Act;

Where unable to reach a definitive outcome due to an absence of evidence or due to conflicting evidence, make a reasonable decision on the balance of probabilities; and

Ensure any customer information is treated sensitively where appropriate (such as medical records) and in accordance with the Data Privacy Policy for third party suppliers.

C2.4 Communicating the Decision – Suppliers must:

Communicate the decision as soon as possible, clearly and concisely, whether orally or in writing. If repudiating or declining a claim, fully explain the reasons for the decision and provide the customer with an opportunity to challenge any key fact or piece of information which has been relied on, taking appropriate follow-up action as necessary;

Provide the necessary contact details, should the customer wish to make a complaint; and

Once a decision has been communicated to the customer, ensure that actions are completed within the committed timescales. In the event a Supplier is unable to complete the actions within the communicated timescales, the customer must be informed as a matter of courtesy and an apology offered. Where non-financial loss such as distress or inconvenience has been caused during the course of dealing with the claim, Suppliers must refer to the procedures set down within the Group Complaint Handling Policy for third party suppliers.

D. Rectifications

Where an Event arises due to the activities of a third party supplier, the Business Unit owning the supplier relationship must cooperate with the Business Unit which is responsible for the Rectification to ensure the requirements set out in the Group Rectification Procedure are complied with. Specifically, the third party must ensure that they;

Undertake a root cause analysis to identify the cause of the Event and take urgent steps to fix any issues under its control;

Take steps to review and manage the risk of future Events; and

Support the analysis, design and delivery of remediation activities in accordance with this Group Rectification Procedure.



Page 15 of 21

E. Outcome Testing

Outcome testing involves reviewing customer interactions holistically to determine whether an appropriate and sustainable solution has been achieved for the customer. For example, contacting a customer to determine if the product they have taken out meets their needs, or listening to a call to determine if the colleague answered all the customer's queries satisfactorily.

To qualify as outcome testing, the activity must:

Be undertaken by an area independent of the function performing the activity being assessed; and

Include at least one element of testing activity with customer interaction such as Mystery Shopping, Call Listening or Customer Contact. Customer Behaviour Data Modelling is a tool that can also be used, with the agreement of the second line of defence.

Validation of Retained Records (or file sampling) is an important element of the control framework, but does not constitute Customer Outcome Testing and cannot be reported as such.

Suppliers must:

Agree the level of outcome testing to be performed with their Supplier Manager in accordance with Appendix 2;

Have a documented plan that sets down its approach to customer outcome testing. The plan must:

o Include the expected volume of outcome testing:

o Consist of sufficient activity to provide reasonable assurance that all customer interactions have been handled appropriately, the Supplier has met customers’ needs and should reflect the risks which are inherent in different types of customer interaction, including where customers are (or could be) in vulnerable circumstances. Where Suppliers handle a range of customer interactions across a number of locations the plan should recognise that some interactions will require more regular testing, and/or larger sample sizes than others to ensure that results are representative of the population; and

o Be approved via appropriate governance and be reviewed regularly.

Categorise and report against its outcome testing results as directed by the Group using the outcome factors below.

CUSTOMER OUTCOME FACTORS

Area of focus

Meets Customer Needs

An appropriate outcome has been achieved.

Compliant Information Disclosure

All key information has been provided in appropriate ways to assist the customer with making an informed decision or the communication clearly sets out the rationale for any decision the Supplier has taken.

Regulatory Compliance

All relevant regulatory conduct requirements have been complied with appropriately.



Page 16 of 21

Internal Process Compliance

All relevant internal processes, not already covered under Meets Customer Needs, satisfy Compliant Information Disclosure and Regulatory requirements, have been followed.

KEY CONTROLS

Control Title Control Description Frequency

Outcome Testing is performed

The Supplier performs outcome testing in accordance with the expectations outlined in this Policy document, and reports against this, to confirm the extent to which fair customer outcomes are being achieved.

Monthly

Governance, monitoring and reporting meet Policy criteria

The Supplier has robust processes in place for governance, monitoring and reporting that meet the requirements of this Policy and Procedures. In particular, those processes ensure that relevant stakeholders and colleagues of sufficient seniority are involved in governance. MI is relevant, given visibility, and pro-actively acted upon.

Monthly

Customer risks are identified pro-actively

The Supplier uses tools to identify proactively its customer risks, including anticipation of those that are new and emerging, by obtaining appropriate feeds of information and performing regular analysis. Risk identification includes new or emerging compliance requirements through regulation, legislation, codes, and/or internal Policy.

Monthly

Wide-reach Communications

are signed-off prior to issue

The Supplier has a robust challenge and sign-off process for 'wide-reach communications' (see Glossary) to ensure that information issued to, or targeted at, customers, is clear, fair, and not misleading.

Monthly

A robust rectifications

process ensures fair customer

outcomes

The Supplier has arrangements in place to support the Group in the delivery of fair outcomes for customers, where the supplier has caused potential detriment. The supplier must act in accordance with the Groups rectification procedure, including analysis of the underlying cause of the event and taking steps to address those causes.

Monthly

Colleagues are trained and

competent to deliver, or

support the

The Supplier must have appropriate training and competency arrangements in place for all colleagues who manage customer risk, whether interacting directly with customers, or supporting those colleagues who do.

Quarterly



Page 17 of 21

delivery of, fair customer outcomes

Key Processes are formally

documented and regularly reviewed

The Supplier must have an owner for, and document, its processes for key activities and review them on a rolling annual basis. This includes the Supplier's approach to vulnerable customers.

Annually

MANDATORY REQUIREMENTS – NON-COMPLIANCE

Any material differences between the requirements set out above and the Supplier’s own controls should be raised with the Accountable Executive for the relationship by the Supplier Manager and with the local BUCF.

GLOSSARY

Term Definition

Customer

For the purposes of this Policy and underlying Procedures, a customer is an existing or potential: 1) Personal customer – a private individual acting in a non-business capacity; or 2) Business customer – an individual acting in a business capacity or small and medium businesses or charities*; or in respect of the Group’s regulated activities, clients categorised as Retail (within COBS 3 of the FCA Handbook). *“Small or medium businesses” as defined by the individual Business units within the Group's Commercial Bank. The definition above does not replace or supersede any of the customer definitions or requirements set by regulators or other external bodies.

Vulnerable Customer

”A vulnerable consumer is someone who, due to their personal circumstances, is especially susceptible to financial detriment, particularly when a firm is not acting with appropriate levels of care.” Source: FCA, Policy, Risk & Research definition, July 2014.

Conduct Risk

Conduct Risk is defined as the risk of customer detriment or regulatory censure and/or a reduction in earnings/value, through financial or reputational loss, from inappropriate or poor customer treatment or business conduct.

Customer Risk

Customer Risk is the risk that the customer will suffer a form of detriment in dealing with the Group or its Suppliers. This need not result in financial detriment, and can include being provided with products, services, information, or advice, that does not meet their needs or expectations. The risk of failing to treat customers fairly can arise throughout the duration of a



Page 18 of 21

customer's relationship with the Group. This Policy defines what the Group means by customer and reinforces the Group's stance that customers in vulnerable circumstances must not be disadvantaged or treated less favourably.

Wide-Reach Communication

Non-marketing communications that are issued to, or targeted at, multiple customers and, because of that, present a systemic customer risk. The impact could be to customers (if they are inaccurate, and/or mislead) or the Group (reputational damage, cost to put right, and/or technical compliance breaches). Communications falling into this category must be approved by the Group Accountable Executive for the communication, unless the Accountable Executive has provided specific delegated authority:

Factual information – covers a broad spectrum, including (non-exhaustive list): Terms and Conditions; some distribution process materials given to a customer (such as initial disclosure documents or key features); online banking instructions; welcome packs; press releases, and corporate literature;

Mailings – any communication issued to a group of customers such as fulfilment letters, maturity letters, 'calls to action' as part of a rectification exercise, interest rate change letters

Forms – e.g. application forms; and

Standard letters/templates – as a minimum this includes the headers and footers but will also include any letters that contain pre-agreed text with the intention that they will be used for multiple customers e.g. overdraft letters, arrears letters.

Rectification

A Rectification is the end-to-end process by which we: assess an Event to determine whether it has caused detriment to customers. As part of this assessment we will remediate the customer to correct any detriment and analyse the Event to identify and fix the cause in order to prevent recurrence. We will then share lessons learned to enable other areas to take action to improve controls and reduce future Events.

This Procedure applies to any Event which has caused Systemic Detriment, to customers.

Out of scope:

Individual Customer Complaints, which are handled in accordance with the Group Complaint Handling Policy.

Customer rectification activities carried out by the Bronze, Silver or Gold incident management teams are managed in accordance with the Group Incident Management Procedure. This Procedure applies to



Page 19 of 21

any Incident where there is residual Detriment which has not been rectified at the point the incident is closed. The Incident Chair (or equivalent) must ensure that a Head of Business has agreed to accept accountability for any outstanding rectification activities, prior to closure of the incident.

Customer claims in respect of Fraud related events, provided the customer claim is dealt with in accordance with the Group

Fraud Policy.

Claim A request for a payment or service under the terms of a: general insurance policy; life insurance or critical illness policy; or permanent health insurance.

Dormant account An account that has had no customer initiated transactions take place on it for a minimum of 3 years and is not connected to any other active account.

Customer Interaction

The Customer Interaction begins from the point at which the supplier or the customer initiates a specific activity, through to a fair outcome of that activity. A CI may be managed wholly within a Supplier or could span Supplier/Group requiring hand-offs between them.

Lending Includes all secured and unsecured lending, such as: loans, mortgages, overdrafts, credit cards, and leasing finance.

Version Number Effective Date

1.0 31 March 2014

2.0 31 October 2014

3.0 15 January 2016

4.0 12 December 2016

Next Planned Revision: November 2017 in conjunction with the Group Customer Treatment Policy and Procedures



Page 20 of 21

APPENDIX 1 – CONDUCT STRATEGY

1

Conduct StrategyOur vision is to be the best bank for customers, aligning sustainable and fair customer outcomes with shareholder value.

Managing our conduct risks is central to achieving this. We will implement and embed a revised Conduct Risk Framework:

Initiatives

Enhanced conduct risk appetite

statements underpinned by detailed MI

and customer analytics

Enhanced product governance (for

example value for money, customer

research and target market)

Sales processes and governance

framework to deliver consistent fair

outcomes

Enhanced approach to business

planning and strategy with customer at

the heart

Rewards and Incentives driving

customer centric behaviours

Cultural transformation to deliver best

bank for customers

Enhanced recruitment capability and

performance management with clear

customer accountability

Continued journey to industry leading

complaints performance

Rectification framework and Root

Cause Analysis (RCA)

Record keeping that evidences fair

outcomes to customers

Post sale customer critical processes

delivering first class service

Extension of the Conduct Strategy to

our 3rd Party Suppliers

Conduct Strategy

Enhanced approach to business planning and strategy including cultural transformation

Conduct Risk Appetite – qualitative statements and core metrics, regularly reviewed at Board level,

supported by more detailed Divisional appetite statements and limits. Enhanced by customer

analytics capability and decision science

Customer Treatment – scope, governance, detailed polices, responsibilities & monitoring

(covering all 6 FSA customer outcomes)

Product & Sales GovernanceComplaints Handling & Rectification

Framework

Product

Governance

Standards

Customer

Treatment

Standards

Sales Process

Governance

standard

Complaints

Standards

Rectification

framework

Product risk

assessment tool

Annual Product

Review

Enhanced product

governance: value

for money,

customer research

and target market

analysis

Responsible

Lending

Provision of advice

/ selling

Customer in

Financial

Difficulties

Claims Handling

Record keeping

Post sale service

Sales process

review and sign-off

Distribution risk

assessments

Enhanced target

market monitoring

Root Cause

Analysis (RCA)

Training and

Competence

Decisions

Redress

Quality Assurance

and MI

Rectification

framework

Standardised

methodology

Cross group RCA

governance forum

Clearly articulated conduct risk measures included in Balanced Scorecards

Enhanced focus on recruitment, capability and performance management

Enhanced reward, incentives and risk gateways

Minimum MI standards and additional guidance

Group customer outcomes testing standards

On-going improvements to Complaints and simplification

Business Planning

& strategy

Appetite

Group Policies

Detailed

Standards

Reward and

remuneration

Monitoring /

Oversight

standards

Ongoing improvements

1

2

3

4 6

5 7

9

11

8

12

10

1

2

3

4

5

6

7

8

9

10

11

12



Page 21 of 21

APPENDIX 2- CUSTOMER CRITICAL INTERACTIONS

– PRINCIPLES OF OVERLAYING OUTCOME TESTING

To support ensuring our customers are receiving the right outcomes, suppliers are listening to customers, and that feedback

(positive and negative) is used by suppliers to focus on the right areas to improve, we need to adopt a tier model to ensure

we test and oversee the right things. This starts with identifying the key “moments of truth” or Customer Critical

Interactions” (CCIs)

Understanding where our Customer Critical Interactions are; having clear supplier metrics in place to track them overlaid with a

flexible assurance testing model will enable LBG to get closer to our suppliers processes whilst continuing to utilise their

expertise to carry out the activities we have requested of them.

Lloyds Banking Group visits twice

annually to test processes. Reliant

on MI to gain comfort / identify areas

of focus

High 10 High 13 Very High 15 Very High 16

Medium 6 Medium 9 High 12 Very High 14

Low 4 Low 5 Medium 8 High 11

Low 1 Low 2 Low 3 Medium 7

VHClose

Collaborative

oversight

HIGHVolume oversight from supplier

with close scrutiny within LBG

(sample testing)

MEDIUM

Site visits agreed through the

year (likely to be twice annually

supported by MI)

LOW

No testing required, reliant on MI, with

capability to carry out site visit if required

Lloyds Banking Group Assurance manager working

alongside a couple of Supplier Managers to frequently

test supplier processes, along with supplier carrying

out frequent outcome testing (or similar) in line with

LBG requirements. Suite of metrics also in place.

Supplier carries out frequent outcome

testing (or similar) in line with Lloyds

Banking Groups requirements. This

is sample tested , and reviewed

through metrics also in place.

Reliant on MI to gain

comfort / identify areas

of focus

Documents

LLOYDS BANKING GROUP CUSTOMER TREATMENT POLICY …...Policy Risk Appetite The Group has no appetite for: Regulatory breaches; or Systemic unfair customer outcomes arising from product