What The FCA Consumer Understanding Review Means For Secure Digital Communications

Consumer Duty has shifted the question from “Did we send it?” to “Could the customer access it, understand it and act on it?”

The FCA’s Consumer Understanding review makes that shift practical for every regulated firm sending important customer communications.

For firms sending pension updates, policy documents, mortgage information, arrears letters, claims updates, renewal notices, and other sensitive customer communications, proof of dispatch is no longer enough.

The FCA Handbook says companies must support retail customer understanding so communications meet customer information needs, are likely to be understood, and equip customers to make effective, timely, and properly informed decisions.

That creates a practical challenge for communication, compliance, operations, and technology teams. They need systems that help them see what happens after the message leaves the business.

Secure email and digital mailboxes will not prove Consumer Duty compliance on their own. They can, however, help firms build the controls and evidence needed to support protected access, customer engagement, secure replies, revisitability, and governance review.

Contents

• Moving From Sending To Understanding
• Consumer Understanding Needs Feedback
• Accessibility Is Now A Communication Risk
• Important Email Needs Better Controls
• Digital Mailboxes Can Reduce The Burden
• The Future Is Evidence-Led Communication
• What Regulated Firms Should Review Next

The FCA Has Moved The Conversation From Sending To Understanding

The Consumer Understanding outcome is concerned with whether customers receive information in a way that helps them make decisions. That applies across channels, including written, verbal, visual, and electronic communications.

What Consumer Understanding Requires

Under PRIN 2A, firms must communicate in a way that is clear, fair, and not misleading. They must also consider the target market, the complexity of the product, the communication channel, and any characteristics of vulnerability.

For practical customer communication teams, this means looking at the whole path: the document, the channel, the timing, the format, the support route, and the evidence collected afterwards.

A record that a letter was generated, an email was sent, or a portal notification was issued may be useful.

It does not show, on its own, whether the customer could open the information, understand the decision in front of them, or get help at the point they needed it.

Why Dispatch Evidence Is Too Thin

In many regulated communication workflows, the highest-risk moment happens after dispatch.

A customer may miss an attachment, delay opening a document, struggle with a portal login, misunderstand a key exclusion, or avoid asking for help because the support route is unclear.

That's why the communication system needs to create more than a sending record. It needs to help firms identify where customers access information, where they hesitate, where they need support, and where communication design needs to change.

"Consumer Understanding forces firms to look beyond the act of sending. If a customer cannot open, revisit, or act on important information, the communication process has not done its job in practice."

Paul Holland, Founder and CEO, Beyond Encryption (Mailock)

The point is not that every message needs the same controls. A routine marketing email, a pension transfer warning, and an arrears communication carry different levels of risk.

The firm’s evidence should match the importance of the decision the communication supports.

Consumer Understanding Needs A Feedback Loop

The FCA’s Consumer Understanding review highlights good practice across management information, testing, communication design, vulnerability, accessibility, financial promotions, governance, and oversight.

Design, Testing, Monitoring And Governance

Good communication work is more than a one-off copy review.

The FCA describes firms using sources such as call listening, complaints, chat transcripts, website analytics, drop-off data, surveys, comprehension checks, A/B testing, and frontline feedback to understand where customers struggle.

That creates a clear operational pattern: design the communication, test it, monitor what customers do, review the evidence, and change the communication or route where the evidence shows a problem.

Firms that collect data still need to ask whether it is the right data.

Secure-message access rates, read rates, and attachment download logs can be valuable evidence because they show that the customer moved beyond simple dispatch and into the communication itself. They are especially useful when reviewed alongside support queries, repeat contact, drop-off data, and comprehension testing.

Where Firms Should Look For Signals

Consumer Understanding evidence should come from several sources. Access rates, attachment downloads, call volumes, complaints, survey responses, secure replies, drop-off points, support contact reasons, and comprehension testing can all contribute to the picture.

The distinction is important. Access evidence supports Consumer Understanding work, but it should not be treated as the whole answer. A customer opening a secure message or downloading an attachment is strong evidence of delivery and engagement. It does not, by itself, show that the customer understood every term, risk, or action needed.

The FCA made a related point in its Payments Consumer Duty multi-firm review, where it said some firms pointed to email open rates, but that open rates do not indicate understanding alone. For secure communications, the stronger approach is to treat access and download evidence as part of a wider evidence set.

Accessibility Is Now A Communication Risk

Accessibility is often treated as a formatting issue. Under Consumer Duty, it is also a conduct risk because communication channels and formats affect whether customers can make informed decisions.

Customers Do Not All Receive Information In The Same Way

The FCA’s Consumer Understanding review cites its 2024 Financial Lives Survey, which found that 12% of adults had limited understanding of the products they held, 19% had low confidence with everyday numeracy, and three in 10 said their preferred communication channel had been withdrawn, causing difficulty for most of them.

Those findings matter for routine customer communication design. A firm may send technically accurate information, but customers with lower financial confidence, lower digital confidence, sensory impairments, language preferences, or characteristics of vulnerability may need a different route, format, summary, timing, or support prompt.

For regulated firms, this means accessibility should be considered when deciding how to send important information. The channel needs to match the customer, the risk, and the decision.

Channel Choice Affects Understanding

Portals, email, post, telephone, video, and in-app messaging can all work well in the right context. The risk comes from assuming that one channel works for every customer and every communication.

A portal may suit frequent account access. Email may suit time-sensitive document delivery. Post may still be needed for customers who cannot use digital channels confidently. Telephone support may be essential where a customer needs help interpreting an important decision.

For sensitive digital communication, the issue is whether the chosen channel lets the firm protect information, verify the right person, support the customer, and retain meaningful evidence afterwards. That is where secure email and digital mailbox models become relevant.

Email Still Works, But Important Email Needs Better Controls

Email remains a familiar access point for many customers. It is often easier than asking someone to remember another portal login for a document they may only need to read once or twice.

The Practical Case For Secure Email

For regulated firms, ordinary email can be too exposed for sensitive customer documents. Wrong-recipient risk, limited access control, insecure replies, weak recipient verification, and limited audit evidence can all create problems when messages contain personal, financial, or policy information.

Mailock secure email helps where firms want to keep email as the customer access route while adding protected access, recipient authentication, secure replies, message revocation, message tracking, attachment download logs, and audit trails.

That can help firms move from an assumption-based model to a more evidence-led model. A sender can see whether a secure message has been accessed, whether attachments have been downloaded, customers can reply securely, and the organisation can retain a clearer record of activity around important communications.

This is different from saying secure email proves understanding. It does not. Secure email supports the delivery and evidence layer. Firms still need communication testing, support data, comprehension evidence, and governance review to understand whether customers can act on the information they receive.

From Dispatch Evidence To Outcome Evidence

The most useful communication evidence usually comes from combining several measures. Secure-message access rates and attachment download logs are strong evidence that a customer has engaged with the communication. They become even more useful when firms connect them to support data, testing, and governance review.

This is also why firms should be careful with older practices such as password-protecting attachments and sending the password separately.

They may add a simple barrier, but they do not provide the same combination of protected access, recipient authentication, secure reply, and message-level evidence.

For more detail, see our article on why password-protecting a document is not usually secure enough for sensitive communications.

Digital Mailboxes Can Reduce The Burden On Customers

Consumer Understanding is also affected by what happens after a customer opens a document. Many important financial documents need to be kept, revisited, compared, or acted on later.

The Problem With Scattered Important Documents

Customers often receive important information across email, post, portals, adviser systems, insurer platforms, pension provider platforms, and PDF attachments. That makes life admin harder, especially when the customer is under time pressure or dealing with a stressful decision.

A customer may open the right document once, then struggle to find it again. They may save several versions of the same document. They may miss an action because the next step is hidden in a long PDF or split across several channels.

For regulated firms, that raises a question: can the customer return to important information when they need it, or does the communication model depend on a one-time access event?

Where Nigel Fits

Nigel is Beyond Encryption’s secure digital mailbox and document concierge, built around helping people receive, store, and manage important information in one place.

In a Consumer Understanding context, it's about persistence. A secure digital mailbox model gives customers somewhere to return to important documents, rather than relying on scattered messages, one-off portal visits, or local downloads that become hard to manage.

That can support a more customer-centred communication model where important information is easier to organise, revisit, and connect to next steps. The compliance still needs care: a digital mailbox can support better access and organisation, while firms remain responsible for testing, support, monitoring, and governance.

"The operational challenge is joining the evidence together. Firms need to know what was sent, how customers engaged, where support was needed, and what changed as a result of that insight."

Adam Byford, COO, Beyond Encryption (Mailock)

For firms that still rely heavily on print and post for sensitive documents, this broader model is also relevant to channel strategy.

Secure email, e-signatures, customer portals, and digital mailboxes all have a role, depending on the communication, customer, and risk.

We explore those trade-offs in our guide to alternatives to print and post.

The Future Is Evidence-Led Communication

The FCA’s review points firms back to evidence: what customers do, where they struggle, how communications are tested, how MI is reviewed, and whether governance decisions lead to improvements.

What Firms Should Be Able To Show

A regulated firm should be able to explain the evidence behind its important customer communications.

That does not mean every firm needs the same tooling, but it should be able to show why its approach is proportionate to the risk.

For high-impact communications, the firm should know what was sent, when it was sent, whether protected access was needed, whether the customer accessed it, whether attachments were downloaded, whether they could ask for help securely, where customers dropped off, and how communication MI was reviewed.

The FCA’s Year 2 Consumer Duty board reports blog makes the same point in governance terms. It says firms should be able to evidence how they test communications, assess consumer comprehension, and respond where customer behaviour indicates misunderstanding or friction.

How To Read Communication Metrics Carefully

Access rates, read rates, and attachment download logs are useful because they show more than dispatch. They help firms evidence that customers reached the secure communication and engaged with the information provided.

They still need context. A low complaint rate may mean customers understand the communication. It may also mean they do not know what to complain about, or that the harm has not surfaced yet.

The same applies to engagement data. It can tell a firm something meaningful about access and delivery. It should then be connected to support queries, repeat contact, comprehension testing, and governance review.

Better evidence combines delivery records, engagement signals, support data, comprehension testing, and governance action. The purpose is not to create more reporting for its own sake. It is to help the firm see where customer communications are working and where they need to improve.

What Regulated Firms Should Review Next

For many firms, the most useful next step is to review the communications that carry the highest customer impact: documents that prompt decisions, explain risks, request action, confirm changes, disclose costs, or affect access to support.

Questions For Communication, Compliance And Operations Teams

The review should include the content of the communication and the route through which it is delivered. A clear letter can still fail if the customer cannot easily access it, reply to it, or find it again when they need it.

The strongest reviews will bring together compliance, operations, customer service, digital, and technology teams. Communication outcomes are rarely owned by one department in practice.

Where Secure Email And Digital Mailboxes Belong

Secure email belongs in the delivery and evidence layer. It helps firms protect sensitive messages, verify recipients, support secure replies, track access, and retain clearer records of communication activity.

Digital mailboxes belong in the organisation and support layer. They can give customers a persistent place to receive, store, manage, and revisit important information, with the potential to reduce scattered document handling.

Neither layer replaces the firm’s wider Consumer Duty responsibilities. The stronger approach is to build communication systems that help customers access information safely, support them when they need help, and give the firm better evidence for testing, governance, and improvement.

FAQs

What Is Consumer Understanding Under The FCA Consumer Duty?

Consumer Understanding is one of the Consumer Duty outcomes. In plain terms, firms need communications to meet customer information needs, be likely to be understood, and help customers make effective, timely, and properly informed decisions.

Does Proof Of Sending Show Consumer Understanding?

Proof of sending and proof of delivery can support the evidence picture, but firms also need to consider whether customers accessed, understood, and acted on important information. Secure-message access rates and attachment download logs can help show delivery and engagement.

What Do Access Rates And Attachment Download Logs Show?

They can show that a customer accessed a secure message or downloaded an important document. That is stronger evidence than simple dispatch alone, and it helps firms understand engagement. It should still be reviewed alongside support data, testing, and governance evidence.

How Can Secure Email Support Consumer Duty Communication Evidence?

Secure email can help evidence protected delivery, recipient authentication, access, attachment downloads, secure replies, message tracking, and audit trails. It does not prove compliance or understanding on its own.

Where Could A Digital Mailbox Help?

A digital mailbox can give customers a persistent place to receive, store, manage, and revisit important documents. That can support access and organisation, while firms still need testing, support, monitoring, and governance.

References

PRIN 2A The Consumer Duty, FCA Handbook, 2026

Consumer Understanding: Good Practice And Areas For Improvement, Financial Conduct Authority, 2026

Payments Consumer Duty Multi-Firm Review, Financial Conduct Authority, 2024

Year 2 Consumer Duty Board Reports: Progress And What Comes Next, Financial Conduct Authority, 2026

Reviewed by

Sam Kendall, 10.06.26

This article is for general information only and should not be treated as legal or regulatory advice.