The FCA's shift toward outcomes-based regulation means having the right policies in place is no longer enough. Here's what compliance teams in insurance contact centres actually need to evidence and where the gaps tend to be.

For a long time, insurance firms could demonstrate compliance by pointing to their policies, their training frameworks, their QA processes. Auditors would review the documentation. Boxes would be ticked. The firm would move on.

That model still exists, but it's no longer sufficient on its own. Consumer Duty, which came into full force in July 2023, fundamentally changed what the FCA expects firms to prove.
The question is no longer just "do you have the right processes?" It's "are those processes actually delivering fair outcomes for customers and can you show us?" For insurance contact centres, that distinction matters more than almost anywhere else in a firm.

Every call is a live interaction between an agent and a customer. Every conversation is an opportunity to meet, or miss, the standard the FCA now expects.

Consumer Duty is built around four outcome areas: products and services, price and value, consumer understanding, and consumer support. For contact centres, it's the last two that create the most day-to-day pressure. Consumer understanding requires that customers are given information they can genuinely act on, communicated clearly, in plain language, in a way that accounts for their individual circumstances. Consumer support requires that firms help customers achieve their goals without unnecessary barriers or friction.

Neither outcome can be evidenced purely through documentation. They have to be evidenced through what actually happens in customer interactions, which puts the contact centre at the centre of how a firm demonstrates compliance, not the legal team, not the policy archive. The FCA has been explicit about this: its Consumer Duty guidance states that firms should be able to demonstrate the outcomes customers are actually receiving, not just the processes firms have in place to try and deliver them.

ICOBS (the Insurance Conduct of Business Sourcebook) has governed how insurance firms communicate with customers and manage the sales process for years, and it's still in force. But Consumer Duty sits on top of it. Where ICOBS tends to set minimum behavioural standards, don't mislead customers, give information in good time, handle claims promptly.

Duty asks a different question: was the overall outcome actually good for the customer? And how do you know?

The combination means compliance teams are now managing both a conduct rulebook and an outcomes evidencing obligation at the same time, and the bar for each is only moving in one direction.

Here's where many insurance contact centres are genuinely exposed. They have QA processes, monitoring frameworks, and compliance infrastructure built over years. But when you look at the coverage those processes actually provide, the picture changes.

The industry standard for manual call monitoring sits somewhere between 3 and 5 percent of total call volume. Which means that for every hundred customer conversations, somewhere between 95 and 97 are never reviewed. That's not a criticism of QA teams, manual call review is time-consuming, and the resource simply doesn't exist to do more. It's just the reality of how the process works. The problem is that 3 to 5 percent isn't an evidence base. It's a sample. And when the FCA asks a firm to demonstrate that its customers are consistently receiving fair outcomes, a sample drawn from a fraction of calls doesn't hold up well under scrutiny, particularly when those calls are often selected in ways that favour positive results.

That coverage gap creates specific pockets of risk. Vulnerable customers are one. The FCA's guidance is explicit that firms must be able to identify customers who may be in vulnerable circumstances and respond appropriately. In a manual monitoring environment, that identification is largely down to individual agent judgement on calls that aren't being reviewed. The compliance team has very little visibility into whether it's happening consistently across the operation and in the event of a complaint or regulatory review, very little to point to that shows it was.

Complaints handling is another. When a complaint reaches the FOS and a firm needs to reconstruct what was said on a call, what information was given, whether the customer genuinely understood their options, the ability to retrieve and review that interaction matters enormously.

Firms with a complete, searchable record of call content are in a fundamentally different position to those relying on agent notes and partial recollections. And script adherence runs alongside both: ICOBS requires specific disclosures at specific points in a conversation, during sales, at renewal, when handling a claim. Whether those disclosures are consistently happening at scale is something very few compliance teams can answer with genuine confidence.

The firms that will be best placed under ongoing FCA scrutiny are those that have moved beyond treating compliance as a documentation exercise and built real visibility into what's happening in customer interactions day to day.

In practice, that means moving from sample-based monitoring toward coverage that gives compliance teams a meaningful view across a much broader proportion of calls. It means having the ability to identify patterns rather than just incidents, not just catching the individual call where something went wrong, but spotting that a particular issue is recurring across a team, a product line, or a time of day. It means infrastructure that flags vulnerability indicators consistently, so that the identification of a customer who may need additional care doesn't depend on whether their agent happened to notice the right signals in the moment.

And it means being able to produce an audit trail that reflects reality. Not a folder of documents, but a clear account of what happened in customer interactions over time, what was identified, what was escalated, and what was done as a result. That's what meaningful compliance oversight looks like when the FCA expects evidence of outcomes, not just evidence of process.

Insights360 is Conversant Technology's AI-powered conversational intelligence platform, built specifically for contact centres operating in regulated environments. For insurance compliance teams, it addresses the evidencing problem directly, not by adding more documentation, but by giving teams genuine visibility into what's happening across their calls.

Rather than reviewing a handful of interactions manually, Insights360 analyses customer conversations at scale. Every call. That means compliance teams stop working from a sample and start working from a complete picture, one that reflects what agents are actually saying, how customers are actually responding, and whether the outcomes of those conversations are consistent with what Consumer Duty and ICOBS require.

On vulnerable customers specifically, Insights360 monitors for the kinds of signals that indicate a customer may need additional care, changes in tone, signs of confusion or distress, language that suggests financial difficulty or emotional pressure.

Because that monitoring happens across all calls rather than only the ones a QA reviewer happens to pick, it removes the dependence on individual agent recognition that leaves most firms exposed. When a vulnerable customer interaction is flagged, compliance teams have a record of it and a record of what happened next.

For regulatory disclosure and script adherence, Insights360 tracks whether required disclosures are being made consistently and at the right points in a conversation. If a particular disclosure is being missed across a cohort of agents, or on a particular product line, the platform surfaces that as a trend rather than leaving it buried in a QA score that only reflects a fraction of calls.

That kind of pattern-level insight is what gives compliance teams the ability to act before a problem becomes a regulatory issue, rather than after.

And when a complaint escalates to the FOS, or a regulatory review lands, Insights360 provides the audit trail that firms increasingly need. A searchable, structured record of customer interactions, what was said, when, by whom, and how it was handled, is a fundamentally different thing to hand an auditor than a set of agent notes and a QA spreadsheet. It's the difference between demonstrating compliance and asserting it.

The broader point is that Insights360 doesn't change what Consumer Duty requires. It changes what compliance teams can actually see and therefore what they can actually prove.

The FCA has signalled consistently since Consumer Duty came into force that it intends to use its supervisory powers actively, and that firms which cannot demonstrate good customer outcomes will face consequences. Insurance has been a focus area, the sector's complaints volumes, the complexity of its products, and the vulnerability profile of many of its customers make it one where the regulator expects to see sustained, serious compliance investment.

For compliance teams in insurance contact centres, the honest question is this: if the FCA asked you today to demonstrate that your customers are consistently receiving fair outcomes, not your policies, not your training records, but evidence drawn from actual interactions - what would you be able to show them?

For most teams, the answer is more complicated than it should be. The gap between what compliance frameworks promise and what contact centre interactions actually deliver is exactly where regulatory risk lives.

Closing it isn't just about avoiding enforcement. It's about building the kind of operation that can genuinely stand behind how it treats its customers, at any point, in any revie

Want to see how Insights360 works in an insurance contact centre environment?