Vulnerability Identification: The Feedback Capability Social Housing Doesn't Know It Needs

“Bloody hell, I didn’t know you could even do that.”

That was the reaction from a room full of CX and compliance professionals when the subject of vulnerability identification from feedback came up at a recent industry event. Not scepticism. Not pushback about cost or complexity. Just genuine surprise that the capability existed.

Most social housing associations are collecting tenant feedback. Many are running Tenant Satisfaction Measures surveys across multiple touchpoints. A significant number have a compliance and risk obligation to demonstrate fair treatment of vulnerable tenants. What almost none of them have done is configure their feedback platform to automatically identify who those vulnerable tenants are.

That gap is now a regulatory risk. This article explains what the enforcement landscape actually looks like, why manual identification fails at scale, and what “good” looks like when a feedback programme helps to close this gap.

The new Enforcement Reality

The RSH and Housing Ombudsman have moved from issuing guidance to taking action — and vulnerability identification is explicitly in their sights.

When the Social Housing (Regulation) Act 2023 came into force, it gave the RSH unlimited fining powers and removed the cap on penalties for breaches of the consumer standards. The new consumer regulatory regime, including a programme of inspections, has been live since 1 April 2024.

Grade downgrades are already happening: dozens of landlords have received C3 grades (serious failings, significant improvements needed) in 2024–25 across issues from fire safety to repairs backlogs to inadequate understanding of tenants’ diverse needs. Three local authorities (Castle Point Borough Council, Newham Council, and most recently Arun District Council in August 2025) have received the lowest possible C4 grade, meaning very serious failings and fundamental changes needed.

These are not hypothetical outcomes. They are live enforcement actions, and the grade is made public.

The Housing Ombudsman is running at the same pace. In 2024–25, it issued 7,082 determinations — a 30% increase year-on-year. Over 100 severe maladministration cases on damp and mould alone were published in October 2024. In that same period, 120 landlords had a maladministration rate of over 75%.

For any compliance lead wondering whether ombudsman attention is a realistic risk: the data says it is.

For context on where housing regulation is heading, financial services offers a useful preview. The FCA has already issued substantial fines for failures to treat vulnerable customers fairly: HSBC was fined £6.28 million and paid £185 million redress to 1.5 million customers; Volkswagen Financial Services was fined £5.4 million and paid £21.5 million redress; TSB was fined £10.9 million and paid £99.9 million in redress.

Those actions share a common thread: the organisations had data indicating customer vulnerability, but they didn’t have adequate systems to identify them and respond differently.

Housing regulators are watching the same pattern and moving in the same direction.

The enforcement mechanism in housing is different, but the underlying expectation is identical. You must know who your vulnerable tenants are. You must demonstrate you treated them fairly. And you must be able to evidence it.

What the Housing Ombudsman’s Cases Tell You About the Specific Risk

The failure pattern in upheld cases is strikingly consistent: tenants disclosed their vulnerabilities, the information didn’t reach the staff handling their case, so the service response didn’t account for it.

PA Housing received a severe maladministration finding for having no record of a domestic abuse complainant’s vulnerabilities in their systems. The Ombudsman’s finding was not that the housing association was malicious — it was that they had no system for knowing what they needed to know.

Lewisham Council was ordered to pay £8,800 to a vulnerable resident and required a Chief Executive personal apology for damp and mould failures. A tenant with a health vulnerability living with damp has a materially different risk profile to a non-vulnerable household. The same problem, handled generically, produces a different outcome — and a different liability.

We see the same pattern time and time again in the complaints data: vulnerability wasn’t flagged, responses were generic, generic responses failed, and escalation followed. The evidentiary standard the regulator is applying is not “did you try to help?” It is: did you know this tenant was vulnerable, and can you demonstrate that you responded accordingly?

That is a fundamentally different question. And it has a fundamentally different answer depending on whether your feedback programme is built to surface vulnerability signals.

Why Identifying Vulnerable Tenants at Scale Is Genuinely Hard Without the Right Tool

One housing association we work with runs ten or more transactional feedback surveys — covering repairs, ASB complaints, asset moving, general customer service, and several other tenant journeys.

Their CX team is three people.

Three people running feedback across that volume of touchpoints, for that many tenants, cannot manually read every free-text comment looking for signals that someone has a health condition affecting their ability to manage a repair, has recently been bereaved, is in financial difficulty, or lacks the confidence to navigate a complex complaints process.

“We just don’t have the manpower to do this at scale” is not a complaint — it is an accurate description of reality for many teams.

It’s tempting to assume TSM surveys cover this ground, but that’s not quite true. TSMs produce quantitative scores: your repairs satisfaction rating is 6.3 out of 10 this quarter. They don’t flag that the tenant who scored a 2 added in the comments that they have a respiratory condition and have been asking for the mould in their bedroom to be treated for four months.

Crucially, they can’t route that signal, at the moment it occurs, to the team who have the power to fix the problem.

What Automated Vulnerable Tenant Identification Actually Looks Like

Automated vulnerability identification means AI and machine learning analysis of free-text feedback comments that detects vulnerability signals and routes them to the right person — without anyone having to read every response.

CustomerSure’s platform analyses free-text comments to detect vulnerability, aligned to the Ombudsman’s definition. When a signal is detected, the response is automatically labelled. The relevant team member receives an alert. The team acts. No manual triage required.

This is precisely what housing CX leads describe when you ask what they want from a feedback platform: “Just want it to do its magic without any human intervention.” The signal is identified, the label applied, the alert sent — and the team only needs to engage when there is something specific to act on.

The “bloody hell, I didn’t know you could even do that” reaction from housing compliance professionals who encounter this for the first time is genuine. This is not a feature they have evaluated and decided against. It’s not an AI revolution, it’s using AI in high-leverage ways to make life better for your tenants and people.

Building the Single Point of Truth Regulators and Auditors Expect to See

Vulnerability data identified through feedback should not live only in the feedback platform. It needs to be where every member of staff who interacts with that tenant can see it.

CustomerSure integrates with CRM and ERP systems to create a single point of truth for customer vulnerability data.

When a tenant’s vulnerability is identified through a repairs survey response, that information can live in the system that every repairs officer, housing officer, and complaints handler can access. Not a note hidden in a case file, and absolutely not a flag in a spreadsheet that two people in the organisation can navigate. It is embedded vulnerability awareness that follows the tenant across every touchpoint.

This is precisely what auditors want to see. A demonstrable, systematic process for vulnerability identification, with an audit trail showing what was detected, when, by what mechanism, and how the service responded. Not a policy document about how the organisation intends to treat vulnerable tenants. Evidence of how it actually did.

The FCA cited this approach in its March 2025 review of firms’ treatment of customers in vulnerable circumstances, as an example of good practice in the sector. Housing isn’t financial services, but the underlying capability the FCA recognised (using free-text feedback to detect vulnerability signals at scale) is exactly the capability the Housing Ombudsman is now describing as table-stakes.

The standard the RSH and Ombudsman are moving toward is the same one the FCA has been applying in financial services for several years. Organisations in housing that implement a systematic, platform-level approach to vulnerable tenant identification now will be ahead of the regulatory curve — and will have the evidence trail to demonstrate it.

Conclusion

Your housing association is already collecting tenant feedback. The question is whether your platform is configured to do what regulators, the Ombudsman, and your vulnerable tenants need most from it: automatically identifying who needs a different response, before they have to escalate to find out whether they will get one.

AI analysis of free-text comments, automated labelling, real-time alerts, and CRM integration are not aspirational features.

They exist today, and housing associations are already using them to evidence systematic vulnerability identification at the point of contact. For compliance leads who saw PA Housing’s severe maladministration finding, or watched their peers receive C3 grades for failures to understand tenant vulnerabilities, and thought “that could be us”… The good news is, the fix is easier than most realise.

Your feedback programme is already collecting the data. Is it identifying who needs help?

CustomerSure automatically identifies vulnerability signals in tenant feedback comments — and routes them to the right person before they escalate. See how it works for housing associations.

Book a demo