The Vulnerability Registration Service (VRS) is a not-for-profit organisation that operates a central UK database designed to notify businesses when an individual may be in vulnerable circumstances and should be treated with additional care.

VRS maintains a database of people who have either self-registered or have been registered by an authorised third party. When interacting with a customer, VRS members can search the database to see if vulnerability has been recorded, helping you to adapt your approach and support to meet that individual’s needs.

Data on the VRS database comes from multiple sources:

• Individuals who register themselves.

• Third parties with legal authority (e.g. under a Power of Attorney or Court of Protection order).

• Partner organisations such as financial services, insurance providers, utilities, local authorities, legal firms an debt charities where appropriate permissions exist.

• Insolvency data from public sources.

No. While consent may be obtained, it is not legally required in all cases. Under the UK Data Protection Act 2018, processing can also be justified under ‘substantial public interest’, for example to protect someone’s economic well-being where obtaining consent is not possible or may cause harm.

VRS doesn’t independently assess or validate vulnerability itself. It flags that vulnerability has been identified by the registrant or source, but each business remains responsible for how it interprets and responds to that information in the context of its own policies and regulatory requirements.

There is no single definition of vulnerability — it can vary by business and sector. VRS uses high-level descriptions and sub-flags (e.g. physical disability, mental health, cognitive impairment, bereavement, financial difficulty) to help you understand the circumstances recorded.

Only individuals who have been registered with a lawful basis (either by themselves or via an authorised third party) will be held on the database. VRS will not contain unverified or speculative records.

Accessing VRS data can support your business to identify vulnerable customers, enabling appropriate adjustment of processes and communications. This can contribute to meeting regulatory expectations, such as those set by the UK Financial Conduct Authority (FCA) regarding fair treatment of vulnerable customers.

Yes. Where there is a lawful basis (such as explicit consent or another legal ground), you may register your customers with VRS to inform other organisations of their circumstances.

No. Being recorded as vulnerable does not automatically trigger credit refusals or service exclusion. Organisations must not unfairly decline services solely due to vulnerability, and VRS monitors usage to ensure compliance with its agreements.

Yes. The database holds information across all parts of the United Kingdom and can be used by organisations operating in any region.

Yes. VRS is managed in accordance with UK data protection legislation and follows robust security standards. The service is certified under recognised standards such as ISO 9001 and ISO 27001 to help safeguard personal information.

Records remain on the VRS database as long as there is a lawful basis to retain them. Individuals can request removal, and VRS periodically checks that information remains current.

Any organisation that engages with vulnerable people and has a contractual relationship with VRS can access the database, including financial services, insurers, utilities, housing providers, charities and public sector bodies.

Yes. You can run batch checks of your existing customer data against the VRS database, subject to appropriate legal basis and contractual terms.

No — VRS provides simple API solutions that can be integrated with minimal technical development.