Navigating the Grey Area of Consent and Compliance

This tension is particularly visible when examined through sector-level data. In banking, 79% of firms report hesitation due to unclear consent rules, closely followed by financial services at 77%. These are industries operating under intense scrutiny, where missteps in customer communication can result in significant regulatory consequences. Insurance firms, while still affected, report a slightly lower level of concern at 63%, perhaps reflecting different customer engagement models or legacy processes that already incorporate hybrid communication approaches. Meanwhile, the public sector (72%) and utilities (70%) sit closer to the overall average, highlighting that this is not purely a financial services problem but a systemic issue across regulated environments.

Keeping up with evolving regulation

At the heart of this challenge lies the evolving expectations set by regulators such as the Financial Conduct Authority and the Central Bank of Ireland. The FCA’s Consumer Duty framework has significantly raised the bar, requiring firms to demonstrate that all customer interactions deliver “good outcomes.” This includes ensuring communications are clear, understandable, and appropriately tailored. In practice, this extends directly into how consent is obtained and managed.

Similarly, the Central Bank of Ireland continues to emphasise transparency and informed consent, with upcoming developments like the Consumer Protection Code 2025 aiming to modernise expectations for digital engagement. These frameworks do not oppose digital transformation - in fact, they implicitly encourage it - but they demand a level of clarity and accountability that many organisations struggle to interpret consistently.

The difficulty is not the existence of regulation, but the ambiguity within it. Terms such as “soft opt-in,” “explicit consent,” and “durable media” are open to interpretation, and those interpretations can vary across jurisdictions, regulators, and even enforcement cases. For organisations operating across the UK and Ireland, this creates a patchwork of expectations that complicates digital strategy. What qualifies as compliant in one context may not hold in another, leading to a cautious, risk-averse approach.

This caution is reflected most strongly in sectors like banking and financial services, where the high agreement percentages shown in our Between Vision and Constraint survey report suggest a direct correlation between regulatory exposure and transformation hesitancy. These firms are often early adopters of digital innovation, yet they are simultaneously the most constrained by compliance uncertainty. The result is a paradox: the industries best positioned to lead digital change are among the most inhibited in executing it.

Compounding the issue is the complexity of modern communication ecosystems. Customers now interact with organisations across email, SMS, mobile apps, web portals, and even emerging AI-driven interfaces. Securing and maintaining valid consent across all these channels is both a legal requirement and a logistical challenge. Referring to our survey report once again, the 79% figure highlighting multi-channel consent as a barrier to digital transformation ambitions reflects the operational strain of synchronising preferences, ensuring auditability, and avoiding contradictions in consent status.

The big picture

Regulators have begun to acknowledge these challenges. The FCA’s targeted support proposals (practical guidance to help firms proactively assist customers without breaching rules), for instance, signal a willingness to explore more flexible, outcome-based approaches to customer engagement. However, these initiatives are still evolving, and firms must interpret them in real time, often without definitive guidance. This contributes to the “grey area” effect, where uncertainty becomes a greater risk than non-compliance itself.

In parallel, organisations must also contend with broader frameworks such as GDPR and ePrivacy rules, which reinforce the principles of transparency, purpose limitation, and user control. These regulations apply beyond financial services, explaining why public sector and utility organisations report similarly high levels of concern. The requirement to demonstrate not just consent, but informed and freely given consent, adds another layer of complexity to digital transformation initiatives. This is particularly important when dealing with vulnerable customers, where firms must take extra care to ensure communications are accessible, non-misleading, and sensitive to individual circumstances. Data protection and responsible communication are closely linked here, requiring organisations to avoid undue influence while still providing appropriate support.

AI and advanced data management systems offer the potential to streamline consent capture, unify customer preferences, and provide real-time compliance monitoring. Of course, these tools introduce their own regulatory considerations, particularly around data privacy, algorithmic transparency, and accountability, so it’s important to understand and employ best practice. In effect, organisations are navigating not one regulatory challenge, but multiple overlapping ones.

The path to clarity

Ultimately, the path forward lies in greater clarity and alignment. The FCA and the Central Bank of Ireland are making important strides in reducing the interpretive burden on organisations, but the evolving picture means there is always more to be done. Suggestions include clearer definitions of acceptable consent mechanisms - particularly in digital and multi-channel contexts – which would aid innovation without fear of retrospective non-compliance. Guidance in the shape of practical toolkits, plain-language summaries, and real-world use cases that firms can apply consistently is more important than ever.

For organisations, staying current with regulatory developments requires a structured approach. This might involve active participation in industry forums, engagement with regulatory updates and consultations, ongoing staff training, and collaboration with legal and compliance specialists. Many firms also rely on peer networks and third-party providers to benchmark approaches and share emerging best practice. Our own annual Communicate conference plays a key role here, providing a platform for CCM professionals to impart insight and expertise.

In a fast-moving environment, keeping abreast is less about one-off compliance exercises and more about embedding continuous monitoring and learning into day-to-day operations. The prize is significant - improved efficiency, enhanced customer experience, and meaningful progress toward sustainability goals. Clearer rules of engagement will enable firms to realise the full potential of digital transformation.