Compliance

Customer Complaints Handling

Intermediate

In a regulated financial business, customer complaints are not just support tickets. They are a regulated process with rules about logging, timeframes, fair resolution, and reporting. The systems we build must capture complaints reliably, track them to resolution, and keep the evidence, because regulators look at how we handle complaints.

Financial regulators set expectations for complaints. They must be recorded, acknowledged, investigated, resolved within set timeframes, and often reported in aggregate. A complaint can also be an early sign of a systemic problem (a bug wrongly flagging customers, an unfair automated decision). So capturing and analysing them protects customers and the business.

Engineering's part is making sure complaints cannot be lost: a reliable record, clear ownership and status, deadline tracking, and an audit trail, plus spotting patterns. This connects to Auditability & Evidence, High-Risk AI (contesting automated decisions), and Incident Readiness.

Capture and track reliably

DoRecord every complaint durably with who, what, when, and the channel. Do not let complaints live only in someone's inbox or memory (see Audit Trails).
DoTrack each complaint's status, owner, and the regulatory deadline for resolution, with reminders so nothing is missed.
DoGive customers a clear, accessible way to complain and to contest decisions, including automated ones (see High-Risk AI, Accessibility).
DoKeep complaint records and their resolution for the required retention period, with the evidence to show fair handling (see Data Retention & Erasure, Auditability & Evidence).
NeverDelete, hide, or alter a complaint record to make a problem disappear. Complaints are regulated evidence (see Professional Ethics).

Learn from them

DoSurface complaint patterns and trends. A spike or cluster often reveals a systemic bug or unfair process to fix at the root (see Incident Readiness).
DoSupport the required reporting (aggregate complaint data to regulators) from the captured records, rather than rebuilding it by hand.
DoTreat a complaint that reveals a security or data issue, or a wrong automated decision, as possibly an incident, and route it accordingly.
ConsiderFeeding complaint insights back into product and model improvement, to keep improving fairness and quality.

Self-review checklist

AskIs every complaint captured durably, with owner, status, and deadline, or could one be lost?
AskCan a customer easily complain and contest a decision, including an automated one?
AskAre records retained and evidenced to show fair, timely handling?
AskAre we watching for complaint patterns that signal a deeper problem?

Why it matters: Complaints handling is both a regulatory obligation and an early-warning system. Mishandled or lost complaints mean unfair outcomes for customers, regulatory findings, and missed signs of systemic problems. Reliable capture, deadline tracking, evidence, and pattern analysis turn complaints into a control that protects customers and improves the product.