On paper, many firms are already digital.
Email addresses are captured. Documents are sent electronically. Paper volumes are falling.
But PS25/13 has changed the standard. When communication journeys are examined through a durable-medium lens, weaknesses become clearer.
Being digital is not the same as being durable.
Over recent months, Legado has been involved in digital-readiness work across large retail financial institutions reviewing how they communicate with clients as they move away from paper. Most describe themselves as digital-first, and in operational terms that is often true.
However, when disclosure journeys are mapped end to end across systems, teams and historic archives, the focus shifts quickly from channel to control, and from intent to evidence.
As Vicky Cairns, Solutions Consultant at Legado, explains:
“In many organisations, digital-first still means attaching a document to an email. That worked as a step away from paper, but it doesn’t automatically meet durable medium expectations.”
Digital-First vs Durable Medium
In many organisations, digital-first has historically meant capturing client email addresses, defaulting to electronic correspondence, and attaching documents to outbound emails. That approach reduced cost and improved speed. For years, that was sufficient progress.
PS25/13 reframes the requirement. The FCA’s expectation is not simply that disclosures are transmitted electronically. It is that firms can demonstrate, with confidence, that disclosures are delivered securely, stored in an unaltered form, accessible over time, and reproducible exactly as issued.
This is an evidential standard, not a delivery preference.
When firms assess their communication journeys against that benchmark, structural gaps frequently emerge. The most consistent of these sits within email.
The Structural Risk Within Email
Email remains the primary disclosure channel across retail banking, insurance and wealth management. It is familiar, scalable and operationally embedded. It is also structurally fragile from a compliance perspective.
During reviews, several risks consistently surface:
- Delivery uncertainty. Bounce-backs are not always captured centrally, and filtering by email providers can block or quarantine messages without clear audit trails.
- Sender-domain sensitivity. Complex emails, embedded links or unfamiliar domains can trigger security filtering.
- Attachment dependency. Disclosures stored only within inboxes or local archives.
- Access ambiguity. Limited visibility into whether the client opened, accessed or retained the disclosure.
When asked a simple executive question, can we evidence delivery and access of this specific disclosure three years from now, the answer often depends on stitching together logs from multiple systems.
That fragmentation creates operational risk, increases audit complexity and introduces reputational exposure.
The issue is not that email must be eliminated. It is that email, when used as a standalone channel, rarely provides the structured control environment that durable medium expectations now require.
As Cairns notes:
“Email was designed for communication, not regulatory assurance. That’s where many firms are starting to feel the tension once they review their journeys properly.”
If email remains part of the communication strategy, it needs to operate within a controlled and auditable framework. That includes verification that the correct client email address is being used, confirmation of successful delivery, structured access to disclosures, and retrievable evidence that does not depend on inbox history or manual reconstruction.
Beyond Delivery: Access and Governance
Durable medium requirements extend beyond the moment of transmission. From a client perspective, access challenges are predictable: forgotten login credentials, multiple systems holding different documents, difficulty locating historic disclosures within crowded inboxes, and uncertainty about where authoritative versions are stored.
From a firm’s perspective, that same fragmentation complicates retrieval during audit, remediation or complaint scenarios.
At executive level, the question shifts from how information is sent to how confidently it can be defended.
A further theme emerging across institutions is cultural rather than technical. Some legacy processes still assume paper default for certain interactions. PS25/13 clarifies that electronic communication is the default, with paper available by exception.
Moving away from paper is not achieved by attaching PDFs to emails. It requires deliberate design of communication journeys that are secure, scalable and evidencable by design. For executive teams, this is not a digitisation exercise. It is a governance decision.
What Executive-Ready Durable Communication Looks Like
When durable medium standards are genuinely met, complexity reduces for both firm and client. Disclosures are stored in a controlled environment. Delivery and access can be evidenced without manual reconstruction. Documents remain unchanged and retrievable over time. Clients know where information lives and can access it without friction.
That is the structural shift PS25/13 is driving.
The institutions responding most effectively are not those that simply describe themselves as digital-first. They are those prepared to interrogate the structural integrity of their communication model, particularly where email is concerned, and redesign it with evidence built in from the outset.
For firms reviewing durable medium exposure post-PS25/13, the starting point is gaining clarity on where evidential confidence breaks down today, and addressing it before it becomes a supervisory issue.
Legado supports regulated institutions in building durable, audit-ready communication frameworks that meet regulatory expectations without adding operational complexity. If PS25/13 has moved this up your agenda, we would welcome a conversation.