The regulator aims to avoid disorderly failure, thereby minimising harm to the public and the UK financial system. The Client Assets (CASS) sourcebook contains rules to protect client assets and client monies. In this way, CASS supports the regulator to meet its objectives.
Regulatory Penalties:
CASS audit refers to the assets report required by the FCA. The report provides assurance to the FCA on how CASS firms handle or protect the client assets.
Where applicable, this means the auditor needs access not only to the firm’s data, but also that of third-parties, perhaps even fourth and fifth parties (sub-contractors).
CASS Audit Benefits:
The CASS audit is another means of demonstrating effective controls. For example, during the assessments, the auditors undertake several tasks, which may include:
- understanding how the firm operates, its structure and reliance on third-parties, use of technology as well as which CASS rules apply to the business
- understanding controls to identify and manage the risk of non-compliance with the CASS rules
- reviewing the reports from compliance and internal audit as well as follow-up actions
- assessing the consistency of CMAR submissions during the period
- testing reconciliations
The above serve as a reminder of the volume of data to be provided and reviewed.
In this way, firms need to obtain data from multiple sources and provide it to the auditors for assessment. Tracking this data can be a mammoth task for the person collating the material. Firms will want to track what information is being shared and with whom. In addition, firms need confirmation that data is shared securely and is available within appropriate timescales to avoid any delays in the process.
The process of collating information provides businesses with an opportunity to verify information provided. Where information is provided by multiple sources, what information is provided and how? Is there consistency in content and detail? How can that reporting be improved? These questions may be matters that don’t specifically impact the CASS audit, but can enhance Board oversight.
In addition, the auditors will need to meet with senior management, including the chief compliance officer and any third parties. This enables the auditors to assess the level of risk posed and likelihood of a significant breach. This allows the auditors to understand the governance structure of the business and its oversight of any third-parties and sub-contractors. Inviting the auditor to meet with the Board to discuss their review and observations can be helpful. The Board can use this opportunity to gain reassurance regarding CASS controls. Such opportunities should encourage challenge and debate of findings, but also help demonstrate Board engagement.
Ruleguard is an industry-leading software platform designed to help regulated firms manage the burden of evidencing and monitoring compliance. It has a range of tools to help firms fulfil their obligations across the UK, Europe and APAC regions. We offer practical line-by-line mapping for client asset compliance in custody, client money, mandates and resolution packs, as well as automation of CMAR returns.
Ruleguard hosts monthly webinars, to register your interest or review past events please click here.
See our blog page for further articles or join our mailing list to keep updated.
Visit our website to find out more about how Ruleguard can help.
Contact the author
Head of Client Regulation| Ruleguard