Whilst it is not the regulator’s objective to prevent firms from failing, where a firm does fail, the aim is to manage this in an orderly manner. Hence the basic capital resources requirement for all regulated firms.
The regulator aims to avoid disorderly failure, thereby minimising harm to the public and the UK financial system. The Client Assets (CASS) sourcebook contains rules to protect client assets and client monies. In this way, CASS supports the regulator to meet its objectives.
Today, CASS continues to be high on the regulatory agenda. During the COVID pandemic, whilst offices were empty, regulatory supervision didn’t come to standstill. The FCA issued various reminders to CASS firms with the emphasis upon firms continuing to protect client assets.
In 2020, Charles Schwab UK Limited was fined £8.9million (a reduced figure) following its failure to protect client money and client assets. The Final Notice explains the various shortcomings of the firm’s ability to fulfil its obligations. One of the failings noted by the FCA was the firm’s reliance upon US rules for setting the processes and controls to safeguard clients’ assets. The failure was worsened by regular audits against US standards instead of the UK CASS requirements, which gave false assurance to the firm.
What is the CASS audit?
CASS audit refers to the assets report required by the FCA. The report provides assurance to the FCA on how CASS firms handle or protect the client assets.
Regardless of location, UK regulated firms reliant on group or third-parties for services must ensure that those parties are working to the UK CASS standards.
Where applicable, this means the auditor needs access not only to the firm’s data, but also that of third-parties, perhaps even fourth and fifth parties (sub-contractors).
The auditor should provide notification to the FCA of any significant matters arising from the review. For this reason, it’s important that the firm and any third-parties (as well as sub-contractors too) provide sufficient information to the auditor to fulfil their duties.
CASS Audit Benefits:
The CASS audit is another means of demonstrating effective controls. For example, during the assessments, the auditors undertake several tasks, which may include:
understanding how the firm operates, its structure and reliance on third-parties, use of technology as well as which CASS rules apply to the business
understanding controls to identify and manage the risk of non-compliance with the CASS rules
reviewing the reports from compliance and internal audit as well as follow-up actions
assessing the consistency of CMAR submissions during the period
The above serve as a reminder of the volume of data to be provided and reviewed.
In this way, firms need to obtain data from multiple sources and provide it to the auditors for assessment. Tracking this data can be a mammoth task for the person collating the material. Firms will want to track what information is being shared and with whom. In addition, firms need confirmation that data is shared securely and is available within appropriate timescales to avoid any delays in the process.
The process of collating information provides businesses with an opportunity to verify information provided. Where information is provided by multiple sources, what information is provided and how? Is there consistency in content and detail? How can that reporting be improved? These questions may be matters that don’t specifically impact the CASS audit, but can enhance Board oversight.
In addition, the auditors will need to meet with senior management, including the chief compliance officer and any third parties. This enables the auditors to assess the level of risk posed and likelihood of a significant breach. This allows the auditors to understand the governance structure of the business and its oversight of any third-parties and sub-contractors. Inviting the auditor to meet with the Board to discuss their review and observations can be helpful. The Board can use this opportunity to gain reassurance regarding CASS controls. Such opportunities should encourage challenge and debate of findings, but also help demonstrate Board engagement.
How Ruleguard can help you:
Ruleguard is an industry-leading software platform designed to help regulated firms manage the burden of evidencing and monitoring compliance. It has a range of tools to help firms fulfil their obligations across the UK, Europe and APAC regions. We offer practical line-by-line mapping for client asset compliance in custody, client money, mandates and resolution packs, as well as automation of CMAR returns.
Get in touch with the Ruleguard team to learn more on: 020 3965 2166 or firstname.lastname@example.org
Ruleguard hosts monthly webinars, to register your interest or review past events please click here.
See our blog page for further articles or join our mailing list to keep updated.
Visit our website to find out more about how Axiom HQ can help.
Contact the author
Head of Client Regulation| Ruleguard