The FCA has been clear; they expect senior management to ensure that client money (and assets) are protected. Whilst the burden of work may well fall on the CF10A and those with CASS oversight roles, the FCA requires firms to implement appropriate governance and controls, which will include (on a proportionate basis):
- identifying how client money or assets come into the business (scoping cash flows, products, accounts used and contractual obligations)
- processes, procedures, policies (from T&Cs through to appropriate trust accounts and due diligence and compliant reconciliations)
- controls (checks, clarity of roles and responsibilities, compliance monitoring, ongoing reviews of issues and importantly, MI)
- board/senior management oversight (ensuring the above is in place and working, competent staff and reviewing MI, reporting lines and support in place)
However, common failings are caused by a lack of clear internal records, with firms instead relying on using information from bank statements to keep a track of client money and carry out internal reconciliations. Firms also underestimate the importance attached to CASS Resolution Packs; updating client account trust letters, terms of business and carrying out simple due diligence on banks where client monies are held.
With emphasis on the ‘three lines of defence’ model (compliance/risk/audit) and direct responsibility resting on senior management to have appropriate governance in place, we understand all parties want reassurance they are following the rules, or assistance in implementing systems and controls. Complyport is well placed to assist because:
- Our internal expertise comes from former regulators and staff with hands on experience in dealing with CASS issues and relevant accountancy qualifications.
- We have experience of dealing with FSA/FCA Section 166 cases related to CASS issues and understand the regulator’s expectations.
- We have a flexible approach and can match our service to meet your requirements. Our service can be a deep dive review, or we can provide assurance to senior management that they are compliant with the requirements (with practical tips to comply if there are identified gaps).