A prompt, but hasty, response to a FSA letter cost Towry Investment Management Ltd (TIM) £494K in penalties.
A ‘Dear CEO’ letter was sent out in January 2010 (see Regulatory Roundup 8 for further details) to firms that held client money and/or assets. The letter drew attention to the FSA’s concerns over firms’ handling of client money and assets which were published in a ‘Client Money & Asset report’. Recipient firms were asked to confirm that both the letter and report had been properly considered and that they were in compliance with CASS requirements.
TIM responded in a positive manner four days later – and just over 9 months after that received a FSA CASS thematic visit.
The visit team found several failings, which hadn’t been identified by TIM, which took place over a period in excess of nine years involving an average client money balance of £50.6m at any given time.
In addition to a breach of Principle 10 (‘a firm must arrange adequate protection for clients’ assets when it is responsible for them’) referenced in the Final Notice, mention is also made of Principle 11 (‘relations with regulators’). Apart from not disclosing CASS breaches to the FSA, the latter was because TIM hadn’t made adequate inquiries before responding to the ‘Dear CEO’ letter and neither the Audit, Risk & Compliance Committee nor the Board made any enquiries as to whether a response had been sent/would be sent to the FSA.
Firms that hold client money and/or assets may wish to bear in mind the report’s findings – which are highlighted in 4.8 of the Final Notice – when next reviewing the adequacy of their systems and controls. At the recent FSA Asset Management Conference we were reminded that the CASS teamat the FSA is growing and is one of the few areas that has a budget for an increase in head-count.
All firms, even those far from the size of TIM, may wish to satisfy themselves that their systems and controls in place will ensure that senior management/Board are always fully in the loop in any matters involving the firm’s regulatory obligations (see also SYSC 4.3.2 &SYSC 6.1.2)