| UK & Europe | Articles
The FCA has published its first CASS-related Final Notice for nearly three years – issued to Charles Schwab UK just before the end of 2020. And with a fine of around £9,000,000, the Regulator has not held back when it comes to putting client money and assets back at the top of the compliance pile. As with any CASS final notice, the FCA will expect all firms with CASS permissions to take note of the content and think about whether they need to do anything to avoid similar issues.
The Final Notice – what went wrong?
Problems with third-party arrangements
The FCA Final Notice issued to Charles Schwab UK outlined a series of breaches which were the result of strategic changes. The first problem stemmed from a change made in anticipation of Brexit. This resulted in a change of how custody clients engaged with the group of companies. Ultimately, it led to the UK part of the business holding custody assets outside their permission and maintaining an arrangement with its US affiliate that resulted in assets being held in compliance with US requirements instead of FCA client asset requirements.
This error led to the firm failing to arrange adequate protection for client money and safe custody assets (‘client assets’) with specific rule breaches being identified in the final notice including a failure to:
- create and maintain records and accounts to identify client assets
- conduct internal and external reconciliations for client assets
- establish adequate organisational arrangements for the safeguarding of client assets
- create and maintain a CASS Resolution Pack.
Errors with variation of permission application
The firm correctly identified that it needed to add permission to safeguard custody assets to its scope in order to facilitate the strategic changes being made. However, because of errors made when submitting the variation of permission application, the firm found itself in the position of carrying out the regulated activity without the required permission. Unfortunately, when this issue was later identified, the firm didn’t make a breach notification to the FCA but simply submitted a further variation of permission to correct its position.
Errors in communications with the FCA
When the variation application was made, the FCA asked the firm whether its auditor had confirmed that it had adequate systems and controls in place to manage client assets and corresponding transactions. The response from the firm assumed that such a confirmation had been received but internal checks weren’t made, which would have highlighted that the auditors hadn’t provided any such confirmation.
Ownership of records and data
The strategic changes also saw the firm setting up arrangements for outsourcing CASS record keeping and operational processes to its US affiliate. However, the firm failed to establish compliant arrangements and as a result, the US affiliate maintained only its own records, meaning that the UK firm did not have an independent internal record. This error in the foundations of the system had a knock-on effect: reconciliations could not be completed, leading to further FCA censure.
The outcome of the investigation was a fine of £8,963,200. The firm agreed to settle the case and qualified for a 30% discount. The financial penalty would otherwise have been £12,804,600.
Learning points from Charles Schwab UK CASS Final Notice
The Final Notice points to some very specific issues arising from Charles Schwab UK’s strategy and operational arrangements. But there are some fundamental issues that firms can learn from:
Strategic changes – when making changes to the business strategy, structure or client engagement arrangements take care to explore all possible consequences. It might be that the changes you’re planning to make will resolve a problem or give the business the ability to capitalise on new opportunities, but great care needs to be taken to make sure that other issues or problems aren’t being inadvertently created.
Interaction with the FCA – if the FCA ask you to confirm something or provide information, whether in response to a Dear CEO letter, when dealing with an application or as part of the FCA’s supervisory work, make sure that you’re giving a correct and accurate response. It’s a simple thing but one that can sometimes get lost in internal communications and change processes.
Interaction with third parties – this is a topic we’ve been talking about for quite some time now. When you have third parties involved in your CASS operations, you should take great care to make sure that the arrangements stack up in the context of CASS. If you have third party sub-custodians, is it clear that you retain responsibility to your clients for the custody of their assets? Do you have the right controls to meet those responsibilities? If you have third party outsourced service providers, are the arrangements structured in a way that makes clear who has responsibility for what operational processes? Do you have the right controls in place to enable you to oversee the activities the third party if carrying out on your behalf?
We have done a lot of work with firms in the last 18 months around third party arrangements, helping them iron out some of the core issues that can result in significant breaches, if not resolved. Our specialist CASS team can help make sure all your systems and controls are compliant.
Get in touch
