| UK & Europe | Articles
The recent FCA action against Charles Schwab highlighted a range of CASS issues which can be triggered by strategic change. But it’s also worth reflecting on what the Final Notice can tell us more generally about operational processes when it comes to safeguarding client assets.
Charles Schwab UK was fined nearly £9m by the FCA in December 2020. The firm had failed to arrange adequate protection for client money and safe custody assets following a business restructure that saw client assets placed with an affiliate US firm who amalgamated them with firm assets. In addition, the firm carried out regulated activity without the required permissions. Although it had permission for arranging safeguarding and administration of assets, it did not have the required permission for safeguarding and administration.
The case should remind firms that the FCA remains intent on enforcing compliance with the CASS rules. Our previous article on the Charles Schwab CASS fine outlined some fundamental learning points specific to the case, but you should also take a look at lessons to be learned around your core CASS processes to make sure you have strong foundations when it comes to looking after client assets.
Records and accounts
The CASS rules require firms to create and maintain records that enable them to distinguish between:
- client assets held for one client and those held for another client, and
- client assets and assets held for the firm’s own account.
Crucially, records must be created from the firm’s own data and not be reliant on third-party data, for example statements from a custodian or client money bank.
Internal and external reconciliations
As above, the CASS rules prevent firms from using external data as part of their internal custody record checks or internal client money reconciliations. As technology develops, we are continually seeing conflicts between the CASS rules and services provided by businesses. For example, some custodians and banks offer useful services to provide up-to-date statements on balances, along with data feeds directly into your back-office systems. Whilst there is an obvious benefit to the firm, reliance upon the third-party service can conflict with the CASS rules. We therefore encourage firms to give real thought to the original source of the data they use for internal record checks and reconciliations. Central to this process is considering the legal owner of data used – is it your data provided on outsourced basis or is it another firm’s?
CASS governance
Central to detecting and managing the issues that can prompt FCA enforcement, is sound governance. Consider, therefore, whether your approach incorporates the following items:
- A suitable and knowledgeable senior manager who has been assigned the prescribed responsibility to oversee the firm’s compliance with CASS, and where necessary a certified CASS oversight officer
- CASS committees which are supported by comprehensive management information
- A CASS risk and controls mapping exercise to highlight where firms need to implement or enhance operational CASS controls
- Where applicable, a documented understanding of how wider group arrangements fall within the scope of CASS. As we saw in this example the client assets were held in the US by a US affiliate firm but still fell under the scope of CASS and the responsibility for CASS compliance remained with the UK firm.
Ultimately, you need to be confident that you have the right people to drive CASS compliance and that these people are receiving the information necessary for oversight. Any doubts on these fronts should be promptly confronted.
CASS Resolution Pack
The CASS Resolution Pack is the all-important document you hope will never be needed. Nonetheless, this final notice reminds us that its maintenance must be a priority. Regular testing of its completeness and usability is essential. Remember that a third party would ultimately need to navigate it in an insolvency scenario. The FCA stated in its Dear CEO letter on Adequate Client Asset Arrangements, that firms should be “using external resource as needed”. At Bovill we have helped several clients this year with their CASS Resolution Pack – from advice on the content through to full mock FCA visits.
Regulatory permissions
The three most relevant regulatory permissions that relate to CASS are:
- Holding and controlling client money
- Arranging safeguarding and administration of assets
- Safeguarding and administration of assets (without arranging).
Firms should be satisfied that the manner in which client money and assets interact with their business is aligned with their regulatory permissions. Per the final notice, Charles Schwab UK only had permission for arranging safeguarding and administration of assets. This permission does not allow firms to directly safeguard and administer safe custody assets. To gain certainty that your activities align with your permissions, the completion of a “Total Capture” study is an important first step. This is an exercise in documenting all potential touchpoints in the firm for client money and custody assets before determining if existing permissions (and controls) are appropriate.
At Bovill, we have helped many clients with various CASS issues – from reviewing the data feeds for your reconciliation processes, to advising on your CASS governance structure. We can even carry out mock FCA CASS RP testing. Get in touch to find out more.
Get in touch
