| UK & Europe | Articles
Recent events in the banking sector highlight the importance of due diligence on third-party banks when it comes to protecting client assets. This is important not just at the outset but on an ongoing basis, particularly when there’s news of bank capital and liquidity issues. Reviewing the diversification of the third parties with which you hold client money at times like this is also crucial when the idea of banks being ‘too big to fail’ is becoming increasingly dated.
The FCA has clear requirements when it comes to CASS due diligence and diversification. But there are common failings we see frequently in this area – and a proportionate approach last year may no longer be enough to protect client assets in the way the FCA expect now.
CASS compliant due diligence
Before appointing a bank to hold client money, you need to satisfy yourself that the institution is appropriate and that using it will not put client money at risk.
To do this, you need to complete a CASS compliant due diligence focusing on:
- the expertise and market reputation of the third party
- any legal or regulatory requirements, or market practices relating to the holding of client money that could adversely affect clients’ rights.
The FCA CASS rules provide guidance on some of the key areas for firms to consider, including:
- the third party’s capital
- the amount of client money placed as a proportion of the third party’s capital and deposits
- the extent to which client money would be protected under a deposit protection scheme
- the third party’s credit-worthiness
- the level of risk in the investment and loan activities undertaken by the third party.
Looking through the lens of last week’s bank failures and wider sector instability, this list hints at the crux of why these reviews are needed – to ensure the third party itself is liquid so firms can access client funds at any time without delay. This, along with the acknowledgement letters that you should have in place for every client bank account, reassure firms that client money is safe.
The due diligence needs to be refreshed periodically but you should also make sure you review it at times where there’s news of stress in the banking sector, especially if it relates to an entity you use or one connected to it.
Addressing common weaknesses in client money controls
Not just a tick box exercise
We see firms using the same client money banks for many years. These banks are large, well-known entities that are trusted to hold client money. There tends to be a degree of complacency in completing these reviews with assumptions being made that certain banks won’t or can’t fail. As a result, the reviews sometimes stop being an assessment and become more of a ‘tick-box exercise’, where firms go through the motion of data gathering rather than evaluating and challenging the information they are presented with.
These reviews are in place to highlight any emerging risk of depositing client money with these third parties and should be executed with care. Firms should evaluate and challenge the data they have collated to be sure that the third party is appropriate and come to a clear conclusion of whether the bank is sufficiently reliable to hold client money with evidence of how that conclusion was reached.
Taking diversification seriously
Sometimes firms perform detailed due diligence over a specific third party but fail to step back and look at their own holistic arrangements for holding client money. The CASS rules require you to consider how well you have diversified client money across different institutions to reduce the risk that the client money is exposed to. We often see firms concluding that one third party is sufficient, as it seems too big to fail, has sterling credentials and provides a good service. Others conclude that diversification is not needed because client money balances are seen as being too small to warrant diversification.
Under the CASS rules, firms need to perform a client money diversification assessment at least annually, and it’s good practice to repeat the exercise at times of stress. The assessment needs to take into account market conditions at the time of the assessment, as well as the outcome of any due diligence, before concluding whether diversification is needed and how it will be achieved.
Ensuring effective governance and challenge
During the initial third-party onboarding stage, we see a large number of stakeholders within the firm engage with the third party’s appointment. However, as time passes, this engagement is likely to decline. Governance around due diligence then tends to become an annual activity that firms just need to go through, where CASS committees review the output of due diligence and conclude to continue holding client money with the same third parties.
These committees should not only challenge specific examples of due diligence, but also the frequency of the reviews and the approach taken in carrying them out. Good examples of challenge would include the following:
- Out of cycle reviews – those in governing positions should be actively challenging the need for ad-hoc reviews, especially when stresses in the banking sector arise.
- Threshold monitoring – setting and actively monitoring due diligence and diversification tolerances.
- Plan B – putting a plan in place that can be triggered if due diligence identifies failings, diversification tolerances are breached or a client money bank fails. This could include having a shortlist of substitute banks which can be onboarded to bring you back in line with your risk tolerances or even having a back-up client bank account.
How we can help
With a specialist CASS team, we are here if you need help setting up your due diligence templates, appropriateness reviews of the due diligence and diversification processes, controls and documentation you have in place, compliance monitoring and internal audit support.
