| UK & Europe | Articles
If you are a firm holding client money, the FCA will be expecting you to perform internal and external client money reconciliations compliant with the CASS 7 rules. There are some issues we see time and time again, so it’s important to consider these when reviewing your approach to reconciliations.
Setting an appropriate frequency
Internal reconciliations must be done daily. However, there is more leeway for external reconciliations needing to be done at least monthly. Therefore, it’s up to firms to decide how often they’re needed if they’re going to be a useful control.
For external reconciliations, the rules state that you need to consider the volume and value of the transactions your firm undertakes and the complexity of your product offerings when deciding how often to carry out reconciliations. In practical terms, that means if you transact daily or offer complex products, you should undertake daily reconciliations. This is because your records frequently change, meaning that they need more active monitoring.
Some firms may also choose to run external reconciliations daily because the internal bank ledger records are used in both internal and external reconciliations. Aligning them ensures that a like-for-like comparison is made, which makes it easier from an operational point of view.
We also see firms doing external reconciliations more than once a day because they have no other reliable way of spotting receipts of client money without relying on external data.
Understanding the purpose of reconciliation
It is important to understand what each reconciliation aims to do so you can make sure you achieve that purpose.
The internal client money reconciliation is intended to check that you’re holding the right amount of money to meet your obligations to clients. This involves comparing what you need to be holding for your clients (client money resource) to what you are actually holding (client money requirement) according to your internal books and records.
The rules set out two methods that can be used to calculate your client money requirement. Some firms can only use one of the methods as standard, and it’s important to make sure that you’re using a method that the rules allow you to use, otherwise it’s likely that your auditor will conclude that you’re using a non-standard method. For example, if you are a loan based crowdfunding firm, you cannot use the individual client balance method without it being a non-standard method. It’s also important, for the same reason, to make sure that you’re using just one of the methods and not a combination of the two.
The external client money reconciliation is intended to make sure that your internal record of money held in client accounts match the money that’s actually in those accounts. It involves comparing records from third parties with your internal records. Reconciliation needs to be done on a balance-by-balance basis, with transactions only being used if needed to resolve discrepancies.
Common pitfalls and how to avoid them
External data feeding into internal reconciliations
This is a very common issue for firms whose internal records are effectively maintained using a data feed from a bank or custodian. This might be as simple as checking the client bank account online and updating internal records with what’s seen there or, at the other end of the spectrum, having an API that automatically feeds into internal records. Either way, your auditor is likely to conclude that your internal client money reconciliation isn’t based solely on internal data.
Cut-offs
Under the CASS rules you are required to complete the internal client money reconciliation based on the data as at close of business on the previous day. Many firms now have business models that enable trading at any time on markets around the world, making it difficult to define what the ‘close of business’ cut-off is. If the cut-off is not defined, then you won’t be able to evidence how you’ve met this requirement. Ensure you pick a close of business that fits with your working model and that the reports you use as part of the reconciliations match this.
Level of reconciliation
Firms using the individual client balance method are required by the rules to perform the calculation using data at an individual client level. We still see firms doing their reconciliation on an aggregate basis rather than showing the detail of the calculation required for each client. This is usually due to the design of the underlying reconciliation, sometimes because the firm has chosen not to show all steps in the process carried out and sometimes because all steps aren’t completed. Make sure to document the steps you’re taking to evidence your compliance in a clear manner.
Manual errors
Within highly manual reconciliation processes, the risk of error is higher. We often see manual errors caused by things like mistakes made in copying data into spreadsheets, old data feeding into current reconciliations and full data sets not being included. All manual errors pose a risk of over- or under-segregating client money if mistakes lead to incorrect discrepancies being identified. Whilst it’s not always possible to eliminate manual processes, it’s possible to put checks and controls around them to make sure errors don’t occur.
Timing
We see some firms doing their reconciliations late in the day, which poses a risk of records being incorrect for longer than is necessary. It can also mean that if you need to transfer money to address an excess or shortfall, there’s a risk that it’s identified after your bank’s cut off for transfer, so the discrepancy can’t be corrected compliantly.
Rounding
Some firms operate the same cash management processes for external reconciliations as they use for monitoring the firm’s own money. This can mean that the firm reconciles transactions rather than reconciling account balances, as required by the rules. It can also result in balances and amounts being rounded as part of the process. Although this is something that firms are free to do for internal cash monitoring, this shouldn’t be done for CASS reconciliations.
Documentation
We often see poor policy and procedure documentation around reconciliation processes. Always bear in mind that you need to have procedure documents that would enable someone outside of the business to understand the process that’s been followed for the reconciliation. This includes explaining how the reconciliation is constructed, and how discrepancies have been dealt with.
Off-the-shelf solutions
There are many technology solutions for performing reconciliations focused on ensuring compliance with CASS, but they aren’t always sufficiently tailored.
If you plan to use one, always make sure that it’s adapted to meet the requirements of your specific business model and that it enables you to comply with the CASS rules. Don’t go for solutions which are rigid and provide no flexibility to fit to your systems. It’s your responsibility to ensure your compliance and part of this would be to perform due diligence over the solutions used by your firm.
Effective access management
Some firms still struggle with IT security around CASS records and reconciliations, making the records vulnerable to being accessed and amended by someone who shouldn’t be able to. We also see people performing reconciliations when they are also involved in the process of creating and maintaining client records, therefore not providing an independent control.
Only people who need access to amend records should have that access. You should also make sure that it’s not easily possible to change the underlying process or code for reconciliations. If it’s not possible to have complete independence between record maintenance and reconciliations, then extra first-, second- and third-line controls should be put in place to ensure integrity of processes.
Data feeds
Many firms still struggle with legacy systems, multiple data feeds and data manipulations done in different systems prior to feeding into the reconciliations process. This might be caused by a merger or acquisition or because old systems haven’t been maintained or updated properly and additional systems are needed to ensure compliance. This brings unnecessary complexity to client money reconciliations.
For example, legacy systems may suppress some data feeds, meaning they have to be fed in manually or are missed entirely. It can also make it very difficult for the firm to gain assurance that the correct data is feeding into the right part of the process in the right way, increasing the risk of error.
Data validation
To be able to ensure your reconciliations are compliant, you need to be confident that the right data is feeding in correctly. Data validation can either be built into the solutions used, or separately performed as distinct control activities.
Navigating unexpected challenges
Sometimes, however hard you try, things can still not go according to plan. For example, if automated feeds or manual uploads fail or do not meet pre-defined criteria (such as information as at the appropriate close of business day).
It’s essential to be able to quickly spot when these issues occur so that you can address the issue before it creates a breach such as a failure to carry out a reconciliation because a feed hasn’t been received. A good technology system would highlight these to you.
For example, if it expects a feed on the day, but instead it receives a manual upload, then it should prompt the reviewer to assess the circumstances leading to the manual upload and provide approval. In this way, appropriate challenge and review can be demonstrated.
Audit trail
Some firms still struggle to demonstrate to their auditors that processes have taken place in line with procedures and CASS rules. Your client money reconciliations need to be thoroughly documented, and you need to include the following information:
- The date they were performed.
- Who performed the reconciliation.
- Who reviewed the reconciliation and when the review took place.
- What breaks were identified, how these were investigated and the basis for their conclusion.
- Aged breaks and how these are being managed, including any changes made to treatment.
- Presentation of the allocation of balances as per the CASS rules (what is free cash vs prudent segregation, etc.).
- Any changes to the rules within the reconciliations having been approved.
How we can help
With over 20 years of relevant experience in this space, we can help you by setting up your reconciliations processes, running appropriateness reviews of the client money reconciliations you already have in place, providing compliance monitoring and internal audit support, or implementing automation for your client money reconciliations.
Get in touch
