Dear CEO letter highlights need for CASS oversight

This month saw another reminder that CASS compliance remains high on the FCA’s priority list. The regulator’s latest Dear CEO letter re-iterates that whatever the impact of Covid-19, firms must “maintain adequate arrangements” to look after client money. The FCA’s expectation is that you will consider your CASS oversight as a result of the letter, and it may contact firms to find out what action you’ve taken, if any. If you’re found to have not considered how your governance and oversight arrangements stack up in light of the letter, the FCA is likely to be unimpressed.

The Dear CEO letter on Adequate Client Assets Arrangements letter was sent on 30th September, following letters on TTCA and client money balances as well as April’s clarification of its CASS expectations under Covid-19. The latest message highlights areas that are particularly important for ensuring CASS compliance in the current environment and emphasises the need for robust CASS governance and oversight.  It also re-iterates the need to notify the FCA of any material concerns.

FCA Dear CEO letter on Client Assets: key points

Governance and oversight

Governance and oversight is always a key focus for CASS compliance. Boards (or other governing bodies) are expected to have a good understanding of the CASS risks that their firms face and how those risks are managed. The Board will need to be informed on this by the senior manager responsible for client assets, who should maintain appropriate oversight of the CASS controls in place.

In addition, compliance monitoring is expected to provide effective second line challenge to the first line controls and where relevant, internal audit should provide an independent evaluation of the effectiveness of the CASS controls and risk management.  In their letter, the FCA acknowledge that not all firms will have the skilled resource available to provide this challenge and they note that firms should use external resource as needed to meet oversight obligations.

Brexit and third-party due diligence

The letter takes the opportunity to remind firms of the need to carry out periodic due diligence on third-party custodians and banks. It highlights the need to consider whether the UK withdrawal from the EU will have any impact on such arrangements. If you deposit money or assets with firms in the EEA, you’ll need to revisit due diligence to determine whether the end of the transition period will result in any increased risk. You’ll also need to determine whether existing safeguards and protections for client assets will remain effective from the end of the transition period.

Triparty custody arrangements

The letter draws attention to the FCA’s continuing work on third-party custody arrangements, specifically triparty arrangements. We’ve seen them working closely with firms and custodians on this, highlighting instances in which the responsibilities of the parties involved aren’t made clear in the custody agreements. In instances where firms and custodians don’t get the required clarity in their agreements, it leads to confusion around who holds regulatory responsibility for the client assets held. The worst-case outcome is that client assets aren’t appropriately protected in the event of insolvency because either the assets aren’t ultimately being held for the rightful beneficial owner or the insolvency practitioner isn’t able to ascertain who the assets belong to in order to return them.

If you have any third-party custody arrangements in place, whether triparty or sub-custody, you should review your agreements to make sure that they’re clear and compliant. We are able to assist with this if you need some help.

Outsourced operational functions

This is another area where the FCA are drawing attention to continuing work. Oversight of outsourcing arrangements has been a focus for quite some time now. The Dear CEO letter reiterates that firms are responsible for regulatory compliance where operational functions are outsourced. This means that if you outsource your reconciliation processes, it is your responsibility to make sure that they’re being run compliantly.

Issues we’ve seen in this area in the past have included third-party administrators that carry out reconciliations across all clients they service. This means that that individual regulated entities didn’t have access to their own reconciliations. We’ve also seen problems with regulated entities having access to reconciliation processes at third party administrators in order to carry out monitoring of those processes. Furthermore, many firms see the outsourcing of operational processes as an opportunity to reduce headcount and as a result, knowledge and expertise can be lost. Firms must always retain enough knowledge and experience to drive effective oversight of the outsourced processes.

Oversight of appointed representatives

The FCA have worked hard recently to emphasise the obligations that principal firms have over their appointed representatives and this letter does the same. It reminds firms that if they have appointed representatives, it is the principal firm’s responsibility to make sure that the appointed representative is operating compliantly. This includes making sure that any client money from the appointed representative business flows directly into a client bank account belonging to the principal firm.  Always remember that safeguarding client assets and holding client money are not exempt business and therefore, the principal firm must be responsible for client money and custody assets.

Records and reconciliations

The letter reminds firms of their core responsibilities for ensuring accurate and complete records of client money and custody assets held. Central to achieving this objective are reconciliations. They must be done at an appropriate frequency to manage any risk that the records will be inaccurate. Any discrepancies or breaks identified must be promptly recorded and resolved. The record keeping aspect of discrepancy resolution is an area firms frequently fall down. It’s essential that firms are able to demonstrate what they’ve done to address a discrepancy both in terms of making good any shortfalls and correcting any excesses. Evidencing that steps have been taken to resolve any underlying issues is also vital.

Client transaction accounts

Many firms use client transaction accounts and the FCA have taken the opportunity to remind firms that they should only use them to hold money for transactions that are likely to occur or have recently settled. Client transaction accounts are often held with an intermediate broker or clearing house and not a bank. There shouldn’t be any excess balances held on client transaction accounts. If, for instance, there’s a timing cut off for transfers out of a client transaction account which means that there may be an excess balance held overnight, firms should consider whether they need to address such balances either through shortfall funding or prudent segregation.

Acknowledgement letters

The FCA reminds firms of the need to maintain adequate arrangements to ensure the acknowledgement letters meet the requirements. Acknowledgement letters are intended to provide a record of the acknowledgement from a third party that money held by them is held for the benefit of the firm’s clients and not for the firm itself. This means that in the event a regulated entity becomes insolvent, an insolvency practitioner should quickly be able to establish that the money in the client bank or transaction accounts doesn’t belong to the firm. This is why it’s important to ensure that every relevant account is covered by an up to date, valid, compliant acknowledgement letter.

CASS Resolution Pack

Whilst most firms would like to hope that they will never need the pack, it’s nevertheless essential to make sure that you have one that is complete and up to date and the FCA letter reminds firms of this need. CASS Resolution Pack is a pack of information that would be essential for an insolvency practitioner to be able to return money or assets to clients in the event of the failure of the firm.

Our advice to all firms is to make sure that your CASS RP is independently tested on a regular basis – whether by someone internal to your business that’s not familiar with the content or an external person, it can provide an invaluable test of how useful and useable the content of the pack really is.

We can help

Our team of CASS experts can help you with any of the areas raised in the Dear CEO letter. Just let us know how.