Summer 2024
Following on from our Spring edition and our recent conversations with the FCA we highlight four further common breaches and areas that firms should be aware of. We set out our key takeaways and recommendations in respect of these.
1. Due diligence on auditors
The FCA has recently issued a first public censure to an audit firm stating that a number of client asset reports had not been prepared to the standard required in accordance with the terms of a Reasonable Assurance Engagement.
This is an important consideration for regulated investment firms given that there is an onus on the firm with regards to ensuring the auditor has the required expertise to carry out the engagement.
The FCA’s Supervision Manual sets out that before appointing an auditor, a firm must take reasonable steps to ensure that the auditor has the required skill, resources and experience to perform his functions and is therefore clear that the firm has a responsibility to ensure that the firm they appoint is able to understand the nature, scale and complexity of the business and address the risks of non-compliance with the CASS rules appropriately.
This is a clear area of focus for the FCA, and they would expect firms to have satisfied themselves of the competency of their auditor, including updating this assessment on a regular basis.
We recommend that firms review and document the experience of their CASS auditors and ensure that they have the necessary CASS skills and expertise to exercise their duties in accordance with the FRC CASS assurance standard.
2. Prudent segregation
We have seen an increased number of breaches relating to the use of prudent segregation where the firm has identified a potential shortfall and segregated additional funds within the client money pool but not followed the requirements of the relevant CASS 7 rules. The FCA expects firms to take a risk based approach to prudent segregation and have a clear and calculated rationale for such amounts.
Issues we have seen include firms not having a written policy in place for prudent segregation and also not maintaining a sufficient prudent segregation record, which is required to set out the basis for the calculation and the reasons why adjustments have been made to the previously calculated amount.
We encourage firms to carry out a review of their prudent segregation arrangements and ensure that:
- There is a robust prudent segregation policy in place, setting out the risks to the firm and how the use of prudent segregation would protect client money against these.
- There is a clear method and basis for the calculation of the prudent segregation amount, and how often this will be carried out.
- A prudent segregation record is maintained, setting out the outcome of each calculation, amounts paid into or withdrawn from client money and the reason why each has been made.
3. Due diligence on custodians and banks
We have seen varying standards of due diligence carried out on banks and custodians, some of which have resulted in recorded breaches. It is important to remember that, as a minimum, the following are required to be considered and documented, both prior to appointment and on an annual basis:
- The expertise and market reputation of the third party
- Any legal or regulatory requirements or market practices which could adversely affect clients’ rights.
As well as the above, firms should review matters such as the capital of the third party, the amount of client money or assets placed as a proportion of the total held by the third party, and the credit worthiness and level of risk in the investment activities undertaken by the third party.
It is also important to remember to act promptly if follow up actions are required following the completion of due diligence. For example, if additional information is required to complete the assessment or financial statements have not been filed for the relevant party, these should be obtained as soon as possible.
We would remind firms of the need to carry out appropriate due diligence on all third parties with which it holds client money and custody assets and to ensure follow up actions are responded to promptly.
4. Resolution of discrepancies on internal, external and physical custody asset reconciliations
The custody rules require a firm, on discovery of a discrepancy on a reconciliation, to promptly investigate the reason for this and resolve this without undue delay. Breaks on reconciliations appear for a number of reasons, many of which are not as a result of the actions of the firm; however, the FCA expects firms to take responsibility for, and be proactive in ensuring that, these are resolved in a timely manner, with the firm clearly documenting the actions taken in resolving these.
Whilst there are no definitions of ‘prompt investigation’ and ‘undue delay’, we have seen that firms are not following up on actions to resolve these at each reconciliation interval. For example, if a custodian had not updated a number of units held following a rights issue, and therefore the firm’s records are ultimately correct, should this still be the case at the next reconciliation date, the firm should evidence the steps they have taken to attempt to resolve this, including further communication with the third party, in order to avoid a potential breach being recorded.
In our view firms have become better at identifying and documenting the reasons for breaks, but in some cases are not carrying out the appropriate follow up action, which is likely to result in a CASS breach being recorded by the auditor.
We encourage firms to include follow up actions as part of their reconciliation processes to ensure that they have taken all appropriate steps to investigate discrepancies and evidence that they have continued to attempt to resolve these at all stages.
If you would like further guidance on the areas raised in this article, or with CASS 6 and 7 compliance in general, please contact Benny Wong or Oliver Hawes.