Beware of CASS a practical workshop for management exploring the challenges of complying with the FSA s Client Assets and Client Money Rules

Transcription

1 Beware of CASS the FSA approach Simon Morris 26 September 2012 The FSA agenda Our supervisory work shows many firms have inadequate records, ineffective segregation of client assets and a low level of awareness of the requirements. In 2012/13 we will further strengthen our intensive regulatory and supervisory approach for firms holding client money and safe custody assets through visits, thematic projects & desk-based reviews, especially using CMAR. We will continue to take regulatory action where firm failings are identified. FSA Business Plan 2012/13 1

2 The FSA initiatives 1. Dear CEO letters Senior management required to confirm CASS position 2. CF10a A required function to enhance regulatory oversight in med/large firms - > 1m client money/ 10m custody assets 3. CMARs Specific focused return filed monthly by all CASS 6/7 firms 4. CASS resolution pack (from October 2012) Information for speedy return of client money & assets on failure. The FSA requirements PRIN 10 A firm must arrange adequate protection for clients assets when it is responsible for them. The elements of adequate protection: a) Documented procedures b) Management oversight c) Regular testing and reporting d) Segregation and protection e) Reconciliations 2

3 What goes wrong? Inadequate senior management oversight Insufficient MI Overcomplicated processes Operational & systems changes not thought through Banks cannot find letters or show due diligence Poor reconciliations Poor oversight of outsourced administrators FSA Client Money & Asset Report (January 2010) And recent Enforcement cases confirm... a) Failure to segregate => risk of pooling on insolvency b) Failure to get acknowledgement of trust letter => risk unprotected c) Failure to maintain records => cannot tell who owns what d) Failure to reconcile on timely basis => risk of diminution or loss e) Failure to account for interest received => breach of duty f) Failure to work through new system => risk of CASS breaches g) Failure to have adequate procedures => cannot ensure segregate h) Failure to perform adequate Compliance monitoring i) Failure to observe client agreement terms on client money j) Failure by senior management to oversee client money 3

4 Step 1 gaining fundamental assurance 1. Review a. Review every cash flow b. Review your client agreements c. Review your outsourcings 2. Consider a. Are you receiving or holding client money? i. Consider who is your client ii. Who owns the debt? b. Are you right to rely on any exemption? c. What have you contracted to do? d. Does this match what you or your outsourcer does? 3. Remedy as needed Step 2 validating segregation 1. Are you using a bank a. Over which you have performed proper due diligence? b. That has agreed to trust status and you have the letter to hand? 2. Cash in a. Is it wholly separated from your money? b. Is it promptly banked on receipt? c. Within one business day (normal approach)? d. Or have auditors confirmed the alternative ti approach? 3. Cash out a. Is it promptly paid out? b. To client 3 rd party on instructions 3 rd party exchange duly to firm? c. Are client entitlements disbursed within 10 days? 4

5 Step 3 validating the systems and controls 1. Are the procedures clear & comprehensible? a. When were they last reviewed? b. And when was the last training? 2. Records a. Is it entirely clear and up-to-date what each client owns? 3. Reconciliations a. Are internal & external promptly performed? b. Are there excessive aged balancing items? c. Are discrepancies promptly rectified? 4. Outsourcings a. Are they reviewed and overseen? Step 4 validating governance 1. Does senior management oversee? a. What MI does it get and how is it acted upon? 2. Client agreements a. Have you checked that you are doing as promised? 3. Change a. Is CASS compliance embedded in the new product & project checklists? 4. Risk a. Is Compliance oversight adequate? b. When did GIA last review CASS? 5

6 Because in the FSA s view CASS rules apply with strict liability Viewed as a high-profile theme running for several years Self-reporting is no defence No loss is no defence Fine 1% average balance And look closely at role of management 6