This week marks the 10th anniversary of what is considered to be the beginning of the financial crash. This set in motion a series of events leading to government bailout of underfunded banks, failure of some global financial institutions, and a global recession impacting the last decade.
One of the key learnings from the failure of Lehman Brothers was the impact of ineffectively protecting client money and assets in the event of a bankruptcy of a financial institution, and highlighted the changes that needed to be made.
9 years on, and with a greatly enhanced set of rules for the protection of client money and assets, financial institutions have had to invest in significant resource, processes, and systems to understand, implement, govern and comply with the updated CASS rules and perform daily oversight of the client asset functions.
Despite this, many firms still fall short of their obligations and duties in protecting client’s assets, and frequently find themselves in breach of the rules, often resulting in significant fines imposed by the regulator.
In our experience, the top 5 reasons why a firm may breach the CASS rules are:
1.Inadequate Governance and Oversight
The CASS rules state that a firm must allocate the responsibility for oversight of the firm’s operational compliance with CASS, and reporting to the firms governing body in respect of that oversight to an appropriate director or senior manager (the CF10a). The firm’s management must clearly understand these obligations, requirements and regulatory expectations for compliance to CASS, including implementing appropriate processes, systems and controls, and ensuring these are adhered to.
However, often the external audit or the regulator will find a lack of understanding of the rules, poor recordkeeping practises, and inadequate systems and controls, resulting in CASS rule breaches.
2. Inadequate Resolution Pack
The CASS resolution pack exists so that firms can retrieve key information in the event of an insolvency. This is vital to assist the administrator in achieving a timely and accurate return of client money and segregated custody assets to its clients.
It is essential that the pack contains the correct information e.g. the firms policies and procedures, the clients agreements, and all information relating to what monies and assets and where they are held. The pack must be maintained and regularly updated and is retrievable in a max time frame of 48 hours.
Firms may breach the CASS rules by failing to maintain the appropriate or accurate information, or being unable to retrieve the information within the max time frame, which could result in leaving a clients assets unprotected in the event if an insolvency.
3. Inaccurate or late submission of the CMAR report
By the 15th of each month, applicable firms must submit a Client Money and Asset Return (CMAR report) to the FCA. This gives the regulator assurance on a regular basis that the firm is able to hold client money and safe custody assets on behalf of its clients, is complying to the rules and providing timely notification of any breaches.
Firms often fail in this requirement by submitting poorly collated CMARs with inaccurate information, or even failing to have the right process to ensure they submit a report on time or at all.
4. Inadequate Risk Assessment Process
A best practise risk assessment process identifies all relevant risks in all processes related to the CASS rules. It should provide a clear view through processes, systems, risks, the levels of risk, the mitigating key controls. All of which should be linked to the relevant CASS rule.
Many firms have not performed an end-to-end risk assessment, thereby not identifying all risks in their processes and systems, leaving them unaware of some risks and unprepared for potential breaches. Furthermore, it leaves the firm and the regulator unassured of their compliance to all relevant rules.
5. Inadequate design or operating effectiveness of CASS controls
For a firm to ensure CASS compliance, it must implement and maintain a robust CASS framework with the appropriate processes, systems and controls to effectively manage CASS compliance on a daily basis.
The controls that the firm puts in place must be designed and operated effectively to ensure that the client money and assets are appropriately segregated, reconciled, monitored and reported as per the regulatory requirements. The controls should also operate such that any shortfalls or failures are clearly and easily identified.
Ineffective design and/or operating effectiveness of CASS controls can result in material CASS breaches and significant fines.
1st Risk Solutions has significant experience in designing, implementing and remediating all aspects of CASS compliance frameworks, tailored to the needs of your firm.
For more information of how 1st Risk Solutions can assist your CASS compliance, click on the link below: