As most firms will attest, the FCA rules around the safeguarding of clients assets effective from early 2016, have placed a considerable burden on firms to put in place the required processes and controls to comply. Compliance to the CASS rules is assessed annually by the external auditors.
As part of the enhanced regulation on CASS, the FRC introduced the Standard for audit firms (“Providing Assurance on Client Assets to the FRC”) applying to CASS audits. Whilst the Standard does not have an impact on the scope of the CASS rules on which the auditor is required to report, it does required additional work to be carried out by the CASS auditor. The additional work includes an assessment of the firm’s control environment and culture towards protecting client assets, CASS risk assessment and CASS monitoring activities.
These higher standards that the auditors are being held to can have a knock on impact for your firm and the standards you need to achieve to obtain the CASS Assurance Audit report.
How can 1st Risk Solutions ensure your firm is able to achieve compliance with the CASS rule, and meet the expectations of the auditors?
In our experience, our clients are finding the following 3 steps are key to ensuring your firm achieves and maintains a satisfactory CASS Assurance Audit Report.
1.Implement a comprehensive end to end CASS risk assessment process
A best practice CASS risk assessment process which provides evidence to the auditor that you have identified and are managing all relevant CASS risks:
- Identifies all relevant risks in the processes related to the CASS rules
- Has an auditable, consistent methodology for the assessment of the CASS risks
- Provides clear view through the processes, systems, CASS risks, assessment of the risks, and mitigating controls
- Maps all risks to the relevant CASS rule
2. Ensure the CASS controls are designed and operating effectively
The firms must implement and maintain robust, documented controls that are both designed and operated effectively to ensure that the client money and assets are appropriately segregated, reconciled, monitored and reported as per the regulatory requirements (e.g. CMAR reporting). The controls should also operate such that any failures are clearly and easily identified.
Firms need to determine controls that should be periodically tested to ensure effective design and operations to prevent material CASS breaches.
3. Implement a robust and effective Governance and Oversight Framework
Although firms must identify an individual who has responsibility for oversight of the firms operational compliance with CASS, and reporting to the firms governance body (the CF10a), the firm must demonstrate the appropriate culture with regards to CASS management.
The firms management must ensure that they take their obligations regarding safeguarding client assets seriously, that they clearly understand the CASS obligations, requirements and regulatory expectations for compliance to CASS. They must ensure they prioritise implementing the appropriate processes, systems, and controls for compliance to the CASS requirements, and that the relevant reporting, governance and resolution of any CASS issues are in place.
1RS has expertise in designing, implementing and remediating all aspects of CASS compliance frameworks, tailored to the needs of your firm.
For more information on how 1RS can assist your CASS compliance, contact us via the link below: