Covid-19: new FCA client assets webpage

Home / FINANCIAL CRIME / Covid-19: new FCA client assets webpage

The FCA set out its current position in relation to client assets in a statement on the 6 April 2020 as a consequence of queries that it had received from firms specifically in relation to CASS.

While firms themselves are best placed to determine which of their people are ‘essential’, recent FCA guidance has clarified that staff involved in CASS activities will likely be key workers This includes people involved in payment processing, cash distribution, risk management and compliance.

In the statement, queries the FCA received fell into seven areas:

  1. Audit

There have been concerns reported around additional breaches and costs associated with the impact of Covid-19, however the FCA has not yet seen these materialise.

If auditors are concerned about their ability to meet the four-month deadline, the late reporting rules in SUP 3.10.8 must be followed.

Auditors are reminded of their statutory duty to report (via CASSAudit@fca.org.uk) any significant matters with compliance.

What are the implications to the annual CASS audit?

There will be no relaxation in the level of audit evidence required so firms and their auditor should be discussing the logistical implications of remote-working and any limitations in access to key people. Firms should explore whether their systems are set up to allow auditors to perform their testing and walk-throughs remotely, being mindful of potential constraints (such as GDPR and information security protocols).

Firms should pro-actively engage with the FCA if they foresee any implications to the audit opinion, such as failing to meet the reporting deadline or obtaining necessary evidence of compliance.

  1. Cheques

Where CASS firms have issues handling cheques, they need to consider the harm caused on a case by case basis. Where there are logistical difficulties around the one business day rule, firms should be able to demonstrate they have tried to mitigate these.

  1. Physical asset reconciliations

Some firms subject to CASS 6 have reported difficulties reconciling physical safe custody assets as they cannot access the location where the assets are held. Firms need to notify the FCA if they cannot conduct a physical asset reconciliation due to issues created by Covid-19. Firms must take steps where possible to ensure client assets remain protected.

  1. Depositing client money

The FCA recognises there may be challenges around the segregation and diversification of client money and reminds firms accounts can be opened at; central banks, CRD credit institutions, banks authorised in a third country and qualifying money market funds.

Firms should continue to follow the rules on diversifying holdings in CASS 7.13.

They also warn that if firms have issues, they need to have carried out a detailed assessment before contacting the FCA.

  1. Notification of breaches

As a vital part of the regime, this must continue as required.

If firms feel they have made a CASS breach, the FCA should be notified under Principle 11 and SUP 15.

In addition to these general duties, the CASS rules contain various requirements to notify the FCA of specific issues (for example if a firm is unable to carry out a reconciliation or unable to pay any shortfall into a client bank account).

These specific requirements in CASS relate to fundamental components of the regime and firms should continue to make any notifications required under CASS.

  1. Classification of firms

Firms are requested to continue as normal and report to the FCA in January.

  1. Delays to improvement processes

The FCA realises that firms’ improvement programmes may be delayed. Firms should consider reporting delays and keep the FCA informed of their progress.

Where a regulated firm has a query about how to apply the CASS rules in the current circumstances, it can contact the FCA by emailing CASSgeneral@fca.org.uk.

Some questions and considerations for firms

How are cheques and other postal correspondence being safeguarded and managed?

Depending on the size and complexity of a firm’s operations, the timely handling of cheques and other customer correspondence may become a logistical challenge, particularly where this requires their movement across numerous processing teams. Firms will want to make sure their mailroom is functioning well and, where possible, effectively utilise scanning software to minimise the movement of correspondence across the business.

What are the implications to the annual CASS audit?

There will be no relaxation in the level of audit evidence required so firms and their CASS auditor should be discussing the logistical implications of remote-working and any limitations in access to key people. Firms should explore whether their systems are set up to allow auditors to perform their testing and walk-throughs remotely, being mindful of potential constraints (such as GDPR and information security protocols).

Firms and their auditors should pro-actively engage with the FCA if they foresee any implications to the audit opinion, such as failing to meet the reporting deadline or obtaining necessary evidence of compliance.

Is CASS compliance explicit in the BCP? 

Many firms have already fully or partly invoked their BCP. Maintaining CASS compliance throughout this period is important and senior managers need to ensure that they have full oversight of any issues or problems.

CASS committee

Is the firm’s CASS committee providing an agile and effective role? CASS committees should be assessing the emerging risks. This might include the availability of committee members the quality and timeliness of management information and ultimately ensuring that CASS compliance is not compromised through this period.

What do breach trends tell you?

Firms may be experiencing an uptick in breaches and near-misses because working remotely or having stretched resources naturally means less control, coordination and oversight. Remote working may also put pressure on how breach data is captured, which may lead to false assurance. So, you may need to heighten oversight and monitoring across first and second-line functions. Processing delays or failings to meet operational SLAs are unlikely, in isolation, to amount to CASS breaches, unless there are broader implications, such as reconciliation errors or unresolved funding shortfalls.

Does the business model mean that market volatility impacts the CASS compliance?

All firms are reliant on the continued stability of banking and payment systems. Market volatility might have CASS implications, such as:

  • Liquidity of the client money pool to meet outflows, for example where unbreakable deposits are used;
  • Increasing volumes of reconciliation breaks (e.g. for suspended funds) needing greater oversight; and
  • An increase in failed trades may result in greater daily funding requirements (e.g. where a firm provides contractual settlement) fluctuations in daily mark-to-market valuations to cover asset shortfalls.

Third Parties and increased due diligence

Usually due diligence is completed periodically, often annually, which is acceptable when operating under a business as usual scenario. However, in these unusual times, firms may want to have a closer eye on the stability of their third parties who hold money and custody on their customers’ behalf. Firms may also consider increasing the frequency of testing for their own CASS resolution pack.

Off-shore or outsourced providers

The whole world is affected by Covid-19, so operational disruption may extend to a firm’s outsourced or off-shore servicing centres, including third-party administrators, or overseas back-office operations. CASS compliance is one of many important factors in assessing the resilience of these critical arrangements.

Re-enforcing the basics

In uncertain times, it can be useful to re-assure staff to keep on as normal. For CASS, this means a continued focus on maintaining operational standards and ensuring the accuracy of the firm’s books and records.

CASS Resolution Pack

Firms may consider increasing the frequency of testing for their own CASS resolution pack.

Protecting the firm’s clients

CASS was designed to protect clients in the event of a firm failing, and so it is important to ensure the regime is effectively applied in times of uncertainty, particularly under stressed conditions.

Help and advice

If you require any assistance in understanding the implications of Covid-19 on your firm, please do not hesitate to contact us.