Our insights on CASS

The FRC client assets standard has been in place for two years and is here to stay. The FCA client assets team continue to place reliance on external auditor CASS reports, so unsurprisingly, the latest standard has substantially increased the level of testing required.  The increased testing has created an increase in compliance cost for CASS firms. Given the increased costs, it’s ever more important that firms get value from the assurance process. 

Two years into the Assurance Standard, what have we learned?

What has been the impact of the FRC Assurance Standard?

The FRC Assurance Standard focuses on firm’s governance oversight processes and in particular, how CASS firms have documented compliance. A common perspective being that if it’s not documented, it’s not done. The Standard requires auditors to obtain a detailed understanding of CASS firms control matrices and their mapping of controls against the rule requirements. Key controls play a more important role and in the case of reconciliations, their format is now very much prescribed by the Regulator.

  • Have you documented your rule interpretations?
  • Have you mapped your controls against the rule requirements?
  • Do you have documented funds flows?

Feedback from the FCA 

The FCA have said they will be focusing on reports provided by audit firms who undertake very limited numbers of typically limited assurance reports and will complete only a limited number of CASS assurance reports each year. With this in mind, a clean report from a firm who only completes a handful of audits a year might prompt as many questions from the regulator as one reporting breaches.

  • Regulator focus areas
    • Internal custody reconciliations
    • Mandates
    • Outsourcing and offshoring

The Regulator is expecting to see an increase in Qualified and Adverse reports following adoption of the Standard as a result of more breaches being reported.

We continue to see client assets reports that are just not good enough

Charles Randell, Chairman of the FCA

From our work with clients, we know there is a real desire and investment into the CASS process to help drive clean reports.

How can you extract value?

With an increased level of scrutiny, additional compliance costs and potentially more breaches, there is clearly an increasing burden on firms. One area we focus on is working to ensure that our CASS clients do get value from the process. 

So how can you drive value in the process?

Controls mapping – Mapping your controls against the regulatory requirements will highlight any gaps and help ensure you continue to comply with the CASS sourcebook both now and in the future.

Systems validation – Your Board will get additional insight into the effectiveness of your control systems. If breaches are found, you will be able to rectify your systems to prevent future breaches.

Right CASS auditor – Choosing a CASS auditor with sufficient, relevant experience will improve the quality of reporting to ensure you are better equipped to respond to any FCA follow up actions.

What does the future hold?

Compliance hiring and spending is increasing as the regulatory burden grows, but CASS firms are also under pressure to reduce costs and improve compliance efficiency. We believe future challenges will include:

Use of technology - Technological advancement is creating new routes for customer interaction, be that via phone and tablet, interactive platforms or alternative payment methods. RegTech software solutions to these challenges are becoming increasingly popular and can be expected to continue to bridge the gap between CASS firms, regulatory requirements and technological change. Many CASS firms are investing heavily in new software solutions.

Outsourcing and offshoring – More CASS firms are looking to third party administrators and outsourced providers to help handle growing volumes and drive efficiency and cost saving. CASS considerations when using such providers can be complex and Boards must ensure they have sufficient understanding and oversight of arrangements that are in place.

Possible FRC file reviews in future? – The FRC do not currently inspect auditors’ CASS assurance assignment files. There is every chance they will look to in future and perform sample reviews.

Follow up, fines and remediation plans – Sanctions for non-compliance have been rising over recent years and can be expected to rise further. The cost to CASS firms of close Regulator involvement, be that remediation plan completion, or a skilled persons S166 review should not be underestimated. 

Are you thinking of changing CASS Auditor?

Our CASS specialists can support you in a number of ways, whether you’re new to client assets or have plenty of previous experience.

External Audit

Our external audit team can help you meet your regulatory requirements under the Supervision Manual.

Internal audit and risk assurance

Our team can help validate your control systems and provide assurance that they are working effectively, in compliance with Principal 10 and the CASS handbook.

Advisory

Our team can offer you support and guidance to assist you when documenting your rule interpretations, map your controls against the requirements and can undertake a CASS health check, making recommendations of best practice.

For further information on our CASS services, please contact our team:
David Fenton, Hugh Fairclough, Paul Jennings, Jon Pepper and Rob Gordon.