Posted: 30/11/2023 | Read time: 4 minutes
CASS audits have changed in recent years. They now take a more proactive, control-based approach after the FRC revised its Assurance Standard.
This means you must clearly understand applicable CASS rules and have demonstrable controls in place to comply. Taking action following control failures and identifying breaches is also crucial to improving your control framework.
But CASS 7 is arguably the FCA Handbook’s most complex chapter. It comprises almost 400 different rules, guidance points, and evidential provisions. It’s especially important for FCA-regulated firms that hold client money.
To help you make sense of the CASS 7 rules, this blog answers frequently asked questions and sets out best practices. So you can meet the requirements and avoid breaches.
- Who do the CASS 7 rules apply to?
- How do you meet CASS 7 rules?
- What reconciliations do you need to do for CASS 7?
- What are the challenges of CASS 7?
- Best practices to avoid – and respond to – CASS 7 breaches
Who do the CASS 7 rules apply to?
If you receive or hold money on behalf of clients in connection with designated investment business, you must follow the CASS 7 – Client Money rules in the FCA Handbook.
How do you meet CASS 7 rules?
To meet the requirements of CASS 7, your firm must protect the client money it is responsible for. This requires
- timely segregation of money in designated bank accounts;
- complete and accurate internal books and records; and
- accuracy between internal records and those provided by relevant third parties.
Want a breakdown of each area of FCA CASS rules? Get your copy of our CASS compliance guidebook.
What reconciliations do you need for CASS 7?
CASS 7 requires two reconciliation processes: internal and external.
The daily internal client money reconciliation compares client-specific records to the firm’s client money cashbooks. This reconciliation is often the most complex – and hardest to get right. It acts as a secondary control by ensuring sufficient client money is segregated to meet client obligations.
The external client money reconciliation also makes use of the cashbook data. This is then compared to the records and statements received from the banks where client money is held. This ensures the firm’s internal records are in agreement with those of third parties.
What are the challenges of CASS 7?
Firms often struggle to maintain appropriate records of client money, impacting the data required for reconciliations. This is particularly true for the individual client balance method, which must be calculated in line with CASS 7.16.22 (E).
Calculation logic and key principles remain the same across all organisations. But the specific data inputs required to perform the process will vary from firm to firm. For example, you might use control accounts to process client transactions while they are in flight. During the transactional cycle, funds aren’t held as part of the client’s withdrawable balance (A – Free Money) and need to be captured elsewhere from the data.
It’s important to time movements on and off control accounts and client ledgers. This enables you to segregate client money appropriately in internal books and records. Ensuring this data is captured as part of your internal client money reconciliation is critical for accurately calculating the client money requirement.
Other common challenges of meeting CASS 7 rules include:
- Maintaining accurate internal records to determine client money held for each client
- Ensuring timely allocation of client money to clients upon receipt by the firm
- Opening and identifying client money bank accounts with the required Acknowledgement Letter
- Investigating and resolving discrepancies found after external reconciliations. This includes covering client money shortfalls with firm money until it’s resolved
- Using the individual client balance method or the net negative add-back method as a standard method for internal client money reconciliations
- Correcting any excess or shortfall identified by internal client money reconciliation, and determining the reason for the discrepancy
Best practices to avoid – and respond to – CASS 7 breaches
CASS breaches occur when processes fall short of the FCA’s regulatory requirements. While breaches are inevitable, you should keep them to a minimum.
The FCA places significance on recording breaches, so you must make every effort to meet their expectations. This includes documenting a clear understanding of the issue identified and the steps taken to resolve them. If you don’t, you’ll get their attention.
How you respond to a breach is critical. It’s far better to self-identify and remediate a breach than for an auditor or the regulator to find one. A mature organisation will record, track, remediate and learn from breaches. Treating every breach as an opportunity to improve your processes and adapt controls ensures compliance in the future.
One area the FCA is keeping a keen eye on is the growing use of PSPs to process client money transactions. So, if you use PSPs and e-money firms to facilitate client money transactions, be sure your processes meet CASS 7 requirements. If this applies to you, this blog outlines the four things you must consider to avoid breaches.
Tips for breaches:
- Foster a no-blame culture that promotes early escalation of incidents when they occur
- Record breaches with clear details of the circumstances. And record the impact and actions required to fix it
- Use breaches to identify areas in your organisation that need developing
- Are complex processes with many manual touchpoints causing breaches? Plan to automate to increase control and compliance
- Review your internal client money reconciliation and the data used to comply with the rules
To learn about common mistakes that cause CASS 7 breaches and how to reduce them, check out our blog CASS 7 breaches: Rising to the challenge.
With our CASS solution, you can focus on investigating exceptions instead of doing routine matching. Talk to a member of our team to find out how AutoRek can help you comply with CASS 7 requirements.