CASS Audit Preparation

Take a proactive approach to your next CASS audit with expert guidance. With fscom, you can understand your CASS strengths and areas to focus on, and strengthen your future CASS capabilities. Get expert insights to remediate findings efficiently and mitigate risks going forward.

As regulatory experts, fscom can help you prepare for your CASS audit, manage responses and provide recommendations based on audit findings. This means you can address any challenges efficiently, manage risks and enhance your capabilities to better protect client money and assets and comply with CASS rules and obligations.

Prepare for your CASS audit today and book a consultation.

Podcast

Planning for your CASS Audit

Listen to this episode where, Associate Director, Julie Tuffrey takes a deep dive into the necessary steps you should take when preparing for your CASS audit.

What is a CASS audit?

In accordance with the Financial Reporting Council’s (FCR) standards, a Client Assets Sourcebook (CASS) audit is an annual in-depth review of a firm’s systems, procedures, controls and governance in relation to CASS — the FCA rules on how firms protect client money and assets. 

Mandated by the regulator, a CASS audit assesses compliance, competency and the strength of a financial services firm’s CASS arrangements to protect the client money and assets they are responsible for.

A CASS audit will determine:

  • Whether a firm maintained adequate systems to enable it to comply with the relevant CASS rules throughout the period; and
  • Whether the firm was in compliance with the relevant CASS rules throughout and at the end of the period.

Ultimately, a CASS auditor provides their opinion (on a limited or reasonable assurance basis) on whether the firm is meeting their CASS obligations. It also highlights focus areas to improve the firm’s CASS organisational arrangements and controls.

Who needs a CASS audit? 

The FCA-regulated investment firms that must undergo an annual CASS audit are:

  • Those with CASS permissions that can hold or control client money and/or assets; or
  • Those subject to an annual statutory audit.

The type of CASS assurance report you require (either reasonable assurance or limited assurance):

  • Depends on your regulated firm’s FCA permissions and/or whether you are subject to an annual statutory audit.
  • Will be based on the footprint of any client money and/or assets held.

Looking for a pre-audit CASS assessment? Book a consultation.

Scroll down for more information on what to know about CASS, how to prepare, and how fscom can help:

Book your free consultation

What you need to know about CASS

CASS establishes the rules firms must adhere to when holding and controlling client money or safe custody assets. The FCA has provided these rules to protect client money and assets in case of insolvency.

However, the CASS regime can be very complex and prescriptive. Here are some key aspects to know about CASS: 

  • Not all CASS rules are easy to understand. Misinterpretation of CASS rules can prevent you from embedding CASS into your operational environments properly. This means you may lack the right processes and controls to remain compliant with the CASS regime. 
  • CASS can touch multiple areas of your business, not just your financials. CASS operations and activities are present across your entire customer journey, from account opening to trading, settlement, reconciliations, reporting and beyond. From the legal entity level to your executive and operational levels, it’s crucial to map CASS touchpoints and responsibilities. Ensure tight controls and skilled staff across your business as a whole to protect client money and assets. 
  • Not all CASS rules may apply to you. Just as some CASS rules apply to you, others may not. However, it’s just as important to validate those areas where CASS does not apply and evidence how you came to that conclusion. Mapping and documenting how CASS rules apply across your entire firm can help support your rationale. 
  • The CASS audit period can be resource intensive. The CASS audit can take up your most senior managers’ and skilled resources’ time. You also have to meet a fixed deadline as the auditor report is due within four months of the financial year end, which can also fall within your peak financial audit period. Make sure your firm is ready to handle a CASS audit by preparing for it beforehand.

What do you need to have in place for a CASS audit?

You need to have documentation, evidence and governance in place for a CASS audit. This includes:

  • Documentation of where CASS applies across your firm. Identify and document where CASS applies across your entire business. This helps you know the specific touchpoints, departments and processes involved in CASS. To understand where CASS applies while documenting these touchpoints, use a rule-mapping matrix. This is a document evidencing the CASS footprint, what does and does not apply, the end-to-end customer journey steps, and the timing of client money and assets movements across your business.
  • Skilled and CASS-aware employees. Ensure staff know their CASS obligations, roles and responsibilities in relation to CASS and the rule implementation. Skilled staff help prevent gaps and errors in your CASS control environment.
  • Strong controls and accurate records. Have an engaged board who oversees your CASS environment and ensures you act appropriately, keep detailed records to protect client assets and be audit ready.
  • Record of CASS reconciliations. Policy, controls & evidence provisions are key. Ensure you perform and document your internal and external client-asset reconciliations according to the CASS rules. This will provide a cornerstone of your client-asset protection.
  • Continuous CASS impact and risk assessment. Consistent oversight and testing will help you stay on top of CASS. Frequent reviews are especially important to mitigate risks caused by any organisational change management or changes in systems, resources, product or market.
  • Record of breach management and logging. Keep records of incidents and any rule breaches. This includes any near misses or resolved incidents, all breaches occurring during the audit period no matter how small, and all significant breaches and/or material breaches with notifications made to the FCA. You also need to include any FCA inspection visits, client complaints, s166 Skilled Persons Report, and internal or external reviews during the audit period.

Need help to prepare for your CASS audit? Get in touch.

How to prepare for a CASS audit

Prepare all the documentation and evidence the auditor will require well in advance. This includes:

  • Policies
  • Procedures
  • Controls
  • Flow of funds
  • Reconciliations 
  • Client money and assets return (CMAR) data
  • Resolution pack contents
  • Committee materials and CASS-related audit actions
  • Incidents and breaches
  • Mandates and other relevant evidence logs 

Then ensure these documents are in a final and board-approved form. 

Address CASS with an insolvency mindset. A preventative approach to CASS will help you avoid client money and asset failings and adverse audit report findings, which could lead to fines and business restrictions.

Here’s how you can prepare for your next CASS audit to safeguard client money and assets and avoid challenges, enforcement/penalties or revoked permissions:

1. Ensure governance and awareness

  • Ensure high-quality organisational CASS education for your team. Keep training and competence records to demonstrate how focused and aware your CASS team are. 
  • Drive decision making and control by setting CASS performance and risk indicators and reporting to ensure dynamic and focused CASS oversight across your business. 

2. Create and maintain quality CASS arrangements and documentation 

  • Review and refresh your CASS documentation, which helps to identify client asset touchpoints, evidence CASS policy implementation, record and evidence performance and demonstrate accurate and timely reconciliations.
  • Manage your CASS risk effectively. Assess, objectively challenge, manage and remediate risk and prevent breaches to lower CASS incidents holistically.
  • Review and test your CASS resolution pack and all of its contents. This is critical for ensuring an orderly and timely return of client assets in a worst-case scenario.
  • Conduct Due Diligence on third-parties. Review any associated acknowledgement letters and/or contractual records to ensure CASS compliance and effectiveness.

3. Test and Assess consistently 

  • Assess your own capabilities objectively. Conduct regular maturity testing and CASS assessments to gauge your CASS capabilities. 
  • Fully Review all CASS touchpoints, products, clients and the timings and status changes of client money and asset flows. Exceptions are usually found in the less usual flows, so be aware of the outliers.

Take a deep dive into CASS audit preparation. Listen to our podcast on planning for a CASS audit

How fscom can help you before, during and after a CASS audit

fscom can help you prepare, identify focus areas and/or gaps and remediate any CASS findings

Our team is made up of ex-regulators, ex-bankers and former in-house compliance experts. This means we understand the challenges you face and can guide you on preparing for a CASS audit.  

Here’s how fscom can help you before, during and after a CASS audit:

  • Review the current state of your CASS arrangements. Our pre-audit assessment, which includes a health check and a gap analysis, identifies what works in your CASS compliance and what you may still need to address before a CASS audit. 
  • Get a compliance expert to work on your CASS arrangements. Get in-house expertise when you need extra skilled resources the most. We can become a temporary compliance team member to assist you before, during and after an audit.
  • Upskill your team on CASS and compliance. Part of your CASS arrangements should include providing company-wide understanding and responsibility, and implementation of CASS rules. We can help fill knowledge gaps with bespoke training and workshops for staff across all departments.
  • Train your executive suite and board. C-suite and board engagement are crucial because your executives and Client Asset Oversight Officer (CAOO)–the individual responsible for CASS under PR Z–are ultimately responsible for ensuring adequate and appropriate CASS resources and alignment. We provide training to increase their governance contribution and CASS focus, and specific coaching for the senior director and CAOO.
  • Map and document how CASS rules apply to you. We can help you document your CASS footprint and touchpoints, deploy adequate risk and breach management, test and enhance CASS reconciliation processes and address CASS capabilities. We help you to mature to reach a level of CASS best practice. You can even create your CASS Resolution Pack with us and add attestation and workflow to keep your resolution pack up to date and accurate.
  • Conduct management responses on your behalf. Rely on our expertise to address, respond and challenge audit findings, and work with the CASS auditor to demonstrate how you have considered, addressed and mitigated risks. 
  • Remediate CASS gaps and auditor findings. We can help you address and resolve any CASS gaps through our pre-audit and maturity assessments, as well as support you to remediate findings from a CASS auditor. After remediation, we can provide assurance to support your CASS enhancement. 

Why choose fscom?

Your Practice Lead

Julie Tuffrey

Associate Director

Be CASS audit-ready with fscom

Don’t underestimate the complexity of CASS audits. 

With fscom by your side, you’ll have the guidance of expert compliance analysts before, during and after a CASS audit. We’ll help you raise your CASS standards and challenge and remediate audit findings to mitigate risks.

With our support, you can improve your CASS arrangements, deliver best practice to keep client money and assets safe and demonstrate your CASS compliance. 

Book a Free Consultation Today

    fscom needs the contact information you provide to us to contact you about our products and services. You may unsubscribe from these communications at any time. For information on how to unsubscribe, as well as our privacy practices and commitment to protecting your privacy, please review our Privacy Policy.