When it comes to managing FCA CASS governance, who needs to be involved and what are the implications? We know it’s a complex topic with a number of intricacies, so guest author Katharine Leaman from Leaman Crellin Limited helps unpack the needs and specifics of maintaining FCA CASS compliance in the UK, who’s involved in the process, and how to maintain their training, even from a distance.
FCA CASS Governance: Where Are We Now?
Around this time of year, we would normally have digested the Annual Report from the UK’s Financial Conduct Authority (FCA) and be reflecting on the themes of its enforcement actions from the previous 12 months. When we get to see the report later this month, I imagine the FCA’s key focuses will remain on Principle 11 (communication with regulators) and Principle 3 (organization and control).
These focuses don’t mean that financial services firms are badly managed or controlled. What it tells us is that our industry isn’t always good at setting expectations in a clearly defined or documented way.
It will have been several months since your Client Assets Sourcebook (CASS) auditor submitted their mandatory Opinion on CASS compliance to the FCA. This, alongside the context of the FCA Annual Report, means that now is the perfect time to look ahead and consider your immediate, short-term, and medium-term CASS priorities.
CASS Training: Back to Basics
Close to the top of your list will be training, which means it’s time to think about annual refresher courses. It’s important to remember to look at the bigger picture here and assess who, in the long and short term, will benefit (on an individual and organizational level) from undertaking this training.
So, how can you determine who to target for your CASS training?
Let’s go back to basics: CASS is essentially a book of rules telling us how to operationalize the legal agreements in place with clients.
The rules may be written and organized in a way that limits their understanding among many of your people. However, if your operations are tightly controlled and closely aligned with your legal agreements, then your CASS breaches should remain under control. Below are four tips to help you set your CASS training targets.
Tip #1: Establish Your Three Lines of Defence
Start with an obvious group of people: the three lines of defence. That gives you Audit, Compliance, and your first line. Remember that these days, a proactive first line of defence is one of your strongest due to their proximity to the business area they support.
For CASS, this often translates into a CASS Office of some description, which is aligned with operations but carries out a “one-step-removed from operations” or sixth-eye check, on the work of the operations teams.
The CASS Office will also most likely own and manage the Financial Reporting Council (FRC) register. You may see the FRC register given a host of different names, including:
- Rules register
- Controls register
- Regulatory obligations register
- Risk and control self-assessment
Whatever name is attached, they all ultimately achieve a similar outcome: mapping every rule to every control in the firm with a risk assessment at the end about the level of compliance or risk of non-compliance applied to each.
Tip #2: Consider CASS Governance
Next, consider CASS governance. It’s not just your Senior Manager holding the Prescribed Responsibilities for CASS and the Certification Function Holder. This ongoing process should also include members of your CASS governance forum, your product governance forum, and your desk heads for certain sensitive CASS products, such as money markets.
Then you have your crisis management and business continuity groups. While some members may not feature in your CASS Resolution Pack, many of them need to understand the key priorities that need to be given to CASS and Insolvency Practitioners. During a winding up event with an Insolvency Practitioner, whether that winding up is of your own firm or a business partner, it’s important that everyone is on the same page.
You might also like: ‘SMCR Training: The Definitive Guide’
Tip #3: Identify Those Responsible for Reporting
Then consider the individuals responsible for your firm’s reporting. This isn’t just the person who fills in and submits your monthly return, the Client Money and Assets Return (CMAR) in the FCA’s reporting system, GABRIEL on behalf of your Senior Manager Function Holder (SMF). This group will most likely include people who submit your financial returns, as you need to ensure that your CASS figures align with the financials. It’s also important to include controls in place for any new accounts of ledger codes Finance has created.
Tip #4: Don’t Forget Legal and Operations
Last, but not least, the individuals to whom the CASS rules are primarily addressed: Legal and Operations. This means the following people:
- Individuals who manage your nostros (accounts held at other banks)
- The team that carries out reconciliations
- The securities settlement function in your offshore hub
- Lawyers who draft your client agreements and agreements with custodians
They all have a key role to play in delivering what your clients expect and making sure that you remain CASS-compliant.
Suddenly, you’re looking at a broad group of people, all of whom are ensuring that your firm remains CASS-compliant and is protecting its clients.
Related reading: ‘Why a Great User Experience Is Essential for Your Compliance eLearning’
Do They All Need CASS Training?
In short, yes. For some, you may just need to raise awareness, but that can’t be left to chance or passive attempts like using wallpaper and screensavers. These individuals still need to know why it’s relevant to them.
As with any compliance training, the key is to help your people answer “what does it mean for me personally?”.
Don’t forget that if the FCA CASS Unit visits (these days done by a combination of desk-based review and webinar interviews), then they will likely ask for a walkthrough of your reconciliations or your settlements systems. They won’t want that presented to them by Compliance or the SMF.
Put the person doing your settlements or reconciliations in front of the FCA. The FCA wants to know what’s really happening. That person knows the process inside-out and you eliminate the risk of saying what you think should be happening, rather than the reality.
This brings me back to my opening point about Principles 3 and 11, organization and control, and communicating clearly with your regulator. Never make assumptions or speak for others when you are talking to the regulator—always stick with facts.
About the author
Katharine Leaman is a regulatory compliance consultant with expertise in cross-cutting regimes such as CASS, Conduct, SMCR, and Outsourcing as well as industry codes such as the Global FX Code. For more, visit leamancrellin.co.uk.