
Academy Helpdesk review
Every quarter, our Academies team will publish the most important and frequently asked helpdesk queries. You can download our 2024 quarterly updates here.
A CASS audit is required for firms regulated by the Financial Conduct Authority (FCA) that hold client money and assets. It ensures compliance with the FCA’s Client Assets Sourcebook (CASS) regulations, providing assurance that client funds are protected. Maintaining compliance is essential not only for regulatory adherence but also for safeguarding client assets and upholding your company’s integrity.
The type of CASS audit report that is required depends on a company’s permissions. The CASS audit team possesses the knowledge and experience to determine whether a firm falls within the scope of a CASS audit and what type of report is required to be submitted. At Price Bailey we support the following key areas of CASS audit engagements:
Contact us today to find out more about how we can help you with your CASS audit
Our approach begins with gaining a thorough understanding of the firm’s control environment, including the systems and procedures in place for managing client money.
We recommend that clients undertake a CASS mapping exercise, which involves listing out the relevant CASS rules and the controls in place to ensure compliance. This exercise helps organisations identify potential breach points and implement measures to mitigate risks.
Once our team of CASS auditors understand your organisation, we assess the control environment and subsequently test the operating effectiveness of these controls for our overall opinion. We perform any additional non-control tests that may be required to gain assurance over the firm’s compliance with CASS rules. A significant part of our work involves reconciliation reviews, where we examine internal and external reconciliations on a random basis.
Key areas of focus include:
If breaches are identified, they must be reported in detail. The FCA considers breaches in black-and-white terms, regardless of whether they were one-off occurrences or due to human error.
If breaches are found, we provide a breaches schedule outlining:
CASS audits must be completed within four months of the firm’s year-end, which differs from the deadline for submitting audited financial statements to the FCA (80 business days). If breaches are identified, they may also appear in the following year’s audit report, as corrective actions often take time to implement.
The number of firms collecting client monies via a non-bank payment services provider (‘PSP’) has increased significantly over the last few years. For CASS 7 firms applying the normal approach to client money segregation, they are required to receive client money in a central bank, a CRD credit institution, a bank authorised in a third country or a qualifying money market fund. As such, monies received into a PSP could be considered a breach of the normal approach to the segregation of client money. In addition, in instances where clients are able to use funds immediately after deposit there is a risk that they are trading with funds of another client whilst their own funds are in transit.
Firms are also advised to document their understanding of the PSPs used and what they have done to gain comfort as to how or whether client monies are protected. Understanding these regulatory expectations is crucial to maintaining compliance and avoiding unintended breaches.
Internal reconciliations must be completed daily whilst external reconciliations must be done at least monthly. Firms need to consider the number and value of transactions, complexity of services in order to determine how frequently external reconciliations should be completed. A lot of firms choose to complete the external reconciliations daily alongside the internal reconciliations as the internal records are used in both, and this also helps firms identify and address any discrepancies.
Some common reconciliation breaches we have come across relate to not transferring money within the required time frame to address any excess or shortfall, as well as manual errors due to incorrect use of formulas and incomplete data. Another common issue is where firms rely on feeds from the external bank or custodian to maintain their internal records whereas the internal reconciliation should be based only on internal data.
Firms are required to obtain an acknowledgement letter before holding or receiving client money in a client money account. The purpose of the letter is to confirm that the entity acknowledges the firm’s responsibilities in managing client money and assets and agrees to the terms outline in the letter. Common pitfalls relating to acknowledgement letters are where the firm name, account details and/or FCA registration number has not been included on the letter or the text in the letter is not in line with the CASS template.
The FCA has proposed changes to the safeguarding regime for payment and e-money firms under CP24/20. These changes aim to strengthen the requirements for safeguarding audits and ensure better protection of client funds within the payments sector.
We can run CASS audits in conjunction with statutory audits, but we can also be engaged solely for CASS audits. When performing statutory and CASS audits simultaneously, there are efficiencies to be gained.
If a business has permission to hold client money, it is important to assess compliance from a legal and regulatory perspective, as any non-compliance could impact its ability to trade or lead to FCA-imposed restrictions.
Additionally, from a going concern perspective, understanding regulatory compliance is crucial. Conducting both audits together can provide a more comprehensive assessment and improve audit efficiencies.
We have a dedicated CASS audit team that has undergone specialist CPD training, ensuring that our auditors are up to date with the latest regulatory changes and industry best practices.
An example of some of the things you need to have in place, include:
Where a modified opinion may be required for the CASS audit, this can be either an “except for” or an “adverse” opinion. An adverse opinion may be required if the identified weaknesses in control and/or breaches of rules are systemic or pervasive and client assets may be at risk. Other areas that may give rise to an adverse opinion include a breach of the requirement to keep proper records of client assets, failure to or incorrectly carrying out to a significant extend the required CASS reconciliations.
Each audit opinion is determined on a case‑by‑case basis, and auditors apply professional judgement when assessing the nature and severity of issues before deciding whether an “except for” or “adverse” opinion is warranted.
Contact us today to find out more about how we can help you
Every quarter, our Academies team will publish the most important and frequently asked helpdesk queries. You can download our 2024 quarterly updates here.
In this guide, we delve into all things Making Tax Digital (MTD) that healthcare professionals and organisations need to consider...
As students receive exam results today, Price Bailey announces trainee and apprenticeship openings across East Anglia.
Financing acquisitions requires careful planning and a thorough understanding of the various funding options to ensure success without jeopardising financial stability. Read more here...