For most financial services firms it is probably fair to say that the second week of August is not the most productive week of the year, given that it’s bang in the middle of the holiday season, when staff at all levels are either on leave or have just returned.
Whilst it is natural in such circumstances that firms focus largely on their customer service fundamentals, it remains equally important that all other obligations are properly addressed, including any unscheduled requirements not foreseen when the holiday rotas were being drawn up.
The response to the FCA’s Dear CEO letter issued to investment firms on 24 July falls into this category. It is due on Friday (14 August).
Every firm must provide their response in line with their own particular circumstances and in time for Friday’s deadline.
However, beyond the necessity for an appropriate and timely response, there is added value for the Boards of all investment firms in reviewing the themes raised within the Dear CEO letter, to ensure that they are reflected in each firm’s risk management framework.
In the first place, the significance of client money protection cannot be overstated. Consumer protection (and by extension the protection of client money) is one of the FCA’s strategic objectives and has always been a supervisory priority. However, with the current COVID-related concerns over firms’ sustainability and recent reports of high-profile client money failures, its sensitivity had been amplified.
In this context therefore, we would encourage firms to take an active review of all their CASS arrangements, including the holding of necessary documentation, integrity of daily reconciliations, frequency of second-line monitoring and provision of related management information to the Board, (or to a committee acting under delegated authority from the Board).
A second identifiable theme in the letter is governance. The reference in the final paragraph of the letter that any compliance issues should be notified to the Board is also a reminder to firms of the importance that the FCA attaches to governance and culture and the rules and guidance in SYSC
Implicit in this context is record keeping, as in our experience, many firms govern themselves reasonably well but do so informally and so do not always have definitive proof that a decision was properly authorised or that a compliance breach was appropriately escalated. For example, a firm may have concluded that its employment of TTCA is appropriate, but may not have documented why, as it is required to do under CASS 7.11.4.
A further important theme in the FCA’s supervision is accountability, as evidenced by the reference to the senior manager with responsibility for the firm’s compliance with CASS in the ‘Next steps – please act’ section of the letter.
Many ‘Core’ investment firms began to develop their SMCR arrangements around this time last year, including agreement of individual statements of responsibility. The message in this letter is that this was not a paper exercise – those responsibilities are real, and individuals will be held accountable for them.
The response to the Dear CEO letter is an opportunity for those individuals who do have responsibility for CASS compliance to revisit the arrangements they have for managing all client money risks (not just those related to TTCA). Remember, proving that reasonable steps have been taken to prevent a breach is a legitimate defence for senior managers should a failure occur.
Overall, we would expect that most firms will be able to make a positive response to the Dear CEO letter on the particular issues raised. Holidays permitting, some might also take the opportunity to broaden their review which might potentially identify gaps in delivery – for example, in control documentation or risk management governance. If you are one of those firms and would like some assistance in this area, then please do get in touch: