CASS audit for client money

CASS audit

At MAH, Chartered Accountants we have built up many years of experience in dealing with financial services firms.

As a result, we have learned a lot about the CASS 5 and CASS 7 sections of the FCA handbook and know the client money regulations inside out.

We can perform both full audits with reasonable assurance for firms holding client money (eg EUR125k firms) and also limited assurance reviews for firms who don’t hold client money (eg EUR50k firms).

Our clients include FCA authorised firms involved in foreign exchange trading platforms, CFD/options trading, insurance brokers, wealth management, hedge funds, introducers and corporate finance.

Our process involves (full details are below):
1) Obtain an understanding about the business and plan the CASS audit.
2) Test a sample of transactions.
3) Write the CASS report and agree any issues or breaches.

The deadline is usually 4 months after the year end.

Fees

We use an efficient audit process, have low overheads and a flat management structure. As a result, we are able to perform CASS audits cheaper than large firms. Our clients are typically able to save at least one third of the fees.

Get a quote

Please contact us to get a quote and we’d be happy to help you.

Our CASS audit process

When we perform a CASS audit for client money, we normally follow the steps detailed below. We try to use our experience to make the CASS audit as easy as possible for the client, however, we do have to ask a lot of questions and look at a lot of information.

1) Obtain an understanding about the business and plan the CASS audit

We like to have a planning meeting or call with the firm to run through their licence and reporting requirements and to go through their systems and controls, especially:

  • Client onboarding process, AML/KYC and risk assessment
  • How clients send money to the firm, or administrator/platform etc and also withdraw funds
  • Looking at client transactions eg open/close a position or buy/sell securities
  • For EUR125k firms, how the client trades are mirrored/hedged with prime brokers/dealers etc
  • How the platform/system/client calculates client profit/loss and how commissions/fees are calculated
  • Understand the daily client money reconciliation process and how customer balances and client money resources are calculated
  • How and when the client money surplus/deficit is transferred

We would also try to use as much information from the statutory audit file as possible (where applicable).

2) Test a sample of transactions

Once we have obtained an understanding about the firm deals with client money and we have planned the CASS audit, we would usually send a list of queries to the firm for items such as:

  • Bank statements for the year for all client and firm accounts
  • Nominal/general ledgers
  • Prime broker/dealer statements for the year
  • Letters from banks and prime brokers that they acknowledge the funds are client money and not firm’s funds
  • Client money reconciliation daily files
  • Sample of customers’ history from trading/dealing platform
  • Sample of trades/transactions

We would then test a sample of transactions going into the client and firm bank accounts for deposits and withdrawals. We would also look at how the trades are made and do walkthrough testing to follow through to client money and how they’re reflected in customer balances.

Normally we would also need to test the daily reconciliation process and re-calculate / check it and vouch to the supporting documents, such as customer balances calculation (and check for negative balances) and bank statements.

We would also try to use as much information from the statutory audit file as possible (where applicable).

3) Write the CASS report and agree any issues or breaches

Once we have performed the detailed audit testing and have written up our CASS audit file, we will run through any potential issues or breaches or problems which we have found.

It is best practice to agree them with the firm in order to avoid any misunderstandings and that breaches are in fact genuine problems which need to be disclosed in the breaches log.

Once you have provided your comments on the breaches and we have agreed them, we will submit our report online using FCA Connect.