CASS governance: Four factors for compliance

Posted: 26/05/2022 | Read time: 4 minutes


Good governance is essential to ensure compliance with CASS rules and regulations. Without adequate governance and oversight frameworks, financial organisations will struggle to satisfy FCA expectations.

But achieving this is often more difficult than it first seems. After all, building a culture that promotes change and innovation – while ensuring governance processes adhere to regulations and prioritise the client’s interest – is a significant challenge.

That’s why, in this blog, we break down the key factors that underpin effective CASS governance.


Enhanced personal accountability

Core daily processes like reconciliations and record keeping are the lifeblood of CASS compliance. However, many firms have found that focusing only on these processes leaves senior management (those accountable to regulators) lacking the level of visibility required by the FCA. Even more challenging is that those responsible need to illustrate how authority has been delegated across the firm.

So, how do individuals demonstrate that CASS compliance is embedded within the firm’s wider culture and that employees are held accountable? Addressing this question will be an immediate objective for many, especially with the FCA placing more focus on the Senior Managers & Certification Regime (SMCR).

The key is to implement a robust CASS governance and oversight framework where individual roles and responsibilities are mapped onto CASS processes and controls. In addition to assigning Prescribed Responsibility Z to a senior manager, firms should also make sure that the wider board and other departments are aware of and responsible for compliance with CASS rules.

In other words: responsibility, accountability and clear lines of direction should form part of every job description. The most successful frameworks will also detail effective discharge of responsibility.


Rising to the challenge of CASS audits

As we are five years on from the introduction of the Financial Reporting Council’s (FRC) new standards for CASS audits, firms should now have a good understanding of what to expect from their annual audit. But that doesn’t make the process any easier.

As well as key processes and controls, firms can expect auditors to test and scrutinise their governance and culture. Audits will test both how CASS processes are mapped onto CASS rules and how often those processes are reviewed.

The best way to meet expectations is via one tool that maps into a firm’s overall CASS governance framework. This should cover:

  • CASS rules mapped to CASS processes
  • CASS roles and responsibilities mapped to CASS processes
  • CASS controls mapped to CASS processes
  • CASS risks mapped to both CASS processes and controls


Greater CASS oversight

Proper oversight requires firms to have the right tools to manage and evidence effective discharge of responsibility at all levels. In particular, the senior manager with Prescribed Responsibility Z should have clear lines of sight into all activities – even those outside of their usual remit.

This individual will need access to all relevant resources and information, allowing them to form an accurate view of the firm’s current arrangements and drive change where standards aren’t met.

The optimal solution is for firms to recognise that CASS is not just a function of operations but is relevant to the front office, business managers, legal teams, IT, network management, client services and compliance. Employees at all levels should be aware of their responsibilities for compliance.

Documenting individual CASS responsibilities is equally important – only then can firms ensure that handover risks are properly managed. Any documentation should include a list of key processes and controls in relation to their CASS duties.

The final part of effective oversight is for firms to clearly define employees or functions that should be consulted or informed within CASS governance frameworks. In this way, staff are fully aware of the expertise within their firm.


Successful risk management

A positive CASS culture with superior risk management is essential for a firm to minimise the risk it poses to clients. Of course, this is also fundamental in the eyes of the FCA.

Firms have many things to consider when assessing if their governance structures mitigate CASS risks appropriately. But, in our experience, firms often fail to capture this knowledge within formal frameworks.

They usually opt for graphical representations to detail how responsibilities are shared and how process flow operates. While these documents have their merits, they tend to turn stale quickly once created.

Instead, effective risk management requires a “live” process with an inventory of processes and controls linked to the firm’s roles and responsibilities framework. This should form the blueprint of the governance framework and ongoing CASS risk evaluation.

Once established with the help of a CASS expert, this tool can assist the appraisal of governance and individual performance across a firm’s entire control framework. This framework will also support operational staff in escalating control weakness.


Proper CASS governance doesn’t need to be complex

Taken together, these four factors will allow firms to create a more CASS compliant environment and robust governance framework. While this is of course necessary for regulatory compliance, it also makes perfect business sense: it allows for more savvy commercial decision-making and enhances risk management, both of which are key components of business growth and profitability.