A subtle change in SUP 3.10.5R (1) brings mandates into the CASS audit. The requirements are simple enough but the application is very wide including fund managers who control and invest client money in a fund. If you have your CASS audit and find questions being asked about where your authorities are held and the security measures in place then this is why.
The CASS Audit also has to record all breaches in much more depth than before so records better be up to date an in good order.
Just as you thought struggling to produce your CMAR was enough. Too much to do and not enough time but compliance is all about good record keeping to keep the auditors happy.
If you have any thoughts on this feel free to write to me for inclusion on this site.
This is what you have to do:
CASS 8.1.5R - Mandates
A firm that holds authorities of the sort referred to in this chapter, must establish and maintain adequate records and internal controls in respect of its use of the mandates, which must include:
(1) an up-to-date list of the authorities and any conditions placed by the client or the firm's management on the use of them;
(2) a record of all transactions entered into using the authority and internal controls to ensure that they are within the scope of authority of the person and the firm entering into the transaction;
(3) the details of the procedures and authorities for the giving and receiving of instructions under the authority; and
(4) where the firm holds a passbook or similar documents belonging to the client, internal controls for the safeguarding (including against loss, unauthorised destruction, theft, fraud or misuse) of any passbook or similar document belonging to the client held by the firm.
This is what the CASS Audit has to cover:
SUP 3.10.5 R - Client assets report
Whether in the auditor's opinion
(1) the firm has maintained systems adequate to enable it to comply with the custody rules, the collateral rules, the client money rules (except CASS 5.2), and the mandate rules throughout the period ;
(2) the firm was in compliance with the custody rules, the collateral rules, the client money rules (except CASS 5.2) and the mandate rules, at the date as at which the report has been made;
(3) in the case of an investment management firm, personal investment firm, a UCITS firm, securities and futures firm or BIPRU investment firm, when a subsidiary of the firm is during the period a nominee company in whose name custody assets of the firm are registered during the period, that nominee company has maintained throughout the period systems for the custody, identification and control of custody assets which:
(a) were adequate; and
(b) included reconciliations at appropriate intervals between the records maintained (whether by the firm or the nominee company) and statements or confirmations from custodians or from the person who maintained the record of legal entitlement; and
(4) if there has been a secondary pooling event during the period, the firm has complied with the rules CASS 5.6 and CASS 7A (Client money distribution) in relation to that pooling event.