2a a32 small (frs 102 1a) (dif... · web view2021. 8. 12. · the uk left the eu on 31 january...

ContentsGuidance

Contents

Guidance notes

1 The Regulatory Framework

2 Understanding DIFs

3 Understanding the scope of audit engagement(s)

4 An overview of the CASS rules

5 Approach to statutory audits

6 Approach to CASS audits: FRC CASS assurance standard

7 CASS Audit reports

8 The auditor’s right and duty to report to the FCA (‘whistleblowing’)

9 Other relevant regulatory requirements

10 Using this manual

Appendix: Glossary of terms

Getting started for new manual users

What's changed

Example lettersEngagement letter - guidance

Engagement - Schedule of professional services - statutory audit

Engagement - Schedule of professional services - CASS report

Engagement - Schedule of professional services - accounting

Engagement - Schedule of professional services - taxation

Engagement - terms of business

Other lettersLetter of representation points

Example reportsExample reasonable assurance auditor’s report to the FCA (unmodified opinions)

Limited assurance (permission to hold)

Limited assurance (no permission to hold)

Example hybrid auditor’s report to the FCA (adverse opinion)

Current file documentsCompletion

Planning

Reasonable assurance programmes

Limited assurance programme

Permanent file documentsPF-X The firm and its business model

PF-Y FCA categorisation and scope of permissions

FCA (DIF) Manual September 23

ContentsGuidance

PF-Z CASS control overview

* This manual does not deal with the accounts preparation aspects of DIFs. Pro-forma accounts and an accounts disclosure checklist are therefore not included.


Guidance notesWhat do you need to know about this manual?These guidance notes and programmes have been developed to enable the auditor / accountant to:

• understand the Financial Conduct Authority (FCA) regulatory regime for firms in this FCA sector;• comply with auditing, assurance and legal requirements relating to such firms; and• provide clients with comprehensive but cost-effective services.

What does this manual include?This manual is designed to supplement the auditor’s standard ‘true and fair’ audit documentation as required and contains FCA client assets (referred to collectively in this manual as ‘CASS’) audit programmes.

The manual consists of six main parts as detailed on the contents page:

• Guidance - The guidance notes provide a useful framework on the sector. They include the key aspects of the audit and reporting requirements for such businesses. Getting started guidance for new users of the manual, along with details about the last update and how to use the Creator option to the manual are also included in this section.

• Example letters - Example engagement terms for a limited company firm are included that take account of the FCA aspects of the engagement, along with supplementary example management representation letter points.

• Example reports - Example CASS audit reports are included.• Current file documents - The detailed programmes incorporate planning, fieldwork and completion documentation.• Permanent file documents - Permanent file checklists are included to help ensure that permanent files contain adequate specialist information.

What else do you need?As an auditor of an FCA-authorised firm, it is essential to have access to a copy of each of the following:

• the up-to-date FCA Handbook of Rules and Guidance;• relevant copies of FCA (and formerly Financial Services Authority (FSA)) Policy Statements (PSs), in particular including PS 11/5 and PS 14/9;• International Standards on Auditing (UK) - referred to throughout this manual as ISAs(UK); and• FRC Assurance Standard: Providing Assurance on Client Assets to the Financial Conduct Authority (issued November 2015). For CASS audit reports

for periods beginning on or after 1 January 2020, you should instead apply the revised Standard dated November 2019.

Copyright© Mercia Group Ltd. The guidance notes and / or programmes can be printed or photocopied as many times as you like or installed on an intranet or network, provided they are used solely within the purchasing firm. Alternatively, additional copies are available from Mercia Group Ltd.

Audit, Accounting and Corporate Governance works printed and published by the Financial Reporting Council© Financial Reporting Council Ltd (FRC). Adapted and reproduced with the kind permission of the Financial Reporting Council. All rights reserved. For further information please visit www.frc.org.uk or call +44 (0)20 7492 2300.

UpdatingThis manual will be updated when changes are required as a result of new guidance specific to FCA-authorised firms or to normal audit procedures. As a user of this manual you will automatically be notified of any update.

For information of usersThis manual should be read in conjunction with the detailed legislation or regulations. No responsibility for loss occasioned by any person acting or refraining from action as a result of the material contained in this manual can be accepted by the authors or the firm.

Guidance notes1 The Regulatory Framework

1.1 The FCA and PRA

The Financial Conduct Authority (FCA) and the Prudential Regulatory Authority (PRA) regulate, between them, the UK financial services industry including the City of London. In April 2014 the FCA also took over the regulation of consumer credit providers, who were previously regulated by the Office of Fair Trading, and in April 2019 the FCA began to regulate claims management companies.

The two regulators’ governance and role are as follows:

Regulator Governance Role

PRASubsidiary of the Bank of England Supervises deposit-takers (banks), insurers and a small

number of major investment firms for prudential rules (capital resources).

FCA Independent regulator, directly accountable to HM Treasury and Parliament

Supervises the financial conduct for all firms.Supervises the smaller (non-PRA) firms for prudential rules.Maintains the Financial Services Register(https://register.fca.org.uk/).

This means that major firms (approximately 2,000 deposit-taking firms such as banks and building societies) are ‘dual-regulated’ by both the PRA and FCA. This manual is not designed to cover dual-regulated firms.

A third regulator, the Financial Policy Committee (FPC), is responsible for protecting the stability of the entire financial system as a whole and for macro-prudential supervision. The FPC can issue directions to the PRA and FCA.

The FCA has three operational objectives:

• to secure an appropriate degree of protection for consumers;• to protect and enhance the integrity of the UK financial system; and• to promote effective competition in the interests of consumers.


https://register.fca.org.uk/

https://www.frc.org.uk/

Guidance notes1.2 The FCA Handbook

The Financial Services and Markets Act 2000 (FSMA) (as amended by the Financial Services Act 2012) gives the FCA rule-making powers, rather than containing detailed rules in legislation. The FCA Handbook contains the detailed rules and guidance which govern all FCA-regulated firms. It is divided into ten blocks of rules of which the most relevant are:

A. High Level StandardsB. Prudential StandardsC. Business StandardsD. Regulatory ProcessesE. Redress

The sourcebooks within these blocks (which each have their own abbreviation) of particular relevance to statutory and CASS auditors are:

• CASS (Client Assets), within the Business Standards block, and• SUP (Supervision), within the Regulatory Processes block.

SUP is extremely important to auditors as the FCA’s rules for auditors (including appointment, independence, qualifications and duties) are contained in SUP chapter 3. The most significant sections of SUP 3 (that auditors need to be aware of in detail and check regularly) are:

1. Application (which specifies the firms that need a CASS report and the sections of SUP 3 that apply to them); and2. Duties of auditors: notification and report on client assets (which contains the required opinion for this work and details the reporting deadlines,

submission of reports etc.)

In addition, SUP contains rules for:

• ‘Skilled Persons’ (experts appointed by the FCA to review and report on aspects of a firm’s compliance with the rules);• variation of a firm’s Part 4A permission (to add new activities, or remove unused permissions); and• Appointed Representatives (see paragraph 2.4 of these guidance notes) and other notification requirements.

1.3 European Directives and the post-Brexit regime

The impact of BrexitUntil the beginning of 2021, European Directives for financial services played a direct role in shaping the compliance regime.

The UK left the EU on 31 January 2020 and the ‘Implementation’ phase ended at 11pm on 31 December 2020, a date described as ‘IP completion day’ (IPCD) in the withdrawal legislation. On 19 April 2021 the FCA issued CP21/7, its consultation on the second tranche of proposed rules to introduce a new, UK-based prudential regime for MiFID investment firms. This supplements a previous consultation, CP20/24, which covered initial aspects of the proposed regime. A third and final CP is expected to be published in 2021 which will address all remaining issues, including consequential Handbook amendments.

The new regime will apply to all firms currently subject to any part of the EU Capital Requirements Directive and Regulation, including IFPRU, BIPRU, Exempt CAD and 'opted-in' MiFID-exempt firms. It is currently subject to Parliamentary approval of the Financial Services Bill, but is expected to apply from 1 January 2022.

The main changes under the new regime will be:

• Own funds - A fixed overhead requirement (FOR) will apply to all FCA investment firms. In addition CP21/7 provides further details on the activity-based requirements that will apply as part of the own funds requirements.

• Basic liquid asset requirements - All firms will be required to hold core liquid assets equivalent to at least one-third of the FOR.• Risk management and governance - The replacement for the internal capital adequacy assessment process (ICAAP) is the internal capital and risk

assessment (ICARA). Firms will use their ICARA to meet an overall financial adequacy rule (OFAR). The ICARA will include business model analysis, stress testing, recovery planning and wind-down planning. The FCA will approach supervision and intervention on a harm-led basis.

• Remuneration policy - All firms will need a remuneration policy which will vary depending on whether the firm poses systemic risk (an ‘SNI’ firm) or not.• Regulatory reporting - The FCA plans to significantly reduce the amount of information reporting. A new ICARA form will replace the current FSA019

(‘pillar 2’) form.

The combined rules will be included in a new prudential sourcebook called MIFIDPRU, which will replace GENPRU, BIPRU and IFPRU.

Application of EU DirectivesAlthough this new regime is imminent, for the time being EU Directives (extant at 31 December 2020) continue to apply inasmuch as the current FCA Handbook's regime is based on them. Of these Directives, the two most significant for investment firms are MiFID and CRD.

Markets in Financial Instruments Directive (MiFID)See PERG 13 in the Handbook for more guidance on the current application of MiFID and CRD in the UK.

MiFID covers specified ‘investment services and activities’ and specified ‘ancillary services’. Where any firm is incorporated in an EEA member state and has obtained authorisation in that state (‘home state’) for its MiFID investment services, it can provide those authorised services in other EEA member states (‘host states’) by setting up branches, or by providing services on a cross-border basis, without obtaining separate authorisation in those states. This is referred to as the ‘European passport’.

The home state regulator is responsible for financial supervision of the entity as a whole, ie. covering head office and any branches. The home state regulator is also responsible for transaction reporting and rules relating to client assets, covering investment services provided at home and in passported EEA member states.

The host state regulator is responsible for rules relating to conduct of business excluding transaction reporting and client assets. It is also responsible for client assets rules covering any investment services provided in the host state which are outside the entity’s passport.

A revised Directive (‘MiFID II’) took effect on 3 January 2018. MiFID II brought a number of changes to the FCA’s rules including minor amendments to those for client assets (CASS). References to MiFID throughout this manual refer to the revised Directive.

Capital Requirements Directive (CRD)MiFID firms may also fall within the scope of the CRD which sets out the minimum amounts of regulatory capital MiFID firms must maintain or exceed. The CRD also requires MiFID firms to comply with capital adequacy requirements at a group level, ie. they are subject to consolidated supervision. The predecessor to CRD was the Capital Adequacy Directive (CAD) - these abbreviations are often used interchangeably by the FCA.

The former CRD (version III) was replaced in 2013 and ‘CRD IV’ took effect on 1 January 2014. The 2014 Directive was accompanied by a Regulation


Guidance notes(‘EU CRR’) which imposes additional rules on investment business. CRD IV implements the Basel III agreement in the EU. This includes enhanced requirements for quality and quantity of capital, a basis for new liquidity and leverage requirements, new rules for counterparty risk, and new macro-prudential standards including a countercyclical capital buffer and capital buffers for systemically important institutions. CRD IV also made changes to rules on corporate governance, including remuneration, and introduces standardised EU regulatory reporting - referred to as COREP and FINREP. CRD IV was implemented in the FCA and PRA Handbooks, while EU CRR is not dependent on national authorities and applies automatically.

CRD V is now in force in the EU but was not applied by the UK as this was immediately prior to the end of the Brexit implementation period.

2 Understanding DIFs

2.1 Part 4A authorisation

A first step for accountants and auditors is to understand how FCA authorisation applies to their client, and how the FCA categorises the firm.

Part II of the FSMA sets out the financial services activities which are regulated, and prohibits anyone from carrying on these activities unless they are either authorised under Part 4A of the FSMA (as revised by the Financial Services Act 2012) or are exempt (which covers Appointed Representatives - see paragraph 2.4 of these guidance notes).

The detailed list of regulated activities is in Part 1 of Schedule 2 FSMA. Part 2 of Schedule 2 defines ‘investments’ such as securities, debentures and options.

You should consult this Schedule if in any doubt as to whether a client is carrying on regulated activities.

2.2 Designated investment business

A Designated Investment Firm, as applied within this manual, is an FCA firm conducting ‘designated investment business’.

The FCA Handbook defines a ‘designated investment’ as a security or contractually-based investment, including shares, debentures, life policies, units, stakeholder and personal pension schemes, futures and options. ‘Designated investment business’ includes a wide collection of investment activities, such as:

• dealing in investments as principal or agent;• arranging deals in investments;• managing, safeguarding and administering investments; and• advising on investments and pensions.

2.3 Classifying DIFs under MiFID and CRD

Brexit and firm classificationAs noted in section 1.3 within these guidance notes, a new post-Brexit regime is being finalised by the FCA and is expected to come into force on 1 January 2022. The new regime will do away with the classifications outlined in this section; however, for now, they continue to apply.

Non-MiFID firmsMiFID Article 3 creates an optional exemption for Member States. HM Treasury exercises this exemption and thereby exempts from MiFID and CRD firms which:

a. do not hold client money or securities and do not, at any time, place themselves in debt with their clients;b. do not provide any MiFID investment services other than reception and transmission of orders in transferable securities and units in collective

investment schemes, and the provision of investment advice in relation to these financial instruments; andc. in the course of providing the investment service in (b), transmit orders only to:i. other MiFID investment firms;ii. credit institutions authorised under the Banking Consolidation Directive (BCD);iii. branches of third country investment firms or credit institutions complying with rules considered by the FCA to be at least as stringent as those laid

down in MiFID, the BCD or the CAD;iv. collective investment undertakings or their managers authorised under the law of a Member State to market units to the public; orv. investment trust companies.

Broadly speaking, this exempts from MiFID and CAD those firms who do not hold client money or safeguard and administer MiFID financial instruments, and only advise and / or arrange in relation to investments which do not include options, futures or contracts for differences.

Exempt CAD firms Where a firm’s permission is limited to advising on investments and arranging deals in investments in relation to MiFID financial instruments but its business falls outside the Article 3 exemption, it can still be an Exempt CAD firm if:

• it is not authorised to hold client money in relation to MiFID business;• it does not have a ‘safeguarding and administering investments’ permission in relation to MiFID financial instruments; and• it has a requirement on its permission so that the only MiFID investment services and activities it can perform on a regular basis are reception and

transmission of orders and investment advice.

‘BIPRU’ and ‘IFPRU’ investment firms

Other investment firms are subject to the requirements of MiFID and (as a result) subject to CRD (either ‘CRD III’ for BIPRU firms or ‘CRD IV’ for IFPRU firms). The terms ‘BIPRU’ and ‘IFPRU’ reflect the section of the Handbook which contains those firms’ relevant prudential rules:

• the (older) Banks, Building Societies and Investment Firms Prudential Sourcebook (BIPRU) and• the (newer) Prudential Sourcebook for Investment Firms (IFPRU).

Summary

The following table gives a summary of the different types of DIFs.

Type of firm Description

IFPRU firmUndertakes business within the scope of MiFID, for example a discretionary investment manager or a stockbroker.

BIPRU firm (which includes Undertakes a restricted level of MiFID scope


Guidance notesa UCITS firm)

business, for example a discretionary investment manager or a stockbroker which executes orders but is exempt from IFPRU.

Exempt CAD firm1

Undertakes a very restricted level of MiFID scope business: for example a securities and futures firm, an investment management firm or a personal investment firm which advises and arranges transactions but does not hold client assets.

Securities and futures firm (non-MiFID)

Undertakes securities and futures business but is not within the scope of MiFID, for example a corporate finance firm which only provides advice.

Investment management firm (non-MiFID)

Undertakes investment management business, which is not within the scope of MiFID, for example the operator of an unregulated collective investment scheme.

Personal investment firm (non-MiFID)

Undertakes investment advisory business for retail clients, which is not within the scope of MiFID, for example an independent financial adviser.A ‘small personal investment firm’ is a non-MiFID PIF with fewer than 26 advisors, and which is not a network.

UCITS firm2 Operates UCITS schemes, for example an authorised unit trust manager.

Notes

A. Exempt CAD firms may also be Securities and Futures Firms, Investment Management Firms and Personal Investment Firms. For the purposes of this table they are shown separately.

B. Undertakings for Collective Investment in Transferable Securities (UCITS).

2.4 Appointed Representatives (ARs)

An AR is a person (this includes a firm) who carries on regulated activities and who, in doing so, acts under the responsibility of an FCA authorised firm. There must be an express agreement to this effect and the authorised firm must accept responsibility in writing for what the AR does in the course of carrying on regulated activities. On this basis the AR does not need to be authorised by the FCA. The FCA’s rules thus do not generally apply directly to an AR but everything the AR does (or omits to do) in carrying on the business for which the authorised firm has accepted responsibility is deemed to have been done (or omitted) by the authorised firm. An authorised firm must ensure that the prescribed details about each of its ARs appear on the Financial Services Register (which includes both FCA-regulated and dual-regulated firms).

3 Understanding the scope of audit engagement(s)

3.1 Introduction

It is vital that accountants acting for a DIF firm understand the audit services it may need under company (or LLP) law and the FCA Handbook. The two key audit engagements relevant to DIFs are as follows:

A. Statutory audit conducted in accordance with ISAs (UK); andB. An audit report on the firm’s handling of client assets (although this assignment is strictly an assurance engagement, it is commonly described as a

‘CASS audit’). There are two types of CASS audit:

a. A reasonable assurance report (‘RAR’), which leads the auditor to express ‘positive’ opinions about whether the firm maintained adequate systems to comply with the client asset rules and whether the firm was complying with these at the reporting date; or

b. A limited assurance report (‘LAR’), where the firm claims not to hold client assets and leads the auditor to express a ‘negative’ opinion that confirms or rejects this claim.In addition, a CASS auditor may need to prepare a hybrid report which combines RAR and LAR opinions, in cases for example where a firm holds client money but not custody assets.

The Example Reports section of this manual provides example RAR, LAR and hybrid reports.

Not all DIFs require these audit engagements, and the detailed requirements for each are set out below.

3.2 Accounting and statutory (‘true and fair’) audit requirements

UK company law allows many small FCA-regulated companies and LLPs to take advantage of small company exemptions, including statutory audit exemption. In addition, groups containing such small, eligible firms are entitled to the usual exemptions contained within the Companies Act 2006 (CA06).

However, the Act states that:

(1) The small companies regime does not apply to a company that is, or was at any time within the financial year to which the accounts relate -

[…]

(b) a company that -

(i) is an authorised insurance company, a banking company, an e-money issuer, a MiFID investment firm1 or a UCITS management company, or(ii) carries on insurance market activity2, or

(c) a member of an ineligible group.


Guidance notes(2) A group is ineligible if any of its members is -

[…]

(c) a person (other than a small company) who has permission under Part 4A of the Financial Services and Markets Act 2000 (c. 8) to carry on a regulated activity3,

(d) a small company that is an authorised insurance company, a banking company, an e-money issuer, a MiFID investment firm1 or a UCITS management company, or

(e) a person who carries on insurance market activity2.

s384 CA061. An Exempt CAD firm that has opted into MiFID can benefit from the small companies exemptions in the Companies Act if it fulfils the conditions of regulation 4C (3) of the FSMA 2000 (Markets in Financial Instruments Regulations) 2007, per s474 CA06. In other words, if such an Exempt CAD firm continues to meet the conditions of the Article 3 MiFID exemption (notwithstanding it is an Exempt CAD), it can benefit from the small companies exemptions, including audit exemption.2. The phrase ‘insurance market activity’ refers to Lloyd’s of London activities.3. Note that ‘regulated activity’ excludes a number of activities listed in s474 including mortgage and general insurance distribution.

Appointed representative (AR) companies and LLPsAR companies and LLPs can take the usual small or medium accounting (and, where relevant, audit) exemptions, provided that they meet the relevant company law criteria.

‘True and fair’ audit for other unincorporated BIPRU/IFPRU FirmsAlthough sole traders and partnerships do not normally have a requirement for a ‘true and fair’ statutory audit, Article 4(1) (c) of MiFID requires such firms, if BIPRU/IFPRU Firms with permission to hold client assets, to have their annual accounts audited by a statutory auditor. This levels the playing field between BIPRU/IFPRU firms, as such firms if companies / LLPs would also automatically require statutory audit. (In practice the vast majority of BIPRU/IFPRU Firms are companies, so this provision affects very few firms.)

This manual contains an audit exemption checklist that can assist auditors in determining whether a statutory audit is required.

3.3 CASS audit requirements for DIFs

CASS audit requirements for DIFs

SUP 3.1 requires CASS reports for firms if they are either:

a. permitted to hold client assets in relation to DIF business; orb. require a statutory audit by legislation other than the FSMA 2000 (eg. by the CA06).

Therefore, if a DIF is ineligible for audit exemption as noted above (most likely because they are a MiFID investment firm), a CASS report is needed. This is true even if the firm is not permitted to hold client money or assets (or is permitted to but claims not to actually do so). In this case a ‘limited assurance’ opinion will be required from the auditor.

An exception is made for small personal investment firms which are not required by SUP 3.1 to undergo CASS audit in any circumstances.

Insurance distributionIn some cases, DIFs may also carry on insurance distribution (arranging deals in general insurance, such as home, motor and travel policies). If a DIF holds insurance client money, then a CASS report will be needed if such money:

• exceeds £30,000 at any time; or• is held in a non-statutory trust (which allows credit advances to be made).

The relevant CASS rules, and the destination of the CASS report, vary depending on whether investment or insurance client assets / money is being held:

Type of client assets Relevant rules CASS audit report goes to

Investment CASS 3, 6 to 8* The FCA

(within 4 months of the reporting period end)

Insurance CASS 5The firm

(within 4 months of the reporting period end)

* This includes CASS 8 (mandates) only if the firm is actually holding these and if it needs a report in connection with other sections of CASS. This means that the auditor of a firm which only holds mandates (and no other client assets) will not need to report on these.

Note that this manual does not include programmes for a CASS 5 audit. A separate manual – ‘FCA (MGI)’ – is available from Mercia for such assignments.

3.4 Summary – assurance requirements (for companies and LLPs)

Type of firm Statutory audit CASS audit

BIPRU or IFPRU firm Required by s384 CA06 Either RAR or LAR (or hybrid) as is relevant to the firm’s activities


Guidance notesExempt CAD

(firm that doesn’t meet the Article 3 MiFID exemption)

Required by s384 CA06 LAR (since Exempt CAD firms aren’t permitted to hold client assets)

Exempt CAD firm

(firm that meets the Article 3 MiFID exemption)Normal exemption rules LAR (only if statutory audit needed)

Non-MiFID firm Normal exemption rules LAR (only if statutory audit needed)

Small personal investment firm Normal exemption rules No

This manual contains form B15 which is designed to help auditors to document and assess the scope of their assurance engagement(s).

3.5 Other matters

Appointing a statutory or CASS auditorThe client must notify the FCA without delay, and obtain its approval before any intended change or appointment of auditor (or, where this is not possible, as soon as the firm becomes aware of it).

The appointed auditor must be a registered auditor and comply with the requirements of SUP 3.4. This states that the auditor must be eligible under Part II of the Companies Act 1989 (or the Northern Ireland equivalent) or Part 42 of CA06 (as applicable) and have suitable qualifications, skills, experience and independence. It is the client’s responsibility to ensure these requirements are met.

Co-operation between the auditor and the FCAThe rules specify that an auditor must co-operate with the FCA in the discharge of its functions under the FSMA.

The FCA may ask the auditor to attend meetings and to supply it with information about the firm. The auditor should attend such meetings as the FCA requests and supply it with any information the FCA may reasonably request about the firm to enable the FCA to discharge its functions under the FSMA.

An auditor of a firm must also give any Skilled Person appointed by the firm any assistance that person reasonably requires (Reports by Skilled Persons).

The rules also specify that the client must co-operate with the auditor and that the auditor has the usual rights to information etc. from the client.

4 An overview of the CASS rules

4.1 Permissions to hold client assets

4.1 FCA firms can only hold ‘client assets’ (including safe custody assets, such as securities, and client money) if they are permitted to do so. The relevant permission is ‘safeguarding and administration of assets (without arranging)’. This should not be confused with an ‘arranging safeguarding and administration of assets’ permission. The Financial Services Register entry for a firm that is able to hold client assets typically includes a statement such as ‘Able to hold client money’ when such permission exists.

Rather than holding client assets directly, some FCA firms use special purpose entities (SPEs) to hold client assets in order to facilitate repayment of monies to clients in the event of a ‘pooling event’ (the failure either of the firm or of its bank at which client money is held).

As an alternative, firms can hold mandates enabling them to operate a client’s own bank account. Some DIFs are moving towards use of mandates as the rules are less onerous. In addition, a firm only holding mandates and no other client assets will not require a RAR.

4.2 The CASS rules

The Client Assets Sourcebook (CASS) in the FCA Handbook contains the detailed rules for handling investment and insurance client assets (including mandates and collateral).

CASS 5A separate chapter (CASS 5) covers insurance distribution client money. This is outside the scope of this DIF manual.

The active CASS chapters are as follows:

CASS 1 Application and general provisions

CASS 1A CASS firm classification and operational oversight

CASS 3 Collateral

CASS 5 Client money: insurance distribution activity (see above)

CASS 6 Custody rules

CASS 7 Client money rules

CASS 7A Client money distribution and transfer

CASS 8 Mandates

CASS 9 Information to clients


Guidance notesCASS 10 CASS resolution pack

CASS 11 Debt management client money

CASS 12 Commodity Futures Trading Commission Part 30 exemption order

CASS 13 Claims management client money

There are also transitional provisions and schedules.

The Standard contains a table cross-referring these CASS chapters to the general categories of CASS rules.

CASS reformIn 2014 and 2015, the CASS rules were significantly revised following the FCA’s Policy Statement 14/9 (‘PS 14/9’). The well-publicised failures relating to CASS by a number of well-known investment banks, among others, led to a number of consultations by the FCA and its predecessor resulting in PS 14/9. While some of the CASS rule changes in PS 14/9 took effect on 1 July 2014 and 1 December 2014, the majority of the changes took effect on 1 June 2015. Among the most significant changes were:

• more comprehensive provision of information to clients and documentation of the firm’s policies and decisions relating to the CASS rules (for example, the frequency of reconciliations of the client money and safe custody assets held);

• use of template acknowledgement letters (CASS 7.18) when opening bank accounts or dealing with authorised counterparties;• numerous changes to CASS 7 (resulting in the complete rewrite of its text); and• a more rigorous reconciliation regime for safe custody assets (within CASS 6).

4.3 CASS firm classification and operational oversight

CASS 1A applies to all investment client assets held by FCA firms (insurance distribution client money is excluded). Such asset-holding firms are described as ‘CASS firms’. CASS 1A classifies these into three size groups, based on the higher total of client money and assets either held in the previous calendar year or (if none so held) the projected totals for the current year, as follows:

CASS firm type Highest total of client money Highest total of safe custody assets

CASS large firm more than £1 billion more than £100 billion

CASS medium firm between £1 million and £1 billion between £10 million and £100 billion

CASS small firm less than £1 million less than £10 million

Notification of balances and CASS firm type to the FCACASS 1A firms need to notify the FCA each year of the highest total of client money and safe custody assets, and their CASS firm type. The deadlines in CASS 1A.2.9 are as follows:

Circumstance What the firm must report Deadline

Firm held client assets in the previous calendar year

The highest total of client money and safe custody assets held in that year The 15th business day of January

Firm did not hold client assets last calendar year, but (by 15th business day in January) predicts it will do so this year

The highest projected total of client money and safe custody assets to be held this year

Firm predicts (after this date) it will hold client assets this calendar year

The business day before it begins to hold client assets

Any of the above CASS firm type (small, medium or large) When above report is made

Operational oversightFirms must allocate either a director or senior manager (performing a significant influence function) responsibility for oversight of the firm’s compliance with CASS, reporting to the firm’s governing body on such matters, and - for medium and large CASS firms - for completion of a client money and asset return called the CMAR (see below). Small CASS firms need only keep an internal record of this individual (and only if this person is other than the compliance officer). No other responsibilities can be allocated to this person unless the firm is satisfied that CASS responsibilities will be uncompromised.

Client money and assets return (CMAR)Large and medium CASS firms are required to submit the CMAR to the FCA on a monthly basis (within 15 days of the month end). Small CASS firms were originally required to submit such returns (on a more infrequent basis) but were later exempted from this requirement.

The CMAR is found in SUP 16 and is completed electronically. The purpose of the CMAR is to help the FCA to monitor the client money and asset levels being held by larger firms and to provide statistical information for thematic review.

4.4 The custody rules (CASS 6)

FCA-authorised firms are required to have adequate safeguards by way of segregation and identification to ensure the safe custody of clients’ assets and to separate them from the assets of the business. The specific procedures required are covered by the assurance programme contained within section G of this manual. CASS 6 was substantially revised on 1 June 2015, in particular with regard to reconciliations of the safe custody assets held by the firm - see below.

NB. The custody rules will not apply if a firm only holds assets temporarily (passing through the office). Such assets should be kept secure and for a minimal time only (eg. one day), recorded as a temporary asset and then promptly forwarded to the client.

Title to safe custody assets will normally reside in the client’s name, though there may on occasion be valid reasons why this cannot be the case. Firms may hold


Guidance notesassets directly or may employ nominee companies to hold them. If the latter, the firm must ensure that it maintains adequate control over the arrangements so as to protect the assets (and hence customers’ interests). Where third parties (3Ps) are used to hold assets, there needs to be a defined process to select suitable 3Ps (normally EEA-based). In some cases, clients transfer full title of the assets to the firm under ‘title transfer collateral arrangements’ (‘TTCAs’) - these exempt the relevant assets from the custody rules but there are detailed rules and restrictions on the use of TTCAs. From 3 January 2018, TTCAs cannot be held for retail clients.

In rare cases firms may use safe custody assets to assist in financing a transaction for their own use (see CASS 6.4). This clearly needs customer consent, which was enhanced from 3 January 2018.

From 1 June 2015, a significantly more rigorous system of reconciliations under the custody rules took effect (the previous chapter on this topic, CASS 6.5, was replaced entirely with CASS 6.6). There are three key reconciliations to be performed as follows:

A. a monthly internal custody record check (‘ICRC’), which checks that the firm’s own records of its safe custody assets corresponds to its records of obligations to its clients to hold such assets. This check is conducted either by a direct reconciliation of the two records (the ‘internal custody reconciliation method’) or by an evaluation of the firm’s systems and controls (the ‘internal system evaluation method’).

B. 2. a six-monthly physical asset reconciliation (‘PAR’), which reconciles the firm’s records of physical assets (such as share certificates) to the assets themselves, either on a total or a rolling basis.

C. 3. a monthly external custody reconciliation (‘ECR’) which reconciles the firm’s records of assets held by third parties with those parties’ own confirmations.

The firm must decide how frequently to conduct each of these reconciliations, and must document and regularly assess its decision. The minimum frequency for each reconciliation is given above.

Firms may hold assets as collateral for the borrowings of a client (eg. in a hedging arrangement). CASS 3 contains rules and guidance for the controls firms need to adopt in order to manage the risk that obligations will not be met by the collateral held.

Firms may hold mandates, ie. Written deeds of authority to control a client’s assets. CASS 8 contains the rules for safeguarding such mandates and passbooks.

Distribution and transfer on failure of the firmIn July 2017, new rules were added to CASS 6 by the Client Assets (Client Money and Custody Assets Distribution and Transfers) Instrument 2017. The rule changes implement PS 17/18 which reflects the changes to the Special Administration Regime. The rules came into force on 26 July 2017.

As regards custody assets, the rule changes and additions set out the treatment of assets following a firm failure (a ‘primary pooling event’). The rules introduce communication requirements that a firm must observe post-failure, and requirements to ensure that clients are given ample opportunity to claim their custody assets. The rules stop short of introducing a custody distribution regime.

Since the new rules will only apply to a firm post-failure, they do not affect the CASS auditor’s normal work on a non-failed firm. In PS 17/18, the FCA commented that ‘we agree that funding an audit following failure and PPE would be costly, challenging and give rise to potential conflict of interest issues’ .The FCA has amended the scope of audit in SUP 3.10 to exclude CASS 6.7 which represents the majority of the amendments.

4.5 The client money rules (CASS 7)

Client money is held by the firm on trust. In summary, CASS 7’s requirements are that such money must be segregated from the firm’s own money and held separately (usually in one or more client bank accounts). Payments to, or withdrawals from, these accounts must comply with certain conditions and with the exception of specified instances, interest must be calculated and paid on the balances. The specific requirements are covered by the assurance programme in section G of this manual.

Client money is money of any currency that, in the course of carrying on investment business, a firm receives and holds on behalf of a client. In addition, a firm’s own money is not client money and must not be held in a client bank account.

Firms may choose to deposit client money in qualifying money markets, provided customers are adequately informed and can oppose this should they wish (see CASS 7.13.26-29).

Bank account rules When a firm opens a client bank account it must complete and sign (and ensure that the bank countersigns) an acknowledgement letter (see CASS 7.18) confirming that:

• all money standing to the credit of the account is held by the firm as trustee (or if relevant in Scotland, as agent) and that the bank is not entitled to combine the account with any other, or to exercise any right of set-off or counterclaim against the money for any sum owed to it on any other account of the firm; and

• • the title of the account sufficiently distinguishes the account from any account containing money that belongs to the firm and is in the form requested by the firm (eg. it could be titled ‘XYZ investment client account’).

A firm must place client money with an approved bank (see CASS 7.13) and should have procedures for on-going risk assessment of the holdings at such banks, diversifying where prudent for large deposits.

Payments and withdrawal from the client accountWhen a firm receives electronic client money transfers, this must be paid directly into the client bank account (CBA). Physical receipts (eg. cash and cheques) must be paid in promptly and no later than the following business day (see CASS 7.13.32).

There are optional ‘alternative’ rules in CASS 7.13 for firms segregating large volumes of transactions. Use of these rules also requires an assurance report including an opinion on whether the proposed approach/method will achieve the desired regulatory outcome, and three months’ notice to the FCA, before the firm can adopt the proposed approach/method. Use of the alternative approach is restricted to very large investment banks, and an engagement to issue the assurance report noted above is beyond the scope of this manual. Auditors of firms intending to use the alternative approach are advised to seek guidance from their professional body.

From time to time a firm may receive mixed remittances (comprising client money and its own money) into the CBA. When this happens the firm must withdraw non-client money from the CBA within one business day of it clearing.

Minimum non-client money sums are permitted in the CBA (eg. to keep the account open). Interest earned on CBAs should be handled in accordance with the client agreements (or else paid wholly to the client).

CASS 7.11 contains rules and guidance for withdrawals. These are only permitted if money is paid to the client, to an account in their name or on their instruction. Money that becomes due to the firm ceases to be client money and must be withdrawn promptly.

Accounting records and reconciliationsCASS 7.15 requires firms to have adequate systems to record CBA transactions, including capture of all relevant details such as the client’s name, date of receipt /


Guidance notespayment, payee or recipient details, etc.

A daily internal reconciliation is needed to compare the amount of client money held (per cash books) to the amount required for clients’ obligations. There are standard methods for this reconciliation (set out in CASS 7.16). Use of a non-standard method requires a reasonable assurance opinion from the auditor that systems are adequate to allow its use. As for the alternative approach (see ‘payments and withdrawal from the client account’ above), such an assurance engagement is beyond the scope of this manual and auditors of such firms are advised to seek guidance from their professional body.

At least monthly, firms also need to conduct an external reconciliation to compare their cash books to bank statements or their equivalent. Firms experiencing daily transactions would be expected to perform daily external reconciliations.

Pooling eventsFrom 26 July 2017, new rules regarding the distribution or transfer of client money on failure of a firm (a primary pooling event) came into force. The new rules allow a firm in these circumstances to transfer the client money pool, in whole or in part, to another entity provided certain conditions are met. These conditions include ensuring that the clients do not receive less as a result, that they provide consent to the transfer and that there is a contractual undertaking from the transferee that the money will be held under CASS 7 or otherwise protected to the same degree.

The rules also allow for the payment of unclaimed client money in these circumstances.

As set out in paragraph 4.4, these changes will have little impact on CASS auditors.

If a secondary pooling event (ie. failure of the bank at which the CBA is being held) has occurred, CASS 7A.3 contains rules and guidance for pooling and distributing the balances in such accounts.

4.6 Mandates

Mandates are agreements (whether written or non-written) with clients by which the firm can control those clients’ assets and money (for instance, the ability to set up and control bank transfers and direct debits). The mandate rules in CASS 8 do not apply to money or assets held directly by the firm (since this is covered by the CASS 6 or 7 rules as outlined above), but would, for example, apply to an authority to receive money from a client’s own account via direct debit.

As noted earlier, many firms are moving toward the use of mandates as an alternative to holding client money directly.

Firms must establish and maintain adequate records and controls regarding its mandates, including:

• up-to-date lists of all mandates held;• records of transactions arranged under mandate;• controls to ensure mandates are operated properly; and• safeguarding controls over passbooks and equivalent.

4.7 Information to clients (CASS 9)

CASS 9 was introduced along with the CMAR as part of a package of measures designed to strengthen CASS. Prime brokerage is the generic name for a bundled package of services offered by investment banks and securities firms to hedge funds and other professional investors who need the ability to borrow securities and cash in order to invest on a netted basis and achieve an absolute return.

CASS 9 introduces the requirement for a daily statement made to clients including the total value of safe custody assets and client money held for that client, plus the value of transactions made on its behalf in the day and other related information. In addition, agreements with such clients must include a disclosure annex describing the risks to that client’s safe custody assets and the limits that the firm can hold.

4.8 CASS resolution pack (CASS 10)

This chapter applies to a firm which:

• holds financial instruments, or is safeguarding and administering investments, in accordance with CASS 6; and/or• holds client money in accordance with CASS 7.

However, the chapter does not apply to a firm to which CASS 6 applies merely because it arranges safeguarding and administration of assets.

The purpose of the CASS resolution pack is to ensure that a firm maintains and is able to retrieve information that would, in the event of its insolvency, assist an insolvency practitioner in achieving a timely return of client money and safe custody assets held by the firm to that firm's clients. The pack includes (in summary):

• a master document (ie. an index);• a list of appointed representatives and similar agents, and the written contract terms with them for holding client assets; and• a list of senior managers and directors who are involved in CASS 6 / CASS 7 activity, including the individual overseeing CASS for the firm.

5 Approach to statutory audits

5.1 Statutory audit standards and guidance

International Standards on Auditing (UK)ISAs (UK) are issued by the Financial Reporting Council (FRC) and apply to ‘true and fair’ audit assignments including those conducted for FCA firms.

The FRC Ethical StandardIn December 2019, the FRC published the FRC Revised Ethical Standard (2019) which is mostly effective from 15 March 2020. Audits for periods commencing before this date are conducted in accordance with the Ethical Standard 2016. The firms detailed ethical policies and procedures should always be adhered to.

The requirements of the FRC Ethical Standard is effective for audits of DIFs financial statements in the same way as it is for private limited companies. It is structured as follows:

Part A:

• Overarching Principals and Supporting Ethical Provisions

Part B:

• Section 1: General Requirements and Guidance• Section 2: Financial, Business, Employment and Personal Relationships• Section 3: Long Association with Engagements and with Entities Relevant to Engagements• Section 4: Fees, Remuneration and Evaluation Policies, Gifts and Hospitality, Litigation


Guidance notes• Section 5: Non-audit / Additional Services• Section 6: Provisions Available for Audits of Small Entities (PAASE) - see below for criteria

The FRC Ethical Standard imposes ethical requirements on firms of auditors and applies to all audits undertaken in accordance with the ISAs (UK). Section 5 - Non-audit / Additional Services is likely to have the main impact on audit assignments. In addition, section 6 - Provisions Available for Audits of Small Entities (PAASE) is also likely to be of relevance, as it provides alternative provisions for auditors of smaller clients. Remember, where advantage is taken of PAASE, this is sometimes disclosable in the audit report, with certain disclosures also required in the financial statements.

Provisions Available for Audits of Small Entities (PAASE)To qualify for PAASE, a company or LLP must be a 'small entity'. To be a 'small entity', a DIF which is a company would need to qualify as a small company under s382 of the Companies Act 2006.

PAASE contain an alternative provision and an exemption that may be relevant to the audit of a DIF in respect of the self review and management threats when providing non-audit services, depending on the presence of informed management or not. A full list of conditions, and other alternative provisions and exemptions available, can be found in the firm’s audit procedures manual.

Alternative provisionFor a FCA (DIF) company / LLP to qualify to apply PAASE, auditors are not required to apply safeguards to address a self-review threat, provided:

• the client has “informed management”; and• the audit firm extends the cyclical inspection of completed engagements that is performed for quality control purposes, to include some PAASE clients.

It should be noted that if advantage is being taken of the alternative provision, no disclosure of this is needed in the audit report or notes to the accounts.

ExemptionWhere advantage has been taken of the exemption against the management threat in the provision of non-audit services, the Responsible Individual / CASS engagement lead should ensure that:

• the audit report discloses this fact; and• either the financial statements or the auditor’s report discloses the type of non-audit services provided.

The sample wording offered to include in the audit report is:

We are independent of the [FRCA (DIF) company / LLP] in accordance with the ethical requirements that are relevant to our audit of the financial statements in the UK, including the FRC’s Ethical Standard, and the provisions available for small entities, in the circumstances set out in note [X] to the financial statements, and we have fulfilled our other ethical responsibilities in accordance with these requirements.

Other PAASE exemptions are also available - see your audit procedures manual or section 6 of the FRC Ethical Standard for details.

5.2 The approach for statutory auditors

This manual does not contain work programmes to support auditors’ work on the statutory audit. Instead, auditors are directed to purchase and adopt a suitable statutory audit manual for these aspects of their engagement.

However, there are specific fraud risk factors to consider, especially in the context of the auditor’s right and duty to report notifiable matters to the FCA. This topic is covered in the ‘Whistleblowing’ section of these guidance notes.

This manual contains a ‘reporting’ checklist (A43) that both statutory and CASS auditors are directed to complete.

5.3 Pillar 3 disclosures and auditors’ responsibilities (if relevant)

IFPRU/BIPRU firms are required to make public disclosures relating to capital adequacy, risk assessments and management processes. Many firms choose to make these disclosures in their annual report. The CRD contains a national option for regulators to introduce a requirement for such disclosures to be subject to external audit.

In 2011 the FCA’s predecessor (the FSA) published a Feedback Statement (FS 11/1) which confirmed that it did not intend to introduce an audit requirement for Pillar 3 disclosures. This remains the case under the FCA. Therefore, in cases where a firm chooses to include these disclosures in its annual report (but outside the notes to the financial statements), its auditor has no direct responsibility to verify their accuracy or appropriateness. However, such accompanying information should be reviewed for consistency with the financial statements.

Note that the FRC's ISAs (UK) 800 (Revised) and 805 (Revised) deal with the requirement for auditors of PRA-regulated insurers to report on aspects of those entities’ Solvency II disclosures. As this manual does not extend to PRA-regulated firms, Solvency II reporting is not covered within the manual.

6 Approach to CASS audits: FRC CASS assurance standard

6.1 Assurance Standard: Providing Assurance to the Financial Conduct Authority on Client Assets

The CASS Assurance Standard superseded both PN 21 and earlier APB and FRC Bulletins. Whereas these earlier sources provided guidance on the CASS aspects of assignments, the new Standard contains rules that must be followed by CASS auditors (equivalent to the ISAs (UK) for statutory audit).

The Standard applies to CASS audit reports for periods commencing on or after 1 January 2016. It is divided between:

• the main standard, containing rules for various types of CASS assignments, and various appendices; and• contextual material, which provides further background and guidance on conducting CASS audits.

Revised CASS Assurance Standard 2019In November 2019 the FRC revised the CASS Assurance Standard. The 2019 version took effect for CASS reports relating to periods beginning on or after 1 January 2020. There was no scope within the revised Standard for early-adoption.

6.2 Summary of rules applicable to all CASS audits

Understanding the firm’s business model and permissionsAuditors need to understand the firm’s business model, services and remuneration basis, transactions undertaken for clients, wider connections (eg. to its group) and its CASS inflows and outflows. This is to establish expectations about the existence or otherwise of client assets.

The auditor also needs to establish and review the firm’s scope of permissions on the Register. This helps the RAR auditor to assess the likelihood of CASS


Guidance notesinflows.

This manual contains forms PF-X and PF-Y to assist in recording the business model and permissions. These are permanent file forms that must be reviewed and updated annually.

Ethical requirementsCASS auditors must comply with the FRC Ethical Standard in addition to the ethical guidelines from their professional body.

This manual contains forms B12 and B13 which will help CASS auditors demonstrate compliance with the FRC Ethical Standard. These forms are very similar to those in our standard Audit Manual.

Note however that the Ethical Standard clarifies that assurance reports on client assets are considered an audit-related service and, for statutory auditors, pose no further independence threat. Therefore auditors performing both statutory and CASS audits for a firm need only demonstrate ethical compliance on the former file; they do not need to duplicate this on the CASS audit.

Our B12 and B13 forms contain a prominent reminder to this effect.

Engagement acceptance and continuanceA suitably-tailored engagement letter will be needed (see section B of this manual for an example letter).

Quality control, training and competence and EQCRThe Standard requires CASS auditors to comply with ISQC (UK) 1 and to appoint an individual as ‘CASS engagement leader’ (CEL). The CEL is responsible for directing and supervising the engagement, for ensuring that the engagement team are trained and competent, and for reviewing the work prior to issuing his/her opinion(s) in the RAR or LAR. The CEL signs the report in their own name, similar to the rules regarding ‘Senior Statutory Auditors’ in financial statement audits. The 2015 Standard also required that the firm’s system of engagement quality control review (EQCR) encompasses all RAR engagements, and set out matters for the EQC reviewer to consider (paras 141-145). However, the 2019 Standard restricts this requirement to CASS Large and Medium firms, and for all other firms requires the auditor to apply judgement in determining whether an EQCR is needed (see para 137 in the 2019 Standard). This is the most significant difference between the two Standards.

This manual contains checklists at both the planning stage (B14) and the completion stage (B21-3) to assist the EQCR reviewer in recording their review and conclusions.

Training and competenceThe Standard also stresses the need for CASS auditors to be:

A. competent and experienced at such assignments;B. familiar with the current CASS rules and the firm’s business model; andC. aware of the principles of insolvency and trust law.

Since the opinion focuses on the adequacy of systems and controls, CASS auditors may require a much more thorough understanding and evaluation of these systems, and the operating effectiveness of controls, than on a typical financial statement audit.

The Standard notes that, where relevant, a firm’s internal audit function may prove useful to the CASS auditor but that the latter is solely responsible for the CASS report opinion.

Professional scepticism, professional judgement and requisite mind-setsThe Standard requires CASS auditors to exercise both professional scepticism and professional judgement in planning and performing CASS audits.

CASS auditors must approach such assignments with ‘an insolvency mind-set’. This is contrasted with a traditional risk assessment mind-set adopted by a financial statement auditor. CASS auditors must presume that the firm could become insolvent, exposing its clients to the risk of loss of client assets if these have not been adequately safeguarded. In addition, CASS auditors should adopt a ‘compliance mind-set’, recognising that the CASS report opinion centres on compliance with the CASS rules. Materiality is therefore not a relevant consideration when assessing rule breaches. All breaches must be reported.

This manual contains form B17 to assist in recording the team’s training and the CEL’s conclusions regarding scepticism, judgement and mind-sets.

DocumentationThe Standard contains extensive documentation requirements, including revision and assembly of final documentation, equivalent in many respects to ISA (UK) 230.

Written representationsThe Standard requires certain matters to be included in written representations, dated as near as practicable to the CASS report date.

The example letters section of this manual contains representation letter points, which could be added to a representation letter used for a statutory audit.

CASS engagement team meetingThe Standard requires a team meeting to be held to discuss the susceptibility of the firm’s systems to CASS rule breaches.

This manual contains form B23 to assist in recording these discussions.

6.3 Summary of rules specifically applicable to RARs

Assessing CASS engagement riskIn understanding the firm’s structure, operating environment etc. (as noted above), a RAR auditor needs to be able to identify and assess the engagement risk (ie. giving the wrong opinion) and must design procedures to mitigate this.

In particular, the Standard requires auditors to:

• discuss the business with management to understand the latter’s risk mitigation processes, and read relevant operations manuals etc.;• meet with CASS compliance officers to discuss the control environment and review monitoring results;• review the firm’s CMARs for consistency with the auditor’s knowledge of the business; and• perform their own risk assessment procedures.

Responding to the assessment of assurance engagement riskCASS auditors must design and perform responsive procedures based on the risk assessment. This involves a detailed evaluation of the ‘system of internal


Guidance notescontrol’, which encompasses:

• the control environment;• monitoring activities (such as internal audit); and• control activities over each area of CASS compliance, such as segregation of client assets.

This manual contains form PF-Z which may assist with recording the auditor’s understanding of the design of the system of internal control. PF-Z is a permanent file checklist which must be reviewed and updated annually.

The current file checklists include form B32 which is designed to help auditors to summarise the identified risks and response.

Obtaining evidence to support the RAR opinionsBecause the CASS opinions revolve around maintaining adequate compliance systems, the Standard requires a controls-based approach to obtaining evidence. This involves:

• evaluating whether control activities were put into place as designed (by conducting walk-through tests); and• testing the operating effectiveness of these controls (usually on a sample basis, or by selecting all or specific items to test).

Where breaches are discovered, the auditor needs to draw inferences on whether controls were operating effectively.

The Standard outlines the firm’s use of Third Party Administrators (TPAs) to outsource CASS functions.

• In ‘Model A Arrangements’, the firm remains responsible for CASS compliance and thus the auditor needs to include the TPA in evidence-gathering and will require access to the TPA’s records and processes.

• In ‘Model B Arrangements’, the firm devolves responsibility to the TPA and makes this clear to its clients. Once an auditor has confirmed that the arrangement is Model B, no further CASS work is needed.

This manual assists auditors to record the nature of TPA arrangements on PF-X and, where Model A arrangements are identified, contains a dedicated checklist to record the work.

6.4 Summary of rules specifically applicable to LARs

The rules apply both to cases where:

• the firm is permitted to hold client assets but claims not to do so; and where• the firm is not permitted to hold client assets.

The audit team members need to understand in the former case why the relevant permission is not being used. They also need to:

• review CASS notifications, sample agreements etc. for consistency with the firm’s claims;• consider other evidence (eg. from the statutory audit); and• obtain written representation that no client assets were held.

This manual contains a dedicated work programme for LARs, including this aspect of a hybrid engagement.

6.5 Special reports

Where firms have chosen to adopt an ‘alternative approach’ to client money segregation and/or a ‘non-standard method’ of internal client money reconciliation, a special report from the CASS auditor is needed.

In practice, the use of these methods is relatively uncommon and usually confined to large dual-regulated investment firms which are outside the scope of this manual. Therefore, this manual does not include work programmes to support special reports. Auditors of firms adopting such methods are advised to contact their professional body for further advice.

Copies of the current (November 2019) CASS Assurance Standard can be found at https://www.frc.org.uk/auditors/audit-assurance/standards-and-guidance/other-standards-and-statements.

7 CASS Audit reports

7.1 Form and content of a Reasonable Assurance Report (RAR)

The report’s form and content is set out in SUP 3 Annex 1R and this must be adhered to.

In addition, Appendices in the CASS Assurance Standard contain illustrative RAR reports.

The Example Reports Section of this manual contains an example RAR.

7.2 RAR opinions

There are three primary RAR opinions:

A. The auditor opines whether the firm maintained systems adequate to enable it to comply with the relevant CASS rules throughout the period since the last date at which a report was made.This opinion is extended to specifically refer to nominee companies which are subsidiaries of the firm and in whose name custody assets are registered, where required by SUP 3.10.5R (3).

B. The auditor opines whether the firm was in compliance with the relevant CASS rules as at the period end date.C. Where a secondary pooling event (the failure of a bank at which client money was held) has occurred, the auditor opines whether the firm complied

with the relevant distribution rules in CASS.

7.3 Breaches schedule

In addition to the RAR opinions, there is a mandatory Breaches Schedule which reports all CASS breaches of which the auditor has become aware, regardless of who identified these.

Column E of the Schedule is completed by the firm setting out the remedial action taken (if any) and an explanation of how the breaches arose. The auditor is not responsible for this column, but retains a duty to report if they are aware that the firm’s comments are inaccurate or false.


https://www.frc.org.uk/auditors/audit-assurance/standards-and-guidance/other-standards-and-statements

https://www.frc.org.uk/auditors/audit-assurance/standards-and-guidance/other-standards-and-statements

Guidance notesThe report must be submitted in draft form to the client who will annotate the breaches schedule with a response in column E. The report must be given to the governing body (ie. those charged with governance) for review, though this need not necessarily happen within the four-month reporting period. If client responses are not received, the auditor must submit the report explaining their absence.

7.4 Forming the RAR opinions

Modified opinions and breachesThe Standard is clear that an unmodified opinion is only possible where no breaches were detected. Even a single breach of minor significance leads to a modified report.

In certain cases, auditors will modify the ‘adequate systems’ opinion but not the ‘period-end compliance’ opinion. This is appropriate where all systems failures during the period were, to the auditor’s knowledge, rectified by the period end such that the firm was in compliance at the reporting date.

Qualified or adverse opinionsWhere a modified opinion is needed, auditors will need to decide whether this should be qualified (ie. ‘except for…’) or adverse (eg. ‘the firm did not maintain systems adequate…’).

Example of breaches leading to a qualified opinion

On a few separate occasions the firm failed to promptly place client money (cheques received from clients) into a client bank account, in breach of CASS rules. The cause was shown to be human error leading to wrong instructions being sent or items not being processed. The firm did not identify any other similar failures in the year, and the auditor obtained evidence confirming the adequacy of the systems maintained (for example, from a review of the design of the controls and sample testing to ensure the controls were implemented as designed).

This example will not lead to an adverse auditor opinion because the auditor was able to confirm that the firm had otherwise maintained adequate systems to enable it to comply with the requirement to promptly segregate client money. This was supported by the relatively low number of failures evidenced. Nevertheless, the opinion is likely to be qualified because of the nature of the breaches identified (eg. the auditor expresses an opinion that ‘except for the breaches identified, the firm maintained systems adequate to enable it to comply with the applicable rules’). Alternatively, the auditor’s opinion is likely to be adverse if they identify that the systems were not adequately maintained to ensure that cheques were promptly segregated (likely to be evidenced in a high failure rate, relative to the volume of cheques received).

Example of breaches leading to an adverse opinion

The firm failed to undertake internal client money reconciliation, in breach of CASS rules. The cause arose from a misunderstanding by the firm of their obligations under CASS rules, leading to the firm failing to implement adequate systems to undertake the internal reconciliation.

In this example the firm has failed to implement appropriate systems to undertake the internal reconciliation requirement. There may not have been actual loss incurred by clients by this breach, as it is likely that any loss will only occur if the firm fails. Nevertheless, the auditor will express an adverse opinion as the firm did not have adequate systems to enable it to comply with the client money rules, specifically, in this example, the internal reconciliation requirements.

7.5 Limited Assurance report (LAR) opinion

The report’s form and content is set out in SUP 3 Annex 1R and this must be adhered to.

In addition, Appendices in the CASS Assurance Standard contain illustrative LAR reports.

The Example reports section of this manual contains two example LARs.

The LAR opinion repeats the directors’ assertions that either the firm was not permitted to hold client assets or that it was permitted but did not do so. The auditor then opines that (if relevant) nothing has come to their attention that causes them to believe that client assets were held during the period.

If breaches are discovered, this fact is reportable to the FCA (see the ‘Whistleblowing’ section of these guidance notes - chapter 8). The auditor must encourage the firm to promptly report it and, if this report is not made, must report directly to the FCA. In addition, the CASS report opinion will be modified.

7.6 Hybrid opinions

Where appropriate, the CASS auditor may issue hybrid opinions, which are illustrated in Appendix 3 of the Standard.

The Example reports section of this manual contains an example hybrid report.

7.7 Method of submission of CASS audit reports

In November 2019 the FCA changed the method of submission of CASS audit reports, which had previously been via email. The FCA now require auditors to register with the FCA’s Connect reporting system and reports will then be submitted via Connect in the form of PDF documents.

For further details on how to register with Connect, see the FCA’s guidance at: https://www.fca.org.uk/publication/systems-information/how-to-submit-client-asset-reports.pdf

8 The auditor’s right and duty to report to the FCA (‘whistleblowing’)

8.1 The FCA firm’s duty to self-report

The FCA expects firms to deal with it honestly and openly under Principle 11, one of the ‘high level’ principles in the Handbook, and requires firms to self-report in a number of circumstances. These include the following:

Matters having a serious regulatory impactA firm must let the FCA know immediately when it becomes aware, or has information that reasonably suggests, that any of the following has occurred, may have occurred or may occur in the foreseeable future:


https://www.fca.org.uk/publication/systems-information/how-to-submit-client-asset-reports.pdf

https://www.fca.org.uk/publication/systems-information/how-to-submit-client-asset-reports.pdf

Guidance notes• if the firm fails to satisfy one or more of the threshold conditions;• any matter that could have a significant adverse impact on the firm’s reputation;• any matter that could affect the firm’s ability to continue to provide adequate services to customers and which could result in serious detriment to a

customer of the firm; or• any matter in respect of the firm that could result in serious financial consequences to the financial system or to other firms (see SUP 15.3.1R).

As set out in SUP 15.3.8G, compliance with Principle 11 includes (but is not limited to) giving the FCA notice of:

a ) Any proposed restructuring, reorganisation or business expansion, which could have a significant impact on the firm’s

i. risk profile or resources, including but not limited to:i starting to provide a new product or service. (Firms may need to apply for a variation of permission.)

ii. ceasing to undertake a regulated or ancillary activity, or significantly reducing the scope of such activities. (Firms may need to apply for a variation of permission.)

iii. entering into, or significantly changing, a material outsourcing arrangement.iv. any change in the firm’s prudential category.

b) Any significant failure of the firm’s systems or controls.

c ) Any action that the firm proposes to take which would result in a material change in its capital adequacy or solvency including, but not limited to:

i. any action that would result in a material change in theii. firm’s financial resources or financial resources requirement.a material change resulting from the payment of a special or unusual dividend or the

repayment of share capital or a subordinated loan.

d) Significant breaches of rules or other requirements under the Act, eg. professional indemnity insurance cover being refused or cancelled.

In some circumstances advance notification to the FCA is needed eg. changes in the firm’s name, address and legal status.

Other mattersThere are also general notification requirements:

Breaches of rules and other requirements in or under the FSMA. SUP 15.3.11 R

Civil, criminal or disciplinary proceedings against a firm. SUP 15.3.15 R

Fraud, errors and other irregularities. SUP 15.3.17 R

Insolvency, bankruptcy and winding up. SUP 15.3.21 R

Change of accounting reference date. SUP 16.3.17 R

Change of controller. SUP 11.3

Approved persons: employees who start performing controlled functions, those who change or add controlled functions or those who cease performing controlled functions.

SUP 10.11 - 10.13

Change of auditor (appointed under FCA rules). SUP 3.3

A firm that has an auditor (whether appointed under the Companies Act, other statutory provisions or FCA rules) will need to consider whether to notify the FCA under Principle 11 (relations with regulators) in the following circumstances:

a. if the firm expects or knows its auditor will qualify his report on the audited annual financial statements or add an explanatory paragraph (SUP 3.7); orb. if the firm receives a written communication from its auditors commenting on internal controls (SUP 3.7).

8.2 The auditor’s right and duty to report to the FCA

Under the Financial Services and Markets Act 2000 (FSMA 2000) (Communications by Auditors) Regulations 2001 both statutory and CASS auditors have duties in certain circumstances to make reports to the FCA. An auditor has a duty to report breaches of the FCA’s rules of which it becomes aware which it reasonably believes may be of material significance to the FCA.

Auditors also have a statutory right to report a relevant matter to the FCA under s342 FSMA 2000.

8.3 Audit rules and guidance

Rules and guidance for auditors regarding this right and duty to report is found in:

Rules and guidance Applicable to

ISA (UK) 250 Section B Statutory auditors

The CASS Assurance Standard paras 58-66 (2015) or 57-64 (2019) and Appendix 12 CASS auditors

ISA (UK) 250BISA (UK) 250 Section B (‘250B’) states that:

“The objective of the auditor of a regulated entity is to bring information of which the auditor has become aware in the ordinary course of performing work undertaken to fulfil the auditor’s audit responsibilities to the attention of the appropriate regulator as soon as practicable when:

a. The auditor concludes that it is relevant to the regulator’s functions having regard to such matters as may be specified in statute or any related regulations; and


Guidance notesb. In the auditor’s opinion there is reasonable cause to believe it is or may be of material significance to the regulator;” (para 8)

“Where an apparent breach of statutory or regulatory requirements comes to the auditor’s attention, the auditor shall:

a. Obtain such evidence as is available to assess its implications for the auditor’s reporting responsibilities;b. Determine whether, in the auditor’s opinion, there is reasonable cause to believe that the breach is of material significance to the regulator; andc. Consider whether the apparent breach is criminal conduct that gives rise to criminal property and, as such, should be reported to the specified authorities..” (para 12)

Specific reference should also be made to paragraphs A24 to A30 which outline the factors involved in deciding whether a matter is of ‘material significance’ to a regulator.

The CASS Assurance StandardParagraphs 57-64 and Appendix 12 outline the legal position and largely restates guidance from the ISA (UK) and former PN. Appendix 12 also considers whether a matter is of ‘material significance’.

8.4 Practical guidance

Duty to reportThe FSMA 2000 (Communication by Auditors) Regulations 2001 do not require statutory or CASS auditors to perform any additional work as a result of the statutory duty, nor are auditors required specifically to seek out breaches of the requirements applicable to a particular client.

However when potentially materially significant matters are discovered, auditors must:

• carry out additional procedures to determine whether facts and circumstances cause the auditor to reasonably believe that the matter exists;• (if so), obtain evidence to assess the reporting implications;• (if necessary) report to the FCA as soon as practicable; and• document the facts and circumstances, and the basis for their conclusions.

Conduct of the audit requires all staff to understand the provisions of the applicable legislation, the regulators rules and any specific requirements which apply to that client. Auditors should include procedures within the planning to ensure all team members have such an understanding.

The duty to report matters of material significance arises once auditors have concluded the matter is of material significance to the FCA. The report should be made without undue delay once a conclusion has been reached. The matter should be discussed with the directors unless there is doubt over their integrity.

If a CASS auditor becomes aware of reportable breaches, they do not wait to report them to the FCA by means of the Breaches Schedule that they append to the assurance report.

Reports should be made using the email address [email protected].

Right to reportThe scope of the duty to report can be quite wide, hence in many cases where a matter is noted, an auditor will have a duty rather than a mere right to report.

However, there may be cases in which the auditor concludes that there is no statutory duty, but that the matter should nevertheless be brought to the FCA’s attention. In the first instance, the auditor should discuss the matter with the firm’s directors and inform them of the auditor’s opinion that a report should be made. Where the auditor cannot obtain adequate and timely evidence that the firm has reported the matter under Principle 11, the auditor reports the matter to the FCA.

Auditors may wish to take legal advice before reporting, to ensure for instance that only relevant information is disclosed and that the form and content of its report will secure the protection of FSMA 2000. However, this process can take time and the auditor should consider whether speed of reporting in the firm’s and the FCA’s interests should take precedence.

The manual contains a whistleblowing checklist (A43) which assists statutory and/or CASS auditors to record their considerations regarding matters which may lead to a right or duty to report.

9 Other relevant regulatory requirements

9.1 Financial resources for DIFs

The prudential framework for a financial services firm depends on whether it is dual-regulated or authorised solely by the FCA. Prudential rules for banks have been the subject of intense debate and scrutiny following the financial crisis of 2008 and the loss of confidence on global markets. Amendments to the rules at UK and European level (known as ‘CRD IV’) took effect on 1 January 2014. However, the FCA exercised an option to keep certain firms under the old ‘CRD III’ rules as previously applied to BIPRU investment firms - hence such firms are still called ‘BIPRU firms’ under the new regime.

The prudential rules for European financial services firms depend largely on EC Directives such as MiFID and CAD, and the Handbook applies these Directives to UK firms in relevant sections: GENPRU, BIPRU, IFPRU, UPRU and IPRU-INV.

• GENPRU applies to DIFs which are BIPRU firms (and, to a small degree, IPRU firms - see below) and groups containing such firms. It details the general rules on the adequacy of financial resources and how a firm should recognise and value assets, liabilities, exposures, equity and income statement items.

• From the beginning of 2014, firms that had previously been classified as BIPRU 50K firms generally remain within BIPRU. Most other BIPRU firms are now under IFPRU. Both BIPRU and IFPRU contain similar capital resources rules, but there are some additional new rules in IFPRU concerning capital buffers.

• For all other DIFs, UPRU (for UCITS firms) or IPRU-INV will instead apply.

As noted in section 1.3 of these guidance notes, a new UK-specific regime will be introduced in 2022 to replace this existing EU-based regime.

9.2 Routine reporting by DIFs

SUP 16 in the FCA Handbook details the reporting requirements for DIFs (note: exceptions are noted in 16.1.2 of SUP 16).

SUP 16 splits client reporting requirements as follows:

Annual controllers reports SUP 16.4

Annual close links reports SUP 16.5


Guidance notesCompliance reports SUP 16.6

Persistency reports SUP 16.8

Annual Appointed Representatives reports SUP 16.9

Verification of standing data SUP 16.10

Product sales data reporting SUP 16.11

Integrated regulatory reporting SUP 16.12

Regulatory reporting under GABRIELGABRIEL (GAthering Better Regulatory Information ELectronically) is a web-based system allowing online submission of returns by firms. Since 2014, GABRIEL is used by IFPRU firms to collect the EU-standardised data (COREP and FINREP), either by direct XBRL submission or by uploading the relevant XBRL documents. Many third-party compliance providers offer spreadsheet templates which can be used to generate the relevant XBRL forms. For firms exempt from CRD IV, GABRIEL is still used to allow XML submissions of other returns, such as the RMAR (see below).

The Retail Mediation Activities Return (RMAR)For smaller retail firms, the main return that is completed through GABRIEL is the Retail Mediation Activities Return or RMAR.

The RMAR is usually completed every six months. GABRIEL will automatically show the reporting interval when firms have logged in.

The information requirements in the RMAR differ depending on firm type and the regulated activities carried on by a firm. This is to ensure that the FCA only asks for information that is relevant to the supervision of each firm.

Information to be submitted on RMAR:

A Balance sheet;

B Profit and loss account (including commission data);

C The adequacy of regulatory capital;

D The type of client money account and amount of client money held;

E The firm’s PII (excess, indemnity limits, etc.);

F Compliance with other key criteria for authorised firms (threshold conditions);

G Training and competence;

H Conduct of business issues (eg. information on sources of business); and

I Product sales data.

The firm is also required to confirm each year, within 30 business days of its accounting reference date, that the firm has the correct ‘standing data’ for the firm (SUP 16.10.4R). A firm’s standing data is the information in SUP 16 Annex 16R and includes, for example, the name and registered office of the firm, the regulated activities for which the firm has permission, the name and address of the firm’s auditor (if applicable) and its accounting reference date. Firms should check standing data through the Online Notifications and Applications (ONA) web-based system.

10 Using this manual

10.1 Introduction

The ‘Getting Started’ guides, included within your manual, contain guidance on how to access and download the manual.

Below we summarise the approach to FCA (DIF) assignments within this manual.

NB. The checklist references are designed to follow as closely as possible those in the Mercia Audit Manual and other Specialist Manuals. Audit teams who also use the Mercia Audit Manual may choose to integrate these checklists within their statutory audit documentation or may prefer to file separately.

10.2 Planning the engagement

Form B11 is the planning checklist, and guides auditors through the planning process for an FCA (DIF) engagement.

A vital early step on B11 is to understand and document the scope of engagement by recording the firm’s business model, its scope of permissions and the requirements for statutory and/or CASS audits.

Form B15 records this understanding and provides a signpost conclusion to direct auditors to the remaining forms to complete. As noted earlier, form B16 can be used to determine statutory audit exemption.

Depending on the outcome of this assessment, auditors will need to complete the following parts of the programmes:

Engagement Programmes to complete

CASS audit (with or without a statutory audit) The remainder of the planning, fieldwork and completion programmes (as relevant).

Statutory audit only (no CASS audit needed) Complete the whistleblowing checklist A43 only as a supplement to your normal statutory audit programmes.

Neither statutory nor CASS audit needed No further work to complete within this manual. You are directed to use your normal accounts preparation programmes.

After completing appointment procedures (including compliance with the Ethical Standard and agreeing the engagement terms, CASS audit teams need to


Guidance notesdocument compliance with the quality control, training and competence and mind-set requirements as noted earlier in these guidance notes.

The remainder of B11 will be completed depending on whether RAR or LAR engagements are required.

For RARs, more extensive documentation is needed including B21 form to record discussions with the firm, B23 form to record the team meeting and permanent forms PF-X and PF-Z to record the business model and the system of internal control.

The form also prompts the EQC reviewer to conduct an initial review before the CEL signs off planning.

10.3 Obtaining evidence for the CASS opinion

The manual contains programmes to support the RAR and LAR opinions as relevant. The RAR programmes contain rule-by-rule tests, cross-referenced to CASS, to support both the ‘adequate systems’ and ‘period-end compliance’ opinions.

The RAR programmes contains separate forms for:

A. Client money (CASS 7);B. Custody assets (CASS 6);C. Collateral (CASS 3) and Mandates (CASS 8); andD. Third Party Administrators

A sampling form is also included to support the sample sizes used for tests of control.

10.4 Completion

The manual contains completion checklists for the CEL (A21-1) and EQC reviewer (A21-2) as well as a general completion summary (A31) and the whistleblowing checklist (A43).

11 Appendix: Glossary of termsHere are some key abbreviations relevant to DIFs:

AUTH The Authorisation manual

BIPRU Prudential Sourcebook for Banks, Building Societies and Investment Firms

CASS Client Assets Sourcebook

CBA Client Bank Account

CEL CASS Engagement Leader, the individual responsible for the CASS report.

CMAR Client money assets report (not to be confused with the assurance report – see RAR / LAR)

COBS Conduct of Business Sourcebook

CP Consultation Paper

DIF Designated Investment Firm

DP Discussion Paper

EQCR Engagement quality control review

FCA Financial Conduct Authority (the current regulator)

FPC Financial Policy Committee

FRC The Financial Reporting Council (who issue auditing standards)

FSA Financial Services Authority (the former regulator)

FSCS Financial Services Compensation Scheme

FSMA Financial Services and Markets Act 2000

GABRIEL ‘Gathering Better Regulatory Information Electronically’, the FCA’s electronic reporting system

GENPRU General Prudential Sourcebook

IFPRU Investment Prudential Sourcebook

IPRU-INV Interim Prudential Sourcebook for Investment Business

LAR Limited Assurance CASS Report

MGI Mortgage and General Insurance

MiFID Markets in Financial Investments Directive

MIPRU Prudential Sourcebook for Mortgage and Home Finance and Insurance intermediaries

MLAR Mortgage Lending and Administration Return

PN 21 APB Practice Note 21 (now withdrawn)

PRA Prudential Regulation Authority (the FCA’s sister regulator)

PRIN Principles for Business

PS Policy Statement

RAR Reasonable Assurance CASS Report

RDR Retail Distribution Review


Guidance notesRMAR Retail Mediation Activities Return

SAM Mercia’s Specialist Audit Manuals for FCA clients

SI Statutory Instrument

SUP Supervision Manual

SYSC Senior Management Arrangements, Systems and Controls


Getting started for new manual usersIntroductionThis getting started guidance will help you to use the Mercia FCA (DIF) Manual. You may be a regular user of our products or this may be the first time that you have used such a manual. Either way these notes will help you understand the Mercia approach and how to maximise the benefits of the package.

The FCA (DIF) Manual consists of the following sections:

• Guidance• Example letters• Example reports• Current file documents• Permanent file documents

GuidanceYou will find the following documents in this section of the FCA (DIF) Manual:

• guidance notes on the FCA (DIF) sector;• this getting started guidance for new manual users; and• What’s changed, which provides an overview of the changes made in the last update to the manual, along with a detailed list of all of the changes

made.

Example lettersThis section provides example engagement terms for an individual DIF company, structured in the following way:

• a covering letter to identify the services to be provided, which cross-references to detailed schedules of professional services;• detailed schedules of professional services;• Example terms have been provided for:• a statutory audit of the financial statements;• a CASS assurance engagement;• accounting; and• taxation.

This structure will assist with future updates where it is necessary to only amend a specific section of the letter and send an updated version of this to your clients. It is also easy to add more detailed engagement terms into the standard format, for example, for other services such as payroll or VAT where you wish to do so.

• standard terms of business.

Supplementary example management representation letter points are also included in this section.

Example reportsExample FCA assurance reports on client assets (including a ‘limited assurance’ report) can be found in this section.

Current file documentsDetailed programmes that incorporate planning, fieldwork and completion documentation for a CASS assurance engagement can be found in this section.

Permanent file documentsPermanent file checklists are included to help ensure that permanent files contain adequate specialist information as part of the engagement planning and risk assessment.

Accessing the manual

Introducing a new and improved way to access some of our productsWe are delighted to present to you our new online platform, found within our existing website, from which you can access some of our methodology and compliance products which you subscribe to.To access your Manual, all you need to do is log into the Mercia Group website and scroll to My methodology and compliance products under Dashboard on the right hand side.

Once within My methodology and compliance products, please click Open Manual and the manual will automatically open:


https://www.mercia-group.co.uk/


When viewing content in the browse tab, you have the option to Maximise the page, which will remove the standard website borders and allow more content to be displayed on screen.

Once within the manual there are two ways of consuming the content:

• Browse – for manual content• Customise – for creating individual assignments



BrowseOur easy to use Browse function allows you to view the entire manual online and also gives you the ability to target specific parts of the manual more efficiently.

One way this can be done is by clicking on the orange underlined text (typically on a contents page or embedded within the text of the manual where a related section is referenced), this will take you directly to the section referred to. It should be noted that using the ‘back’ button within your browser will not return you back to the section where you clicked the link, as you have been navigated internally on the same web page.

Alternatively, you can use the menu on the left-hand side to access specific areas, pressing the “+” or “-” icons to expand or collapse sections then clicking on the section you wish to read. Should you click a section which has subsections within it (as indicated by the “+” or “-” icons being shown) then all the subsections will also be loaded (for example clicking ‘Accounts disclosure checklists’ would load that section, allowing you to scroll through all the options.

Where a “>” icon is displayed, this indicates you are not able to expand this section further.

By selecting either the Word or PDF icons within the menu, you will be able to download specific areas in your desired format (as above, this will also include any subsections of the area you have selected).

In addition, there is an Expand all and Collapse all tool located at the bottom to aid with navigation using this option.

Reference copy of manual contentThe manual is designed to be updated regularly and it is Mercia’s recommendation that users should log on to the Mercia website and either browse the content online and / or use the customise tool for specific client assignments.

If you would like a reference copy of the manual for your records then the Browse function is the easiest option to obtain a download of the manual content. However, we do suggest that the website version is revisited, and the latest updates page checked, as minor changes may have been implemented since accessing the manual, and reference copies many have to be refreshed so that you and your staff are accessing the most current and up to date version of the manual.

To download a reference copy use the Browse option and click on the "Word" or "PDF" icon by each of the sections. This will generate a copy of the content of the sections which can then be saved as required. This will mean downloading seven sections (Guidance, Example letters, Example reports, Example accounts, Accounts disclosure checklists, Current file documents and Permanent file documents).

For Guidance, Example letters and Example reportsThe content will download into one document, eg. the word document will contain all the content of the guidance section.



For Current file documents and Permanent file documentsSome sections of the manual, such as the Example reports, have two distinctive date options.

You can individually select one of the periods or select the whole section. If you select the whole section then the output produced is a Zip file containing both documents.

Example letters, Current file documents and Permanent file documents will download into individual folders.

Customise viewFor individual assignments and client packs, the Customise tool allows for the selection of documents required and for users to tailor to the client.



Using the “+” allows the selection of individual documents by clicking the box by the required documents.

As in the Browse tab , pressing the “+” or “-” icons will expand or collapse sections, where a “>” icon is displayed, this indicates you are not able to expand this section further and there is an Expand all and Collapse all tool located at the bottom to aid with navigation using this option.

When selecting a section of content which has a subsection (as indicated by the “+” or “-” icons being shown) all the subsections will be preselected to be included within the download, although users have the option to deselect any sections they wish to exclude by clicking on the tick box against that section. You also have the option to select all or specific Attachments by ticking or unticking these as desired.

Client tailored packIn those manuals aimed in assisting with client engagements, it is possible to create and download the documents as a client or firm-tailored pack. This can be done via the Options menu on the right-hand side where you can enter client’s / firm’s name in the relevant input field and if applicable, the financial year end date. These are then displayed in the header of the downloaded documents.

Once you have finished selecting the areas you wish to include in the download, you then choose either a Word or PDF format, by selecting the relevant option in the Options menu on the right-hand side of the Customise tab. It should be noted that the choice of Word or PDF is not applicable to any attachments and these will be downloaded in their pre-set format regardless of the option selected when choosing a download format.

Example customised screen

The customised documents are downloaded into a zipped up folder for you to save in your preferred location.

We hope you find our new online platform useful and more efficient to navigate.


Getting started for new manual usersFor details of the fully paperless versions of the manual available, where all programmes can be completed on screen and stored digitally please visit our website at https://www.mercia-group.com/.

Contact usAdministration or product related queries: [email protected]

IT related queries: David Hirst at [email protected] or Doris Vargas at [email protected]

Mercia website login details requests: [email protected]

Telephone: 0330 058 7141


https://www.mercia-group.com/

What's changedJune 2021We are pleased to issue an update to your Mercia FCA (DIF) Manual (dated 06/21).

The technical changes in this update relate to the post-Brexit regime and consist of revisions to the guidance notes to explain the current status of EU Directives and the progress towards a new UK-specific regime.

June 2021 detailed list of changesUpdated area Main reason for change

Guidance

Guidance notes - para 1.1 amended URL to the FS Register

- paras 1.3, 2.3, 9.1 clarified wording concerning the post-Brexit regime

- other minor typographical changes including updated references to the 2019 CASS Assurance Standard

May 2021We are pleased to issue updates to your Mercia FCA (DIF) Manual (dated 05/21). The principal technical changes in these updates relate to the Ethical Standard 2019 and Brexit:

Ethical Standard 2019

The B12 and B13 have been updated for the Ethical Standard 2019 which is largely effective for engagements with periods commencing on or after 15 March 2020.

The Accounts and Reports (Amendment) (EU Exit) Regulations 2019 (SI 2019/145)

These regulations update certain definitions to applied within company law as a result of the UK withdrawing from the European Union (EU). The relevant updates for this manual relate to criteria for which entities qualify as small or micro entities, and criteria for the dormant subsidiaries exemption from the obligation to file accounts. Statutory Instrument (SI) 2019/145 was published on 30 January 2019, with a small number of updates taking effect immediately and others taking effect for accounting periods commencing on or after 1 January 2021.

Your audit exemption eligibility checklists (B16-1 (companies) and B16-2 (LLPs)) incorporate these updates.

See Appendix I for further details.

The Statutory Auditors and Third Country Auditors (Amendment) (EU Exit) Regulations 2019 (SI 2019/177)

These regulations update certain definitions and criteria to be applied within to company law within company law as a result of the UK withdrawing from the European Union (EU). The relevant updates for this manual relate to criteria for audit exemptions. Statutory Instrument (SI) 2019/177 was published on 1 February 2019, although it was amended by (SI) 2019/1392 and (SI) 2020/108. A small number of updates take place immediately with the most significant updates taking effect for accounting periods commencing on or after 1 January 2021.

Your audit exemption eligibility checklists (B16-1 (companies) and B16-2 (LLPs)) incorporate these updates.

See Appendix I for further details.

A new UK prudential regime for MiFID investment firms (CP21/7)

The guidance notes have been updated to explain the main changes to the prudential regime proposed in CP21/7 as a result of Brexit.

Other changes

A number of other minor updates to wording have also been made including updating the language used in example letters for gender neutrality.

Please see below for a detailed list of all changes made as part of this update.

Contact us

We are always pleased to receive feedback on our manuals, including any improvements that you would like to see incorporated. Please contact me if you have any comments to make.

Jenny Faulkner (Head of Publications - Assurance and Financial Reporting)

May 2021

May 2021 detailed list of changesUpdated area Main reason for change

Guidance

Guidance notes - Updated the FRC Ethical Standard section.

- Updated for the main changes to the prudential regime proposed in CP21/7.


http://www.legislation.gov.uk/uksi/2019/177/pdfs/uksi_20190177_en.pdf


What's changed- Other minor typographical and formatting updates.

What’s changed - A copy of this guidance has been added to the manual.

Example letters

All - Updated language for gender neutrality.

Current file documents - Planning

B12 CASS Audit acceptance of appointment or reappointment and

B13 CASS Audit compliance with the Ethical Standard

- Updated for FRC's Ethical Standard 2019.

B16-1 Statutory audit exemption eligibility checklist (companies)

B16-2 Statutory audit exemption eligibility checklist (LLPs)

- Criteria updated to reflect Brexit related legislation.

Appendix I – Legislative changes

The Accounts and Reports (Amendment) (EU Exit) Regulations 2019 (SI 2019/145)

These regulations update certain definitions to applied within company law as a result of the UK withdrawing from the European Union (EU). The relevant updates for this manual relate to criteria for which entities qualify as small or micro entities, criteria for the dormant subsidiaries exemption from the obligation to file accounts, and the disclosure requirements for political donations within the directors’ report. Statutory Instrument (SI) 2019/145 was published on 30 January 2019, with a small number of updates taking effect immediately and others taking effect for accounting periods commencing on or after 1 January 2021.

Firstly this SI includes an update to the definition of a credit institution within the Companies Act 2006 (section 384B(1)(d)) to be applied for companies which are excluded from being treated at micro entities, with immediate effect, to be as follows: a credit institution within the meaning given by Article 4(1)(1) of Regulation (EU) No. 575/2013 of the European Parliament and of the Council(c), other than one listed in Article 2 of Directive 2013/36/EU of the European Parliament and of the Council on access to the activity of credit institutions and investment firms.

Secondly this SI makes various updates to the Companies Act 2006 which are effective for financial years commencing on or after 1 January 2021. The updates relevant to this manual are as follows:

• Changes the directors report requirements to disclosure the total contributions to non-EU political parties in the directors’ report, to total contributions to non-UK political parties;

• Changes some of the definitions related to ineligible companies and groups, specifically:1. Updates the definition of MiFID investment firm, to be as follows: an investment firm within the meaning of Article 2.1A of Regulation (EU)

No 600/2014 of the European Parliament and of the Council of 15 May 2014 on markets in financial instruments, other than—a) a company to which that Directive does not apply by virtue of Article 2 of that Directive [which is exempted from the definition of “investment firm” by Schedule 3 to the Financial Services and Markets Act 2000 (Regulated Activities) Order 2001 (SI 2001/544)],b) a company which is an exempt investment firm as defined by regulation 8 (meaning of “exempt investment firm”) of the Financial Services and Markets Act 2000 (Markets in Financial Instruments) Regulations 2017(SI 2017/701), andc) any other company which fulfils all the requirements set out in regulation 6(3) of those Regulations;

2. Updates the definition of a ‘traded company’ to a company whose transferable securities are admitted to trading on a UK regulated market; and

3. ‘a body corporate (other than a company) whose shares are admitted to trading on a regulated market in an EEA State’, is now ‘a body corporate (other than a company) whose shares are admitted to trading on a UK regulated market’.

• Changes some of the criteria which exclude companies from being micro entities, specifically:4. Confirms that definitions for being an investment undertaking, a financial holding undertaking and an insurance undertaking all still apply as

they would if the UK was still a member of the EU; and5. Changes the definition of a credit institution, to be as follows: a credit institution as defined in Article 4(1)(1) of Regulation (EU) No.

575/2013 of the European Parliament and of the Council, which is a CRR firm within the meaning of Article 4(1)(2A) of that Regulation.• Changes to the criteria for a dormant subsidiary to claim exemption from the requirement to prepare and file individual accounts such that the

exemption is restricted to companies with a UK rather than EEA parent.

Your audit exemption eligibility checklists (B16-1 and B16-2) incorporate these updates.

The Statutory Auditors and Third Country Auditors (Amendment) (EU Exit) Regulations 2019 (SI 2019/177)

These regulations update certain definitions and criteria to be applied within to company law within company law as a result of the UK withdrawing from the European Union (EU). The relevant updates for this manual relate to criteria for audit exemptions. Statutory Instrument (SI) 2019/177 was published on 1 February 2019, although it was amended by (SI) 2019/1392 and (SI) 2020/108. A small number of updates take place immediately with the most significant updates taking effect for accounting periods commencing on or after 1 January 2021.

This SI (and the related amending SIs) update the Companies Act 2006. The most relevant updates for this manual relate to the availability of the subsidiaries audit exemption under s479A of the Act:



https://www.legislation.gov.uk/uksi/2019/145/pdfs/uksi_20190145_en.pdf

What's changed• For financial years commencing before 1 January 2021, the exemption continues to be available where it is a UK or EEA parent which consolidates

and provides the guarantee.• For financial years commencing on or after 1 January 2021, the exemption is only available where it is a UK (not an EEA) parent which consolidated

and provides the guarantee.

Your audit exemption eligibility checklists (B16-1 and B16-2) incorporate these updates.

December 2020We are pleased to issue an update to your Mercia FCA (DIF) Manual (dated 12/20). The update principally reflects the revision of the FRC CASS Assurance Standard in November 2019, which takes effect for CASS audit reports for periods beginning on or after 1 January 2020 (there is no scope for early adoption).

The only significant change in the revised CASS Assurance Standard concerns the need for Engagement Quality Control Reviews (EQCRs). Whereas the 2015 Standard required EQCR for all reasonable assurance engagements, the 2019 revision restricts this to CASS Large and Medium firms and requires that for other firms, auditors apply judgement to determine whether EQCR is required. In addition, however, the majority of paragraphs in the Standard have been renumbered. Therefore, several of the permanent and current file documents have been revised accordingly. You can select, via the Creator screens, the appropriate documentation depending on the date the reporting period began.

Other changes are minor and reflect:

• the introduction of the Senior Managers and Certification Regime for solo-regulated firms, which removes the designation ‘CF10a’ for the CASS compliance officer and requires that a member of senior management (the ‘SMF16’) take responsibility for compliance (including CASS compliance); and

• changes to the submission of CASS audit reports, which require auditors to register with the FCA's Connect online reporting system.

These changes principally affect the guidance notes and occasional references to the ‘CF10a’ within the programmes, which have been reworded.

Finally, a second example Limited Assurance Report has been included within the example reports section of the manual. Based on Appendix 7 to the CASS Assurance Standard, this second example (2b) covers situations in which a firm is not permitted to hold client money or custody assets and claims to hold neither. The existing example (2a), based on Appendix 5 to the Standard, covers situations in which a firm is permitted to hold either client money or custody assets (or both) but claims not to do so.

Contact usWe are always pleased to receive feedback on our manuals, including any improvements that you would like to see incorporated. Please contact my colleague Jeremy Williams, the technical editor of this manual, or me if you have any comments to make.

Jenny FaulknerDecember 2020

December 2020 - Changes made in relation to the revised CASS standardA small number of minor formatting amendments have been made to ensure consistency across the Mercia product range. In addition the following changes have been made:

Updated area Main reason for update

Guidance

Contents and guidance notes - Updated for the changes made in this update.

Update 12/20 - What's changed - Updated for the changes made in this update.

Example letters

Guidance - Updated for the revised CASS standard.

Example reports

Limited assurance - This has been replaced by two separate example reports (2a and 2b) depending on whether the firm (a) has permission to hold client assets but claims not to hold such assets, or (b) does not have permission.

Current file documents

Planning - References to CF10a have been replaced by SMF16, and references to CASS chapters now include CASS 13. For periods commencing on or after 1 January 2020, CASS Standard references have been revised.


What's changedCompletion - For periods commencing on or after 1 January 2020, CASS Standard references have been revised, including

clarification on the need for EQCR.

Permanent file documents

PF-X - Reference to CF10a has been replaced by SMF16. For periods commencing on or after 1 January 2020, CASS Standard references have been revised.

PF-Z - An additional prompt for B32 to include risks not identified by management.

December 2020 - Changes made in relation to the new method of deliverySet out below is a list of all of the documents that have been revised in this update, along with a brief explanation of how they have changed.

Updated area Main reason for change

All

All -The creator tool has been amended, so areas of the audit manual required are selected from the webpage instead. Users are able to 'customise' a pack of documentation for the clients

-The overall document hierarchy has been amended to be more intuitive. ‘Permanent file documents’ is now the final section of this manual (also see comments below for how specific sections have been re-ordered)

Guidance and Procedures

All - Section renamed to ‘Guidance’ from ‘Section A - Guidance notes’.

Contents - Contents page updated to reflect the new format and method of delivery.

Guidance and procedures - Chapter referencing has been updated to reflect the new method of delivery.

- A number of other minor amendments to reflect best practice and standardise guidance notes across the Mercia product range.

Getting started for new manual users - A revised set of guidance notes has been included to reflect the updated method of product delivery.

What's changed - A copy of this document.

Example letters

All - Section renamed to ‘Example letters’ from ‘Section B - Example letters’.

Engagement - covering letter-

A number of amendments to reflect best practice and standardise engagement letters across the Mercia product range.

Engagement - schedule of professional services-

A number of amendments to reflect best practice and standardise engagement letters across the Mercia product range

Engagement - standard terms of business -‘Term of business’ renamed ‘Standard terms of business’, along with a number of amendments to reflect best practice and standardise engagement letters across the Mercia product range.

Representation letter points - A number of minor amendments to reflect best practice and standardise engagement letters across the Mercia product range

Example reports

All - Section renamed to ‘Example reports’ from ‘Section C - Example reports’.


What's changed- A number of minor amendments to reflect best practice and standardise

engagement letters across the Mercia product range.

Current file documents

All - Section renamed to ‘Current file documents’ from ‘Section G - Current file documents’.

-The hierarchy of the content in this section has been amended to be more intuitive, with sections now being presented in the order they would appear in an audit file (i.e. Completion, then Planning, then Audit programmes).

Permanent file documents

All - Section has been renamed to ‘Permanent file documents’ from ‘Section F - Permanent file’.

-Across all the permanent file forms, column headings ‘Notes’ and ‘Sch Ref’ have been consolidated under the heading ‘Notes (refer to other schedules where applicable)’.


2a a32 small (frs 102 1a) (dif... · web view2021. 8. 12. · the uk left the eu on 31 january...

Documents