Audit and CASS Requirements for financial services

Mike Ayres_320x238

Mike Ayres – Senior Manager

Authorisation by the FCA is a valuable thing: respectability, confidence and legitimisation come from having these three letters featured on your website. However, it does come with more than its fair share of regulation! The primary legislation is the Financial Services and Markets Act 2000 (FSMA) but is also impacted upon by European directives, namely Markets in Financial Instruments Directive (MiFID 2) and the Capital Adequacy Directive (CAD). 

The following is a brief summary of statutory audit, client money assurance and when these are required. 

Statutory audit requirements for financial services firms

Following the usual small company exemptions per the Companies Act 2006 (CA06) many financial services companies are exempt from the requirement to obtain a statutory audit, however the following classes of companies/LLPs are required to have one: 

  • Authorised insurers 
  • Banks 
  • E-money issuers 
  • MiFID investment firms* 
  • UCITS management firms 

* Firms that satisfy regulation 4c(3)of the FSMA are also exempt from the requirement to obtain a statutory audit. i.e. if a firm could be non-MiFID, but chooses to be authorised as a MiFID firm (for example to gain access to EC wide ‘passporting’) then small company exemptions  can still be applied. 

Appointed Representatives (AR) are firms that are not FCA registered themselves, but piggyback on the registration of another FCA registered company. An AR is exempt from audit provided they meet the normal CA06 criteria.

Client Money and/or Custody Assets (CASS) Assurance Requirements

Not-with-standing their statutory audit requirement, FCA firms may need a CASS Assurance report. These are set out in SUP 3.1 of the FCA handbook. 

Some firms will not be required to provide a report, for example investment management firms and personal investment firms that do not require a statutory audit. 

There are two types of reports that may be needed:  

  • Reasonable Assurance – a ‘positive opinion’ that the firm is correctly complying with the CASS requirements. 
  • Limited Assurance – a ‘negative opinion’ that confirms there is nothing to indicate that the firm has breached the CASS requirements e.g. held client money. 

The reporting deadline for these is 4 months following the end of the reporting period. This period can be up to 53 weeks long and typically is in line with the accounting year-end. 

Where firms have ARs, it is the responsibility of the FCA registered company to confirm that the AR complies with the CASS requirements. 

The type of report required is determined by the type of authorisation that a firm has, the money or assets they hold and, for CASS 5 firms, the amount of client money held. 

Designated Investment Firms (CASS 7) 

  • No permission to hold client assets – limited assurance engagement
  • Permitted to, but claims not to hold client assets – limited assurance engagement 
  • Holds client money but not safe custody assets or vice versa – hybrid engagement 
  • Holds both client money and safe custody assets – reasonable assurance engagement 

A Hybrid report will state that limited assurance has been gained for the element that the firm claims not to hold, and reasonable assurance for the element they do hold. 

The report is sent directly from the auditor to the FCA. 

Mortgage and General Insurance Firms (CASS 5)

  • Non-statutory trust client account held – reasonable assurance engagement
  • Over £30,000 of client money held – reasonable assurance engagement 
  • No more than £30,000 of client money held in statutory trust account – no assurance needed 

The report is sent to the client (though addressed to the FCA) and the FCA may then ask to see it. It is the responsibility of the firm to identify whether they need an Assurance report, a statutory auditor is not expected to check whether there is a requirement. 


The CASS client money rules are a complex and detailed area for good reason. The protection of your client’s money is imperative. At Menzies, we understand the rules and how they can impact on your company, we want to get to know you and your business so that we can provide relevant and tailored advice and help your business grow without encountering any unwelcome regulatory issues.  

Please note that the above information is a summary of selected chapters of the FCA Handbook and should not be solely relied upon when making decisions. Please always ensure the appropriate professional advice is obtained to ensure compliance. The FCA Handbook contains the detailed rules and can be accessed here.  This information is correct as at 20th November 2019. 

Posted in Blog, Financial Services