United Kingdom
Cayman Islands
Guernsey
Ireland
Switzerland
UAE
United Kingdom
Nexia
About us Our people Offices Careers Stay informed search
menu close
Services
Sectors
Insights
Contact us
About us
Our people
Offices
Careers
Stay informed
Accounting
Audit and assurance
Business advisory
Cloud accounting
Corporate finance
Forensic and litigation services
Outsourcing
Payroll
Sustainability and ESG
Tax
Trusts
VAT
Services

We provide a full range of tax, accounting and business advisory services to our clients to help them achieve their personal or corporate objectives.

Charities and not-for-profits
Crypto and digital assets
Entrepreneurs
Family office
Film, TV and video games
Financial services
Food and drink
Hospitality and leisure
International
Landed estates and rural businesses
Life sciences
Manufacturing
Private wealth
Professional practices
Real estate
Recruitment and executive search businesses
Retail
Sports and entertainment
Sectors

We specialise in specific sectors and areas of business where we have real in-depth expertise and experience, working with a variety of clients including private individuals, owner-managed businesses and not-for-profit entities.

Articles
Case studies
Events
News
Podcasts
Publications
Videos and webinars
Insights

View the latest news, publications, webinars, factsheets and forthcoming events at Saffery.
View All

Cayman Islands
Guernsey
Ireland
Switzerland
UAE
United Kingdom
Nexia
search
close
Searching
United Kingdom

CASS audit

CASS Audit
Written by Tom Alun-Jones
newsmode Articles
Back to Articles
Share

In this article, we delve into CASS audits, including what a CASS audit is, who needs a CASS audit, the assurance opinions that are available, and the relevant deadlines which firms must adhere to if they’re subject to CASS reporting.

FCA regulation

The Financial Conduct Authority (FCA) is one of the major regulators of the UK’s financial services industry. Its purpose includes supervising the conduct of the firms subject to its regulation, and maintaining the Financial Services Register which documents the activities which firms and individuals have permission to carry out. The FCA regulates firms who hold or control clients’ money and assets in relation to regulated activities. The protection of client money and assets is central to achieving its statutory objective of protecting customers.

The FCA Handbook contains the detailed rules and guidance which govern FCA regulated firms. The FCA Handbook is divided up into ten “blocks” of rules, and within these “blocks” are “sourcebooks” which cover specific areas of regulation. The Client Money and Assets Rules are in the CASS Sourcebook.

FCA firms can only hold client’s money or assets if they are permitted to do so. For firms who hold client’s money and assets, there are two key sourcebooks within the FCA Handbook to be particularly aware of:

  • The Client Assets Sourcebook (CASS), found within the Business Standards “block”, is a set of rules designed to protect clients’ money and assets held by firms. This protection is from loss, theft, diminution, and securing the assets for customers in the event of a firm’s insolvency. Firms who hold client assets and money are required to adhere to these rules.
  • The Supervision Sourcebook (SUP), found within the Regulatory Processes “block”, is another set of rules, and it includes, among other things, application criteria which specifies the firms that need a CASS audit, and the type of CASS audit opinion required.

What is a CASS audit?

A CASS audit is an assurance engagement (but commonly referred to as an audit) which results in an assurance opinion on the firm’s handling of clients’ money and assets. With requirements dictated by the FCA Handbook, there are two types of CASS audit engagements, and the CASS audit required will depend on the activity and permissions a firm has:

  • Reasonable assurance (RA) – required for firms who hold or control client money and assets, the assurance provider will express a “positive” opinion (similar to an audit opinion) about whether the firm maintained systems adequate to enable it to comply with the relevant rules throughout the period, and whether the firm was in compliance with those rules as at the end of the period. Reasonable assurance is a high level of assurance where an auditor will conduct extensive procedures, likely involving regular interim visits during the year as well as performing procedures after the year end.
  • Limited assurance (LA) – required for certain firms who can hold or control client’s money or assets but do not, or for firms who cannot (ie do not have permission to) hold or control clients’ money or assets. For this type of engagement, the assurance provider will express a “negative” opinion to confirm that nothing has come to their attention that causes them to believe that the firm held clients’ money or assets during the period. In a limited assurance engagement, the auditor primarily performs analytical procedures and inquiries to obtain a level of assurance that is meaningful but less than reasonable assurance.

In certain circumstances, there may be a need for the assurance provider to prepare a third type of report – a hybrid report – which incorporates both elements of reasonable and limited assurance, for instance when a firm begins the accounting period with the permission to hold client money and assets but then applies to have the permission removed and it cannot hold client money and assets for the rest of the year.

There is no concept of materiality in a CASS audit, with all breaches of rules reported on the reasonable assurance report, which is submitted to the FCA. Not all FCA regulated firms require a CASS audit engagement, however the requirement is not necessarily restricted only to those firms which can or do hold or control client money or assets.

Who needs a CASS audit?

Any FCA-regulated firm that holds or controls client money or assets is subject to CASS rules. This includes investment firms, banks (when not deposit taking), insurance companies, and certain types of mortgage and insurance intermediaries. If your firm falls into one of these categories, you’re required to have a CASS audit (reasonable assurance report).

It’s important to note that even FCA firms that don’t hold client money or assets may still require a CASS assurance report. For example, a designated investment firm that cannot, or can but does not, hold client money and/or custody assets in relation to their regulated activities, still requires a CASS audit (limited assurance report) if they’re subject to a statutory audit (our article on does my FCA firm require an audit covers this topic) in order to give assurance that there is nothing to indicate that client money or assets have been held inappropriately. On the other hand, firms that cannot hold clients’ money or assets and do not require a statutory audit, such as certain small investment management or personal investment firms, are not required to undertake a CASS audit.

Additionally, although not yet implemented, the FCA’s CP24/20 consultation on safeguarding for payment and e-money firms has explored changes to the CASS requirements for payment institutions (PIs) and e-money institutions (EMIs). The proposed safeguarding reforms would mean that CASS-style safeguarding audits will be required for authorised PIs, authorised EMIs, and credit unions issuing e-money, whilst remaining voluntary for small PIs or EMIs. The new rules are yet to be implemented but are expected in mid to late 2025 and they represent a step-change for EMIs and PIs to get to grips with.

CASS audit deadline

CASS auditors are required to submit CASS audit reports to the FCA, alongside providing the firm’s management with a copy of the report. There are a number of deadlines that CASS firms need to be aware of, however in terms of the CASS assurance reports, these are due within four months from the end of the period covered. Therefore, the reporting requirements require a quick turnaround post year end, and CASS and statutory audits should be discussed and planned significantly in advance of the year end compliance process.

Navigating the complexities of CASS rules can be challenging. However, understanding these rules is crucial for firms that hold or control client money or assets. A thorough understanding of the differences between limited and reasonable assurance, awareness of deadlines, and knowledge of applicable legislation can help firms ensure compliance and protect their clients’ money and assets.

Consequences of non-compliance

The consequences of not complying with the FCA’s CASS rules and requirements can be severe. In recent years there have been various fines issued by the FCA in relation to CASS failings, ranging from £700,000 up to c.£9 million. Failure to comply with CASS rules can have a detrimental effect to firm reputation, and in the most extreme cases, the FCA retains the power to remove a firm’s ability to carry out a regulated activity or close the firm down at its own initiative.

These examples emphasise the importance of regulated firms being aware of the requirements around holding and controlling clients’ money and assets, and having appropriately robust systems, controls, and resources to maintain compliance.

How we can help

If you’re unsure whether your firm requires a reasonable or limited CASS audit, our specialist team has extensive experience supporting professional practice and financial services firms. To see how we can support you, or if you have any questions, please get in touch with Tom Alun-Jones.

Contact us

Tom Alun-Jones
Tom Alun-Jones

Partner, London

Key experience

Tom advises a range of commercial clients, including owner-managed and international businesses across multiple sectors.

Latest Insights
arrow_back
arrow_forward
Partnership tax return
Articles 16 Jun 2025
Partnership tax return
Read on
Employment related securities reporting
Articles 23 May 2025
Employment related securities reporting
Read on
VAT and interest on client account funds
Articles 16 Apr 2025
VAT and interest on client account funds
Read on
Branch vs subsidiary: what are the differences?
Articles 31 Mar 2025
Branch vs subsidiary: what are the differences?
Read on
How to improve profitability in the face of increasing employment costs
Articles 11 Mar 2025
How to improve profitability in the face of increasing employment costs
Read on
How to become a partner – top tips
Articles 21 Feb 2025
How to become a partner – top tips
Read on
Salaried member rules
Articles 20 Feb 2025
Salaried member rules
Read on
Business exit planning
Articles 5 Feb 2025
Business exit planning
Read on
Company size thresholds: expected increases and potential impacts on your business
Articles 15 Jan 2025
Company size thresholds: expected increases and potential impacts on your business
Read on
Loading