Handling client money

08 July 2019

While a lot of brokers are comfortable with their procedures, we’re providing a timely reminder for those who may need to review how client money is handled.

Stocks percentage rise

Handling client money

One of the biggest and most important tasks of an insurance broker is handling client money. It is also one of the hottest topics within the FCA and the regulator will have little sympathy for any firm who fails to follow the client money rules. While a lot of brokers are comfortable with their procedures, recent experiences have suggested that a timely reminder would not be a bad thing.

Why the FCA focus on client money?

A good place to start is to look at some of the FCA’s operation objectives. There are two to consider, consumer protection and prevention of financial crime. Let’s consider the first one, consumer protection and how this links to treating customers fairly (TCF).

Consumer protection

Insurance can often be an expensive purchase and one borne out of necessity or legal obligation, rather than something purchased because it’s desirable or makes us feel good. So when spending a lot of money, the customer needs to feel that their hard-earned cash is not going to vanish into thin air. People hear so much about scams and theft, they need to be confident that their money is going where it should be, i.e. the insurer.

This is fundamentally why there’s a need for separate bank accounts that are not part of the broker’s own assets and are ring-fenced so that money is safely held and subject to robust systems and controls and its own set of very specific and clear FCA rules (Client Assets Sourcebook, commonly referred to as CASS).

From a TCF point, why wouldn’t you treat the customer fairly by keeping their money safe?

Prevention of financial crime

Looking at the second objective, prevention of financial crime, it seems that hardly a week goes by without the media reporting on some type of scam.

The message is clear that the Government wants the UK to be a very difficult place in which to carry out any sort of financial crime, a difficult task, but nonetheless a task in which we all have a part to play. As a consequence, the FCA will expect all firms to have the necessary robust systems and controls in place to “do their bit”. This is why we have a dedicated CASS rule book which requires regular reconciliations, documented procedures, due diligence on banks and third parties and so on.

Obvious perhaps but not always considered, is the direct link between protecting client money and the need for good cyber security and associated processes. We hear of too many examples of brokers being hit by scams, cyber attacks often leading to the loss of client money.

By being vigilant, we can all help prevent financial crime.

Is a CASS audit needed?

Even now, some fifteen years after the introduction of the CASS rules, we still see confusion about what is needed and unfortunately, still see firms not arranging such audits, which of course is a serious breach of FCA rules.

So, let’s start by reminding ourselves when a CASS audit is needed.

  • If you have a statutory trust client account(s) and the balance reaches £30,000 at any point in a year, then a CASS audit must be obtained.
  • If you hold a non-statutory client account(s), then a CASS audit is mandatory, irrespective of the balance.
  • Even if the majority of money (or all of it) held in these accounts is risk transfer money, the mere fact of holding it in a client money account creates a client money environment and so triggers the audit requirement.

The audit must be completed within four months of your year-end and must be completed by an independent auditor (i.e. it cannot be undertaken by somebody “in house”) and must be presented in a prescribed format laid down by the FCA.

Unfortunately, we still see examples of audit firms not getting the format correct and unfortunately, this will land at the firm’s door. It is the broker who is responsible for ensuring that the auditor has the necessary skills and experience, so good questioning of your prospective auditor is required at the outset. (Your usual compliance consultant can guide you here).

All too often, we are told by a firm that they did not have an audit as they take advantage of the Small Firms Audit Exemption or that they do not need their accounts audited due to their status. However, that is not relevant in any way to the client audit which is independent of whether or not the firm has to have an audit of their trading accounts or not.

If all money is held in a non-statutory risk transfer/insurer account, then it is not client money and no audit is required, unless your insurer TOBA specifically requires it.

Getting it wrong

If something goes awry, there is always a possibility of the FCA wanting to take a closer look at a firm. But what can happen?

Let’s look at some issues/scenarios. In no particular order…

  • If a firm fails to carry out its client money reconciliations and associated bank reconciliations, how can it be sure that it has sufficient funds to settle the insurer account when it is presented? Also, how will it know how much of the ‘client money’ is due to itself as commission?
  • A failure in a firm’s client money procedure could result in a loss for the client and leave the firm open to action to either recompense the client or pay the insurer or pay a claim.
  • Failure to obtain the annual audit not only means that there is no independent validation of the firm’s own procedures, but it is also a serious breach of CASS rules and would leave the firm open to possible FCA censure.
  • If an account is not set up and designated correctly, it could lose the protection of its trust status and this means that all the client money could potentially be available to any insolvency practitioner (in the event of a firm’s failure) to pay off preferential creditors such as HMRC, so leaving clients potentially uninsured or missing refunds or claims monies.
  • Holding money that is not subject to risk transfer in a risk transfer-only account could be a breach of trust law and again could seriously impact on the protection offered by such trusts, in the event of a firm’s failure.
  • Sometimes we see that an accountant or finance person when compiling balance sheets and profit and loss accounts includes client money as an asset and a liability, these should not be shown. It is not the firm’s money!

It is important that your accountant fully understands the FCA requirements and can deal with the issues that may arise. Remember, it is the firm’s responsibility to show that their accountant has the necessary expertise and skill to deal with client money.

Also, we are frequently asked about refunds to clients who cannot be located and when can the firm claim this. The answer is never. It is not the firm’s money, it is the client’s and the firm cannot take what is not theirs.

The FCA may be concerned as it demonstrates a lack of understanding of the rules.

No matter what the issue, the FCA will look at any client money breach closely and will expect all firms to have robust systems and controls in place to manage adherence to all its rules. Unlike many elements of the FCA, client money is very much rules-based so is much more black and white as opposed to the potential flexibility of any principles-based regulation.

The FCA may be far less forgiving of any issues it sees and when we look back over the years at enforcement action taken against regulated general insurance brokers, much of the action stems from breaches of client money rules.

In any supervision interaction, you can be sure that client money will form part of any discussion at some stage and the FCA will expect all directors, partners and principals to be able to demonstrate that they are fully up to speed with the CASS rules and the firms processed and procedures.

Given the increased responsibilities being brought in by the Senior Managers & Certification Regime (SM&CR), all those affected as Senior Managers will now have a much more obvious interest in client money responsibility will be clearly laid down in black and white on the Statement of Responsibilities.

Also, some firms may have senior finance people as certified persons who will be much more accountable. So, when considering SM&CR and the actions required, ensure that these areas are covered very early in the process and that everybody is suitably competent in those areas.

Things to look out for:

  • If you’re unsure whether or not you have risk transfer, co-mingling or subordination of interest from insurers and wholesalers/MGAs, check the Terms of Business Agreements (TOBAs) from those parties as these should have a section covering the requirements.
  • Ensure your accountant has the necessary skills, knowledge and experience to do the CASS audit.
  • Maintain the most effective form of cyber security and ensure that your staff are aware of the risks and how to deal with them.
  • Don’t delay your preparations for SM&CR as this has a direct link to responsibility for client money.
  • Seek expert opinion if you’re unsure of the rules as it’s far less expensive and time-consuming than attention from the regulator.


Protect client money as if it’s your own but always remember that it isn’t. Many FCA investigations and subsequent actions start with a client money issue so it makes sense to get it right.

This document is provided for information purposes and is general and educational in nature. Nothing in this article constitutes legal advice. You are free to choose whether or not to use it and it should not be considered a substitute for seeking professional legal help in specific circumstances.