The requirement to create and maintain a CASS Resolution Pack (CASS RP), formed a key plank in the FCA’s review of the client assets regime in the UK. It requires each firm which is subject to CASS Chapter 6 (Custody rules) or Chapter 7 (Client money rules) to collate certain information regarding its handling of client money and safe custody assets that would be of use to an insolvency practitioner in the event of the firm’s failure. The purpose of the rules is to facilitate the return of client money and safe custody assets more quickly than is currently the case.
CASS RP and MiFID II
Having been in force since October 2012, most UK firms holding client assets are very familiar with the CASS RP requirements. However, there is considerably less awareness of recent developments which would lead to the introduction of similar legislation at a European level.
Articles 16(8) and 16(9) of the MiFID II Directive require that investment firms holding financial instruments or funds belonging to clients, make “adequate arrangements” to safeguard the rights of those clients. In its MiFID II/MiFIR Consultation Paper published on 22 May 2014, ESMA noted the practical difficulties insolvency practitioners experience in gathering basic information about client money processes and the resultant delay in the return of client money. In order to mitigate this risk it proposed that firms hold basic information relating to the safeguarding of client assets in a way that “may be used as an audit trail” (a requirement consistent with Principle 1 of the IOSCO Recommendation Regarding the Protection of Client Assets) and that can be easily accessed at short notice by a national competent authority, an insolvency practitioner or those responsible for the resolution of a failed firm. The information which firms would be obliged to hold would include:
- related internal accounts and records (reconciliations, client ledgers, cash books etc.) that readily identify the balances of funds and instruments held for each client;
- where client funds are held by the investment firm in accordance with Article 18 of the MiFID II Directive (i.e. in the course of operating an MTF/OTF), details of the accounts where client funds are held (bank or qualifying money market fund) and the relevant agreements with those entities;
- where financial instruments are held by the investment firm in accordance with Article 17 of the MiFID II Directive (i.e. held in relation to algorithmic trading), details of accounts opened with third parties and the relevant agreements with those entities;
- details of third parties carrying out any related (outsourced) tasks;
- key individuals of the firm involved in related processes, including those responsible for oversight of the firm’s requirements in relation to the safeguarding of client assets; and
- relevant client agreements.
Of the 253 responses received by ESMA to its MiFID II consultation, only 31 expressed an opinion on the three questions addressing ‘Euro-CASS RP’ issues. Of those 31, 84% (26) were supportive of the initiative. Leading institutions backing the drive to take CASS RP across the Channel included:
|Blackrock||BNY Mellon||BNP Paribas||The BBA|
|Deutsche Bank||Deutsche Borse Group||The European Banking Federation||HSBC|
|The IMA||London Stock Exchange||SocGen||State Street|
Broadly, the ESMA proposals look set to mirror those already in force in the UK. However, the requirement that records be maintained in such a way as to operate as an “audit trail” is interesting. Viewed in its context, this would appear to require firms to ensure that the path to each component part of the ‘Euro-CASS RP’ must be up-to-date, rather than to be able to trace the history of each such component (although having the ability to do both is always helpful). In general, this is something which CASS firms in the UK have found very difficult to achieve and even more difficult to monitor.
The next stage of the legislative process will see ESMA publish draft technical advice, to be submitted to the EU Commission for approval by 3 January 2015. Ultimately, the ESMA advice will form the basis of an EU Commission “delegated act”, which will take the form of a Commission Regulation or Commission Directive. Current estimates suggest that the delegated act will have to be transposed into Member State law by 3 July 2016 and will enter into force (if no objection is received from either the EU Parliament or the Council) by 3 January 2017. Whilst firms will have an opportunity to comment again during this process, presumably ESMA will consider that it now has a mandate to introduce ‘Euro-CASS RP’ and debate will focus more on the detail, rather than the principle, of the legislation.
CASS RP Live!
If the UK experience is anything to go by, firms will find strict compliance with ‘Euro-CASS RP’ difficult to achieve in practice and will need to begin the process of complying well in advance of the regulatory deadline. Fortunately, help is already at hand. CASS RP Live! is a sophisticated technical solution which automates the creation and maintenance of a CASS RP and will also meet the new MiFID II requirements. Generating the analysis and audit trail necessary to achieve and prove regulatory compliance, its main features include:
- Regulatory dashboard: highlights CASS RP completeness and areas requiring remediation;
- Systems integration: CASS RP Live! seamlessly integrates into primary data sources within back office systems, automating CASS RP population and management;
- Workflow functionality: business process management module co-ordinates CASS RP maintenance activities, escalation points and approvals;
- Document and Content Analytics: CASS RP Live! provides the ability to search across a variety of document sources, making intelligent automated categorisation decisions;
- Reporting: standard ‘out of the box’ reports are enhanced by a flexible and user-friendly self-service custom reporting capability;
- Security: access to the CASS RP Live! application is protected by a full authentication and authorisation module; and
- Deployment: CASS RP Live! can be deployed on premise or cloud hosted.