Practitioners at the heart of the securities industry
Controls include completeness checks and exclusions are authorised
The same, agreed account population is used across the firm
The underlying data used to perform controls is correct
Exceptions are actively reviewed, documented and interpreted to understand and address causes
Recent FCA fines have emphasised the continuing importance of accurate, entity-specific records, correct legal arrangements, and consistent and correct account naming that result in accurate CMAR returns and an adequate
CASS resolution pack.
Ensuring that data is accurate and correct is difficult. Infrastructures are likely to be complex with multiple legal
entities, systems, locations and regulatory regimes and a range of products and services supported by different data, process, control and exception owners on a combination of strategic and legacy systems and processes.
The CF10a has responsibilities to both the regulator and their firm. For the regulator, they must ensure rules are complied with, breaches are identified and reported, and standard reporting is accurate. For their firm, they are responsible for minimising the risk of fines and reputational damage, identifying potential and actual breaches, and making sure that breaches are addressed.
In order to achieve this, they are dependent on the quality of the underlying data. On a day to day basis this will be monitored by process owners providing assurances that all relevant data sets are complete and correct, that all necessary processes are operating effectively, and that all required exceptions are being identified and addressed.
This will be supported by audit review and substantive testing.
Is this sufficient? Most firms developed their post-trade processing models before CASS, so processes and controls
were originally designed to meet other objectives: typically operational efficiency and risk management. The extent to which these controls map to those needed for CASS compliance will vary from firm to firm.
Practitioner knowledge is essential to understand the relationships between functions and where issues are likely to arise. There may be limited understanding of hand-offs and even then, problems are not usually with understanding
the flows for core activities: it is the exceptions that cause issues.
Please let us know if you would like further information about our experience in helping firms with CASS control environment review, differences identification, and data and control remediation. We have extensive experience,
both as practitioners and consultants, in working with firms to address these issues.