Technical Rules Support
The circa 900 lines of rules in the Clients Assets Sourcebook are supplemented in other chapters such as SUP with rules on reporting and SYSC with rules on systems, controls, governance and oversight. Alongside financial crime and market abuse these rules are a cornerstone of the UK regulatory regime and go to the heart of protecting consumers and ensuring markets function well.
With external auditors reporting directly to the FCA on your compliance with CASS it is unusual for a firm to not want to uncover issues themselves before they lose control of the timing and message to a third party. However, not all Internal Audit and Compliance Monitoring teams have the in-house expertise to scope and run their audits\reviews. We provide a flexible service ranging from running that audit or review through to simply being on the end of a conference call guiding the in-house team on their findings. We appreciate that CASS issues can be a moving target and we're happy to talk through where you have got to with no obligation.
A well run operations function will be protecting clients and those in the SMCR for the benefit of the firm and its shareholders. Although, even the best run operations functions will not always be in compliance with CASS all of the time; this is the nature of rules about operations. We are experienced in establishing all the documentation you need to operate a CASS compliant operation such as frameworks, policies, and procedures.
Please give us a call or use our contact us form to discuss your specific requirements.
We also provide CASS Training, more details here.
The PRA and FCA rules on Outsourcing are predominately about how to engage, onboard and oversee an arrangement with a third party provider. The regulations cover activities that you may engage a third party to provide on your behalf as well as when you establish an internal hub, or centre of excellence, wherever they may be located.
We can help you establish or update your ways of working such as frameworks, policies and procedures using tried and tested ways that are both practical and business oriented. Please give us a call or use our contact us form to discuss your specific requirements.
We also provide training on Outsourcing, more details here.
Whilst the vast majority of implementation projects for the General Data Protection Regulation (GDPR) and UK Data Protection Act closed sometime ago, many firms are finding they are still adjusting to some aspects of the new regime. Often this is because they have never received a Data Subject Access Request or have not yet had to consider how they might transfer data to a third party provider or across borders. These are examples of areas where we have had real complex experience and can help you develop ways to handle matters either as an ad hoc or as a robust repeatable process.
Other areas we're finding firms are still bedding tend to be around record retention and handling breaches. We can help you review how your currently operating and help you update your processes or policies using tried and tested ways that are both practical and business oriented. Please give us a call or use our contact us form to discuss your specific requirements.
The SMCR has very quickly become a process to be managed and we have vast experience of drafting policies, and designing and implementing frameworks and procedures.
However, SMCR is about achieving individual accountability which makes it personal to the responsible individual. There are times when a folder with a copies of emails may be useful in evidencing Reasonable Steps but there will also be times when it is about how you do your job day to day and how you exercise oversight over those for whom you have responsibility. We can share tips and techniques, and lay the ground work so you are able to protect yourself whilst we set you up for success. Please give us a call or use our contact us form to discuss your specific requirements.
We also provide training on all aspects of SMCR, more details here.