global insurance management

Client Money and Assets


Apr 20 2011

Client Money and Assets  – Audit requirements

Relevance:             All authorised firms, but especially those with permission to hold Client Money

Action required:     Ensure you and your auditors, understand and implement changes to client money audit report requirements.

Towards the end of last year we outlined the FSA’s proposals to improve the quality of auditor’s reports on client money and assets.  The FSA was not overwhelmed by the level of responses (20 in total) and so it is no surprise that they intend implementing these proposals, virtually unaltered.

The revised rules and guidance will require that:

  • a reasonable assurance report is provided where the firm is holding client money and/or assets and a limited assurance report where the firm claims not to hold client money and/or assets (although firms without permission to hold client money are still NOT required to have an audit by the FSA);
  • the auditor’s client assets report complies with applicable auditing standards, such as published by the Auditing Practices Board (APB);
  • the stipulated template is used for the auditor’s report;
  • the auditor’s report be signed by the individual (in their own name) in the audit firm with primary responsibility for the report;
  • the auditors prepare a separate schedule identifying the CASS rule breaches noted;
  • the firm provides comments in the auditor’s client assets report on actions taken where any rule breaches are identified;
  • firms’ governing bodies review the findings of the report;
  • the Mandates rules (CASS 8) come back within the scope of the auditor’s report;
  • existing rules that stipulate the categories of firms that are required to obtain an auditor’s report are simplified; and
  • Auditors deliver reports on client assets within four months from the end of the reporting period.

What is the timescale?

The new rules will be effective from 01 June 2011.  However, if the reporting period ends on or before 29 September 2011, firms and their auditors can decide not to apply these requirements to the auditor’s report for that period.  After that, auditor’s reports with periods ending 30 September 2011 and onwards will need to meet the new requirements.

BUT, we need to be clear that not all firms need to provide an auditor’s report.  It is still the case that an auditor’s client assets report (previously known as a Client Money Audit Report) is required for all general insurance intermediaries (irrespective of whether they are a limited company, partnership or sole trader) who:

  • hold client money in a non-statutory trust client bank account; or
  • have held more than £30,000 in a statutory trust client bank account at any time (even if only for one day) in the client money audit reporting period.

Therefore, for most insurance intermediaries there is likely to be little that changes.

  • If the insurance intermediary firm’s business is entirely covered by Risk Transfer arrangements, it will still not have to provide an auditor’s report. 
  • If the insurance intermediary firm was required to have an auditor’s report before, then it must continue to do so and apply the revised requirements.

However, some insurers are seeking auditor’s reports as part of the TOBA, even if full Risk Transfer has been granted.

So, what changes are there for firms? 

1)    The firm is to review the draft auditor’s report and add comments/explanation for any identified rule breaches and remedial action undertaken before returning it to the auditor.  This must be done in time for the auditor to be able to submit the final report to the firm within the 4 months timescale.

1)      The final report must be viewed by the firm’s governing body which will use it to confirm whether the relevant systems and controls are adequate.

2)      The firm must already take reasonable steps to ensure that its auditor has the required skill, resources and experience to be appointed but it must now keep this under regular review, together with a continual assessment of the quality/adequacy of the auditor’s report.

And for the auditor?

1)      To agree with the firm whether the audit report is to be carried out under a reasonable or a limited assurance arrangement.

2)      To include a review of compliance with the mandate rules.

3)      To provide the audit report in the prescribed format (see below).

4)      To ensure the report is in the name of and personally signed by the person primarily responsible for the audit report.

5)      To supply the report within 4 months of the end of the relevant reporting period.

Back to news

Global News Archive

We are now part of the AXA Group Click here

Generation 3 Ceramic  Click here

Cutting edge, Market Leading Software from our Solutions company. Click here