Release Date: 5th October 2016
To access the original FCA document, click here.
Summary
The Financial Conduct Authority (FCA) has fined Aviva Pension Trustees UK Limited and Aviva Wrap UK Limited (collectively Aviva) £8,246,800 for failing to properly oversee their outsourced providers regarding client assets. This failure contravened the Client Assets Sourcebook (CASS) rules, which are designed to protect client money and assets in the event of a firm’s insolvency, ensuring their prompt return to clients.
Mark Steward, Director of Enforcement and Market Oversight at the FCA, emphasised the responsibility firms retain over compliance with CASS rules, even when tasks are outsourced. He noted that regulated activities can be delegated but not abdicated. This case marks the first CASS enforcement related to oversight failures in outsourcing, serving as a warning to other firms with similar arrangements to maintain robust control systems.
Between January 2013 and September 2015, Aviva breached Principles 3 and 10 of the FCA’s rules, which require firms to have adequate management and control systems, and to properly safeguard client assets. Aviva failed to implement appropriate controls over Third Party Administrators (TPAs) managing client money and performing external reconciliations. This resulted in inadequate challenges to TPAs’ internal controls, competence, and resources. Additionally, Aviva lacked the necessary resources and technical expertise for effective CASS oversight, leading to delayed detection and correction of compliance issues.
Specific deficiencies included failures in Aviva’s internal reconciliation process, leading to under- and over-segregation of client money, with under-segregation peaking at £74.4 million. Aviva also failed to submit accurate Client Money and Asset Returns (CMAR) and maintain an adequate CASS resolution pack. Despite the serious nature of these failings, there was no actual loss of client money or custody assets during the period. However, the breaches highlighted the potential risks customers could face if Aviva had become insolvent.
Aviva agreed to settle at an early stage, receiving a 30% discount on the fine, which otherwise would have been £11,781,262.
Key Takeaways for Other Firms:
- Maintain Robust Controls: Ensure strong oversight and control systems for outsourced activities.
- Compliance with CASS Rules: Firms must comply with CASS rules to protect client assets, even when functions are outsourced.
- Adequate Resources and Expertise: Dedicate sufficient resources and technical expertise for effective CASS oversight.
- Accurate Reporting: Submit accurate CMAR and maintain proper CASS resolution packs.
- Prompt Issue Resolution: Detect and rectify CASS risks and compliance issues promptly.
In conclusion, Aviva’s case underscores the importance of maintaining robust oversight and control systems, especially when outsourcing key functions, to ensure compliance with regulatory requirements and protect client assets.
Back to the Dear CEO letter archives.