FINAL NOTICE

ACTION

1. For the reasons given in this notice, the FSA hereby imposes on Christchurch
Investment Management Limited (“Christchurch” or “the Firm”) a financial penalty
of £26,600.

2. Christchurch agreed to settle at an early stage of the FSA’s investigation and
qualified for a 30% (stage 1) discount under the FSA’s executive settlement
procedures. Were it not for this discount, the FSA would have imposed a financial
penalty of £38,000.

SUMMARY OF REASONS

3. On the basis of facts and matters described below, the FSA has concluded that
Christchurch breached Principles 3 (management and control) and 10 (clients’ assets)
and associated FSA Rules set out in the Client Assets sourcebook (the “CASS

Rules”) between 1 November 2007 until 2 March 2011 (the “Relevant Period”) by
failing to ensure adequate protection of the Firm’s client money during this period.

4. Specifically, Christchurch had insufficient knowledge and oversight of its
compliance with the CASS Rules; and, as a consequence Christchurch:

a) Failed to arrange adequate protection for client money and assets for which it
was responsible in that Christchurch:

i. applied the wrong standard of daily reconciliations of client money;

ii. carried out inadequate reconciliations of client money with external
records; and

iii. did not have adequate trust status letters in place for each of its each
client bank accounts.

b) Failed to take reasonable care to organise and control its affairs responsibly
and effectively, with adequate risk management systems, in that Christchurch:

i. handled client money without adequate division of duties between staff
to prevent the risk of fraud; and

ii. handled client money without adequate internal checks and balances.

5. The FSA views the Firm’s failings as serious because:

a) the Firm did not take reasonable steps to familiarise itself with the CASS
Rules;

b) the FSA places great importance on the responsibilities of firms to ensure they
have adequate compliance oversight, in particular, the CASS Rules are there
to ensure firms handle client money in a safe manner and have appropriate
controls to mitigate the risk of loss;

c) the failings placed its client money at risk;

d) it did not identify its own deficiencies in handling client money, but this was
identified by the FSA;

e) the conduct of its compliance officer, Mr Thornberry, fell far below the
standard which would be reasonable in the circumstances; and

f) the requirements of CASS have been the subject of various publications from
the FSA setting out the practical measures a firm should take to safeguard
client assets.

6. The FSA has taken into account that whilst client money was at risk there was no
actual loss of client money. The FSA has also taken into account the following
factors which have served to mitigate the seriousness of the Firm’s failings, namely
that the Firm:

a) accepted at an early stage that it had not discharged its responsibilities for
client money to an appropriate standard;

b) has co-operated fully with the FSA’s investigation; and

c) has implemented changes to its handling of client money procedures.

DEFINITIONS

7. The definitions below are used in this Final Notice:

“the Act” means the Financial Services and Markets Act 2000;

“CASS Rules” means Client Assets Sourcebook;

“Christchurch” or “the Firm” means Christchurch Investment Management Limited;

“Dear CEO letter” means a letter issued by the FSA to the Chief Executive Officers
of authorised firms holding client money in January 2010;

“Dear CO letter” means a letter issued by the FSA to the Compliance Officers of
authorised firms holding client money in March 2009;

“DEPP” means the Decision Procedures and Penalties Manual;

“the FSA” means the Financial Services Authority;

the “Principles” means the FSA’s Principles for Businesses;

the “Relevant Period” means the period between 1 November 2007 until 2 March
2011;

“SYSC” means Senior Management Arrangements, Systems and Controls; and

“the Tribunal” means the Upper Tribunal (Tax and Chancery Chamber).

FACTS AND MATTERS

8. Christchurch is an investment management business, based in London, specialising in
financial planning and portfolio management. Christchurch has been authorised and
regulated by the FSA since 1 December 2001 and is permitted to hold client money.

9. In the course of its business, Christchurch receives money on behalf of clients for
investment in ISAs and SIPPs and as part of its portfolio management. The money
Christchurch receives on behalf of its clients is client money and is subject to the
relevant requirements and standards set out in the CASS Rules.

10. Christchurch has around 2,500 clients, of which it handled client money and assets
for 227, and calculated that from 30 November 2007 until 28 February 2011 it held
an average of £1,242,466 of client money.

11. During the Relevant Period Christchurch had 8 investment advisors (CF30), three of
whom were its directors (CF1). Christchurch allocated its Compliance Oversight
function (CF10) to Mr Thornberry, one of its directors; consequently from 17
September 2007 Mr Thornberry was responsible for the oversight of the Firm’s
handling of client money.

Client money thematic project

12. In March 2009, the FSA issued a Dear CO letter to all large firms and posted a copy
for all firms on its website. The Dear CO letter reminded firms that they should
make adequate arrangements to protect client money. The letter highlighted issues
for firms to consider and warned firms that visits focusing on client money controls
would follow during 2009.

13. In January 2010, the FSA issued a Dear CEO letter and published a Client Money
and Asset Report notifying firms of failings indentified during work conducted by the
FSA in 2009. The letter warned firms that client money visits would continue
through 2010. Small firms, including Christchurch, were notified of the Dear CEO
letter and the report through the monthly emailed Regulation round-up in February
2010.

14. As part of enhanced supervision of client assets, the FSA has conducted a thematic
project into the management of client money held by small firms. The aim of the
project was to:

a) assess whether client money held by firms was safe and would be returned
within a reasonable time in the event that a firm became insolvent; and

b) ensure firms were taking their responsibilities seriously with regard to client
money and had appropriate controls in place to mitigate any risks.

15. On 25 and 26 May 2010, the FSA visited Christchurch to review its client money
arrangements. During the visit the FSA identified a number of issues, including:

a) an inappropriate division of duties for client money processes at Christchurch,
with a high concentration of risk given the range and responsibilities of one
individual, the compliance manager;

b) inappropriate systems and controls to oversee the handling of client money;

c) not performing internal reconciliation of client money in line with the standard
method of internal client money reconciliation;

d) ensuring sufficiently frequent client money reconciliations with external
records; and

e) inadequate client trust status letters for each of the 227 client bank accounts
opened.

16. As a result the FSA required Christchurch to provide a skilled person’s report in
respect of the CASS Rules. On 27 November 2010 the skilled person issued a report
that focussed on the FSA’s concerns from the visit about Christchurch’s ability to
comply with the CASS Rules as at October 2010, in particular, the requirements
relating to client money internal reconciliation (calculations), reconciliations with
external records, trust status letters, compliance oversight/segregation of
duties/conflicts of interest and client assets. Its purpose was to provide assurance that
the firm was conducting its business in compliance with Principle 10 and provide the
FSA with assurance that the Firm has taken the necessary steps to remedy the
concerns and mitigate the risks identified as a result of the May 2010 visit. Since the
FSA visit, the skilled person noted that Christchurch has made “significant progress
in improving its controls around client money and assets”.

Compliance oversight

17. There was an external and internal component to compliance oversight at
Christchurch. The role of the external compliance consultants was significantly
reduced in 2008 and during the Relevant Period they did not provide any oversight of
the Firm’s compliance with the CASS Rules. The internal compliance function was
divided between two people: Mr Thornberry and the compliance manager.
Christchurch appointed Mr Thornberry to carry out the controlled function of
compliance oversight (CF10) and gave him responsibility for oversight of its controls
for its handling of client money. Mr Thornberry had no prior experience as a
compliance oversight officer.

18. The FSA considers, and Mr Thornberry accepted in interview, that during the
Relevant Period, Christchurch failed to ensure that Mr Thornberry:

a) had formal training for his CF10 role;

b) was aware of the CASS Rules on trust status letters before the FSA visit; and

c) reviewed and tested the adequacy of the existing system and controls relating
to CASS.

19. The Firm relied on Mr Thornberry, even though he was newly appointed in
September 2007 and it did not provide any compliance training to him. The Firm
also relied on the compliance manager to raise any discrepancies or deficiencies in
client money calculations with Mr Thornberry. The Firm failed to review the
division of duties between Mr Thornberry and those carried out by the compliance
manager and failed to question the lack of information provided on compliance with
the CASS Rules. The Firm relied on the existing systems that it had inherited,
without asking critical questions of its compliance function.

20. During the Relevant Period the Board did not ensure it had sufficient information to
monitor and assess the adequacy of its client money systems and controls. Any
issues with the CASS Rules were raised with the Board in an ad hoc manner. Mr

Thornberry admitted that the Firm did not fulfil its obligations under the CASS Rules
before the FSA visit.

Separation of duties

21. During the period from 1 November 2007 to 27 November 2010, Christchurch failed
to ensure that the responsibility for client money was adequately divided between
staff. The FSA considers there was a concentration of risk without adequate
oversight from its directors. Prior to the FSA’s visit, the extent of the compliance
manager’s role led to an increased concentration of risk, without adequate checks on
the compliance manager’s actions. The compliance manager:

a) provided compliance support to Mr Thornberry and staff;

b) maintained the internal compliance records and registers;

c) monitored activities of the staff to ensure company procedures were complied
with and staff training was up to date;

d) conducted a daily review of the clients’ balances on the Firm’s operating
systems and the six- monthly custody reconciliations;

e) was responsible for the day to day management of accounts;

f) was responsible for conducting the client money internal reconciliation;

g) was a signatory for client accounts, which needed two signatories;

h) as a joint signatory could open client accounts;

i) received investment cheques;

j) had verification and update access on the Firm’s system and verification
authorisation for its Bank’s payment system;

k) was also able to authorise online payments;

l) held the key to the safe which held the Firm’s chequebooks, share certificates
and register of holdings;

m) received advanced notification of any BACS receipts and payments; and

n) covered for the administration manager and paraplanners in their absence.

22. Whilst it is not possible in a small firm to always achieve a full division of duties, in
this case there was a concentration of duties because of the range of responsibilities
of the compliance manager. The directors failed to identify the potential risks posed
by the concentration of duties.

23. Where one individual has such an extensive range of responsibilities in relation to
client money, the FSA considers that there is an increased concentration of risk of:

a) fraud;

b) mistake; and consequently

c) client loss.

Internal reconciliations and calculations

24. During the period from 1 November 2007 to the FSA visit in May 2010 the Firm did
not conduct a daily internal reconciliation as required by the CASS Rules. The
skilled person’s report found that from the date of the visit until 15 November 2010
the Firm did not apply the standard method of internal client money reconciliation as
required by the CASS Rules. The Firm appeared to be using a hybrid of the separate
client balance and client bank account methods described in CASS 7 Annex 1.

Reconciliations with external records

25. During the period from 1 November 2007 until 24 October 2010, the Firm failed to
conduct daily external client money reconciliations, and instead conducted them on a
quarterly basis. From 24 October 2010 the Firm started to perform daily external
reconciliations.

26. The Firm failed to ensure that its books and records were up-to-date and accurate as
the Firm did not record transactional flows on trade dates or recognise dividend
receipts until the Firm received a tax voucher. The Firm failed to ensure a
sufficiently accurate forward position on client money.

27. The Firm did not have records of client money that it expected to receive on a future
date which would have provided the Firm and its clients with an accurate reflection
of its clients’ forward position. The Firm needed to do so to ensure any client money
that arrives can be immediately and properly identified as client money. During the
period from 1 November 2007 until 25 May 2010 the Firm failed to post transactions
on the day that the transaction occurred and instead delayed in posting transactions
until after receipt of contract notes or tax vouchers. The Firm is required to maintain
its records and accounts in a way that ensures their accuracy, and in particular to
ensure they correspond to the client money held for clients, as is required by CASS
7.6.2. Had the Firm become insolvent it would have been unable to distinguish the
client money held for one client from the client money held for another.

28. During the Relevant Period the Firm operated a number of client money bank
accounts. For most of the Relevant Period the Firm failed to have any client trust
status letters. It is important that firms put adequate trust acknowledgement
documentation in place for their client money bank accounts to ensure that client
money within the accounts is properly protected in the event of the firm’s insolvency.
The FSA views the lack of adequate trust status letters as serious because they create
a risk that, in the event of insolvency the client would face difficulties and delay in
recovering their money and would be exposed to the risk of diminution or loss.

29. Following the issue of a Dear CEO letter by the FSA in January 2010, on 18 March
2010 the Firm contacted its bank to request proper trust status letters as required by
CASS 7.8.1(1) R. Before this date the Firm had not notified the Bank or received
acknowledgement of trust status for the client bank accounts. The Firm did not have
an acknowledgement from the Bank that it had no right of counterclaim or offset
against these accounts and that they were sufficiently distinguished from any Firm
bank accounts. The bank sent trust status acknowledgement letters to the Firm on 30
March 2010, but these were not sufficient to satisfy the FSA’s requirements. The
Firm failed to ensure that the word “designated” appeared in the title of the account
and the account names and numbers were not included in the trust status letters but
were set out separately in an undated list.

30. On 7 and 13 April 2010 the Firm opened two new client bank accounts. Again the
Firm did not obtain a trust letter or withdraw all money standing to the credit of the
accounts within 20 business days (as required by CASS 7.8.1(2)). The client money
held in these accounts was consequently at risk until the Firm received adequate
letters from the Bank on 17 August 2010 in respect of the client accounts; and on 13
October 2010 in respect of the settlement account (which was used as a client bank
account).

31. Under the CASS Rules, the Firm needed to withdraw any client money from the
account if an acknowledgement of trust had not been received within 20 business
days of being notified by the Firm. The Firm did not withdraw the money from the
Bank.

Remedial steps

32. Following the FSA communications, FSA visit and the skilled persons’ report, the
Firm undertook the following remedial steps:

a) in March 2010 contacted the Bank to request proper trust status letters in
response to the Dear CEO letter sent by email in February 2010;

b) since July 2010 it has altered the Board’s focus on the CASS Rules and the
CASS Rules has featured as an individual agenda item at monthly Board
meetings;

c) since 17 August 2010 and 13 October 2010 respectively, it has ensured that
there are appropriate trust status letters in place for each client account and for
each settlement account;

d) since 24 October 2010, it has increased external reconciliations with
individual bank accounts to a daily basis;

e) since 15 November 2010, it has altered the method of daily reconciliation in
line with the standard approach outlined in the CASS Rules;

f) it made changes so that the skilled person concluded on 27 November 2010
they had seen “sufficient controls in place to prevent any one individual
completing the whole process” and that Christchurch had “made significant
progress in improving its controls around client assets and money”;
Page 8 of 18

g) since the May 2010 FSA visit and since the skilled persons report in
November 2010, changed the role of the compliance manager so that the
compliance manager no longer provides cover for authorisation of payments
and cannot release payments on the online system; and

h) since the May 2010 FSA visit, changed the role of the compliance manager so
that there is greater division of duties, sufficient for the skilled person to
conclude that in October 2010 there is “adequate segregation of duties”.

FAILINGS

33. The statutory and regulatory provisions and policy relevant to this Final Notice are
referred to in Annex A.

34. The FSA’s regulatory objective to maintain confidence in the financial system and
the protection of consumers, together with the facts and matters described above, lead
the FSA to conclude that the Firm has failed to satisfy Principles 3 and 10.

35. Specifically, in its client money arrangements the Firm breached:

a) Principle 3: by failing to take reasonable care to organise and control its
affairs responsibly and effectively with adequate risk management systems to
ensure:

i. management oversight was maintained appropriately for client money
arrangements; and

ii. division of duties for the handling of client money.

Consequently, the Board was not in a position to monitor and assess the
adequacy of its client money arrangements or to identify its own shortcomings.

b) Principle 10: by failing to arrange adequate protection for client assets when
it is responsible for them, in particular, the Firm had inadequate:

i. internal reconciliation and calculations of client money;

ii. reconciling between its own internal accounts and those of third
parties, by whom client money is held, on a regular basis; and

iii. trust status letters.

The actual impact of Christchurch’s failure to arrange adequate protection for
client money exposed clients to the risk of financial loss in the event of fraud or
insolvency.

36. Having regard to the facts and matters, the FSA has concluded that Christchurch has
breached the CASS Rules and Principles 3 and 10. Consequently, it is appropriate

and proportionate in all the circumstances to take disciplinary action against the
Firm.

SANCTION

37. The FSA’s policy on the imposition of financial penalties is set out in Chapter 6 of
DEPP, which forms part of the FSA Handbook. The relevant sections of DEPP are
set out in more detail in Annex A.

38. The majority of the Firm’s failings occurred before the change in regulatory
provisions governing the determination on financial penalties on 6 March 2010.
Therefore the FSA has applied the penalty regime that was in force before 6 March
2010. All references to DEPP are to the version that was in force up to 5 March
2010.

39. The principal purpose of a financial penalty is to promote high standards of
regulatory conduct by deterring firms which have committed breaches from further
breaches, and helping to deter other firms from committing similar breaches, as well
as demonstrating generally the benefits of compliant behaviour.

40. In determining whether a financial penalty is appropriate, and if so its level, the FSA
must consider all the relevant circumstances of the case. DEPP 6.5.2G sets out a
non-exhaustive list of factors that may be of relevance in determining the level of a
financial penalty. The FSA considers the following factors to be particularly relevant
in this case.

Deterrence (DEPP 6.5.2G(1))

41. Penalties act as a deterrent, and the FSA must ensure that those who are authorised
persons have an appropriate level of competence and capability and act in accordance
with regulatory requirements and standards. The FSA considers that a financial
penalty is an appropriate sanction in this case to demonstrate the seriousness with
which the FSA regards the Firm’s behaviour.

The nature, seriousness and impact of the breach (DEPP 6.5.2G(2))

42. The FSA has considered the seriousness of the breach including the nature of the
requirements breached and the impact. The FSA considers the following factors to
be both serious and aggravating and which impact on the appropriate level of
financial penalty:

i.
Christchurch exposed its clients to a serious risk of fraud because of the
segregation of duties and heavy reliance on its compliance manager;

ii.
Christchurch failed to take reasonable steps to familiarise itself with the
CASS Rules and as a consequence had insufficient knowledge of the CASS
Rules;

iii.
Christchurch failed to have adequate oversight of its compliance with the
CASS Rules which resulted in the Firm failing to comply with the CASS
Rules during the Relevant Period of three years;

iv.
Christchurch’s breaches were not identified through its own compliance
monitoring, but by the FSA’s visit; and

v.
the breaches exposed clients to the potential risk of financial loss in the event
of insolvency or fraud.

43. The FSA has taken into account the following factors which have served to mitigate
the seriousness of Christchurch’s failings:

i.
the number of clients affected by the trust status letters was small;

ii.
no client money was lost as a consequence of Christchurch’s breach; and

iii.
Christchurch undertook remedial action and rectified its failing upon
identification of the breach.

44. The FSA has considered the above factors, together with the amount of client money
held, in assessing the seriousness of the misconduct. The quantum of the financial
penalty must amount to a clear and credible deterrent.

The extent to which the breach was deliberate or reckless (DEPP 6.5.2G(3))

45. In the FSA’s view the Firm’s breaches were neither deliberate nor reckless.

The size, financial resources and other circumstances of the Firm (DEPP 6.5.2G(5))

46. The FSA considers the level of financial penalty proposed is appropriate, having
considered all relevant factors, including the size and financial resources of the Firm.

The amount of benefit gained or loss avoided (DEPP 6.5.2G(6))

47. The Firm did not benefit from its breach.

Conduct following the breach (DEPP 6.5.2G(8))

48. The Firm co-operated fully with the FSA’s investigation. From the outset it has
acknowledged its failure to ensure compliance with the CASS Rules. As set out
above, the Firm has taken steps to improve its internal processes and monitoring.

Other action by the FSA (DEPP 6.5.2G(10))

49. In determining the level of the penalty, the FSA has had regard to penalties imposed
by the FSA on other authorised persons with similar behaviour. This is considered
alongside the deterrent purpose of imposing sanctions.

50. In light of the matters above, the FSA imposes a financial penalty of £26,600 on
Christchurch for breaching Principles 3 and 10 and the CASS Rules. Were it not for
the early stage at which Christchurch have settled, the penalty would have been
£38,000.

PROCEDURAL MATTERS

Decision maker

51. The decision which gave rise to the obligation to give this Notice was made by the
Settlement Decision Makers.

52. This Final Notice is given under, and in accordance with, section 390 of the Act. The
following statutory rights are important.

Manner of and time for payment

53. The financial penalty is to be paid in 10 monthly instalments. The first instalment of
£2,660 must be paid by Christchurch to the FSA within 14 days of the date of the
Final Notice. The following 9 equal instalments of £2,660 each must then be paid on
the 1st day of the month following the previous instalment (the “Due Date”). If the
Due Date for any given payment falls on a public holiday (including Saturdays and
Sundays) in any given month then the Due Date is deemed to be the first business
day immediately following the public holiday concerned.

54. If Christchurch realises any assets which enable it to pay the outstanding amount of
the financial penalty in full, it will do so within 14 days of those assets being realised.

If the financial penalty is not paid

55. If any instalment is not paid by the Due Date for that instalment then the financial
penalty becomes payable immediately and in full. The FSA may recover the
outstanding amount as a debt owed by Christchurch and due to the FSA.

56. Sections 391(4), 391(6) and 391(7) of the Act apply to the publication of information
about the matter to which this notice relates. Under those provisions, the FSA must
publish such information about the matter to which this notice relates as the FSA
considers appropriate. The information may be published in such manner as the FSA
considers appropriate. However, the FSA may not publish information if such

publication would, in the opinion of the FSA, be unfair to you or prejudicial to the
interests of consumers.

57. The FSA intends to publish such information about the matter to which this Final
Notice relates as it considers appropriate.

FSA contacts

62. For more information concerning this matter generally, contact Kate Tuckley of the
Enforcement and Financial Crime Division at the FSA (direct line: 020 7066 7086
/fax: 020 7066 7087).

…………………………………………………………
Tom Spender
Head of Department
FSA Enforcement and Financial Crime Division

ANNEX A

STATUTORY PROVISIONS, REGULATORY GUIDANCE AND POLICY

STATUTORY PROVISIONS

1. The FSA’s statutory objectives are set out in section 2(2) of the Act and include the
protection of consumers.

2. The FSA has the power under s205 of the Act to publish a statement and under
section 206 of the Act to impose a financial penalty against a firm.

REGULATORY PROVISIONS

3. In exercising its power to impose a financial penalty, the FSA has had regard to the
relevant regulatory provisions and policy published in the FSA Handbook. The main
provisions that the FSA considers relevant to this case are set out below.

Principles for Businesses (“Principles”)

4. Under the FSA’s rule-making powers, the FSA has published in the FSA Handbook
the Principles which apply either in whole, or in part, to all authorised persons. The
Principles are a general statement of the fundamental obligations of firms under the
regulatory system and reflect the FSA’s regulatory objectives. A firm may be liable
to disciplinary sanction where it is in breach of the Principles.

5. The Principles relevant to this case are:

1) Principle 3 management and control which states that “A firm must take
reasonable care to organise and control its affairs responsibly ad effectively,
with adequate risk management systems.”

2) Principle10 clients’ assets which states that “A firm must arrange adequate
protection for clients’ assets when it is responsible for them.”

Client Assets sourcebook (“CASS”)

Segregation of duties and controls

6. CASS 6.5.9G states whenever possible, a firm should ensure that reconciliations are
carried out by a person (for example an employee of the firm) who is independent of
the production or maintenance of the records to be reconciled.

7. CASS 7.3.2R states that a firm must introduce adequate organisational arrangements
to minimise the risk of the loss or diminution of client money, or of rights in
connection with client money, as a result of misuse of client money, fraud, poor
administration, inadequate record keeping or negligence.

8. CASS 7.4.11R states that a firm must take the necessary steps to ensure that client
money deposited in a central bank, a credit institution, a bank authorised in a third

country or a qualifying money market fund is held in an account or accounts
identified separately from any accounts used to hold money belonging to the firm.

9. CASS 7.6.1R states that a firm must keep such records and accounts as are necessary
to enable it, at any time and without delay, to distinguish client money held for one
client from client money held for any other client, and from its own money.

10. CASS 7.6.2R states that a firm must maintain its records and accounts in a way that
ensures their accuracy, and in particular their correspondence to the client money held
for clients.

Reconciliation of client money

11. In relation to CASS 7.6.2R, CASS 7.6.6G provides that:

1) Carrying out internal reconciliations of records and accounts of the entitlement of
each client for whom the firm holds client money with the records and accounts of
the client money the firm holds in client bank accounts and client transaction
accounts should be one of the steps a firm takes to satisfy its obligations under
CASS 7.6.2R, and where relevant SYSC 4.1.1R and SYSC 6.1.1R.

2) A firm should perform such internal reconciliations:

(a)
as often as is necessary;

(b)
as soon as reasonably practicable after the date to which the
reconciliation relates; and

to ensure the accuracy of the firm’s records and accounts.

3) The standard method of internal client money reconciliation sets out a method of
reconciliation of client money balances that the FSA believes should be one of the
steps that a firm takes when carrying out internal reconciliations of client money.

12. The defined term “standard method of internal client money reconciliation” refers to
CASS 7 Annex 1, which sets out a method that the FSA believes is appropriate in this
case and the fact that the reconciliation should be performed for each business day.

13. CASS 7.6.7R states that a firm must make records, sufficient to show and explain the
method of internal reconciliation of client money balances under CASS 7.6.2R used,
and if different from the standard method of internal client money reconciliation, to
show and explain that the method of internal reconciliation of client money used
affords an equivalent degree of protection to the firm’s clients to that afforded by the
standard method of internal client money reconciliation.

14. CASS 7.6.8R states that a firm that does not use the standard method of internal client
money reconciliation must first send a written confirmation to the FSA from the
firm’s auditor that the firm has in place systems and controls which are adequate to
enable it to use another method effectively.

15. CASS 7.6.9R states that a firm must conduct, on a regular basis, reconciliations

between its internal accounts and records and those of any third parties by whom
client money is held.

16. CASS 7.6.13R states that when any discrepancy arises as a result of a firm’s internal
reconciliations, the firm must identify the reason for the discrepancy and ensure that
any shortfall is paid into a client bank account by the close of business on the day that
the reconciliation is performed.

17. CASS 7.6.14R states when any discrepancy arises as a result of the reconciliation
between a firm’s internal records and those of third parties that hold client money, the
firm must identify the reason for the discrepancy and correct it as soon as possible.

Trust Status letters

18. CASS 7.8.1R states that when a firm opens a client bank account, the firm must give
written notice to the bank requesting the bank to acknowledge to it in writing that (a)
all money standing to the credit of the account is held by the firm as trustee and that
the bank is not entitled to combine the account with any other account or to exercise
any right of set-off or counterclaim against money in that account in respect of any
sum owed to it on any other account of the firm; and (b) the title of the account must
sufficiently distinguish that account from any account containing money that belongs
to the firm, and is in the form requested by the firm. In the case of a client bank
account in the United Kingdom, if the bank does not provide the required
acknowledgement within 20 business days after the firm despatched the notice, the
firm must withdraw all money in the account and deposit it with another bank as soon
as possible.

Decision Procedure and Penalties Manual (“DEPP”)

19. The FSA’s policy on the imposition and amount of penalties that applied up to 5
March 2010 was set out in Chapter 6 of DEPP.

20. DEPP 6.1.2G provides that the principal purpose of imposing a financial penalty is to
promote high standards of regulatory and/or market conduct by deterring persons who
have committed breaches from committing further breaches, helping to deter other
persons from committing similar breaches, and demonstrating generally the benefits
of compliant behaviour. Financial penalties are therefore tools that the FSA may
employ to help it to achieve its regulatory objectives.

21. DEPP 6.5.1G(1) provides that the FSA will consider all the relevant circumstances of
a case when it determines the level of financial penalty (if any) that is appropriate and
in proportion to the breach concerned.

22. DEPP 6.5.2G sets out a non-exhaustive list of factors that may be relevant to
determining the appropriate level of financial penalty to be imposed on a person under
the Act. The following factors are relevant to this case:

Deterrence: DEPP 6.5.2G(1)

23. When determining the appropriate level of financial penalty, the FSA will have regard
to the principal purpose for which it imposes sanctions, namely to promote high

standards of regulatory and/or market conduct by deterring persons who have
committed breaches from committing further breaches and helping to deter other
persons from committing similar breaches, as well as demonstrating generally the
benefits of compliant business.

The nature, seriousness and impact of the breach in question: DEPP 6.5.2G(2)

24. The FSA will consider the seriousness of the breach in relation to the nature of the
rule, requirement or provision breached, which can include considerations such as: the
duration and frequency of the breach; whether the breach revealed serious or systemic
weaknesses in the person’s procedures or of the management systems or internal
controls relating to all or part of a person’s business; and the loss or risk of loss
caused to consumers, investors or other market users.

The extent to which the breach was deliberate or reckless: DEPP 6.5.2G(3)

25. The FSA will regard as more serious a breach which is deliberately or recklessly
committed, giving consideration to factors such as whether the person has given no
apparent consideration to the consequences of the behaviour that constitutes the
breach. If the FSA decides that the breach was deliberate or reckless, it is more likely
to impose a higher penalty on a person than would otherwise be the case.

The size, financial resources and other circumstances of the person on whom the
penalty is to be imposed: DEPP 6.5.2G(5)

26. The degree of seriousness of a breach may be linked to the size of the firm. For
example, a systemic failure in a large firm could damage or threaten to damage a
much larger number of consumers or investors than would be the case with a small
firm: breaches in firms with a high volume of business over a protracted period may
be more serious than breaches over similar periods in firms with a small volume of
business.

27. In addition, the size and resources of a person may also be relevant in relation to
mitigation, in particular what steps the person took after the breach had been
identified; the FSA will take into account what is reasonable to expect from a person
in relation to its size and resources, and factors such as what proportion of a person’s
resources were used to resolve a problem.

The amount of benefit gained or loss avoided: DEPP 6.5.2G(6)

28. The FSA may have regard to the amount of benefit gained or loss avoided as a result
of the breach, for example the FSA will impose a penalty that is consistent with the
principle that a person should not benefit from the breach, and the penalty should also
act as an incentive to the person (and others) to comply with regulatory standards and
required standards of market conduct.

Conduct following the breach: DEPP 6.5.2G(8)

29. The FSA may take into account the degree of co-operation the person showed during
the investigation of the breach by the FSA and any remedial steps taken since the
breach was identified, including whether these were taken on the person’s own
initiative or that of the FSA.

Other action taken by the FSA (or a previous regulator): DEPP 6.5.2G(10)

30. The FSA seeks to apply a consistent approach to determining the appropriate level of
penalty. The FSA may take into account previous decisions made in relation to similar
misconduct.

Enforcement Guide (“EG”)

31. The FSA’s approach to exercising its power in issuing a financial penalty is set out in
Chapter 7 of EG. Imposing financial penalties show that the FSA is upholding
regulatory standards. An increased public awareness of regulatory standards also
contributes to the protection of consumers.

32. EG 7.2 provides that the FSA’s power to publish a statement against a firm under
section 205 of the Act. It has power to impose a financial penalty against a firm under
section 206 of the Act.

Senior Management Arrangements, Systems and Controls (“SYSC”)

33. SYSC 3.2.8R(1) states that a firm which carries on designated investment business
with or for retail clients or professional clients must allocate to a director or senior
manager the function of having responsibility for oversight of the firm’s compliance
and reporting to the governing body in respect of that responsibility.

34. SYSC 3.2.8R(2)(c) states that “compliance” means compliance with the rules in
CASS (Client Assets).

35. SYSC 3.2.9G(2) provides that the rules referred to in SYSC 3.2.8R(2) are the
minimum area of focus for the firm’s compliance oversight function.