Final Notice
On , the Financial Conduct Authority issued a Final Notice to MacIntyre Hudson LLP
FINAL NOTICE
To: MacIntyre Hudson LLP (“MHA”)
1.
ACTION
1.1. For the reasons given in this Final Notice, the Authority hereby publishes a statement
(pursuant to section 345 of the Act) to the effect that MHA contravened its duties as
an auditor relating to the notification and reporting on client assets.
1.2. Specifically, MHA contravened SUP 3.10.4A R (1). It did so by failing to prepare Client
Assets Reports in accordance with the terms of a Reasonable Assurance
Engagement.
1.3. Between 1 July 2015 and 28 May 2019 (the “Relevant Period”) MHA failed to prepare
4 Client Assets Reports in accordance with the terms of a Reasonable Assurance
Engagement in that it failed to report to the Authority a total of 25 breaches (by the
relevant client) of rules contained in the Authority’s Client Assets sourcebook
(“CASS”).
1.4. The Authority is responsible for the supervision of approximately 3,100 firms with
CASS permissions, collectively holding c. £175 billion of client money, and c. £17.4
trillion of custody assets. The Authority’s CASS Supervision department seeks to
monitor whether firms are complying with applicable rules in CASS. Client Assets
Reports (which are submitted by auditors of Relevant Firms to the Authority) provide
important information to the Authority on whether the firms in question are, or are
not, in compliance with relevant rules. It is therefore vital that auditors present an
accurate view of Relevant Firms’ CASS compliance in the Client Assets Reports which
2
they submit. Failure to do so adversely impacts the Authority’s operational
objectives, regarding its ability to effectively supervise Relevant Firms, and reduce
harm from firm failure, which is a key commitment of the Authority.
1.5. For the reasons given in this Final Notice, the Authority hereby imposes a public
censure (pursuant to section 345 of the Act) to the effect that MHA contravened its
duties as an auditor relating to the notification and reporting on client assets.
2.
DEFINITIONS
“the Act” means the Financial Services and Markets Act 2000;
“the Authority” means the Financial Conduct Authority;
“CASS” means the Client Assets sourcebook;
“Client Assets Report” means a client assets report submitted in accordance with
SUP 3.10.4R;
“Relevant Firm” means any firm to which the SUP 3 chapter of the Authority’s
Handbook applies (pursuant to SUP 3.1);
“Reasonable Assurance Engagement” means an assurance engagement in which the
practitioner reduces Assurance Engagement Risk to an acceptably low level in the
circumstances of the engagement as the basis for a positive form of expression of
the practitioner’s conclusion, and entails a high, but not absolute, level of assurance;
“Assurance Engagement Risk” means the risk that the practitioner expresses an
inappropriate conclusion when the subject matter information is materially
misstated;
“Firm A” means a Relevant Firm during the Relevant Period of which MHA was the
external auditor;
“Firm B” means another Relevant Firm during the Relevant Period of which MHA was
the external auditor;
“Report 1” means the Client Assets Report submitted by MHA to the Authority for
Firm A’s financial year ending 2016;
3
“Report 2” means the Client Assets Report submitted by MHA to the Authority for
Firm A’s financial year ending 2017;
“Report 3” means the Client Assets Report submitted by MHA to the Authority for
Firm A’s financial year ending 2018;
“Report 4” means the Client Assets Report submitted by MHA to the Authority for
Firm B’s financial year ending 2018;
“SUP” means the Supervision manual, which forms part of the Authority’s Handbook;
“Acknowledgement Letter” means the letter that states the notice of a firm’s interests
in client money that has been deposited with, or has been held with another party.
3.
FACTS AND MATTERS
3.1. MHA is a firm of chartered accountants with 22 offices in the UK. MHA now offers
four service lines of Audit and Assurance, Tax, Advisory and Outsourcing. MHA has
128 partners and approximately 1,740 UK staff.
3.2. Auditors of Relevant Firms are required to submit Client Assets Reports to the
Authority in accordance with SUP 3.10. Depending on the nature and permissions of
the Relevant Firm, an auditor must ensure the Client Assets Report being submitted
is prepared in accordance with the terms of a Reasonable Assurance Engagement or
(not relevant to this Notice) a limited assurance engagement.
3.3. Client Assets Reports have to comply with SUP 3.10.4 R – in broad terms the auditor
has to provide its opinion on the Relevant Firm’s compliance with CASS regulations
during the period the audit relates to.
3.4. For Relevant Firms which hold client money and/or custody assets, auditors will
complete a Reasonable Assurance Engagement. Auditors should obtain sufficient
appropriate evidence to reduce an auditor’s engagement risk to an acceptably low
level, to allow it to provide its opinion to the Authority in the Client Assets Report on
the matters set out in SUP 3.10.5 R.
3.5. This Notice concerns MHA’s submissions of 4 Client Assets Reports, each of which
was required to be prepared in accordance with the terms of a Reasonable Assurance
Engagement.
3.6. In accordance with SUP 3.10.4 R, other than where a Relevant Firm claims not to
hold client money or custody assets, a Client Assets Report has to:
a) as per SUP 3.10.5 R, set out the auditor’s opinion on (i) whether the firm had
maintained adequate systems to enable it to comply with the relevant rules
throughout the period and (ii) whether the firm was in compliance with those
rules as at the end of the period; and
b) specify the matters to which SUP 3.10.9 R and SUP 3.10.9A R refer using the
form prescribed by SUP 3.10.9B R and SUP 3 Annex 1 R, which comprises of
Part 1 (the auditor’s opinion on client assets) and Part 2 (a breaches schedule
identifying CASS breaches that have occurred during the period). Part 2
stipulates that the auditor must identify each CASS rule breached during the
audit period and the identifying party. The audited firm is responsible for
commenting on each breach identified in Part 2. A firm’s comments in relation
to the breaches will detail the circumstances of any CASS breaches, and it
should also set out any remedial actions taken.
3.7. This Notice concerns 4 Client Assets Reports submitted to the Authority by MHA in
relation to two separate authorised firms: Firm A and Firm B.
3.8. MHA’s Client Assets Reports during the Relevant Period were undertaken by teams
who were comprised of a number of different individuals, with some members of the
team having limited relevant experience.
5
Report 1
3.9.
In Report 1 MHA failed to include any CASS breaches by Firm A. MHA failed to
identify (and therefore report) the following:
a) Acknowledgement Letters were not in place for Firm A’s Euro and US dollar
client money accounts, resulting in a breach of CASS 7.18.2 R;
b) internal client money reconciliations were performed separately for each
currency held, resulting in a breach of CASS 7.16.16 R;
c) there was insufficient formal documentation outlining Firm A’s method of
managing custody shortfalls, meaning Firm A had not maintained systems
adequate to enable it to comply with the custody rules in CASS 6;
d) the terms of business were not updated to inform the client that any unclaimed
monies would be paid to a registered charity, resulting in a breach of CASS
7.11.50 R;
e) there were insufficient records regarding the grounds upon which Firm A was
satisfied as to the appropriateness of a third party used to hold client money,
resulting in a breach of CASS 7.13.25 R; and
f) the staff at Firm A did not have sufficient knowledge of CASS rules, and the
lack of adequate training meant Firm A had not maintained systems adequate
to enable it to comply with the custody rules in CASS 6 and client money rules
in CASS 7.
3.10. MHA also failed to include 2 further breaches in Report 1 despite them being
identified during the audit. The 2 breaches identified, but not included in the report
a) a payment to a client was made later than the next business day, resulting in
a breach of CASS 7.13.39 R; and
b) the monthly reconciliation for August 2015 was missing, resulting in a breach
of CASS 6.6.3 R.
6
Report 2
3.11. In Report 2 MHA only reported one CASS breach by Firm A, failing to report a
further 4 CASS breaches of which it was aware. The CASS breaches at Firm A that
MHA did not include within Report 2 were:
a) Acknowledgment Letters were not in place for Firm A’s Euro and US dollar client
money accounts, resulting in a breach of CASS 7.18.2 R;
b) internal client money reconciliations were performed separately for each
currency held, resulting in a breach of CASS 7.16.16 R;
c) client money was being held alongside Firm A’s money (“co-mingling”), resulting
in a breach of CASS 7.12.1 R; and
d) there was insufficient formal documentation outlining Firm A’s method of
managing custody shortfalls, meaning Firm A had not maintained systems
adequate to enable it to comply with the custody rules in CASS 6.
3.12. MHA was incorrectly of the view that the 4 CASS breaches in question were not
reportable to the Authority because 3 of them had been remediated during the
audit period with the fourth due to be remediated 2 months following the period
end and prior to the submission of Report 2 to the Authority.
3.13. Irrespective of any remediations Firm A had completed, remediated breaches
should have been included within the breaches schedule for Report 2. The steps
taken to remediate the breaches should also have been included as an update to
the Authority, confirming whether or not by the end of the reporting period Firm A
was complying with the relevant CASS rules.
Report 3
3.14. In Report 3, MHA reported 2 CASS breaches by Firm A but MHA failed to identify
and report the following:
a) the client money reconciliation method being performed was not following a
standard method, and the client money requirement incorrectly included the
cashbook, resulting in a breach of CASS 7.16.16 R;
7
b) the client money reconciliation did not make good a shortfall or withdraw an
excess from the client money bank account, resulting in a breach of CASS
7.15.29 R;
c) internal stock reconciliation records were being driven from external sources,
breaching CASS 6.6.2 R;
d) there was insufficient formal documentation outlining Firm A’s method of
managing custody shortfalls, meaning Firm A had not maintained systems
adequate to enable it to comply with the custody rules in CASS 6;
e) client money was being held alongside Firm A’s money (“co-mingling”), resulting
in a breach of CASS 7.12.1 R;
f) safe custody assets were being held alongside Firm A’s assets, resulting in a
breach of CASS 6.2.1 R;
g) there was no CASS incident breach log, resulting in a breach of CASS 7.12.2 R;
and
h) there were insufficient security arrangements surrounding physical stock
certificates held on behalf of clients, resulting in a breach of CASS 6.2.2 R.
3.15. In Report 4 MHA reported 4 CASS breaches by Firm B but MHA failed to identify
and report the following to the Authority:
a) “dummy” counterparties accounts were used in the live investment management
system, resulting in a breach of CASS 7.15.3 R;
b) internal client money records were being driven from external sources, resulting
in a breach of CASS 7.15.12 R;
c) money belonging to Appointed Representatives was being held in the client bank
account, resulting in a breach of CASS 7.10.1 R;
d) an Acknowledgment Letter was not in place for one of Firm B's client bank
accounts, resulting in a breach of CASS 7.18.2 R; and
e) an internal client money reconciliation spreadsheet illustrating the margined
transaction requirement contained a calculation error, resulting in a breach of
CASS 7.16.32 R.
4.
FAILINGS
4.1.
The regulatory provisions and guidance most relevant to this Notice are referred to
in Annex 1.
4.2.
On the basis of the facts and matters set out above, the Authority considers that
MHA breached SUP 3.10.4A R (1) during the Relevant Period by failing to prepare
Reports 1 to 4 in accordance with the terms of a Reasonable Assurance
Engagement.
4.3.
In repeatedly failing to identify (and therefore report) numerous CASS breaches,
and in failing to report all CASS breaches of which it was aware, MHA failed to
prepare Reports 1 to 4 to the standard required to provide the Authority with a high
level of assurance regarding the compliance of Firms A and B with the CASS rules.
5.
SANCTION
5.1.
The principal purpose of issuing a public censure is to promote high standards of
regulatory conduct by deterring persons who have committed breaches from
committing further breaches and helping to deter other persons from committing
similar breaches, as well as demonstrating generally the benefits of compliant
behaviour.
5.2.
DEPP 6.4.1 G provides that the Authority will consider all the relevant
circumstances of the case when deciding whether to impose a penalty or issue a
public censure. DEPP 6.4.2 G provides that the criteria for determining that
question include the factors that the Authority will consider in determining the
amount of penalty, set out in DEPP 6.5A G. DEPP 6.4.2 G also sets out some
particular considerations that may be relevant in determining whether it is
appropriate to issue a public censure rather than impose a financial penalty. The
Authority considers that the factors below are particularly relevant in this case.
Deterrence (DEPP 6.4.2 G (1))
5.3.
In determining whether to issue a public censure, the Authority has had regard to
the need to publish a statement of MHA’s breaches of the relevant provisions to
ensure that audit firms take seriously their obligations to appropriately conduct and
report in accordance with SUP 3.10. The Authority considers that a public censure
should be imposed to demonstrate to MHA and the industry the seriousness with
which the Authority regards MHA’s failings, and that deterrence may be effectively
achieved by doing so.
Seriousness (DEPP 6.4.2 G (3))
5.4.
In determining whether to impose a public censure or a financial penalty the
Authority will have regard to the seriousness of the breaches. The Authority, in
particular, considers the following factors set out in DEPP 6.5A G to be relevant in
this case:
•
the Authority considers that deterrence is likely to be effectively achieved by
issuing a public censure in this case;
•
the failings were not committed deliberately or recklessly, MHA took steps to
comply with its legal and regulatory obligations however those steps were
inadequate;
•
MHA did not make any profits or avoid any losses as a result of the breaches,
either directly or indirectly;
•
no action has been taken in relation to the underlying breaches by Firms A and
B; and
•
there was no loss to individual consumers or investors.
5.5.
The Authority considers that MHA’s failure to prepare Reports 1 to 4 in accordance
with the terms of a Reasonable Assurance Engagement is a serious failing.
Nevertheless, in the circumstances, the Authority considers that a public censure
is appropriate in the interest of deterrence.
6.
PROCEDURAL MATTERS
6.1.
This Notice is given to MacIntyre Hudson LLP under and in accordance with section
390 of the Act.
6.2.
The following statutory rights are important.
Decision maker
6.3.
The decision which gave rise to the obligation to give this Notice was made by the
Settlement Decision Makers.
6.4.
Sections 391(4), 391(6) and 391(7) of the Act apply to the publication of
information about the matter to which this notice relates. Under those provisions,
the Authority must publish such information about the matter to which this notice
relates as the Authority considers appropriate. The information may be published
in such manner as the Authority considers appropriate. However, the Authority
may not publish information if such publication would, in the opinion of the
Authority, be unfair to you or prejudicial to the interests of consumers or
detrimental to the stability of the UK financial system.
6.5.
The Authority intends to publish such information about the matter to which the
Final Notice relates as it considers appropriate.
Authority contacts
6.6.
For more information concerning this matter generally, contact Natalie Rivett at the
Authority (direct line: 020 7066 4166 /email: natalie.rivett@fca.org.uk).
Financial Conduct Authority, Enforcement and Market Oversight Division
SUP 3.10.4 R
Client assets report: content
An auditor of a firm must submit a client assets report addressed to the FCA which:
(1)
(a) states the matters set out in SUP 3.10.5 R; and
(b) specifies the matters to which SUP 3.10.9 R and SUP 3.10.9A R refer; or
(2) if the firm claims not to hold client money or custody assets, states whether anything
has come to the auditor's attention that causes him to believe that the firm held client
money or custody assets during the period covered by the report.
SUP 3.10.4A R
(1) For the purpose of SUP 3.10.4 R (1), an auditor must ensure that the report is prepared
in accordance with the terms of a reasonable assurance engagement.
(2) For the purpose of SUP 3.10.4 R (2), an auditor must ensure that the report is prepared
in accordance with the terms of a limited assurance engagement.
SUP 3.10.9 R
If the client assets report under SUP 3.10.4 R states that one or more of the applicable
requirements described in SUP 3.10.5 R(1) to (4) has or have not been met, the auditor
must specify in the report each of those requirements and the respects in which it has or
they have not been met.
SUP 3.10.9A R
(1) Whether or not an auditor concludes that one or more of the requirements specified in
SUP 3.10.5 R (1) to (4) has or have been met, the auditor must ensure that the client
assets report identifies each individual rule in respect of which a breach has been
identified.
(2) If an auditor does not identify a breach of any individual rule, it must include a
statement to that effect in the client assets report.
SUP 3.10.9B R
For the purpose of SUP 3.10.9 R and SUP 3.10.9A R, an auditor must ensure that the
information prescribed under those rules is submitted using, respectively, Part 1 (Auditor’s
Opinion) and Part 2 (Breaches Schedule) of SUP 3 Annex 1 R.
SUP 3.10.9C G
(1) The FCA expects that the list of breaches will include every breach of a rule in CASS
insofar as that rule is within the scope of the client assets report and is identified in
the course of the auditor’s review of the period covered by the report, whether
identified by the auditor or disclosed to it by the firm, or by any third party.
(2) For the purpose of determining whether to qualify its opinion or express an adverse
opinion, the FCA would expect an auditor to exercise its professional judgment as to
the significance of a rule breach, as well as to its context, duration and incidence of
repetition. The FCA would expect an auditor to consider the aggregate effect of any
breaches when judging whether a firm had failed to comply with the requirements
described in SUP 3.10.5 R (1) to (4).
S345 FSMA
345 Disciplinary measures: FCA
(1) Subsection (2) applies if it appears to the FCA that an auditor or actuary to whom
section 342 applies—
(a) has failed to comply with a duty imposed on the auditor or actuary by rules made by
the FCA, or
(b) has failed to comply with a duty imposed under this Act to communicate information
to the FCA.
(2) The FCA may do one or more of the following—
(a) disqualify the auditor or actuary from being the auditor of, or (as the case may be)
from acting as an actuary for, any authorised person or any particular class of
authorised person;
(b) disqualify the auditor from being the auditor of any recognised investment exchange
or any particular class of recognised investment exchange;
(c) publish a statement to the effect that it appears to the FCA that the auditor or (as the
case may be) actuary has failed to comply with the duty;
(d) impose on the auditor or actuary a penalty, payable to the FCA, of such amount as the
FCA considers appropriate.
To: MacIntyre Hudson LLP (“MHA”)
1.
ACTION
1.1. For the reasons given in this Final Notice, the Authority hereby publishes a statement
(pursuant to section 345 of the Act) to the effect that MHA contravened its duties as
an auditor relating to the notification and reporting on client assets.
1.2. Specifically, MHA contravened SUP 3.10.4A R (1). It did so by failing to prepare Client
Assets Reports in accordance with the terms of a Reasonable Assurance
Engagement.
1.3. Between 1 July 2015 and 28 May 2019 (the “Relevant Period”) MHA failed to prepare
4 Client Assets Reports in accordance with the terms of a Reasonable Assurance
Engagement in that it failed to report to the Authority a total of 25 breaches (by the
relevant client) of rules contained in the Authority’s Client Assets sourcebook
(“CASS”).
1.4. The Authority is responsible for the supervision of approximately 3,100 firms with
CASS permissions, collectively holding c. £175 billion of client money, and c. £17.4
trillion of custody assets. The Authority’s CASS Supervision department seeks to
monitor whether firms are complying with applicable rules in CASS. Client Assets
Reports (which are submitted by auditors of Relevant Firms to the Authority) provide
important information to the Authority on whether the firms in question are, or are
not, in compliance with relevant rules. It is therefore vital that auditors present an
accurate view of Relevant Firms’ CASS compliance in the Client Assets Reports which
2
they submit. Failure to do so adversely impacts the Authority’s operational
objectives, regarding its ability to effectively supervise Relevant Firms, and reduce
harm from firm failure, which is a key commitment of the Authority.
1.5. For the reasons given in this Final Notice, the Authority hereby imposes a public
censure (pursuant to section 345 of the Act) to the effect that MHA contravened its
duties as an auditor relating to the notification and reporting on client assets.
2.
DEFINITIONS
“the Act” means the Financial Services and Markets Act 2000;
“the Authority” means the Financial Conduct Authority;
“CASS” means the Client Assets sourcebook;
“Client Assets Report” means a client assets report submitted in accordance with
SUP 3.10.4R;
“Relevant Firm” means any firm to which the SUP 3 chapter of the Authority’s
Handbook applies (pursuant to SUP 3.1);
“Reasonable Assurance Engagement” means an assurance engagement in which the
practitioner reduces Assurance Engagement Risk to an acceptably low level in the
circumstances of the engagement as the basis for a positive form of expression of
the practitioner’s conclusion, and entails a high, but not absolute, level of assurance;
“Assurance Engagement Risk” means the risk that the practitioner expresses an
inappropriate conclusion when the subject matter information is materially
misstated;
“Firm A” means a Relevant Firm during the Relevant Period of which MHA was the
external auditor;
“Firm B” means another Relevant Firm during the Relevant Period of which MHA was
the external auditor;
“Report 1” means the Client Assets Report submitted by MHA to the Authority for
Firm A’s financial year ending 2016;
3
“Report 2” means the Client Assets Report submitted by MHA to the Authority for
Firm A’s financial year ending 2017;
“Report 3” means the Client Assets Report submitted by MHA to the Authority for
Firm A’s financial year ending 2018;
“Report 4” means the Client Assets Report submitted by MHA to the Authority for
Firm B’s financial year ending 2018;
“SUP” means the Supervision manual, which forms part of the Authority’s Handbook;
“Acknowledgement Letter” means the letter that states the notice of a firm’s interests
in client money that has been deposited with, or has been held with another party.
3.
FACTS AND MATTERS
3.1. MHA is a firm of chartered accountants with 22 offices in the UK. MHA now offers
four service lines of Audit and Assurance, Tax, Advisory and Outsourcing. MHA has
128 partners and approximately 1,740 UK staff.
3.2. Auditors of Relevant Firms are required to submit Client Assets Reports to the
Authority in accordance with SUP 3.10. Depending on the nature and permissions of
the Relevant Firm, an auditor must ensure the Client Assets Report being submitted
is prepared in accordance with the terms of a Reasonable Assurance Engagement or
(not relevant to this Notice) a limited assurance engagement.
3.3. Client Assets Reports have to comply with SUP 3.10.4 R – in broad terms the auditor
has to provide its opinion on the Relevant Firm’s compliance with CASS regulations
during the period the audit relates to.
3.4. For Relevant Firms which hold client money and/or custody assets, auditors will
complete a Reasonable Assurance Engagement. Auditors should obtain sufficient
appropriate evidence to reduce an auditor’s engagement risk to an acceptably low
level, to allow it to provide its opinion to the Authority in the Client Assets Report on
the matters set out in SUP 3.10.5 R.
3.5. This Notice concerns MHA’s submissions of 4 Client Assets Reports, each of which
was required to be prepared in accordance with the terms of a Reasonable Assurance
Engagement.
3.6. In accordance with SUP 3.10.4 R, other than where a Relevant Firm claims not to
hold client money or custody assets, a Client Assets Report has to:
a) as per SUP 3.10.5 R, set out the auditor’s opinion on (i) whether the firm had
maintained adequate systems to enable it to comply with the relevant rules
throughout the period and (ii) whether the firm was in compliance with those
rules as at the end of the period; and
b) specify the matters to which SUP 3.10.9 R and SUP 3.10.9A R refer using the
form prescribed by SUP 3.10.9B R and SUP 3 Annex 1 R, which comprises of
Part 1 (the auditor’s opinion on client assets) and Part 2 (a breaches schedule
identifying CASS breaches that have occurred during the period). Part 2
stipulates that the auditor must identify each CASS rule breached during the
audit period and the identifying party. The audited firm is responsible for
commenting on each breach identified in Part 2. A firm’s comments in relation
to the breaches will detail the circumstances of any CASS breaches, and it
should also set out any remedial actions taken.
3.7. This Notice concerns 4 Client Assets Reports submitted to the Authority by MHA in
relation to two separate authorised firms: Firm A and Firm B.
3.8. MHA’s Client Assets Reports during the Relevant Period were undertaken by teams
who were comprised of a number of different individuals, with some members of the
team having limited relevant experience.
5
Report 1
3.9.
In Report 1 MHA failed to include any CASS breaches by Firm A. MHA failed to
identify (and therefore report) the following:
a) Acknowledgement Letters were not in place for Firm A’s Euro and US dollar
client money accounts, resulting in a breach of CASS 7.18.2 R;
b) internal client money reconciliations were performed separately for each
currency held, resulting in a breach of CASS 7.16.16 R;
c) there was insufficient formal documentation outlining Firm A’s method of
managing custody shortfalls, meaning Firm A had not maintained systems
adequate to enable it to comply with the custody rules in CASS 6;
d) the terms of business were not updated to inform the client that any unclaimed
monies would be paid to a registered charity, resulting in a breach of CASS
7.11.50 R;
e) there were insufficient records regarding the grounds upon which Firm A was
satisfied as to the appropriateness of a third party used to hold client money,
resulting in a breach of CASS 7.13.25 R; and
f) the staff at Firm A did not have sufficient knowledge of CASS rules, and the
lack of adequate training meant Firm A had not maintained systems adequate
to enable it to comply with the custody rules in CASS 6 and client money rules
in CASS 7.
3.10. MHA also failed to include 2 further breaches in Report 1 despite them being
identified during the audit. The 2 breaches identified, but not included in the report
a) a payment to a client was made later than the next business day, resulting in
a breach of CASS 7.13.39 R; and
b) the monthly reconciliation for August 2015 was missing, resulting in a breach
of CASS 6.6.3 R.
6
Report 2
3.11. In Report 2 MHA only reported one CASS breach by Firm A, failing to report a
further 4 CASS breaches of which it was aware. The CASS breaches at Firm A that
MHA did not include within Report 2 were:
a) Acknowledgment Letters were not in place for Firm A’s Euro and US dollar client
money accounts, resulting in a breach of CASS 7.18.2 R;
b) internal client money reconciliations were performed separately for each
currency held, resulting in a breach of CASS 7.16.16 R;
c) client money was being held alongside Firm A’s money (“co-mingling”), resulting
in a breach of CASS 7.12.1 R; and
d) there was insufficient formal documentation outlining Firm A’s method of
managing custody shortfalls, meaning Firm A had not maintained systems
adequate to enable it to comply with the custody rules in CASS 6.
3.12. MHA was incorrectly of the view that the 4 CASS breaches in question were not
reportable to the Authority because 3 of them had been remediated during the
audit period with the fourth due to be remediated 2 months following the period
end and prior to the submission of Report 2 to the Authority.
3.13. Irrespective of any remediations Firm A had completed, remediated breaches
should have been included within the breaches schedule for Report 2. The steps
taken to remediate the breaches should also have been included as an update to
the Authority, confirming whether or not by the end of the reporting period Firm A
was complying with the relevant CASS rules.
Report 3
3.14. In Report 3, MHA reported 2 CASS breaches by Firm A but MHA failed to identify
and report the following:
a) the client money reconciliation method being performed was not following a
standard method, and the client money requirement incorrectly included the
cashbook, resulting in a breach of CASS 7.16.16 R;
7
b) the client money reconciliation did not make good a shortfall or withdraw an
excess from the client money bank account, resulting in a breach of CASS
7.15.29 R;
c) internal stock reconciliation records were being driven from external sources,
breaching CASS 6.6.2 R;
d) there was insufficient formal documentation outlining Firm A’s method of
managing custody shortfalls, meaning Firm A had not maintained systems
adequate to enable it to comply with the custody rules in CASS 6;
e) client money was being held alongside Firm A’s money (“co-mingling”), resulting
in a breach of CASS 7.12.1 R;
f) safe custody assets were being held alongside Firm A’s assets, resulting in a
breach of CASS 6.2.1 R;
g) there was no CASS incident breach log, resulting in a breach of CASS 7.12.2 R;
and
h) there were insufficient security arrangements surrounding physical stock
certificates held on behalf of clients, resulting in a breach of CASS 6.2.2 R.
3.15. In Report 4 MHA reported 4 CASS breaches by Firm B but MHA failed to identify
and report the following to the Authority:
a) “dummy” counterparties accounts were used in the live investment management
system, resulting in a breach of CASS 7.15.3 R;
b) internal client money records were being driven from external sources, resulting
in a breach of CASS 7.15.12 R;
c) money belonging to Appointed Representatives was being held in the client bank
account, resulting in a breach of CASS 7.10.1 R;
d) an Acknowledgment Letter was not in place for one of Firm B's client bank
accounts, resulting in a breach of CASS 7.18.2 R; and
e) an internal client money reconciliation spreadsheet illustrating the margined
transaction requirement contained a calculation error, resulting in a breach of
CASS 7.16.32 R.
4.
FAILINGS
4.1.
The regulatory provisions and guidance most relevant to this Notice are referred to
in Annex 1.
4.2.
On the basis of the facts and matters set out above, the Authority considers that
MHA breached SUP 3.10.4A R (1) during the Relevant Period by failing to prepare
Reports 1 to 4 in accordance with the terms of a Reasonable Assurance
Engagement.
4.3.
In repeatedly failing to identify (and therefore report) numerous CASS breaches,
and in failing to report all CASS breaches of which it was aware, MHA failed to
prepare Reports 1 to 4 to the standard required to provide the Authority with a high
level of assurance regarding the compliance of Firms A and B with the CASS rules.
5.
SANCTION
5.1.
The principal purpose of issuing a public censure is to promote high standards of
regulatory conduct by deterring persons who have committed breaches from
committing further breaches and helping to deter other persons from committing
similar breaches, as well as demonstrating generally the benefits of compliant
behaviour.
5.2.
DEPP 6.4.1 G provides that the Authority will consider all the relevant
circumstances of the case when deciding whether to impose a penalty or issue a
public censure. DEPP 6.4.2 G provides that the criteria for determining that
question include the factors that the Authority will consider in determining the
amount of penalty, set out in DEPP 6.5A G. DEPP 6.4.2 G also sets out some
particular considerations that may be relevant in determining whether it is
appropriate to issue a public censure rather than impose a financial penalty. The
Authority considers that the factors below are particularly relevant in this case.
Deterrence (DEPP 6.4.2 G (1))
5.3.
In determining whether to issue a public censure, the Authority has had regard to
the need to publish a statement of MHA’s breaches of the relevant provisions to
ensure that audit firms take seriously their obligations to appropriately conduct and
report in accordance with SUP 3.10. The Authority considers that a public censure
should be imposed to demonstrate to MHA and the industry the seriousness with
which the Authority regards MHA’s failings, and that deterrence may be effectively
achieved by doing so.
Seriousness (DEPP 6.4.2 G (3))
5.4.
In determining whether to impose a public censure or a financial penalty the
Authority will have regard to the seriousness of the breaches. The Authority, in
particular, considers the following factors set out in DEPP 6.5A G to be relevant in
this case:
•
the Authority considers that deterrence is likely to be effectively achieved by
issuing a public censure in this case;
•
the failings were not committed deliberately or recklessly, MHA took steps to
comply with its legal and regulatory obligations however those steps were
inadequate;
•
MHA did not make any profits or avoid any losses as a result of the breaches,
either directly or indirectly;
•
no action has been taken in relation to the underlying breaches by Firms A and
B; and
•
there was no loss to individual consumers or investors.
5.5.
The Authority considers that MHA’s failure to prepare Reports 1 to 4 in accordance
with the terms of a Reasonable Assurance Engagement is a serious failing.
Nevertheless, in the circumstances, the Authority considers that a public censure
is appropriate in the interest of deterrence.
6.
PROCEDURAL MATTERS
6.1.
This Notice is given to MacIntyre Hudson LLP under and in accordance with section
390 of the Act.
6.2.
The following statutory rights are important.
Decision maker
6.3.
The decision which gave rise to the obligation to give this Notice was made by the
Settlement Decision Makers.
6.4.
Sections 391(4), 391(6) and 391(7) of the Act apply to the publication of
information about the matter to which this notice relates. Under those provisions,
the Authority must publish such information about the matter to which this notice
relates as the Authority considers appropriate. The information may be published
in such manner as the Authority considers appropriate. However, the Authority
may not publish information if such publication would, in the opinion of the
Authority, be unfair to you or prejudicial to the interests of consumers or
detrimental to the stability of the UK financial system.
6.5.
The Authority intends to publish such information about the matter to which the
Final Notice relates as it considers appropriate.
Authority contacts
6.6.
For more information concerning this matter generally, contact Natalie Rivett at the
Authority (direct line: 020 7066 4166 /email: natalie.rivett@fca.org.uk).
Financial Conduct Authority, Enforcement and Market Oversight Division
SUP 3.10.4 R
Client assets report: content
An auditor of a firm must submit a client assets report addressed to the FCA which:
(1)
(a) states the matters set out in SUP 3.10.5 R; and
(b) specifies the matters to which SUP 3.10.9 R and SUP 3.10.9A R refer; or
(2) if the firm claims not to hold client money or custody assets, states whether anything
has come to the auditor's attention that causes him to believe that the firm held client
money or custody assets during the period covered by the report.
SUP 3.10.4A R
(1) For the purpose of SUP 3.10.4 R (1), an auditor must ensure that the report is prepared
in accordance with the terms of a reasonable assurance engagement.
(2) For the purpose of SUP 3.10.4 R (2), an auditor must ensure that the report is prepared
in accordance with the terms of a limited assurance engagement.
SUP 3.10.9 R
If the client assets report under SUP 3.10.4 R states that one or more of the applicable
requirements described in SUP 3.10.5 R(1) to (4) has or have not been met, the auditor
must specify in the report each of those requirements and the respects in which it has or
they have not been met.
SUP 3.10.9A R
(1) Whether or not an auditor concludes that one or more of the requirements specified in
SUP 3.10.5 R (1) to (4) has or have been met, the auditor must ensure that the client
assets report identifies each individual rule in respect of which a breach has been
identified.
(2) If an auditor does not identify a breach of any individual rule, it must include a
statement to that effect in the client assets report.
SUP 3.10.9B R
For the purpose of SUP 3.10.9 R and SUP 3.10.9A R, an auditor must ensure that the
information prescribed under those rules is submitted using, respectively, Part 1 (Auditor’s
Opinion) and Part 2 (Breaches Schedule) of SUP 3 Annex 1 R.
SUP 3.10.9C G
(1) The FCA expects that the list of breaches will include every breach of a rule in CASS
insofar as that rule is within the scope of the client assets report and is identified in
the course of the auditor’s review of the period covered by the report, whether
identified by the auditor or disclosed to it by the firm, or by any third party.
(2) For the purpose of determining whether to qualify its opinion or express an adverse
opinion, the FCA would expect an auditor to exercise its professional judgment as to
the significance of a rule breach, as well as to its context, duration and incidence of
repetition. The FCA would expect an auditor to consider the aggregate effect of any
breaches when judging whether a firm had failed to comply with the requirements
described in SUP 3.10.5 R (1) to (4).
S345 FSMA
345 Disciplinary measures: FCA
(1) Subsection (2) applies if it appears to the FCA that an auditor or actuary to whom
section 342 applies—
(a) has failed to comply with a duty imposed on the auditor or actuary by rules made by
the FCA, or
(b) has failed to comply with a duty imposed under this Act to communicate information
to the FCA.
(2) The FCA may do one or more of the following—
(a) disqualify the auditor or actuary from being the auditor of, or (as the case may be)
from acting as an actuary for, any authorised person or any particular class of
authorised person;
(b) disqualify the auditor from being the auditor of any recognised investment exchange
or any particular class of recognised investment exchange;
(c) publish a statement to the effect that it appears to the FCA that the auditor or (as the
case may be) actuary has failed to comply with the duty;
(d) impose on the auditor or actuary a penalty, payable to the FCA, of such amount as the
FCA considers appropriate.