Final Notice

On , the Financial Conduct Authority issued a Final Notice to Xcap Securities PLC

1

FINAL NOTICE

ACTION

1. For the reasons given in this notice, the Financial Conduct Authority (“the Authority”)

hereby imposes on Xcap Securities PLC (“Xcap”) a financial penalty of £120,900.

2. Xcap agreed to settle at an early stage of the Authority’s investigation and therefore

qualified for a 20% (stage 2) discount under the Authority’s executive settlement
procedures. Were it not for this discount, the Authority would have imposed a financial
penalty of £151,136 on Xcap.

SUMMARY OF REASONS

3. On the basis of the facts and matters described below, the Authority considers that Xcap

breached Principle 3 (Management and Control) and Principle 10 (Clients’ Assets) of the
Authority’s Principles for Business (“the Principles”) and associated rules in the Client Asset
Sourcebook (“the CASS Rules”) between 29 June 2010 and 31 August 2011 (“the Relevant
Period”) by failing to ensure adequate protection of client money and (to a lesser extent)
safe custody assets.

2

4. Specifically, Xcap failed during the Relevant Period to comply with requirements to:

a) ensure that client money was properly segregated from Xcap’s money;

b) ensure that all safe custody assets were clearly identified as belonging to the client

(although the vast majority of safe custody assets were correctly registered in CREST);

c) maintain accurate records and accounts in respect of client money and safe custody

assets held by Xcap;

d) have in place adequate organisational arrangements, policies and procedures to detect

and manage its client money and safe custody assets risks;

e) put in place adequate trust documentation in relation to certain of its client money bank

accounts;

f) carry out timely and accurate client money reconciliations;

g) pay interest received on client money to clients (the total amount of interest involved

was £1,620); and

h) report without delay failures to comply with CASS requirements.

5. These breaches had the consequence that client money and safe custody assets were not

adequately protected in accordance with the CASS Rules. However, it is accepted that the
vast majority of safe custody assets were correctly registered in CREST.

6. As a result, had Xcap become insolvent at any point during the Relevant Period, some of

Xcap’s clients could have faced difficulties and/or delay in recovering client money and/or
safe custody assets and client money and safe custody assets would have been exposed to
the risk of diminution in the event of Xcap’s insolvency.

7. Details of the relevant CASS Rules breached by Xcap (and other relevant regulatory

provisions) are set out in the Annex A to this Final Notice.

8. The Authority considers Xcap’s failings to be serious because:

a) the failings took place from the outset of Xcap starting its business and at a time when

there was a high level of awareness in the financial services industry of the importance
of adequately protecting client money and assets. The failings continued through a
period of expansion of the Firm’s business, meaning that it was exposing additional
clients to risk of loss whilst its arrangements were inadequate;

b) failings were found throughout Xcap's client money and safe custody assets processes,

indicating that the Firm’s client money and safe custody assets arrangements were
seriously flawed;

c) Xcap had a responsibility to manage and protect client money and safe custody assets,

but its failings exposed individual clients to a significant risk of loss in the event of
Xcap’s insolvency (although, save for the failure to pay client interest, which was

3

ultimately remedied, none of Xcap’s clients suffered any loss as a result of the failures);
and

d) some of the failings were not identified by Xcap through its own compliance monitoring,

but rather were drawn to Xcap's attention by its auditors or by a skilled person.
Further, in relation to those failings that it did identify, Xcap failed to bring the breaches
to the attention of the Authority without delay, as required by the CASS Rules.

9. The Authority has taken into account that whilst client money and assets were at risk there

was no actual ongoing loss of client money or assets. The Authority has also taken into
account the following factors, which have served to mitigate the seriousness of Xcap’s
failings, namely:

a) Xcap fully cooperated with the Authority’s investigation from the outset;

b) Xcap identified that breaches had occurred and notified the Authority of some of the

issues regarding CASS compliance;

c) Xcap took remedial action, including the appointment of a compliance consultancy to

provide compliance support on, inter alia, CASS issues and raising matters with its
CASS auditor;

d) Xcap had relied in good faith on third party advice as to the need for trust letters and

as to the reconciliation processes required to be adopted;

e) the Skilled Person’s report acknowledged that the majority of CASS issues had been

resolved prior to the Skilled Person’s engagement; and

f) Xcap has implemented a wide range of additional remedial steps and improvements to

its governance and compliance arrangements, the key aspects of which are detailed at
paragraph 29 below.

10. This action supports the Authority's operational objectives of securing an appropriate

degree of protecting protection for consumers and maintaining confidence in protecting and
enhancing the integrity of the UK financial system.

11. In calculating the penalty imposed on Xcap, the Authority has adopted a methodology

using a percentage of average client balances (as set out at paragraph 41 below) as part of
the five step framework in the current Authority penalty regime. This methodology sets a
precedent going forward for breaches of the CASS Rules and is expected to increase the
level of financial penalty for such breaches, compared to the penalty levels under the
previous penalty regime for similar breaches.

DEFINITIONS

12. The definitions below are used in this Final Notice.

“the Act” means the Financial Services and Markets Act 2000

“CASS” means client money and safe custody assets

“CASS Rules” means the Authority’s Client Assets Sourcebook

“DEPP” means the the Authority’s Decision Procedures and Penalties Manual

“the Firm” and “Xcap” means Xcap Securities PLC

“the Authority” means the Financial Services Authority until 31 March 2013 and the
Financial Conduct Authority from 1 April 2013

“the Principles” means the Authority’s Principles for Business

“the Relevant Period” means 29 June 2010 to 31 August 2011

“the Tribunal” means the Upper Tribunal (Tax and Chancery Chamber)

FACTS AND MATTERS

13. Xcap is a retail investment and capital markets business, offering retail stock broking, asset

management, market making, corporate broking and institutional sales. The Firm has been
authorised and regulated by the Authority since 17 May 2010 and is permitted to hold
client money and safeguard and administer safe custody assets. Xcap began trading on 29
June 2010 and was admitted to trading on the AIM market on 17 September 2010.

14. In the course of its business, Xcap receives and administers money and assets on behalf of

its clients for the provision of its retail stock broking and asset management services. The
money Xcap receives on behalf of its clients is “client money” and the assets it receives on
behalf of its clients are “safe custody assets” and both are therefore subject to the relevant
requirements and standards set out in CASS. During the Relevant Period, the amount of
client money held by Xcap on any given day ranged between £5,000 and £5,425,000 and
averaged £3, 451,101, and the amount of safe custody assets held ranged from £7.7
million to £48.3 million and averaged £34,187,298.

Initial Notification of Breaches to the Authority

15. On 11 October 2010, the Authority received an email from Xcap informing the Authority

that “a limited number of client balances [had been] misstated for a limited period of time”
and that there may have been some shortfalls or excesses in client accounts that had not
been corrected. Accordingly, the Firm stated that it was reporting breaches of CASS
7.6.1R1, 7.6.2R2 and 7.6.13R3 as required under CASS 7.6.16R4.

16. The email explained that the Firm had “encountered a small number of system issues since

its commencement of trading for retail clients”, which were immediately identified by
management, and that action to rectify the root causes had already been undertaken. The
email stated that the issues had centred on the timing of trades being processed within the

1 A firm must keep such records and accounts as are necessary to enable it, at any time and without delay, to
distinguish client money held for one client from client money held for any other client, and from its own money.
2 A firm must maintain its records and accounts in a way that ensures their accuracy, and in particular their
correspondence to the client money held for clients.
3 When any discrepancy arises as a result of a firm's internal reconciliations, the firm must identify the reason for the
discrepancy and ensure that: (1) any shortfall is paid into a client bank account by the close of business on the day
that the reconciliation is performed; or (2) any excess is withdrawn within the same time period (but see CASS 7.4.20
G and CASS 7.4.21 R).
4 A firm must inform the Authority in writing without delay if it has not complied with, or is unable, in any material
respect, to comply with the requirements in CASS 7.6.1 R, CASS 7.6.2 R or CASS 7.6.9 R

5

Firm’s settlements system, particularly in relation to placings undertaken on behalf of the
Firm’s retail clients. It went on to say that the issues meant that the client money
balances used in the Firm’s daily client money calculation were prepared manually, leading
the Firm to suspect that there may have been client money shortfalls or excesses, the
extent and correction of which the Firm had been unable to determine and carry out.

17. The email went on to claim that the Firm’s systems were now producing an accurate list of

client money balances and that accurate client money calculations were being performed,
along with investigation of any movements/discrepancies on those balances and the
making good of any shortfalls or excesses on the day the calculations were performed. On
the basis of matters established following this email (as set out below) it is apparent that
these statements did not in fact reflect the correct position at the Firm, although it is not
suggested that there was any attempt to withhold information from the Authority. In
addition, the Firm had been aware of certain breaches since mid-July 2010.

18. Following the notification to the Authority, Xcap retained a compliance consultancy to

review its governance and compliance arrangements, including the secondment of a CASS
specialist to the firm.

19. Between December 2010 and March 2011 Xcap’s CASS auditor conducted a review of the

arrangements for the management and protection of client money and safe custody assets
at the Firm for the purposes of producing its first annual client asset report to the
Authority. On 7 February 2011, following a dialogue between Xcap and its CASS auditor to
identify any issues and the steps taken to resolve them, an initial review was produced,
and then Xcap again wrote to the Authority. This second email provided more information
as to the breaches notified four months earlier (referred to above) and informed the
Authority of further issues which constituted breaches of CASS Rules. The issues notified
extended to money transfers, trust letters, segregation, procedures and client agreements
and it was apparent that they had largely existed since the Firm had commenced its
operations.

20. On 23 March 2011, Xcap met with the Authority to present an update on the Firm’s

ongoing CASS compliance and to discuss the further issues raised in the 7 February 2011
email. As a result of comments made by the Firm in the meeting, the Authority identified
additional serious deficiencies in Xcap’s CASS compliance arrangements. In particular, it
was noted that:

a) there were numerous instances of client money being co-mingled with Xcap’s own

money;

b) Xcap’s internal records were inadequate to comply with the requirements that:

i) they be sufficient to enable the Firm, at any time and without delay, to distinguish

client money held for one client from client money held for any other client, and
from its own money; and

ii) their accuracy is ensured, in particular their correspondence to the client money

held for clients;

and that, due to the prolonged and widespread nature of the issues, breaches had
occurred on numerous occasions and yet the Firm had only notified the Authority on
two occasions contrary to the requirement to inform the Authority of such non-
compliance without delay;

6

c) Xcap’s overall organisational arrangements meant that the Firm was not able to

minimise the risk of the loss or diminution of client money, or of rights in connection
with client money, as a result of misuse of client money, fraud, poor administration,
inadequate record-keeping or negligence;

d) Xcap had not (since authorisation) performed an acceptable internal reconciliation –

either via the “standard method of internal client money reconciliation” outlined in
CASS, or a comparable method;

e) Xcap did not have written acknowledgement of trust status from a third party bank in

respect of two currency accounts at that bank (one USD and one EUR); and

f) safe custody assets were held in accounts that did not comply with requirements that

they be identifiable separately from the applicable assets belonging to the Firm and
from the applicable assets belonging to that third party, by means of differently titled
accounts on the books of the third party or other equivalent measures that achieve the
same level of protection.

21. At the meeting the Firm accepted that it had not fulfilled its obligations under CASS and

provided details of the improvements it had subsequently made to its systems and
procedures to remedy the situation. The details provided made it clear however that a
number of the breaches identified during the course of the meeting were ongoing.

Auditor’s Client Asset Report to the Authority

22. In April 2011 the Authority was provided with the external auditor’s client asset report in

respect of the Firm. This was submitted in accordance with the requirement on firms under
SUP 3.1.1R and 3.1.2R and auditors under SUP 3.10.

23. The report covered the period 17 May 2010 to 28 February 2011, and provided information

as to Xcap’s failure to comply with various CASS Rules concerning risk assessment,
segregation, client money reconciliations and client agreements. The breaches identified in
this report that posed a significant risk of loss to individual clients during the period were:

a) Xcap’s failure (which continued throughout the Relevant Period) to ensure that certain

safe custody assets were clearly identified as belonging to the client;

b) Xcap’s failure (which continued throughout the Relevant Period) to carry out accurate

client money calculations and, consequently, accurate reconciliations meaning that it
was unable to identify discrepancies and therefore know whether it was necessary to
pay any shortfall into or withdraw any excess from its client bank accounts; and

c) Xcap’s failure (which continued up to 31 March 2011) to ensure that client money (in

the form of mixed remittances and foreign currency) was paid into a segregated client
bank account.

7

24. The auditors concluded that during the period covered by the report Xcap did not maintain

systems adequate to enable it to comply with the rules in CASS 6 and CASS 7, and that the
Firm was still not in compliance as at 28 February 2011. This meant that Xcap had not
been compliant with CASS Rules 6 and 7 during the eight month period since starting to
trade.

25. Due to its ongoing concerns, the Authority required Xcap to provide a Skilled Person’s

report, under the provisions of section 166 of the Act, to determine whether urgent
regulatory action was necessary to secure the protection of client money and safe custody
assets. The Skilled Person was appointed in September 2011 and issued its report on 27
October 2011.

26. The Skilled Person’s findings were that:

a) the earliest date on which Xcap's internal and external reconciliation processes

complied with the essential requirements of the CASS Rules was 2 June 2011 in relation
to its principal client bank accounts (Client Free Money Account and Client Settlement
Account) and 11 August 2011 in respect of its other, less active, client accounts (ISA,
ISA Dividend and Nominee Dividend client accounts) although it was accepted that in
certain instances Xcap had acted in accordance with advice received from a third party
CASS adviser which the Skilled Person considered to be incorrect;

b) Xcap did not have letters of acknowledgement of trust in place in relation to 18 client

money accounts held with a third party bank, in breach of CASS 7.8.1R. The situation
was rectified for all the accounts by a letter of acknowledgement of trust issued by the
bank to Xcap;

c) Xcap had not complied with the terms and conditions agreed between it and its retail

clients relating to the calculation and distribution of interest to clients on client money
balances. This was caused in part by difficulties Xcap had with calculating interest
using its (then) current operating systems;

d) Xcap's custody procedures had certain weaknesses, such as failure to ensure all safe

custody assets were correctly registered in the name of Xcap Nominees Limited, rather
than in the Firm's name;

e) Xcap’s compliance function had been under resourced throughout the Relevant Period

and had not adequately monitored the adequacy or effectiveness of the Firm’s CASS
procedures;

f) the vast majority of safe custody assets were correctly registered within CREST; and

g) that Xcap was now in a position to comply with the essential requirements of the CASS

regime.

Further Reports from the Auditors

27. A second auditor’s report was received by the Authority on 20 December 2011 regarding

the status of Xcap’s compliance with CASS in the period from 1 March 2011 to 31 August
2011. The report repeated various findings of the Skilled Person and concluded that the

Firm had failed during the period to comply with a number of the specific CASS Rules
concerning:

a) the registering of title to, and the clear identification of, safe custody assets;

b) the use of safe custody assets to settle Firm’s trades;

c) the requirement for trust status letters in respect of client money accounts;

d) carrying out a regular internal reconciliation of safe custody assets, preventing the firm

from ensuring that the correct stock is held for each client and

e) the payment of interest to clients in accordance with Xcap’s client agreements.

28. The second auditors’ report identified that over the period it covered, Xcap had not taken

sufficient action to remedy the failings identified in their first report and concluded,
pursuant to SUP 3.10.5R, that Xcap therefore did not maintain systems adequate to enable
it to comply with the rules in CASS 6 and CASS 7 from 1 March 2011 to 31 August 2011.
However, as at 31 August 2011, the auditors considered that Xcap had remedied the
failings identified in their first report and that Xcap, save in respect of certain limited
matters, was in compliance with the requirements of CASS 6 and 7.

29. The Firm has undertaken the following remedial steps:

a) increased its compliance resources, including the appointment of a new non-executive

chairman, a dedicated compliance monitoring employee and an external compliance
consultant to provide challenge and improvements with regard to the Firm’s compliance
and regulatory functions;

b) appointed a new compliance manager in July 2011;

c) opened separate CREST accounts for client and Firm monies in order to improve its

management and segregation of client money and reconciliation process;

d) introduced a new computer operating system to address some of the CASS issues that

had arisen partly as a result of the inadequacies of Xcap’s existing accounting system,
particularly with regard to posting cash and provision of a cash book for the purposes of
internal and external reconciliations;

e) improved its client money processes and procedures so that it is now in a position to

comply with CASS rules;

f) paid the sum of £1,620 to certain of its clients in respect of interest that had been

received on client money balances which had not been paid;

g) introduced bespoke CASS training for back office staff to further emphasise the

importance of CASS compliance; and

h) there have in addition been recent and significant managerial and board changes within

Xcap as a result of the recent merger with Hume Capital. A new Chief Executive and
non-executive Chairman are now in place.

FAILINGS

30. Based on the facts and the matters described above, the Authority concludes that Xcap has

failed to satisfy Principles 3 and 10, and associated CASS Rules (see Annex A).

31. Specifically, throughout the Relevant Period, in its client money and safe custody assets

arrangements the Firm breached:

a) Principle 3: by failing to take reasonable care to organise and control its affairs

responsibly and effectively with adequate risk management systems to ensure:

i) that it had in place adequate organisational arrangements in respect of client money

and safe custody assets; and

ii) that it implemented and maintained adequate policies and procedures to detect and

manage its client money and safe custody assets risks.

b) Principle 10: by failing to arrange adequate protection for all clients’ assets when it was

responsible for them.

c) In particular, Xcap:

i) failed to carry out adequate internal and external reconciliation and calculations of

client money. This means that it was unable to identify discrepancies and therefore
know whether it was necessary to pay any shortfall into or withdraw any excess
from its client money accounts. This created a risk to clients’ money in the event of
insolvency;

ii) failed to ensure appropriate segregation of client money. In the event of Xcap’s

insolvency, failure to segregate client money (mixed remittance, foreign currency
etc.) promptly puts all clients at risk of potential loss and in any event such client
money would have been difficult to identify, leading to potential delay and
diminution;

iii) failed to carry out adequate reconciliation of all safe custody assets and to ensure

that all such assets were clearly identified as belonging to the client. In the event of
Xcap’s insolvency, these assets may have been at risk of the administrator claiming
that they belonged to the Firm. Failure to identify the assets in accordance with
CASS 6 could have also led to the risk of set-off, delays in return and potentially
expensive litigation where the assets are held by third parties;

iv) failed to have in place adequate trust status letters. Without these letters, client

money was at risk of set-off by the bank and/or being claimed by the Firm's
administrator in the event of the Firm's insolvency.

32. The weaknesses in Xcap’s approach to the accounting and treatment of client money meant

that the same was not adequately segregated from its own funds and clients were
consequently exposed to risk of loss in the event the Firm became insolvent.

33. It is recognised that the Firm self-reported its initial client money failings in October 2010

following consultation with its auditors. However, this report was insufficient in its detail
and not followed up with a more comprehensive report until four months later. Xcap did
not therefore bring the breaches to the attention of the Authority without delay as required
by CASS 7.6.16R.

34. Having regard to the issues above, the Authority considers it appropriate and proportionate

in all the circumstances to take disciplinary action against Xcap for its breaches of the
Principles and associated CASS Rules over the Relevant Period.

SANCTION

Financial penalty

35. The Authority’s policy for imposing a financial penalty is set out in Chapter 6 of DEPP. In

respect of conduct occurring on or after 6 March 2010, the Authority applies a five-step
framework to determine the appropriate level of financial penalty. DEPP 6.5A sets out the
details of the five-step framework that applies in respect of financial penalties imposed on
firms.

Step 1: disgorgement

36. Pursuant to DEPP 6.5A.1G, at Step 1 the Authority seeks to deprive a firm of the financial

benefit derived directly from the breach where it is practicable to quantify this.

37. The Authority has not identified any direct financial benefit that Xcap derived directly from

its breaches.

38. Step 1 is therefore £0.

Step 2: the seriousness of the breach

39. Pursuant to DEPP 6.5A.2G, at Step 2 the Authority determines a figure that reflects the

seriousness of the breach. Where the amount of revenue generated by a firm from a
particular product line or business area is indicative of the harm or potential harm that its
breach may cause, that figure will be based on a percentage of the firm’s revenue from the
relevant products or business area.

40. The Authority considers that the revenue generated by Xcap is not an appropriate indicator

of the harm or potential harm caused by its breaches in this case. This is because a firm’s
revenue could increase or decrease without the amount of client money and/or safe
custody assets it is holding (and therefore the associated risks) being directly affected.
The Authority has determined therefore that the appropriate indicator in this case is the
daily averages of each of the safe custody assets balance and the client money balance
over which Xcap had a responsibility to ensure were adequately protected from risk of loss,
diminution or delay of return to clients during the Relevant Period (“Average Client
Balances”).

41. In determining the percentage of Average Client Balances that forms the basis of the step

2 figure, the Authority considers the seriousness of the breach and chooses a percentage
that is appropriate to the relevant fixed level which represents, on a sliding scale of 1 to 5,
the seriousness of the breach; the more serious the breach, the higher the level.

42. Pursuant to DEPP 6.5A.2G(13) where the Authority determines that revenue is not an

appropriate indicator of harm or potential harm that a firm’s breach may cause, it will
nonetheless adopt a similar approach to that described in DEPP 6.5A.2G. However, where
relevant revenue is not appropriate to use, the Authority may not use the percentage levels
applied in cases using revenue. The corresponding percentage levels that the Authority
intends to apply to CASS cases are therefore as follows.

custody assets

Level 1
0
0

Level 2
1
0.2

Level 3
2
0.4

Level 5
4
0.8

43. As the table above outlines, two different percentage scales apply, one in respect of client

money and one in respect of safe custody assets. This is necessary as the Authority
considers that the risk profile and CASS Rules applicable to safe custody assets are
different to those relating to client money. In general, safe custody assets tend to be
much higher quantitatively, however, the risk of loss tends to be smaller.

44. In assessing the seriousness level, the Authority takes into account various factors which

reflect the impact and nature of the breach, and whether it was committed deliberately or
recklessly. DEPP 6.5A.2G(11) lists factors likely to be considered “level 4 or 5 factors”. Of
these, the Authority considers the following factors to be relevant in this case.

a) Significant risk of loss to individual clients: Xcap’s breaches meant that the client

money of individual clients was at risk of not being properly segregated into a client
trust account and the safe custody assets at risk of not being correctly recognised as
such and thereby being subject to loss, diminution or delayed return in the event of the
Firm's insolvency.

b) Serious/systemic weaknesses in the Firm’s internal controls: Xcap’s CASS failures were

widespread and its non-compliance continued for several months, even after
weaknesses and breaches had become apparent.

45. DEPP 6.5A.2(12) lists factors likely to be considered “level 1, 2 or 3 factors”. Of these, the

Authority considers the following factors to be relevant in this case.

a) Little/no profits made or losses avoided: the Firm did not profit from its failure to

comply with the various CASS Rules (although it may have saved money by not
implementing adequate systems and retaining adequate resources from the outset).

b) There was no effect on the orderliness of/confidence in the markets.

c) The breaches were committed negligently: there is no evidence to suggest that Xcap

deliberately failed to comply with CASS.

46. The Authority also considers that the following factors are relevant.

a) The Firm was non-compliant with the CASS Rules for a period of 15 months.

b) The quantum of assets that were placed at risk of direct loss due to the failures of the

Firm in registering of title to, and the clear identification of, some safe custody assets
was a small minority of the average client asset balance held during the Relevant
Period.

47. Taking all of these factors into account, the Authority considers the seriousness of the

breach in respect of client money to be level 3 and so for this element of the penalty the
Step 2 figure is 2% of £3,451,101 (the average client money balance).

48. The Authority considers that the nature of the breaches in respect of safe custody assets at

the Firm would, in general, also constitute level 3 seriousness. However, specifically in
view of the low level of safe custody assets placed at risk of direct loss (see 46.b) above) a
seriousness level of 2 is applied in this case, which results in a Step 2 figure for this
element of the penalty of 0.2% of £34,187,298 (the average client asset balance). The
Step 2 figure is the sum of both these calculations.

49. Step 2 is therefore £137,397.

Step 3: mitigating and aggravating factors

50. Pursuant to DEPP 6.5A.3G, at Step 3 the Authority may increase or decrease the amount of

the financial penalty arrived at after Step 2, but not including any amount to be disgorged
as set out in Step 1, to take into account factors which aggravate or mitigate the breach.

51. The Authority considers that the following factors aggravate the breach.

a) The extended period for which a number of the breaches were not fully remedied (i.e.

up to September 2011 in respect of the letters of acknowledgement of trust, up to
December 2011 for the correct registration of safe custody assets and up to April 2012
for settling client interest).

b) The Firm was not in a position to comply with CASS from the outset of its operations

and yet it continued to expand its business at a time when it was aware of at least
some of its failures, increasing the amount of client money and safe custody assets it
held, thereby putting more clients at risk of loss. Firms are reminded that they must
ensure that they are in a position to comply with regulatory requirements from the
commencement of business as an authorised person.

c) The importance of compliance with CASS has been well publicised by the Authority both

prior to and during the Relevant Period, including numerous enforcement actions which
have drawn firms’ attention to the need for improved focus on this area and the
importance of protecting client money and safe custody assets.

52. The Authority considers that the factors set out at paragraph 9 above mitigate the breach.

53. Having taken into account these aggravating and mitigating factors, the Authority

considers that the Step 2 figure should be increased by 10%.

54. Step 3 is therefore £151,136.

Step 4: adjustment for deterrence

55. Pursuant to DEPP 6.5A.4G, if the Authority considers the figure arrived at after Step 3 is

insufficient to deter the firm who committed the breach, or others, from committing further
or similar breaches, then the Authority may increase the penalty.

56. The Authority considers that the Step 3 figure of £151,136 represents a sufficient deterrent

to Xcap and others, and so has not increased the penalty at Step 4.

57. Step 4 is therefore £151,136.

Step 5: settlement discount

58. Pursuant to DEPP 6.5A.5G, if the Authority and the firm on whom a penalty is to be

imposed agree the amount of the financial penalty and other terms, DEPP 6.7 provides that
the amount of the financial penalty which might otherwise have been payable will be
reduced to reflect the stage at which the Authority and the firm reached agreement. The
settlement discount does not apply to the disgorgement of any benefit calculated at Step 1.

59. The Authority and Xcap reached agreement at Stage 2 and so a 20% discount applies to

the Step 4 figure.

60. Step 5 is therefore £120,909.

61. The Authority hereby imposes a total financial penalty of £120,900 on Xcap for breaching

Principle 3 and Principle 10.

PROCEDURAL MATTERS

Decision maker

62. The decision which gave rise to the obligation to give this Notice was made by the

Settlement Decision Makers.

63. This Final Notice is given under and in accordance with section 390 of the Act.

Manner of and time for Payment

64. The financial penalty is to be paid in 6 monthly instalments. The first instalment of

£20,150 must be paid by Xcap to the Authority within 14 days of the date of the Final
Notice. The following 5 equal instalments of £20,150 each must be paid on the first day of
the month following the previous instalment (the “Due Date”). If the Due Date for any
given payment falls on a public holiday (including Saturdays or Sundays) in any given
month then the Due Date is deemed to be the first business day immediately following the
public holiday concerned.

If the financial penalty is not paid

65. If any instalment is not paid by the Due Date for that instalment then the remainder of the

financial penalty becomes payable immediately and in full. The Authority may recover the
outstanding amount as a debt owed by Xcap and due to the Authority.

66. Sections 391(4), 391(6) and 391(7) of the Act apply to the publication of information about

the matter to which this notice relates. Under those provisions, the Authority must publish
such information about the matter to which this notice relates as the Authority considers
appropriate. The information may be published in such manner as the Authority considers
appropriate. However, the Authority may not publish information if such publication would,
in the opinion of the Authority, be unfair to Xcap or prejudicial to the interests of
consumers or detrimental to the stability of the UK financial system.

67. The Authority intends to publish such information about the matter to which this Final

Notice relates as it considers appropriate.

Authority contacts

68. For more information concerning this matter generally, contact Naomi Thomas at the

Authority (direct line: 020 7066 7382 /fax: 020 7066 7383).

Enforcement and Financial Crime Division

ANNEX A

STATUTORY PROVISIONS, REGULATORY GUIDANCE AND POLICY

STAUTORY PROVISIONS

1. The Authority’s operational objectives are set out in section 1B(3) of the Financial Services

Act 2012 and include the consumer protection objective, i.e. securing an appropriate
degree of protection for consumers.

2. The Authority has the power, pursuant to section 206 of the Act, to impose a financial

penalty of such amount as it considers appropriate where the Authority considers an
authorised person has contravened a requirement imposed on him by or under the Act.

3. The Authority has the power, pursuant to section 166 of the Act, to require an authorised

person to provide the Authority with a report, made by a person nominated or approved by
the Authority and appearing to have the skills necessary to make such report (referred to
as a skilled person) on any matter about which the Authority has required or could require
the provision of documents or information under section 165 of the Act.

REGULATORY PROVISIONS

4. In exercising its power to impose a financial penalty, the Authority has had regard to the

relevant regulatory provisions and policy published in the Authority Handbook. The main
provisions that the Authority considers relevant to this case are set out below.

Principles for Businesses (“Principles”)

5. Under the Authority’s rule-making powers, the Authority has published in the Authority

Handbook the Principles which apply either in whole, or in part, to all authorised persons.

6. The Principles are a general statement of the fundamental obligations of firms under the

regulatory system and reflect the Authority’s objectives. A firm may be liable to disciplinary
sanction where it is in breach of the Principles.

7. The Principles relevant to this case are:

7.1. Principle 10 (Clients’ Assets) which states that:

“A firm must arrange adequate protection for clients’ assets when it is responsible for
them”

7.2. Principle 3 (Management and Control) which states that:

“A firm must take reasonable care to organise and control its affairs responsibly and
effectively, with adequate risk management systems”

Client Assets sourcebook (“CASS”)

8. CASS 6.1.22G states that Principle 10 (Clients' assets) requires a firm to arrange adequate

protection for clients' assets when it is responsible for them. As part of these protections,
the custody rules require a firm to take appropriate steps to protect safe custody assets for
which it is responsible.

9. CASS 6.2.1R states that a firm must, when holding safe custody assets belonging to

clients, make adequate arrangements so as to safeguard clients' ownership rights,
especially in the event of the firm's insolvency, and to prevent the use of safe custody
assets belonging to a client on the firm's own account except with the client's express
consent.

10. CASS 6.2.2R states that a firm must introduce adequate organisational arrangements to

minimise the risk of the loss or diminution of clients' safe custody assets, or the rights in
connection with those safe custody assets, as a result of the misuse of the safe custody
assets, fraud, poor administration, inadequate record-keeping or negligence.

11. CASS 6.2.3R states that to the extent practicable, a firm must effect appropriate

registration or recording of legal title to a safe custody asset in the name of:

(1) the client (or, where appropriate, the trustee firm), unless the client is an authorised
person acting on behalf of its client, in which case it may be registered in the name of the
client of that authorised person;

(2) a nominee company which is controlled by:

(a) the firm;

(b) an affiliated company;

(c) a recognised investment exchange or a designated investment exchange; or

(d) a third party with whom financial instruments are deposited under CASS 6.3

12. CASS 6.3.1R(1) states that a firm may deposit safe custody assets held by it on behalf of

its clients into an account or accounts opened with a third party, but only if it exercises all
due skill, care and diligence in the selection, appointment and periodic review of the third
party and of the arrangements for the holding and safekeeping of those 1safe custody
assets.

13. CASS 6.3.1R(2) states that a firm must take the necessary steps to ensure that any client's

safe custody assets deposited with a third party, in accordance with this rule are
identifiable separately from the applicable assets belonging to the firm and from the
applicable assets belonging to that third party, by means of differently titled accounts on
the books of the third party or other equivalent measures that achieve the same level of
protection.

14. CASS 6.5.1R states that a firm must keep such records and accounts as necessary to

enable it at any time and without delay to distinguish safe custody assets held for one
client from safe custody assets held for any other client, and from the firm's own applicable
assets.

15. CASS 6.5.2R states that a firm must maintain its records and accounts in a way that

ensures their accuracy, and in particular their correspondence to the safe custody assets
held for clients.

16. CASS 6.5.4G(1) states that carrying out internal reconciliations of the safe custody assets

held for each client with the safe custody assets held by the firm and third parties is an
important step in the discharge of the firm's obligations under CASS 6.5.2 R (Records and
accounts) and, where relevant,1 SYSC 4.1.1 R (General requirements) and SYSC 6.1.1 R
(Compliance).

17. CASS 6.5.4G(2) states that a firm should perform such internal reconciliations:

(a) as often as is necessary; and

(b) as soon as reasonably practicable after the date to which the reconciliation relates;

to ensure the accuracy of the firm's records and accounts.

18. CASS 7.2.14R states that unless a firm notifies a retail client in writing whether or not

interest is to be paid on client money and, if so, on what terms and at what frequency, it
must pay that client all interest earned on that client money. Any interest due to a client
will be client money.

19. CASS 7.3.1R states that a firm must, when holding client money, make adequate

arrangements to safeguard the client's rights and prevent the use of client money for its
own account.

20. CASS 7.3.2R states that a firm must introduce adequate organisational arrangements to

minimise the risk of the loss or diminution of client money, or of rights in connection with
client money, as a result of misuse of client money, fraud, poor administration, inadequate
record-keeping or negligence.

21. CASS 7.4.1R states that a firm, on receiving any client money, must promptly place this

money into one or more accounts opened with any of the following:

(1) a central bank;

(2) a BCD credit institution;

(3) a bank authorised in a third country;

(4) a qualifying money market fund.

22. CASS 7.4.11R states that a firm must take the necessary steps to ensure that client money

deposited, in accordance with CASS 7.4.1 R, in a central bank, a credit institution, a bank
authorised in a third country or a qualifying money market fund is held in an account or
accounts identified separately from any accounts used to hold money belonging to the firm.

23. CASS 7.4.17G states that under the normal approach, a firm that receives client money

should either:

(1) pay it promptly, and in any event no later than the next business day after receipt, into
a client bank account; or

(2) pay it out in accordance with the rule regarding the discharge of a firm's fiduciary duty
to the client (see CASS 7.2.15 R).

24. CASS 7.4.23G states that pursuant to the client money segregation requirements, a firm

operating the normal approach that receives a mixed remittance (that is part client money
and part other money) should:

(1) pay the full sum into a client bank account promptly, and in any event, no later than
the next business day after receipt; and

(2) pay the money that is not client money out of the client bank account promptly, and in
any event, no later than one business day of the day on which the firm would normally
expect the remittance to be cleared.

25. CASS 7.6.1R states that a firm must keep such records and accounts as are necessary to

enable it, at any time and without delay, to distinguish client money held for one client
from client money held for any other client, and from its own money.

26. CASS 7.6.2R states that a firm must maintain its records and accounts in a way that

ensures their accuracy, and in particular their correspondence to the client money held for
clients.

27. CASS 7.6.5G states that a firm should ensure that it makes proper records, sufficient to

show and explain the firm's transactions and commitments in respect of its client money.

28. CASS 7.6.6G(1) states that carrying out internal reconciliations of records and accounts of

the entitlement of each client for whom the firm holds client money with the records and
accounts of the client money the firm holds in client bank accounts and client transaction
accounts should be one of the steps a firm takes to satisfy its obligations under CASS 7.6.2
R, and where relevant SYSC 4.1.1 R and SYSC 6.1.1 R.

29. CASS 7.6.6G(2) states that a firm should perform such internal reconciliations:

(a) as often as is necessary; and

(b) as soon as reasonably practicable after the date to which the reconciliation

relates;

to ensure the accuracy of the firm's records and accounts.


30. CASS 7.6.6G(3) states that the standard method of internal client money reconciliation

sets out a method of reconciliation of client money balances that the Authority believes
should be one of the steps that a firm takes when carrying out internal reconciliations of
client money

31. CASS 7 Annex 1 G states that, as explained in CASS 7.6.6 G, in complying with its

obligations under CASS 7.6.2 R (Records and accounts), and where relevant SYSC 4.1.1 R
(General organisational requirements) and SYSC 6.1.1 R (Compliance), a firm should carry
out internal reconciliations of records and accounts of client money the firm holds in client
bank accounts and client transaction accounts. This Annex sets out a method of
reconciliation that the Authority believes is appropriate for these purposes (the “standard
method” of internal client money reconciliation).

32. CASS 7.6.9R states that a firm must conduct, on a regular basis, reconciliations between

its internal accounts and records and those of any third parties by whom client money is
held.

33. CASS 7.6.10G(1) states that a firm should perform the required reconciliation of client

money balances with external records:

(a) as regularly as is necessary; and

(b) as soon as reasonably practicable after the date to which the reconciliation

relates;

to ensure the accuracy of its internal accounts and records against those of third parties by
whom client money is held.

34. CASS 7.6.10G(2) states that in determining whether the frequency is adequate, the firm

should consider the risks which the business is exposed, such as the nature, volume and
complexity of the business, and where and with whom the client money is held.

35. CASS 7.6.11G states that a method of reconciliation of client money balances with external

records that the Authority believes is adequate is when a firm compares:

(1) the balance on each client bank account as recorded by the firm with the balance on
that account as set out on the statement or other form of confirmation issued by the bank
with which those accounts are held; and

(2) the balance, currency by currency, on each client transaction account as recorded by
the firm, with the balance on that account as set out in the statement or other form of
confirmation issued by the person with whom the account is held;

and identifies any discrepancies between them.

36. CASS 7.6.12R states that any approved collateral held in accordance with the client money

rules must be included within this reconciliation.

37. CASS 7.6.13R – When any discrepancy arises as a result of a firm's internal reconciliations,

the firm must identify the reason for the discrepancy and ensure that:

(1) any shortfall is paid into a client bank account by the close of business on the day that
the reconciliation is performed; or

(2) any excess is withdrawn within the same time period (but see CASS 7.4.20 G and
CASS 7.4.21 R).

38. CASS 7.6.14R states that when any discrepancy arises as a result of the reconciliation

between a firm's internal records and those of third parties that hold client money, the firm
must identify the reason for the discrepancy and correct it as soon as possible, unless the
discrepancy arises solely as a result of timing differences between the accounting systems
of the party providing the statement or confirmation and that of the firm.

39. CASS 7.6.15R states that while a firm is unable to resolve a difference arising from a

reconciliation between a firm's internal records and those of third parties that hold client
money, and one record or a set of records examined by the firm during its reconciliation
indicates that there is a need to have a greater amount of client money or approved
collateral than is in fact the case, the firm must assume, until the matter is finally resolved,
that the record or set of records is accurate and pay its own money into a relevant account.

40. CASS 7.6.16R states that a firm must inform the Authority in writing without delay:

(1) if it has not complied with, or is unable, in any material respect, to comply with the
requirements in CASS 7.6.1 R, CASS 7.6.2 R or CASS 7.6.9 R;

(2) if having carried out a reconciliation it has not complied with, or is unable, in any
material respect, to comply with CASS 7.6.13 R to CASS 7.6.15 R.

41. CASS 7.8.1R(1) states that when a firm opens a client bank account, the firm must give or

have given written notice to the bank requesting the bank to acknowledge to it in writing
that:

(a) all money standing to the credit of the account is held by the firm as trustee

(or if relevant, as agent) and that the bank is not entitled to combine the

account with any other account or to exercise any right of set-off or

counterclaim against money in that account in respect of any sum owed to it on

any other account of the firm; and

(b) the title of the account sufficiently distinguishes that account from any

account containing money that belongs to the firm, and is in the form

requested by the firm.

42. CASS 7.8.1R(2) states that in the case of a client bank account in the United Kingdom, if

the bank does not provide the required acknowledgement within 20 business days after the
firm dispatched the notice, the firm must withdraw all money standing to the credit of the
account and deposit it in a client bank account with another bank as soon as possible.

Decision Procedure and Penalties Manual (“DEPP”)

43. The Authority’s policy in relation the imposition and amount of penalties that applied during

the Relevant Period is set out in Chapter 6 of DEPP.

44. DEPP 6.1.2G provides that the principal purpose of imposing a financial penalty is to

promote high standards of regulatory and/or market conduct by deterring persons who
have committed breaches from committing further breaches, helping to deter other
persons from committing similar breaches, and demonstrating generally the benefits of
compliant behaviour. Financial penalties are therefore tools that the Authority may employ
to help it to achieve its regulatory objectives.

45. DEPP 6.5.1G states that for the purpose of DEPP 6.5 to DEPP 6.5D and DEPP 6.6.2 G, the

term "firm" means firms and those unauthorised persons who are not individuals.

46. DEPP 6.5.2(G) states that the Authority's penalty-setting regime is based on the following

(1) Disgorgement - a firm or individual should not benefit from any breach;

(2) Discipline - a firm or individual should be penalised for wrongdoing; and

(3) Deterrence - any penalty imposed should deter the firm or individual who committed
the breach, and others, from committing further or similar breaches.

47. DEPP 6.5.3(1) states that the total amount payable by a person subject to enforcement

action may be made up of two elements: (i) disgorgement of the benefit received as a

result of the breach; and (ii) a financial penalty reflecting the seriousness of the breach.
These elements are incorporated in a five-step framework, which can be summarised as
follows:

(a) Step 1: the removal of any financial benefit derived directly from the

breach;

(b) Step 2: the determination of a figure which reflects the seriousness of the

breach;

(c) Step 3: an adjustment made to the Step 2 figure to take account of any

aggravating and mitigating circumstances;

(d) Step 4: an upwards adjustment made to the amount arrived at after Steps 2

and 3, where appropriate, to ensure that the penalty has an appropriate

deterrent effect; and

(e) Step 5: if applicable, a settlement discount will be applied. This discount does

not apply to disgorgement of any financial benefit derived directly from
the

breach.

48. DEPP 6.5.3(2) states that these steps will apply in all cases, although the details of Steps 1

to 4 will differ for cases against firms (DEPP 6.5A), cases against individuals (DEPP 6.5B)
and market abuse cases against individuals (DEPP 6.5C).

49. DEPP 6.5.3(3) states that the Authority recognises that a penalty must be proportionate to

the breach. The Authority may decrease the level of the penalty arrived at after applying
Step 2 of the framework if it considers that the penalty is disproportionately high for the
breach concerned. For cases against firms, the Authority will have regard to whether the
firm is also an individual (for example, a sole trader) in determining whether the figure
arrived at after applying Step 2 is disproportionate.

50. DEPP 6.5.3(4) states that the lists of factors and circumstances in DEPP 6.5A to DEPP 6.5D

are not exhaustive. Not all of the factors or circumstances listed will necessarily be relevant
in a particular case and there may be other factors or circumstances not listed which are
relevant.

51. DEPP 6.5.3(6) states that Part III (Penalties and Fees) of Schedule 1 to the Act specifically

provides that the Authority may not, in determining its policy with respect to the amount of
penalties, take account of expenses which it incurs, or expects to incur, in discharging its
functions.

52. DEPP 6.5A sets out the five steps, as described in DEPP 6.5.3(1), for penalties imposed on

firms.

53. DEPP 6.5A.2G(1) states that the Authority will determine a figure that reflects the

seriousness of the breach. In many cases, the amount of revenue generated by a firm from
a particular product line or business area is indicative of the harm or potential harm that its
breach may cause, and in such cases the Authority will determine a figure which will be
based on a percentage of the firm's revenue from the relevant products or business areas.
The Authority also believes that the amount of revenue generated by a firm from a
particular product or business area is relevant in terms of the size of the financial penalty
necessary to act as a credible deterrent. However, the Authority recognises that there may
be cases where revenue is not an appropriate indicator of the harm or potential harm that

a firm's breach may cause, and in those cases the Authority will use an appropriate
alternative.

54. DEPP 6.5A.2G(4) states that the Authority will assess the seriousness of the breach to

determine which level (out of the five levels available, 1 being the least serious and 5 being
the most) is most appropriate to the case.

55. DEPP 6.5A.2(G) (5) to (12) set out various factors which are likely to be relevant to and

how these will be applied in determining the level of seriousness for the breach.

56. DEPP 6.5A.2(13) states that in those cases where revenue is not an appropriate indicator

of the harm or potential harm that a firm's breach may cause, the Authority will adopt a
similar approach, and so will determine the appropriate Step 2 amount for a particular
breach by taking into account relevant factors, including those referred to above. In these
cases the Authority may not use the percentage levels that are applied in those cases in
which revenue is an appropriate indicator of the harm or potential harm that a firm's
breach may cause.

57. DEPP 6.5A.3G(1) states that the Authority may increase or decrease the amount of the

financial penalty arrived at after Step 2, but not including any amount to be disgorged as
set out in Step 1, to take into account factors which aggravate or mitigate the breach. Any
such adjustments will be made by way of a percentage adjustment to the figure
determined at Step 2.

58. DEPP 6.5A.3G(2) sets out a list of factors which may have the effect of mitigating or

aggravating the breach.

59. DEPP 6.5A.4(G) sets out circumstances in which the Authority may consider the figure

arrived at after Step 3 is insufficient to deter the firm who committed the breach or others
from committing further or similar breaches and will therefore increase the penalty.

60. DEPP 6.5A.5(G) states that the Authority and the firm on whom a penalty is to be imposed

may seek to agree the amount of any financial penalty and other terms. In recognition of
the benefits of such agreements, DEPP 6.7 provides that the amount of the financial
penalty which might otherwise have been payable will be reduced to reflect the stage at
which the Authority and the firm concerned reached an agreement. The settlement
discount does not apply to the disgorgement of any benefit calculated at Step 1.


© regulatorwarnings.com

Regulator Warnings Logo