Firstly, in the context of this question, it’s important to define what a books and records breach under CASS looks like and why such incidents must be resolved promptly to minimise recurrence.
Firms should look to identify a books and records breach when it fails to adhere to the CASS rules regarding the proper recording, reconciliation, segregation of client assets and how shortfalls and discrepancies are managed to resolution.
Firms must maintain accurate and complete records of client assets, including details of holdings, transactions, and movements of assets.
The rules for CASS reconciliations require Firms to regularly reconcile their internal records and with those of third parties (such as custodians or banks) to ensure that client assets are correctly accounted for. A breach can happen if these reconciliations are not conducted as required or discrepancies are not promptly addressed.
Under segregation, client assets must be segregated from the firm’s own assets to prevent commingling. If there’s a failure to properly segregate client assets, it can lead to a books and records breach.
With discrepancy management and shortfall treatment, fully narrated records are crucial, with Firms required to promptly identify and rectify any shortfalls in client asset accounts. If a Firm fails to address a shortfall or doesn’t take appropriate actions to remedy the situation, it can result in a breach.
In respect of minimising such breaches, Firms must have the appropriate breach escalation processes in place and ensure their staff who have CASS touchpoints in their day-to-day activities have the necessary knowledge and training to identify such breaches when they occur. Given the likely higher occurrence of such breaches, it’s important for Firms to capture, investigate, and perform root cause analysis on as many of these breaches as possible in order to understand upstream control deficiencies both operationally and those of a more technical or systemic nature. Books and record breaches, investigated thoroughly, can often be symptomatic of more pervasive issues that require attention, reducing the risk of CASS rule breaches of a more significant nature.
Staff who are involved in day-to-day operational processes should be encouraged to raise such incidents through continuous appraisal and assessment of the controls and processes for which they are responsible for. By challenging the design of controls through a process of monitoring, Firms can ensure they have the most appropriate measures in place by which to minimise such breaches.
To see how Grath can assist in reducing operational breaches across books and records, speak to a member of our team today!