CASS 8.3 Records and internal controls

CASS 8.3.1RRP

A firm that has mandates must establish and maintain adequate records and internal controls in respect of its use of the mandates.

CASS 8.3.2RRP

The records and internal controls required by CASS 8.3.1 R must include:

  1. (1)

    an up-to-date list of each mandate that the firm has obtained, including a record of any conditions placed by the client or the firm's management on the use of the mandate and, where a mandate was received in non-written form in the course of, or in connection with, its designated investment business, the details required under CASS 8.3.2C R1;

  2. (2)

    a record of each transaction entered into under each mandate that the firm has;

  3. (3)

    internal controls to ensure that each transaction entered into under each mandate that the firm has is carried out1 in accordance with any conditions placed by the client or the firm's management on the use of the mandate;

  4. (4)

    the details of the procedures and internal controls around the giving of instructions under the mandates that the firm has (such instructions being those referred to in CASS 8.2.1 R (4)); and

  5. (5)

    where the firm holds a passbook or similar documents belonging to the client, internal controls for the safeguarding (including against loss, unauthorised destruction, theft, fraud or misuse) of any passbook or similar document belonging to the client held by the firm.

A firm’s list of mandates

CASS 8.3.2ARRP
  1. (1)

    1A firm's up-to-date list of mandates under CASS 8.3.2 R (1) must be maintained in a medium that allows the storage of information in a way accessible for future reference by the FCA or by an auditor preparing a report under SUP 3.10.4 R.

  2. (2)

    It must be possible for any corrections or other amendments, and the contents of the list prior to such corrections and amendments, to be easily ascertained.

CASS 8.3.2BGRP

1A firm may use version control to comply with CASS 8.3.2A R (2).

CASS 8.3.2CRRP

1An entry in a firm's list of mandates underCASS 8.3.2 R (1) that relates to a mandate that was received in non-written form (eg in a telephone call) in the course of, or in connection with, its designated investment business must, as well as the information referred to at CASS 8.3.2 R (1), include the following details:

  1. (1)

    the nature of the mandate (eg debit card details);

  2. (2)

    the purpose of the mandate (eg collecting insurance premiums);

  3. (3)

    how the mandate was obtained (eg by telephone);

  4. (4)

    the name of the relevant client; and

  5. (5)

    the date on which the mandate was obtained.

CASS 8.3.2DGRP

1If a firm receives information through a telephone call in the course of, or in connection with, its designated investment business that amounts to a mandate as a result of the firm retaining a recording of the call (see CASS 8.2.3 G), the requirements at CASS 8.3.2 R (1) apply, regardless of whether or not the firm intends to use the mandate in the future. The firm will meet the requirements of CASS 8.3.2 R (1) if the firm's list of mandates is updated with the details of the mandate that the firm obtained as a result of the call.

CASS 8.3.2EGRP

1A firm should not reproduce information meeting the conditions under CASS 8.2.1 R as a separate record (eg by including such information in its list of mandates under CASS 8.3.2 R (1)) unless the firm considers this necessary, as this creates additional risk of misuse. Making a record of the details concerning the mandate described in CASS 8.3.2C R would be appropriate.

CASS 8.3.2FGRP

1When keeping its list of mandates under CASS 8.3.2 R (1) up to date:

  1. (1)

    a firm should create a new entry in the list each time the firm obtains a new mandate;

  2. (2)

    if, for an existing entry on its list, a firm obtains the same information meeting the conditions in CASS 8.2.1 R again (eg in a written confirmation following a paperless direct debit), the additional mandate is not a new mandate and the firm should not create another entry on the list; but

  3. (3)

    the firm should, for every entry on its list, identify each of the locations in which it has retained the information that meets the conditions in CASS 8.2.1 R (eg a client's debit card details retained in a telephone recording and also the firm's written log of the call, or two separate documents containing the same information).

Retention of records

CASS 8.3.2GRRP

1A firm must retain the records required under CASS 8.3.1 R in relation to a particular mandate for the following period after it ceases to have the mandate (e.g. because the firm has destroyed the relevant document, electronic record or telephone recording), as applicable:

  1. (1)

    subject to (2), a minimum of one year;

  2. (2)

    a minimum of five years, where the relevant mandate was held by the firm in the course of, or in connection with, its MiFID business.

CASS 8.3.2HGRP

1Where a firm has an obligation under CASS 8.3.2G R to retain records after it ceases to have a particular mandate, it may keep the mandate on the firm's list under CASS 8.3.2 R (1) for the relevant period, but the list should be updated to reflect the fact that it ceased to have the relevant mandate at the relevant date.

CASS 8.3.3GRP

A firm should distinguish between conditions placed by a client on the firm's use of a mandate, and criteria to which transactions effected by a firm with or for a client may be subject.

  1. (1)

    The requirements in CASS 8.3.2 R (1) and CASS 8.3.2 R (3) apply only in respect of conditions placed around the firm's use of a mandate itself or around the instructions described in CASS 8.2.1 R (4). Examples of these include conditions under which a mandate may only be used by the firm in connection with transactions up to a certain value, or under which instructions under a mandate may only be given by certain personnel within the firm.

  2. (2)

    The requirements in CASS 8.3.2 R (1) and CASS 8.3.2 R (3) do not apply in respect of criteria which relate to the nature and circumstances of transactions effected by a firm with or for a client. Examples of those criteria include investment restrictions or exposure limits for a managed portfolio, and required or preferred execution prices or execution venues.