21 September 2017
visit www.avoka.com

FCA fines Aviva over shoddy outsourcing oversight

05 October 2016  |  3331 views  |  0 Source: Financial Conduct Authority

The Financial Conduct Authority (FCA) has today fined Aviva Pension Trustees UK Limited and Aviva Wrap UK Limited (together Aviva) £8,246,800 for failings in its oversight of its outsourced providers in relation to the protection of client assets.

The Client Assets Sourcebook (CASS) rules are there to protect client money and custody assets if a firm becomes insolvent and to ensure money and assets can be returned to clients as quickly as possible.

Mark Steward, Director of Enforcement and Market Oversight at the FCA said:

“Aviva outsourced the administration of client money and external reconciliations in relation to custody assets, but failed to ensure that it had adequate controls and oversight arrangements to effectively control these outsourced activities. With outsourced arrangements firms remain fully responsible for compliance with our CASS rules. Firms are reminded that regulated activities can be delegated but not abdicated.

“Other firms with similar outsourcing arrangements should take this as a warning that there is no excuse for not having robust controls and oversight systems in place to ensure their processes comply with our rules when CASS functions are outsourced.

"This is the first CASS case in relation to oversight failures of outsourcing arrangements and we will continue to take action against firms that fall short of our CASS Rules.”

The CASS Rules are there to protect client assets. Aviva breached the FCA’s CASS Rules and requirements that firms should have adequate management, systems and controls (Principle 3) and properly safeguard clients’ assets (Principle 10) between 1 January 2013 and 2 September 2015.

During the period Aviva failed to put in place appropriate controls over Third Party Administrators (TPAs) to which they had outsourced the administration of client money and external reconciliations in relation to custody assets. This resulted in Aviva failing to sufficiently challenge the internal controls, competence and resources of their TPAs. Aviva also failed to dedicate adequate resource and technical expertise to enable them to implement effective CASS oversight arrangements resulting in their delayed detection and rectification of CASS risks and compliance issues.

The FCA also found deficiencies with Aviva’s internal reconciliation process which resulted in the under- and over-segregation of client money. During the period from 10 February 2014 to 9 February 2015 under-segregation peaked at £74.4m.

The failings also meant that Aviva was unable to meet their obligations under the CASS Rules, such as the requirements to:

submit accurate Client Money and Asset Returns (CMAR); and
maintain an adequate CASS resolution pack.

Whilst the FCA considers the failings to be serious, in particular given that CASS Rule breaches were identified in Aviva’s annual external CASS reports for consecutive years, there was no actual loss of client money or custody assets in this instance. However, the rules are designed to be preventative and had Aviva suffered an insolvency event during the period, customers could have suffered loss due to Aviva’s non-compliance with the CASS Rules.

​​Aviva agreed to settle at an early stage and in doing so it qualified for a 30% discount. Without the settlement discount, the fine would have been £11,781,262.

Comments: (0)

Comment on this story (membership required)

Related company news

 

Related blogs

Create a blog about this story (membership required)
visit www.vasco.comvisit www.temenos.comvisit www.capgemini.com

Top topics

Most viewed Most shared
HSBC switches on selfie payments in ChinaHSBC switches on selfie payments in China
12211 views comments | 26 tweets | 41 linkedin
Equifax hack: Visa and Mastercard flag 200k compromised credit cardsEquifax hack: Visa and Mastercard flag 200...
10855 views comments | 6 tweets | 17 linkedin
Dutch bank sentences teenage DDoS culprit to community serviceDutch bank sentences teenage DDoS culprit...
9476 views comments | 6 tweets | 3 linkedin
Apple P2P payments service nears launchApple P2P payments service nears launch
8076 views comments | 18 tweets | 26 linkedin
UAE banks pool cyber security dataUAE banks pool cyber security data
8050 views comments | 5 tweets | 4 linkedin

Featured job

Competitive base + commission + benefits
Denmark, Finland, Iceland, Norway or Sweden

Find your next job