CASS Auditor Services: What Firms Need to Know in 2026
CASS auditor services provide independent verification that FCA-regulated investment firms properly safeguard client money and assets. These specialized audits assess compliance with the Client Assets Sourcebook (CASS) rules, protecting investors if a firm fails and ensuring firms meet regulatory obligations through detailed testing of controls, reconciliations, and segregation practices.
If your investment firm holds client money or custody assets, the FCA requires an annual CASS audit. It’s not optional. And it’s not just a box-ticking exercise.
CASS auditor services play a critical role in the financial regulatory framework. They verify that firms correctly segregate client assets from their own, maintain proper records, and follow the rules designed to protect investors if something goes wrong.
But here’s the thing—CASS audits can be complex. The rules are detailed, the testing is thorough, and the consequences of getting it wrong range from qualified opinions to enforcement action.
This guide breaks down what CASS auditor services actually involve, why they matter, and how firms can prepare effectively.
Understanding CASS Auditor Services
CASS auditor services are specialized assurance engagements that examine whether investment firms comply with the FCA’s Client Assets Sourcebook. These aren’t standard financial statement audits—they focus exclusively on how firms handle client money and assets.
The Financial Conduct Authority established CASS rules to prevent client funds from being mixed with a firm’s operational money. When a regulated firm fails, properly segregated client assets can be returned quickly. Without proper safeguarding, clients might become unsecured creditors fighting for scraps.
That’s where CASS auditors come in. They independently verify that the protections are actually working.
What Makes CASS Audits Different
CASS audits don’t follow the same standards as traditional financial audits. They’re conducted under specific FCA rules and require auditors with particular expertise in regulatory compliance.
The scope varies depending on which CASS chapters apply to the firm. CASS 5 covers client money, while CASS 7 deals with custody assets. Some firms need both.
Auditors test controls, review reconciliations, check segregation arrangements, and verify that client disclosures are accurate. The work is detailed and transaction-level testing is common.
Why CASS Auditor Services Matter
The regulatory framework exists for one reason: protecting clients. When firms fail—and they do—properly segregated assets can be returned quickly rather than getting tangled in insolvency proceedings.
CASS auditor services provide independent verification that these protections work. Without them, the FCA would have no assurance that firms are actually following the rules.
The Three Types of Audit Opinions
CASS auditors issue one of three opinion types, and the difference matters significantly.
A clean opinion means the auditor found no material issues. Controls are operating effectively, and the firm is meeting its CASS obligations. This is what every firm wants.
A qualified opinion signals problems. The auditor identified issues that need addressing, though they might not be severe enough to threaten client assets immediately. The FCA will want to see prompt remediation.
An adverse opinion is serious trouble. It means the auditor couldn’t provide assurance that client assets are properly protected. The FCA typically expects immediate action and may intervene directly.
Qualified opinions have become more common as the FCA’s expectations have increased. Firms that previously scraped by with clean opinions now face more rigorous scrutiny.
Key Areas CASS Auditors Examine
CASS auditor services focus on specific areas where things can go wrong. Understanding these helps firms prepare effectively.
Client Money Segregation
For firms subject to CASS 5, auditors verify that client money is held in separate accounts at approved banks. The money can’t be mixed with the firm’s operational funds.
Auditors test whether the firm performs accurate calculations of what should be segregated. They check that reconciliations happen daily and that any discrepancies are investigated promptly.
Bank acknowledgement letters must be in place, confirming that the accounts hold client money and that the bank has no rights to set off against them.
Custody Asset Protection
CASS 7 rules apply to firms holding custody assets—stocks, bonds, and other investments held on behalf of clients.
Auditors verify that these assets are registered correctly, either in the client’s name or in a way that clearly identifies them as client property. Records must show exactly which assets belong to which clients at all times.
Reconciliations between the firm’s records, the custodian’s records, and any sub-custodians must happen regularly. Differences need prompt investigation and resolution.
Governance and Oversight
CASS isn’t just about procedures—it’s about having the right governance structure. Auditors examine whether firms have appointed a CASS oversight function with appropriate authority and resources.
Senior management must understand their CASS responsibilities. The auditor will review evidence that the oversight function reports to senior management and that issues are escalated appropriately.
| CASS Rule | What It Covers | Key Audit Focus |
|---|---|---|
| CASS 5 | Client money | Segregation calculations, daily reconciliations, bank acknowledgements |
| CASS 7 | Custody assets | Registration, reconciliations, asset identification |
| CASS 6 | Custody rules | Safe custody arrangements, record keeping |
| CASS 10 | CASS resolution pack | Completeness, accuracy, accessibility of wind-down data |
Preparing for a CASS Audit
The firms that handle CASS audits best don’t wait until the auditors arrive. Preparation starts months earlier.
Get Your Reconciliations in Order
Reconciliations are the backbone of CASS compliance. If daily reconciliations aren’t happening consistently, or if breaks aren’t investigated promptly, the audit will surface these issues.
Many firms struggle with reconciliation quality. It’s worth conducting an internal review well before the audit to identify and fix problems early.
Review Your CASS Resolution Pack
CASS 10 requires firms to maintain a resolution pack—essentially a detailed instruction manual for returning client assets if the firm fails.
This document needs to be current, accurate, and genuinely usable. Auditors will test whether the information is complete and whether someone unfamiliar with the firm could actually use it to return assets.
Document Everything
CASS auditors need evidence. If controls are operating but not documented, proving compliance becomes difficult.
Ensure that oversight function meetings are minuted, that control testing is documented, and that management reviews are evidenced. The paper trail matters.
Common CASS Audit Issues
Real talk: certain problems appear repeatedly in CASS audits. Knowing what commonly goes wrong helps firms avoid the same pitfalls.
Inadequate Segregation Calculations
Firms sometimes miscalculate how much client money should be segregated. This can happen when the calculation methodology is flawed or when it doesn’t account for all the required factors.
The CASS rules specify exactly what goes into these calculations. Getting it wrong exposes client money to risk.
Weak Reconciliation Processes
Reconciliations that happen late, that allow breaks to persist without investigation, or that don’t include all relevant accounts are common issues.
Auditors will test a sample of reconciliations and look at how quickly the firm resolves discrepancies. Persistent unresolved breaks are a red flag.
Insufficient Governance
Some firms treat CASS oversight as a formality rather than a genuine control function. If the oversight person lacks resources, authority, or direct access to senior management, the auditor will note this.
The FCA expects firms to take CASS governance seriously. It’s not enough to appoint someone and check a box.
Responding to Your CASS Audit Opinion
The audit opinion arrives, and now what? How firms respond depends on what the auditor found.
Clean Opinion: Don’t Get Complacent
A clean opinion is good news, but it doesn’t mean the work stops. CASS compliance is ongoing, and the next audit is already on the horizon.
Use the period after a clean opinion to strengthen any areas where the auditor raised informal observations. They might not have qualified the opinion, but if they noted concerns, address them before they become bigger issues.
Qualified Opinion: Action Required
A qualified opinion demands a structured response. The FCA expects prompt remediation, and firms need to demonstrate they’re taking the issues seriously.
Create a detailed remediation plan with specific actions, responsible owners, and realistic deadlines. Many firms find it helpful to engage their auditor or a CASS consultant to help design effective fixes.
Document everything. The FCA may ask for evidence that remediation is complete, and the next audit will certainly test whether the issues have been resolved.
Adverse Opinion: Crisis Mode
An adverse opinion can trigger regulatory intervention. The FCA may restrict the firm’s activities or require immediate client asset distribution.
Senior management needs to engage directly with the regulator, explaining what went wrong and how it’s being fixed. External expertise is usually necessary—this isn’t the time to go it alone.
Choosing a CASS Auditor
Not all audit firms have deep CASS expertise. The rules are specialized, and experience matters.
Look for auditors who regularly conduct CASS engagements and who understand the specific challenges your type of firm faces. A good CASS auditor doesn’t just identify problems—they help firms understand the underlying issues and suggest practical solutions.
Check that the audit firm is registered to conduct CASS audits and that the engagement team has relevant experience with similar clients.
Get CASS Compliance Right the First Time
CASS audits focus on how firms protect client money and maintain accurate records. Controls, reconciliations, and reporting need to be consistent and supported by clear evidence. Acumon is a UK firm of chartered accountants and registered auditors working with regulated organisations and corporate groups, with audit work delivered using a structured, risk-based methodology and direct involvement from senior audit professionals.
Fix Gaps in Controls and Reporting
Acumon supports organisations with the areas that matter in regulated audit work:
- Review of controls linked to financial reporting and oversight
- Experience working with regulated and multi-entity organisations
- Clear reporting supported by audit evidence
Contact Acumon and discuss your CASS audit requirements.
The Future of CASS Audits
Regulatory expectations continue to evolve. The FCA has signaled that it expects higher standards, particularly around operational resilience and the usability of CASS resolution packs.
Technology is changing how firms handle CASS compliance. Automated reconciliation tools and better data management systems can reduce manual errors and improve control effectiveness.
But technology alone won’t solve everything. The core requirement remains the same: firms must protect client assets through robust processes, effective controls, and genuine governance oversight.
Conclusion
CASS auditor services aren’t just a regulatory hurdle—they’re a critical protection for clients and a verification that firms are meeting their fundamental obligations.
The firms that handle CASS audits most effectively treat them as an opportunity to strengthen controls and governance, not just as compliance tasks to be endured. When reconciliations are tight, documentation is thorough, and governance is genuine, the audit becomes straightforward.
But where shortcuts have been taken or where governance is weak, the audit will expose these gaps. Better to find and fix them through internal review than to discover them when the auditor arrives.
Start preparing early, engage qualified auditors with relevant experience, and treat CASS compliance as the ongoing discipline it is. Client assets deserve nothing less.
Frequently Asked Questions
CASS audit reports must be submitted to the FCA within four months of the firm’s financial year-end. For firms with December 31 year-ends, that means April 30. Missing this deadline can result in enforcement action.
Only firms that hold or control client money or custody assets need CASS audits. If a firm operates under the execution-only model without holding client assets, CASS rules may not apply. Check the specific CASS chapters relevant to your permissions.
Pricing varies widely based on the firm’s size, complexity, and the scope of the audit. Smaller firms might pay several thousand pounds, while larger or more complex operations can face fees in the tens of thousands. Check with audit firms for current pricing specific to your situation.
Yes, and this is common. Using the same audit firm for both engagements can create efficiencies since the auditor already understands the business. However, firms should ensure the CASS team has specialized expertise, not just general audit experience.
A qualified or adverse opinion doesn’t mean automatic closure, but it does trigger regulatory scrutiny. The FCA will expect a detailed remediation plan and evidence of progress. In severe cases, the regulator may impose restrictions until issues are resolved. Prompt, transparent communication with the FCA is essential.
The timeline depends on the firm’s size and complexity. Smaller firms might complete the audit in a few days, while larger operations can take several weeks. Planning typically starts 2-3 months before year-end, with fieldwork happening shortly after.
CASS 5 audits focus on client money—cash held on behalf of clients in segregated bank accounts. CASS 7 audits examine custody assets like stocks and bonds. Some firms need both if they hold both types of client assets, while others may only need one depending on their business model.