"There is no excuse for not having robust controls and oversight systems in place to ensure their processes comply with our rules when CASS functions are outsourced."
Its investigation found that Aviva failed to put in place appropriate controls over Third Party Administrators and did not sufficiently challenge their internal controls, competence and resources.
Aviva was also found to have ineffective CASS oversight arrangements resulting in the delayed detection and rectification of risks and compliance issues.
CASS rules are designed to protect client money and custody assets if a firm becomes insolvent and to ensure money and assets can be returned to clients as quickly as possible.
The FCA also found deficiencies with Aviva’s internal reconciliation process which resulted in the under- and over-segregation of client money. During the period from 10 February 2014 to 9 February 2015 under-segregation peaked at £74.4m.
Whilst the FCA considers the failings to be serious, in particular given that CASS Rule breaches were identified in Aviva’s annual external CASS reports for consecutive years, it confirmed that there was no actual loss of client money or custody assets in this instance.
However, the rules are designed to be preventative and had Aviva suffered an insolvency event during the period, the FCA believes customers could have suffered loss due to Aviva’s non-compliance.
Aviva agreed to settle at an early stage and therefore qualified for a 30% discount. Without the settlement discount, the fine would have been £11,781,262.
Mark Steward, Director of Enforcement and Market Oversight at the FCA, said: “Aviva outsourced the administration of client money and external reconciliations in relation to custody assets, but failed to ensure that it had adequate controls and oversight arrangements to effectively control these outsourced activities. With outsourced arrangements firms remain fully responsible for compliance with our CASS rules. Firms are reminded that regulated activities can be delegated but not abdicated.
“Other firms with similar outsourcing arrangements should take this as a warning that there is no excuse for not having robust controls and oversight systems in place to ensure their processes comply with our rules when CASS functions are outsourced.
"This is the first CASS case in relation to oversight failures of outsourcing arrangements and we will continue to take action against firms that fall short of our CASS Rules.”
