The Financial Conduct Authority has fined Aviva Pension Trustees UK Limited and Aviva Wrap UK Limited a combined £8.2bn for failing to oversee its outsourced providers in relation to the protection of client assets.

The original fine was £11,781,262 but Aviva agreed to settle at an early stage and as a result qualified for a 30 per cent discount and instead paid £8,246,800.

FCA director of enforcement and market oversight Mark Steward explained that Aviva outsourced the administration of client money and external reconciliations in relation to custody assets, but “failed to ensure that it had adequate controls and oversight arrangements to effectively control these outsourced activities”.

The FCA said Aviva breached its Client Assets Sourcebook (CASS) rules, which are there to protect client money and custody assets if a firm becomes insolvent and to ensure money and assets can be returned to clients as quickly as possible.

Aviva breached the FCA’s CASS Rules and requirements that firms should have adequate management, systems and controls (Principle 3) and properly safeguard clients’ assets (Principle 10) between 1 January 2013 and 2 September 2015.

During the period Aviva failed to put in place appropriate controls over Third Party Administrators (TPAs) to which they had outsourced the administration of client money and external reconciliations in relation to custody assets. This resulted in Aviva failing to sufficiently challenge the internal controls, competence and resources of their TPAs.

Aviva also failed to dedicate adequate resource and technical expertise to enable them to implement effective CASS oversight arrangements resulting in their delayed detection and rectification of CASS risks and compliance issues.

The FCA also found deficiencies with Aviva’s internal reconciliation process which resulted in the under- and over-segregation of client money. During the period from 10 February 2014 to 9 February 2015 under-segregation peaked at £74.4m.

The failings also meant that Aviva was unable to meet their obligations under the CASS Rules, such as the requirements to submit accurate Client Money and Asset Returns (CMAR) and maintain an adequate CASS resolution pack.

Whilst the FCA considers the failings to be serious, in particular given that CASS Rule breaches were identified in Aviva’s annual external CASS reports for consecutive years, there was no actual loss of client money or custody assets in this instance. However, the rules are designed to be preventative and had Aviva suffered an insolvency event during the period, customers could have suffered loss due to Aviva’s non-compliance with the CASS Rules.
It is the first time the FCA has taken action over a company for breaching its CASS rules in relation to oversight failures of outsourcing arrangements.

“With outsourced arrangements firms remain fully responsible for compliance with our CASS rules. Firms are reminded that regulated activities can be delegated but not abdicated,” Steward added.

“Other firms with similar outsourcing arrangements should take this as a warning that there is no excuse for not having robust controls and oversight systems in place to ensure their processes comply with our rules when CASS functions are outsourced.”

Share Story: