DRAFT

BOARD CONFIDENTIAL

CASS Committee Meeting

CASS committee - Year end Breach sign offs (copy)

31st March 2026

Commencing at [time]

[Location]

Present

Mr A. Dymock (in the chair)

Ms G. Smith

Ms C. Haskett

Ms D. Allen

[Participant 1]

[Participant 3]

[Participant 4]

[Participant 5]

In Attendance

None recorded.

Apologies

None received.

Quorum

It was noted that a quorum was present and the meeting was declared open.

Declarations of Interest

No new declarations of interest were made.

Previous Minutes

There were no previous minutes to approve.

Matters Arising

There were no matters arising not otherwise covered by the agenda.

1. Year End CASS Breach Review - Overview

The committee received a comprehensive review of all outstanding CASS breach responses ahead of the year-end audit. It was noted that most breaches were close to resolution, with breach 7 (cash ledger reconciliation) deferred to the afternoon session scheduled for 1:30 pm.

The committee noted that breach 2 (terms of business) was completed, with over 8,000 member emails dispatched on 30th March and approximately 2,000 postal copies sent to Cornerstone for distribution. It was further noted that breaches 8 (Hickling funds) and breach 9 (Metro due diligence) required only final documentation before submission, while breach 10 (diversification) would be evidenced by minutes from this meeting plus a ratification note.

2. Terms of Business Update (Breach 2)

The committee noted that the terms of business wording had been updated to state that client money is held in accordance with FCA client assets rules, with this statement added as a footer on all outgoing correspondence. It was reported that over 8,000 member emails were dispatched on 30th March, with approximately 2,000 postal copies sent to Cornerstone for postal distribution.

It was noted that Marcus had added a direct link on the website enabling members to locate the terms of business easily. The committee was informed that Liam had saved a copy of every letter to the S drive, providing a retrievable record for audit purposes should the auditor request proof for specific members during the May audit.

3. IT Access Control Policy (Breach 5)

The committee considered the auditor's requirements for evidence of restricted system access, specifically regarding the number of super administrators with access to Imago and Metropolis systems. It was noted that Mr Dymock had referred to CAS policy 6.5, which states that Imago access is restricted to authorised staff with individual logins and that system changes require sign-off from the director of financial governance.

The committee noted that comprehensive permissions spreadsheets had been provided by Liam and would be uploaded alongside the verifiers policy, with reference to policy section 6.5.

4. Hickling Funds and Charity Account (Breach 8)

The committee considered the position regarding £188.43 across four line items belonging to member R. Hickling, whose scheme closed in December 2024 with no subsequent member contact. It was noted that the investment company had refused to accept the funds back.

The committee noted that the £188.43 formed part of the £311.67 that had previously been paid to charity (Uncle Paul's Chilli Farm), and that AllTrust had returned the full £311.67 to the charity account on 27th March. The committee was informed that the auditor required the funds to be explicitly allocated to Hickling on the movement log.

It was noted that the movement log showed each amount per member, but the return entry only appeared on 27th March after the version already submitted to the auditor. The committee agreed that an updated movement log would be provided showing the £311.67 return with line-by-line breakdown of amounts relating to specific members.

The committee noted that Mr Dymock had clarified the de minimis threshold under CAS rules (7.110.57r) as £25 for retail clients and £100 for professional clients, requiring one contact attempt and a 28-day waiting period before retaining balances. It was observed that this breach would never fully close, as sending money to charity constituted a breach regardless, with the auditor confirming that returning the funds was the lesser of two evils.

5. Metro Bank Due Diligence (Breach 9)

The committee noted that the auditor required the due diligence assessment to include the amount of client money held with Metro as a proportion of the credit institution's capital and deposits. It was agreed that current balances across all five CASS accounts as at 31st March would be provided to complete the spreadsheet.

The committee noted that once complete, the document required board sign-off, with Ms Allen suggesting email confirmation from board members. Mr Dymock agreed to provide written confirmation of board approval following completion.

6. Diversification Assessment (Breach 10)

The committee noted that no prior response had been submitted for this breach, with minutes from this meeting serving as evidence. Mr Dymock explained the firm's position that given typically low balances in CASS accounts, there was no benefit to the complexity of multiple banking partners.

The committee ratified a board-level discussion that took place over the Christmas period when a large, unforeseen payout from a Bright administration (approximately £80 million) required an out-of-cycle decision. It was noted that Ms Smith, Colin, and James were involved in those discussions.

7. Reconciliation Frequency Policy (Breach 15)

The committee considered the auditor's concern that the policy did not justify conducting external reconciliations less frequently than daily, particularly for the charity and income tax accounts which had been reconciled monthly.

It was noted that all five CASS accounts were now reconciled daily in practice, with the policy requiring updating to reflect current procedures. The committee agreed that CAS policy 6.4.3 would be updated to state that external client money reconciliations must be conducted each business day based on the close of business position from the previous day, with annual frequency reviews.

The committee noted that the income tax account (AllTrust SIP Client Tax, ending 4220154) was closing, with the final payment received on 21st March. Once the April 21st PRAS tax reclaim was confirmed into the new distribution account, the old account would be closed.

8. Additional Breach Matters

The committee noted that breach 8 (charity account funds) required uploading of bank statement evidence and the de minimis policy to complete the response. For breaches 9 and 10 (client money letter), it was noted that Metro Bank should be chased for the outstanding client money letter.

9. Cash Ledger Reconciliation (Breach 7) - Deferred

The committee noted that breach 7, concerning cash ledger reconciliation across all five CASS accounts (PRAS, PAYE, Imago, distributions on Metropolis, and charity account), remained the most complex outstanding matter. This required two independent internal records and two external reconciliation records, plus a summary sheet showing total requirement, total resource, and total comparison.

It was noted that Liam was working on obtaining whitelisted IP addresses from Metro to consolidate systems, but this remained approximately one month away. The committee agreed to defer detailed consideration of this matter to the 1:30 pm session.

Any Other Business

No other business was raised.

Date of Next Meeting

The committee agreed to reconvene at 1:30 pm to address the outstanding cash ledger reconciliation matter.

Close

There being no further business to be addressed in this session, the Chair declared the meeting adjourned at [time] until 1:30 pm.