CSUK failed to “adequately protect” client assets, carried out a regulated activity without permission and made a false statement to the FCA, the regulator found
Customers of the US-owned company affected by the breaches were retail customers who needed the greatest level of protection, the watchdog said in a statement today.
However, no clients have lost money as a result of the breaches and CSUK has taken “remedial” steps.
The breaches took place between August 2017 and April 2019 after CSUK changed its business model.
Client money was swept across from CSUK to its affiliate Charles Schwab & Co, Inc. (CS&C), a firm based in the United States.
The client assets were subject to UK rules but held in CS&C’s general pool. This pool contained both firm and client money and was held for both UK and non-UK clients.
The FCA said CSUK failed to arrange adequate protection for its clients’ assets under UK rules.
CSUK failings included:
- Not having the right records and accounts to identify its customers’ client assets
- Not undertaking internal or external reconciliations for customers’ client assets
- Not having adequate organisational arrangements to safeguard client assets
- Not maintaining a resolution pack, which would help to ensure a timely return of client assets in an insolvency
CSUK also carried out a regulated activity without permission. It did not at all times have permission to safeguard and administer custody assets and failed to notify the FCA of the breach when applying for the correct permission.
CSUK also made a false statement to the FCA. Without making adequate enquiries to check whether this was correct, the firm inaccurately informed the FCA that its auditors had confirmed that it had adequate systems and controls in place to protect client assets.
The firm took remedial action after discovering the breaches.
The regulator said there was no loss of client assets and CSUK stopped holding client assets from 1 January 2020. CSUK agreed to settle the case and qualified for a 30% discount. The financial penalty would otherwise have been £12,804,600.
Mark Steward, executive director of enforcement and market oversight at the FCA, said: “Charles Schwab UK failed to get the correct permissions from the FCA; then failed to be open with us and, finally, failed to put in place the necessary safeguards to ensure, if required, there could be an orderly return of client assets.
“As we saw with Lehman Brothers and subsequent cases, a lack of client asset protections can easily lead to increased costs to consumers and funds being trapped for long periods of time.
“Firms, including newly-established businesses or firms coming into the UK from overseas, are responsible for ensuring they comply with our rules, and are expected to make sure they have the right protections in place.”