ICQ Log - Consumer Protection: 

Client Assets and the Evolving Regulatory Environment


Last Updated: 01 June 2021

With the expectation of the feedback to the industry consultation on CP 133 to be published later this year, in this blog post Diarmuid Whyte, Director EMEA Client Asset & Depositor Protection Oversight Office Citi and Vice President and Director of the Association of Compliance Officers in Ireland, outlines what Firms will need to consider on their existing arrangements to ensure they meet the CBI’s expectations.

The protection of “Client Assets” is not a new concept. It has existed and been a key area of supervisory focus for the Central Bank of Ireland (“CBI”) and other financial regulators across the region for a number of years. For those less familiar with the area, “Client Assets” arise when a regulated financial services provider (“Firm”) provides safekeeping services in respect of client funds (money) and client financial instruments (securities), which it receives and holds in the course of undertaking regulated investment business for clients. Holding client assets introduces a duty of care by the Firm to the client for the protection of those assets, to ensure they can be swiftly returned to the client, particularly in the event the Firm fails. For this to happen, the Firm is required to segregate the clients’ assets from those assets of the Firm.
In 2015, the CBI introduced the Client Asset Regulations (“CAR”) for Investment Firms 1 and the Investor Money Regulations (“IMR”) 2 for Fund Service Providers. The introduction of the European Union (Markets in Financial Instruments) Regulations 2017 (the “MiFID Regulations”) in 2018 brought with it further changes to the client asset regulatory regime, however retained the core principles of client asset protection measures 3

The last few years has seen increased diversity and complexity in offerings from firms, with a number of new entrants to the Irish market. Recognising this evolving environment, on the 3rd December 2020 the CBI published its consultation paper CP 133 – Enhancements to the Client Asset Regulations 4 . This consultation paper seeks to enhance the existing client asset rules, while also extending its applicability to credit institutions. The CBI noted in the consultation paper the view that extending the scope and application of the CAR to credit institutions will “ensure a level playing field for the regulation and supervision of all Irish regulated entities holding client assets” and ensure “a high level of protection for clients”. 

The proposals outlined in CP 133 and the final Regulations (when published), will require careful consideration. CP 133 contains a significant number of obligations to ensure the governance and oversight arrangements for client assets are robust. Firms will need to reflect on their existing arrangements to ensure they meet the CBI’s expectations. 

Client Asset Oversight Officer Responsibilities

The role of Head of Client Asset Oversight (“HCAO”) (Pre-Approval Controlled Function 45) presently applies to the investment firm sector (predominately MiFID 5 investment firms). The CBI has noted that the extension of the CAR to credit institutions will increase the accountability for an individual occupying this role. The CAR draws out a number of specific responsibilities which do not currently apply under the existing MiFID requirements for credit institutions.


The most significant of these responsibilities include:

a) Ensuring that Funds Facilities Agreement and Financial Instruments Facilities Agreement remain accurate and up to date;

b) Approving any reports in relation to client assets that are submitted to the CBI;

c) Undertaking an assessment of risks to client assets arising from the Firm’s business model;

d) Ensuring that the CBI is notified of any breaches; and

e) Ensuring that the Client Asset Management Plan (“CAMP”) is produced, reviewed and updated.


Client Asset Management Plan

The CAMP is required to be a comprehensive document with the objective of demonstrating the governance and oversight arrangements that a Firm has implemented and which can provide assurance over its compliance. The development and maintenance of the CAMP is one of the most significant responsibilities of the HCAO and requires periodic review. The CAMP should be subject to challenge and approved at least annually by the Board.

The CAMP is required to consider inter alia:

a) details of a firm’s business model, operational structures and governance arrangements;

b) the range of investment services provided and type of client assets held by a firm;

c) a client asset applicability matrix (mapping of product and service offering and where client assets could arise); - new (see below)

d) the risks to the safeguarding of client assets including those specific to the particular business model of the firm;

e) the processes and controls in place to mitigate the risks to the safeguarding of client assets;

f) information to facilitate the distribution of client assets; particularly in the event of the firm’s insolvency;

g) where a firm outsources to another party any activity related to the safeguarding of client assets, including the performance of the reconciliation or the daily calculation;

h) the basis and criteria that will be used by a firm to determine materiality such as escalations and notifications in respect of client assets;

i) such other matters as may be determined by the Firm from time to time; and

j) the location of a Firm’s internal client asset breach and incident log – new

The CAMP should allow an independent reader, such as the CBI or an external auditor, to review and gain an understanding of the arrangements adopted by the Firm, and also allow an insolvency practitioner to understand key areas where client assets arise, in order to ably distribute assets back to the client, particularly in the event the Firm fails.

Client Asset Applicability Matrix

The Client Asset Applicability Matrix, once introduced, will be a key element of the CAMP. It requires a clear and documented consideration of the products and services undertaken by the Firm and where client assets arise within those offerings. In embedding this process, Firms will be required to conduct an initial and an ongoing assessment of the client asset elements. The applicability matrix is a key tool which should facilitate further risk considerations by Firms.

Client Asset Risk Matrix and Why?

Understanding the risks firms’ face plays an integral part in the decision making of senior management. It helps ensure appropriate resource and investment can be allocated to address heightened risk areas. Identifying the risks to the safeguarding of client assets requires similar discipline. The requirements of CAR necessitate consideration of the risks that arise in firms’ client asset environments and requires their capture via the Client Asset Risk Matrix within the CAMP.

The Client Asset Risk Matrix is expected to capture details of the controls and processes that have been implemented by firms to mitigate client asset associated risks. This risk focussed approach allows firms to identify areas that may merit further or revised controls.

Enhanced client disclosure obligations

The consultation paper proposes the enhancement of existing disclosure obligations captured under the 2017 CAR. I believe the key theme of the Regulations is to ensure the client is protected and the inclusion of increased disclosure allows clients to gain a greater understanding of the client asset risks that they may face. A key element of the disclosure will involve clarity of how their money is held by firms and credit institutions, including whether their money will be protected under the depositor protection provisions 6 rather than as client funds.

The Regulations extend beyond increased transparency and will require express consents in a number of areas, such as the use of client financial instruments for the purposes of collateral margined transactions.

These requirements are likely to involve changes in client agreements, requiring engagement with clients to ensure explicit consents have been received. The records of these consents are proposed to be retained for a period of six years, aligning to MiFID recording keeping provisions, and could be an area of review.


It is understood that feedback to the industry consultation will be published later this year. Compliance professionals working in the Client Assets area are advised to keep abreast of these developments and to ensure that where managed directly by the relevant HCAO they can work in conjunction with them, to ensure compliance with the new and enhanced client asset regulatory regime. The changes suggested should not be underestimated, particularly for first time adopters, where client assets may be one strand of the larger business model, but are an important area of compliance and one where the CBI is unlikely to offer much leniency for errors.  

Lawyer Photo

Author: Diarmuid Whyte

Vice President and Director of the Compliance Institute

ICQ Summer Edition 2021

This article was taken from the ACOI's ICQ Summer Edition 2021