Skip to main content
Image coming soon

CASS Controls Oversight: From Periodic Review to Continuous Assurance

$199.00
Adding to cart… The item has been added

A focused course, tailored for you

CASS Controls Oversight: From Periodic Review to Continuous Assurance

Build the evidence framework that turns your CASS oversight function from a reactive audit pass into a standing assurance posture.

CASS oversight teams running periodic reviews produce gap logs that read well in hindsight but cannot stand up to a live regulatory examination that wants current-state evidence. The shift from periodic to continuous assurance requires a specific framework: defined control owners, real-time reconciliation triggers, daily exception protocols, and an attestation chain that produces dated documentary evidence on demand.

$199 one-time
Tailored to your situation. Access within 24 hours. 30-day money-back.

Includes a hand-built implementation playbook delivered alongside course access, generated for your specific situation.

Why this course

The periodic CASS review cycle creates a structural problem: by the time findings are written up, controls have moved. Reconciliation exceptions that were open for three days in February appear in a March report as closed items with no audit trail showing who closed them or why. FCA examiners doing a CASS oversight inspection do not want the gap log. They want the control owner register, the exception management procedure, the reconciliation sign-off matrix, and dated evidence that each control was operating throughout the period under review. The course is built around the specific artefacts that answer those questions, and the governance chain that keeps them current between examinations.

What you walk away with

  • Design a CASS oversight framework with defined control owners, escalation triggers, and review cadence that maps directly to FCA CASS sourcebook requirements.
  • Build a reconciliation sign-off matrix that produces dated documentary evidence of control operation without relying on the control owner to reconstruct the narrative at examination time.
  • Implement an exception management procedure that captures open items, closure evidence, and root-cause classification in a format FCA examiners accept as continuous assurance.
  • Produce a client asset attestation pack that names the specific artefacts clients expect as evidence of independent oversight of their assets.
  • Draft the internal reporting structure that keeps senior management and the oversight function aligned without duplicating the control owner's day-to-day reconciliation work.
  • Transition from a periodic review calendar to a standing assurance posture that is examinable at any point in the review cycle.

The 12 modules

Module 1. The FCA CASS Oversight Obligation: What the Sourcebook Actually Requires
Module 1 maps CASS 6 and CASS 7 oversight obligations to specific artefacts: the control framework document, the oversight committee terms of reference, the periodic review scope, and the attestation requirement. It distinguishes the oversight function's obligations from the operational team's processing obligations. By the end you have a plain-language summary of what the FCA examiner is entitled to ask for and when, linked to specific sourcebook references.
Module 2. Building the Control Owner Register
The control owner register is the foundation of every CASS oversight framework. Module 2 covers the fields that matter for regulatory purposes: control name, owner, frequency, evidence type, last review date, and open exceptions. It includes a template for the register and a worked example showing how three different control types (reconciliation, segregation, record-keeping) are documented in a single register an examiner can read without a guide.
Module 3. Reconciliation Architecture: What Counts as Evidence
Module 3 distinguishes the reconciliation itself from the evidence that the reconciliation was performed and reviewed. Many CASS oversight teams perform strong reconciliations but produce no independent evidence that the oversight function reviewed the output. This module covers the sign-off chain, the review attestation format, and the minimum retention standard that converts a reconciliation log into auditable evidence of oversight, with a worked example tracing a single exception from identification to documented closure.
Module 4. Daily and Intraday Exception Protocols
Module 4 builds the exception management procedure from the ground up: how an exception is raised, who is notified, what the resolution window is, what closure evidence is required, and how open exceptions are escalated to the oversight function before they age into findings. Covers both CASS 7 client money exceptions and CASS 6 custody breaks, including the materiality thresholds that trigger a breach notification to the FCA under CASS 7.15 and CASS 6.6.
Module 5. The Oversight Committee: Structure, Cadence, and Documentation
Module 5 covers the oversight committee as a regulatory artefact, not just a governance meeting. It addresses the terms of reference, quorum, agenda structure, minute format, and action log in the detail that FCA examiners expect when reviewing committee minutes to determine whether the oversight function was genuinely exercising independent judgement or ratifying the operational team's own reporting. Includes a template terms of reference and a worked set of committee minutes.
Module 6. Periodic Review Design: Scope, Methodology, and Evidence Pack
Module 6 covers the periodic review as a structured methodology. It addresses scope definition, the control testing approach, the evidence pack structure, and the format of the findings register. It includes a worked example of a periodic review with ten findings, showing how each is documented with the control reference, the evidence gap, the agreed remediation, the owner, and the target date, in a format that survives a follow-up examination twelve months later.
Module 7. The Continuous Assurance Posture: Moving Beyond the Annual Cycle
Module 7 introduces the continuous assurance framework as the operational outcome of a mature CASS oversight function. It covers the monitoring schedule, the standing evidence capture process, and the threshold-based escalation framework that means the oversight function is always examination-ready, not scrambling to reconstruct the picture before an FCA visit. Includes the monitoring calendar template and the escalation threshold worksheet calibrated to typical securities firm risk profiles.
Module 8. Client Asset Attestation: What Clients and Depositaries Expect
Module 8 covers the client asset attestation pack from the perspective of what a custodian's client or a prime broker's depositary bank expects to see as evidence of independent oversight. It covers the attestation format, the frequency, the artefacts that should accompany each attestation (control framework version, last periodic review date, open findings summary, reconciliation sign-off), and the process for issuing and storing attestations in a way that holds up to a client due-diligence review.
Module 9. Senior Management Reporting: Information the Right People Can Act On
Module 9 addresses the CASS oversight report to senior management as a regulatory document. It covers the required content, the right level of granularity for a board-level audience, and how to structure the report so it demonstrates independent oversight rather than repeating the operational team's own metrics. Includes the report template and a worked example showing the difference between a report an FCA examiner finds reassuring and one that prompts further questions.
Module 10. FCA Examination Readiness: The Artefact Checklist
Module 10 builds the examination readiness checklist from published FCA CASS inspection findings and thematic review outputs. It covers the fifteen artefacts FCA examiners most frequently request, the common gaps in each, and the format in which each should be presented to minimise follow-up questions. The checklist functions as a working template the oversight team can run through quarterly as a self-assessment tool against current supervisory expectations.
Module 11. Remediating the Gap Log: From Findings to Closed Evidence
Module 11 covers the gap remediation process as a controlled procedure. It addresses how to document a finding's agreed remediation in a way that produces auditable closure evidence, how to manage overdue items without breaching the oversight function's independence, and how to present a remediated gap log to an FCA examiner who has seen the original findings. Includes the remediation tracking template and the closure sign-off format with the evidence standard required for each finding category.
Module 12. Building the Oversight Function for Scale: Procedures, Training, and Succession
Module 12 covers the operational infrastructure that makes the oversight function sustainable when people move: written procedures that do not depend on individual knowledge, a training programme that keeps control owners calibrated to the current framework version, and a succession plan that ensures the oversight posture does not degrade when a key person changes role. Includes the procedure template, the training register format, and the handover documentation standard for the CASS oversight officer function.

How this addresses your situation

Specific modules that map to what you said you are dealing with.

You have a gap log but no standing evidence that controls were operating between the findings dates: Modules 3, 6, 7.
Your FCA examiner wants artefacts you did not produce during the review period: Modules 1, 10, 11.
Your oversight committee is a governance formality rather than an independent review function: Modules 5, 9.
You need to move from annual periodic reviews to a continuous assurance posture without doubling your workload: Modules 2, 4, 7, 12.

What you get with this course

  • Twelve written modules covering the full CASS oversight framework from control owner register through to examination-ready evidence pack.
  • Downloadable templates for every deliverable: control owner register, reconciliation sign-off matrix, exception log, oversight committee terms of reference and minute format, periodic review evidence pack, client asset attestation pack, senior management report, FCA examination readiness checklist, gap remediation tracker.
  • Worked examples in each module showing completed artefacts for a representative CASS oversight scenario at a custodian and at an investment firm.
  • Hand-built implementation playbook tailored to your specific oversight scope, delivered alongside course access.

What you will have in hand by Day 1, Week 1, Month 1

Within 24 hours your account in the learning environment is provisioned and the tailored implementation playbook is delivered alongside it.

Before and after

Before

Periodic gap log produced annually, findings tracked informally, control owners reconstruct the narrative at examination time, attestations issued without a documented evidence chain.

After

Standing oversight framework with a live control owner register, dated reconciliation sign-off chain, documented exception management procedure, and an examination-ready evidence pack that does not require reconstruction.

What happens if you do not address this

FCA CASS oversight examinations are increasingly focused on the quality of the oversight function itself, not just whether reconciliations were performed. Firms that cannot produce continuous assurance evidence are finding that periodic gap logs alone do not satisfy examiners who want to see that the oversight function was actively operating throughout the review period, not just at the points when findings were documented.

Who it is for

CASS Controls and Oversight professionals at custodians, prime brokers, wealth managers, and investment firms operating under FCA CASS rules. You run the oversight function: you own the gap log, the control framework documentation, the reconciliation review process, and the reporting to senior management and the FCA. You know what a well-structured CASS oversight programme looks like in theory. The course is about building the specific evidence artefacts that make it auditable in practice.

Who this is NOT for. Operations staff who handle CASS reconciliations as a daily processing task but do not have oversight or framework-design accountability. Also not for firms in the early stages of CASS implementation who have not yet completed their first periodic review cycle.

How it arrives

Text-based course in the Art of Service learning environment, plus downloadable templates and worked examples for every module, plus the hand-built implementation playbook delivered alongside course access.

Time investment. Twelve modules. Most oversight professionals complete two to three modules per working session. The full course is designed to be completed over five to six working days, with templates deployable immediately as each module is finished.

Why $199 is the right number

FCA-regulated firms typically address CASS oversight gaps through external consultants (expensive, point-in-time, no lasting internal capability) or through internal projects led by the compliance function (slow, diverts compliance resource, often produces documentation that meets the brief but is not structured for repeat examination). This course builds the oversight function's own capability to design, operate, and evidence a continuous assurance posture without external dependency.

FAQ

Does this course cover CASS 6 and CASS 7 separately?
Yes. The control frameworks for client money (CASS 7) and custody assets (CASS 6) have different reconciliation requirements and different attestation standards. The modules address both, and the templates include separate sections for each rule set.
Is this relevant if we are a smaller firm with a lean oversight function?
Yes. The framework is designed to scale. Smaller firms typically need the same artefacts as larger ones but built to a proportionate level of formality. The worked examples include both a larger custodian scenario and a smaller wealth manager scenario so you can calibrate the framework to your own context.
How is the implementation playbook tailored to my scope?
After purchase, the playbook is built specifically for your oversight function: the CASS rules that apply to your firm type, the reconciliation types you run, and the governance structure you operate within. It is not a generic template with your name on it. Happy to answer any questions about scope by reply.

30-day money-back guarantee. If after a week of working through the materials this is not what you needed, reply to the receipt email and a full refund is processed. No questions, no forms.

Within 24 hours your account in the learning environment is provisioned and the tailored implementation playbook is delivered alongside it.

!