The final report (the “Final Report”) released by the International Organisation of Securities Commission (“IOSCO”) at the end of July sets out their findings on how jurisdictions are progressing since IOSCO published their 2014 report (the “Report”) regarding the protection of client assets. IOSCO’s review team has looked into whether and to what extent the 36 participating jurisdictions have been taking steps to adopt legislation, regulation or policies to meet the 8 principles that IOSCO set out in the Report (the “Principles”).

The Principles apply to “intermediaries” i.e. securities firms that hold client assets and are engaged in the business of managing client accounts which could include, without limitation, executing orders on behalf of clients/others and dealing in or distributing securities (including carrying derivative positions).

The Principles and the findings were as follows:

  1. An intermediary should maintain accurate and up-to-date records and accounts of client assets that readily establish the precise nature, amount, location and ownership status of client assets and the clients for whom the client assets are held. The records should also be maintained in such a way that they may be used as an audit trail.
    • Findings: 30 out of 36 jurisdictions have taken measures to segregate each client’s assets from other clients’ assets and from the intermediary’s own assets.
  2. An intermediary should provide a statement to each client on a regular basis detailing the client assets held for or on behalf of such clients.
    • Findings: All participating jurisdictions except Australia have taken measures to implement rules that require intermediaries to provide statements to their clients detailing the assets held for or on behalf of the client.
  3. An intermediary should maintain appropriate arrangements to safeguard the clients’ rights in client assets and minimise the risk of loss and misuse.
    • Findings: 24 out of 36 jurisdictions have taken measures with respect to this principle.
  4. Where an intermediary places or deposits client assets in a foreign jurisdiction, the intermediary should understand and take into account the foreign regime to the extent necessary to achieve compliance with applicable domestic requirements.
    • Findings: 30 out of 36 jurisdictions have taken at least one of the following approaches: Explicitly requiring intermediaries to conduct due diligence on third parties that hold client assets; Designating certain types of regulated entities as approved or acceptable custodians where client assets may be held; or, Relying on the intermediary’s duty of care or regulatory code of conduct that applies when dealing with third-party custodians.
  5. An intermediary should ensure that there is clarity and transparency in the disclosure of the relevant client asset protection regime(s) and arrangements and the consequent risks involved.
    • Findings: 26 out of 36 jurisdictions have taken measures to impose upon its intermediaries’ general disclosure requirements deemed relevant to the protection of client assets or requiring specific disclosure if a foreign client asset regime requires and that any such disclosure must be transparent and clear.
  6. Where the regulatory regime permits clients to waive or to modify the degree of protection applicable to client assets or otherwise to opt out of the application of the client asset protection regime, such arrangements should be subject to certain safeguards i.e. with the client’s explicit consent, client has been provided with clear and understandable disclosure of the risks, and such arrangements are limited to particular categories of clients and such categories to be clearly defined.
    • Findings: For 12 jurisdictions, this principle was not applicable. 19 out of the remaining 24 had suitable measures in place including adequate disclosure processes.
  7. Regulators should oversee intermediaries’ compliance with the applicable domestic requirements to safeguard client assets.
    • Findings: All but Serbia have measures in place to implement this principle.
  8. Where an intermediary places or deposits client assets in a foreign jurisdiction, the regulator should, to the extent necessary to perform its supervisory responsibilities concerning applicable domestic requirements, consider information sources that may be available to it, including information provided to it by the intermediaries it regulates and/or assistance from local regulators in the foreign jurisdiction.
    • Findings: All but Armenia have adopted measures in accordance with this principle or at least have entered into cooperation agreements with other regulators for either supervisory or enforcement purposes.

Of the participating jurisdictions, the following 17 jurisdictions had not published any measures in relation to some of the principles:

  • Argentina;
  • Armenia;
  • Australia;
  • Brazil;
  • Cayman Islands;
  • China;
  • Ecuador;
  • Hong Kong;
  • India;
  • Jersey;
  • Mexico;
  • New Zealand;
  • Pakistan;
  • Serbia;
  • South Africa;
  • Switzerland; and
  • UAE

Nonetheless, IOSCO is confident from their findings that the majority of participating jurisdictions have generally adopted a client asset protection regime described by the Principles.


To access the Final Report, please click here.

For more information, and any guidance or advice on custodial activities and/or the FCA’s rules on the protection and safeguarding of client assets, Cleveland & Co, your External in-house counsel, are here to help.