CASS in Finance: Meaning and Client Money Rules for UK Businesses

If your business handles customer funds, holds money on behalf of clients, or operates in the payments or investment space, you’ve probably seen the term CASS come up.

And if you’ve ever Googled “CASS meaning in finance”, you’re not alone - because CASS sits right at the intersection of day-to-day operations (how you take, hold and move money) and serious regulation (what the FCA expects you to do to keep client assets safe).

In this guide, we’ll break down what CASS means in finance, when it applies, what the client money rules are trying to achieve, and the practical steps UK businesses can take to reduce risk and stay compliant.

Important note: CASS compliance is detailed and fact-specific. This article is general information for UK businesses - it’s not a substitute for tailored legal/regulatory advice for your model.

What Does CASS Mean In Finance?

CASS stands for Client Assets Sourcebook. It’s a part of the FCA Handbook that sets out rules for certain FCA-authorised firms (and in some cases specific group arrangements) that:

• hold or control client money (for example, money belonging to a customer), and/or
• hold or control custody assets (for example, investments or financial instruments held for clients).

In plain English, the meaning of CASS in finance is this:

CASS is the FCA’s rulebook for protecting client money and assets where an authorised firm is responsible for looking after them.

The big picture goal is straightforward: if something goes wrong in a firm (cashflow problems, insolvency, fraud, operational error), client money and assets should be protected and, as far as possible, returned to clients promptly.

Why CASS Matters For Small Businesses

CASS isn’t just a “big bank” issue. Many SMEs and startups now operate in regulated ecosystems - including payments, wealthtech, broker services, insurance distribution, and platforms that facilitate transactions.

If you’re building a business that touches customer funds, you’ll want to understand early:

• whether you’re handling client money (or custody assets) or simply collecting your own business revenue,
• what disclosures you need to make to customers, and
• how your contracts and operational processes should be set up from day one.

When Do The CASS Client Money Rules Apply To Your Business?

CASS applies to FCA-authorised firms when they carry on activities and arrangements that mean they receive, hold or control client money or hold or control custody assets in scope of the rules.

Whether you’re “in scope” depends on your permissions, your business model, and what you do with customer funds in practice - not just what you call it in marketing. And importantly, not every business that handles customer funds is subject to CASS.

Common Business Scenarios Where CASS Can Be Relevant

Here are examples where CASS issues commonly show up:

• Investment businesses (advisers, managers, brokers) that receive client funds for investing, or hold custody assets for clients.
• Platforms that receive or control money before passing it to another party (depending on structure and authorisations).
• Firms holding deposits or margins linked to investment activity.
• Insurance distribution models where premiums are received and held before being passed to insurers (there are specific rules around this in the FCA framework).

If you operate as a payment institution or e-money institution, your customer funds are typically protected under the PSRs/EMRs safeguarding regime rather than CASS. While the practical aim is similar - protect customer funds by keeping them separate and properly controlled - the legal requirements and terminology are different, so it’s important not to assume CASS applies just because you handle money.

A Quick “Red Flag” Test

Ask yourself:

• Do we ever receive money that belongs to a customer (even temporarily)?
• Do we hold money while waiting to execute a transaction or provide a service?
• Is customer money ever mixed with our operating cash?
• If we became insolvent tomorrow, would we have a clear, evidenced path to return customer funds?

If any of these are “yes” (or even “maybe”), it’s worth getting advice early - because the costs of re-building a messy setup later can be far higher than setting it up properly at the start.

Client Money Rules Explained: What CASS Requires In Practice

While CASS is detailed, most client money compliance comes down to a handful of core operational principles (where the rules apply to your firm and your activities).

1) Segregation: Keeping Client Money Separate

One of the most important CASS concepts is segregation - keeping client money separate from the firm’s own money.

In practice, this often involves using designated client bank accounts and ensuring internal accounting clearly distinguishes:

• money the business owns (fees, revenue, working capital), and
• money the business is merely holding for clients.

This separation is crucial because it helps reduce the risk that client money is used (even accidentally) for operating expenses, debt repayments, or other purposes.

2) The “Trust” Concept

CASS commonly treats client money as held on statutory trust. That doesn’t mean you need a bespoke trust deed for every customer - but it does mean client money has a special protected status in many cases.

This is one reason you need your customer contracts, disclosures, and procedures aligned: you don’t want your documents to imply the money is “yours” when it isn’t, or to promise timelines/processes you can’t operationally deliver.

3) Accurate Records And Reconciliations

CASS expects robust books and records, including regular reconciliations (checking that what your internal ledger says you hold for clients matches what is actually in the bank account, and investigating discrepancies quickly).

From a business perspective, this is where many compliance headaches live - not because the concept is hard, but because it requires:

• clean processes,
• clear ownership internally (who is responsible), and
• systems that can produce audit-ready evidence.

4) Clear Access Controls And Governance

“Client money” risk isn’t just a finance team issue. Regulators typically care about operational resilience and control: who can move money, how payments are approved, and what happens when something fails.

This means you should think about:

• dual authorisation for outbound transfers,
• segregation of duties (for example, the person reconciling isn’t the same person approving payments),
• documented procedures and staff training, and
• incident response processes if funds are misallocated.

5) Third Parties And Outsourcing

Many small businesses use third-party providers - payment processors, banking-as-a-service partners, platforms, or administrators.

Where CASS applies, it doesn’t disappear just because you outsource. You’ll still want to understand:

• who is the regulated entity (and who isn’t),
• who is legally holding the money at each stage, and
• what contractual rights you have if the provider fails to perform, becomes insolvent, or suffers a security incident.

This is where strong contracting is essential. A tailored Contract Review can help ensure you’re not accidentally taking on obligations you can’t meet (or missing the protections you’ll wish you had later).

CASS Compliance Steps: A Practical Checklist For UK Businesses

CASS compliance is a legal and operational project - not just a policy document. If you’re building or scaling a finance-related business, here’s a practical way to approach it.

1) Map Your Money Flows (Before You Draft Anything)

Start with a simple but detailed map of:

• where money comes from,
• whose money it is at each stage (client vs your revenue),
• where it sits (which accounts/providers), and
• when/why it moves.

This exercise often reveals issues early - like mixed funds, unclear timing, or contractual promises that don’t match reality.

2) Check Your FCA Position And Regulatory Perimeter

“Do we need CASS?” is often really a question about:

• whether your activities are regulated, and
• what permissions apply to you (or your partners), including whether you fall under CASS or an alternative regime (such as safeguarding under the PSRs/EMRs).

If you’re not sure, it’s worth speaking to a lawyer or compliance adviser early. Getting this wrong can lead to serious consequences - including needing to restructure your model after you’ve already onboarded customers.

3) Put The Right Customer-Facing Contracts In Place

Your customer contracts should clearly explain:

• what your service is (and isn’t),
• how and when you handle funds,
• fees, timing, and dispute processes, and
• any limitations and operational constraints (written carefully and fairly).

Even where CASS is the main regulatory focus, your general contract risk still matters. For example, appropriately drafted Limitation Of Liability terms can be key to managing commercial exposure (as long as they’re reasonable and enforceable).

If you sell B2B services in this space, you may also want consistent Terms Of Trade that align with how you actually deliver the service.

4) Align Your Data Protection Setup (Because Finance Always Involves Personal Data)

Most finance businesses process significant personal data: identity checks, bank details, transaction history, customer support records, and sometimes sensitive data depending on the product.

As you build your financial controls, also make sure your privacy compliance is in place - including a clear Privacy Policy and an appropriate Data Processing Schedule for suppliers handling personal data on your behalf.

This isn’t just a box-ticking exercise - it’s about reducing risk and building trust with customers, investors and partners.

5) Document Your Procedures And Train Your Team

Even great systems can fail if staff don’t understand the process.

At a minimum, you should document:

• how client money is received and recorded,
• how reconciliations are performed and reviewed,
• how corrections are handled (and who signs off),
• how money movements are approved, and
• what happens if there’s an incident (misallocation, suspected fraud, system downtime).

Once documented, train your team and keep training records. If you scale quickly, these basics are what stop operational chaos from turning into regulatory breach.

Common CASS Mistakes (And How To Avoid Them)

Many CASS problems start as business “shortcuts” - often taken with good intentions during a busy launch - that later become hard to unwind.

Mistake 1: Treating Client Money Like Revenue

If customer funds are used to pay operating expenses (even temporarily), you can quickly end up with a shortfall.

Fix: set up segregated accounts, proper ledgering, and clear internal rules about what can be paid from where.

Mistake 2: Vague Contract Terms About Payments And Timing

If your contract doesn’t clearly explain what happens when funds are received, held, delayed, or returned, you can get:

• customer disputes,
• chargebacks and complaints, and
• regulatory risk if your disclosures are misleading.

Fix: align your contract wording with your real operational process, and update when your model changes.

Mistake 3: Outsourcing Without Proper Oversight

Relying on third parties can be commercially smart - but it can increase your risk if you don’t have clear contractual protections and monitoring.

Fix: review supplier contracts carefully, clarify responsibilities, and ensure you can access needed records and reporting.

Mistake 4: Poor Evidence And Recordkeeping

You can be “doing the right thing” operationally, but if you can’t evidence it, you’re exposed.

Fix: build compliance into your tooling and reporting. Keep documented procedures and maintain an audit trail.

Mistake 5: Not Understanding How Formal Documents Must Be Executed

Some finance-related documents need extra care around signing - especially where deeds, guarantees, or formal variations are involved.

Fix: make sure you understand the mechanics of Executing Contracts correctly so documents are enforceable when you need them most.

Key Takeaways

• CASS is the FCA’s Client Assets Sourcebook, setting rules for certain FCA-authorised firms that hold or control client money or custody assets.
• CASS is operational, not just legal: where it applies, you need the right account setup, reconciliations, access controls, incident processes and evidence.
• Segregation is central - client money generally needs to be kept separate from your business funds, with accurate records and regular reconciliations.
• Your contracts and disclosures must match reality, especially around how you receive, hold, transfer and return funds, and what happens when something goes wrong.
• Third-party providers don’t remove responsibility - outsourcing can still leave you exposed if your contracts and oversight aren’t strong enough.
• Payment and e-money firms often follow safeguarding rules instead (under the PSRs/EMRs), so it’s important to confirm which regime applies to your model.

If you’d like help reviewing your finance business contracts or getting your legal foundations set up the right way, you can reach us at 08081347754 or team@sprintlaw.co.uk for a free, no-obligations chat.