FCA-Aligned Client Money Handling
FCA-Aligned Client Money Handling
The platform provides a full FCA-compliant client money management layer for Calmony accounts, built around the requirements of CASS 7 and RICS standards. Every account is ring-fenced per block, management fees are structurally prevented from commingling with client funds, and every compliance action is permanently recorded in an immutable audit log.
Overview
Client money handling is available at /dashboard/client-money. From this page you can:
- View your portfolio-wide FCA compliance status at a glance (RAG banner)
- Open and manage Calmony accounts for individual blocks
- Track ring-fencing, CASS acknowledgements, and reconciliation per account
- Review the immutable compliance audit trail for any account
- Use commingling validation before processing transactions
Prerequisites
Before you can open a client money account, your agent profile must have a valid FCA reference number on record. The platform enforces this at the router level — account creation will be rejected if no FCA registration is present.
Account Structure
Each block supports exactly two client money accounts:
| Type | Purpose |
|---|---|
| Main | Day-to-day service charge and client funds for the block |
| Reserve | Ring-fenced reserve / sinking fund for the block |
Having more than one account of the same type for the same block is prevented by the platform.
Account Lifecycle
Accounts progress through a defined set of statuses. Only valid transitions are accepted.
pending_application → pending_verification → active → suspended → closed
| Status | Meaning |
|---|---|
pending_application | Account application submitted, awaiting processing |
pending_verification | Application received, undergoing verification |
active | Account is open and operational |
suspended | Account temporarily restricted |
closed | Account permanently closed |
When an account transitions to active, ring-fencing is automatically confirmed on the record.
Compliance Rules
Ring-Fencing
Every client money account is ring-fenced per block. Ring-fence verification must be recorded by a principal user. The compliance checklist in the account detail view shows the current verification status.
Management Fee Exclusion
All accounts are created with managementFeeExcluded = true. This setting is permanent and cannot be disabled through the platform. The validateCommingling procedure enforces this at the transaction level — any attempt to deposit management fee income into a client money account is rejected and the rejection is written to the audit log.
CASS Acknowledgement (CASS 7.13.15R)
The CASS acknowledgement letter received date is tracked per account. Recording receipt of the letter requires principal user permission. The compliance summary banner shows how many active accounts have received their CASS letter.
RICS Compliance
All accounts are marked RICS-compliant by default.
Reconciliation
Reconciliation results can be recorded against any account by users with the financials.update permission. The compliance checklist shows whether the last reconciliation passed.
Compliance Summary (RAG Status)
The dashboard header shows a portfolio-wide compliance banner with one of three statuses:
| Status | Meaning |
|---|---|
| 🟢 Green — Compliant | All active accounts meet all compliance checks |
| 🟡 Amber — Action Required | One or more compliance checks are outstanding |
| 🔴 Red — Non-Compliant | Critical compliance failures require immediate attention |
The banner also lists specific issues and shows counts for active accounts, ring-fenced accounts, CASS letters received, and fee exclusion.
The agent's FCA reference number (or its absence) is displayed alongside the RAG status.
Account List — Compliance Indicator Dots
Each account row in the list displays four colour-coded indicator dots:
| Dot | Green when... |
|---|---|
| Ring-fence | isRingFenced = true |
| CASS | cassAcknowledgementReceived = true |
| Fee exclusion | managementFeeExcluded = true |
| Reconciliation | Last reconciliation passed |
Audit Trail
Every compliance action is recorded in an append-only client_money_audit_log table. The log covers 14 event types across the full account lifecycle. Records can never be updated or deleted.
The audit trail viewer in the account detail view displays events in chronological order. Each entry includes:
- Event type
- Status change (previous → new value, where applicable)
- Structured metadata
- Timestamp and acting user
All actions are also written to the platform-wide general audit log, providing a dual audit trail.
Permissions (RBAC)
| Permission | Actions |
|---|---|
financials.read | View accounts, compliance summary, audit trail, run commingling validation |
financials.create | Open new client money accounts |
financials.update | Update account details, record reconciliation results |
| Principal only | Change account status, verify ring-fence, record CASS acknowledgement |
Data Security
Sensitive banking details — sort code, account number, and IBAN — are encrypted at rest using AES-256-GCM. Decrypted values are only returned by the getById procedure and are never stored in plain text.
Both client_money_accounts and client_money_audit_log are scoped by org_id and covered by Row-Level Security (RLS) policies, ensuring complete data isolation between agents in the multi-tenant environment.
tRPC Procedure Reference
clientMoney.list
Returns a paginated list of client money accounts for the organisation.
Query parameters:
blockId(optional) — Filter by blockstatus(optional) — Filter by lifecycle statusaccountType(optional) — Filter bymainorreservelimit(optional) — Page size
Requires: financials.read
clientMoney.getById
Returns full details for a single account, including decrypted sort code, account number, and IBAN.
Requires: financials.read
clientMoney.create
Opens a new Calmony account for a block. Enforces FCA registration and the one-account-per-type-per-block rule.
Requires: financials.create
clientMoney.updateDetails
Updates Calmony account IDs and bank details. Banking fields are encrypted before storage.
Requires: financials.update
clientMoney.updateStatus
Transitions an account to a new lifecycle status. Only valid transitions are accepted. Ring-fencing is auto-confirmed on activation.
Requires: Principal
clientMoney.verifyRingFence
Records that ring-fence verification has been completed for an account.
Requires: Principal
clientMoney.recordCassAcknowledgement
Records receipt of the CASS acknowledgement letter for an account (CASS 7.13.15R).
Requires: Principal
clientMoney.recordReconciliation
Records the result of a reconciliation for an account.
Requires: financials.update
clientMoney.validateCommingling
Pre-transaction check. Returns an error and writes an audit log entry if the transaction would commingle management fee income with client funds.
Requires: financials.read
clientMoney.complianceSummary
Returns the portfolio-wide RAG status, issue list, and compliance metric counts.
Requires: financials.read
clientMoney.auditTrail
Returns the immutable, chronological compliance event log for a specific account.
Requires: financials.read