On 29 January 2014, IOSCO published its final report on recommendations regarding the protection of client assets. The report contains eight principles that provide guidance to regulators on how to enhance their supervision of intermediaries holding client assets by clarifying the roles of the intermediary and the regulator in protecting those assets.


An intermediary should maintain accurate and up-to-date records and accounts of client assets that readily establish the precise nature, amount, location and ownership status of client assets and the clients for whom the assets are held. The records should also be maintained in such a way that they may be used as an audit trail.


An intermediary should provide a statement to each client on a regular basis detailing the client assets held for or on behalf of such client.

Safeguarding arrangements

An intermediary should maintain appropriate arrangements to safeguard the clients' rights in client assets and minimise the risk of loss and misuse.

Foreign regime compliance

Where an intermediary places or deposits client assets in a foreign jurisdiction, the intermediary should understand and take into account the foreign regime to the extent necessary to achieve compliance with applicable domestic requirements.

Adequate disclosure

An intermediary should ensure that there is clarity and transparency in the disclosure of the relevant client asset protection regime(s) and arrangements and the consequent risks involved.

Client opt-out

Where the regulatory regime permits clients to waive or to modify the degree of protection applicable to client assets or otherwise to opt out of the application of the client asset protection regime, such arrangements should be subject to the following safeguards:

  • The arrangement should only take place with the client's explicit, recorded consent.
  • Before such consent is obtained, the intermediary should ensure that the client has been provided with a clear and understandable disclosure of the implications and risks of giving such consent.
  • If such arrangements are limited to particular categories of clients, clear criteria delineating those clients that fall within such categories should be defined.

Regulator oversight

Regulators should oversee intermediaries' compliance with the applicable domestic requirements to safeguard client assets.

Information available to regulator

Where an intermediary places or deposits client assets in a foreign jurisdiction, the regulator should, to the extent necessary to perform its supervisory responsibilities concerning applicable domestic requirements, consider information sources that may be available to it, including information provided to it by the intermediaries it regulates and assistance from local regulators in the foreign jurisdiction.