FCA censures CACEIS UK over WealthTek custody control failings

What happened

On 25 June 2026 the UK Financial Conduct Authority (FCA) publicly censured CACEIS Bank UK Branch. This is a public reprimand. It carries no financial penalty.

The FCA found that CACEIS UK failed to act on information that left clients exposed to the risk of financial crime. CACEIS UK became WealthTek’s sub-custodian in November 2020, responsible for keeping client assets safe. WealthTek was then known as Vertus Asset Management LLP. On three occasions CACEIS UK checked the Financial Services Register, which showed WealthTek was not authorised to hold certain client assets. It did not take sufficient action. The firm also did not spot that WealthTek was not allowed to hold client money.

CACEIS UK agreed to make a voluntary ex-gratia payment of 31.7 million pounds for the benefit of WealthTek’s clients. Of that, WealthTek’s administrators receive 30.9 million pounds and the Financial Services Compensation Scheme (FSCS) receives 0.8 million pounds. The 31.7 million pounds is a client payment, not a fine. Were it not for the firm’s cooperation and that payment, the FCA says it would have imposed a penalty of 23.09 million pounds, after a 30 percent discount for agreeing to settle. That penalty was avoided.

Why it matters

The failure here was not a missing control. It was an existing control that fired and got ignored. CACEIS UK looked at the public register three times and read evidence that its client could not legally hold the assets in question. The check worked. The response did not.

That gap is common and rarely caught. Anti-money laundering (AML) and know your customer (KYC) programmes generate signals that sit in a file with no owner and no trigger. A permissions mismatch on a regulated counterparty is one of the cleaner red flags a custodian can see, because the data is public and unambiguous. CACEIS UK is the third firm the FCA has reached over WealthTek. With action against CACEIS UK, Sapia Partners, and Barclays Bank UK, the regulator has now secured over 57 million pounds for WealthTek clients in just over a year.

The signal for the market is narrow and sharp. A custodian or sub-custodian that holds assets for a regulated firm owns the duty to confirm that firm is permitted to hold what it actually holds. Outsourcing the relationship does not outsource that duty.

Practitioner angle

Treat the Financial Services Register as a live control, not a one-time onboarding check. A counterparty’s permissions change. Re-check them on a defined cadence and on any trigger event, and log who reviewed the result.

• Define an escalation trigger for when a counterparty’s permissions do not match its activity. If the register says a firm cannot hold client money or certain assets, and your records show it doing exactly that, that mismatch routes to a named owner with a deadline, not to a file.
• For custodians and sub-custodians, reconcile what a client is permitted to hold against what it actually holds. Run the permitted set against the held set and break on any exception.
• Give every register hit a clear owner, a required action, and a closure record. A check that nobody acts on is the failure the FCA penalised here.

The single most important action: reconcile each regulated counterparty’s actual holdings against its register permissions now, and escalate every mismatch to a named owner with a deadline.