The U.K. Financial Conduct Authority (FCA) on Monday fined Charles Schwab U.K. (CSUK) approximately £9 million (U.S. $12 million) for compliance failures related to the protection of client assets.

The deficiencies at CSUK noted by the FCA in handing down its penalty did not result in loss of client money but did put all retail customers at risk, the organization stated. “Firms, including newly established businesses or firms coming into the U.K. from overseas, are responsible for ensuring they comply with our rules and are expected to make sure they have the right protections in place,” said Mark Steward, executive director of Enforcement and Market Oversight at the FCA, in a press release.

According to the FCA, between August 2017 and April 2019, CSUK swept U.K. client money across to its U.S.-based affiliate, Charles Schwab & Co., where it was held in a general pool containing both firm and client (U.K. and non-U.K.) money. In doing so, CSUK failed to arrange adequate protection for its clients’ assets under U.K. rules by not having the right records and accounts to identify its customers’ client assets; not undertaking internal or external reconciliations for its customers’ client assets; not having adequate organizational arrangements to safeguard client assets; and not maintaining a resolution pack, which would help to ensure a timely return of client assets in the event of insolvency.

“The Authority requires firms to ensure that client assets are adequately protected at all times,” the FCA stated in its final notice.

The FCA further said CSUK “did not at all times have permission to safeguard and administer custody assets and failed to notify the FCA of the breach when applying for the correct permission,” thus resulting in false statements made by CSUK to the regulator.

The penalty was reduced by 30 percent from approximately £12.8 million (U.S. $17.3 million) in recognition of CSUK’s remediation efforts, which included the engagement of professional advisors and specialist contractors to provide additional compliance support, introduction of a risk assessment, and the amending of the practices that violated U.K. rules.