Browse Certification Practice Tests by Exam Family

CIRO Director Practice Test

Practice CIRO Director with free sample questions, timed mock exams, topic drills, and detailed answer explanations in Securities Prep.

The CIRO Director and Executive Exam rewards candidates who can think like a director or senior executive, challenge material risks, and connect governance duties to remediation, reporting, and ethical oversight. If you are searching for CIRO Director and Executive Exam sample questions, a practice test, mock exam, or simulator, this is the main Securities Prep page to start on web and continue on iOS or Android with the same account. This page includes 24 sample questions with detailed explanations so you can try the exam style before opening the full app question bank.

Interactive Practice Center

Start a practice session for CIRO Director below, or open the full app in a new tab. For the best experience, open the full app in a new tab and navigate with swipes/gestures or the mouse wheel—just like on your phone or tablet.

Open Full App in a New Tab

A small set of questions is available for free preview. Subscribers can unlock full access by signing in with the same account they use on web and mobile.

Prefer to practice on your phone or tablet? Download the Securities Prep app:

Securities Prep iOS app QR code (Canada)
Scan for iOS (Canada)
Securities Prep Android app QR code (Canada)
Scan for Android (Canada)

If you already subscribed on web or mobile, sign in with the same account here to continue on desktop.

What this CIRO Director and Executive practice page gives you

  • a direct route into the Securities Prep simulator for the CIRO Director and Executive exam
  • targeted practice around governance, oversight, internal controls, significant risk areas, and senior accountability
  • detailed explanations that show why the strongest answer is the most defensible board- or executive-level response
  • a clear free-preview path before you subscribe
  • the same subscription across web and mobile

CIRO Director and Executive exam snapshot

  • Regulator: CIRO
  • Exam: Director and Executive Exam
  • Format: 75 multiple-choice questions in 150 minutes
  • Pacing target: about 120 seconds per question
  • Readiness benchmark: aim to pass several timed mixed sets or mock exams at 75%+ before booking

Topic coverage for CIRO Director and Executive practice

  • Business model and distribution context: investment dealer business model, offering and distribution, and risk-setting decisions
  • Governance and duties: corporate governance, ethics, duties, liabilities, and defenses
  • Risk and internal controls: risk management, internal controls, and significant areas of firm-level exposure
  • Senior accountability: UDP responsibilities, executive oversight, escalation expectations, and remediation judgment

How CIRO Director differs from similar routes

If you are choosing between…Main distinction
CIRO Director vs CIRO CCOCIRO Director is board, governance, and UDP-level oversight; CIRO CCO is enterprise compliance-program leadership.
CIRO Director vs CIRO CFOCIRO Director is board and executive oversight; CIRO CFO is prudential finance, capital, and reporting ownership.
CIRO Director vs CIRO SupervisorCIRO Director is governance and senior accountability; CIRO Supervisor is day-to-day branch and account-review control.
CIRO Director vs CIRECIRO Director is senior-governance coverage; CIRE is the broader current dealer baseline.

How to use the CIRO Director and Executive simulator efficiently

  1. Start with governance, risk, and UDP-accountability drills so the senior-officer perspective becomes clear.
  2. Review every miss until you can explain whether the right answer is to challenge, oversee, remediate, escalate, or report.
  3. Move into mixed sets once you can shift between governance, ethics, and risk scenarios without reverting to branch-level thinking.
  4. Finish with timed runs so strategic scenario questions feel controlled instead of abstract.

Free preview vs premium

  • Free preview: 24 public sample questions on this page plus the web app entry so you can validate the question style and explanation depth.
  • Premium: the full CIRO Director practice bank, focused drills, mixed sets, timed mock exams, detailed explanations, and progress tracking across web and mobile.

Focused sample questions

Use these child pages when you want focused Securities Prep practice before returning to mixed sets and timed mocks.

Free review resources

Use these free SecuritiesMastery.com resources for concept review, then return to this page when you are ready to practice in Securities Prep.

Current sample-question status

  • Live now: this exact practice route is available in Securities Prep on web, iOS, and Android.

  • On-page sample set: this page includes 24 public sample questions from the current practice coverage.

  • Full app: open the Securities Prep web app or mobile app for broader timed coverage.

  • Live now: this exact practice route is available in Securities Prep on web, iOS, and Android.

  • On-page sample set: this page includes 24 public sample questions from the current practice coverage.

  • Full app: open the Securities Prep web app or mobile app for broader timed coverage.

Good next pages after CIRO Director

  • CIRO CCO if you want the enterprise compliance-leadership page beside the governance route
  • CIRO CFO if you want the prudential-finance leadership page beside board oversight
  • CIRO Supervisor if you want the operational supervisory-control page beside senior governance coverage
  • CIRO if you want the broader Canada dealer-route map first

24 CIRO Director sample questions with detailed explanations

These sample questions cover multiple blueprint areas for CIRO Director. Use them to check your readiness here, then move into the full Securities Prep question bank for broader timed coverage.

Question 1

Topic: Element 4 — Corporate governance and ethics

The UDP of an Investment Dealer learns that one of the firm’s advisors accepted a $25,000 personal loan from a 74-year-old retail client. The advisor has no family or other close personal relationship with the client, and the client says the loan was voluntary and private. Which response by the firm is NOT appropriate?

  • A. Restrict the advisor’s further contact with the client during the review
  • B. Use an independent supervisor to confirm the facts with the client
  • C. Let the arrangement continue if both parties sign written consent
  • D. Escalate the matter, document it, and assess reporting and remediation

Best answer: C

Explanation: The inappropriate response is to allow the personal loan to continue based on consent. In a client-advisor relationship with no outside close relationship, consent does not remove the conflict of interest or the client-protection concern, so the firm should investigate and protect the client instead.

Personal financial dealings between firm staff and clients create serious conflict-of-interest and client-protection risks. Borrowing from an older retail client where there is no family or other close personal relationship is not something the firm should legitimize with a consent form. The proper governance and compliance response is to protect the client first, investigate independently, and escalate the matter.

Reasonable steps include limiting the advisor’s further involvement with the client while facts are reviewed, confirming the facts directly with the client through someone independent of the advisor, documenting the issue, and assessing remediation and any reporting obligations. The key point is that disclosure or consent does not by itself make a conflicted personal loan acceptable.

Question 2

Topic: Element 3 — Offering and distribution of securities

All amounts are in CAD.

A Director is asked to approve a bought-deal equity underwriting for an issuer. Treasury estimates the commitment will use $55 million of regulatory capital at pricing, and margin could rise by another $18 million before closing if volatility increases. The firm’s excess capital above its internal floor is $66 million. The draft agreement has customary termination language, and the standard-form new issue letter to selling-group members will be finalized tomorrow. What is the primary red flag?

  • A. Termination language may not cover every adverse market event.
  • B. Insufficient capital buffer for the commitment and possible margin calls.
  • C. Due diligence records may need more support for statutory defences.
  • D. Delayed new issue letters may slow selling-group confirmations.

Best answer: B

Explanation: The key issue is capital capacity, not documentation. On the stated numbers, expected capital usage plus possible margin is $73 million, which is greater than the firm’s $66 million buffer above its internal floor.

For a bought-deal underwriting, senior management and the Board should first confirm that the firm can carry the commitment without creating a capital or liquidity problem. Here, the memo already shows a clear headroom issue.

  • Estimated capital usage at pricing: $55 million
  • Potential additional margin before closing: $18 million
  • Total potential strain: $73 million
  • Excess capital above internal floor: $66 million

Because the potential strain exceeds the available buffer, the underwriting should be resized, syndicated differently, or declined before approval. Termination clauses, due diligence for statutory defences, and the standard-form new issue letter are all important, but none of them cures an immediate inability to support the commitment financially.

Question 3

Topic: Element 2 — Investment Dealer business model and related areas

The board of a Canadian investment dealer is reviewing a proposal to launch a bespoke OTC equity-derivatives desk for institutional clients. The memo says traders would produce initial prices and month-end marks, the current risk team has experience only with listed options, and a model-validation hire would be delayed until the business scales. Bonuses would be linked partly to desk revenue, and capital is currently above internal targets. What is the most important red flag?

  • A. Relying initially on a small institutional client base
  • B. Potential capital volatility as the desk grows
  • C. Launching without independent valuation and OTC risk oversight
  • D. Tying part of compensation to desk revenue

Best answer: C

Explanation: The key issue is that the firm wants to take on bespoke OTC derivatives risk before building the independent control infrastructure needed to value, challenge, and monitor it. For Directors and Executives, that is the clearest sign that resources and risk appetite are not aligned with the proposed business.

Bespoke OTC derivatives are harder to price, validate, hedge, and monitor than listed options. In the scenario, the front office would generate its own marks, the existing risk team lacks relevant OTC experience, and model validation is being postponed. That combination is the primary governance red flag because the dealer would be assuming complex risk before establishing the independent controls and expertise needed to measure it reliably.

A Board or Executive should expect core safeguards to exist before launch, including:

  • independent valuation or price verification
  • model governance and validation
  • derivatives-specific second-line risk oversight
  • limits and escalation aligned with risk appetite

Compensation design, client concentration, and future capital effects matter, but they are secondary to the basic question of whether the firm can independently understand and control the risk it plans to book.

Question 4

Topic: Element 1 — General regulatory framework

An Investment Dealer that participates in OBSI is revising its client complaint framework. The board package says:

  • all complaints go to the CCO and are tracked centrally;
  • the firm aims to send a substantive response within 60 days;
  • quarterly complaint metrics go to the Conduct Committee; and
  • final response letters tell dissatisfied clients they may contact CIRO.

Which missing element is the most significant deficiency in the package?

  • A. An OBSI notice and referral process for eligible unresolved complaints
  • B. Annual director training on complaint-handling themes
  • C. A dashboard split by retail and institutional complaints
  • D. Peer benchmarking of complaint rates and resolution outcomes

Best answer: A

Explanation: Because the firm participates in OBSI, its complaint framework must include a process to inform eligible clients about OBSI and allow unresolved complaints to go to that independent ombuds service. A board package that points dissatisfied clients only to CIRO misses the key outside-CIRO redress mechanism.

The core issue is whether the board package recognizes the role of the correct external body. CIRO oversees dealer conduct, but OBSI is the independent ombuds service used for eligible client complaints. If the dealer participates in OBSI, management should build that external escalation into policy, complaint-response templates, and procedures for unresolved complaints. Directors and Executives should challenge any framework that treats CIRO as the only outside avenue, because that does not substitute for the firm’s OBSI complaint-handling obligations.

Better analytics or governance enhancements can improve oversight, but they do not fix the missing external dispute-resolution path. The key takeaway is that senior leaders must ensure the firm’s complaint framework properly addresses relevant bodies outside CIRO when the facts require it.

Question 5

Topic: Element 2 — Investment Dealer business model and related areas

An Investment Dealer’s Board is reviewing a retail advisor compensation proposal.

Exhibit: Compensation Committee extract

  • Objective: recruit experienced advisors and tie pay to revenue generated.
  • All amounts are in CAD.
  • Payouts: 30% on most securities; 45% on proprietary structured notes.
  • Bonus: extra 10% if quarterly gross commissions exceed 250,000.
  • Client disclosure draft: “Your advisor may receive transaction-based compensation.”
  • Supervision: monthly exception reports on switches and concentration; no monitoring of early redemptions or product-specific sales patterns.

Based on the exhibit, which action is best supported before approval?

  • A. Approve if advisors annually attest to understanding the plan.
  • B. Approve as proposed because generic commission disclosure is sufficient.
  • C. Remove only the quarterly bonus, then approve the plan.
  • D. Keep commissions, but strengthen conflict controls, monitoring, and disclosure.

Best answer: D

Explanation: Commission-based compensation can be a legitimate business tool, and the exhibit shows a valid recruitment and revenue objective. But higher payouts on proprietary products, a production bonus, generic disclosure, and limited monitoring create conflict risk that the Board should require management to address before approving the plan.

Commission-based compensation can help an Investment Dealer recruit entrepreneurial advisors and align pay with business generation, but it also creates conflicts because compensation rises with trading activity or with sales of certain products. Here, the higher payout on proprietary structured notes and the quarterly production bonus increase the risk of biased recommendations, switching, concentration, or short-holding sales, while the disclosure draft is too generic to explain the conflict meaningfully. Before approving the plan, the Board should require a stronger conflict framework, such as:

  • a clear justification for any differential payout or a more neutral payout design
  • targeted monitoring of product mix, early redemptions, and sales patterns
  • disclosure and supervisory escalation that match the actual incentives

A valid growth objective does not remove the need to address compensation conflicts in the client’s best interest.

Question 6

Topic: Element 6 — Risk management and internal controls

An Investment Dealer’s board risk committee is asked to close an internal-audit finding on concentration risk in its margin lending book. Management says the desk stayed ‘within limits’ and provides only an end-of-quarter dashboard marked green, even though the finding stated that breaches were to be captured daily and escalated the same day to the CRO and UDP. Before approving closure, what should the committee verify first?

  • A. Whether comparable dealers use similar concentration limits
  • B. Whether the board recently reapproved the firm’s risk appetite statement
  • C. Whether the desk expects lower concentration levels next quarter
  • D. Whether daily exception reports and escalation logs show timely breach detection and reporting

Best answer: D

Explanation: The key issue is whether the control actually worked over time. A green quarter-end dashboard does not prove that daily breaches were identified, investigated, and escalated when required, so the committee should first verify the exception and escalation evidence.

This is a risk-monitoring and risk-reporting question, not a strategy or policy-refresh question. When an audit finding says breaches must be captured daily and escalated the same day, the committee cannot rely on a point-in-time summary to close the matter. It should first confirm operating evidence that the control worked across the full period.

The most important evidence is:

  • daily exception reports
  • breach logs
  • investigation records
  • timely escalation records to the CRO and UDP

That evidence shows whether monitoring occurred when exposures moved and whether reporting reached the right senior officers. Reapproving appetite or comparing limits to peers may matter later, but neither proves the control operated effectively.

Question 7

Topic: Element 5 — Duties, liabilities and defences

A CIRO-regulated Investment Dealer’s board has approved a strategy to expand digital onboarding. The COO receives, through his role, a confidential approach from the owner of a software vendor that fits that strategy. Before raising it internally, he forms a private company with his spouse to buy the vendor himself.

Exhibit: Governance policy excerpt

  • Business opportunities discovered through a Director’s or Executive’s position that are reasonably related to the firm’s strategy must first be offered to the firm.
  • Confidential information and due diligence materials may be used only for firm purposes.
  • Any personal interest in a potential vendor or acquisition target must be disclosed promptly, and the individual must not influence the firm’s consideration.

Based on the exhibit, what is the only supported action?

  • A. Buy the vendor first and disclose the conflict afterward.
  • B. Share the materials with his spouse because no exclusivity exists.
  • C. Disclose immediately, halt personal pursuit unless declined, and recuse.
  • D. Continue bidding personally if he abstains from the final decision.

Best answer: C

Explanation: The vendor opportunity came to the COO through his position, matches an approved corporate objective, and is supported by confidential information. That makes it a firm opportunity first, so he must disclose the conflict promptly, stop pursuing it personally unless the firm declines it, and remove himself from the firm’s review.

This is a fiduciary duty and corporate opportunity issue. Directors and Executives must use corporate information and opportunities for the firm’s benefit, not for personal gain, especially when the opportunity is connected to an approved strategy. Here, the board has already approved digital onboarding as a corporate objective, and the vendor approach reached the COO in confidence because of his role.

That means the proper response is to:

  • disclose the personal interest immediately
  • stop using the information for a personal bid
  • avoid influencing the firm’s assessment by recusing

Abstaining only at the final vote is too late, and after-the-fact disclosure does not cure taking a firm opportunity for personal benefit. The key takeaway is that fiduciary duty applies before any personal pursuit begins, not only when a formal approval decision is made.

Question 8

Topic: Element 4 — Corporate governance and ethics

An Investment Dealer plans to launch a proprietary income fund that pays representatives materially more than comparable third-party funds. The UDP tells the board this creates a material conflict of interest. Which response is NOT consistent with CIRO conflict of interest requirements?

  • A. Give clear conflict disclosure before clients act.
  • B. Restrict recommendations if the conflict cannot be addressed properly.
  • C. Rely only on disclosure and client acknowledgements.
  • D. Reduce compensation bias and add targeted supervisory controls.

Best answer: C

Explanation: The inaccurate response is to treat disclosure and client acknowledgement as enough. Under CIRO requirements, a material conflict must be addressed in the best interest of the client through avoidance or effective controls, with disclosure as a supporting measure rather than the full solution.

CIRO expects firms to identify existing and reasonably foreseeable material conflicts and address them in the best interest of the client. For a proprietary product that pays materially higher compensation, the firm should use controls such as compensation design, supervision, product governance, and limits on when recommendations can be made. If the conflict cannot be adequately addressed in the best interest of the client, the firm should avoid it or stop the conflicted activity. Disclosure remains important because clients should be told about material conflicts in a timely and meaningful way, but disclosure does not replace proper conflict management. A client acknowledgement does not make an unmanaged material conflict acceptable. The key takeaway is that firms cannot simply disclose away a material conflict.

Question 9

Topic: Element 7 — Significant areas of risk

At an Investment Dealer, the Board risk committee learns that client asset segregation exceptions have recurred for three months. The COO says the issue is operationally manageable, but management has missed two remediation dates and the same team that owns the process continues to assess its own controls. Which governance action best addresses this unmanaged significant risk area?

  • A. Require an independent control review, assign an executive owner, set dated remediation milestones, and mandate progress reporting to the Board committee
  • B. Ask the operations team to complete another self-assessment before any committee escalation
  • C. Accept management’s assurance and revisit the issue at the next annual risk appetite review
  • D. Defer action until internal audit’s regularly scheduled review later in the year

Best answer: A

Explanation: A recurring segregation exception is a significant risk area that is no longer being adequately managed through routine operations. The strongest governance response is the one that introduces independent challenge, names an accountable executive, fixes deadlines, and keeps the Board committee informed until remediation is complete.

The core governance issue is not just that a control failed, but that the failure is recurring and management’s existing response has already proven ineffective. When a significant risk area remains unmanaged, senior leadership should move from passive monitoring to active oversight with clear escalation. The best response is to require an independent review of the control environment, assign a specific executive as remediation owner, approve measurable milestones, and require reporting back to the Board committee.

This approach addresses the decisive differentiator in the scenario: independence plus accountability. The process owner should not be the only party assessing its own weakness, and repeated missed deadlines mean the committee needs structured follow-up. Waiting for a routine review cycle or relying on more self-assessment leaves the same unmanaged risk in place.

Question 10

Topic: Element 2 — Investment Dealer business model and related areas

The board of a Canadian Investment Dealer is comparing two new institutional derivatives businesses. One desk will execute standardized futures on an exchange with central clearing. The other will enter into bilateral, customized commodity forwards with corporate hedgers. Assuming both are otherwise approved, which oversight requirement is more important for the forward desk because of the products’ key structural difference?

  • A. Establish bilateral credit limits, collateral terms, and close-out rights.
  • B. Set procedures for clearinghouse margin calls and exchange position limits.
  • C. Approve disclosures on option Greeks and time decay.
  • D. Require retail CFD leverage warnings and negative-balance controls.

Best answer: A

Explanation: Customized forwards are OTC bilateral contracts, so the dealer faces direct counterparty and collateral risk that central clearing largely removes for listed futures. Board oversight should therefore emphasize credit approval, collateral terms, legal protections, and close-out rights for the forward business.

The key concept is the structural difference between exchange-traded, centrally cleared derivatives and bilateral OTC derivatives. Standardized futures are cleared through a clearinghouse, which becomes the counterparty and manages daily margining under exchange rules. Customized forwards are bilateral contracts between the dealer and the client, so the firm must directly manage counterparty credit exposure, collateral arrangements, documentation, valuation, and enforceable close-out rights. At the board or executive level, that means stronger oversight of credit limits and collateral governance for the forward activity.

The closest trap is the clearinghouse-margin response, but that is more characteristic of the futures business than of bilateral forwards.

Question 11

Topic: Element 8 — Ultimate Designated Person (UDP) responsibilities

A UDP receives an examination report that cites weaknesses in net capital calculations, segregation of client assets, and unresolved books-and-records breaks. Which examination stream does this report most closely match?

  • A. CIRO Trading Conduct Compliance examination
  • B. CIRO Business Conduct Compliance examination
  • C. FINTRAC examination
  • D. CIRO Financial and Operations examination

Best answer: D

Explanation: This matches a CIRO Financial and Operations examination because the findings concern capital, segregation of client assets, and books and records. For a UDP, those issues signal prudential and control weaknesses that require prompt remediation and follow-up.

FinOps reports focus on the firm’s financial resilience and operational control environment, not client-facing sales conduct or trading conduct. Findings on net capital calculations, segregation of client assets, and unresolved books-and-records breaks go directly to the firm’s ability to safeguard client property and remain within prudential requirements.

A UDP should treat this type of report as a senior oversight matter by:

  • confirming root causes and affected processes
  • assigning accountable owners in finance and operations
  • monitoring interim risk controls and escalation
  • verifying that remediation is completed and tested

By contrast, BCC reports usually centre on suitability, conflicts, and complaint handling, while TCC reports focus on trading supervision and market conduct. FINTRAC examinations instead assess the AML/ATF compliance program.

Question 12

Topic: Element 1 — General regulatory framework

Under the PCMLTFA framework, which responsibility best reflects Director or Executive oversight of an Investment Dealer’s AML compliance program?

  • A. Relying on the AML compliance officer unless a breach is found.
  • B. Ensuring controls for AML training, client due diligence, and business-relationship records are resourced, monitored, and remediated.
  • C. Focusing mainly on filed reports instead of control effectiveness.
  • D. Personally verifying higher-risk clients and keeping the records.

Best answer: B

Explanation: Director and Executive AML oversight is a governance responsibility, not a front-line operating task. Senior leaders should ensure the firm’s training, client due diligence, and business-relationship record-keeping controls are properly designed, resourced, monitored, and remediated.

Under Canada’s AML regime, senior leadership oversight is about the effectiveness of the firm’s compliance program. Directors and Executives should make sure the dealer has adequate AML resources, receives meaningful reporting, and challenges whether core controls are working in practice. That includes employee training, client identification and due diligence, and the records that support business relationships and ongoing monitoring. When testing, exceptions, or internal reviews show weaknesses, leadership should require timely remediation and follow-up. This role is different from day-to-day execution: staff and designated compliance personnel perform the operational tasks, but senior leadership remains responsible for overseeing whether the overall AML framework is effective.

Question 13

Topic: Element 8 — Ultimate Designated Person (UDP) responsibilities

An Investment Dealer entered CIRO early warning two weeks ago after trading losses. The CFO now asks the UDP to support a $500,000 cash transfer to the parent, saying recent market gains have “fixed the problem.” Before supporting the transfer or telling the board the issue is resolved, what should the UDP verify first?

  • A. Next quarter revenue forecast from the corporate finance group
  • B. Updated summary of complaints, privacy incidents, and cyber events
  • C. Board minutes authorizing the parent cash transfer
  • D. Latest capital working papers and pro forma report showing positive risk-adjusted capital after the transfer

Best answer: D

Explanation: The first issue is whether the dealer’s current and pro forma regulatory capital remains positive after the proposed transfer. For a firm in early warning, the UDP should verify capital evidence before relying on management assurances, board process, or broader business forecasts.

Under CIRO early warning oversight, the UDP cannot treat a capital issue as resolved based only on management optimism or improving markets. The first verification is the dealer’s current regulatory capital evidence, together with a pro forma calculation reflecting the proposed cash transfer. That is what shows whether risk-adjusted capital remains positive and whether the transfer could worsen or prolong the firm’s early warning position. Other information may still matter to governance and oversight, but it is secondary until the capital position is confirmed. Board approval is a process step, not proof that the transfer is prudent or permissible from a capital perspective.

Question 14

Topic: Element 4 — Corporate governance and ethics

An Investment Dealer is expanding into underwriting and direct electronic access. Its five-member Board consists of the CEO, CFO, President of Capital Markets, the controlling shareholder, and one independent director. The CEO proposes that management committees oversee risk and compliance, with the CFO chairing both the audit and risk committees and the Board receiving an annual summary. Which Board action best aligns with effective corporate governance?

  • A. Add qualified independent directors and written Board and committee mandates that keep oversight separate from management execution.
  • B. Appoint the CFO to chair audit and risk committees because those issues overlap.
  • C. Delegate risk and compliance matters to management committees, with the Board reviewing an annual report.
  • D. Keep the current Board, but require quarterly certifications and an annual governance self-assessment.

Best answer: A

Explanation: Effective governance requires a Board that is sufficiently independent, appropriately qualified, and guided by clear mandates. Reconstituting the Board and its committees so independent directors oversee management, rather than management overseeing itself, best addresses the composition, delegation, and segregation-of-duties weaknesses in the scenario.

The core issue is that the proposed structure blurs oversight and execution. A Board dominated by executives and a controlling shareholder should not rely mainly on management committees and management-led Board committees for objective challenge on audit, risk, and compliance matters. Effective governance calls for enough independent directors with relevant dealer, finance, risk, or compliance experience, plus clear Board and committee mandates that delegate detailed review without transferring the Board’s ultimate accountability. Management should run the business and implement controls; the Board and its committees should oversee, question, and monitor that work. Extra certifications or annual summaries may help documentation, but they do not fix the structural conflict created when management is effectively overseeing itself.

Question 15

Topic: Element 2 — Investment Dealer business model and related areas

A Canadian Investment Dealer’s board is comparing two growth proposals. One would expand block-trading services for pension funds with negotiated commission rebates. The other would distribute a new proprietary autocallable note through the firm’s full-service retail channel and pay advisers a temporary bonus for meeting sales targets. Which board response best fits the decisive retail-client differentiator in the second proposal?

  • A. Approve if issuer counsel confirms the offering documents are complete.
  • B. Require KYP, suitability, clear disclosure, and incentive-conflict controls.
  • C. Apply the same oversight used for institutional commission rebate proposals.
  • D. Launch first and reassess only if complaints or sales concentrations emerge.

Best answer: B

Explanation: Retail clients can be an important growth opportunity, but they usually require stronger conduct controls than institutional clients, especially when products are complex and compensation may influence recommendations. For a full-service retail launch, the board should expect evidence of KYP, suitability support, clear client disclosure, and review of incentive-driven conflicts before approval.

The core concept is that retail business often carries different risks and requirements from institutional business, even when both are profitable opportunities. Here, the decisive factor is that a complex proprietary note is being sold through a full-service retail channel with temporary sales bonuses. That combination raises retail-specific concerns about product understanding, suitability, fair treatment, and conflicts of interest.

A sound board response is to require preventive controls before launch, including:

  • product due diligence and KYP support
  • clear disclosure that retail clients can understand
  • supervisory tools for suitability assessments
  • review of whether compensation could bias recommendations

By contrast, pension funds typically negotiate terms with greater resources and expertise, so the oversight approach is not identical. Legal document completeness alone is not enough, and complaint monitoring is a back-end control, not the primary safeguard.

Question 16

Topic: Element 6 — Risk management and internal controls

The Board of a Canadian Investment Dealer wants one committee to meet with the external auditor, review the audited annual financial statements, and monitor management’s remediation of material control deficiencies identified during the audit. Which Board committee best matches that mandate?

  • A. Audit committee
  • B. Conduct review committee
  • C. Compensation committee
  • D. Risk committee

Best answer: A

Explanation: The audit committee is the Board committee primarily responsible for overseeing the external auditor and the integrity of audited financial reporting. It also commonly tracks management’s response to control deficiencies identified through the audit so the Board receives structured follow-up on remediation.

In this scenario, the Board needs the committee that sits at the intersection of external assurance, financial reporting, and control follow-up. That is the audit committee. Its core role is to oversee the external auditor’s independence and work, review audited annual financial statements before Board approval, and challenge management on significant control issues raised in the audit. When deficiencies are identified, the audit committee typically expects timelines, testing, and status reporting on remediation so it can assess whether management’s response is adequate. A risk committee may oversee enterprise risks more broadly, but the formal Board oversight of the external auditor and audited reporting normally belongs with the audit committee.

Question 17

Topic: Element 4 — Corporate governance and ethics

At a board risk committee meeting, Maple Securities reports that it is confidentially advising Aurora Mining on a takeover and expects to underwrite Aurora debt if the deal proceeds. Aurora was placed on the firm’s grey list. Because the document system uses broad default permissions, a metals research analyst could open the banking workspace and read draft board materials. The analyst’s credentials were reset after a phishing attempt, and IT found no sign of external access. The head of capital markets proposes continuing research coverage until public announcement, with added banking-conflict disclosure in the next note. Which red flag matters most?

  • A. Inadequate cybersecurity training after the phishing attempt.
  • B. Inadequate conflict disclosure in the next Aurora research note.
  • C. Inadequate information barriers, including no restricted-list escalation.
  • D. Inadequate board reporting on the confidential mandate.

Best answer: C

Explanation: The main issue is failure to contain material non-public information after a research analyst accessed banking documents. A grey list and added disclosure are not enough once contamination has occurred; the firm should tighten access and restrict affected activity.

The core concept is containment of MNPI through effective information barriers. A grey list can support heightened monitoring, but it does not solve an actual breach of the wall. Here, a research analyst accessed draft board materials from the banking side, so the firm has a live barrier failure. Management should immediately review who was exposed, remove unnecessary system access on a least-privilege basis, and apply restricted-list controls to research and any other affected activity as needed.

Enhanced research disclosure addresses conflicts of interest, not possession of MNPI. The phishing attempt still matters from a cybersecurity perspective, but the facts say credentials were reset and there is no sign of external access, making it secondary to the internal contamination already identified. The key takeaway is that disclosure cannot substitute for real firewalls and access controls.

Question 18

Topic: Element 4 — Corporate governance and ethics

Harbourfront Capital, a Canadian Investment Dealer, is expanding from execution-only brokerage into issuer underwriting and principal trading. Its seven-member Board will lose its only independent director with deep audit expertise next month. The Board mandate has not been updated for the new business lines, and the CEO currently chairs one combined audit, risk, and conduct committee. Management wants to replace the retiring director with the principal of a client family office that regularly invests in Harbourfront-led offerings and wants an audit committee seat. What is the single best governance response?

  • A. Let management and the UDP launch the new lines first, with quarterly Board reports before later governance changes.
  • B. Recruit an independent qualified director, refresh the mandate so new-business approval stays with the Board, and use independent chairs for audit and risk.
  • C. Refresh the Board mandate, but keep the CEO chairing the combined oversight committee during the rollout.
  • D. Appoint the client principal, require recusal on offering files, and keep the CEO-led combined committee.

Best answer: B

Explanation: Effective governance should change when an Investment Dealer adds riskier business lines. The Board should refresh its mandate, keep approval of major new activities at the Board level, and use independent, qualified oversight rather than a CEO-led committee or a director with recurring offering conflicts.

Effective corporate governance requires the Board’s composition and committee structure to match the firm’s changing risk profile. Here, underwriting and principal trading increase financial, conduct, and conflict risk, so the Board should refresh its mandate and clearly reserve approval and oversight of the new business lines to the Board. Committee delegation can help, but it does not replace Board accountability. Audit and risk oversight should be led by independent, qualified directors rather than the CEO, because management should be supervised, not chair the supervision. A client family-office principal who regularly participates in the firm’s offerings may bring market knowledge, but recurring deal-related conflicts make that person a poor audit committee choice. Recusal alone is too narrow to solve a structural governance weakness.

Question 19

Topic: Element 3 — Offering and distribution of securities

An Investment Dealer is acting as agent for a reporting issuer’s private placement. The board package states that no prospectus will be filed because the financing will use prospectus exemptions. The file contains the term sheet, board resolutions, draft news release, and a purchaser list, but it does not show which exemption will be relied on for each purchaser or retain purchaser representations or other eligibility support. What is the most important deficiency before closing?

  • A. A committee review of expected secondary-market liquidity
  • B. An independent fairness opinion on the issue price
  • C. A media-response script for post-announcement questions
  • D. A purchaser-by-purchaser exemption record with eligibility support

Best answer: D

Explanation: Prospectus exemptions are applied purchaser by purchaser. A general statement that the financing is a private placement is not enough; the file must show the specific exemption relied on for each subscriber and the supporting representations or evidence. Without that, the distribution should not close on an exempt basis.

The key issue is substantiating prospectus-exemption eligibility. In Canada, an issuer or dealer cannot simply label a financing a private placement and proceed without a prospectus. It needs a documented basis for the exemption used for each purchaser. A sound governance and compliance file links every proposed subscriber to the specific exemption being relied on and keeps the purchaser representations or other evidence that supports that conclusion.

  • Identify each proposed purchaser.
  • State the exact exemption relied on for that purchaser.
  • Retain the subscription representation or other supporting evidence.
  • Escalate any purchaser who does not clearly fit an exemption before acceptance.

Pricing advice, communications planning, and market-readiness reviews may all be useful, but they do not cure the absence of documented exemption support.

Question 20

Topic: Element 6 — Risk management and internal controls

The UDP of an Investment Dealer receives an escalation: a former client’s lawyer alleges unsuitable leverage and seeks $2.5 million from the firm and two dealing representatives. The email includes a “civil claim package,” but branch staff cannot tell whether it is only a demand package or a court-filed pleading. Before deciding whether CIRO legal-action reporting is required, what should the UDP verify first?

  • A. Whether insurance coverage and reserves are already arranged
  • B. Whether the Board needs a reputational-risk briefing
  • C. Whether outside counsel expects the claim to fail
  • D. Whether a filed legal claim names the Investment Dealer as a party

Best answer: D

Explanation: The threshold issue is whether an actual legal action has been filed against the dealer. A demand letter, draft claim, or settlement discussion may require internal attention, but it does not by itself establish the CIRO reporting trigger tied to a filed proceeding.

For legal-action reporting, senior management should first confirm the triggering event: a filed legal proceeding naming the Investment Dealer. In this scenario, the branch cannot tell whether the lawyer’s package is only a demand package or an actual court filing. The UDP should therefore obtain and verify the filed statement of claim, notice of civil claim, or equivalent filed document and confirm that the firm itself is named.

Only after that should the firm move to follow-on steps such as assessing service status, notifying insurers, setting reserves, planning a defence, and determining Board escalation. The closest distractor is the merits assessment, but even a weak claim can still be reportable once it has been filed.

Question 21

Topic: Element 1 — General regulatory framework

North Shore Securities is a CIRO investment dealer that introduces most retail accounts to Harbour Clearing, a CIPF member and its carrying broker. Harbour has entered insolvency proceedings, and management asks the board chair to approve a client notice stating that “client losses will be covered by CIPF.” Clients currently cannot trade or withdraw, and some portfolios are declining in market value. Before approving that notice, what should the board chair require management to verify first?

  • A. A transition plan for moving affected accounts to a replacement carrying broker.
  • B. A schedule estimating each client’s claim amount against potential CIPF limits.
  • C. A reconciliation of affected accounts showing what eligible client property was at Harbour and whether any is missing because of the insolvency.
  • D. A complaints dashboard with draft client and media communications.

Best answer: C

Explanation: The first issue is not how much clients may recover, but whether CIPF is engaged at all. The board should require books-and-records evidence that eligible client property was actually held at the insolvent carrying broker and that a shortfall exists because of the insolvency.

CIPF analysis starts with a threshold question: is there an insolvency-related shortfall of eligible client property at the failed member? In an introducing-carrying arrangement, senior leadership should first obtain books-and-records evidence showing which assets were actually held by the insolvent carrying broker, in which client accounts, and whether any cash or securities are missing because of the insolvency. If there is only a temporary access disruption or a market decline while accounts are frozen, that does not by itself establish a CIPF claim. After this threshold is confirmed, the firm can assess claim amounts, coverage categories, transfer steps, and client communications. The closest trap is jumping to claim limits before confirming that CIPF is engaged at all.

Question 22

Topic: Element 6 — Risk management and internal controls

An Investment Dealer’s board wants a principles-based tool to guide decisions when a proposed activity creates risks that are not addressed by a detailed rule. The tool should state the types and amount of risk the firm is willing to accept, set boundaries, and require escalation when exposures move outside those boundaries. Which governance feature best matches this purpose?

  • A. A firm-wide risk register
  • B. A board-approved risk appetite statement
  • C. A written supervisory procedures manual
  • D. An annual internal audit plan

Best answer: B

Explanation: Principles-based risk management relies on judgment anchored to board-defined risk boundaries, not only on detailed checklists. A board-approved risk appetite statement gives management a framework for assessing new or changing situations and for escalating matters that fall outside tolerance.

In a principles-based regulatory environment, Directors and Executives are expected to manage material risks even when no rule addresses every fact pattern. The key governance tool for that is a risk appetite statement: it links strategy to the amount and type of risk the firm is prepared to accept and typically includes qualitative boundaries, metrics, and escalation triggers. That lets management evaluate new activities consistently and know when to challenge, mitigate, or escalate a proposal.

A risk register helps catalogue and monitor risks, a supervisory manual describes required processes, and internal audit independently tests controls. Those tools are important, but they do not define the firm’s acceptable risk boundaries. The central match here is the boundary-setting and escalation role of risk appetite.

Question 23

Topic: Element 3 — Offering and distribution of securities

Before approving participation as lead underwriter in a prospectus offering, an Investment Dealer’s board receives a memo stating that the dealer must independently test management’s representations, press for corrections to incomplete disclosure, and be prepared to delay or withdraw if material concerns cannot be resolved. Which underwriting function does this describe?

  • A. The underwriter’s gatekeeping due diligence
  • B. An over-allotment option for aftermarket stabilization
  • C. A bought deal commitment to purchase the offering
  • D. A selling group arrangement to broaden distribution

Best answer: A

Explanation: The memo describes the dealer’s gatekeeping role in a prospectus offering. The key features are independent due diligence, active challenge of issuer disclosure, and readiness to stop the deal if material issues remain unresolved.

The core concept is the underwriter’s gatekeeping function in a public offering. An Investment Dealer is not just a sales conduit; it is expected to conduct reasonable due diligence, assess whether the prospectus disclosure is supportable and complete, challenge management where evidence is weak, and escalate unresolved concerns. That role helps protect investors and supports confidence in the capital-raising process.

This is different from the commercial structure of the deal or from distribution mechanics. A bought deal concerns the dealer’s commitment to purchase the securities from the issuer. An over-allotment option is a distribution and aftermarket tool. A selling group arrangement expands placement capacity. The closest trap is the bought deal feature, because it is also an underwriting concept, but it addresses purchase commitment rather than disclosure oversight.

Question 24

Topic: Element 3 — Offering and distribution of securities

In a Canadian prospectus underwriting syndicate, which statement best describes the lead dealer’s role?

  • A. It replaces participating dealers’ internal supervision, compliance, and record-keeping obligations.
  • B. It coordinates the syndicate’s due diligence, prospectus drafting, and underwriter certificate process, while each member retains its own due diligence responsibility.
  • C. It signs the issuer’s prospectus certificate on behalf of the issuer’s directors and officers.
  • D. It assumes the entire syndicate’s civil liability, so participating dealers may rely on its review alone.

Best answer: B

Explanation: The lead dealer usually organizes the overall due diligence and prospectus process for the syndicate, including coordinating the underwriter certificate process. That coordinating role does not relieve other syndicate members of their own duty to supervise, review, and document reasonable due diligence.

The core concept is the difference between coordination and responsibility in an underwriting syndicate. The lead dealer typically acts as the organizer: it arranges diligence sessions, working-group discussions, comment resolution, and execution logistics for the prospectus and underwriter certificate process. However, syndicate participation does not transfer each dealer’s legal and supervisory obligations to the lead.

Each participating dealer must still satisfy itself that reasonable due diligence was performed, involve appropriate supervisory and compliance resources, and keep records showing what was reviewed, what questions were raised, and how issues were resolved. Shared diligence can support that work, but it is not a substitute for each firm’s own responsibility. The key takeaway is that the lead dealer is a coordinator for the syndicate, not a liability shield for it.

CIRO director governance map

Use this map after the sample questions to connect individual items to board oversight, delegation, risk appetite, compliance reporting, conflicts, and accountability decisions these Securities Prep samples test.

    flowchart LR
	  S1["Strategic risk or governance issue"] --> S2
	  S2["Define board oversight responsibility"] --> S3
	  S3["Delegate with clear reporting lines"] --> S4
	  S4["Review compliance risk and financial evidence"] --> S5
	  S5["Challenge gaps and approve remediation"] --> S6
	  S6["Track accountability and client impact"]

Quick Cheat Sheet

CueWhat to remember
OversightDirectors oversee systems, people, controls, and culture; they do not run every operational task.
DelegationDelegation is acceptable only with competent people, clear authority, reporting, and follow-up.
Risk appetiteBusiness growth must fit capital, compliance, supervision, and operational capacity.
ConflictsBoard-level conflicts require timely identification, management, recusal, or disclosure as appropriate.
EvidenceMinutes, reports, challenge questions, and remediation tracking show active oversight.

Mini Glossary

  • Risk appetite: Amount and type of risk an organization is willing to accept.
  • Fiduciary duty: Duty to act loyally and prudently in the organization’s interest.
  • Delegation: Assigning authority while retaining oversight responsibility.
  • Board minutes: Formal record of board discussion, challenge, and decisions.
  • Control environment: Governance, culture, policies, and accountability supporting compliance.

In this section

Revised on Sunday, May 3, 2026
CIRO Derivatives
CIRO Institutional