Free CISI CMP UK Reg Practice Questions: Complaints and Redress

CISI means Chartered Institute for Securities & Investment. CMP means Capital Markets Programme, and this page is for the UK Financial Regulation unit. Use this focused CISI CMP UK Regulation page as a short practice test for Complaints and Redress. The items are original Finance Prep sample exam questions built for scenario-based practice, not trivia, puzzle questions, official CISI questions, copied live-exam content, or exam dumps.

Topic snapshot

Sample questions

These are original Finance Prep practice questions aligned to this topic area. They are not official CISI questions, copied live-exam content, or exam dumps. Use them to preview question style and explanation depth before continuing with topic drills, mixed sets, and timed mock exams in Finance Prep.

Question 1

Topic: Complaints and Redress

A UK investment firm’s complaints team identifies the following while handling a client complaint:

• A complaint pack for Client A was emailed to Client B in error.
• The pack includes Client A’s name, address, account number, portfolio valuation and medical information supplied to explain the impact of the complaint.
• Client B has been asked to delete the email, but no confirmation has been received.
• No financial loss or identity fraud has yet been identified.

What is the best next step?

• A. Escalate it immediately through the firm’s data-protection incident process while taking containment steps and preserving the facts for assessment.
• B. Wait until Client A reports actual loss before escalating, because no harm has yet been proven.
• C. Handle it only as part of the DISP complaint file, because the error arose during complaint handling.
• D. Send it to the MLRO as a suspicious activity matter, because the file contains financial information.

Best answer: A

What this tests: Complaints and Redress

Explanation: A client-data issue should be escalated as a data-protection incident when there is a suspected breach of security leading to accidental or unauthorised disclosure, access, loss, alteration or destruction of personal data. The facts show identifiable client data was sent to the wrong external recipient, and the information includes financial and medical details. The firm should not wait for proven harm. The correct workflow is to contain the issue where possible, keep an accurate record, and escalate promptly to the firm’s data-protection route so the responsible team can assess risk and decide whether notifications are required.

• Waiting for actual loss is too late; breach assessment is triggered by the suspected unauthorised disclosure, not by confirmed misuse.
• Treating it only as a complaint misses the separate data-protection incident workflow.
• Referring it to the MLRO uses the wrong escalation route; the facts indicate a personal-data breach, not money laundering suspicion.

Unauthorised disclosure of identifiable client and sensitive information is a suspected personal-data breach that needs prompt internal escalation and assessment.

Question 2

Topic: Complaints and Redress

An FCA-authorised investment firm receives the following items on the same morning. Which response should the compliance manager treat as the single best immediate governance response?

Facts:

• A retail client says:

“I was advised to move my ISA into a high-risk portfolio even though I said I could not afford losses. I want my losses reimbursed.”

• The client’s email includes a PDF statement for a different retail client, showing name, address, account number, and portfolio value; it appears to have been attached by the firm in error.

• A junior adviser tells Compliance that their line manager instructed staff to record the matter as “general service feedback” and warned the adviser not to use the firm’s whistleblowing channel.

• No final complaint response has been sent and no data-protection assessment has yet been recorded.

• A. Open a DISP complaint case, preserve the advice file and communications, assess suitability and redress, escalate the personal data incident for data-protection assessment, and protect the whistleblowing concern from line-manager interference.

• B. Focus first on calculating possible investment redress, and defer the data-protection and whistleblowing issues until the complaint outcome is known.

• C. Refer the junior adviser’s concern to HR, but do not open a complaint because the client has not used the word “complaint” or followed the firm’s escalation wording.

• D. Treat the matter as service feedback until the client completes the firm’s complaint form, then consider suitability and redress after the form is received.

Best answer: A

What this tests: Complaints and Redress

Explanation: A complaint does not have to use a prescribed form or exact wording. The retail client has expressed dissatisfaction about regulated advice and asked for compensation, so the firm should handle it under its complaint process, investigate suitability, preserve evidence, and consider redress if the complaint is upheld. The misdirected PDF is also a personal data incident and must be contained, recorded, and escalated for data-protection assessment, including any notification decision. The line manager’s instruction to downgrade the matter and discourage use of the whistleblowing channel raises a separate governance concern. It should be escalated independently, with protection against retaliation and preservation of relevant records. The strongest response coordinates complaint handling, redress, data protection, and whistleblowing rather than treating one as a reason to delay the others.

• Waiting for a firm complaint form is too formalistic; an expression of dissatisfaction seeking compensation can already require complaint handling.
• Redress work alone is incomplete because the data incident and whistleblowing concern require separate, prompt escalation.
• A narrow HR referral misses the client complaint and the data-protection assessment, and it does not ensure independent handling where a line manager may be implicated.

This addresses the complaint, potential redress, data breach, record preservation, and whistleblowing protection without subordinating one issue to another.

Question 3

Topic: Complaints and Redress

An FCA-authorised investment firm receives a complaint from a retail client about a structured product sold after a personal recommendation.

Case notes:

• The client says her low-risk objective and need for access to cash were ignored.
• The adviser who made the recommendation says the client signed all risk warnings.
• The product fell in value after the client withdrew early.
• The complaints team must evidence that its final response was reached fairly and objectively.

Which evidence would best support that conclusion?

• A. A complaint file showing the client’s allegations, relevant advice and transaction records, evidence gathered from both sides, an impartial assessment against the applicable rules and policy, and reasons for the outcome and any redress.
• B. A file note confirming the product provider still regards the structured product as suitable for its target market.
• C. A final response drafted by the original adviser, supported by copies of the signed risk warnings and the product brochure.
• D. A complaints register entry showing the complaint was acknowledged and closed within the firm’s target service standard.

Best answer: A

What this tests: Complaints and Redress

Explanation: Fair complaint handling is evidenced by a clear audit trail of the investigation and decision-making process. For a suitability-related complaint, the firm should retain the client’s allegations, relevant fact-find and suitability records, transaction documents, communications, and any evidence from the client and adviser. It should also show that the matter was assessed impartially against the applicable regulatory requirements and the firm’s policy, with a clear explanation of the conclusion and any redress decision. Signed warnings, timeliness records, or product-provider material may be relevant background, but they do not by themselves show that the individual complaint was considered fairly and objectively.

• Signed risk warnings do not prove the suitability complaint was investigated impartially, especially if the original adviser controls the response.
• A complaints register and prompt closure help show process control, but not the quality or objectivity of the investigation.
• Product target-market information is not a substitute for assessing the client’s individual circumstances and complaint evidence.

A fair and objective complaint record should show what was investigated, the evidence considered, the impartial assessment made, and the reasoned outcome.

Question 4

Topic: Complaints and Redress

A firm’s complaints team has logged a complaint from a retail client about a personal recommendation made by one of its advisers.

Investigation findings:

• The suitability record showed capital preservation, limited experience, and a low ability to bear losses.
• The recommended product was illiquid and carried a material risk of loss.
• The file does not explain why the product matched the client’s objectives or risk profile.
• Key risk disclosures were given only after the client had committed to invest.
• The client has crystallised a loss, and the firm can calculate the likely position the client would have been in without the recommendation.
• The firm is solvent, and the complaint is being handled by the firm under DISP.

What is the best next step for the firm?

• A. Tell the client to claim from the FSCS because the investment produced a loss.
• B. Calculate fair redress aimed at putting the client in the position they would likely have been in without the unsuitable recommendation, then issue a final response explaining the outcome and FOS referral rights.
• C. Reject the complaint because the client signed the application form and later received written risk disclosures.
• D. Offer a small goodwill payment and retrain the adviser without quantifying the client’s investment loss.

Best answer: B

What this tests: Complaints and Redress

Explanation: Where a complaint investigation shows poor advice, inadequate disclosure, or defective execution, the firm should consider appropriate redress rather than treating the complaint as a service issue only. Redress is normally aimed at putting the complainant, as far as practicable, in the position they would have been in had the failing not occurred. Here, the evidence indicates an unsuitable personal recommendation and late risk disclosure, and the client’s loss can be assessed. The firm should calculate fair compensation, communicate its decision in a final response, and include the client’s right to refer the matter to the Financial Ombudsman Service if dissatisfied. The FSCS is not the ordinary route for a solvent firm handling its own complaint.

• A signed application or later risk warning does not cure an unsuitable recommendation or late disclosure.
• FSCS compensation is not the normal remedy where a solvent firm can handle and redress its own complaint.
• Waiting for FOS involvement would delay the firm’s own DISP responsibility to assess and respond.
• A goodwill payment without loss assessment fails to address the evidenced investment harm.

The evidence supports upholding the complaint and offering fair redress through the firm’s DISP complaint response process.

Question 5

Topic: Complaints and Redress

A retail client emails the firm’s complaints inbox:

I instructed you to sell my shares last Monday. Your dealer delayed the order and I lost money. I want compensation.

The firm has call recordings, order-management logs, and the dealer’s notes. The desk manager wants to treat the email as a misunderstanding and offer a small goodwill payment by phone.

Which action best applies fair complaint handling principles?

• A. Promptly acknowledge and log the matter as a complaint, investigate the relevant records impartially, explain the outcome and any redress, and retain the complaint record.
• B. Ask the dealer who handled the order to decide the outcome, and respond only if the client repeats the complaint in writing.
• C. Classify the matter as a service query until the client submits a signed complaint form, then rely mainly on the dealer’s notes.
• D. Offer a goodwill payment immediately by phone and close the file without further investigation if the client accepts.

Best answer: A

What this tests: Complaints and Redress

Explanation: Fair complaint handling starts with recognising an expression of dissatisfaction as a complaint, even if it is made by email and not on a formal form. The firm should acknowledge and record it, investigate competently, diligently and impartially using relevant evidence such as call recordings and order logs, and provide a clear response that explains the decision and any appropriate redress. A quick goodwill payment may be appropriate only after the firm has considered the merits and recorded the handling and outcome. Allowing the front office to control the response, ignoring relevant evidence, or failing to keep records would undermine fair treatment and effective complaint governance.

• Requiring a signed complaint form wrongly delays recognition of a complaint and narrows the evidence base.
• A goodwill payment without investigation may conceal the issue and fails to support a fair, reasoned outcome.
• Letting the dealer decide the outcome creates an obvious impartiality concern and ignores the duty to handle complaints fairly.

This follows fair complaint handling by recognising the complaint, investigating it properly, giving a reasoned response, and keeping an audit trail.

Question 6

Topic: Complaints and Redress

An FCA-authorised investment firm discovers a small client-account error.

Facts:

• The client is a retail client using an execution-only ISA dealing service.
• Her online account showed a duplicated £38 dealing charge for one day.
• The duplicate charge was reversed before any cash was withdrawn or reinvested.
• Nine other clients were affected; the data-feed rule has been corrected and checked.
• No personal data was disclosed outside the firm, and there are no AML, market abuse, or whistleblowing concerns.
• The client has emailed: “I want this treated as a formal complaint and I want £1,000 compensation.”

What is the single best response by the firm?

• A. Close the matter as an operational correction only because the duplicated £38 charge was reversed and no client suffered financial loss.
• B. Treat the issue as a whistleblowing matter and restrict the client response until the board has completed a formal investigation.
• C. Immediately notify the FCA, the ICO, and the FOS, and pay the requested £1,000 to demonstrate that the firm has treated the client fairly.
• D. Record and handle the matter as a complaint, confirm the correction, consider fair redress for any inconvenience, document the root-cause checks, and make external notifications only if separate reportability criteria are met.

Best answer: D

What this tests: Complaints and Redress

Explanation: A low-value error can still be a complaint if a client expresses dissatisfaction about a regulated service. Proportionality does not mean ignoring DISP-style handling, evidence, or fair treatment. The firm should correct the error, investigate enough to understand impact and cause, respond clearly to the client, consider whether any redress is fair for inconvenience or distress, and keep records showing why the matter was not escalated externally. The facts point to a limited operational issue: small amount, quick reversal, limited affected population, corrected control, no external data disclosure, and no financial-crime or market-integrity concern. Those facts support a proportionate response rather than automatic regulatory notifications or excessive compensation. If later evidence showed wider harm, a reportable data breach, systemic control failure, or other regulatory issue, escalation would be reconsidered.

• Treating the case only as an operational correction ignores the client’s expressed complaint and the need to evidence fair handling.
• Automatic FCA, ICO, and FOS notification overstates the facts; external reporting depends on specific criteria, not the client’s demand alone.
• A whistleblowing process is not the right route for a client complaint about a corrected account charge with no protected disclosure issue.

This proportionately addresses the low impact while still meeting complaint-handling, client-protection, record-keeping, and governance obligations.

Question 7

Topic: Complaints and Redress

An FCA-authorised investment firm is handling a retail client’s complaint about advice given two years ago.

Case notes:

• The file contains the client’s 2019 address and employment status, but the client has now provided updated details.
• The onboarding pack includes full bank statements and payslips, although the complaint team only needs current income band and transaction dates to investigate.
• The marketing team asks to copy the complaint correspondence into a campaign list for similar products.
• A complaint handler wants to send the full file to a personal email account to review it at home.

Which response is the single best application of data-protection principles?

• A. Keep all original documents unchanged and permanently available to staff because they may be useful if the FCA or FOS later asks for evidence.
• B. Delete the complaint file once the final response is issued because storage minimisation overrides future evidence needs.
• C. Correct the live client record while preserving an audit trail, use the data only for complaint and regulatory purposes, restrict secure access, and remove or anonymise unnecessary material when there is no continuing lawful basis to retain it.
• D. Use the complaint correspondence for the campaign if the promotion is fair, clear and not misleading and the client can unsubscribe.

Best answer: C

What this tests: Complaints and Redress

Explanation: Under the Data Protection Act 2018 and UK GDPR principles, client personal data must be processed lawfully, fairly and transparently, kept accurate, collected and used for specified purposes, limited to what is necessary, retained only as long as justified, and protected against unauthorised access or disclosure. A complaint file may need to be retained for regulatory, evidential and redress purposes, but that does not justify unrestricted access, indefinite retention, or keeping excessive documents. The firm should update inaccurate live records while keeping an appropriate audit trail of what was used at the time. Complaint correspondence should not be repurposed for marketing without a proper lawful basis and fair processing. Sending a full file to a personal email account is inconsistent with secure handling.

• Keeping everything permanently fails storage limitation, data minimisation, accuracy, and access-control expectations.
• A compliant financial promotion does not make unrelated complaint data available for marketing use.
• Deleting the whole file immediately after the final response ignores legitimate complaint, FOS, and regulatory record-keeping needs.

This applies accuracy, purpose limitation, data minimisation, storage limitation, and security to the complaint file.

Question 8

Topic: Complaints and Redress

An FCA-authorised investment firm executes share orders for retail clients. A client emails the firm:

Your platform executed my order late after I submitted it during market hours. The resulting price was worse and I have lost about £850. Please put this right.

The operations team notes that the email does not use the word “complaint” and that market prices can move quickly.

Which response best applies UK complaint-handling expectations?

• A. Reject the matter at the outset because price movement is an investment risk and cannot form part of a complaint.
• B. Treat the email as a complaint under the firm’s DISP-style procedures and assess it fairly, because it expresses dissatisfaction about a regulated service and alleges financial loss.
• C. Treat the email as general feedback unless the client expressly asks for the Financial Ombudsman Service.
• D. Refer the client directly to the FSCS because the client alleges a monetary loss.

Best answer: B

What this tests: Complaints and Redress

Explanation: DISP-style complaint handling is relevant when a customer expresses dissatisfaction about a firm’s regulated activities and the matter involves alleged financial loss, material distress, or material inconvenience. The client does not need to use the word “complaint”. Here, the client is challenging the firm’s execution service and alleging an £850 loss caused by delay, so the firm should record and handle the matter through its complaint procedures, assess it fairly, and provide an appropriate response. Market risk may be relevant to the merits, but it does not prevent the matter from being a complaint. FSCS is not the first route for an operational or conduct complaint against a solvent authorised firm.

• Requiring an express FOS request is wrong; complaint handling starts when the firm receives a relevant expression of dissatisfaction.
• Treating market movement as an automatic rejection confuses the merits of the complaint with whether complaint procedures apply.
• Sending the client straight to the FSCS is inappropriate where the issue is a complaint about the firm’s service, not firm failure or compensation scheme eligibility.

The client’s message is an expression of dissatisfaction about regulated investment services and includes alleged financial loss, so complaint procedures are relevant.

Question 9

Topic: Complaints and Redress

An operations analyst receives one email from a colleague about a retail client’s case.

Email summary:

• The client says the firm ignored a written complaint about unsuitable advice and asks for compensation.
• The case file contains a response pack sent to the client that includes another client’s account number and transaction details.
• The colleague says a team leader told staff to mark similar cases as service feedback so they would not appear in complaint MI, and asks that the concern be handled confidentially.

No investigation has yet been completed. What is the best next step?

• A. Ask the named team leader to review the file first, because the alleged issue sits within that manager’s complaint-handling team.
• B. Treat the matter as one client complaint and wait for the final response before deciding whether any data or whistleblowing records are needed.
• C. Open a complaint record, preserve the evidence, escalate the personal data incident to the privacy team, and refer the colleague’s concern through the whistleblowing or compliance route.
• D. Record the matter only as a data protection incident, because disclosure of another client’s details takes priority over complaint and whistleblowing processes.

Best answer: C

What this tests: Complaints and Redress

Explanation: A single case can trigger several regulatory workflows at the same time. The client’s dissatisfaction and request for compensation should be captured as a complaint and handled under the firm’s DISP process. The accidental disclosure of another client’s account and transaction details should be logged as a personal data incident and escalated to the privacy or data protection function for breach assessment. The allegation that complaints are being deliberately misclassified to keep them out of management information is a separate conduct and governance concern, so it should be referred through the firm’s whistleblowing or compliance escalation route, with confidentiality protected. These steps should be taken before the merits of the underlying advice complaint are decided, because logging and escalation preserve evidence and allow the correct control owners to assess their risks.

• Waiting until the final response is too late, as data incidents and whistleblowing concerns need prompt separate escalation.
• Sending the matter to the named team leader risks compromising confidentiality and independence because that person is implicated in the concern.
• Treating the case only as a data issue ignores the client’s complaint and the alleged manipulation of complaint records.

The same event raises a DISP complaint, a potential personal data breach, and a confidential misconduct concern, so each control route must be activated without waiting for the full investigation.

Question 10

Topic: Complaints and Redress

A UK investment firm trains operations staff to escalate potential client-data incidents immediately. Its policy states:

Escalate any suspected personal data breach involving unauthorised disclosure, access, loss, destruction, or alteration of client personal data. Do not wait for evidence that the data has been misused.

Which event should be escalated as a data-protection incident?

• A. A client complains that a quarterly valuation is hard to understand and asks for a clearer explanation of charges.
• B. A client telephones to update a mobile number and asks where the firm’s privacy notice can be found.
• C. A staff member finds a stack of unused blank onboarding forms left on a printer overnight.
• D. An adviser emails a portfolio valuation showing a retail client’s name, address, date of birth, and account holdings to another client with a similar surname.

Best answer: D

What this tests: Complaints and Redress

Explanation: A data-protection incident is not limited to confirmed fraud or proven misuse. Under UK data-protection principles, a suspected breach involving personal data should be escalated promptly so the firm can assess containment, client impact, record-keeping, and any notification duties. Sending client-identifiable financial information to the wrong recipient is an unauthorised disclosure of personal data. The firm should not wait to see whether the recipient opens, forwards, or misuses it before treating it as an incident. By contrast, routine service complaints, privacy-notice queries, and blank forms with no personal data may require action, but they do not by themselves indicate a personal data breach.

• A complaint about unclear charges may fall under complaint handling, but it does not show loss, unauthorised access, or disclosure of personal data.
• Updating contact details and requesting the privacy notice are normal client-data handling activities, not incidents.
• Blank onboarding forms contain no identifiable client information, so leaving them out is poor housekeeping but not a personal data breach on these facts.

This is a suspected unauthorised disclosure of identifiable client information and should be escalated immediately as a personal data breach.

Continue in the web app

Use Finance Prep for interactive CISI CMP UK Regulation practice with mixed sets, timed mock exams, topic drills, explanations, and progress tracking.

Related focused pages

• Free CISI CMP UK Regulation Practice Exam
• Free CISI CMP UK Reg Practice Questions: The Regulatory Environment
• Free CISI CMP UK Reg Practice Questions: Conduct of Business and Client Assets
• Free CISI CMP UK Reg Practice Questions: Enhancing Market Integrity

Practice next step

Use the Finance Prep web app above when you want interactive practice beyond this static page.