CISI Capital Markets Programme — UK Financial Regulation Quick Review
Quick Review for Chartered Institute for Securities & Investment CISI Capital Markets Programme — UK Financial Regulation candidates preparing for CISI CMP UK Reg.
Quick Review purpose
This independent Quick Review supports candidates preparing for the Chartered Institute for Securities & Investment exam CISI Capital Markets Programme — UK Financial Regulation (CISI CMP UK Reg). It is designed for the final review stage before you move into topic drills, mock exams, and detailed explanations.
Use it to refresh the main decision rules behind UK financial regulation: who regulates what, when an activity is inside the regulatory perimeter, what firms must do for clients, how market abuse and financial crime controls work, and how exam questions commonly test close distinctions.
This page is independent exam-prep support. It is not affiliated with, endorsed by, or issued by the Chartered Institute for Securities & Investment.
High-yield regulatory map
| Area | What to remember quickly | Common exam angle |
|---|---|---|
| Regulatory architecture | HM Treasury sets the legal framework; the Bank of England has financial stability functions; the FCA focuses on conduct, markets, consumers, and competition; the PRA focuses on prudential soundness of relevant firms. | Distinguish conduct risk from prudential risk. |
| Regulatory perimeter | A firm usually needs permission if it carries on a regulated activity, by way of business, in relation to specified investments, without an exclusion or exemption. | Identify whether authorization is required. |
| FCA Principles | Broad standards such as integrity, skill, care and diligence, management and control, financial prudence, market conduct, client interests, communications, conflicts, client assets, regulator relations, and Consumer Duty. | Principles apply even when detailed rules are not quoted. |
| Client classification | Retail clients receive the highest conduct protection; professional clients receive reduced protection; eligible counterparties receive the least for eligible activities. | Do not assume “professional” means no duties. |
| Advice vs execution | Suitability applies to personal recommendations and portfolio management; appropriateness applies to non-advised complex product business; execution-only is narrower. | Separate suitability, appropriateness, and best execution. |
| Financial promotions | Communications must be fair, clear, and not misleading; unauthorised persons generally need approval or an exemption. | Approval does not remove responsibility for accuracy. |
| Best execution | Firms must take sufficient steps to obtain the best possible result for clients, considering relevant execution factors. | Retail analysis often focuses heavily on total consideration. |
| Conflicts | Identify, prevent or manage conflicts; disclosure alone is normally a last-resort control, not the whole answer. | “Just disclose it” is often too weak. |
| CASS/client assets | Client money and custody assets must be protected, segregated, recorded, and reconciled according to applicable rules. | Do not confuse firm assets with client assets. |
| Market abuse | Insider dealing, unlawful disclosure, and market manipulation are core categories. | Inside information is precise, non-public, price-sensitive information. |
| AML and sanctions | Risk-based CDD, ongoing monitoring, escalation, suspicious activity reporting, and sanctions controls. | CDD is not a one-time onboarding formality. |
| SMCR/governance | Senior Managers, Certification staff, Conduct Rules, fit and proper assessment, accountability, and clear responsibilities. | Certification is firm responsibility, not the same as FCA pre-approval. |
UK regulatory architecture
Core bodies and roles
| Body | Primary role in review terms | Candidate trap |
|---|---|---|
| HM Treasury | Sets policy and legislative framework for financial services. | Do not treat HM Treasury as the day-to-day conduct supervisor of firms. |
| Bank of England | Financial stability, payment systems oversight, and central banking functions. | Do not confuse macro-stability oversight with client conduct supervision. |
| Financial Conduct Authority | Conduct regulation, market integrity, consumer protection, competition, authorisation and supervision for many firms. | FCA is not only a “retail consumer” regulator; wholesale market integrity is also central. |
| Prudential Regulation Authority | Prudential regulation of banks, insurers, and designated investment firms. | Prudential supervision is about safety, soundness, resilience, and resources. |
| Financial Ombudsman Service | Independent dispute resolution for eligible complainants. | It does not write the FCA Handbook. |
| Financial Services Compensation Scheme | Compensation scheme for eligible claims where authorised firms cannot meet obligations. | It is not the same as the complaints process. |
Conduct vs prudential focus
| Question stem points to… | Think mainly of… |
|---|---|
| Misleading client communication, unsuitable recommendation, order handling, conflicts, complaints | FCA conduct requirements |
| Capital resources, liquidity, solvency, wind-down planning, risk to firm safety and soundness | Prudential regulation |
| False market impression, inside information, transaction reporting, suspicious order reporting | Market integrity and market abuse framework |
| Governance failure, unclear responsibility, weak controls, poor oversight | SYSC, SMCR, senior management accountability |
| Client money shortfall, failed segregation, poor reconciliations | CASS/client asset protection |
Regulatory perimeter: the authorization decision
A frequent exam pattern is to describe a business activity and ask whether authorization or permission is required. Work through the perimeter in a structured way.
flowchart TD
A[Proposed activity] --> B{Is it a regulated activity?}
B -- No --> X[Likely outside permission requirement, but other rules may still apply]
B -- Yes --> C{Is it linked to a specified investment?}
C -- No --> X
C -- Yes --> D{Carried on by way of business?}
D -- No --> X
D -- Yes --> E{Any exclusion or exemption?}
E -- Yes --> F[May be outside authorization, subject to conditions]
E -- No --> G[Permission likely required before carrying on activity]
Regulated activity review
Common investment-related activities include:
- dealing in investments as principal;
- dealing in investments as agent;
- arranging deals in investments;
- advising on investments where the advice is a personal recommendation;
- managing investments;
- safeguarding and administering investments;
- operating certain investment or trading arrangements;
- establishing, operating, or winding up collective investment arrangements, where applicable.
Specified investments commonly include shares, debt instruments, government and public securities, units in collective investment schemes, options, futures, contracts for differences, warrants, and rights to or interests in investments.
Perimeter traps
| Trap | Better exam reasoning |
|---|---|
| “The firm is authorised, so it can do any regulated activity.” | Authorisation must cover the relevant activity and investment type through the firm’s permissions. |
| “The client is professional, so regulation does not apply.” | Client category changes conduct protections; it does not automatically remove the regulatory perimeter. |
| “The activity is only introducing parties, so it is never regulated.” | Arranging can be regulated depending on what is done and whether an exclusion applies. |
| “Information about an investment is the same as advice.” | Advice generally requires a personal recommendation to a person in relation to a specific investment decision. |
| “An exemption always applies broadly.” | Exemptions and exclusions are conditional and must be applied narrowly to the facts. |
FCA Principles and conduct mindset
The FCA Principles are high-level standards. In exam questions, they often appear indirectly: a firm may technically follow a narrow rule but still fail because its overall conduct is poor.
Principles-style decision points
| If the question describes… | Principle-style issue |
|---|---|
| Misleading returns, hidden risks, selective presentation | Communications with clients; integrity; client interests |
| Weak systems, poor oversight, unclear reporting lines | Management and control; skill, care and diligence |
| Ignoring conflicts or accepting improper incentives | Conflicts of interest; integrity |
| Mishandling client money or records | Clients’ assets; skill, care and diligence |
| Delayed or incomplete regulator notification | Relations with regulators |
| Poor product design or foreseeable retail harm | Consumer Duty and customer outcomes |
| Trading that distorts the market | Market conduct |
Consumer Duty quick distinction
Consumer Duty is especially relevant where retail customers are involved. It is broader than simply providing a disclosure document. It requires firms to consider customer outcomes across the product and service lifecycle.
| Weak answer | Stronger answer |
|---|---|
| “Give the customer more information.” | Ensure communications are understandable and support informed decisions. |
| “The customer agreed to the terms.” | Consider whether the product, price, support, and communications deliver appropriate outcomes. |
| “The firm disclosed the risk in small print.” | Risk information should be clear, timely, and capable of being understood by the target customers. |
FCA Handbook and rulebook navigation
You do not need to recite every sourcebook, but you should know what type of issue belongs where.
| Area | What it covers in exam terms |
|---|---|
| PRIN | FCA Principles for Businesses. |
| SYSC | Systems, controls, governance, compliance, risk management, senior management arrangements. |
| COBS | Conduct of business for investment business: client classification, information, advice, inducements, order handling, best execution. |
| CASS | Client money and custody asset protection. |
| SUP | Supervision, notifications, regulatory reporting, relationships with the regulator. |
| DISP | Complaint handling and dispute resolution. |
| MAR / market conduct materials | Market conduct standards and interaction with market abuse requirements. |
| MIFIDPRU / prudential materials | Prudential requirements for investment firms where applicable. |
Client classification
Client classification drives the level of conduct protection. Always identify the client category before deciding the rule outcome.
| Category | Typical meaning | Exam significance |
|---|---|---|
| Retail client | Client not classified as professional or eligible counterparty. | Highest conduct protection. Suitability, disclosure, risk warnings, and complaints protections are often most relevant. |
| Professional client | Client with sufficient experience, knowledge, and expertise, either per se or elective. | Reduced protections, but firms still owe important duties. |
| Eligible counterparty | Certain sophisticated counterparties for eligible business. | Lowest conduct protection for specific eligible activities, but not outside all regulation. |
Reclassification traps
| Scenario | Key point |
|---|---|
| Retail client wants to be treated as professional | Opt-up requires a proper assessment and process; it is not just a client preference. |
| Professional client wants more protection | Clients may request different categorisation where rules allow. |
| Eligible counterparty receives a financial promotion | Do not assume all communication standards disappear. |
| Firm labels a client “sophisticated” internally | Internal labels do not replace regulatory classification requirements. |
Financial promotions
A financial promotion is broadly an invitation or inducement to engage in investment activity. The key review rule is: communications must be fair, clear, and not misleading.
Financial promotion checklist
| Question | Why it matters |
|---|---|
| Is there an invitation or inducement? | Determines whether the communication is within the financial promotion regime. |
| Is the communicator authorised? | Unauthorised persons generally need approval or a valid exemption. |
| Who is the audience? | Retail, professional, and exempt recipient categories affect the analysis. |
| Is the product high risk or complex? | Additional restrictions, warnings, or processes may apply. |
| Are benefits and risks balanced? | Selective presentation is a common exam red flag. |
| Is performance information presented properly? | Past performance and projections must not mislead. |
Common financial promotion mistakes
- highlighting upside while burying risk;
- using unrealistic examples without clear assumptions;
- implying capital protection where none exists;
- presenting past performance as a promise;
- approving a communication without adequate review;
- relying on an exemption without satisfying its conditions;
- treating social media or informal messaging as outside the regime.
Advice, information, suitability, and appropriateness
This is one of the most testable distinction areas.
| Concept | Applies when… | Main requirement |
|---|---|---|
| Information | Firm gives factual or generic information without a personal recommendation. | Must still be fair, clear, and not misleading. |
| Investment advice | Firm gives a personal recommendation about a specific investment decision. | Suitability applies. |
| Portfolio management | Firm manages investments on a discretionary basis. | Suitability applies. |
| Non-advised complex product sale | Client makes own decision, but product is complex. | Appropriateness assessment applies. |
| Execution-only non-complex transaction | Client initiates and no advice is given, subject to conditions. | Appropriateness may not be required, but other duties still apply. |
| Best execution | Firm executes or transmits client orders. | Obtain the best possible result under the relevant standard. |
Suitability vs appropriateness
| Feature | Suitability | Appropriateness |
|---|---|---|
| Trigger | Personal recommendation or portfolio management. | Non-advised transaction in complex products. |
| Focus | Is the recommendation suitable for the client? | Does the client have knowledge and experience to understand the risks? |
| Information considered | Objectives, financial situation, knowledge and experience, risk tolerance, capacity for loss, and related factors. | Primarily knowledge and experience regarding the product or service. |
| If information is insufficient | Do not recommend or manage on that basis. | Warn the client where required; do not treat warning as advice. |
| Common trap | Thinking suitability is only about risk appetite. | Thinking appropriateness means the product is suitable. |
Exam decision rule
If the firm says, in effect, “Given your circumstances, you should buy/sell/hold this specific investment,” think personal recommendation and suitability.
If the firm says, “Here are the product features; you decide,” think information or non-advised business, then decide whether appropriateness is required.
Best execution and order handling
Best execution is not the same as getting the best price in every isolated case. It is about taking sufficient steps to obtain the best possible result, considering relevant execution factors.
| Execution factor | What it means |
|---|---|
| Price | Price at which the order is executed. |
| Costs | Explicit and implicit costs of execution. |
| Speed | How quickly execution can occur. |
| Likelihood of execution | Probability the order can be completed. |
| Likelihood of settlement | Probability the trade will settle successfully. |
| Size | Size of the order relative to market liquidity. |
| Nature | Special characteristics of the order. |
| Other considerations | Any factor relevant to achieving the best result. |
Order handling controls
- execute client orders promptly, fairly, and sequentially where required;
- avoid misuse of information about client orders;
- have and follow an order execution policy;
- disclose appropriate execution information to clients;
- monitor execution quality;
- manage aggregation and allocation fairly;
- keep records capable of demonstrating compliance.
Best execution traps
| Trap | Correct approach |
|---|---|
| “Best execution always means best price.” | Price is important, but other factors may matter, especially for size, liquidity, or settlement risk. |
| “Retail and professional analysis is identical.” | Retail outcomes often focus strongly on total consideration, while professional analysis may weigh factors differently. |
| “Following the policy once is enough.” | Policies must be monitored and reviewed. |
| “Client instruction removes all obligations.” | A specific instruction may affect the instructed part, but not necessarily all other aspects. |
Conflicts of interest and inducements
Conflicts are not automatically prohibited, but firms must identify and control them.
Conflict management hierarchy
- Identify actual and potential conflicts.
- Prevent or manage the conflict through effective arrangements.
- Disclose only where arrangements are not sufficient to ensure, with reasonable confidence, that client interests will not be harmed.
- Decline to act where the conflict cannot be managed appropriately.
Common conflict examples
| Situation | Conflict risk |
|---|---|
| Firm sells in-house products to clients | Revenue interest may conflict with client interest. |
| Analyst coverage linked to investment banking revenue | Research objectivity risk. |
| Gifts or hospitality from brokers | Inducement and independence concerns. |
| Aggregated client orders | Allocation fairness risk. |
| Personal account dealing by staff | Misuse of information or front-running risk. |
| Remuneration based solely on sales volume | Poor customer outcome risk. |
Inducement exam points
- Ask whether the payment, commission, benefit, or hospitality could impair the firm’s duty to act in the client’s best interests.
- For relevant investment business, inducements often require a quality-enhancement rationale, proper disclosure, and no impairment of duty.
- Minor non-monetary benefits may be treated differently from substantial benefits, but they still require controls.
- Research, corporate access, and broker benefits can create conflicts and should not be treated casually.
Client money and custody assets
Client asset protection is highly testable because the logic is practical: if the firm fails, client assets should be identifiable and protected as far as the rules require.
Client asset distinction
| Concept | Meaning | Key risk |
|---|---|---|
| Client money | Money held for or on behalf of a client. | Commingling with firm money; shortfalls; poor reconciliations. |
| Custody asset | Designated investment held for or on behalf of a client. | Poor registration, custody records, or third-party custodian oversight. |
| Firm money/assets | Belong to the firm. | Must not be mislabelled as client assets. |
| Title transfer collateral | Ownership transfers to the firm under the arrangement. | Client may not have the same protection as client asset treatment. |
CASS control themes
- segregate client money where required;
- use appropriate client bank or custody accounts;
- maintain accurate books and records;
- perform reconciliations and resolve discrepancies;
- conduct due diligence on third-party banks, custodians, and depositaries;
- provide appropriate disclosures;
- have governance oversight and escalation for breaches;
- maintain plans and documentation that support orderly return of client assets if needed.
CASS traps
| Trap | Better reasoning |
|---|---|
| “The firm recorded it in a spreadsheet, so assets are protected.” | Records must be accurate, reconciled, and supported by proper segregation and controls. |
| “Client money can be used temporarily for firm liquidity.” | Client money must not be used as firm working capital. |
| “A third-party custodian removes the firm’s responsibility.” | The firm still has selection, oversight, and recordkeeping duties. |
| “Title transfer is just another custody arrangement.” | Title transfer changes ownership and protection analysis. |
Market abuse and market integrity
Market abuse questions usually test definitions through facts. Focus on the nature of the information or conduct.
Inside information
Inside information is generally information that is:
- precise;
- not public;
- directly or indirectly related to an issuer or financial instrument; and
- likely to have a significant effect on price if made public.
Core market abuse categories
| Category | Review meaning | Example fact pattern |
|---|---|---|
| Insider dealing | Using inside information to acquire or dispose of relevant financial instruments, or attempting to do so. | Employee trades before unpublished takeover announcement. |
| Unlawful disclosure | Improperly disclosing inside information to another person. | Passing confidential results to a friend without legitimate reason. |
| Market manipulation | Conduct that gives false or misleading signals, secures abnormal/artificial prices, or uses deception. | Spoofing, layering, wash trades, false rumours, misleading orders. |
Market abuse traps
| Trap | Correct analysis |
|---|---|
| “Only directors can commit insider dealing.” | Anyone with inside information can be relevant. |
| “No profit means no abuse.” | Profit is not always required for a breach. |
| “Rumours are always inside information.” | Assess precision, non-public nature, and price sensitivity. |
| “Cancelling an order means no manipulation.” | Placing orders to create a false impression can still be problematic. |
| “Disclosure to one analyst is fine if accurate.” | Selective disclosure of inside information can be unlawful unless properly controlled. |
Market integrity controls
- insider lists and information barriers;
- wall-crossing procedures;
- restricted lists and watch lists;
- personal account dealing controls;
- suspicious transaction and order escalation;
- surveillance of trading patterns;
- clear escalation to compliance and senior management;
- staff training on inside information and confidentiality.
Primary and secondary market regulation
Capital markets candidates should connect conduct rules with issuer disclosure, trading venue behavior, and market transparency.
| Area | What to review |
|---|---|
| Issuer disclosure | Accurate, timely disclosure supports informed markets and prevents selective information advantages. |
| Prospectus and offering materials | Must not mislead; disclosure standards depend on the transaction and audience. |
| Listing and continuing obligations | Listed issuers face ongoing obligations around information, governance, and market announcements. |
| Trading venues | Regulated markets, multilateral trading facilities, and other venues have rulebooks and market integrity responsibilities. |
| Transaction reporting | Helps regulators detect market abuse and monitor markets. |
| Short selling and positions | Disclosure or restriction regimes may apply depending on instrument and circumstances. |
| Derivatives and clearing | Risk mitigation, reporting, clearing, and collateral controls may be relevant. |
Exam shortcut
If a question involves information asymmetry, think disclosure, inside information, market abuse, and investor protection.
If it involves trade data, think transaction reporting, venue rules, transparency, and surveillance.
If it involves post-trade risk, think clearing, settlement, collateral, custody, and operational controls.
AML, counter-terrorist financing, sanctions, and financial crime
Financial crime controls are risk-based, ongoing, and governance-heavy. The firm must know who it is dealing with, understand risk, monitor activity, and escalate suspicion.
AML control framework
| Control | Purpose |
|---|---|
| Business-wide risk assessment | Understand money laundering and terrorist financing risks across products, clients, geographies, and delivery channels. |
| Customer due diligence | Identify and verify customers and, where relevant, beneficial owners. |
| Enhanced due diligence | Apply more scrutiny to higher-risk situations. |
| Ongoing monitoring | Ensure transactions and client behavior remain consistent with known risk profile. |
| Suspicious activity escalation | Report internally to the appropriate function and externally where required. |
| Training | Ensure staff identify red flags and know escalation routes. |
| Recordkeeping | Evidence compliance and support investigations. |
| Sanctions screening | Prevent prohibited dealings with sanctioned persons, entities, or jurisdictions. |
Red flags
- complex structures with unclear commercial purpose;
- reluctance to provide ownership or source-of-funds information;
- transactions inconsistent with the client profile;
- rapid in-and-out movement of funds;
- high-risk jurisdictions or unusual routing;
- use of nominees without clear rationale;
- pressure to avoid normal onboarding steps;
- adverse media or sanctions links.
Financial crime traps
| Trap | Better reasoning |
|---|---|
| “CDD is complete once the account is opened.” | CDD is supported by ongoing monitoring and refresh where needed. |
| “A wealthy client is automatically low risk.” | Wealth does not remove AML, sanctions, bribery, or tax evasion facilitation risk. |
| “Suspicion must be proven before escalation.” | Suspicion is an escalation trigger; proof is not required at the initial stage. |
| “Sanctions are just an AML subset.” | Sanctions controls have distinct strict restrictions and screening expectations. |
| “Only compliance owns financial crime risk.” | First line staff, senior management, and control functions all have roles. |
Governance, systems and controls, and SMCR
Governance questions test accountability. The regulator expects clear responsibility, adequate resources, competent staff, risk management, and escalation.
SMCR core concepts
| Concept | Meaning |
|---|---|
| Senior Managers | Individuals performing senior management functions with defined responsibilities. |
| Statement of Responsibilities | Document setting out what a Senior Manager is responsible for. |
| Prescribed responsibilities | Specific responsibilities allocated to appropriate Senior Managers where applicable. |
| Duty of responsibility | Senior Managers may be accountable where they fail to take reasonable steps in their area. |
| Certification functions | Roles that can cause significant harm; firms assess and certify fitness and propriety. |
| Conduct Rules | Individual standards applying to relevant staff, including integrity, due skill, care and diligence, openness with regulators, and proper treatment of customers. |
| Fit and proper | Assessment of honesty, integrity, reputation, competence, capability, and financial soundness. |
Governance traps
| Trap | Correct approach |
|---|---|
| “Compliance is responsible for all regulatory failures.” | Business owners and senior managers retain responsibility for controlled areas. |
| “Certification staff are approved by the FCA.” | Firms certify relevant staff as fit and proper; this is distinct from Senior Manager approval. |
| “A responsibility map is enough.” | Responsibilities must match real governance, reporting, and decision-making. |
| “Outsourcing transfers regulatory responsibility.” | Outsourcing changes delivery, not accountability. |
| “No client loss means no governance issue.” | Weak systems and controls can be a breach even without immediate loss. |
Prudential regulation and operational resilience
Prudential and resilience questions focus on whether the firm can remain safe, sound, and orderly under stress.
| Topic | Review point |
|---|---|
| Capital resources | Firms must maintain adequate financial resources for their business and risks. |
| Liquidity | Ability to meet obligations as they fall due. |
| Risk management | Identify, measure, manage, and monitor material risks. |
| Wind-down planning | Ability to cease regulated business in an orderly way if required. |
| Operational resilience | Identify important business services, set tolerances, and manage disruption risks. |
| Outsourcing | Due diligence, oversight, access, audit, exit plans, and regulatory access. |
| Cyber and technology risk | Systems must be secure, recoverable, and appropriately governed. |
Practical distinction
| If the firm’s issue is… | Most likely theme |
|---|---|
| Insufficient capital to support trading activity | Prudential resources |
| Trading platform outage harming clients | Operational resilience and systems |
| Failure of outsourced data processor | Outsourcing oversight |
| Inability to return client assets during insolvency | CASS and wind-down planning |
| Unclear escalation after a breach | Governance and SYSC |
Complaints, redress, and compensation
Complaint handling is about fair treatment, proper investigation, clear responses, and escalation where the complainant remains dissatisfied.
| Area | Key review point |
|---|---|
| Complaint identification | A complaint may be formal or informal if it expresses dissatisfaction about regulated activity. |
| Investigation | Firms must investigate competently, diligently, and impartially. |
| Response | The firm should explain its position clearly and offer redress where appropriate. |
| Escalation | Eligible complainants may have access to the Financial Ombudsman Service. |
| Compensation | The Financial Services Compensation Scheme may apply where an authorised firm cannot meet eligible claims. |
| Root-cause analysis | Repeated complaints may show a systems or conduct issue. |
Complaint traps
- treating a complaint as “not a complaint” because the client did not use the word complaint;
- focusing only on legal liability rather than fair customer outcome;
- failing to identify systemic issues from repeated complaints;
- confusing firm redress, ombudsman review, and compensation scheme claims;
- assuming professional clients can never complain.
Supervision, notifications, and enforcement
Regulators expect openness, cooperation, and timely notification of material issues.
Supervision tools
| Tool | Purpose |
|---|---|
| Authorisation and variation of permission | Controls which regulated activities a firm may perform. |
| Threshold conditions | Minimum conditions for authorisation and continuing permission. |
| Supervisory information requests | Allow regulators to assess risk and compliance. |
| Skilled person reviews | Independent review of specific issues where required. |
| Restrictions or requirements | Limit or condition a firm’s activities. |
| Enforcement investigation | Investigates suspected breaches. |
| Disciplinary outcomes | May include public censure, financial penalty, prohibition, restitution, or other action depending on powers and facts. |
Notification examples
Firms may need to notify regulators about material matters such as:
- significant rule breaches;
- major systems failures;
- financial resource concerns;
- fraud or financial crime issues;
- changes in control or senior management;
- significant client asset issues;
- disciplinary matters involving relevant staff;
- inability to meet regulatory obligations.
Enforcement traps
| Trap | Better reasoning |
|---|---|
| “If the firm fixes the issue, no notification is needed.” | Remediation does not necessarily remove notification duties. |
| “Only deliberate misconduct is enforceable.” | Negligent systems failures can also matter. |
| “The regulator must wait for customer loss.” | Regulatory action can address risk, poor controls, or market integrity threats before loss occurs. |
| “Junior staff misconduct never affects the firm.” | Firms may be responsible for poor supervision, culture, systems, or incentives. |
High-yield comparison tables
Suitability, appropriateness, best execution
| Question asks whether… | Think… |
|---|---|
| The recommendation fits the client’s needs and circumstances | Suitability |
| The client understands the risks of a complex product in a non-advised sale | Appropriateness |
| The order was executed on the best available terms under the policy and circumstances | Best execution |
| The communication fairly presented risks and benefits | Financial promotion / client communication |
| The product should have been offered to that target market | Product governance / Consumer Duty |
Conduct breach vs market abuse vs financial crime
| Fact pattern | Most likely issue |
|---|---|
| Client sold unsuitable structured product | Conduct / suitability |
| Broker trades ahead of client order | Conflict, personal dealing, market conduct |
| Employee trades before unpublished results | Insider dealing |
| Trader places fake orders to move price | Market manipulation |
| Client uses complex offshore structure with unclear source of funds | AML / financial crime |
| Firm fails to segregate client funds | CASS |
| Firm ignores repeated platform outages | Operational resilience / systems and controls |
Disclosure is not enough when…
| Situation | Why disclosure alone is weak |
|---|---|
| Conflict can be prevented by separating duties | Prevention is stronger than disclosure. |
| Client cannot reasonably understand the risk | Disclosure does not create understanding. |
| Product is unsuitable | Risk warning does not make it suitable. |
| Inside information is involved | Disclosure to selected persons may worsen the issue. |
| Client money is mishandled | Disclosure does not cure segregation failures. |
Common candidate mistakes
Skipping the perimeter analysis Always ask: activity, investment, by way of business, exclusion, exemption, permission.
Confusing client categories with product risk A professional client can still be sold an unsuitable product in the wrong context; a retail client can still make an execution-only decision if conditions are met.
Using suitability and appropriateness interchangeably Suitability is about whether the recommendation or discretionary decision is right for the client. Appropriateness is about whether the client understands the risks of a complex product in a non-advised transaction.
Assuming disclosure cures everything Disclosure is important, but conflicts, suitability failures, client asset failures, and market abuse issues often require stronger action.
Treating market abuse as only insider trading Market manipulation and unlawful disclosure are equally important.
Forgetting governance accountability Many questions are not asking “who did the task?” but “who had responsibility for the control environment?”
Ignoring ongoing monitoring AML, suitability, conflicts, CASS, outsourcing, and operational resilience are ongoing, not one-off.
Overlooking the word “attempt” In market abuse and some conduct contexts, an attempted action can still be relevant even if it fails.
Choosing the most client-friendly answer without checking rules Regulation protects clients and markets, but answers must follow the correct regulatory mechanism.
Relying on memory instead of fact classification The exam often rewards methodical classification of the scenario over memorised slogans.
Quick scenario drills
Scenario 1: Research before an offering
An analyst is asked to adjust a research note because the corporate finance team wants to win an issuer mandate.
| Issue | Review answer |
|---|---|
| Main risk | Conflict of interest and research independence. |
| Controls | Information barriers, supervision, conflicts policy, review process, inducement controls. |
| Trap | Treating it as only a disclosure issue. |
Scenario 2: Client chooses a complex derivative
A client asks to buy a complex derivative without receiving advice.
| Issue | Review answer |
|---|---|
| Main risk | Appropriateness, product risk disclosure, client classification. |
| Not necessarily required | Suitability, unless a personal recommendation is made or portfolio management applies. |
| Trap | Assuming execution-only removes all conduct duties. |
Scenario 3: Trading before unpublished results
An employee learns unpublished results are materially better than expected and buys shares.
| Issue | Review answer |
|---|---|
| Main risk | Insider dealing. |
| Information features | Precise, non-public, issuer-related, likely price-sensitive. |
| Trap | Thinking abuse requires profit or seniority. |
Scenario 4: Client money held in firm account
A firm receives client subscription money and temporarily holds it in its own operating account.
| Issue | Review answer |
|---|---|
| Main risk | CASS breach and misuse of client money. |
| Controls | Segregation, records, reconciliations, oversight. |
| Trap | Believing short duration makes it acceptable. |
Scenario 5: Suspicious source of funds
A new client refuses to explain beneficial ownership and requests urgent trading through multiple accounts.
| Issue | Review answer |
|---|---|
| Main risk | AML and possibly sanctions/financial crime. |
| Controls | Enhanced due diligence, escalation, ongoing monitoring, possible suspicious activity reporting. |
| Trap | Accepting business because the client is profitable. |
Final-week review plan
Day 1: Architecture and perimeter
- Review FCA, PRA, Bank of England, HM Treasury, FOS, and FSCS roles.
- Drill authorization perimeter questions.
- Practise identifying regulated activities and specified investments.
Day 2: Conduct of business
- Review client classification, financial promotions, advice, suitability, appropriateness, best execution, and conflicts.
- Complete topic drills focused only on conduct distinctions.
- Read detailed explanations for every missed distinction.
Day 3: Client assets and governance
- Review CASS, reconciliations, segregation, custody, title transfer, and client money.
- Review SYSC, SMCR, outsourcing, operational resilience, and notifications.
- Practise scenario questions involving control failures.
Day 4: Market abuse and financial crime
- Drill inside information, unlawful disclosure, manipulation, suspicious transaction indicators, AML, sanctions, and escalation.
- Make a one-page list of red flags and required firm responses.
Day 5: Mixed mock and remediation
- Sit a mixed mock exam under timed conditions.
- Tag every missed question by topic and error type: knowledge gap, misread facts, wrong distinction, or overthinking.
- Re-drill weak areas using original practice questions and detailed explanations.
How to use a question bank effectively
For CISI CMP UK Reg, passive rereading is not enough. Use a question bank to convert rules into decisions.
| Practice mode | Best use |
|---|---|
| Topic drills | Build accuracy in one area, such as market abuse or suitability. |
| Mixed sets | Practise switching between perimeter, conduct, CASS, AML, and governance. |
| Mock exams | Test timing, stamina, and decision consistency. |
| Detailed explanations | Learn why the correct answer is better and why tempting distractors fail. |
| Error log | Track repeat mistakes and convert them into review prompts. |
What to write in your error log
For each missed question, record:
- topic;
- rule tested;
- fact you missed;
- why the wrong answer was tempting;
- the corrected decision rule;
- whether you need another topic drill.
Example:
| Missed topic | Corrected decision rule |
|---|---|
| Appropriateness | Non-advised complex product sale tests knowledge and experience; it does not prove suitability. |
| Conflicts | Disclosure is not the first control if the conflict can be prevented or managed. |
| Market abuse | Inside information does not need to be acted on profitably to create risk. |
| CASS | Client money must be protected through segregation, records, and reconciliation, not just internal notation. |
Final exam technique reminders
- Read the client category before choosing the conduct rule.
- Identify whether the firm gave advice or only information.
- Separate suitability, appropriateness, and best execution.
- In market abuse questions, test the information: precise, non-public, price-sensitive.
- In AML questions, look for risk indicators and escalation duties.
- In CASS questions, focus on segregation, records, reconciliation, and ownership.
- In governance questions, ask who had responsibility and whether reasonable controls existed.
- Be cautious with answers that say “no issue because the client agreed.”
- Be cautious with answers that rely only on disclosure.
- Prefer the answer that best supports fair treatment, market integrity, clear accountability, and effective controls.
Practical next step
Use this Quick Review to identify your weakest areas, then move into independent companion practice with original practice questions, targeted topic drills, mixed question bank sets, mock exams, and detailed explanations until you can apply each regulatory distinction confidently under exam conditions.