CISI Combating Financial Crime: 32 Questions & Simulator

The CISI Combating Financial Crime paper is the sharpest compliance niche in this UK group. It concentrates on the background and nature of financial crime, money laundering, terrorist financing, bribery and corruption, fraud and market abuse, tax evasion, financial sanctions, financial-crime risk management, and the role of the financial-services sector. If you are searching for Combating Financial Crime sample questions, a practice test, mock exam, or simulator, this is the main Securities Prep page to start on web and continue on iPhone or Android with the same account.

Interactive Practice Center

Start a practice session for CISI Combating Financial Crime below, or open the full app in a new tab. For the best experience, open the full app in a new tab and navigate with swipes/gestures or the mouse wheel—just like on your phone or tablet.

▶ Click to Load Interactive App

Open Full App in a New Tab

A small set of questions is available for free preview. Subscribers can unlock full access by signing in with the same account they use on web and mobile.

Prefer to practice on your phone or tablet? Download the Securities Prep app:

Scan for iOS (United States)

Scan for Android (United States)

• iOS: United States · Canada
• Android: United States · Canada

If you already subscribed on web or mobile, sign in with the same account here to continue on desktop.

What this page gives you

• a direct route into the live Securities Prep simulator for CISI Combating Financial Crime
• 32 sample questions with detailed explanations spread across all current topic areas on the page
• UK-specific practice language around AML, suspicious activity, sanctions, bribery, fraud, tax evasion, and control escalation inside regulated firms
• free-preview access on web before you subscribe
• the same account across web, iPhone, iPad, macOS, and Android

CISI Combating Financial Crime exam snapshot

Topic coverage for CISI Combating Financial Crime

These figures come from the current local CISI source and line up with the real paper’s 50-question format, so they are best read as approximate questions on the real paper, not as percentages.

Best fit by UK role

Real-paper timing target

Best page to open next

What CISI Combating Financial Crime is really testing

• whether you can identify the financial-crime risk and the right control response without over-escalating or missing the core issue
• whether AML, sanctions, bribery, fraud, terrorist financing, and tax-evasion concepts stay distinct under pressure
• whether you can connect detection, monitoring, governance, and firm responsibility in one defensible compliance answer
• whether the financial-services sector role is being applied as a control obligation rather than a background fact

How to use the Financial Crime simulator efficiently

1. Prioritise Money Laundering and Financial Crime Risk Management because they carry the heaviest weight in the paper.
2. Keep sanctions, bribery, fraud, terrorist financing, and tax evasion in one revision loop so the triggers and controls stay distinct.
3. After every miss, decide whether the real failure was detection, escalation, governance, or customer-risk understanding.
4. End with timed mixed blocks so you can switch rapidly across AML, sanctions, and fraud without flattening them into one generic compliance answer.

Free preview vs premium

• Free preview: 32 public sample questions on this page plus the web app entry so you can validate the question style and explanation depth.
• Premium: the full Financial Crime practice bank, focused drills, mixed sets, timed mock exams, detailed explanations, and progress tracking across web and mobile.

Good next pages after Financial Crime

• Risk in Financial Services for broader risk, governance, and ERM coverage
• UK Regulation & Professional Integrity for FCA/PRA, complaints, client-assets, and conduct rules
• CISI family hub if you still need to place this paper inside the wider UK route set
• UK securities roadmap if you want the whole non-official order before choosing a specialism

32 Financial Crime sample questions with detailed explanations

These 32 questions are drawn from the live CISI Combating Financial Crime bank and spread across every current topic area in the exam configuration. Use them to test readiness here, then continue into the full Securities Prep simulator for broader timed coverage and deeper review.

Question 1

Topic: Bribery and Corruption

Which statement best describes the territorial reach of the UK Bribery Act 2010?

• A. It applies only when the bribery takes place physically in the UK.
• B. It applies to overseas bribery only if a UK bank account is used.
• C. It applies only to UK-incorporated companies and not to individuals.
• D. It can apply to overseas bribery where there is a UK connection, and to commercial organisations carrying on business in the UK.

Best answer: D

Explanation: The UK Bribery Act is not confined to bribery that happens physically in the UK. It has broad extraterritorial reach, so certain overseas conduct can be caught where there is a UK connection, and businesses carrying on business in the UK can face liability even for bribery occurring abroad.

The core concept is extraterritorial reach. The UK Bribery Act 2010 can apply beyond the UK in two broad ways: individuals or entities with a sufficient UK connection may be liable for bribery committed overseas, and a relevant commercial organisation that carries on business, or part of a business, in the UK may be liable for failure to prevent bribery by an associated person even if the bribery occurred entirely abroad.

This means the Act is not limited by where the payment was made, the currency used, or whether a UK bank account was involved. In cross-border business, firms should therefore assess bribery risk by reference to UK nexus and business presence, not just physical location. The key trap is assuming the Act is purely domestic.

Question 2

Topic: Tax Evasion

A firm’s tax-evasion policy briefing includes the following extract:

1- The firm could commit an offence if an employee, agent or other associated person criminally facilitates a client's tax evasion.
2- A defence may exist if the firm had reasonable prevention procedures.
3- Business areas must maintain training and controls.

What is the best supported interpretation of the broad purpose of the Criminal Finances Act 2017 corporate offences?

• A. To punish firms whenever any client evades tax
• B. To make firms prevent associated persons facilitating tax evasion
• C. To require senior management approval before liability arises
• D. To prioritise post-event reporting over preventive controls

Best answer: B

Explanation: The extract shows that the offences are aimed at changing firm behaviour before misconduct happens. They make organisations focus on preventing employees, agents and other associated persons from helping others evade tax, supported by reasonable procedures, training and controls.

The core concept is a corporate “failure to prevent” offence. The broad purpose of the Criminal Finances Act 2017 provisions is to make firms responsible for having reasonable procedures to stop associated persons, such as employees or agents, from criminally facilitating tax evasion by others. That shifts the focus onto prevention: governance, risk assessment, training, due diligence and oversight.

It is not an offence simply because a client evades tax. The link is the criminal facilitation by an associated person, together with inadequate prevention procedures. It also does not depend on proving that senior management approved the conduct in each case.

The key takeaway is that the regime is designed to drive preventive controls, not just punish tax evasion after the event.

Question 3

Topic: Terrorist Financing

A UK wealth manager receives a sanctions-screening alert on a corporate client. The client’s 60% beneficial owner is an exact match to a person on the UK sanctions list subject to an asset freeze for terrorist activity. The client then requests an urgent £250,000 transfer to an overseas third-party account. What is the single best response?

• A. Freeze the assets, stop the transfer, and escalate immediately for reporting.
• B. Process the transfer because the company itself is not listed.
• C. Ask for more documents before restricting the account.
• D. Close the account after the payment and report later.

Best answer: A

Explanation: An exact match to a UK-designated terrorist financier, combined with 60% beneficial ownership, creates an immediate sanctions and counter-terrorist-financing issue. The firm should stop the payment, freeze relevant assets, escalate internally, and make the required external reporting rather than wait for more information or allow funds to move.

Asset freezing is a preventive counter-terrorist-financing control. Where a designated person is an exact match and owns 60% of the corporate client, the firm has strong grounds to treat the client’s funds as caught by sanctions through ownership or control. The urgent request to send money to an overseas third-party account increases the need to act immediately, not to investigate first while the transfer proceeds.

• Stop the transaction and prevent dealing with the assets.
• Escalate at once to the firm’s sanctions function and MLRO or nominated officer.
• Submit the required report to OFSI and consider suspicious activity reporting if terrorist-financing suspicion exists.

The key point is that screening alerts support CTF objectives only when firms freeze, escalate, and report without delay once the match and ownership facts are decisive.

Question 4

Topic: Fraud and Market Abuse

An associate at a UK corporate-finance adviser is wall-crossed onto a confidential takeover of a listed company at a 35% premium. Two days before the announcement, he messages his brother, “Buy the target now”, and the brother does so. What is the single best reason this creates insider-dealing risk?

• A. The main issue is that the firm’s staff-dealing approval process was bypassed.
• B. A relative’s trade is a conflicts matter, not market abuse.
• C. He tipped inside information from the deal to a connected party who traded.
• D. Insider-dealing risk arises only when the issuer’s own directors disclose the information.

Best answer: C

Explanation: Insider-dealing risk arises when someone in possession of inside information trades, encourages trading, or discloses it improperly. Here, the associate obtained confidential takeover information through his advisory role and tipped his brother before the market announcement.

The core concept is misuse of inside information. A confidential takeover of a listed company at a 35% premium is precise, non-public information that would be likely to affect the share price once announced. Because the associate learned it through his role on the advisory mandate, he is an insider for market-abuse purposes. By telling his brother to buy before the announcement, he improperly disclosed the information and encouraged trading; the brother’s purchase then creates the insider-dealing risk. Internal staff-dealing controls may also have been breached, but that is secondary. The key issue is tipping and trading while in possession of inside information, and that risk can arise through advisers and connected parties, not only issuer employees or directors.

Question 5

Topic: The Role of the Financial Services Sector

Review the internal alert extract.

1Digital onboarding alert
2- 21:41 Mobile app account opened; e-ID and liveness passed automatically.
3- 21:42 Account status set to Active.
4- 21:46 First inbound payment received.
5- 21:49 Outbound transfer sent to a new payee.
6- 21:50 Sanctions screening status: Pending - batch queue delayed until 06:00.
7- Procedure: Sanctions screening must be completed before any transaction is permitted.

What is the best supported action?

• A. Treat it as routine transaction monitoring, not a sanctions issue.
• B. File an external SAR immediately because screening was delayed.
• C. Restrict further activity and escalate for urgent sanctions review.
• D. Keep the account active until the delayed overnight screen completes.

Best answer: C

Explanation: The exhibit shows a real-time digital onboarding journey overtaking a slower batch sanctions process. Because the firm’s own procedure requires sanctions screening before any transaction, the immediate priority is to contain further activity and escalate the breach for urgent review.

This is a technology-enabled control mismatch. The mobile app opens and activates the account almost instantly, but sanctions screening is still waiting in a delayed batch queue. That means the customer has already received and sent funds before a mandatory pre-transaction control was completed.

• Stop or restrict further transactions.
• Escalate urgently to the firm’s sanctions or financial-crime function.
• Review any activity that occurred while screening was still pending.

Passing e-ID and liveness checks helps verify identity, but it does not replace sanctions screening. The key takeaway is that fast digital channels need controls that operate at the same speed as customer onboarding and payment access.

Question 6

Topic: Financial Crime Risk Management

A firm is considering onboarding a new corporate customer.

Exhibit:

1Internal onboarding note
2- Beneficial owner: overseas PEP
3- Structure: two nominee shareholders before the ultimate owner
4- Activity: frequent cross-border payments expected
5- EDD: source of wealth obtained
6- Policy: higher-risk relationships require escalation to Financial Crime, approval by the designated risk acceptor, and recording of the rationale, conditions, and review date before account opening.

Based on the exhibit, what is the best supported interpretation of why the firm uses a documented risk acceptance and escalation process for cases like this?

• A. It removes the need for ongoing monitoring until the review date.
• B. It provides an audit trail of who accepted the risk, why, and under what controls.
• C. It allows immediate onboarding because EDD has already been completed.
• D. It transfers responsibility for the relationship to the Financial Crime team.

Best answer: B

Explanation: For a higher-risk customer, a documented escalation and risk acceptance process shows that the case was reviewed by the right authority and accepted for clear reasons. It also records any conditions, review triggers, and oversight expectations, which supports consistent control and evidence for audit or regulators.

The core value of a documented risk acceptance and escalation process is governance. In a higher-risk case such as an overseas PEP with nominee layers and expected cross-border activity, the firm should not rely on informal commercial pressure or an undocumented decision. Recording who approved the relationship, the rationale for acceptance, and any conditions or review dates creates accountability, supports consistent decision-making, and gives the firm an evidential trail if the relationship is later challenged.

It also helps the firm to:

• show that the case was escalated appropriately
• apply specific enhanced controls after onboarding
• revisit the decision at the stated review point

This process complements EDD and ongoing monitoring; it does not replace either of them.

Question 7

Topic: Financial Crime Risk Management

In financial-crime risk management, which consequence of non-compliance is the expense of fixing weak controls, carrying out retrospective file reviews and upgrading systems after failures are identified?

• A. Remediation cost
• B. Enforcement action
• C. Reputational damage
• D. Customer harm

Best answer: A

Explanation: Remediation cost is the internal and external expense of putting weaknesses right after a compliance failure. It covers actions such as file reviews, control redesign, system upgrades and assurance work, rather than penalties, direct customer losses or damage to trust.

Remediation cost is a distinct consequence of non-compliance risk: the firm must spend money and management time correcting the failure. In a financial-crime context, this can include retrospective CDD or transaction reviews, rewriting policies, retraining staff, improving screening or monitoring systems, and using external consultants or independent reviewers. These costs may arise before, during or after any regulatory action.

Enforcement action is the response imposed by a regulator or law-enforcement authority, such as a fine, restriction or prosecution. Customer harm refers to negative effects on clients, while reputational damage concerns loss of trust from customers, counterparties and the market. The key distinction is that remediation cost is about fixing the firm’s own control weaknesses.

Question 8

Topic: Fraud and Market Abuse

A consumer lender’s fraud team reviews the following escalation note.

Exhibit:

• 8 loan applications in 5 weeks
• Different names and addresses, but the same device ID appeared on 6 applications
• Employer references used the same telephone number on all 8
• Payslips were altered using an identical template
• 3 applications were approved after the same staff member manually overrode an alert
• All 3 approved accounts missed the first repayment

Which interpretation is best supported?

• A. Separate opportunistic frauds by unrelated applicants
• B. A normal credit-loss pattern without strong fraud indicators
• C. Mainly a sanctions-screening issue requiring list checks
• D. An organised, repeated fraud scheme with possible internal facilitation

Best answer: D

Explanation: This is most consistent with organised or systemically facilitated fraud, not one-off opportunistic dishonesty. The repeated common links across applications, identical falsified documents, and the same staff override point to coordinated activity and a possible internal control weakness.

Opportunistic fraud is usually isolated and driven by a single chance to gain, such as one applicant exaggerating income. Here, the exhibit shows a repeated pattern across multiple applications with shared operational links: the same device ID, the same employer contact number, and the same altered payslip format. That suggests coordinated activity rather than unrelated individuals acting independently.

The same staff member manually overriding alerts on approved cases adds a further warning sign of possible internal facilitation or control failure. First-payment default on the approved accounts strengthens the fraud interpretation, because it is consistent with accounts being opened with no genuine intention to repay. The best reading is therefore an organised, repeated fraud scheme that warrants broader investigation, not isolated case handling.

Different names and addresses do not outweigh the stronger linking indicators.

Question 9

Topic: Fraud and Market Abuse

Which statement best explains the relevance of the Sarbanes-Oxley Act 2002 in a financial-crime context?

• A. It is the main law defining market abuse and insider dealing.
• B. It is a customer due diligence regime for PEPs and beneficial ownership.
• C. It is a complete anti-financial-crime code for AML, sanctions and bribery.
• D. It strengthens governance and reporting controls, helping deter fraud alongside other regimes.

Best answer: D

Explanation: SOX matters in financial crime because it improves the control environment around financial reporting, governance and accountability. That can help deter, detect and evidence fraud, but it does not replace specialist AML/CFT, sanctions or anti-bribery frameworks.

The core idea is that SOX supports fraud prevention and detection through stronger corporate governance, internal controls, executive accountability, audit oversight, record retention and whistleblowing protections. These measures make it harder to conceal misconduct and improve the reliability of financial information, so SOX is relevant to financial-crime risk management.

However, SOX is not a complete anti-financial-crime regime. It does not by itself provide the full rules for customer due diligence, sanctions screening, anti-bribery controls, or the broader market-abuse framework. Its relevance is therefore indirect but important: it strengthens the control framework in which financial-crime risks are identified, escalated and challenged.

Question 10

Topic: Financial Crime Risk Management

A UK wealth manager plans to launch a fully digital onboarding app for non-resident clients in several new jurisdictions. The firm already has AML controls for its face-to-face business. Which action best applies the risk-based approach before launch?

• A. Launch the app first and strengthen controls only if suspicious activity later appears
• B. Apply enhanced due diligence to every app customer so a separate assessment is unnecessary
• C. Perform a documented pre-launch risk assessment and tailor controls to the new channel and markets
• D. Use the existing face-to-face AML procedures unchanged because the products are the same

Best answer: C

Explanation: The best answer is to assess the financial-crime risks created by the new delivery channel and new jurisdictions before launch, then adapt controls to match those risks. A risk-based approach requires firms to consider whether existing CDD, screening, monitoring, escalation and governance remain adequate when the business model changes.

New products, delivery channels and market-entry decisions can alter a firm’s exposure to money laundering, terrorist financing, sanctions, fraud and impersonation risk. A digital onboarding app for non-resident clients changes the customer profile, the way identity is verified, and the jurisdictions involved, so relying on controls designed for face-to-face business may leave gaps. The correct application of the risk-based approach is to carry out a documented assessment before launch and use it to design proportionate controls.

• assess customer, product, channel and geographic risk
• test whether CDD and EDD remain appropriate
• confirm screening, monitoring, escalation and record-keeping are fit for purpose
• obtain appropriate governance sign-off

Using stronger controls everywhere is not a substitute for understanding the actual risk, and waiting until after launch is too late.

Question 11

Topic: The Background and Nature of Financial Crime

A UK wealth platform is adding app-only onboarding with biometric verification and instant funding from overseas bank accounts. Its current anti-financial-crime controls were built for face-to-face onboarding of UK-resident clients investing by domestic bank transfer. Which action best reflects financial-crime best practice?

• A. Refresh the risk assessment and tailor CDD, screening, monitoring, and governance before launch.
• B. Classify all app users as high risk and apply EDD to everyone.
• C. Retain existing controls and adjust only if post-launch alerts reveal problems.
• D. Depend on the onboarding vendor’s checks and keep internal controls unchanged.

Best answer: A

Explanation: The best-practice response is a risk-based review before the new channel goes live. When products, delivery channels, or customer types change, firms should reassess financial-crime risks and update controls proportionately rather than relying on old processes or blanket treatment.

This tests the risk-based approach. App-only onboarding, biometric verification, and overseas funding can introduce different impersonation, money-laundering, sanctions, and fraud risks from those seen in face-to-face domestic onboarding. Best practice is to refresh the firm’s risk assessment and then adjust relevant controls before launch, including CDD design, sanctions screening, transaction monitoring, escalation routes, record keeping, and governance oversight.

A proportionate response typically means:

• reassessing product, channel, customer, and geographic risk
• updating controls where the risk profile has changed
• documenting decisions and approvals through appropriate governance

Waiting for problems is reactive, blanket EDD is not proportionate, and outsourcing does not remove the firm’s accountability. The key point is that controls should evolve as the business model and threat patterns evolve.

Question 12

Topic: Financial Crime Risk Management

A fintech plans rapid expansion into higher-risk jurisdictions. Sales staff are rewarded mainly for the number of new accounts opened, and the MLRO is not involved in approving the expansion. Which action best applies a sound anti-financial-crime principle?

• A. Let front-office managers waive enhanced due diligence where growth targets are tight
• B. Set a board-approved risk appetite and link rewards to compliant onboarding quality
• C. Outsource screening to a vendor and treat accountability as transferred
• D. Keep sales incentives unchanged but increase retrospective transaction monitoring

Best answer: B

Explanation: Rapid growth into higher-risk markets increases exposure, and volume-based incentives can encourage weak challenge or rushed onboarding. The best response is to strengthen governance at board level and align remuneration with control quality, not just sales.

The core principle is that financial-crime controls must be embedded in governance and incentives, especially when a firm is pursuing strategic growth in higher-risk areas. A board-approved risk appetite sets clear boundaries for acceptable business, while linking rewards to compliant onboarding quality reduces the pressure to ignore red flags. Involving the MLRO and similar control functions in expansion decisions helps ensure that growth does not outpace AML, sanctions, and CDD capability.

A firm should not rely on revenue targets alone when entering riskier markets. Good practice is to make accountability visible through governance, escalation rights, management information, and incentive structures that reward proper challenge as well as business generation.

The key takeaway is that strong monitoring helps, but it does not replace accountable governance and well-designed incentives at the point of customer acquisition.

Question 13

Topic: Bribery and Corruption

A firm’s onboarding note includes this country-risk extract:

1External source used in the risk pack:
2- Annual score: 0 to 100
3- Covers 180 jurisdictions
4- Measures perceived public-sector corruption
5- Used as one input to country risk assessment

What is the best supported interpretation of this source?

• A. It is a benchmarking tool, such as the Corruption Perceptions Index, used to inform country risk.
• B. It is a sanctions list requiring rejection of customers from low-scoring jurisdictions.
• C. It is an international finding that proves bribery in the customer’s relationship.
• D. It is a FATF mutual evaluation focused on AML/CFT technical compliance.

Best answer: A

Explanation: The extract points to a benchmarking initiative that compares perceived levels of public-sector corruption across jurisdictions. That type of source helps firms assess country risk, but it does not by itself ban business or prove bribery.

The key concept is the role of international anti-corruption benchmarks. An annual 0 to 100 score covering many jurisdictions and measuring perceived public-sector corruption is consistent with a benchmarking tool such as Transparency International’s Corruption Perceptions Index. Firms may use such sources as one factor in a risk-based assessment of jurisdictional corruption exposure.

That does not make the source a sanctions list, an enforcement decision, or evidence that a particular customer has engaged in bribery. It is a comparative risk indicator at country level. The closest distractor is the FATF option, but FATF mutual evaluations assess AML/CFT frameworks rather than perceived public-sector corruption scores.

Question 14

Topic: Financial Sanctions

A UK investment firm onboards a client as “Mohamed El Sayed” and no sanctions alert is generated. Two days later, a correspondent bank queries a payment because the passport shows “Muhammad al-Sayyid”, and the OFSI list includes a designated person under that spelling plus an Arabic-script alias. The firm’s tool screens only one free-text name field using exact Latin-character matches. Which action would most improve sanctions-screening effectiveness?

• A. Refresh OFSI lists more often but keep exact Latin-character matching.
• B. Review only higher-value payments for alternative spellings.
• C. Rely mainly on passport numbers and dates of birth for screening.
• D. Standardise name data and apply tested transliteration and fuzzy matching rules.

Best answer: D

Explanation: The main weakness is not list freshness but ineffective matching. Where names can appear in different scripts or transliterations, poor data quality and exact-match settings can cause a genuine sanctions hit to be missed.

Effective sanctions screening depends on both good data and suitable matching logic. In this scenario, the customer’s name appears in different Latin spellings derived from Arabic, while the firm’s system checks only one free-text field and requires exact character matches. That creates a false-negative risk, because sanctions lists often include aliases, spelling variants, and non-Latin source names. The best response is to improve data capture and standardisation, retain alias information, and use tested transliteration and calibrated fuzzy matching so likely matches are surfaced for review. More frequent list downloads do not solve a match the engine cannot recognise, and higher-value thresholds are not an appropriate control for sanctions exposure. The key point is that screening can look operational while still being ineffective if names are not captured and matched properly.

Question 15

Topic: Tax Evasion

A firm’s tax-evasion policy says an arrangement is a red flag when the tax benefit depends on concealment, falsified documents, or deliberate omission of material facts. Which client action matches that definition?

• A. Restructuring investments for lower tax after full disclosure and advice
• B. Submitting altered statements to omit offshore interest from the return
• C. Claiming a published relief that clearly applies to the transaction
• D. Using a lawful tax-efficient wrapper and declaring all relevant facts

Best answer: B

Explanation: Tax evasion is marked by dishonest conduct used to mislead the tax authority. Submitting altered statements to leave offshore interest off a return involves falsification and deliberate omission, unlike disclosed use of lawful reliefs or tax-efficient structures.

The core distinction is transparency versus deception. Legitimate tax planning or avoidance may seek a lower tax outcome, but it does so within the rules and without hiding the true facts. When a person conceals income, falsifies records, or deliberately leaves out material information from a return, the behaviour indicates an intent to mislead the tax authority and evade tax.

In the stem, altering statements and omitting offshore interest are classic evasion indicators because the tax result depends on false information and hidden income.

• concealment of taxable income
• falsification of supporting documents
• deliberate omission from reporting

By contrast, using lawful wrappers, claiming available reliefs, or restructuring with full disclosure may reduce tax, but they do not depend on deceit.

Question 16

Topic: The Background and Nature of Financial Crime

What is the main purpose of risk-based anti-financial-crime guidance for a financial-services firm?

• A. To replace legal requirements with the firm’s own judgement
• B. To focus controls mainly on high-value activity
• C. To tailor controls to the level and type of risk
• D. To apply identical controls to every customer and transaction

Best answer: C

Explanation: Risk-based guidance is designed to help firms apply anti-financial-crime controls proportionately. It supports stronger measures where exposure is higher and less intensive measures where lower risk is evidenced, while still meeting legal and regulatory obligations.

The core concept is proportionality. Risk-based guidance, such as that issued by FATF or reflected in industry guidance, helps firms decide how much scrutiny is appropriate based on the risks presented by customers, products, delivery channels, jurisdictions, and transaction behaviour. In practice, this means calibrating CDD, EDD, screening, monitoring, and escalation so that higher-risk situations receive more attention and lower-risk situations are not treated as if they present the same threat.

A risk-based approach does not remove baseline legal duties. It helps firms allocate resources more effectively and avoid both under-controlling higher-risk areas and over-controlling lower-risk ones. The key point is that proportionate controls are driven by assessed risk, not by uniform treatment or transaction size alone.

Question 17

Topic: Bribery and Corruption

Under Ministry of Justice guidance on the UK Bribery Act 2010, which principle is shown when a firm’s board makes clear that bribery is unacceptable and regularly oversees anti-bribery controls and breaches?

• A. Monitoring and review
• B. Due diligence
• C. Communication and training
• D. Top-level commitment

Best answer: D

Explanation: The correct match is top-level commitment. In anti-bribery compliance, this means senior management sets the tone from the top, shows bribery will not be tolerated, and takes active oversight of the control framework.

Under the UK Bribery Act 2010 guidance, top-level commitment is one of the principles supporting adequate procedures for preventing bribery. It is about directors or equivalent senior management fostering a culture in which bribery is never acceptable and showing that commitment through visible leadership and oversight. In practice, that includes approving anti-bribery standards, receiving management information, challenging weaknesses, and ensuring breaches are escalated and addressed.

This is different from operational controls carried out lower down the organisation. Due diligence focuses on checking third parties and relationships. Communication and training focus on making staff and intermediaries understand the rules. Monitoring and review focus on testing whether controls remain effective. The key point is that anti-bribery culture must be led from the top, not left to compliance alone.

Question 18

Topic: Terrorist Financing

A UK payments firm is updating its enterprise financial-crime risk assessment. One team suggests reviewing counter-terrorist financing (CFT) separately under sanctions because recent alerts involve low-value transfers to a conflict-affected region. The MLRO notes the same customers, channels and geographies also drive AML and fraud risk, and transaction monitoring is centrally governed. What is the single best reason to integrate CFT into the wider assessment?

• A. Because CFT shares risk drivers and controls with AML, sanctions and fraud across customers, channels and geographies.
• B. Because low-value transfers are usually too small to be material in enterprise financial-crime risk.
• C. Because sanctions screening is normally sufficient to identify terrorist-financing risk on its own.
• D. Because MLRO escalation of suspicious activity removes the need for enterprise-level CFT assessment.

Best answer: A

Explanation: CFT should be assessed within the wider enterprise financial-crime framework because terrorist-financing exposure often overlaps with AML, sanctions and fraud through the same customers, geographies, products and controls. Treating CFT as a separate silo can miss linked patterns and weaken governance.

The core concept is enterprise-wide financial-crime risk management. Under a risk-based approach, firms should assess terrorist-financing risk alongside other financial-crime risks where the same customers, delivery channels, geographies and control environment create overlapping exposure. In this scenario, low-value transfers to a conflict-affected region do not make CFT a narrow sanctions issue; terrorist financing can involve small or routine-looking payments and may be detected through the same CDD, screening, monitoring and escalation processes used for AML and fraud.

• Integration helps identify shared risk drivers.
• It aligns ownership, control design and monitoring.
• It reduces gaps between teams and avoids duplicated or inconsistent assessments.

A standalone sanctions-led review would be too narrow for the facts given.

Question 19

Topic: Money Laundering

International AML standards emphasise beneficial-ownership transparency so firms and authorities can see through legal entities used to conceal criminal proceeds. Which control best matches that expectation?

• A. Reviewing transactions for unusual patterns against expected activity
• B. Identifying the natural persons who ultimately own or control the entity and understanding its ownership structure
• C. Obtaining source-of-wealth evidence for higher-risk relationships
• D. Screening customers and counterparties against financial sanctions lists

Best answer: B

Explanation: Beneficial-ownership transparency is about establishing who really owns or controls a legal-entity customer. International AML expectations use this to stop criminals hiding behind layered companies, nominees, or other opaque structures, and to support effective CDD and access by competent authorities.

The core concept is that firms should not rely only on the name of a company or other legal vehicle. Beneficial-ownership transparency requires firms to look through the structure, identify the natural persons who ultimately own or control the customer, understand how control is exercised, and keep that information in a form that can support oversight and investigations.

This matters because opaque ownership structures can be used to disguise the true parties behind money laundering. In control design, it therefore sits within customer due diligence for legal-entity customers rather than within screening or monitoring tools.

The key distinction is that transparency of ownership addresses who is really behind the customer, while the other controls address different risks or stages of review.

Question 20

Topic: The Background and Nature of Financial Crime

A bank is notified that law enforcement has obtained a restraint order over a customer’s £420,000 balance linked to suspected investment fraud. A relationship manager argues that the freeze is unnecessary until the criminal trial ends because victims can pursue their own claims later. Which response best applies the purpose of asset recovery?

• A. It replaces the need for prosecution by imposing an immediate financial punishment on the suspect.
• B. It is mainly intended to turn suspicious balances into a regulatory penalty for the bank.
• C. It preserves assets so the suspect cannot enjoy or dissipate the benefit of crime before confiscation or recovery.
• D. It is designed primarily to pay victims straight away, regardless of the court process.

Best answer: C

Explanation: Asset recovery is about stripping criminals of the benefit of crime, not letting them keep, move, or spend illicit gains. In this scenario, restraining the funds supports that purpose by preserving the assets pending later confiscation or recovery action.

The core concept is that asset recovery deprives criminals of the proceeds or benefit of offending. A restraint order is consistent with that purpose because it helps stop assets from being hidden, transferred, or spent before a court can decide whether confiscation or another recovery measure should follow.

In practice, this supports anti-financial-crime goals by:

• removing the financial incentive for offending
• disrupting further criminal activity funded by illicit proceeds
• preserving value so recovery action remains meaningful

The closest misconception is treating asset recovery as the same as punishment or automatic victim compensation; those may be related outcomes in some cases, but the primary purpose is to deny criminals the benefit of crime.

Question 21

Topic: Bribery and Corruption

Review the internal escalation note.

1Internal escalation note
2- Firm: UK subsidiary of a NYSE-listed financial group
3- Request 1: USD 100 cash to a customs clerk in Country X to release marketing equipment today
4- Request 2: "Success fee" to the procurement manager of a privately owned broker to secure a distribution contract
5- Query: Which law is broader on these facts?

Which interpretation is best supported?

• A. Both laws would normally allow the customs-clerk payment, because it merely speeds up routine action.
• B. The UK Bribery Act is broader here: it can cover both requests, while the FCPA anti-bribery regime focuses on foreign officials and has only a narrow facilitation exception.
• C. Both laws treat only the customs-clerk payment as a bribery risk, because the broker is privately owned.
• D. The FCPA is broader here, because it covers private commercial bribery but the UK Bribery Act does not.

Best answer: B

Explanation: The note contains two different bribery risks: a payment to a customs clerk and a payment to a private-sector procurement manager. The UK Bribery Act can apply to both public and private bribery and does not carve out facilitation payments, whereas the FCPA anti-bribery provisions centre on foreign officials and are associated with only a narrow facilitation-payment exception.

The key distinction is scope. The UK Bribery Act is broader because it can cover bribery involving both public officials and private persons, so both the cash for the customs clerk and the success fee for the broker’s procurement manager are potential bribery issues. By contrast, the FCPA anti-bribery provisions are aimed at bribery of foreign officials rather than ordinary private commercial bribery. The FCPA is also the regime known for a limited facilitation-payment exception for routine governmental action, but that does not make every small customs payment automatically acceptable. On these facts, the best interpretation is that the UK Act captures more of the conduct described, while the FCPA treats the two requests differently.

Question 22

Topic: The Role of the Financial Services Sector

A firm’s onboarding control verifies a customer’s legal name, aliases, beneficial owners, expected account activity, and key jurisdictions. Which function does this CDD information most directly support later in the relationship?

• A. Ongoing monitoring, suspicious activity reporting, and sanctions screening
• B. Delegation of financial-crime accountability to the MLRO
• C. Automatic removal of enhanced due diligence requirements
• D. Substitution for periodic refreshes of customer information

Best answer: A

Explanation: Accurate CDD gives later controls dependable customer data to work with. Verified identity, ownership, expected activity, and jurisdiction details help firms monitor transactions properly, assess and report suspicious activity, and carry out effective sanctions screening.

CDD is not just an onboarding formality. It establishes the core facts that later financial-crime controls depend on: who the customer is, who owns or controls them, what activity is expected, and which jurisdictions create exposure. If those details are incomplete or inaccurate, transaction monitoring may produce weak alerts, investigators may lack context to judge suspicious activity, and sanctions screening may miss or mishandle matches involving names, aliases, owners, or countries.

• Verified names and aliases improve screening quality.
• Beneficial-owner data supports screening beyond the immediate account holder.
• Expected activity helps identify unusual behaviour.
• Jurisdiction data supports risk assessment and escalation.

Good CDD strengthens later monitoring and reporting; it does not remove other control obligations.

Question 23

Topic: Financial Sanctions

A bank discovers that a sanctions-screening alert was wrongly overridden and a £15,000 payment was processed to a customer later confirmed as a designated person. The Head of Operations says the amount is small and there was no obvious criminal intent, so the issue should be fixed quietly. Which response best applies sound sanctions-control principles?

• A. Delay escalation until customer impact is known, because reputational risk arises only if clients complain.
• B. Treat it mainly as a criminal matter, because regulators usually become involved only after prosecution.
• C. Correct the filter internally, because only deliberate sanctions breaches create significant consequences for the firm.
• D. Escalate at once, keep full records and assess notifications, because breaches may trigger civil, criminal, regulatory and reputational consequences.

Best answer: D

Explanation: A suspected sanctions breach should be escalated immediately and fully documented. A small payment and no obvious intent do not remove possible civil penalties, criminal consequences depending on the facts, regulatory scrutiny for weak controls, or reputational damage.

The core principle is prompt escalation and documented handling of suspected sanctions breaches. In this scenario, the firm has identified both a likely breach and a control failure: an alert was overridden and a payment reached a designated person. That can expose the firm to civil penalties, possible criminal consequences depending on the facts, regulatory criticism or enforcement for inadequate systems and controls, and reputational harm.

Appropriate action is to escalate immediately, preserve the audit trail, investigate what happened, and consider any relevant internal or external notifications. The payment amount and the absence of obvious intent may affect how the matter is assessed, but they do not justify handling it quietly or treating it as low risk.

The key takeaway is that sanctions incidents must be managed as potential multi-dimensional exposures, not just as minor operational errors.

Question 24

Topic: Money Laundering

A UK bank and its EU subsidiary are reviewing a company with layered offshore ownership and incoming transfers from a high-risk jurisdiction. Their local AML laws use different wording and reporting channels, but both require beneficial ownership checks, risk-based EDD, and suspicious-activity escalation. What is the best explanation for this similarity?

• A. A group AML policy overrides local law in cross-border cases.
• B. International AML rules must be copied word for word in every country.
• C. Domestic AML regimes often reflect shared international standards implemented through local law.
• D. Similar controls exist mainly because sanctions rules are identical worldwide.

Best answer: C

Explanation: The similarity comes from common international AML standards influencing domestic frameworks. Countries implement those standards through their own laws, supervisors, and reporting systems, so the legal wording can differ while the core controls remain broadly aligned.

The core concept is international standard-setting influencing national AML systems. FATF recommendations, international conventions, and, in some regions, AML directives create common expectations around customer due diligence, beneficial ownership, enhanced due diligence, monitoring, and suspicious-activity reporting. In the scenario, the UK bank and its EU subsidiary face the same risks from opaque ownership and high-risk transfers, so both domestic regimes require similar core controls.

Those similarities do not mean there is one identical global AML law. Each jurisdiction implements the standards through its own legislation, regulator, criminal framework, and reporting channel. That is why the obligations look alike in substance but not necessarily in wording or process.

The key takeaway is convergence of AML outcomes, not identical legal drafting.

Question 25

Topic: Financial Sanctions

Which statement best describes targeted financial sanctions?

• A. Set capital and liquidity standards for authorised firms
• B. Freeze assets of designated persons and restrict funds or economic resources
• C. Ban insider dealing and market manipulation
• D. Require reporting of suspected handling of criminal property

Best answer: B

Explanation: Targeted financial sanctions are restrictive measures aimed at specific listed persons, entities, or sometimes sectors. Their core effect is to freeze assets and prevent funds or economic resources being made available, rather than to regulate prudential soundness or wider conduct offences.

The core concept is that targeted financial sanctions are focused legal restrictions aimed at designated persons or entities. In practice, firms must identify sanctioned targets, freeze relevant assets, and ensure they do not make funds or economic resources available directly or indirectly. That is different from AML reporting duties, which concern suspicion of criminal property or money laundering; prudential rules, which deal with firm safety and resilience; and conduct rules, which address behaviour such as insider dealing or market manipulation.

Sanctions are therefore preventive and restrictive in nature, not simply a general criminal, prudential, or market-conduct control. The closest confusion is often AML reporting, but suspicious activity obligations and sanctions obligations are separate regimes.

Question 26

Topic: Money Laundering

A UK investment firm is reviewing an application from a trading company in Country A. Country A appears in a recent FATF increased-monitoring statement, and the firm’s supervisor has reminded firms to reassess exposure to that jurisdiction. No sanctions prohibit dealing with Country A. The company has disclosed its beneficial owners, audited accounts and a straightforward trading purpose. Which action best applies the risk-based approach?

• A. Use the country signals in the risk assessment and apply proportionate EDD.
• B. Submit a SAR immediately because the country exposure is suspicious.
• C. Apply standard CDD because no sanctions prohibit the relationship.
• D. Decline the client automatically because the FATF listing is decisive.

Best answer: A

Explanation: Country advisories, FATF-style lists and supervisory statements are inputs into a firm’s geographic risk assessment. They should prompt closer scrutiny and documented reasoning, not automatic refusal or automatic suspicion where no legal prohibition applies.

The key principle is the risk-based approach. External sources such as FATF statements, country advisories and supervisory communications help firms assess geographic exposure, calibrate customer due diligence and decide what level of monitoring or escalation is needed. In this scenario, the country factor raises risk, but it must be weighed with the disclosed beneficial ownership, audited accounts and straightforward business purpose. The appropriate response is to document how the country information affects the assessment and apply proportionate enhanced due diligence or monitoring before deciding whether the relationship fits the firm’s risk appetite. Automatic refusal would confuse a risk indicator with a prohibition, and a SAR requires actual suspicion, not just geographic exposure. The closest trap is treating the absence of sanctions as enough for standard CDD, which ignores the separate AML risk signal.

Question 27

Topic: Terrorist Financing

A transaction-monitoring analyst reviews this internal note. Based on the exhibit, what is the best supported action?

1Suspicious-activity summary
2- New personal account opened 6 weeks ago
3- 8 inbound Faster Payments of £40-£90 from unrelated senders, refs 'donation' or 'support'
4- Outbound spend in 12 days: £310 flight booking, £96 coach tickets, £60 mobile top-ups, £145 outdoor equipment
5- £220 sent to an e-money wallet in a country bordering an active conflict area
6- No direct sanctions match

• A. Treat it as legitimate fundraising because the references mention donations
• B. Keep it under routine monitoring because the payments are low value
• C. Freeze the account immediately because the cross-border transfer is prohibited
• D. Escalate promptly as potential terrorist financing despite the small amounts

Best answer: D

Explanation: The activity combines multiple small incoming payments with spending that could support travel, communications, equipment and cross-border facilitation. In terrorist financing, relatively modest amounts can still enable high-harm activity, so the pattern should be escalated promptly rather than dismissed as low value.

The core concept is that terrorist financing risk depends more on purpose and potential harm than on transaction size alone. The exhibit shows small amounts collected from unrelated people, followed by spending on transport, mobile top-ups, equipment and a transfer to an e-money wallet near an active conflict area. Those are the kinds of modest logistical costs that can support travel, communication, facilitation or operational preparation.

No direct sanctions match means there is not enough information to assume an automatic asset freeze or a confirmed sanctions breach. Equally, the low values do not make the activity low risk. The most appropriate response is to escalate the pattern through the firm’s suspicious-activity process, typically to the MLRO or nominated officer, for assessment.

The key takeaway is that even small payments can have severe terrorist-financing implications.

Question 28

Topic: The Role of the Financial Services Sector

A payments analyst notices that a business customer with low expected activity has received several round-sum credits from unrelated parties and sent most of the funds overseas on the same day. The analyst cannot prove criminal conduct. What action best applies the purpose of suspicious-activity reporting and internal escalation?

• A. Ask the customer to explain the transfers before escalating.
• B. Wait for stronger evidence before making any internal report.
• C. Escalate promptly to the MLRO, documenting suspicion and not alerting the customer.
• D. Close the account immediately instead of using the reporting process.

Best answer: C

Explanation: Suspicious-activity reporting exists to move concerns quickly to the firm’s reporting function when there is suspicion, not certainty. Prompt internal escalation with clear records allows the MLRO to assess the facts, consider external reporting, and helps avoid tipping off the customer.

The core principle is prompt internal escalation on suspicion. Here, the activity is inconsistent with the customer profile and shows features that could indicate layering or mule-style movement of funds, so the analyst should raise an internal report to the MLRO or nominated officer without waiting for proof. The purpose of that escalation is to ensure concerns are assessed centrally, consistently, and confidentially within the firm.

Good practice is to:

• record the relevant facts and transaction pattern
• explain why the activity appears suspicious
• escalate promptly through the internal reporting route
• avoid saying anything to the customer that could amount to tipping off

Waiting until the analyst can prove criminality sets the bar too high, while bypassing the reporting process weakens the firm’s control framework. The key takeaway is that suspicion should be escalated and documented promptly.

Question 29

Topic: Financial Crime Risk Management

An MLRO is reviewing quarterly management information before updating the firm’s financial-crime risk assessment.

1Q2 MI extract
2- Customer risk ratings: Low 91%, Medium 8%, High 1%
3- Scope: UK retail customers only
4- Excluded: 12,400 active legacy corporate accounts awaiting remediation
5- Customer sector field missing on 27% of included records
6- Screening alerts closed: 380
7- Closure reasons: not recorded

What is the best supported interpretation of this MI?

• A. It supports lighter oversight of legacy corporate accounts.
• B. It is sufficient because most rated customers are low risk.
• C. It may materially understate risk because coverage and data quality are incomplete.
• D. It shows screening is effective because alerts were closed.

Best answer: C

Explanation: This MI does not provide a reliable firm-wide view because it excludes a material customer population and contains important data gaps. When coverage is incomplete and key fields are missing, headline risk ratings can understate actual financial-crime exposure.

Financial-crime risk assessment depends on management information being complete, reliable, and sufficiently granular. Here, the extract excludes 12,400 active legacy corporate accounts, so the reported customer risk-rating mix is not firm-wide. It also has a missing sector field on 27% of included records, which weakens the firm’s ability to assess exposure by customer type. In addition, screening alerts are shown only as closed totals, with no closure reasons, so management cannot tell whether the volume reflects false positives, true matches, or inconsistent decision-making.

The low proportion of recorded high-risk customers therefore cannot safely be used to conclude that overall financial-crime risk is low. The key issue is weak coverage and weak data quality, not the headline percentages.

Question 30

Topic: Tax Evasion

A UK private bank starts taking referrals from offshore corporate-service providers for clients wanting complex holding structures. It uses only its standard AML onboarding, has given no tax-evasion facilitation training to relationship managers, and does not review higher-risk introducers after approval. Under the Criminal Finances Act 2017, what is the single best next step?

• A. Rely on the existing AML framework, because it already covers financial crime generally.
• B. Conduct a tax-evasion facilitation risk assessment and add proportionate due diligence, training, and ongoing review.
• C. Keep current controls but require MLRO sign-off for offshore referrals.
• D. Obtain annual client declarations confirming their tax affairs are compliant.

Best answer: B

Explanation: The best response is to build specific, risk-based tax-evasion prevention procedures rather than rely on generic AML controls or customer assurances. Under the Criminal Finances Act 2017, firms need proportionate controls based on their own exposure, including due diligence, communication and training, and monitoring.

The Criminal Finances Act 2017 creates corporate offences for failing to prevent the criminal facilitation of tax evasion by associated persons. A firm’s defence depends on having reasonable prevention procedures, which are built around risk assessment, proportionality, due diligence, communication and training, and monitoring and review. In this scenario, offshore referrals, complex structures, no specific training, and no review of higher-risk introducers show clear control gaps. The strongest response is therefore a documented facilitation-risk assessment followed by tailored controls for staff and third parties.

Generic AML onboarding, client declarations, or a single approval step may help, but they do not amount to a complete prevention framework focused on tax-evasion facilitation. The key takeaway is that these principles remain central because prevention must be targeted, proportionate, and ongoing.

Question 31

Topic: The Role of the Financial Services Sector

Which statement best reflects effective governance for customer onboarding, screening, monitoring and suspicious-activity escalation?

• A. The MLRO oversees the framework, and operational ownership is clearly allocated with escalation routes.
• B. The MLRO should personally make all onboarding, screening, monitoring and reporting decisions.
• C. Compliance alone owns financial-crime controls because it is independent of the business.
• D. Annual financial-crime training can substitute for formally assigned responsibilities.

Best answer: A

Explanation: Effective financial-crime governance requires clear ownership of day-to-day controls and clear escalation routes. The MLRO has a central oversight and reporting role, but unclear or over-centralised ownership can leave tasks delayed, duplicated or missed.

The core concept is accountability. Firms need defined ownership for operational controls such as onboarding, screening and monitoring, with clear escalation into the MLRO or nominated officer where concerns arise. This helps ensure alerts are reviewed, decisions are taken, and suspicious activity is escalated appropriately.

In practice:

• the first line often operates key controls
• compliance provides challenge and oversight
• the MLRO oversees the framework and reporting arrangements
• senior management must ensure responsibilities are documented and effective

If everyone assumes someone else owns a task, a control gap appears. Making the MLRO or compliance the sole owner of everything is not the same as having clear firm-wide accountability.

Question 32

Topic: Money Laundering

Why does FATF assess jurisdictions for both technical compliance and practical effectiveness in its mutual evaluations?

• A. To measure only the number of suspicious activity reports filed
• B. To ensure every jurisdiction uses identical laws and supervision
• C. To rank jurisdictions by the size of their financial sectors
• D. To see whether AML/CFT measures exist and whether they work in practice

Best answer: D

Explanation: FATF does not look only at whether rules are written into law. It also considers whether those rules are actually producing effective AML/CFT outcomes, such as better detection, supervision, disruption, and prevention of financial crime.

The core concept is that a country can have strong laws on paper but still perform poorly in practice. FATF therefore evaluates both technical compliance with its Recommendations and effectiveness, meaning whether the country’s system delivers the intended AML/CFT results. This gives a more accurate picture of how well a jurisdiction identifies risk, applies controls, supervises firms, investigates suspicious activity, and disrupts money laundering and terrorist financing.

A technical assessment asks whether the required laws, regulations, powers, and institutions exist. An effectiveness assessment asks whether they are being used well enough to achieve meaningful outcomes. A jurisdiction with perfect legal wording but weak implementation would not be judged strongly overall.

Trademark note: Mastery Exam Prep and Tokenizer Inc. are independent exam-prep providers and are not affiliated with, endorsed by, or sponsored by the Chartered Institute for Securities & Investment (CISI), the FCA, the PRA, HMRC, or any regulator.