CISI Combating Financial Crime Practice Test
Prepare for CISI Combating Financial Crime with free sample questions, a 50-question full-length mock exam, topic drills, timed practice, AML, terrorist-financing, sanctions, bribery, fraud, tax-evasion, market-abuse, and control-escalation scenarios, and detailed explanations in Securities Prep.
The CISI Combating Financial Crime paper is the sharpest compliance niche in this UK group. It concentrates on the background and nature of financial crime, money laundering, terrorist financing, bribery and corruption, fraud and market abuse, tax evasion, financial sanctions, financial-crime risk management, and the role of the financial-services sector. If you are searching for Combating Financial Crime sample questions, a practice test, mock exam, or simulator, this is the main Securities Prep page to start on web and continue on iPhone or Android with the same Securities Prep account.
Start a practice session for CISI Combating Financial Crime below, or open the full app in a new tab. For the best experience, open the full app in a new tab and navigate with swipes/gestures or the mouse wheel—just like on your phone or tablet.
Open Full App in a New TabA small set of questions is available for free preview. Subscribers can unlock full access by signing in with the same app-family account they use on web and mobile.
Prefer to practice on your phone or tablet? Download the Securities Prep app:
- iOS: United States · Canada
- Android: United States · Canada
If you already subscribed on web or mobile, sign in with the same Securities Prep account here to continue on desktop.
Free diagnostic: Try the 50-question CISI Combating Financial Crime full-length practice exam before subscribing. Use it as one financial-crime baseline, then return to Securities Prep for timed mocks, topic drills, explanations, and the full Combating Financial Crime question bank.
What this page gives you
- a direct route into Securities Prep practice for CISI Combating Financial Crime
- 24 sample questions with detailed explanations spread across all current topic areas on the page
- UK-specific practice language around AML, suspicious activity, sanctions, bribery, fraud, tax evasion, and control escalation inside regulated firms
- free-preview access on web before you subscribe
- the same Securities Prep account across web, iPhone, iPad, macOS, and Android
CISI Combating Financial Crime exam snapshot
| Item | Current summary |
|---|---|
| Body | Chartered Institute for Securities & Investment (CISI) |
| Market | United Kingdom |
| Official exam name | CISI Combating Financial Crime |
| Format | 50 multiple-choice questions in 60 minutes |
| Live bank size | 1,000 questions in Securities Prep |
| Practice page sample | 24 public sample questions plus the live Securities Prep practice entry |
| Question style | Short AML, sanctions, fraud, bribery, market-abuse, and escalation scenarios |
| UK study context | UK compliance language around AML, sanctions, fraud, bribery, and suspicious-activity controls; regulated-firm responsibilities rather than general criminal-law theory; client, transaction, governance, and escalation scenarios that look like real financial-services control work |
Topic coverage for CISI Combating Financial Crime
These figures are aligned to the current CISI topic blueprint and the real paper’s 50-question format, so they are best read as approximate questions on the real paper, not as percentages.
| Topic | Approximate questions on real paper |
|---|---|
| The Background and Nature of Financial Crime | 5 |
| Money Laundering | 8 |
| Terrorist Financing | 4 |
| Bribery and Corruption | 6 |
| Fraud and Market Abuse | 4 |
| Tax Evasion | 4 |
| Financial Sanctions | 4 |
| Financial Crime Risk Management | 8 |
| The Role of the Financial Services Sector | 7 |
Best fit by UK role
| Best fit | Open this page first? | Why |
|---|---|---|
| AML, KYC, sanctions, fraud, or compliance-operations candidate | Yes | It is the tightest financial-crime paper in the UK route. |
| Candidate who already has UK RPI and wants a narrower specialist follow-on | Yes | It goes deeper into crime controls than the broader regulation paper. |
| Candidate deciding between broad risk and crime specialisation | Yes | It makes the distinction between enterprise-risk breadth and crime-control depth obvious. |
Real-paper timing target
| Item | Target |
|---|---|
| Real paper | 50 questions in 60 minutes |
| Average pace | About 72 seconds per question |
| Practice checkpoint | 10 questions in 12 minutes or 25 questions in 30 minutes |
| Coaching note | Strong candidates keep AML, sanctions, bribery, fraud, and tax-evasion triggers separate instead of flattening them into one generic compliance answer. |
CISI Financial Crime decision filters
- Crime type first: separate money laundering, terrorist financing, sanctions, bribery, corruption, fraud, market abuse, and tax evasion.
- Trigger vs control: decide whether the fact pattern calls for due diligence, monitoring, reporting, freezing, escalation, refusal, or record-keeping.
- Firm responsibility: identify who must act, when suspicion is enough, and what should be documented or escalated.
- Do not overgeneralise: avoid choosing a generic compliance answer when the scenario contains a sanctions, bribery, fraud, or AML-specific trigger.
When Financial Crime practice is enough
If several unseen mixed attempts are above roughly 75% and you can explain the crime type, trigger, control, and escalation path behind each answer, you are likely ready. More practice should improve financial-crime judgment, not collapse all controls into generic AML memory.
Best page to open next
| If you need to… | Best page | Why |
|---|---|---|
| Broaden out into enterprise and market risk | Risk in Financial Services | Best next page when you want cross-firm risk breadth beyond financial-crime controls alone. |
| Add the UK conduct and regulatory core | UK Regulation & Professional Integrity | Best next page when you want the FCA/PRA, client-assets, complaints, and authorisation framework beside the crime-prevention lens. |
| See the whole UK route map first | United Kingdom Roadmap | Best route when you want to place this paper inside the wider UK CISI sequence. |
| Compare it against the other CISI pages | CISI | Best route when you are still choosing between advice, regulation, risk, and foundation lanes. |
What CISI Combating Financial Crime is really testing
- whether you can identify the financial-crime risk and the right control response without over-escalating or missing the core issue
- whether AML, sanctions, bribery, fraud, terrorist financing, and tax-evasion concepts stay distinct under pressure
- whether you can connect detection, monitoring, governance, and firm responsibility in one defensible compliance answer
- whether the financial-services sector role is being applied as a control obligation rather than a background fact
How Financial Crime differs from similar routes
| If you are choosing between… | Main distinction |
|---|---|
| Financial Crime vs Risk in Financial Services | Financial Crime is the AML, sanctions, bribery, fraud, and tax-evasion specialism; Risk in Financial Services is broader enterprise-risk coverage. |
| Financial Crime vs UK RPI | Financial Crime is the crime-control specialism; UK RPI is the broader conduct, complaints, client-assets, and regulatory core. |
| Financial Crime vs Investment, Risk and Taxation | Financial Crime is compliance-control work; Investment, Risk and Taxation is retail-advice, product, and suitability work. |
| Financial Crime vs Intro to Investment | Financial Crime is a specialist follow-on paper; Intro to Investment is the broad UK-first entry paper. |
How to use the Financial Crime simulator efficiently
- Prioritise Money Laundering and Financial Crime Risk Management because they carry the heaviest weight in the paper.
- Keep sanctions, bribery, fraud, terrorist financing, and tax evasion in one revision loop so the triggers and controls stay distinct.
- After every miss, decide whether the real failure was detection, escalation, governance, or customer-risk understanding.
- End with timed mixed blocks so you can switch rapidly across AML, sanctions, and fraud without flattening them into one generic compliance answer.
Free preview vs premium
- Free preview: 24 public sample questions on this page plus the web app entry so you can validate the question style and explanation depth.
- Premium: the full Financial Crime practice bank, focused drills, mixed sets, timed mock exams, detailed explanations, and progress tracking across web and mobile.
Focused sample questions
Use these child pages when you want focused Securities Prep practice before returning to mixed sets and timed mocks.
- Free CISI CFC Full-Length Practice Exam
- CISI CFC: The Background and Nature of Financial Crime
- CISI CFC: Money Laundering
- CISI CFC: Terrorist Financing
- CISI CFC: Bribery and Corruption
- CISI CFC: Fraud and Market Abuse
- CISI CFC: Tax Evasion
- CISI CFC: Financial Sanctions
- CISI CFC: Financial Crime Risk Management
- CISI CFC: The Role of the Financial Services Sector
Free review resources
Use these free SecuritiesMastery.com resources for concept review, then return to this page when you are ready to practice in Securities Prep.
Free samples and full practice
- Live now: this practice route is available in Securities Prep on web, iOS, and Android.
- On-page sample set: this page includes 24 public sample questions for this route.
- Full practice: open the Securities Prep web app or mobile app for mixed sets, topic drills, and timed mocks.
Good next pages after Financial Crime
- Risk in Financial Services for broader risk, governance, and ERM coverage
- UK Regulation & Professional Integrity for FCA/PRA, complaints, client-assets, and conduct rules
- CISI family hub if you still need to place this paper inside the wider UK route set
- UK securities roadmap if you want the whole non-official order before choosing a specialism
24 Financial Crime sample questions with detailed explanations
These are original Securities Prep practice questions aligned to the live CISI Combating Financial Crime route and the main blueprint areas shown above. Use them to test readiness here, then continue in Securities Prep with mixed sets, topic drills, and timed mocks.
Question 1
Topic: The Role of the Financial Services Sector
Which responsibility is most directly associated with a firm’s MLRO or nominated officer in relation to suspicious activity?
- A. Receiving internal reports and deciding whether to submit a SAR
- B. Personally conducting all customer due diligence checks
- C. Approving the board’s financial-crime policy framework
- D. Setting the firm’s overall financial-crime risk appetite
Best answer: A
Explanation: The MLRO or nominated officer has a specific escalation and reporting role. Their core responsibility is to receive internal suspicious activity disclosures, assess them, and decide whether a suspicious activity report should be made to the relevant authority. The key concept is role separation within financial-crime governance. Directors and senior management are responsible for oversight, culture, risk appetite, and ensuring effective systems and controls. By contrast, the MLRO or nominated officer has a defined operational responsibility for handling internal suspicion reports and determining whether external reporting is required.
In practice, this role typically includes:
- receiving internal disclosures of suspicion
- evaluating whether the information gives grounds for suspicion
- deciding on onward reporting through the proper channel
- supporting the firm’s reporting and escalation framework
The MLRO does not replace the board, own the firm’s entire risk appetite, or personally perform every control activity. The role is central to suspicious activity escalation, not total ownership of all financial-crime controls.
Question 2
Topic: The Background and Nature of Financial Crime
Organised crime groups may misuse lawyers, accountants, or trust and company service providers to create layered companies, nominee arrangements, and trusts that obscure who really owns or controls assets. Which common exploitation of the financial system does this describe?
- A. Financial sanctions screening and asset freezing
- B. Enhanced due diligence on a high-risk customer
- C. Misuse of corporate vehicles to hide beneficial ownership
- D. Internal suspicious activity escalation to the MLRO
Best answer: C
Explanation: This describes concealment of beneficial ownership through corporate vehicles and professional intermediaries. Organised crime groups use layered structures and nominee arrangements to distance themselves from assets and transactions and make detection harder. The core concept is the misuse of corporate vehicles and professional facilitators to conceal beneficial ownership. Layered companies, nominees, and trusts can make it difficult to identify who really owns or controls assets, which helps criminals move or hold funds while appearing legitimate.
- Companies and trusts can obscure the real beneficial owner.
- Nominee arrangements can hide who is acting behind the structure.
- Professional intermediaries may be misused to form entities or add apparent legitimacy.
- Firms respond with CDD, beneficial ownership checks, and escalation of suspicious activity.
The other options are AML controls or reporting steps, not the exploitation method described in the stem.
Question 3
Topic: Bribery and Corruption
A UK bank is reviewing a payment for a client that has won a tender from a state-owned energy company in a country with weak procurement oversight. The client wants a 7% success fee paid to a local consultant’s offshore company, but the consultant’s beneficial owners are undisclosed. Which factor MOST heightens the bank’s corruption risk exposure?
- A. Public procurement involves a state-owned buyer and an opaque success-fee intermediary.
- B. The client is newly onboarded and the project value is large.
- C. The contract is in the energy sector and settled in US dollars.
- D. The payment is cross-border and requested on a tight timetable.
Best answer: A
Explanation: The clearest corruption indicator is the combination of a state-linked contract, weak procurement oversight, and a third-party intermediary paid a success fee through an offshore vehicle with undisclosed ownership. That pattern can conceal improper payments to officials or connected persons. Corruption exposure is heightened when public decision-making can be influenced and the payment chain is hard to see through. Here, the contract is with a state-owned entity, the local procurement environment is weak, and a consultant with undisclosed beneficial owners is being paid a success fee via an offshore company. That combination is a strong red flag because intermediaries are a common route for disguising bribes, especially in public procurement.
- State involvement increases the risk of improper influence over public officials.
- Opaque ownership makes it difficult to identify links to officials or their associates.
- Success-fee arrangements can mask payments for winning or steering a contract.
Cross-border activity, urgency, and a new client relationship may all increase review intensity, but they are less specific than the corruption indicators in this scenario.
Question 4
Topic: Fraud and Market Abuse
A surveillance analyst sees linked client accounts buying a thinly traded share shortly before a takeover rumour appears online. The price rises sharply, the accounts sell into the spike, and an internal log shows an employee viewed a confidential draft announcement without business need. Which response best applies a sound anti-financial-crime control principle?
- A. Refresh customer due diligence and continue normal monitoring.
- B. Wait for confirmation that insider dealing can be proven.
- C. Escalate promptly, preserve records, and assess whether regulatory reporting is required.
- D. Ask the clients for explanations before escalating internally.
Best answer: C
Explanation: The combination of linked-account trading, a rumour-driven price move, and possible access to confidential information is a clear market-abuse red flag. The best response is prompt internal escalation, record preservation, and consideration of whether regulatory reporting is needed; firms should not wait for proof before acting. This scenario contains several classic indicators of possible market abuse: coordinated trading, suspicious timing ahead of a rumour, rapid profit-taking, and a potential information leak from inside the firm. Applying a sound escalation and governance principle means the firm should treat these facts as sufficient suspicion to escalate immediately to the relevant compliance or market-abuse function, preserve trading and communications records, and assess whether external reporting, such as a STOR, is required. A firm does not need conclusive proof before escalating; it needs a defensible process for handling credible red flags. Routine customer due diligence or direct client contact may be considered later if appropriate, but they are not the first control response here. The key point is to escalate on suspicion, not to wait for certainty.
Question 5
Topic: Money Laundering
Under FATF-aligned AML standards, what is the primary objective of ongoing monitoring?
- A. Seek prior law-enforcement approval for any unusual transaction
- B. Verify identity once at onboarding and then rely on that record
- C. Retain transaction data only to meet tax-reporting obligations
- D. Compare activity with the customer’s profile and identify suspicious transactions
Best answer: D
Explanation: Ongoing monitoring is a continuing AML control, not a one-off check. Its purpose is to assess whether customer activity matches the expected profile and to detect unusual or suspicious transactions for review and possible reporting. Under FATF-aligned AML standards, ongoing monitoring means reviewing transactions and customer behaviour throughout the business relationship to see whether they remain consistent with the firm’s understanding of the customer’s identity, business, source of funds, and risk profile. It helps firms identify unusual patterns, refresh customer risk assessments, and escalate suspicions internally for possible suspicious activity reporting.
This is different from initial customer due diligence, which establishes who the customer is at the start; record keeping, which preserves evidence and an audit trail; and internal controls, which set the governance, policies, training, and oversight for AML compliance. The key distinction is that monitoring is a live, continuing detection control.
Question 6
Topic: Terrorist Financing
At a UK wealth manager, a sanctions-screening alert is confirmed against a prospective client before any account is opened. The analyst reviews this note:
Confirmed match: UN Security Council terrorist designation
UK status: implemented under the UK's financial sanctions regime
Policy reminder: UN convention on terrorist financing requires states to criminalise terrorist financing and cooperate internationally.
Policy reminder: Security Council measures prohibit making funds or economic resources available to designated persons.
What is the best supported interpretation?
- A. The convention itself directly imposes the firm’s duty, so UK implementation is unnecessary.
- B. The convention is the framework; the designation creates the firm’s immediate no-dealings obligation.
- C. UN measures are mainly advisory, so the alert is only a reputational issue.
- D. Security Council measures apply only after terrorist financing is proven in court.
Best answer: B
Explanation: The exhibit describes two different UN mechanisms. The convention provides the international framework for states to criminalise terrorist financing and cooperate, while the Security Council designation, once implemented in the UK, creates the firm’s immediate duty not to make funds or economic resources available. UN conventions and UN Security Council measures play related but different roles in combating terrorist financing. A convention on terrorist financing operates at the state level: it requires countries to criminalise terrorist financing and support international cooperation. A Security Council designation is more operational. Once implemented through domestic sanctions law, it creates direct compliance consequences for firms, such as not dealing with the designated person’s funds or making funds or economic resources available.
In the exhibit, the decisive facts are that the match is confirmed and that the UN designation is implemented in the UK sanctions regime. That makes this an immediate sanctions obligation for the firm, not something that depends on a later criminal prosecution. The key takeaway is that conventions build the legal framework, while Security Council measures drive targeted restrictions once implemented domestically.
Question 7
Topic: Financial Crime Risk Management
A UK payments firm receives a JMLIT typology briefing on possible sanctions evasion: newly formed UK companies, offshore nominee ownership, and immediate outward payments for vague “consultancy” services. A new corporate customer matches these features, but screening shows no match to any designated person. What is the single best response by the firm?
- A. Use the briefing to trigger EDD, targeted monitoring, and internal escalation
- B. Freeze the relationship because the typology match is equivalent to a designation
- C. Rely on the briefing as sufficient evidence and skip further internal review
- D. Proceed as normal because no designated-person screening hit was found
Best answer: A
Explanation: Industry and public-private typology sharing helps firms spot emerging financial-crime patterns earlier and improve controls. Here, the matching red flags justify higher-risk treatment, EDD, targeted monitoring, and internal escalation even though there is no direct sanctions hit. The core concept is that typology sharing and public-private partnerships, such as JMLIT, enhance a firm’s ability to detect emerging risks, but they do not replace the firm’s own judgement, governance, or legal responsibilities. In this scenario, the customer matches several sanctions-evasion indicators, so the firm should use that intelligence to strengthen its own controls: reassess the customer’s risk, perform enhanced due diligence, apply targeted monitoring, and escalate internally to the appropriate AML or sanctions function.
A typology match is not the same as a legal designation, so it does not automatically require an asset freeze. Equally, a clear screening result does not remove the need to act on broader risk indicators. The key takeaway is that shared intelligence informs better internal decisions; it does not outsource them.
Question 8
Topic: Financial Sanctions
Review the onboarding alert.
Sanctions alert extract
Customer: Solmere Trading Ltd
Direct match on customer name: none
UBO: Nikolai Antonov, 55% ownership - exact match to an OFSI designated person
Expected first payment: from East Port Bank
Counterparty screening status: not yet run
What is the best supported action?
- A. Wait for payment screening, because ownership is not decisive.
- B. Exit East Port Bank immediately, because unscreened means sanctioned.
- C. Proceed, because the customer name shows no direct match.
- D. Pause onboarding and escalate, because screening also tests ownership links.
Best answer: D
Explanation: The alert should be escalated and onboarding paused because sanctions screening is designed to detect exposure through ownership and control, not just the customer’s own name. A direct UBO match to an OFSI designated person is a material sanctions alert even before any payment is processed. Sanctions screening aims to identify potential sanctions exposure across multiple identifiers, including customer names, beneficial owners, controllers, counterparties, and payment data. In this alert, the decisive fact is not the absence of a direct match on Solmere Trading Ltd, but the exact match on a 55% UBO to an OFSI designated person. That creates an immediate need to stop the onboarding process and escalate internally for sanctions review before any funds or services are made available.
Waiting for payment screening is too late because the ownership link has already been identified. Equally, an unscreened counterparty is not the same as a sanctioned counterparty. The key point is that screening is intended to uncover indirect sanctions exposure, not only exact name matches on the customer itself.
Question 9
Topic: Tax Evasion
Which feature most strongly suggests that a cross-border structure is being used to facilitate tax evasion?
- A. It involves entities in more than one jurisdiction.
- B. It conceals taxable income through undeclared assets or false invoices.
- C. It uses reliefs expressly allowed by tax law.
- D. It results in a lower tax charge than a domestic structure.
Best answer: B
Explanation: Tax evasion involves dishonest concealment or misrepresentation to reduce tax liabilities. A cross-border structure becomes high risk when it is used to hide income or ownership through undeclared assets, false invoices, or other sham arrangements. The core concept is that tax evasion depends on concealment or deception, not simply on using an overseas entity or achieving tax efficiency. Cross-border structures can be legitimate, but they create tax-evasion risk when they are used to obscure beneficial ownership, suppress taxable income, or fabricate transactions. Examples include keeping offshore assets undeclared, issuing false invoices to move value or distort profits, and using sham arrangements with no real commercial purpose. By contrast, lawful tax avoidance uses arrangements that are disclosed and operate within the tax rules, even if they reduce tax. The deciding factor is the dishonest misstatement or concealment, not the international element itself.
Question 10
Topic: The Role of the Financial Services Sector
A wealth-management firm sees rising transaction-monitoring alerts but fewer internal suspicious activity escalations from front-office staff. Staff feedback says managers discourage challenge to protect client relationships, generic AML training feels irrelevant, and top billers are rarely disciplined for control failures. Which action would best strengthen the firm’s anti-financial-crime compliance culture?
- A. Require quarterly sign-off of the AML policy by all staff
- B. Have senior leaders back challenge, give role-specific training, protect good-faith escalation, and apply consequences consistently
- C. Limit suspicious activity reporting to the compliance team so relationship managers stay focused on clients
- D. Judge teams mainly on revenue and onboarding speed, with compliance issues reviewed separately
Best answer: B
Explanation: A strong compliance culture is shaped by what leaders reward, tolerate, and model. The best response combines visible leadership support, safe escalation, relevant training, and fair consequences, which are the main conditions that make staff act on financial-crime risks in practice. The core concept is that compliance culture is not created by policies alone; it depends on behaviour and incentives. In this scenario, staff fear speaking up, training is not meaningful, and high performers appear exempt from consequences. The best action is therefore the one that changes leadership signals, makes escalation safe, improves training quality, and applies standards consistently across the firm.
When senior leaders visibly support challenge and back staff who raise concerns in good faith, employees are more likely to escalate suspicions rather than stay silent. Role-specific training helps staff recognise what matters in their day-to-day work. Consistent consequence management, including for profitable staff, shows that controls are real and not optional. The closest distractors focus on paperwork, silo compliance, or commercial metrics, which do not fix the underlying culture.
Question 11
Topic: The Background and Nature of Financial Crime
A UK investment firm is refreshing its financial-crime framework. The board wants external bodies assigned to the correct purpose: standard setting, supervision, law-enforcement escalation, and intelligence sharing. Which approach best applies sound governance?
- A. Use FATF for international standards, JMLIT for supervisory oversight, NCA for law-enforcement escalation, and FCA for intelligence sharing.
- B. Use FCA for supervisory oversight, FATF for law-enforcement escalation, NCA for intelligence sharing, and JMLIT for international standards.
- C. Use FATF for international standards, FCA for supervisory oversight, NCA for law-enforcement escalation, and JMLIT for intelligence sharing.
- D. Use NCA for supervisory oversight, FCA for intelligence sharing, FATF for international standards, and JMLIT for law-enforcement escalation.
Best answer: C
Explanation: Sound governance means assigning each external body to its actual role. FATF sets international AML/CFT standards, the FCA supervises firms’ systems and controls, the NCA is the law-enforcement escalation route, and JMLIT supports intelligence sharing between the private and public sectors. The core principle is governance accountability: firms should use external bodies for the functions they are designed to perform, not treat them as interchangeable. FATF is an international standard setter, so firms use its Recommendations to benchmark AML/CFT frameworks. The FCA is a supervisor, so it assesses whether firms have proportionate financial-crime controls. The NCA is the UK law-enforcement route for suspicious activity escalation and criminal intelligence handling, including SAR-related reporting through the UKFIU. JMLIT is a public-private intelligence-sharing initiative used to exchange typologies and threat information, not to supervise firms or investigate cases. The key takeaway is that standards, supervision, enforcement, and intelligence sharing are related but distinct functions.
Question 12
Topic: Bribery and Corruption
A UK investment firm is bidding to manage treasury assets for an overseas state-owned development bank. One week before the tender decision, a sales manager proposes paying for a luxury holiday for the bank’s procurement head and spouse, calling it “relationship building”. Which assessment best applies a risk-based anti-bribery approach?
- A. Treat it as low risk unless the mandate is later awarded.
- B. Escalate it as high risk because it appears intended to influence a tender, could induce improper performance, and involves a public-official context.
- C. Allow it if similar hospitality is common practice in that country.
- D. Approve it if pre-cleared and entered in the gifts register.
Best answer: B
Explanation: The correct assessment focuses on purpose, timing, and recipient, not just on how the expense is recorded. A lavish benefit offered just before a tender decision can suggest intent to influence, risk of improper performance, and added concern where the recipient is linked to a state-owned body. A risk-based anti-bribery assessment looks beyond the label of “hospitality” and considers why the benefit is being offered, when it is offered, how valuable it is, and who receives it. Here, a luxury holiday for the procurement head and spouse shortly before a tender decision strongly suggests an intention to influence the award of business. That creates a risk of inducing improper performance of the procurement role. Because the bank is state-owned, the scenario also raises a public-official dimension, which increases the need for escalation and scrutiny under anti-bribery controls. Internal approval or accurate recording may support governance, but they do not make an improperly motivated benefit acceptable. The key point is that intent and recipient status can matter as much as the form of the payment or hospitality.
Question 13
Topic: Fraud and Market Abuse
A UK investment platform spots 11 new-account applications over three weeks. The names differ, but several applications share device IDs, withdrawals are requested to two common e-money wallets, and onboarding staff have been overriding failed selfie checks to reduce a backlog. Which is the best assessment?
- A. Independent opportunistic fraud by unrelated applicants
- B. Isolated account takeover of genuine customers
- C. One-off internal fraud by onboarding staff
- D. Organised repeated fraud exploiting a systemic control weakness
Best answer: D
Explanation: This pattern is not consistent with isolated opportunistic fraud. Shared device data, common withdrawal destinations, and repeated bypassing of a failed control point to a coordinated scheme that is being enabled by a systemic weakness in onboarding. The core distinction is between a one-off or loosely opportunistic fraud and a repeatable, coordinated scheme. Here, several applications are linked by shared device IDs and common e-money wallet destinations, which are strong indicators of coordination rather than independent behaviour. The fact that staff are repeatedly overriding failed selfie checks shows the fraud is also being facilitated by a control weakness, making it systemic as well as repeated.
In practice, this should be treated as a broader fraud pattern requiring prompt escalation, linked-account review, and remediation of the onboarding override process. The closest alternative is internal fraud, but the facts primarily show external organised activity exploiting weak controls, not clear evidence that staff are the main perpetrators.
Question 14
Topic: Money Laundering
Review the note.
Onboarding review
- Client 1: UK-resident employee; personal savings product; £4,000 from own UK bank account; met in branch.
- Client 2: Company incorporated in a jurisdiction the firm classifies as higher risk; beneficial owner is the spouse of a foreign minister; private investment product; £450,000 from an overseas bank; onboarded through a non-face-to-face introducer.
- Team proposal: "Use the same standard CDD checklist for both clients to keep onboarding consistent."
Which action is best supported by international AML standards?
- A. Keep identical standard CDD for both clients.
- B. Refuse Client 2 automatically because PEP links and non-face-to-face onboarding are prohibited.
- C. Use identical onboarding checks and rely on monitoring to separate risk later.
- D. Apply standard CDD to Client 1 and EDD to Client 2.
Best answer: D
Explanation: International AML standards use a risk-based approach, not identical controls for every case. The second client has higher customer, product, geography, and channel risk, so the firm should increase due diligence depth for that relationship. The core concept is proportionality under the risk-based approach. Firms should assess relevant money-laundering risk factors at onboarding and tailor CDD depth accordingly. Here, the first client is a straightforward domestic, face-to-face, low-value personal relationship, while the second involves a company, a PEP family connection through the beneficial owner, a higher-risk jurisdiction, a larger investment product, overseas funding, and a non-face-to-face channel. Those factors justify enhanced due diligence, stronger source-of-funds scrutiny, and closer monitoring for the higher-risk case. International standards expect a consistent risk-assessment method, not identical control depth for every customer.
Using the same checklist for both would ignore the very risk differences the framework is designed to capture.
Question 15
Topic: Terrorist Financing
A wealth-management firm sees a new client make six payments of £150 over two weeks to an overseas e-money account connected to a small organisation operating near a conflict area. The payment references are vague, and the client gave no clear reason for using this beneficiary. Which response best applies a risk-based anti-financial-crime principle?
- A. Accept the payments unless the beneficiary is on a sanctions list
- B. Treat the activity as low risk because each payment is small
- C. Wait until one payment breaches the firm’s large-transaction alert level
- D. Assess the pattern as potentially higher terrorist-financing risk and escalate for review
Best answer: D
Explanation: The best response is to apply a risk-based assessment rather than rely on payment size alone. Terrorist financing can involve modest sums, so repeated low-value payments to a conflict-related beneficiary with vague references should trigger closer review and possible internal escalation. The core principle is that terrorist-financing risk is driven by context, purpose, destination, and behaviour patterns, not just transaction size. Small amounts can still fund travel, communications, equipment, or local support for terrorist activity, so low value does not make the risk low. Here, the repeated payments, vague references, and link to an organisation in or near a conflict area are relevant indicators that justify a higher-risk review.
A sound response would be to:
- consider whether existing CDD is adequate
- review the beneficiary and transaction pattern
- escalate internally in line with firm procedures if suspicion remains
The closest distractor is relying on sanctions screening alone, but a transaction can still present terrorist-financing risk even when no sanctions match is found.
Question 16
Topic: Financial Crime Risk Management
Which combination of characteristics would generally indicate the highest inherent financial-crime exposure for a financial-services business?
- A. Complex products, high transaction velocity, cross-border activity, opaque ownership
- B. Complex products, low transaction velocity, domestic customers, transparent ownership
- C. Simple products, high transaction velocity, domestic customers, transparent ownership
- D. Simple products, low transaction velocity, domestic customers, transparent ownership
Best answer: A
Explanation: Higher inherent exposure usually arises when several risk drivers appear together. Complex products can obscure purpose, rapid transactions can hinder review, cross-border activity can complicate oversight, and opaque ownership can hide who ultimately controls the customer. In financial-crime risk management, inherent exposure increases when a firm offers products or services that are harder to understand, allows funds to move quickly, operates across borders, and cannot easily identify the true customer or beneficial owner. Those features make it easier to conceal source of funds, ownership, control, and transaction purpose, while also making monitoring and escalation more challenging.
A strong risk combination includes:
- product complexity
- high transaction velocity
- cross-border reach
- customer opacity
A single factor may raise risk, but the highest exposure usually comes from their combination. By contrast, simple domestic activity with transparent ownership and slower transaction patterns is generally easier to monitor and control.
Question 17
Topic: Financial Sanctions
A UK wealth manager is onboarding a corporate client. Screening shows the client appears on a US OFAC list, but not on the UK sanctions list, and the relationship would involve only UK staff, a GBP account, and no US counterparties. What is the best advice to the front office?
- A. Ignore the hit because only UN listings can affect a UK firm.
- B. Report the client directly to the UN before taking any onboarding decision.
- C. Freeze the assets because OFAC listings automatically bind UK firms.
- D. Check the UK sanctions regime administered by OFSI and assess any separate US nexus or policy impact.
Best answer: D
Explanation: Sanctions obligations are jurisdiction-specific. In this purely UK, non-US-nexus scenario, an OFAC designation does not automatically impose a UK asset freeze, so the firm should check the applicable UK regime through OFSI and then consider any separate US or internal policy implications. The key concept is that sanctions lists operate through specific legal regimes and authorities. OFSI is the UK authority responsible for implementing and enforcing UK financial sanctions, while OFAC is the equivalent US authority. A UN listing usually becomes binding on firms through national implementation, so a UK firm should look to the UK sanctions regime and UK list, not assume that a foreign designation automatically applies in UK law.
Here, the facts remove the obvious US nexus: no US staff, no USD, and no US counterparties. That means the OFAC hit does not by itself require the UK firm to freeze assets under UK law. The right response is to confirm whether the client is designated under the relevant UK or UN-derived UK regime and then consider whether any later US connection, correspondent exposure, or firm policy creates additional restrictions.
The closest trap is treating a foreign sanctions hit as irrelevant; it may still matter operationally or commercially even if it is not directly binding under UK law.
Question 18
Topic: Tax Evasion
Under the Criminal Finances Act 2017, a client deliberately understates income to reduce tax. An employee of a financial-services firm knowingly helps the client do this, and the firm cannot show reasonable prevention procedures. Which term matches the firm’s offence?
- A. Corporate failure to prevent facilitation of tax evasion
- B. Criminal facilitation by an associated person
- C. Failure to disclose suspicion under POCA
- D. Taxpayer tax evasion
Best answer: A
Explanation: The stem separates three layers of wrongdoing. The client commits tax evasion, the employee commits criminal facilitation, and the firm’s own exposure arises because it failed to prevent that facilitation through reasonable prevention procedures. The Criminal Finances Act 2017 creates a corporate offence where a relevant body fails to prevent an associated person from criminally facilitating tax evasion. In the stem, the client commits the underlying tax evasion, and the employee knowingly assists, so the employee is the associated person involved in criminal facilitation. The firm’s liability is different again: it arises because the firm cannot show reasonable prevention procedures, so it may be guilty of failing to prevent the facilitation. This offence is designed to drive effective controls, training, governance, and oversight within firms. A reporting issue under POCA is a different obligation and is not the offence described here.
Question 19
Topic: The Role of the Financial Services Sector
A UK wealth manager is onboarding a company incorporated in the British Virgin Islands. The ultimate beneficial owner is a current deputy minister in another country with a high perceived corruption risk, and the initial £2 million will come from an unrelated company in a third jurisdiction. What is the most appropriate due diligence approach?
- A. Decline the relationship automatically because the owner is a PEP
- B. Use standard due diligence because the beneficial owner is identified
- C. Use enhanced due diligence with source checks and senior approval
- D. Use simplified due diligence because no sanctions match was found
Best answer: C
Explanation: This is a higher-risk onboarding case, not a low-risk or routine one. A foreign PEP, corruption exposure and cross-border third-party funding mean the firm should apply enhanced due diligence, including deeper source checks and senior management approval. The core concept is the risk-based approach to customer due diligence. Simplified due diligence is reserved for genuinely lower-risk situations, while standard due diligence is the baseline for ordinary customers. Here, several elevated-risk indicators are present: the beneficial owner is a foreign politically exposed person, the country exposure suggests higher corruption risk, the structure is offshore, and the initial funding will come from an unrelated third party in another jurisdiction.
In that situation, the firm should apply enhanced due diligence. This would typically include obtaining and assessing source of wealth and source of funds information, understanding the reason for the ownership and funding structure, performing more in-depth verification, and obtaining senior management approval before onboarding. A clear sanctions screen does not by itself reduce the customer to low risk.
The closest alternative is standard due diligence, but ordinary identification measures alone are not enough when multiple material risk factors are present.
Question 20
Topic: The Background and Nature of Financial Crime
A UK bank reviews a corporate client that has won an overseas public contract. The client requests several urgent payments just below internal review thresholds to an offshore intermediary owned by a minister’s brother, supported only by vague “advisory services” invoices. What is the single best assessment of the financial-crime risk?
- A. It is a broader financial-crime risk covering bribery indicators, possible laundering of proceeds, and attempted control evasion.
- B. It is not financial crime unless investigators first prove the underlying offence.
- C. It is mainly a sanctions issue because of the foreign political connection.
- D. It is only a bribery and corruption issue because the payments relate to a tender.
Best answer: A
Explanation: Financial crime in financial services is broader than any single offence category. Here, the politically connected recipient, vague invoices, offshore routing, and payments just below review thresholds suggest possible bribery and corruption alongside potential money laundering and evasion of controls. The core concept is that financial crime is an umbrella term covering several offence types and risk areas, not just one crime in isolation. In this scenario, the overseas public contract and politically connected intermediary raise bribery and corruption concerns; the offshore payment route and poor supporting documentation raise money-laundering concerns; and splitting payments below internal review thresholds suggests an attempt to evade controls.
A firm should therefore view the matter as a broader financial-crime issue requiring integrated assessment and escalation, rather than trying to force it into only one category. The key point is that the same set of facts can indicate multiple financial-crime risks at the same time.
Question 21
Topic: Bribery and Corruption
A UK securities firm hires a local consultant to help win an investment mandate from Country X’s finance ministry. The consultant pays cash to a ministry official to influence the award. Internal review finds the firm did no due diligence on the consultant and had no anti-bribery controls over third parties. Which offence is the firm most likely to face under the UK Bribery Act 2010?
- A. Passive bribery
- B. Bribery of a foreign public official
- C. Corporate offence of failing to prevent bribery
- D. Active bribery
Best answer: C
Explanation: The consultant is an associated person of the firm and paid a bribe to obtain business for it. Because the question asks about the firm’s exposure, and the facts show weak or absent anti-bribery procedures, the clearest offence is failing to prevent bribery. Under the UK Bribery Act 2010, a commercial organisation can commit a separate corporate offence if a person associated with it bribes another person intending to obtain or retain business, or a business advantage, for that organisation. In this scenario, the local consultant is acting for the UK firm, the payment is made to secure a finance ministry mandate, and the firm’s lack of due diligence and third-party controls is a key indicator that it may not be able to rely on an adequate-procedures defence.
Active bribery and bribery of a foreign public official describe the underlying conduct of the payer. However, the stem asks specifically which offence the firm is most likely to face. Passive bribery concerns the person who requests or accepts the advantage, not the firm here.
The key distinction is between the bribe itself and the firm’s separate liability for not preventing it.
Question 22
Topic: Fraud and Market Abuse
A UK wealth manager allows one operations employee to amend client payee details, approve payments below £20,000, and complete the daily cash reconciliation. Several small transfers have been sent to a newly added payee, and no independent check was performed when the payee details were changed. Which control improvement would best reduce the fraud risk?
- A. Increase the payment approval limit so fewer transactions need escalation
- B. Split payee maintenance, payment approval, and reconciliation between different staff, with independent review of payee changes
- C. Ask external audit to test a sample of payments at year-end
- D. Rely on annual fraud-awareness training for the operations employee
Best answer: B
Explanation: The main fraud risk is that one person controls the data, the approval, and the reconciliation, allowing a false payee to be created, paid, and then concealed. Segregation of duties plus independent review of standing data changes is the strongest preventive control. This scenario shows a classic internal fraud vulnerability: the same employee can change payment data, authorise transfers, and then reconcile the account. Strong controls reduce fraud risk because they make it harder for one person to both commit and hide a fraud. Separating duties creates a maker-checker process, and independent review of payee or standing-data changes helps detect unauthorised amendments before money leaves the firm.
A good control design here would ensure that:
- one person changes payee details
- another approves the change
- a different person approves the payment or performs the reconciliation
Training and audit can support the control environment, but they do not remove the immediate opportunity for a single employee to manipulate the full payment process. The key takeaway is that preventive controls over data, approvals, and reconciliation are stronger than retrospective checks alone.
Question 23
Topic: Money Laundering
A UK wealth manager is reviewing a new corporate client. Internal notes say the beneficial owner paid kickbacks to an overseas public official to win a government contract. The contract receipts were then sent through two newly formed companies in different jurisdictions and returned to the client as “consultancy fees” before being invested. Which activity is the clearest example of the later laundering of criminal proceeds?
- A. Paying kickbacks to win the contract
- B. Providing incomplete ownership information at onboarding
- C. Routing the receipts through new companies as consultancy fees
- D. Earning revenue from the contract obtained by corruption
Best answer: C
Explanation: The laundering occurs after the predicate crime has generated proceeds. In this scenario, the kickbacks and corruptly won contract create the criminal proceeds, while routing those funds through newly formed companies as “consultancy fees” is an attempt to conceal their origin. The core distinction is between the predicate offence that generates illicit funds and the later handling of those funds to disguise where they came from. Here, bribery is the proceeds-generating criminal conduct: the kickbacks secure the contract and the resulting receipts become criminal property. The later transfers through newly formed companies in different jurisdictions, combined with a misleading description such as “consultancy fees”, are classic layering indicators associated with money laundering.
The sequence is:
- corruption generates the proceeds
- the proceeds enter the financial system
- additional transfers and false descriptions obscure their source
A control failure such as incomplete ownership information may increase risk, but it is not itself the laundering act described in the scenario. The key clue is the movement of already-generated criminal proceeds to disguise origin.
Question 24
Topic: Terrorist Financing
A firm is onboarding a corporate customer for international payments. Screening finds no alert on the company name. The company has two 50% beneficial owners, and an external consultant holds a power of attorney to instruct payments. Which approach best applies CFT screening principles?
- A. Screen only the consultant, because payment control matters more than ownership.
- B. Screen the company, beneficial owners, and the consultant, escalating any matches.
- C. Screen only the company, because it is the legal customer.
- D. Screen the company and defer owner checks until activity looks unusual.
Best answer: B
Explanation: For CFT purposes, screening only the named customer is not enough when ownership and control sit elsewhere. Beneficial owners and connected parties such as a person holding power of attorney can create exposure through control, influence, or acting on the customer’s behalf, so they should be screened and any matches escalated. The key principle is that firms should screen relevant ownership and connected-party data where those parties can control the customer, benefit from the relationship, or act for the customer. In this scenario, the company itself shows no alert, but the two 50% beneficial owners clearly control it, and the consultant can operate the account through the power of attorney. Those links are directly relevant to CFT controls because terrorist-financing risk can be obscured behind a corporate vehicle or introduced by a connected person.
A risk-based screening approach therefore includes the customer plus relevant beneficial owners and authorised connected parties, with escalation of any potential matches. Waiting until transactions look unusual is too late for effective onboarding control, and screening only one category of party leaves a clear gap.
The practical takeaway is to screen beyond the customer name whenever ownership or connected-party relationships matter.
In this section
- CISI CFC: The Background and Nature of Financial CrimeTry 10 focused CISI CFC questions on The Background and Nature of Financial Crime, with answers and explanations, then continue with Securities Prep.
- CISI CFC: Money LaunderingTry 10 focused CISI CFC questions on Money Laundering, with answers and explanations, then continue with Securities Prep.
- CISI CFC: Terrorist FinancingTry 10 focused CISI CFC questions on Terrorist Financing, with answers and explanations, then continue with Securities Prep.
- CISI CFC: Bribery and CorruptionTry 10 focused CISI CFC questions on Bribery and Corruption, with answers and explanations, then continue with Securities Prep.
- CISI CFC: Fraud and Market AbuseTry 10 focused CISI CFC questions on Fraud and Market Abuse, with answers and explanations, then continue with Securities Prep.
- CISI CFC: Tax EvasionTry 10 focused CISI CFC questions on Tax Evasion, with answers and explanations, then continue with Securities Prep.
- CISI CFC: Financial SanctionsTry 10 focused CISI CFC questions on Financial Sanctions, with answers and explanations, then continue with Securities Prep.
- CISI CFC: Financial Crime Risk ManagementTry 10 focused CISI CFC questions on Financial Crime Risk Management, with answers and explanations, then continue with Securities Prep.
- CISI CFC: The Role of the Financial Services SectorTry 10 focused CISI CFC questions on The Role of the Financial Services Sector, with answers and explanations, then continue with Securities Prep.
- Free CISI CFC Full-Length Practice Exam: 50 QuestionsTry 50 free CISI CFC questions across the exam domains, with answers and explanations, then continue in Securities Prep.