CISI CFC — CISI Combating Financial Crime Exam Blueprint & Readiness Checklist

Last revised: June 29, 2026

Practical topic map and readiness checklist for the Chartered Institute for Securities & Investment CISI Combating Financial Crime (CISI CFC) exam.

How to Use This Exam Blueprint

Use this independent Exam Blueprint as a practical readiness checklist for the Chartered Institute for Securities & Investment CISI Combating Financial Crime (CISI CFC) exam. It is designed to help you turn the exam topic areas into review tasks, scenario decisions, and final-week checks.

Because exact official weights were not supplied here, the sections below are framed as readiness areas, not weighted exam sections. Use the current Chartered Institute for Securities & Investment syllabus and study materials as your source of truth for any named laws, dates, thresholds, reporting timeframes, or jurisdiction-specific requirements.

A good use pattern:

Mark each area Green / Yellow / Red.
For each Yellow or Red area, write down the specific rule, control, document, or decision point you cannot yet explain.
Practise with scenarios, not just definitions.
For every scenario, ask: Who is the customer? What is the risk? What evidence exists? What should the firm or individual do next?

Topic-Area Readiness Table

Readiness area	What to review	You are ready when you can…	Final-review prompt
Financial crime landscape	Money laundering, terrorist financing, proliferation financing, sanctions breaches, bribery, corruption, fraud, tax evasion facilitation, market-integrity issues where covered	Recognise the type of financial crime from a short fact pattern	What offence or risk is the scenario pointing to?
Money laundering concepts	Placement, layering, integration, predicate offences, proceeds of crime, concealment, use of professional services	Explain how illicit funds move through financial products and services	Which stage of laundering is most visible in the scenario?
Terrorist financing	Legitimate and illegitimate funding sources, low-value/high-frequency activity, charities and non-profit risks, cross-border movement	Distinguish terrorist financing from money laundering even when transaction values are small	Is the concern source of funds, destination of funds, or purpose?
Sanctions and restrictions	Screening, ownership/control, designated persons, countries, sectors, goods, services, proliferation finance indicators	Explain why a sanctions match is not handled like an ordinary AML alert	Should activity continue, pause, escalate, or be rejected?
Regulatory and standards framework	International standard setters, national regulators, financial intelligence units, law enforcement, firm-level responsibilities	Place each body or role in the correct part of the financial crime control ecosystem	Who sets standards, who supervises, who reports, and who investigates?
Governance and accountability	Senior management responsibility, policies, risk appetite, three lines of defence, compliance monitoring, audit, training	Link governance failures to financial crime exposure	What control failed: design, operation, oversight, or culture?
Risk-based approach	Customer, product, service, channel, geography, transaction and delivery-channel risk	Adjust due diligence and monitoring intensity to risk	Is this low, standard, or higher risk, and why?
Customer due diligence	Identification, verification, customer purpose, expected activity, beneficial ownership, control structures	Decide what information is needed before onboarding or continuing a relationship	What do you still not know about the customer?
Enhanced due diligence	PEPs, complex structures, high-risk jurisdictions, unusual activity, negative media, private banking-style risks	Identify when standard checks are insufficient	What extra evidence or approval is needed?
Ongoing monitoring	Customer profile, transaction behaviour, alert review, periodic or event-driven refresh	Compare activity with expected behaviour and decide whether to escalate	Is the transaction unusual, suspicious, or explainable?
Suspicious activity reporting	Internal escalation, suspicion indicators, documentation, confidentiality, tipping-off risk	Choose the correct escalation path without alerting the customer	What can be said to the customer, and what must not be said?
Bribery and corruption	Gifts, hospitality, facilitation payments, third-party agents, conflicts of interest, public officials	Identify improper advantage and weak third-party controls	Is the payment legitimate, excessive, concealed, or improperly approved?
Fraud and cyber-enabled crime	Identity fraud, account takeover, false documentation, invoice redirection, mule accounts, social engineering	Spot fraud indicators and separate fraud response from AML escalation where needed	Is the customer the perpetrator, victim, mule, or unknown?
Documentation and evidence	KYC records, risk assessments, screening results, approvals, monitoring notes, SAR/STR rationale, training logs	Explain what a record should prove and why poor records create regulatory risk	Could another reviewer understand the decision from the file?
Ethics and professional conduct	Integrity, confidentiality, conflicts, escalation, acting against commercial pressure	Choose the action that protects the firm, market integrity, and legal obligations	Are you solving the control issue or protecting revenue?

Core Knowledge Map

1. Financial Crime Types and Typologies

Be ready to classify the risk before choosing the control response.

Typology	Common scenario cues	Control response to think about
Money laundering	Unexplained wealth, complex transfers, rapid movement of funds, use of shell entities, activity inconsistent with profile	CDD refresh, source of funds/source of wealth review, transaction monitoring, escalation if suspicion arises
Terrorist financing	Small or structured payments, links to conflict zones, unusual charity flows, funds moving to high-risk locations	Destination and purpose review, sanctions screening, escalation, careful handling of tipping-off risk
Sanctions evasion	Name match, ownership/control concern, indirect routing, use of intermediaries, trade involving restricted goods or regions	Stop or pause processing according to firm procedure, investigate match quality, escalate to sanctions/compliance function
Proliferation financing	Dual-use goods, unusual shipping routes, opaque trade finance parties, high-risk jurisdictions	Enhanced screening, trade documentation review, escalation to specialist controls
Bribery and corruption	Excessive gifts, unusual commissions, third-party agent with unclear role, public official involvement	Gifts/hospitality review, third-party due diligence, approval controls, refusal or escalation
Fraud	False documents, inconsistent identity details, account takeover signs, invoice changes, mule behaviour	Fraud controls, customer contact through trusted channels, account restrictions where appropriate, escalation
Tax evasion facilitation	Requests to hide ownership, misdescribe income, avoid reporting, use opaque structures without commercial rationale	Refuse facilitation, escalate internally, document rationale
Market abuse or misconduct, where covered	Suspicious trading, misuse of confidential information, manipulation indicators	Escalation to compliance/market surveillance, preserve records

2. Key Distinctions You Should Be Able to Explain

Distinction	Know the difference
Money laundering vs terrorist financing	Money laundering often focuses on disguising criminal proceeds; terrorist financing may involve legitimate or illegitimate funds used for prohibited purposes.
Source of funds vs source of wealth	Source of funds explains the origin of the specific money used in a transaction; source of wealth explains how the customer accumulated overall wealth.
Beneficial owner vs nominee	A beneficial owner ultimately owns or controls; a nominee may appear on records but act for another person.
PEP vs sanctioned person	A politically exposed person is higher risk and may require enhanced due diligence; a sanctioned person or entity creates legal restriction concerns.
False positive vs true match	A false positive is a screening alert that does not relate to the target; a true match requires escalation and action under firm procedure.
Unusual vs suspicious	Unusual activity needs explanation; suspicious activity gives rise to concern that may require escalation or reporting.
Inherent risk vs residual risk	Inherent risk exists before controls; residual risk remains after controls are applied.
Policy breach vs criminal suspicion	A policy breach may require remediation; suspicion of financial crime requires escalation through the relevant reporting process.

Risk-Based Approach Readiness

The exam is likely to reward practical judgment: identify risk factors, select proportionate controls, and avoid treating all customers the same.

Risk factor	Lower-risk cues	Higher-risk cues	Readiness task
Customer type	Transparent individual or simple entity with clear purpose	Complex company, trust, nominee arrangement, cash-intensive business, high-risk sector	Explain who owns, controls, and benefits
Geography	Familiar jurisdiction with reliable public records and lower financial crime exposure	High-risk or sanctioned jurisdiction, weak transparency, conflict zone, corruption concerns	Link geography to due diligence and monitoring
Product or service	Simple product with limited transferability	Private banking-style services, trade finance, correspondent relationships, complex investments, rapid transfer capability	Explain how the product could be abused
Delivery channel	Face-to-face or well-controlled digital onboarding	Non-face-to-face onboarding with weak verification or reliance on third parties	Identify verification weaknesses
Transaction behaviour	Consistent with stated profile and purpose	Rapid in/out movement, third-party payments, round amounts, unexplained cross-border flows	Compare actual behaviour to expected behaviour
Ownership structure	Direct ownership and clear control	Layered entities, offshore vehicles, bearer-like opacity, frequent changes	Draw or explain the ownership chain
Adverse information	No relevant concerns	Negative media, law enforcement interest, prior regulatory issues	Decide whether to onboard, exit, or enhance controls

Risk-Based Review Checklist

Can you identify inherent risk before considering controls?
Can you describe which controls reduce the risk?
Can you explain why some risk remains as residual risk?
Can you justify enhanced due diligence without relying on a single red flag?
Can you avoid automatic assumptions, such as “high value always means suspicious” or “small value always means low risk”?
Can you distinguish a commercial explanation from a weak or implausible explanation?
Can you decide when to escalate rather than simply request more documents?

Customer Due Diligence and KYC Readiness

What Good CDD Should Establish

Question	What the file should help prove
Who is the customer?	Identity is known and verified using reliable evidence appropriate to the customer type.
Who owns or controls the customer?	Beneficial owners, controllers, directors, trustees, partners, or equivalent parties are identified as required by the risk context.
Why does the customer want the relationship?	Purpose and intended nature of the relationship are understood.
What activity is expected?	Anticipated transaction types, volumes, geographies, counterparties, and funding sources are plausible.
Where is the money coming from?	Source of funds is understood for the relevant transaction or relationship.
How was wealth generated?	Source of wealth is credible where higher risk or required by policy.
Are there higher-risk indicators?	PEP status, adverse media, sanctions exposure, complex ownership, geography, product risk, or unusual behaviour is assessed.
Has risk changed over time?	Ongoing monitoring and refresh processes capture new facts.

CDD “Can You Do This?” Checks

Identify the customer in an individual, company, trust, partnership, charity, fund, or intermediary scenario.
Explain why beneficial ownership matters.
Recognise when an ownership chart is incomplete.
Decide whether a document verifies identity, address, control, source of funds, or source of wealth.
Spot a mismatch between stated business purpose and actual transactions.
Explain why reliance on another party does not remove the firm’s responsibility unless the official rules and firm policy allow it.
Identify when onboarding should pause pending further evidence.
Explain what should be recorded when an exception or approval is granted.

Enhanced Due Diligence Readiness

Enhanced due diligence is not just “collect more documents.” It should respond to the specific risk.

Higher-risk cue	What enhanced review may focus on	Weak answer to avoid
PEP or close associate	Role, jurisdiction, source of wealth, public funds exposure, senior approval, ongoing monitoring	“PEP equals prohibited customer” unless the official material or firm policy says so
Complex ownership	Beneficial ownership, control, commercial rationale, nominee arrangements	Accepting a structure because it is legally registered
High-risk geography	Customer links, counterparties, transaction routes, sanctions and corruption risk	Treating geography as irrelevant because the customer is locally resident
Adverse media	Reliability, relevance, recency, severity, customer explanation	Ignoring press reports because there is no conviction
Unusual funding	Source of funds, source of wealth, third-party involvement, economic rationale	Accepting “savings” or “business proceeds” without supporting detail
Charities or non-profits	Donor sources, beneficiaries, geography, purpose, delivery partners	Assuming charitable purpose automatically means low risk
Trade or cross-border activity	Goods, routes, counterparties, shipping documents, dual-use concerns	Reviewing only the payment and not the trade context

Monitoring, Escalation, and Suspicious Activity Reporting

Alert Handling Workflow

    flowchart TD
	    A[Unusual fact, transaction, or screening alert] --> B{Consistent with customer profile?}
	    B -- Yes, supported by evidence --> C[Record rationale and close or monitor]
	    B -- No or unclear --> D[Seek explanation if appropriate and safe]
	    D --> E{Concern resolved?}
	    E -- Yes --> C
	    E -- No --> F[Escalate internally to reporting/compliance function]
	    F --> G{Suspicion or legal restriction identified?}
	    G -- Yes --> H[Follow SAR/STR, sanctions, or restriction process]
	    G -- No --> I[Document decision and any control action]

Escalation Judgment Checks

Scenario cue	Better exam response	Trap response
Customer gives vague explanation for large incoming funds	Ask for relevant evidence and compare with known profile; escalate if concern remains	Accept explanation because the customer is long-standing
Customer asks whether a report has been made	Avoid confirming or denying; follow confidentiality and tipping-off controls	Reassure the customer that no report was filed
Relationship manager says the client is too valuable to delay	Apply policy and escalation process despite commercial pressure	Allow revenue to override controls
Transaction is unusual but has strong supporting evidence	Document rationale; monitor for further changes	Automatically file externally without assessing facts
Alert appears to be a name match	Investigate match quality and escalate under screening procedures	Dismiss it because the spelling is slightly different
Customer refuses beneficial ownership information	Consider whether relationship can proceed; escalate according to policy	Open the account and chase later without approval
Internal staff member may be involved	Escalate through appropriate confidential route	Discuss with the suspected staff member informally
Multiple small payments flow to risky destinations	Consider terrorist financing or structuring indicators	Ignore because each payment is individually small

Sanctions and Proliferation Financing Readiness

Sanctions questions often test urgency and discipline. The safest exam mindset is: do not process first and investigate later when a credible sanctions concern exists.

Readiness area	What to know
Screening purpose	Screening helps identify whether customers, beneficial owners, counterparties, vessels, goods, locations, or transactions may be restricted.
Match investigation	A potential match needs structured comparison, not guesswork. Consider name, aliases, date of birth, identifiers, ownership, control, geography, and transaction context.
Ownership and control	Restrictions may apply indirectly through entities owned or controlled by a restricted person, depending on the applicable rules.
Proliferation indicators	Dual-use goods, unusual routing, opaque intermediaries, inconsistent trade documents, or high-risk jurisdictions may require escalation.
False positives	False positives should be documented with clear rationale.
True or unresolved matches	Follow firm escalation and legal restriction procedures before continuing activity.
Customer communication	Avoid statements that could undermine legal restrictions or investigation.

Sanctions Scenario Prompts

A customer is not on a list, but a major shareholder may be restricted. What additional ownership/control checks are needed?
A transaction routes through a country unrelated to the customer or trade purpose. What explanation is needed?
A vessel, port, product, or intermediary creates concern. Who should review it?
A name match has partial identifiers only. What facts would confirm or discount the match?
A customer pressures the firm to release funds immediately. What control principle applies?

Bribery, Corruption, Fraud, and Conduct Risks

Risk area	Exam cues	Correct control mindset
Gifts and hospitality	Excessive value, timing near a decision, poor records, public official involvement	Apply policy, approval, proportionality, and transparency
Third-party agents	High commission, vague services, success fees, offshore payment requests	Perform third-party due diligence and verify business rationale
Facilitation payments	Payment requested to speed routine action	Treat as corruption risk unless official material identifies a narrow exception
Conflicts of interest	Personal benefit, undisclosed relationship, pressure to favour a party	Disclose, manage, avoid, or escalate
Invoice or payment fraud	Changed bank details, urgency, new payee, unusual email	Verify independently and preserve evidence
Identity fraud	Inconsistent documents, synthetic identity signs, remote onboarding anomalies	Strengthen verification and escalate concerns
Mule accounts	Pass-through funds, low account balance, multiple third-party credits and debits	Treat as financial crime risk even if the account holder claims ignorance
Tax evasion facilitation	Requests to hide ownership, misclassify payments, avoid reporting	Refuse participation and escalate internally

Governance, Controls, and Culture

The CISI CFC exam may present scenarios where the issue is not a single suspicious transaction but a weak control environment.

Control area	What good looks like	Red flags
Board and senior management oversight	Clear risk appetite, approved policies, challenge, resources, accountability	Financial crime seen as a compliance-only problem
Policies and procedures	Practical, current, risk-based, accessible to staff	Generic policy not followed in business processes
Three lines of defence	Business owns risk; compliance advises and monitors; audit provides independent assurance	Front office bypasses controls or compliance acts as a rubber stamp
Training	Role-specific, refreshed, tested, documented	One-off generic training with no evidence of understanding
Monitoring and testing	Control effectiveness is reviewed and issues are tracked	Repeated exceptions with no remediation
Management information	Useful data on alerts, backlogs, exceptions, SAR/STR trends, high-risk customers	Senior management receives only volume statistics without risk analysis
Record keeping	Decisions can be reconstructed	Missing rationale, undocumented approvals, inconsistent files
Culture	Staff feel able to escalate concerns	Sales pressure, retaliation, or “do not ask” behaviour

Documentation and Artifact Checks

Be ready to explain what each artifact is for and what it does not prove by itself.

Artifact	What it supports	Common misunderstanding
Identification document	Customer identity evidence	It does not prove source of wealth or transaction purpose
Corporate registry extract	Legal existence, directors, registered details	It may not reveal ultimate beneficial ownership
Ownership chart	Ownership and control structure	It is only useful if supported by reliable evidence
Source of funds evidence	Origin of money for a transaction	It may not explain how overall wealth was accumulated
Source of wealth evidence	Broader wealth generation	It may not verify the specific transaction funds
Screening result	Whether a name or entity created sanctions/PEP/adverse media alerts	A “no hit” result does not remove the need for broader risk assessment
Transaction monitoring alert	Behaviour needing review	An alert is not automatically suspicion; it requires investigation
Internal escalation note	Why concern was raised	It should not be vague or unsupported
SAR/STR rationale	Why suspicion was or was not reported	It must be confidential and handled under procedure
Approval record	Who accepted risk and on what basis	Approval does not cure unlawful activity
Training record	Evidence staff were trained	Attendance alone does not prove competence
Audit or compliance finding	Control weakness and remediation need	Findings must be tracked, not merely filed

Can You Do This? High-Value Readiness Checklist

Financial Crime Recognition

Define the main forms of financial crime covered in your study materials.
Identify placement, layering, and integration from transaction facts.
Explain why terrorist financing may involve legitimate funds.
Identify sanctions concerns separately from ordinary AML concerns.
Recognise bribery and corruption indicators in gifts, hospitality, agents, and public-official scenarios.
Spot when a customer may be a fraud victim, perpetrator, or money mule.
Explain how professional services and financial products can be abused.

Customer and Relationship Risk

Identify the customer, beneficial owner, controller, and relevant connected parties.
Explain the purpose and expected activity of a relationship.
Decide when standard CDD is not enough.
Select relevant enhanced due diligence steps for the specific risk.
Compare actual transactions with expected behaviour.
Identify when a relationship should be refused, paused, exited, or escalated.
Explain why “long-standing customer” does not remove the need for monitoring.

Reporting and Escalation

Distinguish internal escalation from external reporting.
Explain what creates suspicion in a fact pattern.
Avoid tipping off in customer communications.
Preserve confidentiality when staff, customers, or third parties are under suspicion.
Record clear rationale for decisions.
Recognise when sanctions, fraud, conduct, or legal teams may need involvement.
Know any jurisdiction-specific reporting terms, roles, deadlines, or thresholds supplied in your official CISI materials.

Controls and Governance

Explain the risk-based approach in practical terms.
Identify control weaknesses in onboarding, monitoring, screening, escalation, and training.
Link governance failures to financial crime outcomes.
Explain the role of senior management, compliance, business units, and audit.
Identify when commercial pressure is creating a conduct risk.
Explain why documentation quality matters.

Scenario and Decision-Point Checks

Use these prompts for final review. For each one, state the risk, the missing facts, the control step, and the likely next action.

Scenario	Key decision point	What a strong answer includes
A new corporate customer has three offshore holding companies and a nominee director	Can the firm identify ownership and control?	Request ownership evidence, identify beneficial owners/controllers, assess commercial rationale, consider enhanced due diligence
A wealthy customer says funds came from “family business” but provides no detail	Is source of funds/source of wealth credible?	Ask for relevant evidence, compare with profile, escalate if explanation remains weak
A customer becomes a PEP after onboarding	Has the risk profile changed?	Event-driven review, enhanced due diligence, appropriate approval, ongoing monitoring
A payment triggers a sanctions name alert with partial identifiers	Can activity proceed before resolution?	Investigate match quality, escalate under sanctions process, document outcome
A customer insists on using a third-party account for settlement	Is there a legitimate explanation?	Identify third party, purpose, ownership/control, source of funds, suspicious indicators
A charity sends frequent small payments to a conflict-affected region	Is value alone enough to dismiss concern?	Consider terrorist financing, beneficiaries, delivery partners, sanctions exposure, escalation
A relationship manager accepts luxury hospitality before a mandate decision	Is there improper influence?	Apply gifts/hospitality and conflicts policies, assess bribery risk, escalate
A trade finance transaction involves dual-use goods and unusual routing	Is this AML, sanctions, or proliferation risk?	Review goods, counterparties, route, documentation, sanctions exposure, specialist escalation
A customer’s account receives many incoming payments and immediate cash withdrawals	Is behaviour consistent with profile?	Consider money mule, fraud, laundering indicators, monitor and escalate
A client asks whether the firm has reported them	What can be disclosed?	Avoid tipping off, follow internal procedure, document interaction
Senior staff ask compliance to approve onboarding despite missing KYC	Is this a process exception or governance issue?	Apply policy, require evidence or formal risk acceptance, escalate pressure if inappropriate
Negative media links a beneficial owner to corruption but no conviction exists	Can the firm ignore it?	Assess reliability, relevance, recency, severity, customer explanation, enhanced due diligence

Common Weak Areas and Exam Traps

Weak area	Why it causes wrong answers	How to fix it
Treating CDD as document collection only	The exam often tests understanding, not paperwork volume	Ask what risk the document addresses
Confusing source of funds and source of wealth	Leads to incomplete enhanced due diligence	Practise explaining both in one sentence
Ignoring beneficial ownership	Complex structures are common financial crime cues	Draw the ownership chain until control is clear
Assuming PEP means prohibited	PEP status usually means higher risk and enhanced controls, not automatic refusal unless rules or policy require it	Focus on risk assessment and approval
Handling sanctions like ordinary AML	Sanctions can require immediate restriction and specialist escalation	Treat potential matches as urgent until resolved
Overlooking tipping-off risk	Poor communication can compromise reporting obligations	Practise safe customer wording
Filing reports for every unusual event	Unusual is not always suspicious	Decide whether facts create suspicion after reasonable review
Dismissing small transactions	Terrorist financing and mule activity may involve small values	Evaluate pattern, purpose, destination, and parties
Accepting commercial explanations without evidence	Plausible words are not the same as verification	Ask what evidence supports the explanation
Forgetting governance	Many scenarios test failed oversight, culture, training, or monitoring	Identify the control failure, not just the transaction
Memorising terms without applying them	Definitions alone do not solve scenarios	Convert every term into a “what should the firm do?” prompt

Final-Week Readiness Checklist

Syllabus Alignment

Compare this blueprint against the current Chartered Institute for Securities & Investment CISI CFC materials.
Highlight any named laws, regulators, offences, reporting routes, thresholds, or timeframes in the official materials.
Create a one-page glossary of key financial crime terms.
Make a separate list of jurisdiction-specific items you must know exactly.

Scenario Practice

Practise at least one scenario each for AML, terrorist financing, sanctions, bribery/corruption, fraud, and CDD.
For each missed question, classify the error: definition, role, process order, judgment, or documentation.
Re-answer missed scenarios after 24 hours without looking at the explanation.
Practise explaining why the wrong options are wrong.

Control Workflow Review

Rehearse the sequence: detect issue, assess facts, seek safe clarification if appropriate, escalate, document, avoid tipping off.
Review onboarding controls, ongoing monitoring, sanctions screening, escalation, and reporting.
Review governance roles: business, compliance, reporting officer/function, senior management, audit.
Review how enhanced due diligence differs from standard CDD.

Documentation Review

Know what belongs in a customer file.
Know what belongs in an alert investigation note.
Know what belongs in an approval or exception record.
Know why incomplete records create regulatory and evidential risk.

Exam-Day Mindset

Read the facts before choosing the control response.
Identify the financial crime risk first.
Do not let customer value, urgency, or senior pressure override controls.
Choose escalation when the firm lacks enough comfort to proceed.
Avoid answers that disclose suspicions to the customer.
Prefer documented, risk-based, proportionate action over informal judgment.

Practical Next Step

Turn the blueprint into a traffic-light sheet. Mark each topic Green, Yellow, or Red, then practise original scenario questions for every Yellow and Red area. After each question, write one sentence explaining the risk, one sentence explaining the correct control step, and one sentence explaining why the tempting wrong answer fails.

Study Plan

Scenario Guide