CISI CFC: Financial Crime Risk Management

Topic snapshot

Sample questions

These questions are original Securities Prep practice items aligned to this topic area. They are designed for self-assessment and are not official exam questions.

Question 1

Topic: Financial Crime Risk Management

A UK asset manager is onboarding an overseas company. Its ownership is layered through nominee shareholders, the director says the initial £2 million comes from a factory sale, and after the account opens it receives frequent third-party transfers unrelated to the stated investment purpose. Which explanation best describes why beneficial-ownership checks, source-of-funds review, and transaction monitoring are all relevant here?

• A. Beneficial-ownership checks show who controls the company, and a credible source of funds means transaction monitoring is unnecessary unless a payment fails screening.
• B. Beneficial-ownership checks explain the £2 million, source-of-funds review reveals who controls the company, and transaction monitoring assesses later transfers against the expected profile.
• C. Beneficial-ownership checks show who controls the company, source-of-funds review explains the £2 million, and transaction monitoring is only necessary after suspicion has already arisen.
• D. Beneficial-ownership checks show who controls the company, source-of-funds review explains the £2 million, and transaction monitoring assesses later transfers against the expected profile.

Best answer: D

What this tests: Financial Crime Risk Management

Explanation: These controls address different risks at different stages of the relationship. Beneficial-ownership checks establish who is really behind the customer, source-of-funds review explains the origin of the initial £2 million, and transaction monitoring tests whether later account activity remains consistent with what the firm was told to expect.

The key point is that AML controls are complementary, not interchangeable. In this scenario, nominee shareholders create an ownership-transparency issue, so beneficial-ownership checks are needed to identify the natural persons who ultimately own or control the company. The stated factory sale raises a separate question about whether the initial £2 million has a credible and lawful origin, which is the role of source-of-funds review. Once the account is open, frequent third-party transfers unrelated to the stated investment purpose create an ongoing behaviour risk, so transaction monitoring is used to identify activity that does not fit the expected profile.

A firm needs all three because knowing who the customer is, where the money came from, and how the account is actually used are different parts of the control framework. The wrong options either swap these functions or wrongly treat transaction monitoring as optional until suspicion already exists.

• Swapping beneficial ownership and source of funds is wrong because ownership checks identify the controlling natural persons, while source-of-funds review addresses the origin of the specific money being invested.
• Treating transaction monitoring as something used only after suspicion exists is wrong because it is an ongoing control designed to help detect unusual activity.
• Assuming credible initial funds remove the need for transaction monitoring is wrong because later account behaviour can still create new AML or financial-crime concerns.

This correctly matches each control to a distinct purpose: ownership transparency, origin of funds, and ongoing activity monitoring.

Question 2

Topic: Financial Crime Risk Management

During onboarding, a firm’s screening team misses an adverse-media alert linking a new corporate client to alleged bribery. Before the alert is reviewed, the client makes one £900 payment, which is then stopped. The firm expects almost no direct financial loss. Which response best applies sound financial-crime risk management?

• A. Treat the incident as low priority because the payment value was small
• B. Apply simplified due diligence because the payment caused no material loss
• C. Keep the relationship unchanged unless a criminal conviction is obtained
• D. Escalate the control failure, review CDD and screening, and document remediation

Best answer: D

What this tests: Financial Crime Risk Management

Explanation: The best response is to escalate and review the control failure rather than focusing on the small amount. In financial-crime risk management, reputational damage often comes from perceived weak controls or association with suspicious parties, not only from direct financial loss.

This scenario is about the risk-based approach and governance accountability. A missed adverse-media alert linked to alleged bribery indicates a possible financial-crime exposure and a control weakness in onboarding or screening. Even though the payment was only £900 and was stopped, the firm could still suffer reputational harm if clients, counterparties, regulators, or the media view it as having weak anti-financial-crime controls.

A sound response is to:

• escalate the incident internally
• review the customer due diligence and screening process
• consider whether the relationship remains acceptable
• keep clear records of decisions and remediation

The key point is that reputational damage is driven by trust and confidence, not just the size of the immediate loss.

• Small value trap: A low transaction amount does not remove reputational risk when the issue suggests weak controls or possible links to bribery.
• Proof trap: Firms should not wait for a conviction before escalating or reassessing risk; adverse media can itself require review and enhanced scrutiny.
• CDD misuse: Simplified due diligence is not justified by the absence of loss; it depends on lower risk, which is not supported here.

Reputational risk can arise from the apparent weakness in controls and association with alleged financial crime, even when the amount involved is small.

Question 3

Topic: Financial Crime Risk Management

A private bank discovers that a relationship manager colluded with an external introducer to submit altered source-of-wealth evidence for several higher-risk clients. The firm had AML procedures and two-person file sign-off, but both sign-offs relied on the relationship manager’s statements. Which control enhancement best applies a sound financial-crime risk management principle?

• A. Replace file testing with annual staff attestations that AML procedures were followed
• B. Rely on transaction monitoring alerts, since onboarding controls were already reasonable
• C. Accept introducer certifications for all clients to reduce onboarding delays
• D. Independently verify key CDD evidence for higher-risk cases outside the relationship chain, with logged overrides and review

Best answer: D

What this tests: Financial Crime Risk Management

Explanation: The best response is to add genuinely independent verification where collusion could defeat controls that only appear to be separate. A risk-based approach means stronger checks for higher-risk customers, especially when existing approvals depend on the same person or source.

The core principle is that controls must be genuinely independent, not just duplicated on paper. Here, the two-person sign-off failed because both approvals depended on the relationship manager’s representations, so collusion with an external introducer defeated the control design. For higher-risk clients, the firm should apply proportionate extra assurance by having key CDD evidence checked outside the relationship chain and by logging and reviewing any overrides or exceptions.

• Remove the single point of failure
• Apply stronger checks to higher-risk cases
• Ensure management can review exceptions and challenge patterns

By contrast, relying more heavily on the introducer, staff declarations, or later transaction alerts does not directly address the collusion risk at onboarding.

• Introducer reliance: Accepting introducer certifications more widely increases dependence on the external party involved in the collusion rather than adding assurance.
• After-the-fact attestation: Annual staff declarations are useful for accountability, but they do not independently test whether documents are genuine.
• Monitoring is not a substitute: Transaction alerts may detect some suspicious behaviour later, but they do not fix a compromised onboarding control.

Independent checking outside the colluding channel addresses the single point of failure that made the existing controls ineffective.

Question 4

Topic: Financial Crime Risk Management

A bank is assessing a prospective client relationship. Review the onboarding note and identify the best supported conclusion.

Internal onboarding note
- Applicant: HorizonPay Solutions Ltd
- Product requested: pooled account with virtual IBANs for underlying merchant clients
- Expected activity: about 8,000 inbound and outbound payments per day, mostly same-day
- Geographic reach: merchant clients in 14 countries, including regular flows to high-risk third countries
- Customer transparency: only aggregated daily reports will be provided; underlying merchants are not visible at onboarding

• A. Treat as lower risk because flows are electronic, not cash.
• B. Treat as higher risk; apply EDD and enhanced monitoring.
• C. Reject automatically because high-risk cross-border activity is prohibited.
• D. Treat as standard risk because the direct customer is authorised.

Best answer: B

What this tests: Financial Crime Risk Management

Explanation: The strongest conclusion is that the relationship carries elevated financial-crime exposure and needs a stronger risk-based response. The pooled structure, very high payment volume, cross-border activity including high-risk third countries, and lack of visibility over underlying merchants all increase AML/CFT risk.

This is a higher-risk relationship because several exposure drivers appear together. The pooled account with virtual IBANs adds product complexity, which can make transaction purpose and fund flows harder to trace. Around 8,000 same-day payments indicates high transaction velocity, increasing the challenge of spotting unusual activity. Merchant clients across 14 countries, including regular flows to high-risk third countries, add cross-border exposure. Most importantly, the bank will not see the underlying merchants at onboarding and will receive only aggregated reports, creating customer opacity.

A risk-based response is therefore to apply enhanced due diligence and set stronger ongoing monitoring controls. Authorised status of the applicant may be relevant, but it does not remove the risks created by complex, fast, cross-border and opaque activity.

• Electronic payments misconception: Non-cash activity is not automatically lower risk; rapid electronic flows can still be attractive for layering or concealment.
• Direct customer only: Focusing only on the authorised intermediary ignores the decisive lack of transparency over the underlying merchants.
• Automatic prohibition overreach: Regular flows to high-risk third countries increase risk, but the note does not say the activity is banned or requires automatic rejection.

The note shows product complexity, high transaction velocity, cross-border reach, and limited visibility over underlying customers, which together justify a higher-risk classification.

Question 5

Topic: Financial Crime Risk Management

Why should a firm assess control effectiveness separately from gross or inherent financial-crime risk exposure?

• A. To ensure any area with high inherent risk is automatically outside risk appetite
• B. To avoid recalculating residual risk when products, channels, or customers change
• C. To show that control effectiveness is a fixed feature of the customer rather than the firm
• D. To distinguish pre-control exposure from the extent of mitigation provided by controls

Best answer: D

What this tests: Financial Crime Risk Management

Explanation: Control effectiveness must be assessed separately because inherent risk and controls answer different questions. Inherent risk shows the level of exposure before mitigation, while control effectiveness shows how well the firm reduces that exposure, allowing a meaningful view of residual risk.

The core concept is the difference between exposure and mitigation. Gross or inherent risk describes the financial-crime risk that exists because of factors such as customer type, product, geography, or distribution channel before controls are considered. Control effectiveness is a separate judgement about how well screening, CDD, monitoring, escalation, training, and governance reduce that exposure.

If a firm merges these too early, it can hide important differences. A business area with high inherent risk and strong controls may end up with a similar residual-risk score to an area with low inherent risk but weak controls, even though the management implications are very different. Separate assessment helps firms identify where exposure is naturally high, where controls are weak, and where remediation or enhanced oversight is needed.

The key takeaway is that residual risk is only meaningful when the underlying exposure and the quality of controls have been assessed distinctly.

• Automatic rejection: High inherent risk does not automatically mean the activity is outside appetite; firms often manage higher-risk areas through stronger controls and oversight.
• Wrong ownership of controls: Control effectiveness is mainly about the firm’s systems and processes, not a fixed characteristic of the customer.
• Backwards logic: Separate assessment does not remove the need to recalculate residual risk; changes in products, channels, or customers may change both exposure and control performance.

Inherent risk shows exposure before controls, while control effectiveness shows how far that exposure is reduced.

Question 6

Topic: Financial Crime Risk Management

A compliance analyst reviews the following internal note.

Internal note
- New corporate client introduced by relationship manager
- Client wants account opened before full beneficial ownership is provided
- Relationship manager asked onboarding to mark the case 'low risk' due to urgency
- Client has offered the relationship manager match tickets and a weekend hospitality package
- First funding is expected from an unrelated third-party company overseas

What is the best supported action for the firm?

• A. Open the account first and verify ownership after funding arrives
• B. Assume bribery and laundering are proven and report externally immediately
• C. Escalate through AML and staff-conduct channels before onboarding proceeds
• D. Treat it only as an employee hospitality issue and continue onboarding

Best answer: C

What this tests: Financial Crime Risk Management

Explanation: The note points to two linked risks: the client may be trying to misuse the firm, and a staff member may be helping or being influenced to weaken controls. Incomplete beneficial ownership, third-party overseas funding, and pressure to mark the case low risk all support escalation before onboarding continues.

The core concept is that firms must assess both external financial-crime threats and internal misconduct that could enable them. Here, the customer-side red flags are delayed beneficial ownership disclosure and expected funding from an unrelated overseas third party. The staff-side red flags are the request to downgrade the risk rating and the offer of significant hospitality to the relationship manager. Together, these facts suggest possible misuse of the firm combined with a risk that internal controls are being bypassed or influenced.

The strongest response is therefore to stop normal onboarding progression and escalate through both AML and employee-conduct channels. Treating this as only a customer issue or only a staff issue misses how insiders can facilitate external financial crime.

• Focusing only on hospitality misses the AML indicators in the ownership and funding information.
• Opening first and checking later ignores the need to resolve serious CDD concerns before the relationship proceeds.
• Treating criminal offences as already proven goes beyond the exhibit; the facts support escalation and review, not a final legal conclusion.

The note shows both customer misuse indicators and possible internal control compromise, so dual escalation is warranted before account opening.

Question 7

Topic: Financial Crime Risk Management

Why can a financial-services firm suffer significant reputational damage from a financial crime incident even when the direct financial loss is limited?

• A. Only customers who suffered the direct loss are likely to react.
• B. Reputation is affected mainly by the monetary amount lost.
• C. Stakeholders may see it as evidence of weak controls and poor governance.
• D. Reputational damage arises only if the firm is criminally convicted.

Best answer: C

What this tests: Financial Crime Risk Management

Explanation: The key issue is trust. A financial crime incident can suggest weak systems, poor oversight or an inadequate compliance culture, so customers, counterparties, regulators and the market may lose confidence even if the immediate loss is small.

Reputational damage in financial crime risk management is driven largely by perception of control failure rather than by the direct cash amount lost. If a firm is linked to money laundering, sanctions breaches, bribery, fraud or other misconduct, stakeholders may question its governance, monitoring, escalation and culture. That can lead to adverse publicity, regulatory scrutiny, client attrition and weaker counterparty confidence.

In practice, the reputational impact can stem from:

• doubts about the firm’s control environment
• concerns about senior management oversight
• media attention and public scrutiny
• loss of trust from customers and business partners

So the immediate financial loss may be limited, but the wider confidence impact can still be significant. The closest misconception is to treat reputational risk as simply a function of the amount lost.

• Monetary focus: Direct loss matters, but reputational damage is not measured only by the amount involved.
• Conviction test: A criminal conviction can worsen harm, but trust can be damaged well before any prosecution outcome.
• Narrow impact: Reputational issues usually extend beyond directly affected customers to regulators, investors, counterparties and the wider market.

Reputational harm often flows from lost confidence in a firm’s controls, culture and oversight, not just from the size of the immediate loss.

Question 8

Topic: Financial Crime Risk Management

Review the internal policy extract.

Front line: completes CDD, proposes customer risk rating, owns account-opening decisions.
Financial Crime Compliance: sets AML standards, challenges high-risk cases, monitors adherence.
Internal Audit: independently tests AML controls and reports assurance to the audit committee.
Proposal: "To reduce duplication, Financial Crime Compliance will also perform the annual independent AML control review."

Which action is best supported by the extract?

• A. Move account-opening decisions from the front line to Compliance.
• B. Keep the annual control review with Internal Audit, with front-line ownership and Compliance oversight unchanged.
• C. Let Compliance perform the annual independent AML control review.
• D. Require Internal Audit to challenge high-risk cases before onboarding.

Best answer: B

What this tests: Financial Crime Risk Management

Explanation: The extract sets out distinct roles for the front line, Compliance, and Internal Audit. The best action is to keep the annual AML control review with Internal Audit, because giving that review to Compliance would blur oversight and independent assurance.

Financial-crime governance works best when each line has a clear and separate role. The front line owns customer relationships and day-to-day control execution, including CDD and account-opening decisions. Compliance is the second line: it sets standards, challenges higher-risk cases, and monitors whether the business follows policy. Internal Audit is the independent assurance function: it tests whether controls are designed and operating effectively.

In the extract, the proposal would make Compliance both oversee AML controls and provide the “independent” review of those same controls. That weakens independence and reduces clear accountability. The best supported action is therefore to leave operational ownership with the front line, oversight with Compliance, and assurance with Internal Audit. Moving approvals into Compliance or involving Internal Audit in live case decisions would also blur these boundaries.

• Moving account-opening decisions to Compliance confuses oversight with operational ownership and weakens front-line accountability for financial-crime risk.
• Requiring Internal Audit to challenge high-risk cases before onboarding pushes Audit into day-to-day control activity, reducing its independence.
• Letting Compliance perform the annual independent review ignores the key fact that Compliance already monitors adherence, so the review would not be independent.

Independent assurance should stay separate from the function that sets standards and monitors adherence, while the front line keeps operational ownership.

Question 9

Topic: Financial Crime Risk Management

Review the internal escalation note.

Internal escalation note
- Screening vendor update failed from 3 to 18 January.
- 1,240 new and existing customers were not screened against updated sanctions data.
- 12 outbound payments totalling £410,000 were processed during that period.
- No confirmed sanctions match or customer complaint has yet been identified.
- Compliance recommends a full lookback review and senior management notification.

Which conclusion is best supported about the firm’s non-compliance risk?

• A. It is unlikely to create wider concern because the number of processed payments is relatively small.
• B. It becomes a significant compliance issue only if customers complain or suffer direct financial loss.
• C. It is mainly an operational incident until a confirmed sanctions match proves an actual breach.
• D. It already creates material non-compliance risk, including enforcement exposure, remediation cost, and possible customer, market, and reputational harm.

Best answer: D

What this tests: Financial Crime Risk Management

Explanation: The exhibit shows a significant sanctions-screening control failure, not a minor operational glitch. A large unscreened customer population and processed payments create exposure to enforcement, costly remediation, and reputational damage even though no confirmed match or complaint has yet emerged.

Non-compliance risk concerns the consequences of failing to meet legal or regulatory obligations, not just whether a completed breach has already been proved. Here, 1,240 customers were not screened against updated sanctions data and payments were processed before the failure was found. That creates a real risk of regulatory scrutiny, lookback work, remediation cost, and reputational damage from a weak control environment.

• A confirmed sanctions match would increase severity, but it is not needed for the incident to be material.
• The recommended lookback review itself signals likely remediation effort and governance escalation.
• Customer and market harm are also possible because ineffective sanctions controls can affect clients and undermine wider financial-system safeguards.

The key takeaway is that a control failure can generate serious non-compliance consequences before the full underlying exposure is known.

• Treating the issue as only operational until a match is confirmed ignores that regulators assess the control failure itself.
• Waiting for customer complaints is too narrow; customer harm is only one possible consequence of non-compliance.
• Focusing on the relatively small number of payments overlooks the large unscreened population and likely lookback costs.

A significant sanctions-control failure can create serious non-compliance consequences before any confirmed match or complaint is identified.

Question 10

Topic: Financial Crime Risk Management

Review the internal note.

Expansion campaign note
- Goal: increase non-resident business-account openings by 40% this half-year.
- Relationship managers' quarterly bonus is based mainly on number of accounts opened.
- Any proposal to decline a client for financial-crime reasons must be approved by the Regional Sales Director.
- The financial-crime committee meeting was postponed until after the campaign launch.

Which interpretation is best supported from a financial-crime risk-management perspective?

• A. The note shows a capacity issue, not a control weakness.
• B. Growth pressure, sales-led incentives and weak governance could increase risky onboarding.
• C. Sales approval for declines strengthens financial-crime governance.
• D. Non-resident firms need OFSI permission before account opening.

Best answer: B

What this tests: Financial Crime Risk Management

Explanation: The exhibit shows classic drivers of higher financial-crime risk: strong growth targets, incentives focused on account volume, and governance that lets sales influence crime-based decline decisions. Together, these can reduce independent challenge and make it easier for higher-risk customers to be accepted.

The core concept is that firms can create financial-crime risk through their own strategy, governance and remuneration design. Here, the business is under pressure to grow non-resident accounts quickly, relationship managers are rewarded mainly for opening volume, and a sales leader must approve decisions to reject clients for financial-crime reasons. That creates a conflict between commercial objectives and control decisions. The postponed financial-crime committee also suggests weakened oversight at the point the campaign starts.

In practice, this kind of setup can:

• discourage escalation of concerns
• bias decisions towards acceptance
• weaken independent challenge from control functions
• increase the chance of onboarding unsuitable clients

The key issue is not that non-resident clients are automatically prohibited, but that the firm’s control environment is being shaped by commercial pressure.

• Non-resident status does not by itself mean OFSI permission is required; the exhibit contains no sanctions match or designation.
• Senior sales review is not stronger governance when commercial management can influence whether a risky client is declined.
• Capacity only is too narrow; the bonus structure and approval process show a broader control and culture weakness, not just workload strain.

Commercial targets, volume-based bonuses, sales control over declines and delayed oversight all weaken independent financial-crime challenge.

Continue with full practice

Use the CISI CFC Practice Test page for the full Securities Prep route, mixed-topic practice, timed mock exams, explanations, and web/mobile app access.

Related focused pages

• Free CISI CFC Full-Length Practice Exam
• CISI CFC: The Background and Nature of Financial Crime
• CISI CFC: Money Laundering
• CISI CFC: Terrorist Financing
• CISI CFC: Bribery and Corruption
• CISI CFC: Fraud and Market Abuse
• CISI CFC: Tax Evasion
• CISI CFC: Financial Sanctions
• CISI CFC: The Role of the Financial Services Sector

Free review resource

Read the CISI CFC guide on SecuritiesMastery.com, then return to Securities Prep for timed practice.