CISI CFC: Fraud and Market Abuse

Topic snapshot

Sample questions

These questions are original Securities Prep practice items aligned to this topic area. They are designed for self-assessment and are not official exam questions.

Question 1

Topic: Fraud and Market Abuse

A surveillance analyst sees linked client accounts buying a thinly traded share shortly before a takeover rumour appears online. The price rises sharply, the accounts sell into the spike, and an internal log shows an employee viewed a confidential draft announcement without business need. Which response best applies a sound anti-financial-crime control principle?

• A. Wait for confirmation that insider dealing can be proven.
• B. Refresh customer due diligence and continue normal monitoring.
• C. Ask the clients for explanations before escalating internally.
• D. Escalate promptly, preserve records, and assess whether regulatory reporting is required.

Best answer: D

What this tests: Fraud and Market Abuse

Explanation: The combination of linked-account trading, a rumour-driven price move, and possible access to confidential information is a clear market-abuse red flag. The best response is prompt internal escalation, record preservation, and consideration of whether regulatory reporting is needed; firms should not wait for proof before acting.

This scenario contains several classic indicators of possible market abuse: coordinated trading, suspicious timing ahead of a rumour, rapid profit-taking, and a potential information leak from inside the firm. Applying a sound escalation and governance principle means the firm should treat these facts as sufficient suspicion to escalate immediately to the relevant compliance or market-abuse function, preserve trading and communications records, and assess whether external reporting, such as a STOR, is required. A firm does not need conclusive proof before escalating; it needs a defensible process for handling credible red flags. Routine customer due diligence or direct client contact may be considered later if appropriate, but they are not the first control response here. The key point is to escalate on suspicion, not to wait for certainty.

• Waiting for proof sets the threshold too high; suspicious patterns should be escalated when concerns arise, not only after misconduct is established.
• Asking clients first bypasses independent review and may compromise the firm’s assessment of the trading and any internal leak.
• Refreshing CDD is an AML control, but it does not address an immediate potential market-abuse event requiring escalation and evidence retention.

Suspicion created by the trading pattern, rumour timing, and possible information leak should trigger immediate escalation and record preservation.

Question 2

Topic: Fraud and Market Abuse

During an internal review at a UK trust company, compliance finds that a trustee transferred £25,000 from a beneficiary’s account to his own company to ease its cash flow. He was entrusted to safeguard the beneficiary’s interests and had authority to make payments on the account. Under the Fraud Act 2006, which offence is most clearly illustrated?

• A. Fraud by failing to disclose information
• B. Fraud by abuse of position
• C. Fraud by false representation
• D. No fraud under the Fraud Act 2006

Best answer: B

What this tests: Fraud and Market Abuse

Explanation: This is fraud by abuse of position because the trustee was in a role requiring him to protect the beneficiary’s financial interests and he used that position dishonestly for personal gain. The core feature is misuse of entrusted authority, not a lie on a form or a failure to disclose required information.

Fraud by abuse of position applies when someone occupies a position in which they are expected to safeguard another person’s financial interests and then dishonestly abuses that position to make a gain or cause a loss. In this scenario, the decisive facts are that the individual was a trustee, had legitimate authority over payments, and diverted money to his own company. That makes the misuse of trust and authority the heart of the misconduct.

Fraud by false representation would depend on a dishonest statement or implied representation being the key mechanism. Fraud by failing to disclose information would require a legal duty to disclose and a dishonest omission. Here, the clearest fit is abuse of position because the trusted role itself was exploited.

• False representation: This would focus on a dishonest statement or implied assertion; the stem instead centres on misuse of trustee authority.
• Failing to disclose: This requires a legal duty to reveal information and a dishonest omission; that is not the main mechanism described.
• No fraud: The Fraud Act 2006 expressly covers dishonest abuse of a position of trust for gain or to cause loss.

He dishonestly misused a trusted position in which he was expected to protect another person’s financial interests.

Question 3

Topic: Fraud and Market Abuse

A broker’s operations analyst can add a new client settlement bank account and, using an emergency override, release a withdrawal without a second approver. Clients calling the service desk are authenticated using only account number and date of birth. Which feature most materially increases the firm’s fraud exposure?

• A. The use of a new settlement account is inherently suspicious even if normal controls work properly.
• B. A single user can alter destination details and bypass dual authorisation, while client authentication is weak.
• C. The main issue is the telephone channel, because withdrawal instructions should never be accepted by phone.
• D. Emergency override capability mainly increases processing-error risk rather than deliberate fraud risk.

Best answer: B

What this tests: Fraud and Market Abuse

Explanation: The strongest fraud risk comes from combining privileged access, override capability, and weak authentication. That setup can let one person change where money goes and release it without effective challenge, or allow an impersonator to pass simple checks.

The core concept is control bypass. Fraud exposure rises sharply when one person can both amend payment destination details and override the normal second-approval control. Weak client authentication adds another route for abuse, because an external fraudster could impersonate the client and trigger the change, while the insider access and override rights make it easier to complete the withdrawal. Together, those facts weaken segregation of duties and maker-checker controls, which are key anti-fraud defences.

A new settlement account or a telephone instruction may be higher-risk features, but they do not by themselves create the same exposure if robust verification and independent authorisation remain in place. The key issue is the ability to bypass challenge and release funds.

• Treating a new settlement account as automatically suspicious confuses a risk indicator with the real control failure.
• Focusing only on the telephone channel misses that phone instructions can be managed if verification is strong.
• Saying override rights mainly create error risk understates how they can defeat maker-checker controls and enable intentional fraud.

This combination undermines segregation of duties and makes both insider fraud and client impersonation easier.

Question 4

Topic: Fraud and Market Abuse

A UK wealth manager allows one operations employee to amend client payee details, approve payments below £20,000, and complete the daily cash reconciliation. Several small transfers have been sent to a newly added payee, and no independent check was performed when the payee details were changed. Which control improvement would best reduce the fraud risk?

• A. Increase the payment approval limit so fewer transactions need escalation
• B. Split payee maintenance, payment approval, and reconciliation between different staff, with independent review of payee changes
• C. Rely on annual fraud-awareness training for the operations employee
• D. Ask external audit to test a sample of payments at year-end

Best answer: B

What this tests: Fraud and Market Abuse

Explanation: The main fraud risk is that one person controls the data, the approval, and the reconciliation, allowing a false payee to be created, paid, and then concealed. Segregation of duties plus independent review of standing data changes is the strongest preventive control.

This scenario shows a classic internal fraud vulnerability: the same employee can change payment data, authorise transfers, and then reconcile the account. Strong controls reduce fraud risk because they make it harder for one person to both commit and hide a fraud. Separating duties creates a maker-checker process, and independent review of payee or standing-data changes helps detect unauthorised amendments before money leaves the firm.

A good control design here would ensure that:

• one person changes payee details
• another approves the change
• a different person approves the payment or performs the reconciliation

Training and audit can support the control environment, but they do not remove the immediate opportunity for a single employee to manipulate the full payment process. The key takeaway is that preventive controls over data, approvals, and reconciliation are stronger than retrospective checks alone.

• Higher limits: raising approval limits weakens oversight and gives the same employee more scope to make unauthorised payments.
• Training only: awareness training is useful, but it does not fix the specific control failure that lets one person initiate and conceal fraud.
• Year-end audit testing: external audit is retrospective and sample-based, so it is less effective at preventing ongoing payment fraud in real time.

This directly addresses the control weakness by separating key duties and adding an independent check over sensitive data changes.

Question 5

Topic: Fraud and Market Abuse

A firm’s payment process requires one employee to create a new supplier, a manager to approve the payment instruction, and a separate finance team to compare daily bank movements with the ledger. Which fraud-prevention control is this most clearly demonstrating?

• A. Reconciliation
• B. Data validation
• C. Segregation of duties
• D. Dual authorisation

Best answer: C

What this tests: Fraud and Market Abuse

Explanation: This is most clearly segregation of duties. By splitting supplier setup, payment approval, and independent checking across different people, the firm reduces the chance that one individual can both carry out and hide a fraud.

Segregation of duties means dividing incompatible tasks between different people or teams, such as setup, approval, execution, and review. In the stem, supplier creation, payment approval, and bank-to-ledger checking are deliberately separated. That reduces fraud risk because an employee trying to create a false supplier or unauthorised payment cannot also control every later step needed to release funds and conceal the activity.

Reconciliation does appear in the process, but it is only one checking stage within a wider control design. The main safeguard being described is the separation of responsibilities across the process. The key point is that fraud becomes harder when no single person can initiate, approve, and hide the same transaction.

• Reconciliation is the comparison of records to identify differences, but here it is only one part of a broader control structure.
• Data validation checks whether information is complete, logical, or correctly formatted; it does not separate responsibilities between staff.
• Dual authorisation focuses on requiring two approvals for a step, but the stem goes further by splitting setup, approval, and review across different parties.

It separates initiation, approval, and checking so one person cannot easily perpetrate and conceal a fraudulent payment.

Question 6

Topic: Fraud and Market Abuse

An internal audit team reviews the payments process at an investment firm.

Exhibit:

Internal audit note
- Client bank details can be amended by any payments analyst.
- Withdrawals up to £20,000 can be released by the same analyst if the team leader is unavailable.
- End-of-day payment reconciliation is completed by the analyst who processed the withdrawal.
- Standing-data changes are logged, but no one independently reviews the log.

Based on the exhibit, which interpretation is best supported?

• A. One analyst could change bank details, release a withdrawal, and reconcile it, allowing fraudulent diversion to be hidden.
• B. The main issue is sanctions exposure, because amended bank details must always trigger external screening.
• C. The only material weakness is the £20,000 approval threshold; reconciliation can stay with the same analyst.
• D. The log of standing-data changes means the fraud risk is already adequately controlled.

Best answer: A

What this tests: Fraud and Market Abuse

Explanation: The exhibit shows incompatible duties concentrated in one individual: changing bank details, potentially releasing a payment, and reconciling it afterwards. That combination can let an employee create a false payment path and then conceal it, which is why strong data controls, approvals, reconciliation, and segregation of duties reduce fraud risk.

This is a classic internal fraud-control weakness. Standing data such as client bank details is highly sensitive because changing it can redirect legitimate payments to a fraudster-controlled account. If the same person can also release the withdrawal and then perform the reconciliation, there is no independent check at the key stages where fraud could be created and hidden.

Strong anti-fraud controls usually separate these activities:

• one person amends standing data
• another independently approves or verifies the change
• payment release is separately authorised
• reconciliation is performed by someone not involved in processing

A log helps only as a detective record, and here it is weaker still because no one independently reviews it. The threshold detail matters, but the broader control failure is the lack of segregation and independent review across the whole process.

• Logged changes are not enough: an audit trail helps after the event, but without independent review it does not stop or promptly detect a fraudulent amendment.
• Sanctions is an over-inference: the exhibit is about payment-processing control weaknesses and fraud opportunity, not a sanctions-screening failure.
• Threshold alone misses the point: even if the approval limit were changed, letting the same analyst reconcile their own payments still weakens fraud detection.

The exhibit shows weak standing-data control, weak approval segregation, and non-independent reconciliation concentrated in one person.

Question 7

Topic: Fraud and Market Abuse

At a wealth manager, one operations supervisor can reset client portal passwords, amend client bank details and approve “urgent” withdrawal overrides. The role currently uses only a password, and override use is checked only by post-event sampling. Which action best applies a risk-based anti-fraud principle?

• A. Keep the setup but require monthly self-attestation
• B. Increase CDD on clients requesting withdrawals
• C. Add MFA, separate duties, and independently review override use
• D. Rely on end-of-day exception reports for urgent payments

Best answer: C

What this tests: Fraud and Market Abuse

Explanation: The main fraud risk comes from concentrated insider power combined with weak authentication. A risk-based response is to strengthen access controls, reduce the ability of one person to complete the whole activity, and ensure override use is independently visible and reviewable.

This scenario involves high-risk privileged access: one employee can reset credentials, change payment details and approve an override, all protected only by a password. That combination materially increases fraud exposure because it enables both unauthorised action and concealment. The best application of a risk-based anti-financial-crime principle is to strengthen authentication, introduce segregation of duties and subject overrides to independent logging and review.

These controls address the core risk at source:

• strong authentication reduces account compromise or misuse
• segregation of duties limits single-person control
• independent review makes override activity transparent and challengeable

Measures aimed only at customers or only at after-the-event monitoring do not adequately control this insider-risk pattern.

• Customer focus misplaced: extra CDD on clients does not address the employee’s privileged access or weak authentication.
• Self-certification is weak: monthly attestation relies on the same individual and provides little effective challenge.
• Detective control only: end-of-day reports may help monitoring, but they are not enough when one person can initiate and approve high-risk changes.

Privileged access plus override capability requires stronger preventive controls, not just after-the-event checking.

Question 8

Topic: Fraud and Market Abuse

A firm’s internal escalation note states:

Role: Client-services administrator
Authority: may amend payment details for elderly clients
Findings:
- changed a client's income-payment account to one in his own name
- no client instruction or power of attorney on file
- processed two payments using his normal system access
- role required him to safeguard client account details

Under the UK Fraud Act 2006, which offence is best supported by this note?

• A. Fraud by failing to disclose information
• B. Fraud by false representation
• C. Theft only, with no evidence of fraud
• D. Fraud by abuse of position

Best answer: D

What this tests: Fraud and Market Abuse

Explanation: The strongest fit is fraud by abuse of position. The decisive fact is that the employee held a trusted role and used that position to divert client payments for his own benefit.

Fraud by abuse of position applies where someone occupies a position in which they are expected to safeguard another person’s financial interests, and dishonestly abuses that position intending to make a gain or cause a loss. Here, the administrator was specifically entrusted to amend payment details for elderly clients and protect their account information, yet changed the destination account to one in his own name and used his normal access to process payments. That trusted-role element is what makes abuse of position the best-supported interpretation.

False representation would require the case to depend mainly on a dishonest statement or misleading impression, and failing to disclose would require a relevant legal duty to reveal information. The exhibit instead centres on misuse of entrusted authority. The closest distractor is theft, but the facts more precisely match the Fraud Act offence built around breach of a position of trust.

• False representation: this would turn on a dishonest statement or misleading impression, but the exhibit’s key fact is misuse of authorised access in a trusted role.
• Failing to disclose: this requires a duty to disclose particular information; the note does not make non-disclosure the central conduct.
• Theft only: taking money may be involved, but the facts go further by showing exploitation of a role meant to protect the client.

The note shows a trusted employee misusing authorised access in a role where he was expected to protect the client’s interests.

Question 9

Topic: Fraud and Market Abuse

Which statement best explains why firms use watchlists and restricted lists alongside surveillance and escalation processes in market-abuse controls?

• A. To rank securities by prudential market-risk exposure for capital purposes
• B. To identify customers who require enhanced due diligence under AML rules
• C. To flag securities where inside information may exist, so trading can be monitored, restricted, and escalated if concerns arise
• D. To record instruments that are subject to financial sanctions and asset freezes

Best answer: C

What this tests: Fraud and Market Abuse

Explanation: Watchlists and restricted lists are market-abuse tools, not AML, sanctions, or prudential-risk lists. Their purpose is to highlight securities linked to possible inside information so firms can apply surveillance, restrict dealing where needed, and escalate concerns promptly.

The core concept is prevention and detection of insider dealing and other market-abuse risks. A watchlist helps a firm identify securities connected to confidential or potentially price-sensitive matters. A restricted list goes further by limiting or prohibiting certain trading or related activity in those securities. Surveillance then monitors behaviour for unusual patterns, and escalation ensures concerns are reviewed by the right control function quickly.

Together, these controls reduce the risk that inside information is misused or improperly disclosed. The closest distractors confuse market-abuse controls with AML, sanctions, or prudential frameworks, which serve different purposes.

• AML confusion: Enhanced due diligence applies to customer financial-crime risk, such as PEPs or higher-risk clients, not to securities linked to inside information.
• Sanctions confusion: Sanctions lists target designated persons, entities, or restricted dealings, not issuer-specific insider-dealing risk.
• Prudential confusion: Capital and market-risk rankings support balance-sheet and regulatory-capital management, not market-abuse surveillance.

These controls help firms identify heightened insider-dealing risk and respond through monitoring, restrictions, and escalation.

Question 10

Topic: Fraud and Market Abuse

What best describes the broad purpose of the UK Fraud Act 2006?

• A. To absorb fraud into theft law and remove the need to assess dishonesty.
• B. To limit fraud offences to cases where a victim has already suffered actual financial loss.
• C. To create a single criminal offence covering all financial crime, including bribery and insider dealing.
• D. To simplify fraud offences around dishonest conduct intended to secure gain or cause loss.

Best answer: D

What this tests: Fraud and Market Abuse

Explanation: The Fraud Act 2006 was designed to modernise and simplify fraud law. Its broad purpose is to focus on dishonest behaviour aimed at making a gain or causing, or exposing another to the risk of, a loss, rather than relying on a patchwork of older deception offences.

The core idea behind the UK Fraud Act 2006 is simplification of fraud law. Instead of relying mainly on older deception-based offences, it organises fraud around dishonest conduct and the intention to make a gain for oneself or another, or to cause loss or risk of loss to another. In practice, this supports a broader and more workable framework for fraud offences, including fraud by false representation, by failing to disclose information, and by abuse of position.

A key point is that the law is not limited to situations where loss has already happened. The dishonest intent and the gain-or-loss objective are central. It also does not replace other financial-crime regimes such as bribery or insider dealing, which remain separate offences under different laws.

The closest trap is the idea that actual loss must already be proved, which is too narrow.

• Actual loss required: This is too narrow. The Act is built around dishonest intent linked to gain or loss, not only completed financial harm.
• Same as theft law: This is incorrect because the Act modernised fraud offences; dishonesty remains important rather than being removed.
• Catch-all financial crime law: This overstates the Act. Bribery and insider dealing are separate offences under different legal regimes.

The Act modernised fraud law by focusing on dishonest behaviour and intended gain-or-loss outcomes rather than older, narrower deception offences.

Continue with full practice

Use the CISI CFC Practice Test page for the full Securities Prep route, mixed-topic practice, timed mock exams, explanations, and web/mobile app access.

Related focused pages

• Free CISI CFC Full-Length Practice Exam
• CISI CFC: The Background and Nature of Financial Crime
• CISI CFC: Money Laundering
• CISI CFC: Terrorist Financing
• CISI CFC: Bribery and Corruption
• CISI CFC: Tax Evasion
• CISI CFC: Financial Sanctions
• CISI CFC: Financial Crime Risk Management
• CISI CFC: The Role of the Financial Services Sector

Free review resource

Read the CISI CFC guide on SecuritiesMastery.com, then return to Securities Prep for timed practice.