Try 50 free CISI CFC questions across the exam domains, with answers and explanations, then continue in Securities Prep.
This free full-length CISI CFC practice exam includes 50 original Securities Prep questions across the exam domains.
The questions are original Securities Prep practice questions aligned to the exam outline. They are not official exam questions and are not copied from any exam sponsor.
Count note: this page uses the full-length practice count maintained in the Mastery exam catalog. Some exam sponsors publish total questions, scored questions, duration, or unscored/pretest-item rules differently; always confirm exam-day rules with the sponsor.
For concept review before or after this set, use the CISI CFC guide on SecuritiesMastery.com.
| Item | Detail |
|---|---|
| Issuer | CISI |
| Exam route | CISI CFC |
| Official exam name | Combating Financial Crime |
| Full-length set on this page | 50 questions |
| Exam time | 60 minutes |
| Topic areas represented | 9 |
| Topic | Approximate official weight | Questions used |
|---|---|---|
| The Background and Nature of Financial Crime | 5% | 5 |
| Money Laundering | 8% | 8 |
| Terrorist Financing | 4% | 4 |
| Bribery and Corruption | 6% | 6 |
| Fraud and Market Abuse | 4% | 4 |
| Tax Evasion | 4% | 4 |
| Financial Sanctions | 4% | 4 |
| Financial Crime Risk Management | 8% | 8 |
| The Role of the Financial Services Sector | 7% | 7 |
Topic: The Role of the Financial Services Sector
Which statement best explains why a customer may require stronger sanctions controls even if its name is not on a sanctions list?
Best answer: B
What this tests: The Role of the Financial Services Sector
Explanation: Sanctions risk is not limited to exact name matches. A customer may still need stronger controls if a designated person owns or controls it, because firms must assess indirect exposure as well as the customer’s own name.
The core concept is sanctions ownership and control. Firms should not rely only on exact name matching against a sanctions list. An entity can still create sanctions risk if a designated person owns or controls it, so stronger controls may be needed to identify beneficial owners, understand control rights, and monitor for indirect exposure. This is also why complex ownership structures often prompt enhanced due diligence: the more layers or opaque arrangements there are, the harder it can be to see who really stands behind the customer. A PEP connection, suspicious activity review, or overseas status may raise other risks, but they do not by themselves explain why an apparently unlisted customer could still be caught by sanctions rules.
Sanctions exposure can arise indirectly through ownership or control by a designated person, so firms must look beyond simple name screening.
Topic: Tax Evasion
A firm wants a reporting function that allows staff to raise concerns that a colleague or third-party intermediary may be helping a client evade tax, even where no money-laundering suspicion has yet arisen. Which control best matches this function?
Best answer: B
What this tests: Tax Evasion
Explanation: The best match is a specific internal escalation route for suspected tax-evasion facilitation. Firms may detect facilitation concerns before any proceeds-of-crime or suspicious-activity threshold is reached, so legal and compliance need a route to assess exposure and trigger the firm’s prevention procedures.
Suspected tax-evasion facilitation is not the same as a money-laundering suspicion. A member of staff may spot behaviour, advice, or documentation suggesting that a colleague, agent, or intermediary is helping a client evade tax before there is enough information to suspect criminal property or make an AML-focused report. That is why firms need a dedicated escalation route to legal and compliance: it allows the concern to be assessed, evidence to be preserved, relevant managers to be involved, and action to be taken under the firm’s tax-evasion prevention framework.
A SAR route to the MLRO may still become relevant later, but it does not replace a process for escalating facilitation risk itself. The key point is that tax-evasion facilitation controls must exist alongside AML reporting, not only within it.
This is the control that lets legal/compliance assess suspected tax-evasion facilitation even before any AML suspicion requiring a SAR exists.
Topic: The Role of the Financial Services Sector
A UK wealth manager outsources transaction monitoring to a specialist provider and has an experienced MLRO. Internal audit finds that alerts on high-risk overseas payments were switched off for three months, and senior management received no management information on the control. The CEO says responsibility sits with the provider and the MLRO because they run the process. What is the single best assessment?
Best answer: D
What this tests: The Role of the Financial Services Sector
Explanation: Senior management can delegate tasks, but not ultimate responsibility for ensuring effective financial-crime systems and controls. In this scenario, the lack of oversight, missing management information, and failure in an outsourced control all point back to senior management accountability.
The core concept is governance accountability. Firms may appoint an MLRO and outsource operational controls, but senior management must still ensure those arrangements are properly designed, resourced, monitored, and challenged. Here, the control failure was not just that alerts were switched off; it was also that senior management received no management information on a key financial-crime control. That shows weak oversight.
Senior management should ensure:
The MLRO and provider have important roles, but neither removes senior management’s duty to ensure the overall framework is effective.
Delegating tasks to an MLRO or third party does not remove senior management’s responsibility to ensure financial-crime systems and controls are effective.
Topic: Financial Crime Risk Management
A firm’s financial-crime committee reviews this extract from its segment risk register:
Segment: International correspondent banking
Gross/inherent risk: High
Control effectiveness: Strong
Residual risk: Medium
Review note: "Given the strong controls, lower the inherent-risk rating to medium at the next update."
Which interpretation is best supported?
Best answer: C
What this tests: Financial Crime Risk Management
Explanation: Inherent risk reflects the exposure created by the activity itself before controls. The exhibit supports keeping that rating high while recording strong control effectiveness separately, because the medium residual risk depends on those controls continuing to work well.
The key concept is that gross or inherent risk and control effectiveness measure different things. Inherent risk is the financial-crime exposure that exists because of the business activity, customer type, geography or product, assuming no mitigation. Control effectiveness is a separate judgement about how well measures such as EDD, screening and monitoring reduce that exposure.
In the exhibit, international correspondent banking still carries high inherent risk because of its nature. Strong controls may justify a medium residual risk, but they do not make the underlying exposure medium. Assessing the two separately helps management see both the true exposure and how dependent the current risk position is on controls remaining effective. If the inherent score were lowered, that dependency would be obscured. The closest mistake is to confuse residual risk with inherent risk.
Strong controls can reduce residual risk, but they do not change the segment’s underlying exposure before controls.
Topic: Financial Sanctions
A firm’s sanctions screening control compares customer names, beneficial ownership links, counterparties, payment messages and other identifiers with relevant sanctions data. Which function does this control primarily perform?
Best answer: D
What this tests: Financial Sanctions
Explanation: Sanctions screening is designed to detect possible matches to designated persons, entities, or ownership/control connections using names, payment data, and related identifiers. Its purpose is to help the firm stop, reject, freeze, or escalate activity before it breaches sanctions restrictions.
The core concept is that sanctions screening is a preventive list-matching control. By checking names, aliases, ownership links, counterparties, and payment data against sanctions information, a firm can identify possible links to designated persons or entities before entering a relationship or processing a transaction. That allows the firm to investigate alerts and, where necessary, block or escalate activity so that funds or economic resources are not made available in breach of sanctions.
This is different from AML transaction monitoring, which looks for suspicious behavioural patterns, and from CDD or PEP checks, which assess customer risk rather than sanctions prohibitions. The key takeaway is that sanctions screening is about detecting potential sanctions exposure early enough to prevent prohibited dealings.
Sanctions screening is a preventive matching control used to identify possible designated-person or ownership/control hits for escalation before business or payments proceed.
Topic: Financial Crime Risk Management
In UK financial-crime risk management, which statement best describes the purpose of a public-private partnership initiative such as the Joint Money Laundering Intelligence Taskforce (JMLIT)?
Best answer: D
What this tests: Financial Crime Risk Management
Explanation: A public-private partnership such as JMLIT exists to improve firms’ ability to detect and respond to financial crime through intelligence and typology sharing. It can strengthen internal controls, but each firm still has to maintain its own risk assessment, monitoring, escalation, and reporting processes.
The core concept is that typology sharing and public-private partnership initiatives help firms recognise emerging threats and improve their controls, but they do not replace internal accountability. In practice, an initiative such as JMLIT allows firms and law enforcement to exchange intelligence, red-flag patterns, and practical insights that may sharpen transaction monitoring, customer risk assessment, and investigation quality.
A firm must still:
That is why the intelligence-sharing description is the best match. Guidance bodies, regulators, and SAR-receiving authorities each have different functions.
Public-private partnerships support better detection through shared insight, but they do not transfer a firm’s AML responsibilities.
Topic: Money Laundering
A wealth-management group operates in several countries. A regional office suggests booking non-resident corporate clients through the country with the least demanding local AML checks, even though the clients will be serviced across the group. Which response best reflects the purpose of international AML standards?
Best answer: C
What this tests: Money Laundering
Explanation: International AML standards aim to reduce jurisdictional arbitrage by creating a common baseline of controls across markets. In this scenario, a group-wide minimum standard for CDD and monitoring stops clients being routed to the weakest regime while still allowing stricter local requirements to be applied.
The core concept is jurisdictional arbitrage: shifting customers or activity to the place with the weakest AML requirements. International AML standards, such as those promoted by FATF, exist to reduce that gap by raising baseline expectations across jurisdictions for controls like CDD, beneficial ownership checks, record keeping, and ongoing monitoring. In a cross-border firm, the best application is a group-wide minimum standard that applies consistently to comparable risks, with stricter local legal requirements added where necessary.
Relying only on the least demanding local rule would defeat the purpose of international standards.
International AML standards are designed to prevent business being routed through the weakest regime by setting a common baseline of risk-based controls.
Topic: The Background and Nature of Financial Crime
Which body best matches this description: it publishes UK financial-sector AML and CFT guidance approved by HM Treasury, which firms use to interpret good practice, but it does not itself supervise firms or prosecute offences?
Best answer: A
What this tests: The Background and Nature of Financial Crime
Explanation: The correct match is the Joint Money Laundering Steering Group. Its role is to provide industry guidance on AML/CFT compliance in the UK, whereas supervision, criminal intelligence handling, and sanctions enforcement sit with different bodies.
This question tests the distinction between a quasi-governmental guidance body and formal state authorities. The Joint Money Laundering Steering Group produces sector guidance used by UK financial-services firms to understand and apply AML/CFT obligations, and that guidance may be approved by HM Treasury. However, JMLSG does not supervise firms, investigate criminal conduct, or enforce sanctions.
By contrast, the Financial Conduct Authority is a regulator and supervisor, the National Crime Agency is a law-enforcement body that receives and develops financial-crime intelligence, and the Office of Financial Sanctions Implementation helps implement and enforce UK financial sanctions. The key takeaway is that guidance-setting and regulatory or enforcement powers are not the same function.
The JMLSG issues HM Treasury-approved industry guidance on AML/CFT, but it is not a regulator, prosecutor, or sanctions authority.
Topic: The Role of the Financial Services Sector
In a firm’s financial-crime framework, which function is expected to advise on control design, monitor adherence to AML and sanctions procedures, challenge the business where weaknesses are found, and recommend improvements?
Best answer: D
What this tests: The Role of the Financial Services Sector
Explanation: The compliance function is the best match because it is the second line responsible for advising on financial-crime controls, monitoring their operation, and challenging weaknesses. It also supports continuous improvement by recommending remediation and policy enhancements.
The core concept is second-line oversight. In most firms, the compliance function helps design AML, CFT, sanctions and other financial-crime frameworks, monitors whether the first line is following them, and provides independent challenge where controls are weak or inconsistently applied. It also helps improve the framework by recommending policy changes, training, monitoring enhancements and remediation actions.
The business owns and operates the controls day to day, so it is not the independent challenger. Internal audit is different again: it provides periodic third-line assurance over the effectiveness of governance and controls. The MLRO has important AML responsibilities, especially around suspicious activity reporting and liaison, but that is narrower than the broader compliance function described here.
The key distinction is ongoing second-line monitoring and challenge.
Compliance is the second-line function that helps design controls, monitors adherence, challenges the first line, and drives remediation.
Topic: Financial Sanctions
Which statement best describes targeted financial sanctions?
Best answer: C
What this tests: Financial Sanctions
Explanation: Targeted financial sanctions are restrictive measures aimed at specific listed persons, entities, or sometimes sectors. Their core effect is to freeze assets and prevent funds or economic resources being made available, rather than to regulate prudential soundness or wider conduct offences.
The core concept is that targeted financial sanctions are focused legal restrictions aimed at designated persons or entities. In practice, firms must identify sanctioned targets, freeze relevant assets, and ensure they do not make funds or economic resources available directly or indirectly. That is different from AML reporting duties, which concern suspicion of criminal property or money laundering; prudential rules, which deal with firm safety and resilience; and conduct rules, which address behaviour such as insider dealing or market manipulation.
Sanctions are therefore preventive and restrictive in nature, not simply a general criminal, prudential, or market-conduct control. The closest confusion is often AML reporting, but suspicious activity obligations and sanctions obligations are separate regimes.
Targeted financial sanctions focus on designated persons or entities by freezing assets and preventing funds or economic resources from being made available to them.
Topic: Fraud and Market Abuse
During an internal review at a UK trust company, compliance finds that a trustee transferred £25,000 from a beneficiary’s account to his own company to ease its cash flow. He was entrusted to safeguard the beneficiary’s interests and had authority to make payments on the account. Under the Fraud Act 2006, which offence is most clearly illustrated?
Best answer: A
What this tests: Fraud and Market Abuse
Explanation: This is fraud by abuse of position because the trustee was in a role requiring him to protect the beneficiary’s financial interests and he used that position dishonestly for personal gain. The core feature is misuse of entrusted authority, not a lie on a form or a failure to disclose required information.
Fraud by abuse of position applies when someone occupies a position in which they are expected to safeguard another person’s financial interests and then dishonestly abuses that position to make a gain or cause a loss. In this scenario, the decisive facts are that the individual was a trustee, had legitimate authority over payments, and diverted money to his own company. That makes the misuse of trust and authority the heart of the misconduct.
Fraud by false representation would depend on a dishonest statement or implied representation being the key mechanism. Fraud by failing to disclose information would require a legal duty to disclose and a dishonest omission. Here, the clearest fit is abuse of position because the trusted role itself was exploited.
He dishonestly misused a trusted position in which he was expected to protect another person’s financial interests.
Topic: The Role of the Financial Services Sector
A UK investment firm finds that several high-risk overseas clients were onboarded without documented EDD, and sanctions alerts were closed with no recorded rationale. Internal audit confirms the control weaknesses. The CEO says the MLRO, who is also the nominated officer, should be solely responsible for fixing the problem. What is the single best answer?
Best answer: B
What this tests: The Role of the Financial Services Sector
Explanation: The key point is governance accountability. Appointing an MLRO or nominated officer does not transfer overall responsibility for financial-crime systems and controls away from directors and senior management, who must ensure weaknesses are remediated properly.
This tests the division of responsibility in financial-crime governance. In a firm with failed EDD and poor sanctions-alert handling, directors and senior management remain responsible for ensuring effective controls, resourcing remediation, and setting the right governance framework. The MLRO and nominated officer have important oversight, escalation, and reporting duties, especially around suspicious activity, but they are not a substitute for senior management accountability. Relevant control functions support the framework in different ways: compliance advises and challenges, and internal audit provides independent assurance rather than running the controls.
The closest misconception is treating the MLRO as the sole owner of AML failures, which confuses oversight duties with overall governance responsibility.
Overall accountability for financial-crime systems and controls stays with directors and senior management, even where the MLRO also acts as nominated officer.
Topic: Fraud and Market Abuse
A UK broker-dealer is owned by a parent company listed in the US. An internal review finds that senior finance staff can post late revenue adjustments without independent approval, and the audit trail is incomplete. Which response best aligns with the broad purpose of the Sarbanes-Oxley Act 2002?
Best answer: C
What this tests: Fraud and Market Abuse
Explanation: The best answer is the one that strengthens internal control over financial reporting and assigns clear management responsibility. Sarbanes-Oxley was introduced to improve governance, control effectiveness, and confidence in the accuracy of corporate reporting, not to rely mainly on year-end audit work or unrelated AML measures.
The core idea behind the Sarbanes-Oxley Act 2002 is stronger governance and more reliable financial reporting through documented controls, management accountability, and testing of internal control over financial reporting. In this scenario, the real weakness is that revenue adjustments can be made without independent approval and with a poor audit trail, which creates obvious fraud and misstatement risk. The response that best fits SOX is therefore to formalise those controls, test whether they operate effectively, and remediate gaps under clear executive ownership.
A year-end external audit is important, but it is not a substitute for robust internal controls. Likewise, customer due diligence addresses AML risk rather than reporting integrity, and a broad ethics attestation does not replace specific control design and evidence. The key takeaway is that SOX focuses on governance and control discipline around accurate reporting.
Sarbanes-Oxley is designed to strengthen internal control over financial reporting and make senior management accountable for its integrity.
Topic: Money Laundering
A UK investment firm is updating its country-risk policy after FATF places Jurisdiction A on its high-risk list and Jurisdiction B under increased monitoring. Neither jurisdiction is subject to separate UN or OFSI sanctions. Which policy statement best applies the purpose of these FATF designations?
Best answer: D
What this tests: Money Laundering
Explanation: FATF high-risk and increased-monitoring designations are country-risk alerts within the AML/CFT framework. Their purpose is to help firms and supervisors apply a risk-based response, such as enhanced due diligence and increased scrutiny, not to create automatic sanctions-style prohibitions.
The core concept is the FATF risk-based approach. When FATF identifies a jurisdiction as high-risk or under increased monitoring, it is signalling strategic AML/CFT deficiencies that should feed into a firm’s country-risk assessment, onboarding controls, and ongoing monitoring. A jurisdiction under increased monitoring is not automatically off-limits; it is one that has recognised deficiencies and is working on an action plan. A high-risk designation may justify stronger measures and, where applicable law or regulatory direction requires it, countermeasures.
In practice, firms should:
The key distinction is that FATF designations inform AML control intensity, whereas sanctions regimes create legal restrictions such as asset freezes or prohibitions.
FATF designations highlight strategic AML/CFT deficiencies, so firms should reflect them in risk assessment and controls rather than treat them as automatic prohibitions.
Topic: The Role of the Financial Services Sector
A securities firm onboarded an overseas corporate client under time pressure. The file contains the company name and registration number, but no verified beneficial owners, no expected account activity, and no countries of operation. Soon after, the account starts sending payments through new jurisdictions, and sanctions screening produces a possible match on an individual linked to the company. Which action best applies a sound CDD principle?
Best answer: D
What this tests: The Role of the Financial Services Sector
Explanation: CDD is the foundation for later controls. Without verified ownership and an expected activity profile, the firm cannot properly judge unusual transactions, resolve sanctions matches, or make strong escalation and reporting decisions.
The core principle is that ongoing monitoring and sanctions controls are only as effective as the customer data behind them. For a corporate client, the firm needs reliable information on beneficial ownership, control, expected activity, and relevant geographies. Those details create the baseline used to judge whether transactions are unusual and whether a sanctions alert on a linked person is meaningful.
Here, the right response is to remediate the CDD and then reassess the customer’s risk and the existing alerts. If the foundation data is missing, monitoring outputs are harder to interpret, suspicious activity decisions are weaker, and sanctions exposure may be missed or unresolved.
Good CDD is therefore not separate from monitoring and screening; it enables them.
Effective monitoring, reporting, and sanctions screening depend on complete CDD, so the missing core information should be obtained and used to reassess the customer and alerts.
Topic: Financial Crime Risk Management
A bank is assessing a proposed new relationship.
Internal product review
Business line: Correspondent banking
Service: Cross-border GBP and USD payment clearing for another bank
Respondent's customers: money service businesses and smaller banks
Nested activity: payments may be routed for affiliate banks
Visibility: originator and beneficiary details are not always available at initial screening
Which interpretation is best supported?
Best answer: A
What this tests: Financial Crime Risk Management
Explanation: The exhibit highlights classic correspondent banking risk drivers: cross-border clearing, nested relationships, and incomplete visibility of the underlying originator and beneficiary. Those features increase AML and sanctions exposure because the bank may process payments for parties it does not know directly.
The core concept is that different business lines carry different inherent financial-crime risks because of how much transparency and control a firm has over the underlying activity. In this exhibit, correspondent banking is higher risk because the bank is not simply dealing with one known customer; it may be processing payments for that bank’s own customers and even other banks through nested arrangements. Limited visibility of originator and beneficiary data makes it harder to screen effectively, detect suspicious activity, and manage sanctions exposure.
That is why firms typically treat this type of relationship as requiring enhanced due diligence, stronger onboarding controls, and closer ongoing monitoring. The closest distractor is the idea that a regulated-bank counterparty makes the relationship low risk, but the exhibit shows the real issue is reduced transparency over downstream parties and transactions.
Correspondent banking with nested activity and limited payment transparency creates higher AML and sanctions risk, supporting enhanced due diligence.
Topic: Financial Sanctions
A UK payment firm’s policy says parties on the sanctions list, and entities 50% or more owned by them, must be blocked and escalated. After repeated data-feed failures, operations staff keep a local spreadsheet of sanctioned names and apply ad hoc “suppress future alerts” overrides without second-line approval or periodic review. A payment to a company 60% owned by a designated person is later processed because the spreadsheet was outdated. What is the single best explanation of why this setup is weak?
Best answer: A
What this tests: Financial Sanctions
Explanation: The core weakness is loss of control effectiveness. A local spreadsheet and unsupported alert suppressions can become outdated, apply inconsistently, and leave little evidence of challenge or approval, so a true sanctions exposure can pass through screening.
Sanctions controls depend on complete, current list data and properly governed decisions. In this scenario, the firm replaced a controlled screening source with a manual spreadsheet and allowed ad hoc suppressions without approval or review. That weakens the framework because updates may be missed, ownership-based exposures may be overlooked, and the firm may be unable to show why an alert was suppressed. Here, the customer met the firm’s own ownership threshold, yet the payment was processed because the workaround was stale. That is exactly how poor list management and unsupported overrides undermine sanctions-control effectiveness.
End-of-day reconciliation or staff experience does not make an uncontrolled workaround equivalent to a governed screening control.
Manual workarounds and unsupported suppressions reduce completeness, consistency, and evidential quality, so genuine sanctions exposure can be missed.
Topic: The Role of the Financial Services Sector
A firm’s sanctions-screening system failed to escalate several alerts. The regulator then contacted the firm.
Exhibit:
Regulator email:
- Send complete alert logs and escalation records by 10 June.
- Notify us promptly if you identify any material gaps.
Internal compliance note, 12 June:
- Deadline missed; partial logs sent.
- Some historic alerts may have been deleted.
- Deletion issue not yet disclosed to the regulator.
Which interpretation is best supported?
Best answer: D
What this tests: The Role of the Financial Services Sector
Explanation: The exhibit shows more than a sanctions-control failure. The firm missed a deadline, sent only partial records, and did not promptly disclose a possible deletion of historic alerts after being asked to report material gaps. That weak cooperation can increase the seriousness of the case.
Regulators expect firms to be open, prompt, and complete when responding to supervisory enquiries, especially where financial-crime controls may have failed. Here, the underlying issue is the sanctions-screening failure, but the internal note also shows poor cooperation: the firm missed the requested deadline, provided only partial logs, and did not disclose a possible material records gap despite a clear instruction to do so promptly.
Weak cooperation can worsen consequences because it suggests broader governance and control weaknesses, makes it harder for the regulator to assess customer and sanctions risk, and may be treated as an aggravating factor alongside the original failure. A firm is generally better placed if it responds fully, escalates gaps quickly, and preserves relevant records. The key point is that poor regulator engagement can compound, not merely accompany, the original financial-crime breach.
The exhibit shows missed deadlines, incomplete information, and non-disclosure of a material gap, all of which can aggravate regulatory consequences.
Topic: Bribery and Corruption
A UK wealth manager hires an overseas introducer to help win a custody mandate from a privately owned bank in Country X. The introducer secretly offers the bank’s procurement manager a cash payment. Senior management did not approve this, but the firm performed no due diligence on the introducer and had no anti-bribery procedures. Which UK Bribery Act 2010 offence is the firm most clearly exposed to?
Best answer: B
What this tests: Bribery and Corruption
Explanation: This is most clearly the section 7 offence of failure by a commercial organisation to prevent bribery. An associated person offered a bribe to win business for the firm, and the firm had no due diligence or anti-bribery procedures, so management approval is not the key issue.
Under the UK Bribery Act 2010, a commercial organisation commits a distinct offence if a person associated with it bribes another person intending to obtain or retain business, or a business advantage, for that organisation. In practice, this differs from the general bribery offences because the focus is on the organisation’s prevention framework rather than proving senior management authorised the payment. Here, the overseas introducer was acting for the firm, the payment was intended to secure a mandate, and the firm had no anti-bribery controls or due diligence in place. That makes failure to prevent bribery the clearest corporate exposure. The nearest distractor is bribing another person, which better describes the introducer’s conduct than the firm’s separate section 7 offence.
The introducer is an associated person, and the firm’s lack of procedures makes the section 7 corporate offence the clearest fit.
Topic: Money Laundering
A UK investment firm is reviewing an application from a trading company in Country A. Country A appears in a recent FATF increased-monitoring statement, and the firm’s supervisor has reminded firms to reassess exposure to that jurisdiction. No sanctions prohibit dealing with Country A. The company has disclosed its beneficial owners, audited accounts and a straightforward trading purpose. Which action best applies the risk-based approach?
Best answer: D
What this tests: Money Laundering
Explanation: Country advisories, FATF-style lists and supervisory statements are inputs into a firm’s geographic risk assessment. They should prompt closer scrutiny and documented reasoning, not automatic refusal or automatic suspicion where no legal prohibition applies.
The key principle is the risk-based approach. External sources such as FATF statements, country advisories and supervisory communications help firms assess geographic exposure, calibrate customer due diligence and decide what level of monitoring or escalation is needed. In this scenario, the country factor raises risk, but it must be weighed with the disclosed beneficial ownership, audited accounts and straightforward business purpose. The appropriate response is to document how the country information affects the assessment and apply proportionate enhanced due diligence or monitoring before deciding whether the relationship fits the firm’s risk appetite. Automatic refusal would confuse a risk indicator with a prohibition, and a SAR requires actual suspicion, not just geographic exposure. The closest trap is treating the absence of sanctions as enough for standard CDD, which ignores the separate AML risk signal.
FATF and supervisory statements inform geographic risk and control intensity, but they do not by themselves require rejection or create suspicion.
Topic: Bribery and Corruption
A UK investment firm paid a large “consultancy fee” to an introducer partly owned by the spouse of a foreign state pension official. Due diligence was waived, and emails show the payment was intended to help win the mandate. If bribery is proven, which consequence is most likely?
Best answer: A
What this tests: Bribery and Corruption
Explanation: The facts indicate more than a control failure: they suggest a deliberate improper payment routed through a connected intermediary. In a UK context, proven bribery can expose the firm to an unlimited fine and serious reputational damage, while the individual involved can face criminal prosecution and imprisonment.
The core concept is that bribery offences can create both corporate and individual consequences. Here, the introducer’s connection to a public official, the waived due diligence, the large fee, and the emails showing intent to influence the mandate all point to a serious bribery risk rather than an innocent commercial arrangement. If bribery is proven, the firm may face a substantial or unlimited fine and major reputational damage, while the approving manager may be prosecuted personally and face a fine and imprisonment. Using a third party does not remove liability, and later policy improvements or internal disciplinary action do not replace criminal sanctions. The key takeaway is that bribery exposure can hit the business and the individual at the same time.
Bribery can trigger corporate fines and reputational harm as well as personal criminal liability, even when the payment is channelled through an introducer.
Topic: Money Laundering
Which function best matches a FATF-style regional body, such as MONEYVAL or the Asia/Pacific Group on Money Laundering?
Best answer: D
What this tests: Money Laundering
Explanation: FATF-style regional bodies help spread and assess consistent AML/CFT standards across a region. Their role is centred on mutual evaluations, cooperation, and sharing good practice, not on acting as an FIU, issuing UK guidance, or enforcing sanctions.
A FATF-style regional body is a regional organisation associated with FATF that promotes effective implementation of FATF standards among its members. Its main functions include mutual evaluations, peer review, typologies work, training, and encouraging cross-border AML/CFT cooperation. That is why the best match is the option about assessing members against FATF standards and supporting regional cooperation.
These bodies do not usually perform domestic operational roles. They are not the authority that receives suspicious activity reports, they do not issue UK-specific industry guidance to firms, and they do not designate sanctioned persons or enforce asset freezes. The key point is that they support consistency of standards at regional level rather than carry out national reporting or enforcement functions.
FATF-style regional bodies promote consistent regional implementation of FATF standards through mutual evaluations, peer review, and cooperation.
Topic: Tax Evasion
A UK wealth manager reviews this onboarding note:
Introducer: Coral Gate Partners, overseas; introducer due diligence not completed
Customer: North Quay Holdings Ltd (BVI)
Ownership: nominee director listed; beneficial owner evidence outstanding
Purpose: described as a 'tax-efficient holding vehicle'
Request: communicate only through the introducer and do not send tax reporting directly to the underlying client
Status: account requested before tax-residency and source-of-wealth checks are complete
What is the best-supported action under the Criminal Finances Act 2017?
Best answer: A
What this tests: Tax Evasion
Explanation: The key issue is not the offshore company by itself but the weak control environment around the introducer and structure. Incomplete introducer due diligence, unverified beneficial ownership, blocked direct tax reporting, and opening before tax-residency checks are complete all increase Criminal Finances Act exposure.
Under the Criminal Finances Act 2017, a firm can be exposed if it fails to prevent an associated person, such as an employee, agent, or intermediary, from criminally facilitating tax evasion. The exhibit shows several weaknesses around an overseas introducer and an offshore vehicle: introducer due diligence is incomplete, ownership is obscured by a nominee director, beneficial owner evidence is still missing, the introducer wants to block direct tax reporting to the underlying client, and onboarding is being pushed ahead before tax-residency and source-of-wealth checks are complete. An offshore structure is not automatically improper, but these combined facts materially increase the risk that the firm could be drawn into facilitating tax evasion through weak prevention procedures. The best action is to stop onboarding, escalate, and strengthen controls before any service is provided.
The decisive issue is inadequate challenge and oversight of the intermediary arrangement, not the mere existence of a BVI company.
The incomplete introducer checks, blocked direct client tax reporting, and unclear ownership show weak prevention procedures around a possible associated person.
Topic: Fraud and Market Abuse
Review the internal surveillance note.
Exhibit:
Which interpretation is best supported?
Best answer: A
What this tests: Fraud and Market Abuse
Explanation: This pattern is most consistent with market manipulation, specifically spoofing or layering. The apparent buying interest seems to have helped move the price before the client sold, which can create a false market signal and damage confidence that prices reflect genuine supply and demand.
Market abuse includes conduct that gives false or misleading signals about the supply, demand, or price of an investment. The decisive facts here are the sequence: large buy orders entered above the best bid, a price rise, cancellation of the remaining buy orders, and then a sale at the higher price. That is consistent with the buying interest being used to influence the market rather than to execute a genuine investment decision.
A firm should treat this as a potential market-manipulation alert and escalate it under its market-abuse surveillance procedures. Behaviour of this kind harms market integrity because other participants may rely on an artificial impression of demand, which can weaken investor confidence in fair and orderly markets. The absence of a public announcement does not by itself prove insider dealing.
The sequence of large buying, price movement, order cancellation, and then selling supports a false impression of demand.
Topic: The Background and Nature of Financial Crime
A firm’s MLRO receives the following update:
Internal legal note
- The customer has not been convicted of any offence.
- An enforcement agency has started civil proceedings in the High Court.
- The agency alleges a flat was bought with the proceeds of unlawful conduct.
- It wants the court to recover the flat or its sale proceeds.
Which asset-recovery mechanism is most clearly described?
Best answer: A
What this tests: The Background and Nature of Financial Crime
Explanation: The note describes civil proceedings to recover property linked to unlawful conduct where there has been no conviction. That is the hallmark of civil recovery, not confiscation or restraint.
Civil recovery is used to recover property obtained through unlawful conduct through civil proceedings, so it does not depend on first securing a criminal conviction. The exhibit states that the enforcement agency has started civil proceedings in the High Court and wants to recover a flat or its sale proceeds. Those facts point directly to civil recovery.
Confiscation is different because it normally follows a criminal conviction and is aimed at depriving an offender of criminal benefit. Restraint is a freezing measure used to preserve assets so they cannot be dissipated before a later recovery step. Seizure and forfeiture usually concern taking and then forfeiting specific assets such as cash, not this kind of High Court property recovery claim.
The key distinction here is recovery of property in civil proceedings without a conviction.
It is a civil High Court process to recover property alleged to represent unlawful conduct, without needing a criminal conviction.
Topic: Fraud and Market Abuse
A UK broker-dealer is owned by a US-listed parent. Near year-end, internal audit finds that senior finance staff can both enter and approve manual profit adjustments, while management is under pressure to meet earnings targets. The audit committee asks why the Sarbanes-Oxley Act 2002 is relevant here. What is the single best answer?
Best answer: C
What this tests: Fraud and Market Abuse
Explanation: The key issue is a control weakness affecting reported profits, not AML or sanctions processing. Sarbanes-Oxley was introduced to strengthen corporate governance, internal control over financial reporting, and senior management accountability for the accuracy of published financial information.
Sarbanes-Oxley Act 2002 is most relevant where weak governance or poor control design could undermine the reliability of financial statements. In this scenario, the same senior staff can post and approve manual profit adjustments, and management faces earnings pressure, which creates a clear risk of misstatement or manipulation. SOX addresses this kind of risk by reinforcing internal control over financial reporting, audit oversight, and executive responsibility for the accuracy of reported results. Its broad purpose is to improve confidence in corporate reporting by making firms establish and maintain effective controls and by increasing accountability at senior level.
The closest traps are other financial-crime or compliance regimes, but they do not primarily target the integrity of corporate financial statements.
Sarbanes-Oxley is primarily aimed at improving governance and the integrity of financial reporting through stronger controls and executive responsibility.
Topic: Terrorist Financing
Which statement best reflects FATF’s core expectations for combating terrorist financing?
Best answer: B
What this tests: Terrorist Financing
Explanation: FATF expects countries to address terrorist financing through a broad framework: criminalisation, preventive AML/CFT controls, suspicious activity reporting, targeted financial sanctions, and international cooperation. The approach is designed to prevent and detect terrorist financing before funds are used, not only to punish it afterwards.
The core FATF approach to terrorist financing is preventive as well as investigative. Countries are expected to criminalise terrorist financing, require firms to operate controls that help detect suspicious activity, implement targeted financial sanctions such as asset freezes, and support international cooperation between authorities. A key distinction from money laundering is that terrorist financing may involve funds from lawful as well as unlawful sources, so action does not depend on proving the money is criminal property first.
The closest misconceptions are those that treat terrorist financing as only a post-event criminal matter or as a narrow cross-border payments issue. FATF standards are wider than that and are meant to disrupt financing early and across jurisdictions.
FATF expects a preventive and coordinated framework, not just prosecution after the event, with sanctions and cooperation central to terrorist financing controls.
Topic: Financial Crime Risk Management
A UK investment firm is onboarding a private company with layered ownership. Its first £3 million payment will come from a recent property sale, and similar cross-border transfers are expected after the account opens. Which approach best applies a risk-based anti-financial-crime control framework?
Best answer: B
What this tests: Financial Crime Risk Management
Explanation: Beneficial-ownership checks, source-of-funds review, and transaction monitoring are complementary rather than interchangeable. In this scenario, the firm should identify the real individuals behind the company, understand where the first £3 million came from, and then monitor later cross-border transfers against the expected activity.
Under a risk-based AML framework, each control answers a different question. Beneficial-ownership checks identify the natural persons who ultimately own or control the company as part of CDD. Source-of-funds review explains the origin of the specific £3 million entering the relationship. Transaction monitoring applies during the relationship to assess whether later payments, especially cross-border transfers, are consistent with the customer profile and expected use of the account.
The key point is that evidence in one area does not replace the need for the others.
These controls address different risks: ownership, origin of the initial money, and whether ongoing activity matches the expected profile.
Topic: Bribery and Corruption
A UK bank’s financial-crime team receives this internal note:
Country B prosecutor is investigating suspected bribery of a public official.
Evidence sought: bank records held in London and witness statements from two UK-based employees.
Request sent to UK authorities under mutual legal assistance.
What is the best supported interpretation of the mutual legal assistance request?
Best answer: B
What this tests: Bribery and Corruption
Explanation: The note describes a cross-border bribery investigation where evidence is located in the UK but needed by prosecutors in another country. Mutual legal assistance is the formal process by which one jurisdiction asks another jurisdiction’s authorities to obtain evidence lawfully on its behalf.
Mutual legal assistance is a government-to-government mechanism used in criminal investigations, including bribery and corruption cases, when evidence, testimony, or other investigative support is needed across borders. In this scenario, the prosecutor in Country B is not being given direct authority over the UK bank. Instead, the request goes to UK authorities, who can use domestic legal processes to obtain bank records or witness evidence in the UK and then provide that assistance through the proper channel. This preserves legal process, jurisdictional boundaries, and admissibility considerations.
It is therefore about cross-border evidence gathering, not suspect transfer or unrestricted disclosure. The key takeaway is that mutual legal assistance involves formal cooperation between competent authorities rather than direct foreign compulsion of the firm.
Mutual legal assistance is formal cooperation between competent authorities so the UK can obtain evidence using its own legal powers for the foreign bribery case.
Topic: Financial Crime Risk Management
A firm is migrating its transaction monitoring system. To reduce disruption, the project manager proposes disabling one alert scenario for four weeks and excluding several customers through a spreadsheet. There is no documented risk assessment, approval record, testing evidence, or end date for the exclusions. Which response best applies a sound anti-financial-crime control principle?
Best answer: D
What this tests: Financial Crime Risk Management
Explanation: The best response is to stop the proposed weakening of monitoring until it passes formal change control and any exceptions are properly documented. Anti-financial-crime safeguards depend on clear approval, testing, record keeping, and accountability; informal workarounds can create undetected gaps.
The core principle is that anti-financial-crime controls should not be reduced through undocumented exceptions or weak system-change governance. In this scenario, disabling an alert and excluding customers without a recorded rationale, approval, testing, or expiry date means the firm cannot show why the risk was acceptable, who owned the decision, or how missed activity would be mitigated.
That is a proper risk-based approach: controls may be adjusted only with evidence, oversight, and an audit trail, not for operational convenience.
Formal change control with documented, time-limited exceptions and compensating monitoring is required before weakening a key detection safeguard.
Topic: Money Laundering
An AML analyst reviews the following internal escalation note.
Exhibit:
Customer activity in the last month:
- £48,000 cash deposited into a personal current account over 4 days
- £45,000 sent in 9 transfers to two overseas e-money wallets
- 3 weeks later, £41,500 returned from one wallet to the customer's investment account
- Returned funds used to buy an investment bond and described as 'trading profits'
Which interpretation is best supported by this note?
Best answer: B
What this tests: Money Laundering
Explanation: The note shows cash entering the financial system, movement through other accounts, and later reuse in a legitimate-looking investment. That matches the classic placement, layering and integration model, while also showing that in practice the stages may overlap rather than appear in a tidy sequence.
Placement, layering and integration are commonly used because they describe a typical laundering logic: introduce funds, obscure their origin, then reintroduce them with an apparently legitimate explanation. In this note, the cash deposits point to placement, the multiple transfers through overseas e-money wallets point to layering, and the return to an investment account followed by purchase of an investment bond points to integration. However, these are not legal elements that must occur separately or sequentially in every case. Real laundering can skip a stage, repeat one, or compress several steps into a short period. The key point is that the three-stage model is a practical description of common patterns, not a rigid checklist.
Cash is introduced, then obscured through wallet transfers, then re-enters as a legitimate-looking investment, but those labels are a guide rather than a mandatory sequence.
Topic: Terrorist Financing
A UK payments firm is updating its enterprise financial-crime risk assessment. One team suggests reviewing counter-terrorist financing (CFT) separately under sanctions because recent alerts involve low-value transfers to a conflict-affected region. The MLRO notes the same customers, channels and geographies also drive AML and fraud risk, and transaction monitoring is centrally governed. What is the single best reason to integrate CFT into the wider assessment?
Best answer: D
What this tests: Terrorist Financing
Explanation: CFT should be assessed within the wider enterprise financial-crime framework because terrorist-financing exposure often overlaps with AML, sanctions and fraud through the same customers, geographies, products and controls. Treating CFT as a separate silo can miss linked patterns and weaken governance.
The core concept is enterprise-wide financial-crime risk management. Under a risk-based approach, firms should assess terrorist-financing risk alongside other financial-crime risks where the same customers, delivery channels, geographies and control environment create overlapping exposure. In this scenario, low-value transfers to a conflict-affected region do not make CFT a narrow sanctions issue; terrorist financing can involve small or routine-looking payments and may be detected through the same CDD, screening, monitoring and escalation processes used for AML and fraud.
A standalone sanctions-led review would be too narrow for the facts given.
Integrated assessment is best because terrorist-financing risk often overlaps with other financial-crime risks and relies on the same governance and control framework.
Topic: Bribery and Corruption
A firm’s onboarding note includes this country-risk extract:
External source used in the risk pack:
- Annual score: 0 to 100
- Covers 180 jurisdictions
- Measures perceived public-sector corruption
- Used as one input to country risk assessment
What is the best supported interpretation of this source?
Best answer: C
What this tests: Bribery and Corruption
Explanation: The extract points to a benchmarking initiative that compares perceived levels of public-sector corruption across jurisdictions. That type of source helps firms assess country risk, but it does not by itself ban business or prove bribery.
The key concept is the role of international anti-corruption benchmarks. An annual 0 to 100 score covering many jurisdictions and measuring perceived public-sector corruption is consistent with a benchmarking tool such as Transparency International’s Corruption Perceptions Index. Firms may use such sources as one factor in a risk-based assessment of jurisdictional corruption exposure.
That does not make the source a sanctions list, an enforcement decision, or evidence that a particular customer has engaged in bribery. It is a comparative risk indicator at country level. The closest distractor is the FATF option, but FATF mutual evaluations assess AML/CFT frameworks rather than perceived public-sector corruption scores.
The extract describes a cross-jurisdiction corruption benchmark used as a risk indicator, not a legal prohibition or proof of misconduct.
Topic: Terrorist Financing
A firm compares customers, beneficial owners and payment counterparties with official designated-person lists. Possible matches are escalated at once so the firm can stop dealing with funds and meet reporting duties. Which control is this?
Best answer: A
What this tests: Terrorist Financing
Explanation: This describes sanctions screening. It checks relevant parties against sanctions lists so the firm can identify potential designated persons, apply any required asset freeze, escalate internally, and meet reporting obligations.
The core concept is sanctions screening as a counter-terrorist-financing control. Firms use it to compare customers, beneficial owners and payment parties against official sanctions lists to identify potential matches to designated persons. A possible hit should be escalated promptly for review; if confirmed, the firm must avoid making funds or economic resources available, freeze relevant assets where required, and comply with any reporting duties under the applicable sanctions regime. This is different from broader AML controls, which may verify identity or detect unusual activity but do not perform the specific legal list-matching function linked to asset freezing. The key clues are the use of designated-person lists and the immediate escalation and freeze response.
Sanctions screening is the list-based control used to detect potential designated-person matches and trigger freezing, escalation, and reporting.
Topic: Bribery and Corruption
The UK’s Serious Fraud Office sends a mutual legal assistance request to Country Y for bank records and a search warrant in a bribery investigation about payments made to win an investment mandate. The conduct is a criminal bribery offence in the UK, but Country Y treats equivalent payments only as a civil regulatory breach. What is the single best answer?
Best answer: D
What this tests: Bribery and Corruption
Explanation: Dual criminality matters because many mutual legal assistance requests involving compulsory measures depend on the conduct being criminal in both jurisdictions. Since Country Y does not treat the payments as a crime, the UK request for records and a search may be limited or refused.
Dual criminality means the underlying conduct must amount to a criminal offence in both the requesting and requested jurisdictions. This is especially important where the requesting authority wants the other state to use coercive powers, such as compelling bank disclosure or executing a search warrant. Here, the UK is investigating bribery, but Country Y classifies the same behaviour only as a civil regulatory matter. That mismatch means Country Y may be unable or unwilling to carry out the compulsory mutual legal assistance request. Some cross-border cooperation may still be possible in other forms, but coercive assistance is not automatic. The key point is that the absence of a matching criminal offence can block or restrict MLA.
Because the conduct is not criminal in both jurisdictions, Country Y may not use compulsory MLA powers such as searches or production orders.
Topic: Financial Crime Risk Management
A firm’s onboarding analyst records the following note.
Onboarding note
Customer: UK-incorporated wholesale electronics trader
Ownership: Two individual beneficial owners identified; neither is a PEP
Product: Multi-currency account and trade finance facility
Channel: Non-face-to-face introduction via overseas intermediary
Geography: Main counterparties in two firm-classified high-risk jurisdictions
Expected activity: Frequent third-party payments and rapid inbound/outbound flows, about £2.5m monthly
Which action is most appropriate?
Best answer: B
What this tests: Financial Crime Risk Management
Explanation: The correct response is to assess the relationship holistically, not by looking at customer risk alone. Even though the customer is UK-incorporated and the beneficial owners are identified, the product, geography, channel, and expected transaction pattern together point to a higher-risk relationship that merits EDD and stronger monitoring.
This tests the risk-based approach to financial-crime risk management. A firm should map customer, product, geography, channel, and transaction risks together before deciding the overall risk rating. Here, the customer and ownership information reduce uncertainty, but they do not remove the added risk created by trade finance, non-face-to-face onboarding via an overseas intermediary, counterparties in high-risk jurisdictions, and frequent third-party flows.
Taken together, those factors support a higher overall risk classification, EDD, and enhanced ongoing monitoring rather than either standard treatment or automatic rejection.
The combined customer, product, geography, channel, and transaction features elevate overall risk, so a holistic higher-risk rating and EDD are justified.
Topic: The Role of the Financial Services Sector
In a risk-based AML framework, a firm performs its baseline customer identification, beneficial ownership checks, and purpose-of-relationship enquiries because the customer presents neither clear low-risk nor high-risk indicators. Which approach does this describe?
Best answer: A
What this tests: The Role of the Financial Services Sector
Explanation: Standard due diligence is the default level of customer due diligence in a risk-based framework. It applies where the firm must identify and verify the customer and understand the relationship, but there is no justified basis for either reduced measures or extra scrutiny.
Standard due diligence is the core CDD approach. In the stem, the firm is applying normal identification and beneficial ownership checks and establishing the purpose and intended nature of the business relationship, with no facts suggesting lower risk or higher risk. That points to standard due diligence.
Simplified due diligence may be appropriate only where the firm has assessed the customer or product as lower risk and reduced measures are permitted. Enhanced due diligence is used where higher-risk factors exist, such as a PEP connection, higher-risk jurisdictions, or unusually complex ownership, and it involves additional scrutiny. Ongoing monitoring is a continuing obligation across customer relationships, not a separate due diligence level. The key takeaway is that ordinary baseline checks with ordinary risk indicate standard due diligence.
This is the baseline CDD level used when the risk assessment does not justify reduced or additional measures.
Topic: Money Laundering
A UK broker’s surveillance team identifies several accounts with common beneficial ownership buying an illiquid share just before misleading social-media posts appear, then selling into the price rise. Compliance also has source-of-funds concerns. Which is the single best description of the securities and market regulator’s role here?
Best answer: D
What this tests: Money Laundering
Explanation: The core issue is suspicious trading that may amount to market manipulation, with possible linked financial-crime concerns. Securities and market regulators are responsible for market surveillance, investigating abusive trading patterns, obtaining records from firms and venues, and taking enforcement action or coordinating with other authorities where needed.
Securities and market regulators play a frontline role in detecting and investigating suspicious trading and market abuse, such as manipulation or insider dealing. In this scenario, the shared ownership, timed purchases, misleading posts, and rapid sales point to a market-conduct concern first, even though source-of-funds issues may also require AML escalation. The regulator’s role is to analyse trading patterns, require information from firms and trading venues, supervise market conduct, and pursue enforcement where rules or laws may have been breached.
A firm would still follow its own AML escalation process, but that does not replace the regulator’s market-surveillance role. The key distinction is that securities regulators focus on market integrity and abusive trading behaviour, while other authorities handle SARs, sanctions administration, or international standard-setting.
Securities and market regulators detect, investigate, and enforce against suspicious trading and market abuse, while working with other bodies where wider financial-crime issues arise.
Topic: The Background and Nature of Financial Crime
An onboarding analyst reviews this note for a prospective corporate client:
Operating company: Blue Meridian Trading Ltd (UK)
Shareholder: Coral Holdings SA (Panama)
Control chain: Alder Trust (Jersey); settlor resident in Country X; protector resident in UAE
Expected payments: buyers in three countries; funds may pass through Singapore and Dubai accounts before supplier payments in West Africa
Stated purpose: "tax efficiency and investor privacy"
What is the best supported interpretation of the main financial-crime detection challenge created by this structure?
Best answer: C
What this tests: The Background and Nature of Financial Crime
Explanation: The exhibit shows both ownership and expected payment flows spread across several jurisdictions and legal arrangements. That fragmentation makes it harder to verify who really controls the client, why the structure exists, and whether the movement of funds is consistent with a legitimate business purpose.
The core issue is opacity created by cross-border structures and routed payments. Here, a UK company is owned through a Panama entity and a Jersey trust, with relevant parties in other jurisdictions, while expected funds may pass through additional countries before reaching suppliers. Each extra jurisdiction or legal vehicle can hold only part of the picture, making beneficial ownership, source of funds, source of wealth, and transaction purpose harder to verify and connect.
This is why cross-border movement and legal structuring can weaken financial-crime detection: they can obscure control, fragment records, and complicate monitoring of whether activity matches the stated business model. The exhibit raises complexity and risk, but it does not by itself prove a specific offence such as sanctions evasion or tax crime.
The note shows cross-border layering of entities and payment routes, which makes beneficial ownership and source-of-funds analysis harder.
Topic: Terrorist Financing
A firm’s payment team matches an overseas beneficiary to a person designated under a UN Security Council terrorist-financing measure already implemented under domestic law. The payment is due to leave today. Which action best reflects the role of UN conventions and Security Council measures?
Best answer: D
What this tests: Terrorist Financing
Explanation: UN conventions create the international framework for states to criminalise terrorist financing and cooperate against it. UN Security Council measures then work as preventive controls, so once a designation is implemented domestically, the firm should stop funds being made available and follow its sanctions escalation process immediately.
The core concept is that counter-terrorist-financing controls are preventive, not just investigative. UN conventions support states in criminalising terrorist financing and improving international cooperation. UN Security Council measures add targeted restrictions, such as asset freezes or prohibitions on making funds available, once those measures are implemented in domestic law.
In this scenario, the firm has a live match to an implemented UN designation and a payment due to leave now. The appropriate response is to block the transaction and escalate through the firm’s sanctions process straight away. The firm does not need to prove terrorist intent itself before acting, because that would confuse a preventive sanctions obligation with a criminal evidential standard.
Extra enquiries or later reporting may follow, but they do not replace the immediate duty to prevent the payment.
An implemented UN Security Council measure is preventive, so the firm must stop the payment and escalate without waiting for proof of intent.
Topic: Financial Crime Risk Management
A firm’s onboarding team has completed CDD and EDD on a prospective corporate client. The business appears legitimate, but the ultimate beneficial owner is a foreign PEP and the ownership chain includes several offshore entities, so the case is rated high risk. Firm policy allows high-risk relationships only after formal escalation and documented risk acceptance by the MLRO and senior management. Which action best applies this principle?
Best answer: B
What this tests: Financial Crime Risk Management
Explanation: The best response is to follow the documented escalation and risk-acceptance process before onboarding. For higher-risk cases, the value lies in clear accountability, consistent decision-making, and a record of why the firm accepted the risk and what controls will apply.
Documented risk acceptance and escalation processes are valuable because higher-risk relationships are not always banned, but they must be considered and approved by the right decision-makers under a risk-based framework. Here, the client has legitimate business activity, yet the foreign PEP connection and offshore ownership structure mean the residual risk remains high even after EDD. Formal escalation to the MLRO and senior management, with the rationale, conditions, and review date recorded, shows governance discipline and supports later monitoring, audit, and challenge.
Completing EDD helps inform the decision, but it does not replace formal higher-risk approval and documentation.
This creates clear accountability and an audit trail showing why the higher risk was accepted and how it will be controlled.
Topic: Financial Sanctions
A firm wants a safeguard that reduces the risk of sanctions breaches and resulting penalties by ensuring employees can recognise a possible sanctions hit, know the internal escalation route, and follow revised procedures when sanctions rules change. Which safeguard best matches this function?
Best answer: B
What this tests: Financial Sanctions
Explanation: The safeguard described is role-based sanctions training supported by clear escalation routes and formal change management. Sanctions compliance depends on staff knowing how to recognise a possible match, when to pause activity, who to notify, and how updated legal requirements are implemented.
The core concept is that sanctions compliance is not just a screening tool issue; it also relies on people and process. Role-based training helps employees identify potential sanctions matches and understand the immediate operational response. Documented escalation routes ensure alerts are passed quickly to the right internal specialists, while change-management procedures make sure new sanctions measures, list updates, and policy changes are reflected in systems, guidance, and staff communications.
Together, these controls reduce the risk of a prohibited transaction and the penalties that can follow a sanctions breach. Internal reporting to the MLRO is the closest alternative, but it is mainly an AML suspicious-activity route rather than the broader sanctions safeguard described.
It directly equips staff to handle potential sanctions matches correctly, escalate them promptly, and adapt when sanctions requirements are updated.
Topic: Money Laundering
A UK private bank reviews the following FATF public advisory extract:
FATF notes increased misuse of legal persons and nominees in cross-border investment accounts.
The advisory is intended to help firms identify and mitigate money-laundering risk.
It does not itself amend domestic law.
The bank frequently onboards offshore companies and nominee-held structures. What is the best supported action?
Best answer: A
What this tests: Money Laundering
Explanation: The extract says the advisory helps firms identify and mitigate ML risk, but it does not amend law. That means the bank should use it to strengthen relevant risk-based AML controls for legal-person and nominee structures, not ignore it or treat it as an automatic legal ban.
Public advisories and thematic findings often shape how firms apply AML controls in practice. They may highlight typologies, weak points, or higher-risk features that firms are expected to consider in their business-wide risk assessment, CDD approach, monitoring, and escalation processes, even though the underlying legal duties still come from domestic law and regulation.
Here, the decisive facts are that FATF has identified misuse of legal persons and nominees in cross-border investment accounts, and the bank actually onboards offshore companies and nominee-held structures. The best response is therefore to review and, where needed, strengthen practical controls such as beneficial-ownership verification and escalation triggers for those exposures. The key takeaway is that guidance informs risk-based control design; it does not automatically create blanket prohibitions or justify doing nothing until the law changes.
Because the advisory highlights a specific ML risk, the firm should refine relevant risk-based controls even though the advisory does not itself change the law.
Topic: Financial Crime Risk Management
Which statement best explains why automated screening, monitoring, and case-management systems require ongoing tuning, governance, and review?
Best answer: A
What this tests: Financial Crime Risk Management
Explanation: Automated financial-crime controls are only as good as the data, rules, and assumptions behind them. As business activity and risk typologies change, firms must review calibration, alert quality, and case outcomes to confirm the systems remain effective.
The core concept is control effectiveness. Screening, transaction-monitoring, and case-management tools support AML, CFT, and sanctions controls, but they do not prove compliance on their own. Their performance depends on factors such as data completeness, matching logic, scenario thresholds, workflow design, and how alerts are investigated and closed. Firms therefore need governance to approve changes, document rationale, test outputs, and check whether the system is identifying relevant risk without creating excessive false positives or missing genuine issues. Ongoing review is essential when products, customers, jurisdictions, or criminal typologies change. A vendor’s reputation or a low alert count is not enough; the firm remains responsible for ensuring the system is appropriate for its own risk profile.
Because their reliability depends on inputs, thresholds, workflows, and evolving risks, firms must regularly test and govern them against actual outcomes.
Topic: Bribery and Corruption
A UK-incorporated investment firm appoints a commission-based introducer in Indonesia to help win a mandate from a state pension fund. The introducer pays cash to local officials. All meetings and payments occur in Indonesia, and no UK employee is involved. Which is the single best assessment under the UK Bribery Act 2010?
Best answer: A
What this tests: Bribery and Corruption
Explanation: The UK Bribery Act has broad territorial reach. A UK firm can face exposure where an overseas agent or introducer bribes to obtain business for it, even if the conduct, recipient, and payments are all outside the UK.
The core concept is the Act’s extra-territorial reach. A person who performs services for a commercial organisation, such as an introducer or agent, can be an associated person even if they are not an employee. If that person bribes another to obtain or retain business or a business advantage for a UK commercial organisation, the firm may face the failure to prevent bribery offence unless it can rely on the adequate procedures defence.
The fact that the meetings, payments, and recipients were all in Indonesia does not by itself remove UK exposure. In practice, third-party intermediaries are a common bribery risk precisely because firms may wrongly assume overseas conduct falls only under local law.
The key takeaway is that overseas location alone does not put bribery outside the scope of the UK Bribery Act.
An overseas introducer can be an associated person, so a UK firm may be exposed even when the bribery happens entirely abroad.
Topic: Tax Evasion
Which statement best explains why firms need escalation routes for suspected tax-evasion facilitation, not just for money-laundering suspicion?
Best answer: C
What this tests: Tax Evasion
Explanation: Suspected tax-evasion facilitation should be escalated because it is not merely a subset of money-laundering suspicion. It can create a distinct legal and compliance issue for the firm, so firms need a route to assess and act on it even where no SAR decision has yet been reached.
The core concept is that facilitating tax evasion is a separate financial-crime risk, so firms should not rely only on AML suspicion routes. Tax evasion can generate criminal property and therefore connect to money laundering, but suspected facilitation may also raise its own legal, conduct, and control issues for the firm and its staff. That means legal and compliance teams need a way to review the concern, preserve evidence, decide on internal action, and determine whether any external reporting or further escalation is required.
A good escalation route helps firms:
The key takeaway is that tax-evasion facilitation may overlap with AML, but it should not be ignored just because a money-laundering suspicion has not yet been formally formed.
Suspected facilitation can require legal and compliance escalation in its own right, without waiting for a money-laundering suspicion to be established.
Topic: Tax Evasion
An onboarding analyst reviews this internal note:
Exhibit:
Which interpretation is best supported?
Best answer: B
What this tests: Tax Evasion
Explanation: The decisive fact is the client’s stated intention to keep investment income off his UK tax return. That indicates deliberate concealment, which is tax evasion rather than lawful tax avoidance, so the matter should be escalated internally as suspicious activity.
The core distinction is between lawful tax planning and dishonest concealment. Tax avoidance generally means arranging affairs within the law and making the required disclosures; tax evasion involves hiding income, gains, or ownership so tax is not properly assessed or paid. Here, the applicant explicitly says the structure is meant to keep investment income off his UK tax return. That is a strong indicator of evasion risk, not merely tax efficiency.
In a financial-services context, suspected tax evasion has materially different compliance implications because it may involve criminal conduct and potential criminal property. Staff should not treat it as routine tax planning or rely on the customer’s accountant; they should escalate internally to the MLRO or nominated officer under the firm’s procedures. Using an offshore company is not automatically improper, but the stated concealment purpose is the deciding fact.
The client’s stated aim is to conceal taxable income from HMRC, indicating suspected tax evasion that should be escalated internally.
Topic: The Background and Nature of Financial Crime
What is the primary purpose of asset recovery?
Best answer: D
What this tests: The Background and Nature of Financial Crime
Explanation: Asset recovery is fundamentally about ensuring that crime does not pay. Its core purpose is to remove the proceeds or benefit of crime from offenders, even though preservation, compensation, or civil action may sometimes also arise.
The key concept in asset recovery is deprivation of illicit benefit. Authorities use powers such as restraint, confiscation, forfeiture, or civil recovery to identify and recover criminal property so offenders cannot keep, use, or enjoy the proceeds of crime. That supports deterrence and reinforces the integrity of the financial system, but those are secondary effects rather than the defining purpose. Preserving assets can help prevent dissipation and support proceedings, and victims may sometimes receive compensation, but neither point changes the main aim. The central idea is simple: asset recovery targets the financial gain from offending so crime is less worthwhile.
Asset recovery is intended to strip offenders of criminal gain so they do not retain or enjoy the benefit of offending.
Topic: The Background and Nature of Financial Crime
A firm’s board asks whether an external AML/CFT update means the firm is being directly reviewed. A compliance analyst receives this note:
Exhibit:
External body update
- Issues international AML/CFT recommendations
- Conducts mutual evaluations of countries
- Promotes stronger national laws and supervision
- Does not supervise individual firms or investigate offences
What is the best supported interpretation or action?
Best answer: C
What this tests: The Background and Nature of Financial Crime
Explanation: The note points to an international standard setter, not an operational authority dealing directly with the firm. The key clues are recommendations, country mutual evaluations, and the explicit statement that it neither supervises firms nor investigates offences.
The core concept is the difference between bodies that set standards and bodies that apply or enforce them. An organisation that issues international AML/CFT recommendations and conducts mutual evaluations of countries is acting as a standard setter, most obviously FATF. Its role is to shape global expectations and assess jurisdictions, not to supervise an individual firm’s controls, investigate offences, or receive operational case reports. In practice, the firm should monitor how those standards may be reflected in domestic law, regulatory guidance, or supervisory focus. A supervisor such as the FCA would deal directly with firm oversight, while law enforcement investigates crime and intelligence-sharing bodies support information exchange. The exhibit therefore supports a policy and governance response, not a direct case response.
The exhibit describes a body like FATF, which sets standards for jurisdictions rather than directly supervising firms or investigating crime.
Topic: Money Laundering
What is the primary role of FATF-style regional bodies in the AML/CFT framework?
Best answer: A
What this tests: Money Laundering
Explanation: FATF-style regional bodies help spread and monitor the FATF Recommendations within particular regions. They promote consistency through mutual evaluations, peer pressure, guidance, and regional cooperation rather than by acting as enforcement or intelligence agencies.
The core concept is that FATF-style regional bodies are regional partners aligned with FATF that promote effective implementation of AML/CFT standards. Their main function is to encourage member jurisdictions to adopt and apply the FATF Recommendations consistently, often through mutual evaluations, follow-up reviews, typology work, and technical support. This helps create a more consistent regional approach to money laundering and terrorist financing risk management.
They do not replace national regulators, FIUs, prosecutors, or sanctions authorities. Their role is supervisory and coordinative at a regional level, not operational law enforcement. The closest distractors confuse standard-setting and assessment with sanctions administration or suspicious activity investigation.
FATF-style regional bodies support consistent AML/CFT standards by encouraging implementation and carrying out peer-based assessments within their regions.
Use the CISI CFC Practice Test page for the full Securities Prep route, mixed-topic practice, timed mock exams, explanations, and web/mobile app access.
Read the CISI CFC guide on SecuritiesMastery.com for concept review, then return here for Securities Prep practice.