CISI CFC: Money Laundering

Topic snapshot

Sample questions

These questions are original Securities Prep practice items aligned to this topic area. They are designed for self-assessment and are not official exam questions.

Question 1

Topic: Money Laundering

A firm’s onboarding analyst reviews the following note for a prospective client.

Exhibit:

Customer: Northgate Commodities Ltd (UK)
Direct owner: Selvan Holdings SA (Panama) - 100%
Owners of Selvan:
- Nominee Services Ltd (Cyprus) - 60%
- Maris Trust (Jersey) - 40%
Trust beneficiaries: "private family members" (details not provided)
Client message: "Ultimate owners require confidentiality"
Expected activity: frequent high-value cross-border payments

What is the best supported AML interpretation?

• A. The customer’s UK incorporation means verifying only the direct corporate owner is sufficient.
• B. The layered structure obscures the natural persons who own or control the customer, so EDD is needed before onboarding.
• C. The listed share percentages make ownership transparent enough for standard CDD.
• D. The offshore elements alone justify submitting a SAR immediately.

Best answer: B

What this tests: Money Laundering

Explanation: Opaque beneficial ownership raises money-laundering risk because it makes it difficult to identify and verify the natural persons who ultimately own or control the customer. In this exhibit, the Panama company, nominee shareholder, and trust with undisclosed beneficiaries hinder effective due diligence, so enhanced due diligence is appropriate before onboarding.

The core AML issue is opacity of beneficial ownership. A firm must understand who ultimately owns or controls the customer, but this structure uses a chain of entities, a nominee arrangement, and a trust whose underlying parties have not been disclosed. That makes it harder to verify beneficial owners, assess source of wealth or funds, and screen the relevant natural persons for sanctions, PEP, or adverse information.

Where ownership and control cannot be clearly established, the relationship presents higher money-laundering risk and warrants enhanced due diligence. The expected cross-border activity adds risk context, but the decisive point is that the structure prevents effective beneficial ownership checks. UK incorporation or documented corporate percentages do not remove the need to identify the ultimate natural persons behind the structure.

• Treating the structure as transparent because percentages are listed misses that the named holders are not identified natural persons.
• Relying on UK incorporation ignores that CDD must look through the chain to ultimate ownership and control.
• Filing a SAR immediately goes beyond the exhibit; opacity is a red flag requiring further due diligence, not automatic proof of criminal property.

Nominee and trust layers hide the ultimate natural-person owners or controllers, so beneficial ownership cannot yet be effectively verified.

Question 2

Topic: Money Laundering

A firm’s AML policy states that staff must not treat a customer as low risk only because the customer is from a well-regarded jurisdiction, nor as high risk only because of a country label. Staff must also assess ownership structure, products used, delivery channel, source of funds and transaction activity. Which control principle best matches this policy?

• A. FATF risk-based approach
• B. Country-risk assessment
• C. PEP screening
• D. Sanctions screening

Best answer: A

What this tests: Money Laundering

Explanation: The best match is the FATF risk-based approach. It recognises that country risk matters, but it is only one factor, so firms should adjust CDD and monitoring to the customer’s specific circumstances rather than applying a country stereotype alone.

This policy reflects the FATF risk-based approach, which requires firms to consider relevant risk factors together rather than making decisions from a jurisdiction label alone. A customer’s actual money-laundering risk may be higher or lower than the general perception of their country once factors such as beneficial ownership, source of funds, products, delivery channels and transaction behaviour are assessed. In practice, country risk informs the assessment, but it does not replace customer-specific judgment.

The key point is proportionality: firms should apply controls that match the real risk presented by the customer and relationship. A jurisdiction label on its own is too narrow to produce a sound AML decision.

• Country factor only: Country-risk assessment is relevant, but it is just one component of a wider AML risk assessment.
• Different purpose: Sanctions screening checks for designated persons, entities or prohibited dealings, not overall ML risk.
• Single risk indicator: PEP screening identifies political exposure, but that is only one risk factor and not the full control principle described.

It requires firms to assess the customer’s overall risk profile using multiple factors rather than relying on jurisdiction alone.

Question 3

Topic: Money Laundering

A new relationship manager says, “If we verify identity at onboarding, that is the main AML requirement unless the regulator contacts us later.”

Exhibit:

AML procedure extract
- Complete CDD, including beneficial ownership, before onboarding.
- Monitor transactions against expected activity throughout the relationship.
- Escalate suspicions promptly to the MLRO.
- Keep CDD and investigation records for five years after the relationship ends.
- Maintain staff training and independent AML testing.

Which response is best supported by the exhibit?

• A. Independent AML testing means frontline staff do not need suspicious-activity training.
• B. Record retention is mainly for external enquiries, so internal reviews need not be documented.
• C. AML standards require initial CDD plus ongoing monitoring, escalation, records, and control testing.
• D. For low-risk customers, initial CDD can replace ongoing monitoring and escalation.

Best answer: C

What this tests: Money Laundering

Explanation: The exhibit shows that AML standards are wider than collecting identity documents at onboarding. It combines CDD with ongoing monitoring, prompt internal reporting to the MLRO, record keeping, and internal controls such as training and independent testing.

The core AML concept is that compliance is an ongoing framework, not a one-off onboarding task. CDD establishes who the customer and beneficial owner are, but AML standards also require firms to monitor activity throughout the relationship, report suspicions internally without delay, keep adequate records of CDD and investigations, and maintain effective internal controls such as staff training and independent testing. The exhibit states each of these elements directly, so the best interpretation is that identity verification is only one part of a broader AML system. A low-risk classification might affect the depth of controls, but it does not remove the need for monitoring or proper internal reporting.

• Low-risk misunderstanding: The extract says monitoring should continue throughout the relationship; it does not say low-risk status removes that requirement.
• Record-keeping overreach: The procedure expressly includes keeping CDD and investigation records, not just responding to external enquiries.
• Control substitution: Independent testing and staff training are both internal controls; one does not replace the other or frontline vigilance.

The extract lists AML duties that continue after onboarding, including monitoring, MLRO escalation, record retention, and internal controls.

Question 4

Topic: Money Laundering

A UK investment firm is reviewing an application from a trading company in Country A. Country A appears in a recent FATF increased-monitoring statement, and the firm’s supervisor has reminded firms to reassess exposure to that jurisdiction. No sanctions prohibit dealing with Country A. The company has disclosed its beneficial owners, audited accounts and a straightforward trading purpose. Which action best applies the risk-based approach?

• A. Use the country signals in the risk assessment and apply proportionate EDD.
• B. Submit a SAR immediately because the country exposure is suspicious.
• C. Decline the client automatically because the FATF listing is decisive.
• D. Apply standard CDD because no sanctions prohibit the relationship.

Best answer: A

What this tests: Money Laundering

Explanation: Country advisories, FATF-style lists and supervisory statements are inputs into a firm’s geographic risk assessment. They should prompt closer scrutiny and documented reasoning, not automatic refusal or automatic suspicion where no legal prohibition applies.

The key principle is the risk-based approach. External sources such as FATF statements, country advisories and supervisory communications help firms assess geographic exposure, calibrate customer due diligence and decide what level of monitoring or escalation is needed. In this scenario, the country factor raises risk, but it must be weighed with the disclosed beneficial ownership, audited accounts and straightforward business purpose. The appropriate response is to document how the country information affects the assessment and apply proportionate enhanced due diligence or monitoring before deciding whether the relationship fits the firm’s risk appetite. Automatic refusal would confuse a risk indicator with a prohibition, and a SAR requires actual suspicion, not just geographic exposure. The closest trap is treating the absence of sanctions as enough for standard CDD, which ignores the separate AML risk signal.

• Automatic de-risking: A FATF or supervisory statement is usually a risk input, not an automatic ban unless law or sanctions prohibit the relationship.
• Ignoring country risk: No sanctions restriction does not remove AML risk, so standard CDD may be insufficient.
• Suspicion shortcut: A SAR should be based on suspicion arising from the facts, not solely because a country appears in an external statement.

FATF and supervisory statements inform geographic risk and control intensity, but they do not by themselves require rejection or create suspicion.

Question 5

Topic: Money Laundering

A UK investment firm is onboarding a company incorporated in a FATF-compliant jurisdiction that the firm usually rates as lower risk. However, ownership is through a discretionary trust in another jurisdiction, funding will come from a third-party account, and the company’s main counterparties are state-owned entities in a high-corruption market. Which approach best reflects the FATF risk-based approach?

• A. Classify the customer as higher risk and apply enhanced due diligence before onboarding
• B. Apply standard due diligence because the incorporation country is lower risk
• C. Open the account first and rely on transaction monitoring to reassess risk later
• D. Reject the customer automatically because offshore trust ownership is involved

Best answer: A

What this tests: Money Laundering

Explanation: The correct response is to assess the customer’s overall risk, not rely on the incorporation jurisdiction alone. Opaque ownership, third-party funding and exposure to state-linked business in a high-corruption market are all customer-specific risk factors that can outweigh a generally lower-risk country label.

Under the FATF risk-based approach, country risk is relevant but it is not decisive on its own. A firm should combine jurisdictional risk with customer, ownership, product, delivery-channel and transaction factors. In this scenario, the discretionary trust makes beneficial ownership more complex, third-party funding raises source-of-funds concerns, and business with state-owned entities in a high-corruption market increases bribery and laundering risk. Those facts justify treating the relationship as higher risk and applying enhanced due diligence before establishing the relationship. The key point is that firms should neither simplify solely because a country is seen as low risk nor de-risk automatically without a proper assessment.

• Country label only: A lower-risk incorporation jurisdiction does not override higher-risk features in the customer’s ownership and funding profile.
• Automatic de-risking: Offshore or trust ownership can increase risk, but it does not by itself require an immediate refusal in every case.
• Wrong sequence: Transaction monitoring is important, but it does not replace risk assessment and any necessary EDD at onboarding.

Country risk is only one factor, and the customer’s ownership, funding and counterparty profile justify a higher-risk assessment and EDD.

Question 6

Topic: Money Laundering

An MLRO reviews the following internal escalation note:

Internal escalation note
- 8 May: UK bank files a SAR on Rivercrest Ltd after unusual transfers to firms in two EU states.
- 15 May: UK police identify a linked fraud investigation, but no alert has yet reached either overseas FIU.
- 27 May: One EU authority says the funds were withdrawn locally before it became aware of the UK suspicion.
- Review finding: there was no effective information-sharing channel between the relevant bodies.

Which interpretation is best supported?

• A. Poor cross-border information sharing delayed detection and let funds move before enforcement.
• B. The UK SAR should have automatically frozen the overseas funds.
• C. The case mainly shows missing PEP enhanced due diligence.
• D. Domestic investigators could enforce effectively without notifying overseas authorities.

Best answer: A

What this tests: Money Laundering

Explanation: The exhibit shows that suspicion was identified in the UK, but overseas FIUs were not alerted in time. Because the relevant bodies did not share information effectively, the linked activity was not detected quickly enough and the funds were withdrawn before enforcement could take place.

The core concept is that AML detection and enforcement often depend on timely cooperation between domestic authorities and international counterparts. Here, the UK bank filed a SAR and UK police linked the activity to a fraud investigation, yet the overseas FIUs had not received the information before the funds were withdrawn. That supports the conclusion that weak information sharing slowed both detection of the connected cross-border activity and the opportunity for enforcement action.

In practice, fragmented cooperation can mean:

• linked cases are not recognised early
• suspicious funds move before restraint is possible
• enforcement action becomes slower and less effective

The key point is not customer classification or automatic asset freezing, but the delay caused by poor inter-authority communication.

• Automatic freeze: Filing a SAR does not by itself freeze assets in another jurisdiction; overseas authorities must first receive and act on the intelligence.
• PEP focus: Nothing in the note suggests politically exposed person risk; the decisive issue is delayed communication between authorities.
• Domestic-only view: The exhibit explicitly shows overseas awareness mattered, because funds were withdrawn locally before the foreign authority knew of the UK suspicion.

The note directly links the lack of an effective sharing channel to late overseas awareness and funds being withdrawn first.

Question 7

Topic: Money Laundering

Why does coordination between prudential, conduct, sanctions, tax and criminal authorities matter in a complex financial-crime case?

• A. It allows the prudential regulator to take over criminal investigations where money laundering is suspected.
• B. It ensures suspicious activity needs to be reported to only one authority in all circumstances.
• C. It prevents firms from applying their own risk-based controls until authorities agree a common view.
• D. It creates a joined-up response where the same facts may engage multiple legal and supervisory regimes.

Best answer: D

What this tests: Money Laundering

Explanation: Complex financial-crime cases often cut across several regimes at once. Coordination matters because different authorities each see part of the risk, and a joined-up approach helps identify the full issue and respond consistently.

The core concept is overlapping jurisdiction. In a complex case, the same conduct may raise prudential concerns about systems and controls, conduct concerns about market integrity or customer treatment, sanctions issues, tax offences, and criminal offences such as money laundering or fraud. No single authority necessarily has the complete picture or all relevant powers.

Coordination therefore matters because it helps:

• combine intelligence and supervisory insight
• avoid gaps or duplicated action
• align asset-freezing, reporting, investigation and enforcement steps
• ensure firms are assessed across all relevant risks

The key point is not that one authority replaces another, but that complex financial crime often spans several legal and regulatory frameworks at the same time.

• Single reporting misconception: suspicious activity and other regulatory obligations do not collapse into one universal report just because several authorities are interested.
• Role confusion: a prudential regulator focuses on safety, soundness and controls; it does not simply assume the role of criminal investigator.
• Firm responsibility: firms must still apply their own risk-based controls, escalation and reporting obligations without waiting for authorities to form a joint view.

Complex cases can trigger overlapping AML, sanctions, tax, conduct and prudential issues, so coordination helps avoid gaps, duplication and inconsistent action.

Question 8

Topic: Money Laundering

An investment firm’s surveillance team sees a client place a series of small buy orders in an illiquid share across two venues shortly before an unexpected takeover announcement. The trading is unusual but not conclusive. Under the firm’s policy, reasonable suspicion of market abuse must be escalated promptly to Compliance and reported to the market regulator; proof is not required. Which action best applies this principle?

• A. Escalate internally, preserve the alert record, and report the suspicion promptly.
• B. Wait for profit withdrawals, then treat the case as possible money laundering.
• C. Refer the matter only to the issuer, because it knows potential insiders best.
• D. Ask the client for an explanation first and report only if it is unsatisfactory.

Best answer: A

What this tests: Money Laundering

Explanation: Securities and market regulators detect abuse through a mix of their own surveillance and information supplied by firms. When a firm has reasonable suspicion, the sound approach is prompt internal escalation, record retention, and timely reporting rather than waiting for proof or later cash movements.

The core concept is prompt escalation and reporting of suspicious trading to support the regulator’s market-abuse detection role. Securities and market regulators monitor markets, compare activity across venues, and use information from firms to identify patterns such as insider dealing or manipulation. Where the threshold is reasonable suspicion, the firm does not need to prove misconduct before acting. It should preserve the surveillance alert, relevant order and trade data, and the rationale for its decision, then make the required report through the proper channel.

This also reflects good governance and record-keeping: the firm shows that it monitored activity, escalated concerns appropriately, and supported regulatory oversight. Waiting for proceeds to move or outsourcing the issue to the issuer misses the immediate suspicious-trading risk. The closest distractor is contacting the client first, which can delay or compromise the reporting process.

• Seeking the client’s explanation first can delay escalation and is not a prerequisite when the reporting threshold is reasonable suspicion.
• Waiting for profit withdrawals confuses market-abuse detection with possible later laundering of proceeds; the suspicious trading itself is the trigger.
• Referring the matter only to the issuer misunderstands the regulator’s role, because regulators combine firm reports with wider market surveillance.

Firms support market regulators by escalating reasonable suspicion promptly, preserving records, and reporting suspicious trading without waiting to prove abuse.

Question 9

Topic: Money Laundering

A UK investment platform onboards a recently formed company whose beneficial owner is difficult to verify. Two days later, £180,000 arrives from a different UK company, is placed in a low-volatility fund, then redeemed three days later to an overseas account held by a relative of the suspected owner. No commercial rationale is provided. What is the best explanation for the money-laundering risk?

• A. The main issue is weak beneficial-ownership evidence at onboarding.
• B. Ordinary investment and redemption can layer funds and obscure their origin.
• C. The regulated product largely removes source-of-funds risk.
• D. The pattern mainly points to market abuse in the fund.

Best answer: B

What this tests: Money Laundering

Explanation: This is suspicious because an ordinary, low-volatility product is being used in a way that appears designed to conceal, not invest. The unrelated funding source, unclear ownership, brief holding period and onward payment to a connected overseas account are classic indicators of layering.

The core concept is that money laundering often uses normal financial products and payment routes when they help hide the true source or destination of funds. Here, the company receives money from a different entity, places it briefly into a low-volatility fund, and quickly redeems it to an overseas account linked to a relative of the suspected owner. That sequence can create an apparently legitimate investment history while weakening the link between the original payer, the customer and the final recipient.

A launderer does not need an exotic product. An ordinary fund and standard payment rails can be attractive because they generate credible records, statements and redemption proceeds. The short holding period and lack of commercial rationale make genuine investment activity less likely. The key takeaway is that concealment intent can turn a routine product into a layering tool.

• Treating this as only an onboarding KYC problem misses the transaction pattern; the movement through the fund adds a separate layering concern.
• Seeing market abuse is misplaced because there is no sign of insider information, manipulation or abusive trading behaviour.
• Assuming a regulated product reduces ML risk is a trap; routine, credible channels are often used precisely because they look legitimate.

The sequence uses routine investment activity and payment flows to create a legitimate-looking trail while distancing the money from its original source.

Question 10

Topic: Money Laundering

A firm is onboarding two customers. Customer 1 is based in a country the firm usually rates low risk, but has opaque ownership and expects frequent payments to unrelated third parties. Customer 2 is based in a country the firm rates higher risk, but is a salaried individual seeking a basic account funded from a bank account in their own name. No sanctions alerts or mandatory high-risk-country rule applies. Which approach best reflects the FATF risk-based approach?

• A. Let the country rating set the risk outcome unless sanctions screening identifies a match.
• B. Assign both customers the same interim rating until transaction monitoring gives more evidence.
• C. Assess each customer’s overall risk and apply proportionate CDD, documenting any departure from the country label.
• D. Ignore jurisdiction and rate risk only from ownership, funding, and expected activity.

Best answer: C

What this tests: Money Laundering

Explanation: Jurisdiction is an important AML factor, but it is only one part of an overall risk assessment. Under the FATF risk-based approach, firms weigh customer-specific features such as ownership transparency, source of funds, product type, and expected activity, then set proportionate CDD and record why the final rating may differ from the country stereotype.

The core principle is that AML risk should be assessed holistically rather than by geography alone. In this scenario, opaque ownership and expected third-party payments can make the customer from a usually low-risk country higher risk overall, while a simple, transparent relationship can make the other customer lower risk than the jurisdiction label might suggest. Because the stem removes any sanctions hit or mandatory high-risk-country rule, the firm should use a documented overall assessment based on customer, product, channel, and transactional factors, then apply proportionate CDD or EDD where justified. The key takeaway is that country risk remains relevant, but it should not automatically determine the final rating.

• Ignoring jurisdiction altogether is too extreme because geographic exposure is still a recognised AML risk factor.
• Letting the country rating control the outcome confuses one risk input with the full customer risk assessment.
• Giving both customers the same interim rating delays proportionate onboarding controls when enough facts are already available.

FATF-style controls require an overall assessment, so customer-specific factors can justify a higher or lower risk rating than the country stereotype.

Continue with full practice

Use the CISI CFC Practice Test page for the full Securities Prep route, mixed-topic practice, timed mock exams, explanations, and web/mobile app access.

Related focused pages

• Free CISI CFC Full-Length Practice Exam
• CISI CFC: The Background and Nature of Financial Crime
• CISI CFC: Terrorist Financing
• CISI CFC: Bribery and Corruption
• CISI CFC: Fraud and Market Abuse
• CISI CFC: Tax Evasion
• CISI CFC: Financial Sanctions
• CISI CFC: Financial Crime Risk Management
• CISI CFC: The Role of the Financial Services Sector

Free review resource

Read the CISI CFC guide on SecuritiesMastery.com, then return to Securities Prep for timed practice.