Exam-use focus
This Quick Reference supports candidates preparing for the Chartered Institute for Securities & Investment CISI Combating Financial Crime exam, code CISI CFC. It is an independent study aid, not an official Chartered Institute for Securities & Investment publication.
Use it to revise applied decision points: what risk is present, which control applies, when escalation is required, and how similar financial crime concepts differ.
Core financial crime map
| Area | What the criminal wants | Typical firm exposure | High-yield exam distinction |
|---|
| Money laundering | Make criminal proceeds appear legitimate | Accounts, securities trading, funds, payments, private wealth, trade finance | Focus is proceeds of crime and concealment of origin |
| Terrorist financing | Move or store value for terrorist purposes | Small payments, charities, remittances, cash, crypto, trade | Funds may be lawful or unlawful; purpose is key |
| Proliferation financing | Support WMD-related goods, technology, or networks | Trade finance, dual-use goods, shipping, sanctions evasion | Often overlaps with sanctions, trade controls, shell companies |
| Sanctions breach/evasion | Access restricted funds, markets, goods, or services | Onboarding, payments, securities, custody, trade, beneficial ownership | Screening alone is not enough; ownership/control matters |
| Bribery and corruption | Obtain improper advantage | Gifts, hospitality, introducers, procurement, government interaction | Includes indirect bribes through agents or third parties |
| Fraud | Gain through deception | Account takeover, false instructions, investment scams, internal fraud | Victim may be the firm, customer, market, or third party |
| Tax evasion facilitation | Help another evade tax | Offshore structures, advisers, complex ownership, false declarations | Distinguish lawful tax planning from dishonest evasion |
| Market abuse | Distort market integrity or misuse information | Trading, research, order handling, disclosures | Conduct may be abusive even without classic laundering |
Fast decision model
flowchart TD
A[Customer, transaction, employee, or counterparty event] --> B{Financial crime risk indicator?}
B -- No --> C[Proceed under normal controls and monitoring]
B -- Yes --> D{Can risk be understood and mitigated?}
D -- Yes --> E[Apply CDD/EDD, approvals, monitoring, restrictions]
D -- No --> F[Decline, exit, freeze, reject, or escalate as applicable]
E --> G{Suspicion formed?}
F --> G
G -- No --> H[Document rationale and continue monitoring]
G -- Yes --> I[Internal report to MLRO/nominated officer]
I --> J[Consider external SAR/STR, sanctions report, law enforcement, regulator, or FIU route]
J --> K[Do not tip off; preserve evidence]
Money laundering, terrorist financing, and proliferation financing
Laundering stages
| Stage | Practical meaning | Examples | Exam trap |
|---|
| Placement | Introduce criminal value into the financial system | Cash deposits, money service businesses, prepaid cards, crypto purchase | Not always cash; securities or digital assets can be placement routes |
| Layering | Create distance from source using complexity | Multiple transfers, cross-border movements, shell companies, back-to-back trades | Complex activity with no commercial rationale is a key cue |
| Integration | Reintroduce value as apparently legitimate wealth | Property, investments, loans, dividends, luxury assets | Integration often looks like normal wealth unless source is challenged |
AML / CTF / proliferation distinction
| Question | Money laundering | Terrorist financing | Proliferation financing |
|---|
| Source of funds | Usually criminal proceeds | Lawful or unlawful | Lawful, unlawful, state-linked, or front-company funds |
| Main concern | Concealing origin/ownership | Intended use for terrorism | Support for restricted goods, technology, or networks |
| Transaction size | Can be large or structured | Often small and frequent, but not always | May involve trade, shipping, procurement, or high-value goods |
| Common red flags | Shells, nominees, unexplained wealth | Charities/NPO misuse, high-risk regions, unusual remittances | Dual-use goods, vague invoices, unusual shipping routes |
| Control emphasis | CDD, EDD, monitoring, SAR | CDD, monitoring, sanctions, SAR | Sanctions, trade finance due diligence, end-use/end-user checks |
Risk-based approach
Risk equation for exam thinking
Use this as a conceptual model, not a precise calculation:
\[
\text{Residual risk} = \text{Inherent risk} - \text{Control effectiveness}
\]
| Risk layer | Examples | Candidate action in a scenario |
|---|
| Customer risk | PEP, non-resident, complex company, cash-intensive business, charity, crypto exchange | Identify whether standard CDD is enough or EDD is required |
| Product/service risk | Private banking, correspondent banking, trade finance, virtual assets, bearer-like instruments | Ask whether product enables anonymity, speed, complexity, or cross-border movement |
| Geography risk | Sanctioned, conflict, secrecy, corruption, weak AML controls, tax haven indicators | Do not assume nationality alone is risk; connect geography to exposure |
| Channel risk | Non-face-to-face onboarding, intermediaries, introducers, digital-only | Look for impersonation, weak verification, reliance risk |
| Transaction risk | Unusual size, speed, source, purpose, counterparties, circularity | Compare to known profile and stated purpose |
| Delivery/third-party risk | Agents, consultants, finders, distributors, payment processors | Consider bribery, CDD reliance, outsourcing oversight |
CDD, EDD, and ongoing monitoring
Customer due diligence decision table
| Situation | Likely control | What to verify or understand | Typical escalation |
|---|
| Low-risk, transparent customer | Standard CDD or simplified measures where permitted | Identity, purpose, expected activity | Normal approval |
| Higher-risk customer | EDD | Source of wealth, source of funds, ownership/control, senior approval | Compliance/MLRO review |
| PEP or close associate/family link | EDD | Public function, influence, SoW/SoF, corruption exposure | Senior management approval where required |
| Complex corporate structure | Enhanced ownership review | Beneficial owners, controllers, nominees, rationale for structure | Escalate if opaque or unverifiable |
| Trust/foundation/SPV | Legal arrangement review | Settlor/founder, trustees/directors, protectors, beneficiaries, controllers | Escalate if control is hidden |
| Intermediary-introduced customer | Reliance/outsourcing controls | Who performed CDD, access to evidence, accountability | Do not outsource responsibility blindly |
| Existing customer with new unusual activity | Trigger-event review | Updated KYC, transaction purpose, source of funds | SAR/STR consideration |
| Sanctions match | Sanctions investigation | Identity match, ownership/control, transaction nexus | Freeze/reject/report as applicable |
CDD evidence reference
| CDD element | Meaning | Evidence examples | Common weakness |
|---|
| Identity | Customer is who they claim to be | Government ID, registry extract, verified digital ID | Collecting a document without verifying authenticity |
| Verification | Independent confirmation of identity/details | Reliable independent sources, databases, certified documents | Relying only on customer statements |
| Beneficial ownership | Natural persons who ultimately own or control | Share registers, corporate filings, ownership chart, trust deed | Stopping at a company rather than natural persons |
| Purpose and intended nature | Why the relationship exists and expected activity | Account rationale, investment mandate, business model | Generic explanations such as “investment purposes” |
| Source of funds | Origin of the specific money used in a transaction | Sale contract, bank statement, dividend record, inheritance document | Confusing SoF with general wealth |
| Source of wealth | How total wealth was accumulated | Business sale, salary history, audited accounts, asset sale | Accepting broad claims without plausibility testing |
| Ongoing monitoring | Activity remains consistent with profile | Alerts, periodic reviews, event-driven updates | Treating onboarding as one-time only |
Source of funds vs source of wealth
| Term | Focus | Example question | Good exam cue |
|---|
| Source of funds | Where this transaction’s money came from | “Where did the £2m subscription money originate?” | Specific transaction trail |
| Source of wealth | How the customer became wealthy overall | “How did the customer build net worth?” | Lifetime or business wealth narrative |
| Proof of funds | Evidence money exists and is available | “Is the balance present in an account?” | Existence is not the same as legitimate source |
Beneficial ownership and control
| Entity type | Who to identify | What can go wrong | Higher-risk cue |
|---|
| Private company | Natural-person owners and controllers | Nominee shareholders, bearer-like arrangements, layered offshore entities | No clear economic rationale for structure |
| Listed company | Entity and relevant controllers under local rules | Assuming listed status removes all risk | Suspicious transaction still requires review |
| Partnership | Partners, controllers, beneficial owners | Informal control by non-partner | Unusual capital contributions |
| Trust | Settlor, trustees, protector, beneficiaries/classes, controllers | Discretionary beneficiaries used to hide interest | High-risk settlor or opaque protector |
| Foundation | Founder, council/board, beneficiaries, controllers | Control hidden through bylaws or protectors | Secrecy jurisdiction with asset-holding purpose |
| Charity/NPO | Trustees/directors, controllers, donors where relevant, beneficiaries/activity | Diversion of funds, false humanitarian purpose | Conflict zone links or poor expenditure evidence |
| Fund/investment vehicle | Fund, manager, administrator, investors where required | Nominee platforms obscure investor risk | Unusual redemptions/subscriptions or side letters |
| Concept | Meaning | Required exam reaction |
|---|
| PEP | Person entrusted with prominent public function | Higher corruption risk; apply enhanced scrutiny |
| Domestic PEP | PEP in the same jurisdiction as the firm/customer context | Still risk-based; not automatically low risk |
| Foreign PEP | PEP from another jurisdiction | Often higher-risk due to cross-border corruption exposure |
| International organisation PEP | Senior role in an international body | Consider access to public funds or influence |
| Family member | Close family connection to a PEP | Risk may derive from access or asset holding |
| Close associate | Business or personal association with PEP | Watch for nominee ownership or unexplained wealth |
| Adverse media | Negative public information | Validate source quality, relevance, recency, and connection |
PEP exam traps
- A PEP is not automatically a criminal or prohibited customer.
- EDD is about understanding risk, not simply collecting more documents.
- Close associates and family members can carry risk even without public office.
- Former PEPs may still pose influence risk depending on role, jurisdiction, and timing.
- Source of wealth is especially important for corruption-risk cases.
Sanctions quick reference
Sanctions types and controls
| Sanctions type | Restriction focus | Firm control | Scenario cue |
|---|
| Asset freeze/blocking | Funds or economic resources of designated persons/entities | Screen, freeze/block, stop dealing, report as applicable | Name match, ownership/control link |
| Trade sanctions | Goods, services, technology, sectors | Trade finance checks, goods/end-use review | Dual-use goods, unusual shipping route |
| Sectoral sanctions | Specific sectors, debt/equity, services, technology | Product-level restriction checks | Energy, finance, defence, technology exposure |
| Arms embargo | Military goods/services | Goods classification, end-user review | Military end user or broker |
| Travel ban | Movement of individuals | Usually less direct for financial firms | Can support risk assessment |
| Comprehensive country restrictions | Broad dealings with a territory or state | Geolocation, counterparty, ownership, transaction screening | Country/territory nexus |
Sanctions screening process
| Step | What to do | Common error |
|---|
| Screen customer and related parties | Customer, beneficial owner, controller, signatory, director, trustee, counterparty | Screening only the account holder |
| Screen transactions | Originator, beneficiary, banks, vessels, goods, ports, messages | Ignoring free-text fields or trade documents |
| Investigate possible match | Compare identifiers: DOB, address, nationality, ID, aliases, ownership | Clearing a match based only on name spelling |
| Consider ownership/control | Identify whether a sanctioned person owns or controls an entity | Treating non-listed entity as safe despite control link |
| Decide action | Proceed, reject, freeze/block, exit, report, seek licence where relevant | Continuing while “waiting for more comfort” |
| Document rationale | Keep audit trail of match decision and escalation | No evidence of why false positive was cleared |
Sanctions red flags
| Red flag | Why it matters |
|---|
| Counterparty recently changed name, directors, or ownership | Possible evasion after designation |
| Payments split across multiple banks or jurisdictions | Obscures sanctioned nexus |
| Goods description is vague or inconsistent with customer business | Trade sanctions/proliferation risk |
| Use of intermediaries in unrelated countries | Hides origin, destination, or control |
| Customer resists providing end-user/end-use information | Concealment risk |
| Vessel route, transshipment point, or port seems illogical | Sanctions evasion or trade-based laundering |
| Address matches sanctioned entity location | Potential direct or indirect nexus |
| Beneficial owner just below a disclosed threshold | Possible structuring to avoid detection |
Suspicion, escalation, and reporting
Suspicion decision cues
| Observation | Weak explanation | Stronger suspicion cue |
|---|
| Unusual transaction size | “Customer is wealthy” | Size inconsistent with known profile and no credible source |
| Complex structure | “Tax planning” | No commercial rationale; control hidden through nominees |
| Frequent round-number payments | “Business activity” | Repeated, structured, no invoices or weak documentation |
| Customer refuses information | “Privacy concerns” | Refusal prevents required CDD or transaction understanding |
| Rapid in/out movement | “Investment strategy” | No market rationale, third-party funds, circular transfers |
| Adverse media | “Only an article” | Credible, recent, connected to customer or funds |
SAR/STR workflow
| Stage | Key action | Exam caution |
|---|
| Detection | Employee, system, audit, customer contact, third-party alert | A single red flag may be enough to investigate |
| Internal escalation | Report to MLRO/nominated officer or designated function | Do not investigate in a way that alerts the customer |
| Assessment | Review facts, KYC, activity, explanations, intelligence | Suspicion does not require proof beyond doubt |
| External report | File SAR/STR or equivalent where required | Follow jurisdictional and firm procedures |
| Post-report handling | Restrict, continue, delay, exit, or seek consent/defence where applicable | Avoid tipping off and preserve confidentiality |
| Recordkeeping | Document reasons, decisions, evidence, timestamps | Poor records undermine defensibility |
Tipping off and confidentiality
| Action | Risk |
|---|
| Telling customer “we filed a SAR” | Clear tipping-off risk |
| Asking neutral CDD questions | Usually acceptable if not revealing suspicion |
| Closing account immediately after suspicious query without plan | May alert customer and disrupt investigation |
| Sharing details only with need-to-know internal staff | Appropriate confidentiality control |
| Discussing suspicion casually with relationship manager network | Breach of confidentiality and control weakness |
Bribery and corruption
Bribery risk table
| Risk area | Red flags | Controls |
|---|
| Gifts and hospitality | Excessive value, poor timing, linked to tender or approval | Limits, approvals, registers, conflict checks |
| Agents/intermediaries | Success fees, vague services, offshore payment requests | Due diligence, written contracts, service evidence |
| Public officials | Facilitation request, permit/visa/customs pressure | Prohibition/approval rules, escalation, training |
| Procurement | Sole-source award, inflated invoices, related-party supplier | Segregation, tender controls, conflict declarations |
| Political donations | Donation near business decision, third-party routing | Senior approval, transparency, legal review |
| Sponsorship/charity | Benefit to official’s preferred charity | Due diligence, purpose testing, monitoring |
| Recruitment/internships | Candidate linked to client or official | Conflict review and documented merit process |
Bribery exam distinctions
| Concept | Distinction |
|---|
| Bribe | Improper advantage offered, promised, given, requested, or received |
| Facilitation payment | Small payment to speed routine action; often high-risk or prohibited by firm policy |
| Hospitality | Can be legitimate if proportionate and transparent; risky if intended to influence |
| Kickback | Secret return of part of a payment as reward for business |
| Third-party bribery | Firm may be exposed through agents, consultants, distributors, or introducers |
| Adequate procedures/controls | Risk assessment, due diligence, communication, training, monitoring, senior commitment |
Fraud reference
| Fraud type | How it appears | Control focus |
|---|
| Identity fraud | Fake or stolen identity, synthetic identity | Identity verification, device checks, document validation |
| Account takeover | Change of email, phone, password, payment destination | Strong authentication, call-back, anomaly detection |
| Authorised push payment scam | Customer instructed to send funds to fraudster | Payment warnings, payee verification, scam education |
| Investment scam | Unrealistic returns, pressure, fake platform | Customer warnings, transaction monitoring, staff escalation |
| Invoice redirection | Supplier bank details changed | Independent verification of changes |
| Internal fraud | Employee misuse of access or funds | Segregation, access reviews, surveillance, whistleblowing |
| Market manipulation fraud | False orders, rumours, pump-and-dump | Surveillance, order/trade monitoring |
| Cyber-enabled fraud | Phishing, malware, business email compromise | Cyber controls, incident response, fraud monitoring |
| Conduct | Meaning | Indicators |
|---|
| Insider dealing | Trading using inside information | Trading before announcement, linked accounts, unusual profit |
| Unlawful disclosure | Improperly sharing inside information | Leaks, selective disclosure, informal tips |
| Market manipulation | Creating false or misleading market impression | Spoofing, layering, wash trades, marking the close |
| Misleading statements | False or deceptive information affecting market | Rumours, false research, misleading announcements |
| Front running | Trading ahead of client/order information | Employee or proprietary trading before large client order |
| Pump-and-dump | Inflate price then sell | Social media hype, thinly traded securities, sudden volume |
Market abuse vs AML
| Question | Market abuse | AML |
|---|
| Main harm | Market integrity and fair information | Legitimacy of funds and ownership |
| Typical evidence | Orders, trades, information flow, timing | Funds flow, ownership, source, layering |
| Reporting route | Market surveillance/compliance/regulator process | MLRO/FIU/SAR route as applicable |
| Overlap | Criminal proceeds from abuse may later be laundered | Suspicious trading profits can trigger AML review |
Trade-based financial crime
| Red flag | Possible issue | Review action |
|---|
| Invoice price far above/below market | Value transfer, laundering, tax evasion | Compare to market, prior invoices, quantity |
| Goods inconsistent with customer business | Front company or sanctions evasion | Validate commercial purpose |
| Repeated amendments to letters of credit | Manipulation or concealment | Review rationale and counterparties |
| Multiple intermediaries with no role | Layering or bribery | Map parties and services |
| Unusual shipping route | Sanctions/proliferation evasion | Check ports, vessels, destination |
| Vague goods description | Dual-use or restricted goods risk | Request precise classification and end use |
| Same address for unrelated parties | Shell network | Investigate ownership/control |
| Payment from unrelated third party | Laundering or fraud | Verify relationship and purpose |
Virtual assets and digital channels
| Risk | Why it matters | Control cue |
|---|
| Pseudonymity | Wallets may not directly show natural person | Link wallet, customer, source, and purpose |
| Mixers/tumblers | Obscure transaction trail | Treat as higher-risk; investigate source |
| Chain hopping | Movement across different tokens/chains | Use blockchain analytics where available |
| Privacy coins | Reduced traceability | Enhanced scrutiny or restriction |
| High-risk exchange | Weak AML controls or sanctioned exposure | Counterparty risk assessment |
| Scam proceeds | Fraud victims send funds to wallets | Fraud and AML escalation |
| Rapid fiat-crypto-fiat movement | Layering indicator | Transaction monitoring and SoF review |
Governance and control framework
| Control layer | Responsibilities | Evidence examiners expect in scenarios |
|---|
| Board/senior management | Risk appetite, culture, oversight, resources | Approved policies, MI review, challenge |
| First line | Own customer and transaction risk | CDD quality, escalation, adherence to procedures |
| Compliance/financial crime function | Policies, advisory, monitoring, testing | Risk assessment, controls, guidance |
| MLRO/nominated officer | Suspicion assessment and reporting oversight | SAR/STR decisions, confidentiality, audit trail |
| Operations/screening teams | Alert handling, sanctions/payment controls | Timely investigation, documented decisions |
| Internal audit | Independent assurance | Findings, remediation tracking |
| HR/training | Vetting, competence, conduct | Role-specific training and attestations |
| IT/data | Systems, rules, data quality, access | Accurate screening, monitoring, access controls |
Financial crime policy components
| Component | What it should cover |
|---|
| Risk assessment | Customer, product, geography, channel, transaction, third-party risks |
| CDD standards | Identification, verification, beneficial ownership, purpose, ongoing monitoring |
| EDD triggers | PEPs, sanctions exposure, high-risk jurisdictions, complex structures |
| Sanctions controls | Screening scope, alert handling, ownership/control, reporting |
| SAR/STR process | Internal escalation, MLRO assessment, external reporting, confidentiality |
| Recordkeeping | Evidence, decisions, approvals, monitoring, reports |
| Training | Role-based, refreshed, tested, documented |
| Independent testing | Compliance monitoring and audit review |
| Remediation | Issue ownership, deadlines, validation |
| Whistleblowing | Safe reporting of internal misconduct |
Alert and investigation handling
| Investigation step | Good practice | Weak practice |
|---|
| Define alert | State what triggered review | “System alert” with no detail |
| Gather facts | KYC, transactions, counterparties, documents, open source | Asking customer leading questions first |
| Compare to profile | Expected vs actual activity | Looking at transaction in isolation |
| Test explanation | Is it plausible, evidenced, and consistent? | Accepting generic explanation |
| Decide and escalate | Clear rationale: close, monitor, EDD, SAR, exit, freeze | No conclusion or owner |
| Preserve evidence | Timestamped notes, document copies, audit trail | Editing or deleting records |
| Avoid contamination | Need-to-know access, confidentiality | Broad internal circulation |
High-yield red flags by dimension
| Dimension | Red flags |
|---|
| Customer | Reluctant to provide CDD, uses nominees, unexplained wealth, inconsistent occupation, links to adverse media |
| Corporate | Layered offshore entities, frequent ownership changes, no employees/web presence, shared addresses, bearer-like control |
| Transaction | Round amounts, rapid movement, third-party payments, circular flows, inconsistent purpose, early redemption |
| Securities | Wash trades, pre-arranged trades, uneconomic trading, concentration in illiquid stocks, trading before news |
| Geography | Sanctions nexus, conflict zones, corruption exposure, secrecy jurisdiction, weak AML supervision |
| Product | High mobility, anonymity, transferability, early surrender, overpayment/refund risk |
| Channel | Non-face-to-face, introducer-led, remote document certification, unusual IP/device |
| Behaviour | Pressure, secrecy, inconsistent answers, refusal to document, sudden urgency |
| Employee | Override of controls, unusual lifestyle, close client relationships, reluctance to take leave |
| Third party | Agent lacks expertise, offshore success fee, related party, no service evidence |
Scenario decision matrix
| Scenario cue | Likely issue | Best response |
|---|
| New customer is a minister’s sibling using offshore company | PEP associate, ownership, corruption risk | EDD, SoW/SoF, senior approval, ownership mapping |
| Payment to listed sanctioned person | Sanctions match | Stop/freeze/reject/report as applicable; do not process |
| Customer says funds came from “business profits” but has no records | Weak SoF | Request evidence; consider EDD and suspicion |
| Large trade finance invoice for goods outside customer’s sector | Trade-based laundering/proliferation | Validate goods, end use, counterparties, pricing |
| Employee accepts luxury trip from broker during mandate award | Bribery/conflict | Escalate, gift/hospitality review, conflict controls |
| Multiple small transfers to conflict region charity | CTF/NPO misuse risk | Review charity, purpose, counterparties; escalate if suspicious |
| Customer asks whether account is “under investigation” | Tipping-off risk | Provide neutral response; avoid revealing suspicion |
| Insider’s relative trades before takeover announcement | Market abuse | Escalate to surveillance/compliance; preserve evidence |
| Customer rapidly buys and sells assets with no economic rationale | Layering/market abuse | Investigate, compare profile, consider SAR |
| Company owned by non-sanctioned entity controlled by sanctioned person | Sanctions ownership/control | Treat as sanctions risk; escalate and act under procedures |
Common exam traps
| Trap | Correct exam mindset |
|---|
| “Suspicion requires proof” | Suspicion is lower than proof; document reasonable grounds and escalate |
| “CDD ends after onboarding” | Monitoring is ongoing and event-driven |
| “A sanctions list screen is enough” | Also consider beneficial ownership, control, goods, geography, and transactions |
| “PEPs are prohibited” | PEPs require risk-based EDD; prohibition depends on law/policy |
| “Beneficial owner means account signatory” | Signatory may act on behalf of the true owner/controller |
| “Source of funds equals source of wealth” | SoF is transaction-specific; SoW explains total wealth |
| “Outsourcing CDD transfers responsibility” | A firm may outsource tasks, but accountability usually remains |
| “Low-value transactions are low risk” | Terrorist financing and structuring may use small amounts |
| “Adverse media always means exit” | Assess credibility, relevance, recency, and risk appetite |
| “If customer explains it, risk is solved” | Explanation must be plausible and evidenced |
| “Sanctions risk only concerns customers” | Counterparties, banks, vessels, goods, owners, and locations matter |
| “Tax avoidance and evasion are the same” | Lawful planning differs from dishonest evasion or facilitation |
| “Compliance owns all financial crime risk” | First line owns risk; compliance provides oversight and challenge |
Last-week revision checklist
- Rehearse the difference between AML, CTF, proliferation financing, sanctions, bribery, fraud, tax evasion, and market abuse.
- Memorise the practical differences between CDD, EDD, SoF, SoW, beneficial ownership, and ongoing monitoring.
- Practise identifying the first escalation point in scenarios: MLRO, sanctions team, surveillance, senior management, or fraud team.
- For each red flag, ask: what is unusual, what evidence is missing, and what control should be applied?
- In reporting questions, remember: document, escalate, avoid tipping off, preserve evidence.
- In sanctions questions, remember: do not rely only on exact name matches; assess ownership/control and transaction nexus.
- In bribery questions, look for improper advantage, timing, third parties, public officials, and weak service evidence.
- In fraud questions, separate customer victim fraud, firm victim fraud, internal fraud, and market-facing fraud.
- In market abuse questions, focus on inside information, misleading impression, order behaviour, and timing.
Practical next step
Use this Quick Reference as a scenario drill sheet: take practice questions for CISI CFC — CISI Combating Financial Crime, identify the financial crime type, choose the correct control or escalation, then check whether you avoided the common traps above.