CISI CFC — CISI Combating Financial Crime Scenario Practice Guide

How to approach CISI CFC scenario questions

The CISI Combating Financial Crime (CISI CFC) exam from the Chartered Institute for Securities & Investment tests more than recognition of financial crime terms. Scenario questions often ask you to apply principles to a client, transaction, firm process, escalation route, or control weakness.

A good scenario-reading method helps you avoid jumping to the first familiar phrase, such as “PEP,” “sanctions,” “unusual transaction,” or “cash-intensive business.” Your task is to decide what the facts require now, based on the role of the person in the scenario, the risk indicators, the firm’s obligations, and the most appropriate next action.

Use this guide to practise a disciplined process for final review.

The core reading sequence

When you see a financial crime scenario, read it in this order:

1. Identify the role and relationship

   • Who is acting?
   • Is the person a client, beneficial owner, employee, adviser, introducer, correspondent, third party, or regulator?
   • Is the firm onboarding, servicing, monitoring, investigating, or reporting?

2. Find the decision point

   • Is the question asking what should be done first?
   • Is it asking for the best control?
   • Is it asking whether a suspicion exists?
   • Is it asking about disclosure, escalation, documentation, or refusal to proceed?

3. Classify the financial crime issue

   • Money laundering
   • Terrorist financing
   • Sanctions exposure
   • Bribery and corruption
   • Fraud
   • Market abuse or insider dealing concerns
   • Tax evasion facilitation risk
   • Cyber-enabled financial crime
   • Governance, culture, systems, and controls failure

4. Separate facts from distractors

   • Which facts change the risk assessment?
   • Which facts are background only?
   • Which facts are included to make a familiar answer tempting but incomplete?

5. Apply the control or obligation

   • Customer due diligence
   • Enhanced due diligence
   • Ongoing monitoring
   • Sanctions screening
   • Source of funds or source of wealth enquiry
   • Internal escalation
   • Suspicious activity reporting process
   • Recordkeeping
   • Staff training and supervision
   • Senior management oversight

6. Choose the most defensible answer

   • Prefer the answer that addresses the full scenario, not just one phrase.
   • Prefer escalation, verification, and documented review where uncertainty or suspicion is present.
   • Avoid answers that ignore risk, bypass policy, or disclose sensitive reporting activity to the wrong person.

Identify the client, account, and role

Many scenario questions turn on who the firm is dealing with. The same fact can lead to different answers depending on whether it relates to a customer, beneficial owner, employee, broker, intermediary, introducer, or third-party payer.

Ask:

• Who is the firm’s customer?
• Who controls the account or transaction?
• Who ultimately benefits?
• Is someone acting on behalf of someone else?
• Is there a corporate structure, trust, nominee, or layered ownership chain?
• Is the person requesting action authorised to do so?
• Is the firm relying on another party’s checks, or must it perform its own?

Example

A scenario says a long-standing client asks the firm to accept funds from an unrelated offshore company.

Do not stop at “long-standing client.” The more important facts may be:

• The payer is a third party.
• The source of funds may not match the client profile.
• The relationship between payer and client is unclear.
• The transaction may require further verification or escalation before proceeding.

A strong answer would usually address the need to understand and document the relationship, assess financial crime risk, and follow the firm’s escalation process if the explanation is inadequate or suspicious.

Find the actual decision point

Scenario questions often include several facts, but only one question is being asked. Before reviewing the answer choices, restate the question in your own words.

Common decision points include:

• Onboarding decision: Can the firm establish or continue the relationship?
• Due diligence decision: Is standard due diligence enough, or is enhanced review needed?
• Transaction decision: Should the transaction proceed, be delayed, be refused, or be escalated?
• Suspicion decision: Do the facts create grounds for internal reporting?
• Sanctions decision: Is screening, freezing, rejection, escalation, or legal/compliance review required?
• Disclosure decision: What can or cannot be said to the client?
• Control decision: What policy, training, system, or governance response best addresses the weakness?
• Recordkeeping decision: What must be documented to evidence the firm’s rationale?

A useful exam habit

After reading the stem, complete this sentence:

“The exam is asking me to decide whether the firm should…”

Then choose the answer that completes that sentence most accurately.

For example:

• “…accept the client without more checks.”
• “…conduct enhanced due diligence.”
• “…escalate internally before proceeding.”
• “…make a disclosure to the client.”
• “…strengthen monitoring controls.”

This prevents you from selecting an answer that is true in general but not responsive to the actual question.

Separate relevant facts from distractors

Financial crime scenarios often contain a mixture of relevant clues and neutral background. Your job is not to treat every detail equally.

Facts that usually matter

Pay close attention to facts about:

• Customer identity and verification
• Beneficial ownership and control
• Politically exposed person status or close associations
• Sanctions exposure or high-risk jurisdictions
• Unusual transaction size, frequency, timing, or complexity
• Activity inconsistent with the customer profile
• Use of cash, cryptoassets, offshore entities, nominees, or third parties
• Reluctance to provide information
• Pressure to complete quickly
• Secrecy, inconsistent explanations, or evasive behaviour
• Source of wealth and source of funds
• Internal policy breaches or ignored alerts
• Staff conflicts of interest
• Gifts, hospitality, facilitation payments, or procurement concerns
• Suspicious trading behaviour or misuse of confidential information

Facts that may be less decisive

Some details may be included to test whether you overreact or underreact:

• The client is wealthy.
• The client has been with the firm for many years.
• The transaction is profitable for the firm.
• A senior employee wants the business accepted.
• The client says the transaction is urgent.
• Another institution has already dealt with the client.
• The client has a respected professional adviser.
• The transaction is common in the client’s industry.

These facts may provide context, but they do not remove the need for appropriate due diligence, monitoring, escalation, or documentation.

Read for red flags, then connect them to controls

A red flag is not automatically the final answer. It is a signal to apply the right control or decision process.

Red flag: unusual movement of funds

Ask:

• Is the activity consistent with the known customer profile?
• Is the source of funds clear?
• Is the purpose of the transaction understood?
• Are third parties involved?
• Should monitoring, review, or escalation occur?

Likely control themes:

• Ongoing monitoring
• Transaction review
• Source of funds enquiry
• Internal escalation if suspicion arises
• Documentation of the rationale

Red flag: complex ownership

Ask:

• Can the firm identify and verify the beneficial owners?
• Is the structure unnecessarily complex?
• Is there a legitimate commercial explanation?
• Does the structure obscure control?

Likely control themes:

• Customer due diligence
• Beneficial ownership verification
• Enhanced due diligence where risk is higher
• Senior or compliance review where policy requires it

Red flag: sanctions or restricted party concern

Ask:

• Is there a possible name match, ownership/control link, jurisdiction exposure, or prohibited dealing concern?
• Is the match confirmed or unresolved?
• Should the firm stop and escalate rather than proceed?
• Does the answer avoid tipping off or inappropriate disclosure?

Likely control themes:

• Screening
• Match resolution
• Escalation to sanctions/compliance specialists
• Blocking, freezing, rejecting, or not proceeding where applicable under the firm’s procedures and relevant law
• Recordkeeping

Red flag: bribery and corruption risk

Ask:

• Is there an improper advantage?
• Is a gift, payment, commission, donation, sponsorship, or hospitality linked to business influence?
• Is a third party involved?
• Is the payment transparent, proportionate, approved, and documented?
• Is there pressure to bypass controls?

Likely control themes:

• Gifts and hospitality policy
• Third-party due diligence
• Approval and documentation
• Refusal or escalation of improper requests
• Training and monitoring

Check authority and documentation

Scenario answers often differ in whether they include the correct authority and paper trail.

In the CISI CFC context, do not assume that a front-office employee can resolve every concern alone. Many scenarios require escalation through the firm’s financial crime, compliance, sanctions, or money laundering reporting process.

Ask:

• Who has authority to approve higher-risk clients?
• Who should review an unresolved sanctions alert?
• Who should receive an internal suspicion report?
• Who can decide whether to exit a relationship?
• What records should evidence the decision?
• Has the firm documented the risk assessment and rationale?

Strong answer characteristics

A strong answer often says the firm should:

• Verify relevant information before proceeding.
• Escalate concerns to the appropriate internal function.
• Apply enhanced due diligence where risk demands it.
• Document the decision and supporting evidence.
• Follow policy and legal obligations rather than commercial pressure.
• Avoid alerting the client to sensitive internal reporting.

Weak answer characteristics

A weak answer often:

• Proceeds because the client is important or profitable.
• Relies only on verbal assurances.
• Treats a single document as resolving all risk.
• Ignores beneficial ownership or third-party involvement.
• Gives the client details of a suspicious activity report or internal investigation.
• Assumes old due diligence is enough for new risk.
• Treats compliance as optional if the transaction is urgent.

Look for suitability, risk, and disclosure clues

Although CISI CFC is a financial crime exam rather than an investment suitability exam, scenario questions still test whether a firm’s response is suitable for the risk presented.

Think of “fit” in three ways:

1. Risk fit

   • Does the level of due diligence match the customer and transaction risk?

2. Control fit

   • Does the control chosen address the actual weakness?

3. Disclosure fit

   • Is information being shared with the right party, at the right time, and in the right way?

Example

A scenario says a client becomes evasive when asked about the source of a large transfer and asks the adviser not to “make a fuss.”

A less defensible answer would be to process the transfer because the client is already onboarded.

A more defensible answer would recognise:

• The behaviour is relevant to suspicion.
• Existing due diligence may no longer be sufficient.
• The matter may require internal escalation.
• The adviser should avoid inappropriate disclosure to the client.
• The firm should document the facts and follow its reporting process.

Decide what should happen first

Many exam options are plausible, but the word first changes the answer. In financial crime scenarios, the first step is often not the final outcome.

For example:

• Before accepting a high-risk client, the firm may need enhanced due diligence and approval.
• Before executing a questionable transaction, the firm may need to review and escalate.
• Before dismissing an alert as a false positive, the firm may need to resolve the match using reliable information.
• Before terminating a relationship, the firm may need to consider reporting, legal obligations, and tipping-off risk.
• Before relying on another party, the firm may need to assess whether reliance is permitted and documented.

When answering “first” questions, prefer the answer that preserves the firm’s ability to comply, investigate, and document.

Match the scenario to the best financial crime concept

Use the facts to identify the main concept being tested.

Customer due diligence

Look for:

• New client onboarding
• Identity verification
• Beneficial ownership
• Purpose and intended nature of the relationship
• Incomplete or inconsistent customer information

Question focus may be:

• What information is needed?
• Whether the firm can proceed
• Whether enhanced due diligence is required
• Whether the relationship should be refused or escalated

Enhanced due diligence

Look for:

• Higher-risk customer profile
• Politically exposed person or close association concerns
• High-risk jurisdiction exposure
• Complex ownership
• Unusual source of wealth
• Adverse media
• Non-face-to-face or intermediary-heavy arrangements
• Unusual transaction behaviour

Question focus may be:

• Additional verification
• Senior management or compliance approval
• Source of wealth/source of funds review
• Ongoing monitoring

Suspicious activity and escalation

Look for:

• Inconsistencies
• Evasive behaviour
• Activity inconsistent with known profile
• Unexplained third-party funds
• Attempts to avoid reporting thresholds or controls
• Unusual urgency or secrecy

Question focus may be:

• Internal reporting
• Avoiding tipping off
• Whether to process, pause, or escalate
• Documentation of suspicion and rationale

Sanctions

Look for:

• Name match
• Ownership or control by a restricted party
• Exposure to restricted jurisdictions, sectors, vessels, goods, or services
• Payment routes involving sanctioned entities
• Attempts to obscure counterparties

Question focus may be:

• Screening and match resolution
• Escalation to sanctions/compliance team
• Stopping or not proceeding until resolved
• Recordkeeping and legal review

Bribery and corruption

Look for:

• Gifts, hospitality, donations, sponsorships, commissions, or facilitation payments
• Public officials or state-owned entities
• Third-party intermediaries
• Procurement influence
• Payment without clear services
• Unusual success fees or offshore payment requests

Question focus may be:

• Refusal or escalation
• Third-party due diligence
• Approval controls
• Recording gifts and hospitality
• Monitoring and training

Fraud and cyber-enabled crime

Look for:

• Account takeover signs
• Change of payment instructions
• Pressure to act urgently
• Unusual login or communication patterns
• Fake documentation
• Impersonation of senior management or clients

Question focus may be:

• Verification using trusted channels
• Pausing the transaction
• Escalation to fraud/security teams
• Incident response and documentation

Market abuse and confidential information

Look for:

• Trading before announcements
• Unusual trading patterns
• Access to inside information
• Information barriers
• Personal account dealing concerns
• Rumours or improper disclosure

Question focus may be:

• Escalation to compliance
• Restricting trading where appropriate
• Managing inside information
• Surveillance and recordkeeping

Compare answer choices by defensibility

When several answers seem reasonable, compare them using five tests.

1. Does the answer address the whole scenario?

An answer that only addresses one red flag may be incomplete.

If the scenario includes a high-risk client, unexplained funds, and pressure to proceed quickly, an answer that merely says “update the client file” may be too narrow.

2. Does the answer follow the correct sequence?

Some actions are right, but not yet.

For example, exiting a relationship may eventually be appropriate, but the immediate best answer may be to escalate internally, avoid tipping off, and follow the reporting process.

3. Does the answer use the correct authority?

If the scenario involves sanctions, suspicious activity, or higher-risk approval, the best answer often involves the relevant compliance, sanctions, MLRO, nominated officer, or financial crime function, depending on the firm’s structure.

4. Does the answer preserve evidence?

Financial crime controls depend on documented reasoning. A defensible answer usually includes maintaining records, documenting the risk assessment, or recording approval where relevant.

5. Does the answer avoid inappropriate disclosure?

Be cautious with answers that tell the client too much about internal suspicions, alerts, reports, or investigations.

Work through a compact scenario example

Scenario

A relationship manager is onboarding a corporate client with several layers of overseas ownership. The client’s representative says the ownership structure is confidential and urges the firm to open the account quickly because a large payment is expected. The representative offers a letter from a local adviser confirming that the company is reputable.

Step 1: Identify the role

• The firm is onboarding a corporate client.
• The representative is acting for the client.
• There are beneficial ownership and control questions.

Step 2: Find the decision point

The decision is not simply whether the company is reputable. The issue is whether the firm can onboard without understanding ownership and risk.

Step 3: Identify relevant facts

Relevant:

• Layered overseas ownership
• Refusal or reluctance to provide ownership information
• Urgency
• Large expected payment
• Reliance on a third-party assurance

Less decisive:

• The adviser says the company is reputable.
• The client wants speed.
• The transaction may be valuable to the firm.

Step 4: Apply the control

The firm should obtain and verify required customer and beneficial ownership information, assess risk, consider enhanced due diligence, and escalate if the information is inadequate or suspicious.

Step 5: Choose the best answer

The best answer would not be “open the account based on the adviser’s letter.” It would be the answer that requires further due diligence, appropriate escalation, and documentation before proceeding.

Use “because” to test your answer

Before selecting an option, add “because” after it.

Example:

“Escalate to the financial crime function before proceeding, because the source and control of the client are unclear and the urgency increases risk.”

If you cannot complete the sentence using facts from the scenario, the answer may be too general.

Good scenario answers are anchored in the stem:

• “because the activity is inconsistent with the customer profile”
• “because the beneficial owner has not been identified”
• “because the sanctions match is unresolved”
• “because the payment request creates bribery risk”
• “because disclosure to the client could compromise the reporting process”

Final-review checklist for CISI CFC scenarios

Use this checklist when practising scenario questions:

• Who is the customer, beneficial owner, counterparty, or third party?
• What stage is the firm at: onboarding, monitoring, investigating, reporting, or exiting?
• What is the actual decision point?
• Which facts increase financial crime risk?
• Which facts are background or commercial pressure?
• Is the issue AML, CTF, sanctions, bribery, fraud, market abuse, tax evasion facilitation, or controls?
• Is standard due diligence enough, or is enhanced review needed?
• Does the firm need to verify source of funds or source of wealth?
• Is there an unresolved alert or suspicion?
• Who has authority to decide or approve?
• What should be documented?
• Could the answer cause inappropriate disclosure?
• Which option best protects the firm’s compliance position while addressing the full scenario?

Practice method for efficient preparation

For each scenario question you practise, do more than mark right or wrong. Create a short review note:

• Decision point: What was the question really asking?
• Key facts: Which three facts mattered most?
• Control used: Which policy, obligation, or process applied?
• Rejected answer: Why was the tempting alternative less defensible?
• Exam habit: What will you look for next time?

This turns scenario practice into pattern recognition without relying on memorised wording.

Next step

Use this guide while working through CISI CFC scenario practice. Start with topic drills for due diligence, sanctions, suspicious activity, bribery and corruption, fraud, and controls. Then move to mixed mock exams so you can practise identifying the issue, applying the right decision sequence, and choosing the most defensible answer under exam timing.