CISI CFC — CISI Combating Financial Crime Study Plan
A practical study plan for the Chartered Institute for Securities & Investment CISI Combating Financial Crime exam, with 7-day, 14-day, 30-day, and 60/90-day preparation paths.
Who this study plan is for
This plan is for candidates preparing for the Chartered Institute for Securities & Investment CISI Combating Financial Crime exam, exam code CISI CFC.
Use it to turn your available time into a structured preparation schedule. The exam rewards more than memorising definitions: you need to recognise financial crime risks, apply compliance controls, and choose appropriate responses in practical scenarios.
This page is independent study planning support. Always align your preparation with the current CISI syllabus, workbook, learning materials, and exam instructions.
Which plan should you use?
| Time available | Best plan | Use it if | Main risk | What to prioritise |
|---|---|---|---|---|
| 7 days | Final review plan | You have already studied most topics | Too much new material too late | Mock exams, red flags, weak topics, reporting duties |
| 14 days | Focused plan | You know some material but need structure | Shallow coverage | High-yield topic review plus daily question practice |
| 30 days | Balanced plan | You can study most days | Forgetting early topics | Full syllabus pass, spaced review, timed practice |
| 60 days | Full preparation path | You are starting from limited knowledge | Losing momentum | Build understanding first, then exam technique |
| 90 days | Extended full path | You are working around a busy schedule | Over-studying without testing | Weekly milestones, cumulative mocks, error-log review |
If you are unsure, choose the shorter realistic plan, not the ideal one. A consistent 45 to 90 minutes per day is better than planning long sessions you cannot complete.
Core topic map for CISI CFC preparation
Build your checklist from the current CISI materials, but organise your study around practical financial crime control themes:
| Topic area | What you should be able to do in practice |
|---|---|
| Financial crime overview | Distinguish money laundering, terrorist financing, fraud, bribery, corruption, sanctions breaches, tax-related crime, and other misconduct |
| AML and CTF controls | Explain customer due diligence, enhanced due diligence, ongoing monitoring, suspicious activity escalation, and record-keeping principles |
| Risk-based approach | Identify higher-risk customers, jurisdictions, products, channels, transactions, and business relationships |
| Sanctions and screening | Recognise screening issues, potential matches, escalation steps, and the seriousness of sanctions exposure |
| Bribery and corruption | Identify inducements, facilitation payments, conflicts, third-party risks, and control weaknesses |
| Fraud and market abuse concepts | Recognise common red flags, internal control failures, and escalation requirements |
| Governance and culture | Understand senior management responsibility, policies, training, oversight, assurance, and consequences of weak controls |
| Reporting and escalation | Know when a concern should be escalated, documented, reviewed, or reported through the appropriate internal process |
| Applied scenarios | Select the best response when facts are incomplete, suspicious, or operationally inconvenient |
For this exam, most study time should go into scenario judgement, vocabulary, red-flag recognition, and applied control selection, not calculation practice.
Daily practice rhythm
Use this rhythm for most study days, regardless of your timeline.
| Block | Time | Action | Output |
|---|---|---|---|
| Warm-up recall | 5-10 min | Write 5 terms, red flags, or controls from memory | Short recall list |
| Topic study | 25-45 min | Read one focused section of your CISI materials | Notes limited to exam-relevant points |
| Active drill | 20-30 min | Answer topic questions without notes | Score plus flagged questions |
| Explanation review | 15-25 min | Review every missed and guessed answer | Error-log entries |
| Scenario recap | 5-10 min | Summarise “what should the firm do?” for one scenario | One applied decision rule |
The 3-question rule for every topic
After each topic, you should be able to answer:
What is the risk? Example: money laundering, sanctions exposure, bribery risk, fraud, terrorist financing, weak governance.
What are the red flags? Example: unusual transaction pattern, opaque ownership, high-risk jurisdiction, reluctant customer, unexplained third-party payment.
What is the appropriate response? Example: obtain more information, apply enhanced due diligence, escalate internally, stop processing pending review, document the concern, or follow suspicious activity procedures.
Missed-question review method
Do not just record the right answer. Record why your thinking failed.
| Error type | What it means | Fix |
|---|---|---|
| Definition gap | You did not know the term | Add to glossary and retest in 48 hours |
| Red-flag miss | You did not recognise suspicious facts | Create a red-flag example card |
| Overreaction | You chose an extreme action too early | Review escalation sequence and internal process logic |
| Underreaction | You treated a serious risk as routine | Review sanctions, suspicious activity, EDD, and reporting triggers |
| Confused concepts | You mixed up AML, sanctions, fraud, bribery, or market abuse | Build a comparison table |
| Question-reading error | You missed “best”, “first”, “most likely”, or “except” | Slow down and underline the task in practice |
| Memory decay | You knew it before but forgot | Add spaced review on days 2, 5, and 10 |
Use a simple error log:
| Date | Topic | Question issue | Why I missed it | Correct rule | Retest date |
|---|---|---|---|---|---|
Review the error log every 2-3 days. In the final week, the error log is more valuable than rereading long notes.
When to use timed mock exams
Timed mocks are for exam readiness, not just scoring.
| Preparation stage | Mock type | Purpose |
|---|---|---|
| Start of 14, 30, 60, or 90-day plan | Diagnostic set or short mock | Identify weak areas before planning |
| Midpoint of plan | Timed sectional practice | Test pace and topic retention |
| Final 7-10 days | Full timed mock | Build exam stamina and decision speed |
| Final 2-3 days | Light timed set only | Stay sharp without exhausting yourself |
After every mock, spend at least as long reviewing as you spent answering. If a mock takes one hour, reserve another hour for review.
Mock review priorities
Review in this order:
- Questions you missed.
- Questions you guessed correctly.
- Questions where two options looked plausible.
- Questions that exposed weak terminology.
- Questions that took too long.
Your goal is not only a better score. Your goal is to reduce repeated mistakes.
7-day final review plan
Use this plan if your exam is in one week and you have already covered most of the CISI CFC content.
Do not try to relearn the entire workbook. Focus on retention, applied judgement, and avoiding preventable errors.
| Day | Main objective | Study actions |
|---|---|---|
| Day 1 | Diagnose | Take a timed diagnostic set or mock. Create a ranked weak-topic list. Review all missed and guessed questions. |
| Day 2 | AML, CTF, and risk-based approach | Review customer risk, product risk, jurisdiction risk, transaction monitoring, CDD, EDD, and escalation logic. Complete topic drills. |
| Day 3 | Sanctions, screening, and high-risk indicators | Review sanctions red flags, screening workflow, false positives, escalation, and documentation. Drill scenario questions. |
| Day 4 | Bribery, corruption, fraud, and conduct issues | Build comparison notes. Focus on third-party risk, inducements, conflicts, fraud red flags, and control weaknesses. |
| Day 5 | Governance, reporting, and controls | Review roles, policies, training, monitoring, internal reporting, record keeping, and senior management oversight concepts. |
| Day 6 | Full timed mock and deep review | Take a full timed mock under exam-like conditions. Review every error. Convert mistakes into short rules. |
| Day 7 | Light final review | Review glossary, error log, red flags, escalation rules, and weak-topic cards. Do a short untimed confidence drill only. Stop heavy study early. |
7-day rules
- Stop adding major new material after Day 5 unless it is clearly essential.
- Do not take multiple full mocks on the final day.
- Prioritise sleep, calm reading, and question accuracy.
- If you are repeatedly missing one topic, drill that topic instead of rereading everything.
14-day focused plan
Use this plan if you have two weeks and can study most days. It balances topic coverage with timed practice.
| Day | Focus | Practice task |
|---|---|---|
| 1 | Diagnostic and planning | Short timed diagnostic. Rank topics as strong, medium, weak. |
| 2 | Financial crime framework and vocabulary | Create a glossary of key terms and typologies. Complete topic questions. |
| 3 | AML process and customer due diligence | Drill CDD, EDD, beneficial ownership, ongoing monitoring, and documentation scenarios. |
| 4 | Terrorist financing and proliferation-related risks | Focus on risk indicators, unusual patterns, and escalation logic. |
| 5 | Sanctions and screening | Practise scenarios involving matches, potential matches, high-risk jurisdictions, and escalation. |
| 6 | Risk-based approach | Build customer/product/channel/geography risk table. Complete mixed questions. |
| 7 | Review day and timed sectional practice | Timed mixed set. Review all misses. Update error log. |
| 8 | Bribery and corruption | Drill inducements, third parties, gifts, facilitation-type risks, and conflicts. |
| 9 | Fraud and other financial crime risks | Focus on red flags, internal control weaknesses, and response options. |
| 10 | Governance, culture, policies, and training | Review responsibilities, oversight, assurance, and consequences of control failure. |
| 11 | Reporting, escalation, and record keeping | Practise “what should happen next?” scenarios. |
| 12 | Full timed mock | Sit a full mock using the exam timing shown in your current exam instructions. |
| 13 | Mock review and weak-topic repair | Redo missed topics. Make final one-page review sheets. |
| 14 | Final light review | Glossary, red flags, error log, and short confidence drill. No heavy new material. |
14-day time allocation
| Activity | Suggested share of study time |
|---|---|
| Learning and refreshing content | 35% |
| Topic drills | 25% |
| Explanation review | 25% |
| Timed practice | 15% |
30-day balanced plan
Use this plan if you want a complete, realistic preparation cycle.
Weekly structure
| Week | Goal | Main work |
|---|---|---|
| Week 1 | Build foundation | Financial crime concepts, AML/CTF basics, risk-based approach, vocabulary |
| Week 2 | Build controls knowledge | CDD, EDD, monitoring, sanctions, screening, reporting, record keeping |
| Week 3 | Apply to scenarios | Bribery, corruption, fraud, governance, weak controls, mixed scenario drills |
| Week 4 | Exam readiness | Timed mocks, error-log repair, weak-topic review, final consolidation |
30-day schedule
| Day | Study focus | Output |
|---|---|---|
| 1 | Diagnostic set and syllabus review | Study calendar and weak-topic list |
| 2 | Financial crime types and key terminology | Glossary started |
| 3 | Money laundering stages and indicators | Red-flag list |
| 4 | Terrorist financing and related indicators | Scenario notes |
| 5 | Risk-based approach | Customer/product/geography/channel risk table |
| 6 | CDD and customer information | Topic drill reviewed |
| 7 | Weekly review | Mixed quiz and error-log update |
| 8 | Enhanced due diligence | EDD trigger checklist |
| 9 | Beneficial ownership and complex structures | Ownership risk notes |
| 10 | Ongoing monitoring and unusual activity | Monitoring scenario drill |
| 11 | Suspicious activity escalation | “What next?” decision rules |
| 12 | Sanctions concepts and screening | Sanctions workflow notes |
| 13 | Sanctions scenario practice | Missed-question review |
| 14 | Timed sectional practice | Pace and accuracy check |
| 15 | Bribery and corruption | Third-party risk checklist |
| 16 | Gifts, hospitality, inducements, conflicts | Comparison table |
| 17 | Fraud risks and internal controls | Fraud red-flag list |
| 18 | Market misconduct and related conduct issues | Scenario drill |
| 19 | Governance, senior management, and culture | Control framework summary |
| 20 | Policies, training, assurance, and audit | Governance drill |
| 21 | Mixed review | Timed mixed set and error-log repair |
| 22 | Full timed mock 1 | Mock score analysis by topic |
| 23 | Mock 1 deep review | Top 10 correction rules |
| 24 | Weak topic repair 1 | Targeted drills |
| 25 | Weak topic repair 2 | Targeted drills |
| 26 | Full timed mock 2 or long mixed set | Timing and fatigue check |
| 27 | Mock 2 review | Final weak-topic list |
| 28 | Final content consolidation | One-page red flags and escalation notes |
| 29 | Light timed practice | Confidence set and glossary review |
| 30 | Final review | Error log, key rules, rest plan |
30-day weekly checkpoint questions
At the end of each week, ask:
- Can I explain each topic without looking at notes?
- Can I identify the financial crime risk in a short scenario?
- Do I know what the firm should do next?
- Are my mistakes mostly content gaps or question-reading issues?
- Am I reviewing explanations carefully enough?
60/90-day full preparation path
Use this path if you are starting earlier or studying around work. The goal is to avoid cramming by building knowledge, then converting it into exam performance.
60-day path
| Phase | Days | Goal | Study actions |
|---|---|---|---|
| Phase 1 | 1-10 | Orientation and foundation | Read the syllabus and exam guidance. Complete a diagnostic. Build a glossary. Study financial crime types and AML/CTF basics. |
| Phase 2 | 11-25 | Core controls | Study risk-based approach, CDD, EDD, beneficial ownership, monitoring, sanctions, and escalation. Use topic drills after each section. |
| Phase 3 | 26-40 | Wider financial crime risks | Study bribery, corruption, fraud, tax-related crime concepts, market conduct issues, cyber-enabled risks if included in your materials, and governance. |
| Phase 4 | 41-50 | Mixed application | Complete mixed scenario sets. Start timed sectional practice. Repair weak topics from the error log. |
| Phase 5 | 51-56 | Mock exam period | Take at least one full timed mock and one additional timed mixed set. Review deeply. |
| Phase 6 | 57-60 | Final review | Stop adding new material. Review red flags, reporting steps, sanctions escalation, governance, and missed-question rules. |
90-day adaptation
If you have 90 days, do not simply stretch reading time. Add more retrieval and cumulative review.
| 90-day period | Focus | What to add |
|---|---|---|
| Days 1-30 | Foundation | Slower first pass, glossary building, short quizzes after each topic |
| Days 31-60 | Application | Weekly mixed sets, scenario comparison tables, deeper missed-question review |
| Days 61-75 | Timed development | Timed sectional sets, first full mock, pace management |
| Days 76-85 | Weak-topic repair | Targeted drills, second full mock, error-log retesting |
| Days 86-90 | Final review | Light practice, memory refresh, final readiness checks |
Suggested weekly rhythm for 60/90-day candidates
| Day type | Session |
|---|---|
| 3 weekdays | 45-75 minutes: topic study plus 15-20 questions |
| 1 weekday | 30-45 minutes: glossary, flashcards, and error-log review |
| 1 weekend day | 90-150 minutes: deeper topic work or timed mixed set |
| 1 weekend day | 45-60 minutes: review only, no new topic |
| 1 rest day | No heavy study; optional 10-minute recall |
Scenario judgement framework
For CISI CFC practice questions, train yourself to move through the facts in a consistent order.
| Step | Ask | Example output |
|---|---|---|
| 1 | What type of financial crime risk is suggested? | AML, sanctions, terrorist financing, bribery, fraud, corruption |
| 2 | Which facts are red flags? | Unusual payments, opaque ownership, high-risk jurisdiction, reluctance to provide information |
| 3 | What control is relevant? | CDD, EDD, monitoring, screening, escalation, training, governance |
| 4 | What should happen next? | Obtain information, escalate internally, review relationship, document decision, follow reporting process |
| 5 | What answer choice is too extreme or too passive? | Avoid options that ignore risk or bypass required internal process without basis |
Use this framework especially when two answer choices look plausible.
Topic comparison tables to build
These tables are useful because many wrong answers come from confusing related concepts.
AML, sanctions, bribery, and fraud
| Area | Primary concern | Common red flags | Typical control response |
|---|---|---|---|
| AML | Criminal proceeds entering or moving through the financial system | Unusual transactions, complex structures, inconsistent source of funds | CDD, EDD, monitoring, escalation |
| Sanctions | Dealing with restricted parties, countries, entities, or activities | Name match, ownership links, high-risk jurisdiction, evasive routing | Screening, hold/escalate, specialist review |
| Bribery and corruption | Improper advantage or influence | Third-party payments, excessive hospitality, vague services, public official risk | Gifts policy, due diligence, approvals, escalation |
| Fraud | Deception for financial gain | False documents, account takeover signs, unexplained changes, internal control gaps | Verification, investigation, controls, reporting |
CDD, EDD, monitoring, and reporting
| Control | Purpose | When it matters most |
|---|---|---|
| CDD | Understand the customer and relationship | Onboarding and maintaining accurate customer information |
| EDD | Apply greater scrutiny to higher-risk situations | High-risk customers, complex ownership, high-risk geography, unusual activity |
| Ongoing monitoring | Check whether activity fits expected behaviour | During the relationship, especially when patterns change |
| Internal escalation/reporting | Ensure suspicious or serious issues are handled correctly | When red flags cannot be reasonably resolved |
Final-week rules
In the final week, your job changes from learning to performance.
| Rule | Why it matters |
|---|---|
| Stop adding major new material 48-72 hours before the exam | New material can crowd out reliable recall |
| Review mistakes more than notes | Your error log shows your real risk areas |
| Practise under timed conditions | Timing pressure changes decision quality |
| Keep scenario answers disciplined | Identify risk, red flag, control, and next step |
| Avoid marathon study the night before | Fatigue creates reading errors |
| Use current exam instructions for timing and logistics | Do not rely on memory or old assumptions |
Exam-readiness checks
You are likely ready when you can do most of the following:
- Explain the main financial crime typologies in plain language.
- Identify AML, sanctions, bribery, corruption, fraud, and governance risks from short scenarios.
- Distinguish CDD, EDD, monitoring, screening, escalation, and reporting concepts.
- Recognise common red flags without needing to reread notes.
- Answer timed practice questions without rushing the final portion.
- Review missed questions and explain the correct rule.
- Avoid repeated mistakes from the same topic.
- Apply a risk-based approach instead of choosing purely mechanical answers.
If you are not ready, do not reread everything. Pick the weakest 2-3 topics and drill them with explanation review.
Practical next step
Choose the timeline that matches your exam date, take a diagnostic practice set, and build your first error log today. Then follow the daily rhythm: focused topic review, active questions, explanation review, and targeted repair until your final mock results are stable.