Try 10 focused CISI CFC questions on Terrorist Financing, with answers and explanations, then continue with Securities Prep.
| Field | Detail |
|---|---|
| Exam route | CISI CFC |
| Issuer | CISI |
| Topic area | Terrorist Financing |
| Blueprint weight | 4% |
| Page purpose | Focused sample questions before returning to mixed practice |
Use this page to isolate Terrorist Financing for CISI CFC. Work through the 10 questions first, then review the explanations and return to mixed practice in Securities Prep.
| Pass | What to do | What to record |
|---|---|---|
| First attempt | Answer without checking the explanation first. | The fact, rule, calculation, or judgment point that controlled your answer. |
| Review | Read the explanation even when you were correct. | Why the best answer is stronger than the closest distractor. |
| Repair | Repeat only missed or uncertain items after a short break. | The pattern behind misses, not the answer letter. |
| Transfer | Return to mixed practice once the topic feels stable. | Whether the same skill holds up when the topic is no longer obvious. |
Blueprint context: 4% of the practice outline. A focused topic score can overstate readiness if you recognize the pattern too quickly, so use it as repair work before timed mixed sets.
These questions are original Securities Prep practice items aligned to this topic area. They are designed for self-assessment and are not official exam questions.
Topic: Terrorist Financing
Under the FATF risk-based approach, a firm’s enterprise financial-crime risk assessment covers money laundering, terrorist financing, sanctions and fraud across customers, products, channels and geographies. Which option best matches the function of including terrorist financing in that broader assessment?
Best answer: D
What this tests: Terrorist Financing
Explanation: Including terrorist financing in the enterprise financial-crime risk assessment helps a firm see where the same customers, geographies, products and channels create linked AML, CFT and sanctions exposures. That supports one coherent, risk-based control framework rather than separate silos making inconsistent judgments.
The core concept is the enterprise-wide risk-based approach. Terrorist financing should not be treated as a silo because its risk drivers often overlap with money laundering, sanctions evasion and misuse of payment channels. By assessing these risks together, a firm can compare exposure across business lines, set a consistent risk appetite, and design monitoring, screening, escalation and governance that address the combined threat. This reduces duplication in one area and blind spots in another. FATF and related UK guidance favour this integrated view because firms manage financial-crime risk through shared customers, products, channels and geographies, not through isolated offence labels. External reporting, customer due diligence and sanctions screening are separate control activities that sit within, and are informed by, the wider assessment.
An integrated assessment is a governance tool for spotting shared risks and allocating consistent controls, not an operational check or reporting mechanism.
Topic: Terrorist Financing
Which statement best describes the role of UN conventions and UN Security Council measures in combating terrorist financing?
Best answer: C
What this tests: Terrorist Financing
Explanation: UN conventions establish an international legal framework for states to criminalise terrorist financing and cooperate across borders. UN Security Council measures add binding targeted sanctions, especially asset freezes, to disrupt access to funds by designated persons and entities.
The key point is that UN conventions and UN Security Council measures play different but complementary roles. UN conventions create treaty-based obligations for states to criminalise terrorist financing and support international cooperation, such as information sharing, extradition, and mutual legal assistance. UN Security Council measures require states to implement targeted financial sanctions, particularly freezing the funds or economic resources of designated persons and entities.
These measures are not just guidance for firms, and they do not depend on a prior conviction. They are intended to disrupt terrorist financing quickly and can apply even where the money does not come from criminal property. A close distractor is the idea that the regime only concerns money laundering, but terrorist financing can involve lawful or unlawful funds.
UN conventions create the legal basis for criminalising terrorist financing and cooperation, while Security Council measures require targeted sanctions such as asset freezes.
Topic: Terrorist Financing
A firm’s AML/CFT policy says analysts must assess adverse media, ownership links, geography and transaction purpose together, because the combined pattern may indicate terrorist financing risk even if no single factor is decisive. Which control function best matches this policy?
Best answer: B
What this tests: Terrorist Financing
Explanation: This describes a risk-based CDD and EDD assessment. Terrorist-financing risk is often identified through the cumulative effect of several indicators, so firms must judge the overall pattern rather than rely on one isolated red flag.
The core concept is the risk-based approach used in customer due diligence and, where risk is elevated, enhanced due diligence. FATF-based practice and UK guidance expect firms to assess connected indicators together, because terrorist financing may involve transactions that look ordinary in isolation but become more concerning when adverse media, ownership links, geography and unclear purpose point in the same direction. In the stem, each factor adds context to the others: media concerns suggest possible association risk, ownership links may reveal hidden connections, geography can increase exposure, and vague purpose weakens the legitimacy of the activity.
The closest alternatives are narrower controls or later steps, not the overall TF risk assessment itself.
It requires multiple linked indicators to be weighed together, which is the essence of a holistic terrorist-financing risk assessment.
Topic: Terrorist Financing
Review the internal escalation extract.
Account opened 2 months ago; employment with a UK telecom firm verified.
Monthly salary credits match the stated source of funds.
Seven outbound transfers of £300-£450 in 5 weeks to two overseas payment firms.
Customer call note: 'small donations for contacts delivering supplies in a conflict area where an active terrorist group operates.'
Sanctions screening: no match.
Which interpretation is best supported?
Best answer: A
What this tests: Terrorist Financing
Explanation: AML and CFT share frontline controls because firms use the same systems for CDD, screening, monitoring and escalation. Here, the repeated small transfers, stated donation purpose and conflict-area link require CFT-specific judgement, even though the funds come from salary and there is no sanctions match.
AML and CFT share many operational controls because firms rely on the same core framework: CDD, screening, transaction monitoring, internal escalation and suspicious-activity reporting. The exhibit still requires threat-specific judgement, because terrorist financing can involve modest sums and lawfully sourced money. Here, verified salary credits do not resolve the risk; the repeated transfers, donation explanation and conflict-area link are all relevant CFT indicators, so the activity should be reviewed through the firm’s normal AML/CFT escalation process.
A clean sanctions result is helpful, but it is only one control and does not by itself clear potential CFT risk.
The same core monitoring and escalation controls apply, but small salary-funded transfers can still indicate terrorist financing and merit CFT review.
Topic: Terrorist Financing
A UK payments firm is onboarding a registered charity that collects GBP donations and sends monthly relief payments to local partners in a conflict-affected country. There is no sanctions match, but the destination is higher risk and some aid is distributed in cash. Which approach best applies a risk-based anti-financial-crime principle?
Best answer: C
What this tests: Terrorist Financing
Explanation: The best response is proportionate enhanced due diligence. A charity sending funds into a higher-risk, conflict-affected area with some cash distribution requires closer scrutiny of governance, counterparties, payment purpose, and ongoing monitoring, but the facts given do not justify assuming terrorist financing.
This tests the risk-based approach to terrorist-financing controls. Charities and other non-profit organisations can be vulnerable to misuse, especially where funds move cross-border into higher-risk or conflict-affected areas or are disbursed partly in cash. The firm should therefore apply proportionate enhanced scrutiny: understand the charity’s purpose and governance, review trustees or controllers, assess the source and destination of funds, identify local partners and delivery methods, screen relevant parties, and set stronger ongoing monitoring and record keeping. None of that means the charity is doing anything wrong; it means the risk profile requires more information and closer oversight. Registration or audited accounts can support legitimacy, but they do not replace tailored due diligence for the specific corridor and operating model. The key point is that higher inherent risk requires better controls, not automatic suspicion.
Higher-risk cross-border charity activity calls for proportionate enhanced scrutiny and ongoing monitoring, not automatic suspicion.
Topic: Terrorist Financing
Which statement best reflects FATF’s core expectations for combating terrorist financing?
Best answer: C
What this tests: Terrorist Financing
Explanation: FATF expects countries to address terrorist financing through a broad framework: criminalisation, preventive AML/CFT controls, suspicious activity reporting, targeted financial sanctions, and international cooperation. The approach is designed to prevent and detect terrorist financing before funds are used, not only to punish it afterwards.
The core FATF approach to terrorist financing is preventive as well as investigative. Countries are expected to criminalise terrorist financing, require firms to operate controls that help detect suspicious activity, implement targeted financial sanctions such as asset freezes, and support international cooperation between authorities. A key distinction from money laundering is that terrorist financing may involve funds from lawful as well as unlawful sources, so action does not depend on proving the money is criminal property first.
The closest misconceptions are those that treat terrorist financing as only a post-event criminal matter or as a narrow cross-border payments issue. FATF standards are wider than that and are meant to disrupt financing early and across jurisdictions.
FATF expects a preventive and coordinated framework, not just prosecution after the event, with sanctions and cooperation central to terrorist financing controls.
Topic: Terrorist Financing
An analyst reviews the following internal escalation note.
Customer: UK secondary-school teacher
Source of funds: Monthly salary from local authority employer
Payment pattern: Six transfers of £250 to a registered overseas aid charity
Screening: No sanctions match on customer or charity
Open-source concern: Media reports say a local charity partner may have channelled aid to a proscribed terrorist group
What is the best supported interpretation?
Best answer: B
What this tests: Terrorist Financing
Explanation: The decisive fact is that the payments appear to come from lawful salary, yet there is concern that funds may ultimately support a proscribed terrorist group. That supports terrorist financing risk, because such funds can originate from legitimate or illegitimate sources.
Terrorist financing differs from conventional money laundering because the key issue is whether funds may be used to support terrorism, not whether the money is criminal property. In this note, the apparent source of funds is legitimate employment income, so the exhibit does not support a standard money-laundering conclusion based on laundering criminal proceeds. However, the possible diversion of aid through a local partner linked to a proscribed group creates a terrorist-financing concern. A clean sanctions screen is relevant but not conclusive, because suspicion can still arise even where no direct designation match is found. The key takeaway is that lawful origin of funds does not rule out terrorist financing.
Terrorist financing may involve lawful earnings, so a legitimate salary does not remove suspicion about the possible end use of the funds.
Topic: Terrorist Financing
Under the FATF risk-based approach, why can adverse media, ownership links, geography, and transaction purpose together create a stronger terrorist-financing alert than any one factor on its own?
Best answer: B
What this tests: Terrorist Financing
Explanation: The key concept is cumulative risk assessment under a risk-based approach. In terrorist-financing monitoring, several moderate indicators can reinforce one another and justify further review or escalation, even if none alone would be sufficient.
This tests the FATF risk-based approach. Terrorist-financing alerts are not assessed as isolated facts; firms consider the combined pattern. Adverse media may suggest links or conduct concerns, ownership links can reveal indirect connections, geography can increase exposure to higher-risk areas or networks, and transaction purpose can indicate possible support activity. When these factors point in the same direction, the overall picture may amount to reasonable suspicion and require escalation through internal reporting channels, such as to the MLRO. The key point is that suspicion can arise from the totality of indicators, not just from one decisive red flag.
Terrorist-financing risk is assessed holistically, so several weaker indicators can combine into a stronger basis for escalation.
Topic: Terrorist Financing
A sender gives funds to an operator in one country, and a linked operator pays the recipient in another country. The two operators may settle later through offsetting balances or other business dealings rather than a direct bank transfer. Which terrorist-financing channel does this describe?
Best answer: D
What this tests: Terrorist Financing
Explanation: This is an informal remittance-style channel because the sender pays one operator locally and a counterpart pays out elsewhere. The later settlement between operators, rather than a direct cross-border transfer, is the key feature that distinguishes it from cash couriering, trade flows, or charity misuse.
An informal remittance-style network moves value through trusted intermediaries rather than through a conventional bank-to-bank cross-border payment. In the stem, the sender pays one operator, a linked operator abroad pays the recipient, and the operators settle later using balances or other dealings. That is the classic feature of a hawala-type or similar informal value transfer system, which can be exploited for terrorist financing because funds can move quickly and with reduced visibility compared with standard banking channels. Cash couriering would require physical transportation of notes. Trade-based movement would centre on goods, invoices, or pricing manipulation. Charity misuse would involve raising or disbursing money through a charitable vehicle. The deciding clue is the separated local payment and foreign payout with deferred settlement between operators.
It describes value being transferred through linked operators with deferred settlement, a classic remittance-style or hawala-type channel.
Topic: Terrorist Financing
A payments analyst reviews an outbound transfer.
Exhibit:
Customer: retail current account holder
New beneficiary: Al Noor Relief Committee
Amount: GBP 480
Destination: town near an active conflict area
Payment reference: "support for brothers on the front"
Screening result: no exact sanctions hit; internal watchlist notes this name is used as an alias by a fundraiser linked to a proscribed group
Customer instruction: "send urgently today"
What is the most appropriate immediate action?
Best answer: D
What this tests: Terrorist Financing
Explanation: The exhibit shows several terrorist-financing red flags: conflict-area destination, language suggesting support for fighters, an alias link to a proscribed-group fundraiser, and urgency. Rapid internal escalation is critical because terrorist financing can involve small, fast-moving payments, so delay may prevent timely review or intervention.
When potential terrorist-financing links appear, the correct response is rapid internal escalation, typically to the MLRO or nominated officer, before the payment is released. The deciding factors here are the combination of indicators: a new beneficiary, destination near conflict, wording that suggests support for combatants, an internal alias link to a fundraiser associated with a proscribed group, and pressure to send funds urgently. Terrorist financing often uses modest sums, so the GBP 480 amount does not reduce the seriousness of the risk. Immediate escalation allows the firm to assess the alert promptly, decide whether the payment should proceed, and consider any reporting or sanctions implications without avoidable delay.
The key point is that speed matters because once funds are sent, the chance to prevent misuse is much lower.
Multiple terrorist-financing indicators are present, so the matter should be escalated immediately through internal channels before funds leave the firm.
Use the CISI CFC Practice Test page for the full Securities Prep route, mixed-topic practice, timed mock exams, explanations, and web/mobile app access.
Read the CISI CFC guide on SecuritiesMastery.com, then return to Securities Prep for timed practice.