CISI CFC: The Background and Nature of Financial Crime

Topic snapshot

Sample questions

These questions are original Securities Prep practice items aligned to this topic area. They are designed for self-assessment and are not official exam questions.

Question 1

Topic: The Background and Nature of Financial Crime

Which body is best described as the international standard setter that publishes AML/CFT Recommendations and assesses jurisdictions through mutual evaluations?

• A. Financial Conduct Authority (FCA)
• B. National Crime Agency (NCA)
• C. Egmont Group
• D. Financial Action Task Force (FATF)

Best answer: D

What this tests: The Background and Nature of Financial Crime

Explanation: The Financial Action Task Force is the global standard setter for AML/CFT. Its core role is to issue Recommendations and evaluate jurisdictions, rather than supervise individual firms or investigate offences.

The core concept is the distinction between a standard setter and operational authorities. FATF is an intergovernmental body that develops international AML/CFT standards and measures countries against those standards through mutual evaluations. That is different from a supervisor, which oversees firms’ compliance, and different again from law enforcement or intelligence-sharing bodies, which deal with investigation or information exchange.

In practice:

• FATF sets standards and assesses jurisdictions.
• The FCA supervises regulated firms in the UK.
• The NCA is a law-enforcement body with financial-crime functions.
• The Egmont Group supports information-sharing between FIUs.

A good way to remember this is that FATF shapes the framework, while other bodies apply, enforce, or share intelligence within it.

• The FCA is a UK supervisory regulator, so it oversees firms and their controls rather than setting global AML/CFT standards.
• The NCA is a law-enforcement body, so its role is investigation and disruption, not international standard setting.
• The Egmont Group is an intelligence-sharing network for FIUs, not the body that issues Recommendations or runs mutual evaluations.

FATF sets international AML/CFT standards and reviews how well jurisdictions implement them through mutual evaluations.

Question 2

Topic: The Background and Nature of Financial Crime

In asset recovery, tracing beneficial ownership and transaction flows primarily helps authorities to:

• A. Rely on legal title without tracing actual control
• B. Confirm market value before restrained assets are sold
• C. Link assets to ultimate controllers and trace criminal property for recovery
• D. Treat layered funds as legitimate after regulated-account transfers

Best answer: C

What this tests: The Background and Nature of Financial Crime

Explanation: Tracing beneficial ownership looks beyond the named holder to the person who really owns or controls an asset. Tracing transaction flows shows how suspected criminal property was moved, disguised, or converted, which is central to locating assets and linking them to recovery action.

The core concept is asset tracing. In financial crime, legal ownership and the movement of funds are often structured to hide the connection between the criminal and the property, for example through nominees, shell companies, or multiple transfers. Tracing beneficial ownership identifies the real owner or controller, while tracing transaction flows shows how funds moved, were layered, or were converted into other assets. Together, these steps help investigators and firms connect property to suspected unlawful conduct and support restraint, confiscation, or other recovery measures.

By contrast, market value, the use of regulated firms, or the existence of legal title do not by themselves show whether property is recoverable criminal property.

• Valuation confusion: Knowing an asset’s market value may matter later, but it does not establish who really controls it or whether it is linked to crime.
• Regulated-route misconception: Funds do not become legitimate merely because they passed through a regulated account; layering is often used to disguise origin.
• Title-holder trap: Legal title can sit with a nominee or corporate vehicle, so asset recovery requires tracing actual beneficial ownership and control.

Asset recovery depends on showing who really owns or controls assets and how value moved so criminal property can be identified and targeted.

Question 3

Topic: The Background and Nature of Financial Crime

A bank is notified that law enforcement has obtained a restraint order over a customer’s £420,000 balance linked to suspected investment fraud. A relationship manager argues that the freeze is unnecessary until the criminal trial ends because victims can pursue their own claims later. Which response best applies the purpose of asset recovery?

• A. It is mainly intended to turn suspicious balances into a regulatory penalty for the bank.
• B. It replaces the need for prosecution by imposing an immediate financial punishment on the suspect.
• C. It is designed primarily to pay victims straight away, regardless of the court process.
• D. It preserves assets so the suspect cannot enjoy or dissipate the benefit of crime before confiscation or recovery.

Best answer: D

What this tests: The Background and Nature of Financial Crime

Explanation: Asset recovery is about stripping criminals of the benefit of crime, not letting them keep, move, or spend illicit gains. In this scenario, restraining the funds supports that purpose by preserving the assets pending later confiscation or recovery action.

The core concept is that asset recovery deprives criminals of the proceeds or benefit of offending. A restraint order is consistent with that purpose because it helps stop assets from being hidden, transferred, or spent before a court can decide whether confiscation or another recovery measure should follow.

In practice, this supports anti-financial-crime goals by:

• removing the financial incentive for offending
• disrupting further criminal activity funded by illicit proceeds
• preserving value so recovery action remains meaningful

The closest misconception is treating asset recovery as the same as punishment or automatic victim compensation; those may be related outcomes in some cases, but the primary purpose is to deny criminals the benefit of crime.

• Punishment confusion: Freezing or confiscating assets does not replace prosecution; asset recovery and criminal proceedings are distinct, even if they run alongside each other.
• Wrong target: Regulatory penalties are aimed at firms for breaches, not at converting a customer’s suspected criminal property into a bank fine.
• Victim focus overstated: Victim compensation may occur in some cases, but preserving and removing criminal benefit is the central asset-recovery purpose here.

Asset recovery is aimed at denying criminals the proceeds of crime, including by restraining assets so they remain available for later confiscation or recovery.

Question 4

Topic: The Background and Nature of Financial Crime

A retail bank reviews a customer who has made repeated £900 payments from his salary account to an overseas “media charity”. The bank’s research shows the charity passes money to a proscribed terrorist organisation. There is no designated person involved and no sign the salary funds are criminal property. Which form of financial crime is most directly indicated?

• A. Tax evasion
• B. Sanctions breach
• C. Terrorist financing
• D. Money laundering

Best answer: C

What this tests: The Background and Nature of Financial Crime

Explanation: The decisive fact is that the payments are being channelled to a proscribed terrorist organisation. Terrorist financing focuses on the destination or purpose of funds, and the money does not need to come from crime for that risk to arise.

This scenario most clearly indicates terrorist financing. The customer’s money comes from salary, so the stem gives no basis to treat it as criminal property, which is a key element in money laundering. Instead, the concern is that the funds are being passed to support a proscribed terrorist organisation. That makes the purpose and end use of the funds the central issue.

A sanctions breach is not the best answer because the stem specifically says no designated person is involved. Tax evasion is also unsupported because there is no suggestion of concealed income, false reporting, or unpaid tax. The key distinction is that terrorist financing can involve entirely legitimate money if it is used to support terrorism.

• Money laundering: This would require criminal property or dealing with its proceeds, which the stem rules out by saying the salary funds show no sign of being criminal.
• Sanctions breach: The facts say there is no designated person involved, so sanctions are not the primary classification on the information given.
• Tax evasion: Nothing suggests hidden income, false declarations, or an attempt to underpay tax; the issue is the destination of the funds.

Terrorist financing can involve legitimate funds if they are provided to support terrorism, so criminal property is not required.

Question 5

Topic: The Background and Nature of Financial Crime

In asset recovery, investigators trace beneficial ownership and transaction flows through companies, trusts and bank accounts. Which function does this most directly serve?

• A. Deciding whether simplified CDD is appropriate at onboarding
• B. Identifying who really controls assets and where value has moved
• C. Confirming whether a customer is a politically exposed person
• D. Granting a licence to deal with frozen sanctioned funds

Best answer: B

What this tests: The Background and Nature of Financial Crime

Explanation: Tracing beneficial ownership and fund flows helps uncover who actually controls property and how it has been moved or concealed. That is central to locating recoverable assets and supporting restraint, confiscation, or other recovery action.

The core asset-recovery function of tracing beneficial ownership and transaction flows is to connect property to the person who truly controls it and to show where the value has gone. Criminals often use nominees, shell companies, trusts, and layered transfers to hide assets. Tracing helps investigators identify recoverable property, evidence the path of funds, and prevent assets being dissipated before recovery action is taken.

This is different from routine onboarding checks. AML controls such as CDD or PEP screening may collect useful information, but the specific purpose in asset recovery is evidential tracing of control and movement so hidden assets can be located and targeted.

• CDD confusion: deciding on simplified CDD is an onboarding risk decision, not the main purpose of tracing assets for recovery.
• PEP confusion: identifying a politically exposed person affects AML risk treatment, but it does not by itself show who controls concealed property.
• Sanctions confusion: licensing dealings with frozen funds is a sanctions authority function, not the asset-recovery purpose of ownership and flow tracing.

Asset recovery depends on linking property to its true controller and tracing its movement, especially where nominees or layered transfers are used.

Question 6

Topic: The Background and Nature of Financial Crime

A firm sets clear financial-crime governance, tone from the top, staff training, escalation routes, and documented procedures alongside its legal AML and sanctions obligations. Which function does this wider control framework primarily serve?

• A. Permitting escalation only after suspicion is fully proven.
• B. Substituting for CDD on lower-risk customer relationships.
• C. Embedding legal duties into consistent practice, oversight, and evidenced decisions.
• D. Transferring responsibility solely to the MLRO and compliance team.

Best answer: C

What this tests: The Background and Nature of Financial Crime

Explanation: The wider control framework exists to make legal obligations work in practice. Governance, culture, training, escalation, and documentation help staff recognise issues, act consistently, and show how financial-crime risks were identified and managed.

Legal rules such as AML, sanctions, and anti-bribery requirements set what a firm must do, but rules alone do not ensure effective day-to-day control. Governance assigns accountability and oversight, culture shapes behaviour, training helps staff identify red flags, escalation routes ensure concerns reach the right people quickly, and documentation provides an audit trail of decisions and actions. Together, these features help a firm prevent, detect, and respond to financial crime in a consistent and defensible way.

A firm that relies only on written legal obligations, without embedded governance and evidence, is more likely to apply controls inconsistently and struggle to demonstrate effectiveness. The key point is that broader controls support and evidence compliance; they do not replace core obligations.

• Using governance and training instead of CDD is wrong because CDD remains a separate control, even where customer risk is lower.
• Making the MLRO solely responsible is wrong because financial-crime control is a firm-wide responsibility supported by senior management and staff.
• Waiting until suspicion is proven is wrong because concerns should be escalated promptly; conclusive proof is not required before internal escalation.

These controls turn legal requirements into day-to-day action across the firm and create an auditable record of how risks were managed.

Question 7

Topic: The Background and Nature of Financial Crime

A UK firm is asked to open an account for a company incorporated two weeks ago. The customer is owned by two overseas corporate shareholders provided by a company formation agent, its directors are nominees, and all communication is routed through an external solicitor who will not identify the ultimate beneficial owner. The account is expected to receive large international payments and then quickly transfer them onward, despite the firm’s limited trading history. Which common exploitation method is MOST clearly indicated?

• A. Use of opaque structures and facilitators to conceal ownership and layer criminal funds
• B. A routine low-risk corporate onboarding case needing only standard CDD
• C. Primarily a market abuse case involving insider dealing
• D. A straightforward sanctions screening issue with no wider AML concern

Best answer: A

What this tests: The Background and Nature of Financial Crime

Explanation: This scenario shows a classic misuse of the financial system by organised criminals and professional facilitators. Nominee arrangements, refusal to disclose the beneficial owner, and rapid movement of funds through a new company are strong indicators of an opaque structure being used to disguise ownership and layer proceeds.

The core concept is exploitation of the financial system through shell or front companies, nominee arrangements and professional intermediaries. Here, the company is newly formed, has overseas corporate owners, uses nominee directors, communicates only through a solicitor, and resists disclosure of the ultimate beneficial owner. Those facts together suggest the structure may be designed to distance the real controllers from the account and to move funds quickly in a way that obscures their origin and destination.

Common warning signs include:

• complex ownership with no clear commercial need
• use of nominees or intermediaries to shield control
• reluctance to identify the beneficial owner
• account activity inconsistent with the stated business

This is wider than a simple screening or documentation issue; it indicates a potential laundering typology involving concealment and layering.

• Standard onboarding is not appropriate because the ownership opacity and expected transaction pattern create elevated AML risk.
• Market abuse does not fit the facts, as there is no indication of insider information, trading activity, or price manipulation.
• Sanctions only is too narrow because the key indicators relate to hidden ownership and suspicious fund flows, not just a name match or geographic restriction.

The nominee directors, corporate shareholders, intermediary involvement and rapid onward payments all point to concealment of beneficial ownership and layering through professional facilitators.

Question 8

Topic: The Background and Nature of Financial Crime

A compliance manager is redesigning onboarding in line with risk-based AML guidance. They review this policy extract:

Internal AML policy extract
- Verify identity and perform sanctions screening for all new customers.
- Apply enhanced due diligence where higher-risk factors are present.
- Set ongoing review frequency according to the customer’s assessed risk.
- Controls should be proportionate to the nature and complexity of the relationship.

Which action is best supported by the extract?

• A. Keep baseline checks for all, then increase checks and review where risk is higher.
• B. Apply enhanced due diligence to every customer for consistency.
• C. Review every customer annually regardless of assessed risk.
• D. Omit sanctions screening for lower-risk customers to speed onboarding.

Best answer: A

What this tests: The Background and Nature of Financial Crime

Explanation: Risk-based guidance helps firms apply controls proportionately, not uniformly. The extract requires core onboarding checks for all customers, then stronger due diligence and more frequent review only where the risk assessment indicates higher exposure.

The core concept is the risk-based approach: firms should maintain essential anti-financial-crime controls for all customers, but vary the intensity of further measures according to the level of risk. In the extract, identity verification and sanctions screening are universal baseline controls. Enhanced due diligence is reserved for higher-risk relationships, and ongoing review frequency is linked to assessed risk rather than set at one fixed level for everyone.

This is how guidance helps firms act proportionately: it supports stronger controls where risk is greater, without forcing the same heavy process on every customer. Applying maximum checks to all customers is not proportionate, but neither is dropping basic controls for lower-risk cases.

The key takeaway is that minimum standards stay in place for all, while extra scrutiny is targeted where it is most justified.

• Uniform treatment: Applying enhanced due diligence to every customer confuses consistency with proportionality; risk-based guidance allows firms to differentiate where justified.
• Dropping baseline controls: Removing sanctions screening for lower-risk customers ignores the extract’s clear requirement to screen all new customers.
• Fixed monitoring cycle: Reviewing everyone annually overlooks the policy statement that review frequency should follow the customer’s assessed risk.

The extract sets minimum controls for every customer and then scales due diligence and monitoring according to assessed risk.

Question 9

Topic: The Background and Nature of Financial Crime

A legal regime allows authorities to restrain, confiscate or recover property linked to offending so that an offender cannot retain the value gained from crime. Which function best matches this regime?

• A. Verifying identity and source of funds at onboarding
• B. Escalating suspicions through suspicious activity reporting
• C. Screening customers and counterparties for sanctions exposure
• D. Depriving criminals of the benefit of crime

Best answer: D

What this tests: The Background and Nature of Financial Crime

Explanation: Asset recovery exists so offenders do not keep the proceeds or value of their criminal conduct. Its primary purpose is to strip out financial gain, reinforcing the principle that crime should not pay.

The core concept is deprivation of criminal benefit. Asset recovery measures, such as restraint, confiscation and civil recovery, are designed to take away property obtained through crime, or the equivalent value, so offenders cannot enjoy or reuse illicit gains. This helps deter offending, disrupt criminal activity and protect the integrity of the financial system. It is different from preventive AML controls, which aim to stop misuse of firms before or during a relationship, and different from suspicious activity reporting, which is an escalation route to authorities. Although victim compensation may arise in some cases, the main purpose of asset recovery is to remove the financial benefit of crime from the offender.

• Sanctions screening is a preventive control used to avoid dealing with designated persons, not to recover criminal proceeds.
• CDD at onboarding checks identity and risk, including source of funds where appropriate, but it does not itself deprive offenders of criminal benefit.
• Suspicious activity reporting is an escalation mechanism to law enforcement; it may support action, but it is not the recovery function itself.

Asset recovery is aimed at removing criminal benefit, whether by taking the asset itself or an equivalent value.

Question 10

Topic: The Background and Nature of Financial Crime

A UK investment firm is refreshing its financial-crime framework. The board wants external bodies assigned to the correct purpose: standard setting, supervision, law-enforcement escalation, and intelligence sharing. Which approach best applies sound governance?

• A. Use FCA for supervisory oversight, FATF for law-enforcement escalation, NCA for intelligence sharing, and JMLIT for international standards.
• B. Use FATF for international standards, FCA for supervisory oversight, NCA for law-enforcement escalation, and JMLIT for intelligence sharing.
• C. Use NCA for supervisory oversight, FCA for intelligence sharing, FATF for international standards, and JMLIT for law-enforcement escalation.
• D. Use FATF for international standards, JMLIT for supervisory oversight, NCA for law-enforcement escalation, and FCA for intelligence sharing.

Best answer: B

What this tests: The Background and Nature of Financial Crime

Explanation: Sound governance means assigning each external body to its actual role. FATF sets international AML/CFT standards, the FCA supervises firms’ systems and controls, the NCA is the law-enforcement escalation route, and JMLIT supports intelligence sharing between the private and public sectors.

The core principle is governance accountability: firms should use external bodies for the functions they are designed to perform, not treat them as interchangeable. FATF is an international standard setter, so firms use its Recommendations to benchmark AML/CFT frameworks. The FCA is a supervisor, so it assesses whether firms have proportionate financial-crime controls. The NCA is the UK law-enforcement route for suspicious activity escalation and criminal intelligence handling, including SAR-related reporting through the UKFIU. JMLIT is a public-private intelligence-sharing initiative used to exchange typologies and threat information, not to supervise firms or investigate cases. The key takeaway is that standards, supervision, enforcement, and intelligence sharing are related but distinct functions.

• Using JMLIT as a supervisor is wrong because it supports intelligence exchange rather than regulatory oversight.
• Treating FATF as a law-enforcement body is wrong because it sets international standards and guidance, not case-level investigations.
• Treating the FCA as an intelligence-sharing body is wrong because its main role is supervisory oversight of firms and their controls.
• Treating the NCA as the supervisor is wrong because supervisory review and enforcement escalation are different functions.

This correctly maps FATF to standards, FCA to supervision, NCA to enforcement escalation, and JMLIT to public-private intelligence sharing.

Continue with full practice

Use the CISI CFC Practice Test page for the full Securities Prep route, mixed-topic practice, timed mock exams, explanations, and web/mobile app access.

Related focused pages

• Free CISI CFC Full-Length Practice Exam
• CISI CFC: Money Laundering
• CISI CFC: Terrorist Financing
• CISI CFC: Bribery and Corruption
• CISI CFC: Fraud and Market Abuse
• CISI CFC: Tax Evasion
• CISI CFC: Financial Sanctions
• CISI CFC: Financial Crime Risk Management
• CISI CFC: The Role of the Financial Services Sector

Free review resource

Read the CISI CFC guide on SecuritiesMastery.com, then return to Securities Prep for timed practice.