CISI CFC: The Role of the Financial Services Sector

Topic snapshot

Sample questions

These questions are original Securities Prep practice items aligned to this topic area. They are designed for self-assessment and are not official exam questions.

Question 1

Topic: The Role of the Financial Services Sector

Review the onboarding note.

Exhibit:

• Customer: Ormiston Shipping Ltd (UK)
• Ownership: 51% Altair Nominees Ltd (Cyprus) acting for a trust; 49% James Orr (UK)
• Trust settlor: Elena Petrov, spouse of the deputy transport minister of Country Z
• Expected activity: charter payments to ports in Country Z
• Screening: no exact OFSI or UN sanctions match on the customer or named parties
• Internal country rating: Country Z = high sanctions and corruption risk

What is the best supported onboarding action?

• A. Treat James Orr as the only relevant beneficial owner
• B. Proceed with standard CDD because there is no exact sanctions match
• C. Decline immediately because a minister’s spouse is automatically sanctioned
• D. Apply EDD, verify the trust’s beneficial ownership, assess PEP and sanctions risk, and obtain senior management approval

Best answer: D

What this tests: The Role of the Financial Services Sector

Explanation: The exhibit contains several higher-risk indicators: a nominee and trust structure, a family link to a foreign PEP, and expected business involving a high-risk country. Those factors support enhanced due diligence rather than standard onboarding or automatic rejection.

This is a classic EDD situation. The firm cannot rely only on the absence of an exact sanctions hit, because sanctions screening is just one control. The onboarding note also shows complex ownership through a nominee and trust, a close family connection to a foreign public official, and expected activity linked to a country the firm rates as high risk for sanctions and corruption.

Appropriate stronger controls would include:

• identifying and verifying the trust’s beneficial ownership and control
• assessing the PEP-related risk and source of wealth or funds as appropriate
• considering sanctions exposure arising from the country and payment activity
• obtaining senior management approval before proceeding

The key point is that higher-risk factors require deeper investigation and escalation, not automatic acceptance or automatic refusal.

• No exact hit means low risk: Wrong because the exhibit gives separate EDD triggers beyond sanctions screening, including PEP connection, complex ownership and higher-risk geography.
• Automatic prohibition: Wrong because being the spouse of a foreign official does not by itself mean the person is sanctioned; it triggers stronger review.
• Ignoring indirect ownership: Wrong because a nominee and trust require the firm to look through the structure to the real beneficial owners and controllers.

The nominee-trust structure, PEP family connection and high-risk country exposure together justify stronger controls before onboarding.

Question 2

Topic: The Role of the Financial Services Sector

An app-only wealth platform is due to launch next month. Review the internal launch note.

Launch note
- Onboarding: selfie, liveness test, document scan, and device fingerprinting
- Funding: instant bank transfer, third-party debit card, or transfer from a crypto exchange
- Screening: sanctions and PEP checks at onboarding only
- Monitoring: vendor AML/fraud model installed, but the firm has not approved alert thresholds, escalation rules, or management information

Which interpretation is best supported?

• A. Allowing crypto-exchange funding makes the product inherently unacceptable.
• B. Using a vendor model lets the firm finalise escalation controls after launch.
• C. Digital onboarding means higher-risk customers no longer require enhanced due diligence.
• D. The design may reduce impersonation risk, but weak ongoing controls still raise financial-crime risk.

Best answer: D

What this tests: The Role of the Financial Services Sector

Explanation: The exhibit shows both sides of fintech risk. Biometric and device-based onboarding can strengthen identity checks, but onboarding-only screening and ungoverned monitoring create material AML, sanctions, and fraud weaknesses. Technology helps only when ongoing controls and governance are in place.

This tests the principle that fintech innovation is not automatically lower risk or higher risk; the outcome depends on design, control, and governance. Selfie checks, liveness testing, document scanning, and device fingerprinting can reduce impersonation and some onboarding fraud. However, the note also shows clear weaknesses: sanctions and PEP screening happen only at onboarding, and the firm has not approved thresholds, escalation rules, or management information for the vendor monitoring model.

• Useful technology can reduce some risks.
• Funding via third-party cards or crypto exchanges can introduce added fraud and AML exposure and therefore needs well-governed monitoring.
• A vendor tool does not remove the firm’s responsibility for oversight, calibration, and escalation.

So the best-supported conclusion is to strengthen ongoing screening and governance before launch, rather than assume the technology is sufficient or the product is automatically unacceptable.

• EDD misconception: Digital identity tools may streamline onboarding, but higher-risk customers can still require enhanced due diligence.
• Over-inference: Crypto-exchange funding raises risk and may justify tighter controls, but the exhibit does not show the product is inherently unacceptable.
• Vendor reliance: Buying a monitoring model does not transfer responsibility for thresholds, escalation rules, or management oversight.

It recognises that technology can reduce identity fraud while still leaving material sanctions and monitoring gaps if screening and governance are weak.

Question 3

Topic: The Role of the Financial Services Sector

A fintech offers instant app-based onboarding and near-real-time international payments. It adds a control that automatically re-screens customers and counterparties whenever sanctions lists are updated and pauses account opening or payment release until any alert is reviewed. Which challenge is this control primarily designed to address?

• A. Detection of suspicious trading for market abuse
• B. Delayed sanctions checks in high-speed digital channels
• C. SAR decisions after unusual activity is investigated
• D. Source-of-wealth collection for higher-risk PEPs

Best answer: B

What this tests: The Role of the Financial Services Sector

Explanation: This safeguard is a real-time sanctions-screening control. In fast digital channels, onboarding or payments can be completed before slower batch checks detect a new designation, so automatic rescreening and pausing help keep sanctions controls aligned with channel speed.

The core concept is that digital distribution and payment channels can move faster than legacy compliance controls. If a firm relies on periodic or overnight sanctions screening, a customer or counterparty could be onboarded or paid after becoming designated but before the next screening cycle runs. Automatic rescreening when watchlists are updated, combined with a stop on account opening or payment release until alerts are reviewed, is designed to prevent that gap.

This is specifically a sanctions-control safeguard for fast-moving onboarding and payment activity. It is not mainly about broader suspicious-activity escalation, enhanced due diligence for PEPs, or market-abuse surveillance. The key takeaway is that technology-enabled channels need equally timely screening controls.

• Suspicious-activity reporting happens after unusual behaviour is assessed; it is not the front-end control that checks sanctions matches before onboarding or payment execution.
• Source-of-wealth collection is part of enhanced due diligence for some higher-risk relationships, but it does not address delayed sanctions matching.
• Market-abuse surveillance focuses on trading patterns and insider-dealing risks, not sanctions list changes affecting customers or counterparties.

Real-time rescreening and pausing reduce the risk that fast digital processing outpaces sanctions screening after a list change.

Question 4

Topic: The Role of the Financial Services Sector

A firm reviews the following governance extract after a sanctions-alert backlog is identified.

Exhibit:

Financial crime governance map
- Board Risk Committee: accountable for the financial-crime framework and risk appetite.
- MLRO: oversees AML/CFT controls and escalates material weaknesses.
- Sanctions Screening Team: performs daily screening, investigates alerts, and clears false positives.

Based on the exhibit, which interpretation is best supported?

• A. The Board Risk Committee is accountable for the framework, while the Screening Team executes the daily control.
• B. A control weakness automatically transfers framework accountability to the MLRO.
• C. The MLRO is accountable for daily alert clearance because it oversees AML/CFT controls.
• D. The Screening Team is accountable for the whole framework because it performs screening.

Best answer: A

What this tests: The Role of the Financial Services Sector

Explanation: The exhibit assigns accountability for the financial-crime framework to the Board Risk Committee. It separately assigns daily screening work to the Sanctions Screening Team, while the MLRO has an oversight and escalation role rather than day-to-day execution.

This tests the difference between governance accountability and operational responsibility. The exhibit states that the Board Risk Committee is accountable for the financial-crime framework and risk appetite, so accountability for the overall framework sits there. The Sanctions Screening Team performs the daily screening control, meaning it carries out the operational task. The MLRO oversees the controls and escalates material weaknesses, which is an oversight role rather than the team doing daily alert handling.

A backlog may require escalation and remediation, but it does not by itself move framework accountability away from the governing body named in the governance map. Oversight is not the same as execution.

• MLRO oversight trap: Overseeing AML/CFT controls and escalating weaknesses does not make the MLRO the person who clears daily screening alerts.
• Execution versus accountability trap: Performing screening work does not mean the Screening Team is accountable for the entire financial-crime framework.
• Automatic transfer trap: Finding a weakness does not automatically reassign framework accountability; it triggers escalation and remediation within the existing governance structure.

The exhibit explicitly separates framework accountability from operational execution by assigning them to different functions.

Question 5

Topic: The Role of the Financial Services Sector

A firm requires relationship managers, onboarding teams, and product owners to consider money-laundering, sanctions, bribery, and fraud risks when approving customers, products, and transactions. Compliance provides guidance and challenge, but does not own every decision. Which governance approach does this describe?

• A. First-line ownership of financial-crime risk across the business
• B. Second-line compliance ownership of routine business risk decisions
• C. Nominated officer handling suspicious activity reporting only
• D. Third-line internal audit assurance over financial-crime controls

Best answer: A

What this tests: The Role of the Financial Services Sector

Explanation: The stem describes an embedded financial-crime culture based on first-line ownership. Business teams make commercial decisions, apply relevant controls, and escalate issues, while compliance supports and challenges rather than acting as the sole owner.

Embedding financial-crime compliance means the business considers financial-crime risk at the point where decisions are made, such as onboarding, product design, and transaction approval. That is a first-line responsibility. Compliance, as the second line, typically sets policy, advises, monitors, and challenges, but it should not become the only team thinking about financial-crime risk. If firms isolate the issue within specialists, risks may be identified too late and the business may treat compliance as someone else’s job. Internal audit is a separate assurance function, and suspicious activity reporting is a narrower escalation duty. The key distinction is ownership of day-to-day risk decisions within the business itself.

• Second-line ownership: Compliance should oversee and challenge, but routine business risk decisions should not sit solely with the second line.
• Internal audit assurance: Internal audit tests whether controls are effective; it does not embed financial-crime thinking into front-line decisions.
• Reporting function only: The nominated officer or MLRO handles suspicious activity escalation and reporting, which is much narrower than firm-wide risk ownership.

This reflects business ownership of day-to-day financial-crime decisions, with compliance providing independent oversight and challenge.

Question 6

Topic: The Role of the Financial Services Sector

A relationship manager has escalated a customer’s unusual incoming payments and rapid onward transfers to the MLRO. Later that day, the customer asks why the firm wants extra source-of-funds information and whether the account has been reported to any authority. Which response best applies the firm’s obligation to avoid tipping off or prejudicing any investigation?

• A. Say the firm is carrying out routine compliance checks, request the information needed, and avoid discussing any internal report.
• B. Stop all communication with the customer until law enforcement contacts the firm.
• C. Explain that a money-laundering concern has been raised and the MLRO will decide whether to file a report.
• D. Process the transfers first so the customer is not alerted, then consider escalating later.

Best answer: A

What this tests: The Role of the Financial Services Sector

Explanation: The correct approach is to continue legitimate compliance enquiries without revealing that suspicion has arisen or that an internal or external report may exist. Firms must avoid statements or actions that could alert the customer and prejudice any investigation.

The core principle is that once suspicious activity has been identified and escalated internally, staff should handle customer contact carefully. They can still ask proportionate questions, gather source-of-funds information, and follow normal compliance processes, but they must not confirm or imply that the customer is under suspicion or that a suspicious activity report may be made or has been made.

In this scenario, routine wording about compliance checks is appropriate because it allows the firm to continue CDD or EDD while protecting the integrity of any internal review or external investigation. Silence is not automatically required, and neither is carrying on with the transaction as though nothing has happened. The key is controlled communication plus proper escalation.

The closest misconception is to stop all contact, but firms may still need to obtain information and manage the relationship without tipping off.

• Telling the customer that a money-laundering concern exists directly reveals suspicion and risks tipping off.
• Stopping all communication is too broad; firms may still ask necessary compliance questions through normal channels.
• Processing the transfers first and delaying escalation misapplies the principle by prioritising customer reaction over reporting and risk control.

This maintains normal due diligence while avoiding any disclosure that could alert the customer to a suspicion or report.

Question 7

Topic: The Role of the Financial Services Sector

A UK investment firm receives an instruction from a corporate client to send £480,000 to a third party shortly after three round-sum credits arrive from an unrelated offshore company. Operations has escalated the activity to the MLRO, who has told staff not to disclose the concern while the matter is reviewed. The client asks the relationship manager why the payment is delayed. What is the single best response?

• A. Say the offshore transfers have triggered a money-laundering suspicion.
• B. Question the client directly about the offshore credits.
• C. Say standard internal checks are ongoing and refer the matter to the MLRO.
• D. Say a report to the authorities is being considered.

Best answer: C

What this tests: The Role of the Financial Services Sector

Explanation: The best response is a neutral explanation that routine internal checks are continuing, with the matter handled through the MLRO. Staff must avoid telling the client that the firm suspects money laundering or may make a report, because that could tip off the client or prejudice an investigation.

The core concept is avoiding tipping off or prejudicing an investigation. In this scenario, the activity has already been escalated and the MLRO has instructed staff not to disclose the concern. The relationship manager should therefore give only a neutral message, such as that standard internal checks are ongoing, and keep the matter within the firm’s escalation process.

If staff reveal that the firm suspects money laundering, is considering a report, or is focusing on the offshore credits, the client may change behaviour, move funds, or destroy evidence. That can undermine both internal review and any external investigation. Controlled communication is therefore essential once suspicious activity has been identified and escalated.

The closest distractor is direct questioning about the offshore credits, which may look helpful but can still alert the client to the firm’s suspicion and bypass the MLRO’s direction.

• Telling the client that the pattern is suspicious directly reveals the firm’s concern and risks tipping off.
• Mentioning that a report to authorities is being considered is an even clearer disclosure and may prejudice an investigation.
• Direct questioning about the offshore credits may seem like fact-finding, but after escalation it can alert the client and cut across MLRO control.

A neutral holding response with internal escalation avoids revealing suspicion or a possible report and so reduces the risk of tipping off.

Question 8

Topic: The Role of the Financial Services Sector

A firm’s sanctions team closed an alert on a corporate client after deciding that a 55% shareholder with a similar name was not the designated person. Six months later OFSI asks why no asset freeze was applied. The firm has only the final system status, not the screening evidence or analyst notes. What is the best reason those records should have been retained?

• A. To avoid future screening of the same shareholder
• B. To satisfy internal audit needs only
• C. To evidence the basis of the decision and allow it to be reconstructed
• D. To prove automatically that no sanctions breach occurred

Best answer: C

What this tests: The Role of the Financial Services Sector

Explanation: Record keeping provides the audit trail behind a compliance decision. Here, the missing screening evidence and analyst notes mean the firm may struggle to show why it discounted the alert and to support OFSI’s review of whether its sanctions controls were adequate.

The core concept is that records must do more than show an outcome; they must show how and why the outcome was reached. In this scenario, simply retaining a status such as “closed” does not demonstrate that the firm assessed the alert properly, checked relevant data, considered the ownership risk, and reached a defensible false-positive conclusion.

Good record keeping helps a firm:

• demonstrate compliance with its controls and legal obligations
• support regulatory or law-enforcement enquiries
• reconstruct who made the decision, on what basis, and when
• evidence challenge, approval, and escalation where relevant

Without that decision trail, the firm cannot easily justify why no freeze was applied, even if the original decision was sound. The closest distractor confuses record keeping with operational convenience rather than evidencing compliance.

• Avoiding future screening is not the purpose of retention; firms still need ongoing screening and monitoring where relevant.
• Detailed records do not automatically prove there was no breach; they support the firm’s case but do not guarantee the conclusion.
• Record keeping is not only for internal audit; regulators and investigators may need the full decision trail.

Detailed records show how the false-positive conclusion was reached and help OFSI assess whether sanctions controls were applied appropriately.

Question 9

Topic: The Role of the Financial Services Sector

A relationship manager is unsure whether an external suspicious activity report will be needed.

Exhibit:

Internal review note - 10:15
- New corporate client requests an £85,000 payment to an overseas consultant today.
- Invoice is generic; no contract or clear service description is attached.
- Beneficial owner is recorded as a foreign PEP.
- Client says payment must be sent before "extra checks delay it".

What is the best supported action?

• A. Escalate to the MLRO or nominated officer now and keep the supporting note
• B. Ask the client for more detail before recording any internal escalation
• C. Wait until the external reporting decision is clear before escalating internally
• D. Submit a direct external SAR immediately because the beneficial owner is a PEP

Best answer: A

What this tests: The Role of the Financial Services Sector

Explanation: The exhibit shows multiple red flags, but the key point is process. Staff should escalate concerns internally as soon as they arise and document the basis, even if the firm has not yet decided whether an external report is required.

Timely, well-documented internal escalation is critical because front-line staff do not need to reach the final external reporting decision themselves. Here, the urgent payment request, weak supporting documentation, PEP link, and pressure to avoid checks together justify an immediate internal report to the MLRO or nominated officer. That creates a clear audit trail, preserves the facts and timing, and allows the firm to assess suspicion, decide on any external reporting, and consider risk-mitigation steps without unnecessary delay.

The key takeaway is that internal escalation should not wait for certainty or for the external reporting decision to be finalised.

• Waiting for the external decision confuses two stages: staff escalate suspicion internally first, then the MLRO decides whether external reporting is needed.
• Seeking more client detail before recording the concern may delay escalation and weaken the audit trail where several red flags already exist.
• A PEP connection increases risk and may justify closer scrutiny, but it does not by itself make an external SAR automatic or bypass internal channels.

Prompt, documented internal escalation lets the MLRO assess suspicion and any external reporting need without delay.

Question 10

Topic: The Role of the Financial Services Sector

Why should a firm maintain constructive, timely, and accurate relationships with supervisors and relevant authorities on financial-crime matters?

• A. Shift accountability for controls to external authorities
• B. Replace internal judgment with supervisory approval
• C. Enable effective oversight and prompt remediation of financial-crime risk
• D. Delay communication until criminal conduct is proven

Best answer: C

What this tests: The Role of the Financial Services Sector

Explanation: Firms should engage openly and promptly with supervisors and relevant authorities so material financial-crime issues can be assessed and addressed quickly. Accurate information supports effective oversight, faster remediation, and confidence that the firm is managing its obligations properly.

The core concept is effective supervisory and regulatory engagement. Financial-crime risks can develop quickly, so firms should maintain relationships that are constructive, timely, and accurate to help supervisors and relevant authorities understand emerging issues, assess the adequacy of controls, and respond where necessary. This also helps the firm remediate weaknesses, reduce further harm, and demonstrate a sound compliance culture and credible governance.

Such relationships do not transfer responsibility away from the firm. The firm remains responsible for its own systems, controls, escalation, and decision-making. Nor does constructive engagement mean waiting until misconduct is fully proven before communicating material concerns. The key point is open, reliable communication that supports early oversight and effective risk management.

• Shifted responsibility: External authorities supervise and may intervene, but accountability for financial-crime controls stays with the firm.
• Supervisory sign-off: Supervisors do not replace day-to-day internal judgment or approve routine compliance decisions.
• Proof before contact: Waiting for certainty is inconsistent with timely engagement; material concerns should be communicated accurately and without unnecessary delay.

Constructive, accurate engagement helps authorities assess issues early and supports the firm’s own remediation and governance.

Continue with full practice

Use the CISI CFC Practice Test page for the full Securities Prep route, mixed-topic practice, timed mock exams, explanations, and web/mobile app access.

Related focused pages

• Free CISI CFC Full-Length Practice Exam
• CISI CFC: The Background and Nature of Financial Crime
• CISI CFC: Money Laundering
• CISI CFC: Terrorist Financing
• CISI CFC: Bribery and Corruption
• CISI CFC: Fraud and Market Abuse
• CISI CFC: Tax Evasion
• CISI CFC: Financial Sanctions
• CISI CFC: Financial Crime Risk Management

Free review resource

Read the CISI CFC guide on SecuritiesMastery.com, then return to Securities Prep for timed practice.