CISI UK RPI Exam Blueprint

Last revised: June 29, 2026

A practical readiness blueprint for CISI UK RPI candidates covering UK regulation, conduct, integrity, scenarios, and final-review checks.

How to use this Exam Blueprint

This independent Exam Blueprint is for candidates preparing for the Chartered Institute for Securities & Investment exam CISI UK Regulation & Professional Integrity, exam code CISI UK RPI.

Use it as a practical readiness map:

Work through each topic area.
Mark what you can explain without notes.
Practise applying the rule or principle to short client, firm, adviser, trader, and compliance scenarios.
Revisit weak areas using your current CISI materials before sitting the real exam.

This page does not state official weights, pass marks, or section counts. Treat the areas below as readiness areas for a UK regulation and professional integrity exam, and confirm current examinable detail in your official learning materials.

Readiness target for CISI UK RPI

You are not just memorising regulatory terms. You need to show that you can recognise a regulated situation and choose the action that protects clients, markets, the firm, and professional standards.

Readiness dimension	What “ready” looks like
Regulatory vocabulary	You can use UK regulatory terms accurately and distinguish similar concepts.
Scenario judgement	You can spot the issue in a short fact pattern: advice, promotion, complaint, market abuse, conflict, AML, client money, or disclosure.
Professional integrity	You choose escalation, transparency, accurate records, and client/market protection over convenience or sales pressure.
Role awareness	You know when the obligation sits with the individual, the firm, senior management, compliance, MLRO, operations, or another control function.
Documentation	You can identify what evidence should exist: fact-find, suitability rationale, order record, complaint file, conflicts entry, training record, or escalation note.
Exam technique	You avoid “commercially convenient” answers when the better answer is to pause, disclose, verify, document, or escalate.

Topic-area readiness map

Readiness area	What to review	Can you apply it in a scenario?	Ready when you can…
UK regulatory structure	UK financial services regulation, regulator roles, firm authorisation, supervision, enforcement, rulebooks, principles, guidance, and statutory objectives at a high level.	A scenario asks who is responsible for supervision, conduct, prudential risk, enforcement, or rule compliance.	Identify the relevant regulator or internal control point without confusing firm policy, law, guidance, and ethical standards.
Authorisation and permissions	Regulated activities, permissions, approved or certified roles, senior management accountability, competence, training, and supervision.	An employee performs activity outside their authority, delegates a task, or relies on another team.	Explain why authorisation, competence, supervision, and accountability matter before a regulated service is provided.
Conduct standards	Fair treatment, acting with integrity, due skill and care, management control, market confidence, communications, conflicts, and client interests.	A profitable action conflicts with fair treatment or market integrity.	Choose the response that is fair, transparent, documented, and consistent with professional standards.
Professional integrity	Honesty, independence, confidentiality, escalation, avoiding misleading conduct, managing pressure, and refusing improper instructions.	A manager, client, colleague, or counterparty asks for something questionable.	Explain the ethical issue and select an action such as disclose, challenge, refuse, record, or escalate.
Client classification and onboarding	Retail, professional, and eligible counterparty concepts where relevant; KYC; client agreements; capacity; authority; source of funds; sanctions and financial crime checks.	A client requests a service before onboarding is complete or wants a different classification.	Identify what must be verified before proceeding and what protections may change with classification.
Advice, information, and execution-only	Distinguishing factual information, generic guidance, personal recommendation, discretionary service, execution-only order, suitability, and appropriateness.	A client asks, “Should I buy this?” after receiving product facts.	Decide whether the interaction has crossed into advice and what assessment or disclosure is required.
Suitability and appropriateness	Client objectives, knowledge, experience, financial situation, risk tolerance, capacity for loss, time horizon, product complexity, and evidence of rationale.	A product appears profitable but mismatched to the client’s risk profile or liquidity needs.	Explain what facts are missing and why a recommendation or transaction may need to stop.
Financial promotions and communications	Fair, clear, and not misleading communications; balanced risk and reward; approval; targeting; social media; recordkeeping; vulnerable or inexperienced recipients.	A marketing piece highlights returns but minimises risk or is sent to the wrong audience.	Identify misleading features and choose correction, withdrawal, approval, or escalation.
Market conduct and market abuse	Inside information, disclosure controls, misleading statements, manipulation, rumours, personal account dealing, wall-crossing, research controls, and market integrity.	A trader receives price-sensitive information or spreads an unverified rumour.	Recognise the red flags and avoid trading, tipping, manipulation, or inadequate escalation.
Order handling and dealing controls	Client orders, aggregation, allocation, timely execution, best execution concepts, trade errors, records, conflicts, and post-trade controls.	Two clients want limited allocation of the same investment, or an error benefits one client.	Choose a fair allocation or correction process supported by records and policy.
Client assets and client money	Safeguarding assets, segregation concepts, reconciliations, mandates, custody risk, record accuracy, and operational controls.	Client funds or assets are mixed, misallocated, or not reconciled.	Explain the client-protection purpose and identify why weak records or commingling is dangerous.
Conflicts of interest	Identification, prevention, management, disclosure, gifts, hospitality, remuneration, inducements, outside interests, and personal dealing.	A firm or employee benefits from a recommendation, allocation, or third-party payment.	State the conflict, decide whether disclosure is enough, and know when the activity should not proceed.
Complaints and redress	Complaint recognition, acknowledgement, investigation, root cause, records, escalation, client communication, and possible redress.	A client expresses dissatisfaction but does not use the word “complaint.”	Treat substance over label and select timely recording, investigation, and escalation.
Financial crime	AML, terrorist financing, sanctions, bribery, fraud, tax evasion facilitation risk, suspicious activity reporting, tipping off, and due diligence.	A client refuses source-of-funds information or asks to structure transactions oddly.	Pause the transaction if needed, avoid tipping off, and escalate through the correct internal route.
Data, confidentiality, and records	Confidential client information, secure handling, retention, access controls, regulatory records, audit trail, and reporting accuracy.	A colleague requests client data without a business need, or a record is altered after the fact.	Protect confidentiality, preserve evidence, and avoid retrospective or misleading records.
Governance and compliance culture	Three lines of defence, risk ownership, monitoring, internal audit, policies, breaches, notifications, and senior management oversight.	A breach is found but the business wants to wait before reporting internally.	Explain why prompt escalation and accurate breach records matter.

Can you do this?

Use this as a self-test. If you hesitate, that area needs more practice.

Core regulation and conduct checklist

Explain the difference between a legal requirement, a regulator rule, firm policy, guidance, and ethical best practice.
Identify when a firm or individual may need authorisation, permission, competence, or supervision before acting.
Recognise when a client interaction becomes advice rather than factual information.
Distinguish suitability from appropriateness in plain language.
Identify missing client facts before a recommendation can be justified.
Spot a misleading financial promotion even if the headline is technically true.
Recognise a complaint from the substance of the client’s dissatisfaction.
Identify the correct first response to suspected money laundering or sanctions risk.
Avoid tipping off in financial crime scenarios.
Recognise inside information and market manipulation red flags.
Explain why conflicts cannot always be solved by disclosure alone.
Identify when gifts, hospitality, or inducements create regulatory or integrity risk.
Explain why client money and client assets require strong segregation, reconciliation, and records.
Choose escalation over informal resolution when a breach, suspicion, or ethical concern is material.
Link professional integrity to actual behaviour: accuracy, honesty, confidentiality, challenge, and documentation.

Professional integrity checklist

Would you give the same answer if the scenario involved your largest client?
Would your action still be defensible if reviewed by compliance, senior management, a regulator, or a client?
Are you relying on “everyone does it” rather than a rule, policy, or ethical principle?
Have you separated client interest from firm revenue?
Have you considered market integrity, not just client consent?
Have you created or preserved an audit trail?
Have you escalated to the correct person rather than solving a regulated issue informally?
Have you avoided altering records after the event?
Have you avoided selective disclosure or unfair treatment between clients?
Have you challenged instructions that appear dishonest, misleading, or incomplete?

Scenario decision path

Use this structure when a question gives a short fact pattern and several plausible actions.

    flowchart TD
	    A[Read the scenario facts] --> B{Who is affected?}
	    B --> C[Client]
	    B --> D[Market]
	    B --> E[Firm or regulator]
	    B --> F[Individual employee]
	    C --> G{Is there advice, promotion, order, complaint, asset, or data issue?}
	    D --> H{Is there inside information, manipulation, rumour, or unfair disclosure?}
	    E --> I{Is there breach, permission, record, governance, or reporting issue?}
	    F --> J{Is there conflict, competence, integrity, or personal conduct issue?}
	    G --> K[Verify facts, apply client protection, document]
	    H --> L[Do not trade or mislead; escalate]
	    I --> M[Record, remediate, notify internally]
	    J --> N[Disclose, refuse if needed, escalate]
	    K --> O[Choose the answer that protects clients and evidence]
	    L --> O
	    M --> O
	    N --> O

High-yield distinction drills

Many CISI UK RPI-style mistakes come from confusing two related concepts. Drill these until you can explain each in one sentence.

Distinction	How to separate them	Exam trap
Information vs advice	Information describes facts; advice applies judgement to a client’s circumstances or recommends action.	A “general” conversation becomes advice when tailored to the client.
Suitability vs appropriateness	Suitability asks whether the recommendation fits the client; appropriateness asks whether the client understands the product/service risk where required.	Passing an appropriateness check does not make a product suitable.
Retail vs professional client	Client classification affects protections, disclosures, and assumptions about knowledge and experience.	Assuming a wealthy or confident client is automatically professional.
Complaint vs query	A complaint expresses dissatisfaction, loss, poor service, or unfair treatment; wording may be informal.	Ignoring a complaint because the client did not use the word “complaint.”
Disclosure vs management of conflict	Disclosure informs the client; management prevents harm; some conflicts may require refusal or structural controls.	Treating disclosure as a cure for every conflict.
Inside information vs market rumour	Inside information is specific, non-public, and price-sensitive; rumours still create conduct risk if used or spread improperly.	Trading because the information was received casually.
Marketing vs personal recommendation	Marketing promotes; a personal recommendation considers the client’s circumstances.	A campaign response turns into individual advice during follow-up.
Error correction vs concealment	Correction fixes harm and records the issue; concealment hides or rewrites the facts.	Choosing a commercially convenient answer that changes the audit trail.
AML suspicion vs proof	Suspicion can require escalation even without proof.	Waiting for certainty before escalating.
Delegation vs accountability	Tasks may be delegated; accountability and oversight usually cannot be ignored.	Assuming a senior person is free from responsibility once another team acts.
Client consent vs regulatory compliance	Consent may be necessary but not always sufficient.	Proceeding because the client “agreed” to unfair, unsuitable, or unlawful conduct.
Firm policy vs regulatory duty	Firm policy operationalises duties; regulatory expectations may still apply even if a policy is silent.	Treating absence of a written procedure as permission to proceed.

Scenario cues and best-response habits

Scenario cue	First question to ask	Strong exam response pattern	Common weak answer
Client wants to trade before onboarding is complete	What facts, authority, and checks are missing?	Pause or limit activity until required checks are complete.	Proceed because the client is urgent or important.
Product appears too complex for the client	Has knowledge, experience, risk tolerance, and capacity for loss been assessed?	Obtain facts, assess suitability or appropriateness, document rationale.	Rely on the client’s enthusiasm or wealth.
Advertisement highlights yield but hides risk	Is the communication fair, clear, balanced, and targeted?	Amend, approve properly, withdraw, or escalate.	Keep the headline and add small-print risk wording only.
Employee receives non-public price-sensitive information	Could trading or disclosure damage market integrity?	Stop trading, protect information, escalate to compliance.	Trade quickly because the information was not formally labelled confidential.
Client complains after a loss	Is the issue investment performance only, or service/advice/fairness?	Record, investigate, communicate properly, preserve evidence.	Dismiss because markets can fall.
Source of funds explanation is inconsistent	Is there suspicion of financial crime?	Follow internal AML escalation and avoid tipping off.	Ask leading questions that alert the client to suspicion.
Broker offers valuable hospitality	Could it influence selection, allocation, or judgement?	Check policy, record, decline or escalate if inappropriate.	Accept because no client loss is visible.
Trade allocation benefits a favoured client	Is allocation fair and pre-documented?	Follow allocation policy and preserve records.	Allocate based on relationship value.
Manager asks for a record to be “cleaned up”	Would the amended record be accurate and transparent?	Refuse misleading alteration and escalate.	Change wording to avoid criticism.
Client data sent to the wrong recipient	Is confidentiality or data security compromised?	Contain, report internally, preserve facts, remediate.	Delete the email and say nothing.
Senior person delegates a control task	Who retains oversight and accountability?	Ensure competent delegate, supervision, evidence, and escalation.	Assume delegation removes responsibility.
Client says, “Do not tell compliance”	Is the request itself a red flag?	Do not agree; follow firm escalation procedures.	Treat confidentiality as preventing internal reporting.

Documentation and artifact checks

For each artifact, know why it exists and what risk it controls.

Artifact or record	What it evidences	Readiness check
Client onboarding file	Identity, authority, classification, due diligence, service scope.	Can you say what should be verified before regulated services begin?
Client agreement or terms	Service basis, responsibilities, disclosures, limitations, charges where relevant.	Can you identify when a client has not been told enough to proceed?
Fact-find or client profile	Objectives, financial position, experience, risk appetite, capacity for loss, time horizon.	Can you spot missing facts in a suitability scenario?
Suitability rationale	Why a recommendation fits the client’s needs and circumstances.	Can you explain the recommendation using client-specific facts?
Appropriateness assessment	Whether the client has sufficient knowledge and experience for a product or service where relevant.	Can you avoid treating this as a guarantee of suitability?
Financial promotion approval record	Review, approval, audience, risk warnings, balance, and distribution controls.	Can you identify a misleading or wrongly targeted communication?
Order record	Client instruction, timing, price, allocation, execution route, and amendments.	Can you reconstruct what happened and justify fairness?
Trade error record	Error facts, client impact, correction, escalation, and root cause.	Can you choose correction over concealment?
Conflicts register	Identified conflicts, controls, disclosures, recusals, or prohibitions.	Can you decide whether disclosure is sufficient?
Gifts and hospitality log	Benefits offered or received and approval status.	Can you identify influence risk even without direct client loss?
Complaint file	Complaint facts, acknowledgement, investigation, outcome, communications, redress if applicable.	Can you recognise a complaint early and preserve evidence?
AML or suspicious activity escalation	Internal suspicion, facts, decision trail, and no tipping off.	Can you escalate without alerting the client?
Training and competence record	Role competence, supervision, continuing development, and gaps.	Can you link competence to client protection?
Breach log	Issue, cause, impact, remediation, escalation, and control improvement.	Can you distinguish a minor processing issue from a regulatory concern?
Client asset or money record	Ownership, segregation, reconciliation, and safeguarding controls.	Can you explain why inaccurate records create client risk?

Market conduct readiness

Market conduct questions often test whether you protect confidence in the market, not just whether a client wants to trade.

Be ready to recognise:

Non-public information that may affect price or investor decisions.
Selective disclosure to a favoured investor or analyst.
Trading before information is public or properly cleared.
Passing information to another person who may trade.
Misleading impressions through orders, rumours, statements, or omissions.
Manipulative trading patterns or transactions lacking genuine economic purpose.
Pressure to publish or suppress research for commercial reasons.
Personal account dealing conflicts.
Wall-crossing or confidentiality failures.
Poor recordkeeping around decisions, communications, and approvals.

Strong answer habits:

Stop and assess before acting.
Do not trade while uncertain.
Keep information restricted.
Escalate to compliance or the appropriate control function.
Preserve an accurate record.
Avoid informal “workarounds.”

Financial crime readiness

For AML, sanctions, bribery, fraud, and related integrity risks, the exam is likely to reward cautious escalation and correct process.

Red flag type	Examples of scenario facts	Better response
Identity or ownership concern	Complex ownership, unwillingness to provide documents, inconsistent identity details.	Do not ignore missing due diligence; escalate or pause as policy requires.
Source of funds concern	Funds inconsistent with profile, unexplained third-party payments, unusual urgency.	Seek appropriate information without tipping off; escalate suspicion internally.
Transaction pattern concern	Structuring, rapid in-and-out movement, no clear commercial rationale.	Consider suspicion and follow AML procedures.
Sanctions concern	Name, geography, ownership, or payment route creates concern.	Screen and escalate before proceeding.
Bribery or inducement concern	Gifts, facilitation-style payments, pressure to use a third party.	Decline, record, and escalate if inappropriate.
Fraud concern	Forged documents, impersonation, account takeover, unusual instruction channel.	Verify independently and protect client assets.
Tipping-off concern	Client asks why a transaction is delayed or whether they are being reported.	Use approved neutral wording and follow internal guidance.

Client advice and suitability readiness

When a scenario involves a recommendation, build your answer around the client facts.

Facts to look for

Investment objective.
Time horizon.
Liquidity needs.
Financial position.
Knowledge and experience.
Risk tolerance.
Capacity for loss.
Tax or legal constraints where relevant.
Existing portfolio and concentration risk.
Vulnerability or special circumstances.
Product complexity, costs, risks, and exit constraints.
Whether the client understands key risks.

Common suitability traps

Trap	Why it is dangerous
“The client asked for it”	Client request does not automatically make a recommendation suitable.
“The client is wealthy”	Wealth alone does not prove knowledge, experience, or capacity for loss.
“The product is low risk historically”	Past performance or labels do not remove product-specific risk.
“The client signed the form”	Signatures do not cure poor explanation, missing facts, or unsuitable advice.
“The return target is attractive”	Return must be considered with risk, liquidity, and client need.
“The client is experienced in one product”	Experience in one asset class may not transfer to another.

Financial promotions and communications readiness

A communication may be problematic even when no trade has occurred. Review how communications are created, approved, targeted, and retained.

Check	Ask yourself
Accuracy	Is every claim supportable and current?
Balance	Are risks presented with similar prominence to benefits?
Clarity	Would the intended audience understand the main risk?
Targeting	Is the recipient group appropriate for the product or service?
Approval	Has the correct review or approval process occurred?
Medium	Does the rule apply equally in email, websites, presentations, calls, and social media?
Omission	Is a key limitation or cost left out?
Comparisons	Are benchmarks, past performance, or projections used fairly?
Record	Can the firm evidence what was communicated and when?

Client assets and operational controls

Client money and assets are a practical control topic as well as a regulatory one. Be ready to explain why safeguards exist.

Control concept	Why it matters
Segregation	Reduces risk that client assets are treated as the firm’s own property.
Accurate records	Enables ownership to be identified and errors to be corrected.
Reconciliations	Detect mismatches before they harm clients or become systemic.
Mandate controls	Prevent unauthorised use of client assets or payment authority.
Custody oversight	Helps manage third-party and operational risk.
Breach escalation	Ensures client protection issues are visible and remediated.

Scenario trigger: if the facts mention missing records, mixed funds, unreconciled balances, unclear ownership, unauthorised transfers, or operational shortcuts, think client protection first.

Common weak areas and traps

Weak area	What candidates often do	Better exam habit
Memorising terms without application	Know definitions but miss the issue in the scenario.	Ask: what is the risk, who is harmed, what control applies?
Choosing the most client-friendly answer	Assume client consent or preference is decisive.	Choose the compliant and fair answer, even if inconvenient.
Under-escalating	Treat suspicious or unethical facts as routine service issues.	Escalate when facts suggest breach, suspicion, conflict, or market risk.
Over-relying on disclosure	Disclose a conflict but fail to manage or prevent harm.	Decide whether disclosure, control, recusal, or refusal is needed.
Ignoring audit trail	Pick an action but omit recordkeeping.	Include evidence, approval, and documentation in the answer.
Confusing roles	Send everything to the wrong person or assume compliance owns all risk.	Identify business ownership plus specialist escalation where needed.
Treating rules as box-ticking	Focus only on forms.	Link the form to client protection, market integrity, or accountability.
Missing professional integrity signals	See pressure, secrecy, or altered records as minor.	Treat pressure and concealment as central facts.
Applying hindsight	Judge suitability by outcome only.	Assess whether the decision was reasonable based on facts known at the time.
Assuming no loss means no breach	Ignore misleading communications or process failures because no client loss occurred.	Remember conduct risk can exist before measurable loss.

Final-week review checklist

Seven-day content review

Re-read the current CISI learning objectives or syllabus outline for CISI UK Regulation & Professional Integrity.
Build a one-page map of UK regulatory structure and firm obligations.
Create a one-page map of professional integrity actions: disclose, refuse, document, escalate, remediate.
Review client classification, onboarding, advice, suitability, and appropriateness together.
Review market abuse, inside information, financial promotions, and conflicts together.
Review AML, sanctions, bribery, fraud, confidentiality, and tipping off together.
Review complaints, breaches, recordkeeping, governance, and client asset protection together.

Practice-question review

For every missed question, tag the reason:

Miss reason	Fix
Did not know the term	Add it to a vocabulary sheet with a one-sentence definition.
Knew the term but missed the scenario issue	Write the trigger phrase that should have alerted you.
Chose a sales-friendly answer	Reframe around client protection and integrity.
Failed to escalate	List the escalation trigger.
Ignored documentation	Add the required artifact or record.
Confused two concepts	Add the pair to your distinction drills.
Guessed between two answers	Identify which answer better supports compliance, evidence, and fairness.

Day-before readiness check

You can explain each readiness area in this blueprint without notes.
You can answer “who is harmed?” and “what control applies?” for any scenario.
You know the difference between advice, information, execution-only, suitability, and appropriateness.
You can spot misleading communications and weak disclosures.
You can identify when to stop trading or escalate market information concerns.
You can handle AML suspicion without tipping off.
You can recognise conflicts that require more than disclosure.
You can identify the right documentation for client, order, complaint, conflict, and breach scenarios.
You have reviewed your weakest practice-question tags.
You have practised under timed conditions.

Readiness scorecard

Use this scorecard before final practice.

Area	Red: not ready	Amber: close	Green: ready
Regulatory structure	You rely on vague regulator names and cannot explain responsibilities.	You know the main structure but confuse supervision, enforcement, and firm controls.	You can place obligations with the right regulator, firm function, or individual role.
Conduct and integrity	You know ethical words but struggle to choose action.	You usually choose the right action but miss documentation or escalation.	You consistently choose fair, honest, documented, and defensible actions.
Client advice and suitability	You memorise definitions but miss missing facts.	You identify most missing facts but confuse suitability and appropriateness.	You can assess client facts, product risk, and required evidence.
Financial promotions	You focus on accuracy only.	You spot misleading wording but miss targeting or approval.	You assess accuracy, balance, audience, approval, and records.
Market conduct	You recognise obvious insider dealing only.	You spot inside information but miss rumours, manipulation, or selective disclosure.	You protect market integrity and choose stop, restrict, document, and escalate.
Financial crime	You wait for proof.	You spot suspicion but are uncertain about client communication.	You escalate suspicion, avoid tipping off, and preserve evidence.
Conflicts	You disclose everything and move on.	You identify conflicts but are unsure when to refuse or recuse.	You select prevention, management, disclosure, recusal, or refusal as appropriate.
Complaints and breaches	You treat issues informally.	You record some issues but miss root cause or escalation.	You recognise, record, investigate, remediate, and escalate.
Client assets and records	You know safeguarding language but not the control purpose.	You understand segregation but miss reconciliation and evidence.	You explain how records and controls protect ownership and client outcomes.
Exam technique	You choose plausible answers by instinct.	You narrow choices but overthink similar options.	You use scenario cues and choose the most compliant, fair, and evidenced option.

Practical next step

Turn this Exam Blueprint into a practice plan. Tag each practice question by readiness area, write down the scenario cue you missed, and redo weak topics until you can explain the rule, the risk, the correct action, and the required evidence without notes.

Study Plan

Scenario Guide