Identity and exam-use focus
This independent Quick Reference supports candidates preparing for the Chartered Institute for Securities & Investment exam CISI UK Regulation & Professional Integrity with official exam code CISI UK RPI.
Use it to revise the practical distinctions the exam commonly tests: who regulates what, when FCA rules apply, how client protections differ, what must be escalated, and how professional integrity changes the correct answer.
| Area | What to be able to do quickly |
|---|
| UK regulatory structure | Distinguish FCA, PRA, Bank of England, HM Treasury, FOS, FSCS, and market infrastructure roles. |
| FSMA perimeter | Identify regulated activities, specified investments, authorisation needs, exemptions, and financial promotions. |
| FCA Handbook | Link scenarios to PRIN, SYSC, COBS, CASS, MAR, COCON, FIT, DISP, COMP, SUP, DEPP, and related rules. |
| Conduct and clients | Apply client categorisation, suitability, appropriateness, best execution, conflicts, and communications rules. |
| Accountability | Distinguish Senior Managers, Certification staff, Conduct Rules, fit and proper standards, and regulatory notifications. |
| Financial crime | Spot AML, sanctions, bribery, fraud, terrorist financing, suspicious activity, and tipping-off issues. |
| Market abuse | Distinguish insider dealing, unlawful disclosure, manipulation, inside information, and criminal/civil regimes. |
| Professional integrity | Choose the answer that protects clients, markets, the firm, and the profession, not just the answer that is technically convenient. |
UK regulatory map
| Body | Core role | Exam distinction |
|---|
| HM Treasury | Sets financial services policy and legislation framework. | Policy maker, not the day-to-day conduct supervisor of firms. |
| Parliament | Creates primary legislation such as FSMA-based powers. | Statute creates the legal perimeter; regulators make detailed rules within powers. |
| Bank of England | Monetary stability, financial stability, resolution, and oversight of key financial infrastructure. | Think system-wide stability, not retail conduct. |
| Financial Policy Committee, or FPC | Monitors and acts on systemic risk. | Macroprudential focus: stability of the financial system as a whole. |
| Prudential Regulation Authority, or PRA | Prudential regulation of banks, building societies, credit unions, insurers, and designated investment firms. | Safety and soundness; dual-regulated firms also have FCA conduct supervision. |
| Financial Conduct Authority, or FCA | Conduct regulation, market integrity, consumer protection, competition, and prudential regulation of FCA-only firms. | Main exam regulator for conduct, client treatment, market abuse, authorisation, and enforcement. |
| Payment Systems Regulator, or PSR | Regulation of payment systems. | Competition, access, innovation, and service-user interests in payment systems. |
| Financial Ombudsman Service, or FOS | Independent dispute resolution for eligible complaints. | Resolves complaints; not a prudential regulator and not a compensation fund. |
| Financial Services Compensation Scheme, or FSCS | Last-resort compensation when authorised firms cannot meet eligible claims. | Compensates default/insolvency-type failures, not ordinary investment losses. |
| Information Commissioner’s Office, or ICO | UK data protection regulator. | Relevant for personal data, privacy, breach handling, and data subject rights. |
| Office of Financial Sanctions Implementation, or OFSI | UK financial sanctions implementation and enforcement. | Relevant to sanctions screening, asset freezes, and sanctions reporting. |
FCA versus PRA
| Scenario | Likely regulator focus |
|---|
| Bank capital adequacy, liquidity, recovery planning | PRA, with FCA conduct issues still possible. |
| Misleading investment promotion to retail clients | FCA. |
| Poor complaint handling | FCA rules and FOS process. |
| Market manipulation or insider dealing | FCA and possible criminal authorities depending on facts. |
| Client money segregation failure | FCA CASS. |
| Insurer solvency risk | PRA prudential focus plus FCA conduct obligations. |
| Senior manager accountability in a dual-regulated bank | FCA and/or PRA depending on function and issue. |
FSMA perimeter and authorisation
General prohibition logic
Under the FSMA framework, a person generally must not carry on a regulated activity in the UK by way of business unless authorised or exempt. For exam questions, work through four tests.
| Test | Ask | Why it matters |
|---|
| Activity | Is the person dealing, arranging, advising, managing, safeguarding, administering, accepting deposits, effecting insurance, or another regulated activity? | If no regulated activity, FSMA authorisation may not be required, though other rules may still apply. |
| Investment | Does it involve a specified investment such as shares, debt securities, units in funds, derivatives, insurance contracts, deposits, or similar instruments? | Regulated activity must usually relate to a specified investment. |
| Business element | Is it carried on by way of business rather than as a purely private one-off? | The perimeter targets business activity. |
| UK connection | Is the activity carried on in the UK or sufficiently connected to the UK regime? | Location and territorial scope matter. |
Common regulated activity traps
| Activity | Meaning in exam scenarios | Trap |
|---|
| Dealing as principal | Firm buys/sells investments for its own account. | Still regulated if done as a business activity in specified investments. |
| Dealing as agent | Firm executes transactions for clients. | Agency execution is not the same as giving advice. |
| Arranging | Bringing about or making arrangements with a view to investment transactions. | “I only introduced them” may still be arranging depending on facts. |
| Advising on investments | Personal recommendation on the merits of buying, selling, subscribing for, holding, or underwriting a specific investment. | Generic education is different from a recommendation tailored to the person. |
| Managing investments | Discretionary management of assets belonging to another. | Decision-making discretion is the key trigger. |
| Safeguarding/administering | Custody or administration of assets. | CASS issues often arise once client assets are held or controlled. |
| Agreeing to carry on activities | Agreement to perform a regulated activity can itself be caught. | Do not wait for execution to identify the perimeter issue. |
Authorised, exempt, appointed, approved
| Term | Meaning | Exam distinction |
|---|
| Authorised person | Firm with permission from FCA and/or PRA. | Authorisation belongs to the firm, not automatically to every employee. |
| Part 4A permission | Permission to carry on specified regulated activities. | A firm must stay within its permission scope. |
| Exempt person | Person exempt from needing authorisation for particular activities. | Exemptions are narrow and fact-specific. |
| Appointed representative | Person who conducts certain regulated activities under an authorised principal. | Principal accepts regulatory responsibility for the appointed representative’s relevant activities. |
| Approved person / Senior Manager approval | Individual approved to perform controlled or senior management functions. | Individual approval is separate from firm authorisation. |
| Certified person | Individual performing a certification function, assessed as fit and proper by the firm. | Certified by firm, not pre-approved by FCA for that function. |
FCA Handbook high-yield map
| Sourcebook / module | What it covers | Typical exam use |
|---|
| PRIN | FCA Principles for Businesses. | Broad duties: integrity, skill, customers’ interests, communications, conflicts, regulators, Consumer Duty. |
| SYSC | Senior management arrangements, systems, controls, compliance, risk, outsourcing. | Governance failure, unclear responsibilities, weak controls. |
| COND | Threshold conditions for authorisation. | Whether a firm remains suitable, resourced, supervised, and appropriately organised. |
| FIT | Fit and proper test for individuals. | Honesty, integrity, reputation, competence, capability, financial soundness. |
| COCON | Individual and senior manager Conduct Rules. | Personal accountability and expected behaviour. |
| COBS | Conduct of Business Sourcebook. | Client classification, communications, suitability, appropriateness, best execution, inducements. |
| CASS | Client Assets Sourcebook. | Client money, custody assets, segregation, reconciliations, records. |
| MAR | Market conduct rules and guidance. | Market abuse, disclosure standards, market integrity. |
| PROD | Product governance. | Target market, product approval, distribution strategy, product review. |
| DISP | Complaints handling and FOS rules. | Complaint recognition, response, escalation, final response. |
| COMP | FSCS compensation rules. | Eligibility and compensation when firms fail. |
| SUP | Supervision manual. | Notifications, regulatory reporting, information gathering. |
| DEPP | Decision Procedure and Penalties Manual. | Enforcement process, penalties, notices. |
| EG | Enforcement Guide. | FCA approach to investigation and enforcement. |
| PERG | Perimeter guidance. | Whether activity is regulated. |
| TC | Training and competence. | Competence, supervision, CPD, adviser standards. |
FCA Principles and Consumer Duty
Principles for Businesses
| No. | Principle | Exam application |
|---|
| 1 | Integrity | Do not mislead, conceal, backdate, misstate, or exploit information asymmetry. |
| 2 | Skill, care and diligence | Competent work, proper review, adequate evidence, and careful execution. |
| 3 | Management and control | Effective governance, risk management, controls, oversight, and escalation. |
| 4 | Financial prudence | Maintain appropriate financial resources and sound financial management. |
| 5 | Market conduct | Act to preserve proper standards and market integrity. |
| 6 | Customers’ interests | Pay due regard to customer interests and treat them fairly. |
| 7 | Communications with clients | Communicate in a way that is fair, clear, and not misleading. |
| 8 | Conflicts of interest | Manage conflicts fairly between firm/client and client/client. |
| 9 | Customers: relationships of trust | Take reasonable care to ensure suitability where discretion or advice applies. |
| 10 | Clients’ assets | Arrange adequate protection for client assets. |
| 11 | Relations with regulators | Be open and cooperative; disclose matters the regulator would reasonably expect notice of. |
| 12 | Consumer Duty | Act to deliver good outcomes for retail customers. |
Consumer Duty structure
| Element | What it means | Exam trigger |
|---|
| Consumer Principle | A firm must act to deliver good outcomes for retail customers. | Retail product or service design, sales, support, or communications. |
| Cross-cutting rule: good faith | Act honestly, fairly, and consistently with reasonable customer expectations. | Hidden charges, exploitative terms, misleading nudges. |
| Cross-cutting rule: avoid foreseeable harm | Identify and prevent harm a reasonable firm should anticipate. | Known product risk, vulnerable customers, poor support journey. |
| Cross-cutting rule: support objectives | Enable customers to pursue financial objectives. | Friction in cancellation, switching, claims, complaints, or accessing support. |
| Products and services outcome | Products must be designed for an identified target market. | Selling outside target market without justification. |
| Price and value outcome | Price should be reasonable relative to benefits. | Fees not aligned with service or benefit. |
| Consumer understanding outcome | Communications support informed decisions. | Overly technical, unbalanced, or unclear disclosure. |
| Consumer support outcome | Support should meet customer needs through the relationship. | Long delays, obstructive servicing, inaccessible channels. |
SMCR and individual accountability
Regime components
| Component | Applies to | Core idea | Exam clue |
|---|
| Senior Managers Regime | Individuals performing Senior Management Functions. | Regulator approval, clear responsibilities, reasonable steps. | “Who is accountable?” “Statement of responsibilities?” |
| Certification Regime | Individuals whose roles could cause significant harm to the firm or customers. | Firm certifies fitness and propriety, usually at least annually. | “Does FCA approve this person?” Often no: firm certifies. |
| Conduct Rules | Most relevant staff, plus additional rules for senior managers. | Minimum standards of individual conduct. | “What should the employee do?” |
| Fit and proper assessment | Senior managers and certified staff. | Honesty/integrity/reputation; competence/capability; financial soundness. | Misconduct, lack of competence, financial distress, dishonesty. |
Individual Conduct Rules
| Rule | Plain-English exam meaning |
|---|
| Act with integrity | Do the right thing; do not deceive, conceal, or manipulate. |
| Act with due skill, care and diligence | Work competently and carefully; know limits of competence. |
| Be open and cooperative with regulators | Do not obstruct; escalate and disclose appropriately. |
| Pay due regard to customer interests and treat them fairly | Do not prioritise sales, bonuses, or convenience over fair client treatment. |
| Observe proper standards of market conduct | No market abuse, manipulation, improper information use, or misleading market behaviour. |
| Act to deliver good outcomes for retail customers | Consider Consumer Duty where retail customers are affected. |
Senior Manager Conduct Rules
| Senior manager rule | Practical expectation |
|---|
| Effective control | Ensure the business area is controlled effectively. |
| Compliance oversight | Take reasonable steps to ensure regulatory compliance in the area of responsibility. |
| Proper delegation | Delegate only to appropriate people and oversee delegated work. |
| Regulatory disclosure | Disclose information the FCA or PRA would reasonably expect notice of. |
Supervision, enforcement, and regulatory powers
| FCA power / process | Meaning | Exam use |
|---|
| Authorisation and permission | Grants or refuses permission to carry on regulated activities. | Firm must have correct scope before activity begins. |
| Variation or cancellation | Changes or removes permissions, including own-initiative action. | Used where firm no longer meets standards or poses risk. |
| Information requirement | Regulator can require documents, data, explanations. | Not cooperating is a Principle 11 / Conduct Rule issue. |
| Skilled person review | Independent report into specified matters. | Often used for systems, controls, remediation, or governance concerns. |
| Investigation | Formal inquiry into firm or individual conduct. | Preserve evidence; cooperate; avoid tipping off where financial crime is involved. |
| Public censure | Public statement of misconduct. | Reputational sanction without necessarily a financial penalty. |
| Financial penalty | Monetary sanction. | Penalty may apply to firms and individuals. |
| Restitution / redress | Compensation or repayment for harm caused. | Customer detriment and remediation focus. |
| Prohibition order | Prevents an individual from performing regulated functions. | Fitness and propriety failure. |
| Warning notice | Proposed regulatory action. | Early formal stage; subject can make representations. |
| Decision notice | Regulator decision after process. | May be referred to tribunal where applicable. |
| Final notice | Final published outcome. | Confirms action, penalty, prohibition, or other outcome. |
Client categorisation and conduct standards
Client categories
| Category | Protection level | Typical examples | Exam trap |
|---|
| Retail client | Highest | Individuals and smaller clients not classified otherwise. | Default category if no valid professional/ECP classification. |
| Professional client | Reduced protections | Authorised firms, large undertakings, institutional investors, or clients validly opted up. | Professional status does not remove all duties. |
| Eligible counterparty, or ECP | Lowest for eligible business | Certain financial institutions and sophisticated counterparties. | ECP status applies only to certain activities and does not permit dishonesty or misleading communications. |
Re-categorisation
| Movement | Meaning | Key control |
|---|
| Retail to elective professional | Client opts up and firm assesses expertise, experience, and knowledge. | Must follow proper process and warnings. |
| Professional to retail | Client requests higher protection or firm treats as retail. | More protections apply. |
| Professional to ECP | Only for eligible counterparty business and eligible clients. | Cannot use ECP classification to avoid unsuitable retail treatment. |
Advice, suitability, appropriateness, and execution-only
| Concept | Applies when | Required assessment | Output / action |
|---|
| Information / guidance | General facts, education, or explanation not tailored as a personal recommendation. | Must still be fair, clear, and not misleading. | Avoid implying a recommendation if none is intended. |
| Investment advice | Personal recommendation on a specific investment or action. | Suitability: objectives, risk tolerance, knowledge, experience, financial situation, capacity for loss. | Recommend only suitable actions; keep evidence and reports where required. |
| Discretionary management | Firm makes investment decisions for client. | Suitability across mandate and transactions. | Manage within mandate and risk profile. |
| Appropriateness | Non-advised business in complex products. | Client knowledge and experience for the product/service. | Warn if inappropriate or if insufficient information. |
| Execution-only | Client instructs transaction without advice. | For non-complex products at client initiative, appropriateness may not be required if conditions are met. | Make clear no advice or assessment is being provided. |
Suitability versus appropriateness
| Issue | Suitability | Appropriateness |
|---|
| Trigger | Advice or discretionary management. | Non-advised complex product/service. |
| Looks at objectives? | Yes. | No, not normally. |
| Looks at financial situation and capacity for loss? | Yes. | No, not normally. |
| Looks at knowledge and experience? | Yes. | Yes. |
| Result | Suitable recommendation or decision. | Product/service appropriate or warning required. |
| Common wrong answer | Treating a complex execution-only trade as suitable because client asked for it. | Performing full suitability when only appropriateness is required. |
Fair, clear, and not misleading
| Requirement | Practical meaning |
|---|
| Balanced | Do not highlight benefits while hiding or minimising risks. |
| Accurate | No false, stale, or selective information. |
| Understandable | Appropriate for target audience and product complexity. |
| Identifiable marketing | Marketing material should be recognisable as such. |
| Risk disclosure | Prominent, relevant, and not contradicted by headline claims. |
| Performance information | Not cherry-picked; limitations and assumptions clear. |
| Point | Exam application |
|---|
| What is caught | Invitation or inducement to engage in investment activity. |
| Who is caught | The restriction can apply to unauthorised persons as well as authorised firms. |
| Lawful route | Communicated by an authorised person, approved by an authorised person where permitted, or covered by an exemption. |
| Media | Websites, social media, emails, calls, presentations, brochures, and oral statements can all be promotions. |
| Trap | “It is only marketing” does not remove regulatory responsibility. |
Inducements and conflicts
| Issue | Correct handling |
|---|
| Fee, commission, gift, or hospitality from a third party | Assess conflict, client impact, disclosure, and whether it impairs duty to client. |
| Independent advice / portfolio management restrictions | Be alert to tighter limits on third-party benefits. |
| Soft commission / research | Must be controlled, justified, and not used to disguise improper benefits. |
| Sales targets | Cannot override suitability, Consumer Duty, or fair treatment. |
| Disclosure | Useful but not a substitute for preventing or properly managing a serious conflict. |
Best execution and order handling
| Topic | Rule of thumb |
|---|
| Core duty | Take all sufficient steps to obtain the best possible result for the client. |
| Execution factors | Price, costs, speed, likelihood of execution and settlement, size, nature, and other relevant considerations. |
| Retail priority | Total consideration, meaning price plus costs, is usually central. |
| Order execution policy | Firm must establish, disclose as required, follow, and monitor it. |
| Client instructions | Specific client instructions can limit the firm’s best execution obligation for that part of the order. |
| Aggregation | Permitted only with controls and fair allocation; cannot systematically disadvantage clients. |
| Timely execution | Execute promptly, fairly, and sequentially unless conditions justify otherwise. |
| Records | Evidence matters: venue choice, allocation, instructions, and monitoring. |
CASS: client money and custody assets
| Concept | Meaning | Key controls |
|---|
| Client money | Money held for or on behalf of clients. | Segregation, trust status, client bank accounts, reconciliations, prompt allocation and return. |
| Custody assets | Designated investments held for clients. | Proper registration, records, reconciliations, asset segregation, statements. |
| Mandate | Firm has authority over client assets or money without holding them. | Control risk; keep mandate records and prevent misuse. |
| Title transfer collateral arrangement, or TTCA | Client transfers full ownership to firm for collateral purposes. | Not client money/assets once validly transferred; must be appropriate and documented. |
| Mixed remittance | Payment contains client and firm money. | Allocate promptly and treat client element correctly. |
| Shortfall | Records show less money/assets than owed to clients. | Escalate, investigate, correct, and notify where required. |
CASS exam traps
| Trap | Correct answer logic |
|---|
| “The firm is solvent, so segregation is less important.” | Wrong. CASS protects clients especially if the firm fails. |
| “A nominee holds the assets, so the firm has no responsibility.” | Wrong. The firm must maintain proper custody controls and oversight. |
| “Client money can be used temporarily for firm liquidity.” | Wrong. Client money is not firm money. |
| “Reconciliation is a back-office admin issue only.” | Wrong. It is a core client protection and systems/control issue. |
Product governance
| Role | Responsibilities |
|---|
| Manufacturer | Identify target market, design product to meet target needs, assess risks, test product, set distribution strategy, review product performance. |
| Distributor | Understand product, identify appropriate distribution market, follow distribution strategy, give feedback to manufacturer. |
| Both | Avoid foreseeable harm, communicate clearly, monitor outcomes, act where product causes poor outcomes. |
| Scenario | Likely issue |
|---|
| Complex product sold to clients outside target market | Product governance, suitability/appropriateness, Consumer Duty. |
| Charges make product poor value | Price and value outcome. |
| Distributor does not understand product risks | Training, competence, PROD, COBS. |
| Product performs as designed but customers misunderstand risk | Consumer understanding and communications. |
Financial crime controls
AML and terrorist financing
| Concept | Meaning | Exam action |
|---|
| Placement | Criminal proceeds enter the financial system. | Watch for unusual cash, third-party funding, inconsistent source of funds. |
| Layering | Transactions obscure origin or ownership. | Watch complex transfers, offshore structures, rapid movement. |
| Integration | Funds appear legitimate. | Watch asset purchases, investment liquidation, business proceeds. |
| Customer due diligence, or CDD | Identify and verify customer and beneficial owner; understand purpose and nature. | Must be done before or during onboarding according to risk. |
| Ongoing monitoring | Review transactions and relationship against expected profile. | CDD is not a one-off exercise. |
| Enhanced due diligence, or EDD | Additional checks for higher-risk cases. | PEPs, high-risk jurisdictions, complex structures, unusual transactions. |
| Simplified due diligence, or SDD | Reduced checks where lower risk and permitted. | Not “no due diligence.” |
| Suspicious activity report, or SAR | Report suspicion internally and, where appropriate, externally. | Suspicion is a low threshold; proof is not required. |
| MLRO / nominated officer | Receives internal reports and decides external reporting. | Staff should escalate, not investigate beyond role or alert client. |
| Tipping off | Improperly alerting someone to a report or investigation. | Do not tell the client a SAR has been or will be made. |
Sanctions
| Control | Practical meaning |
|---|
| Screening | Check clients, beneficial owners, counterparties, and relevant payments against sanctions lists. |
| Asset freeze | Do not make funds or economic resources available to sanctioned persons. |
| Escalation | Freeze, reject/block where required, and report through proper channels. |
| False positives | Investigate promptly and document rationale. |
| Trap | AML comfort does not override sanctions. A low AML-risk client can still be sanctioned. |
Bribery and corruption
| Offence theme | Example |
|---|
| Bribing another person | Offering payment to win business improperly. |
| Being bribed | Accepting benefit to act improperly. |
| Bribing a foreign public official | Payment or advantage to influence official function. |
| Corporate failure to prevent bribery | Organisation lacks adequate prevention procedures. |
| Gifts and hospitality test | Good answer |
|---|
| Is it proportionate and legitimate? | Modest, transparent business hospitality may be acceptable. |
| Could it influence behaviour? | If yes, decline or escalate. |
| Is it recorded? | Use gifts and hospitality register. |
| Is there a public official involved? | Apply extra caution. |
| Would disclosure embarrass the firm or individual? | If yes, likely inappropriate. |
Market abuse and insider dealing
Inside information is generally information that is:
| Element | Meaning |
|---|
| Precise | Specific enough to draw a conclusion about possible price effect. |
| Non-public | Not generally available to the market. |
| Relates to issuer or financial instrument | Directly or indirectly relevant to issuer, instrument, or related derivatives. |
| Price-sensitive | Would be likely to have a significant effect on price if made public. |
Market abuse behaviours
| Behaviour | Meaning | Example |
|---|
| Insider dealing | Using inside information to deal or attempt to deal. | Employee trades before unpublished takeover announcement. |
| Unlawful disclosure | Improperly disclosing inside information. | Banker tells friend about confidential transaction. |
| Market manipulation | False or misleading signals, price distortion, deception, or abusive practices. | Wash trades, spoofing, layering, ramping, misleading rumours. |
| Dissemination | Spreading false or misleading information. | Posting false takeover rumour to move price. |
| Benchmark manipulation | Manipulating input or process for benchmark setting. | False submissions to influence benchmark rate. |
Civil market abuse versus criminal insider dealing
| Point | Civil / regulatory market abuse | Criminal insider dealing |
|---|
| Focus | Market integrity and administrative/regulatory sanctions. | Criminal culpability. |
| Scope | Broad range of behaviours including manipulation and attempts. | Dealing, encouraging, or disclosing inside information in criminal context. |
| Standard / outcome | FCA enforcement, penalties, prohibition, public censure. | Criminal prosecution and potential criminal penalties. |
| Exam trap | “No trade occurred” may still be attempted manipulation or unlawful disclosure. | “I only encouraged someone else” can still be criminally relevant. |
Market conduct controls
| Control | Purpose |
|---|
| Insider lists | Track people with access to inside information. |
| Information barriers | Limit flow of confidential/inside information. |
| Restricted lists | Prevent or control trading in sensitive securities. |
| Personal account dealing rules | Prevent staff misuse of information and conflicts. |
| Market soundings controls | Manage disclosure before transactions. |
| Suspicious transaction and order reporting | Escalate suspicious market abuse indicators. |
| Clear disclosure procedures | Ensure issuers handle inside information properly. |
Complaints, redress, and compensation
Complaint handling
| Step | What good handling looks like |
|---|
| Recognise complaint | Any expression of dissatisfaction may be a complaint if it alleges or implies financial loss, distress, or inconvenience. |
| Acknowledge and investigate | Prompt, fair, impartial investigation by competent staff. |
| Resolve quickly where possible | Complaints resolved by close of the third business day can use summary resolution communication where rules allow. |
| Final response | Generally required within eight weeks, or explain delay and FOS rights. |
| Root cause analysis | Identify systemic issues, not just individual complaint outcome. |
| Records | Keep complaint, investigation, outcome, redress, and communications evidence. |
FOS versus FSCS
| Body | When used | What it does not do |
|---|
| Financial Ombudsman Service, or FOS | Customer has unresolved complaint against a firm and is eligible to refer. | Does not compensate simply because investments fall in value. |
| Financial Services Compensation Scheme, or FSCS | Authorised firm is unable or likely unable to meet eligible claims. | Does not replace normal complaint handling or cover every loss. |
Redress logic
| Scenario | Likely response |
|---|
| Unsuitable advice caused loss | Investigate, uphold if appropriate, calculate redress, remediate systems. |
| Poor service with inconvenience | Apology, correction, possible compensation depending on facts. |
| Investment loss from normal market movement | Not automatically compensable. |
| Firm failure with client assets missing | CASS, insolvency, and FSCS eligibility may become relevant. |
Data protection and confidentiality
| Principle / duty | Practical meaning |
|---|
| Lawfulness, fairness, transparency | Have a valid basis and tell individuals how data is used. |
| Purpose limitation | Use data only for specified legitimate purposes. |
| Data minimisation | Collect only what is needed. |
| Accuracy | Keep personal data accurate and up to date. |
| Storage limitation | Do not keep data longer than needed. |
| Security | Protect against unauthorised access, loss, or misuse. |
| Accountability | Be able to evidence compliance. |
| Confidentiality | Client and firm confidential information must be used only for proper purposes. |
| Data scenario | Correct exam instinct |
|---|
| Client asks for personal data | Recognise data subject access process and verify identity. |
| Email sent to wrong recipient | Treat as potential personal data breach; escalate and record. |
| Colleague wants client details for unrelated reason | Do not disclose without proper purpose and authority. |
| Regulator requests information | Cooperate through correct internal process; consider legal privilege/confidentiality controls but do not obstruct. |
| Inside information is also personal/confidential data | Both market abuse and confidentiality rules may apply. |
Governance, systems, controls, and outsourcing
| Area | What the firm must evidence |
|---|
| Governance | Clear responsibility, oversight, reporting lines, challenge, and decision records. |
| Risk management | Identification, assessment, mitigation, monitoring, and escalation of risks. |
| Compliance | Policies, monitoring, advice, breach handling, regulatory change management. |
| Internal audit | Independent assurance over controls where proportionate. |
| Recordkeeping | Evidence of decisions, advice, transactions, communications, controls, and remediation. |
| Training and competence | Staff competent for roles, supervised until competent, ongoing CPD where required. |
| Whistleblowing | Safe channels for raising concerns; no retaliation. |
| Outsourcing | Due diligence, written agreement, monitoring, access/audit rights, exit plan, and retained responsibility. |
Outsourcing trap
A firm can outsource an activity, but it cannot outsource regulatory responsibility. If a service provider fails, the regulated firm must still show it selected, contracted with, monitored, and controlled the provider appropriately.
Professional integrity
The CISI UK RPI exam does not test rules in isolation. It also tests whether you can apply the professional standards expected by the Chartered Institute for Securities & Investment and by regulators.
CISI Code of Conduct themes: exam-use summary
| Theme | Practical behaviour | Common wrong answer |
|---|
| Act honestly and fairly | Put client and market integrity ahead of personal gain. | “Everyone does it” or “the client will never know.” |
| Act with integrity | Avoid conduct damaging to the firm, profession, or public trust. | Concealing errors to protect reputation. |
| Follow law, regulation, and standards | Apply both letter and spirit of rules. | Looking for loopholes to avoid fair outcomes. |
| Maintain market integrity and confidentiality | Do not misuse information or distort markets. | Trading on confidential information after hearing it informally. |
| Manage conflicts | Identify, avoid, control, disclose, and record conflicts. | Disclosure only after conflict has already harmed client. |
| Maintain competence | Keep knowledge current and work within capability. | Advising on unfamiliar products without support. |
| Decline work beyond competence | Seek assistance or refuse where not competent. | Accepting work to please a client or manager. |
| Uphold high personal standards | Behave professionally inside and outside formal client interactions. | Assuming private misconduct cannot affect fitness and propriety. |
Integrity decision checklist
When two answers both seem technically possible, choose the answer that best satisfies this sequence:
- Is it legal and within permission?
- Is it fair to the client or customer?
- Does it preserve market integrity?
- Does it avoid or properly manage conflicts?
- Would the FCA, PRA, employer, client, and public view it as transparent and honest?
- Is it within the individual’s competence and authority?
- Has it been escalated, recorded, and disclosed where required?
High-yield distinctions
| Distinction | Correct exam distinction |
|---|
| FCA vs PRA | FCA is conduct and markets; PRA is prudential safety/soundness for PRA firms. |
| FOS vs FSCS | FOS resolves complaints; FSCS compensates eligible claims when firms fail. |
| Authorised firm vs approved individual | Firm permission is separate from individual approval or certification. |
| Senior Manager vs Certified staff | Senior Managers need regulatory approval; certified staff are certified by firm as fit and proper. |
| Suitability vs appropriateness | Suitability is broader and applies to advice/discretionary management; appropriateness is narrower and applies to non-advised complex products. |
| Retail client vs professional client | Retail gets highest protection; professional has reduced protections but not no protections. |
| Professional client vs ECP | ECP is lowest protection and only for eligible counterparty business. |
| Advice vs information | Advice is a personal recommendation; information is factual/general but must still be fair and clear. |
| Financial promotion vs advice | Promotion induces investment activity; advice recommends a course of action. One communication can raise both issues. |
| Conflict disclosure vs conflict management | Disclosure alone is usually a last resort, not a complete control. |
| Client money vs firm money | Client money must be protected and segregated; firm cannot use it for itself. |
| Market rumour vs inside information | Rumour may be vague; precise non-public price-sensitive information can be inside information. |
| Suspicion vs proof in AML | Suspicion is enough to escalate; do not wait for proof. |
| Whistleblowing vs grievance | Whistleblowing concerns public interest wrongdoing; grievance is personal employment complaint. |
| Error correction vs concealment | Correct, escalate, record, and remediate; do not hide. |
Scenario triggers and likely answer direction
| If the question says… | Think… |
|---|
| “The client insists they understand the risk” | Still assess suitability/appropriateness where required; client insistence is not a waiver. |
| “The product is profitable for the firm” | Conflict, inducement, fair value, Consumer Duty. |
| “The information is confidential but not yet public” | Inside information, confidentiality, information barriers, personal account dealing. |
| “A manager asks staff not to tell compliance” | Integrity, escalation, whistleblowing, Conduct Rules, Principle 11. |
| “A client wants to invest unusually large funds from unclear source” | AML, source of funds/wealth, EDD, SAR if suspicious. |
| “Client assets cannot be reconciled” | CASS breach, operational risk, escalation, possible notification. |
| “The firm says the third-party outsourcer caused the issue” | Firm retains regulatory responsibility. |
| “Marketing shows only high returns” | Financial promotion and fair, clear, not misleading rules. |
| “A complaint is handled informally and not logged” | DISP, recordkeeping, root cause analysis. |
| “A staff member is financially distressed” | Fit and proper assessment, conflicts, fraud risk, supervision. |
| “A payment involves a sanctioned person” | Freeze/block/escalate/report; sanctions override commercial pressure. |
| “A senior manager delegated the task” | Was delegation appropriate and supervised? Reasonable steps matter. |
Quick revision checklist
Rules and regulators
- Know the difference between statute, regulator rules, guidance, and firm policy.
- Map each scenario to the right body: FCA, PRA, Bank of England, FOS, FSCS, ICO, OFSI.
- Apply the FSMA perimeter before assuming a firm can act.
- Check firm permission scope, individual approval/certification, and competence.
Client-facing conduct
- Categorise the client correctly.
- Decide whether the scenario is advice, discretionary management, appropriateness, or execution-only.
- Apply fair, clear, and not misleading communications.
- Identify conflicts early; do not rely on disclosure alone.
- Apply Consumer Duty for retail customer outcomes.
Risk and escalation
- Escalate AML suspicion, sanctions hits, market abuse indicators, CASS breaks, data breaches, and significant rule breaches.
- Preserve records and evidence.
- Cooperate with regulators through proper internal channels.
- Do not conceal, backdate, mislead, tip off, or retaliate.
Professional integrity
- Prefer answers that are transparent, fair, documented, competent, and escalated.
- If a proposed action would look improper if reviewed by the FCA, client, employer, or court, it is probably not the best exam answer.
- Rules are the minimum; professional integrity often requires a higher standard.
Practical next step
Use this Quick Reference as a checklist while doing timed CISI UK RPI practice questions. For every missed question, tag it to one category: regulator, perimeter, COBS, CASS, SMCR, financial crime, market abuse, complaints, data, or integrity. Then redo mixed scenarios until you can identify the issue and the correct escalation path without rereading the full prompt.