Try 10 focused CISI UK RPI questions on UK Regulatory Infrastructure, with answers and explanations, then continue with Securities Prep.
| Field | Detail |
|---|---|
| Exam route | CISI UK RPI |
| Issuer | CISI |
| Topic area | UK Regulatory Infrastructure |
| Blueprint weight | 6% |
| Page purpose | Focused sample questions before returning to mixed practice |
Use this page to isolate UK Regulatory Infrastructure for CISI UK RPI. Work through the 10 questions first, then review the explanations and return to mixed practice in Securities Prep.
| Pass | What to do | What to record |
|---|---|---|
| First attempt | Answer without checking the explanation first. | The fact, rule, calculation, or judgment point that controlled your answer. |
| Review | Read the explanation even when you were correct. | Why the best answer is stronger than the closest distractor. |
| Repair | Repeat only missed or uncertain items after a short break. | The pattern behind misses, not the answer letter. |
| Transfer | Return to mixed practice once the topic feels stable. | Whether the same skill holds up when the topic is no longer obvious. |
Blueprint context: 6% of the practice outline. A focused topic score can overstate readiness if you recognize the pattern too quickly, so use it as repair work before timed mixed sets.
These questions are original Securities Prep practice items aligned to this topic area. They are designed for self-assessment and are not official exam questions.
Topic: UK Regulatory Infrastructure
A UK building society authorised by both the FCA and PRA takes deposits from retail customers. An internal report shows repeated breaches of its liquidity risk limits after heavy withdrawal requests, but customer communications have been accurate and no complaints allege misleading information. Which high-level framework is most directly relevant to assessing the firm’s position?
Best answer: A
What this tests: UK Regulatory Infrastructure
Explanation: The key issue is not customer communications or fair treatment, but weak liquidity risk management. That makes the PRA’s Fundamental Rules the most relevant high-level framework, because they are aimed at prudential soundness. The retail-customer fact does not, on its own, turn this into an FCA Principles case.
Dual-regulated firms are subject to both FCA and PRA standards, but the most relevant high-level framework depends on the nature of the issue. Here, the stem focuses on repeated breaches of liquidity risk limits, which is a prudential weakness affecting the firm’s safety and soundness and internal risk management. That points most directly to the PRA’s Fundamental Rules.
The fact that the customers are retail depositors does not automatically make the FCA’s Principles for Businesses the main framework. Those Principles are most relevant where the central issue is conduct, such as fair treatment, clear communications, conflicts, or customer outcomes. The stem expressly says communications were accurate and there were no misleading-information complaints, so the conduct angle is not the primary one here.
The key takeaway is to match the framework to the main risk: prudential issues point first to the PRA, while conduct issues point first to the FCA.
Repeated liquidity limit breaches are primarily a prudential safety-and-soundness matter, so the PRA’s Fundamental Rules are the most directly relevant framework.
Topic: UK Regulatory Infrastructure
A UK deposit-taking bank is authorised by the PRA and regulated by both the PRA and FCA. It plans to appoint a new chief executive, and compliance has completed the internal fit-and-proper assessment. Which body should receive the approval application as the lead regulator for this next step?
Best answer: B
What this tests: UK Regulatory Infrastructure
Explanation: For a dual-regulated bank, the chief executive role is one of the senior management functions led by the PRA. Once the bank has completed its internal checks, the approval application should go to the PRA rather than to the FCA, Bank of England, or HM Treasury.
The core concept is which UK body handles the next step in an individual approval process for a dual-regulated firm. A deposit-taking bank is prudentially supervised by the PRA as well as conduct-supervised by the FCA, and the chief executive role is a PRA-designated senior management function. That means the PRA is the lead body to receive and handle the approval application after the firm has completed its internal fit-and-proper assessment.
The FCA remains relevant to the bank’s conduct supervision, but it is not the lead approval point for this particular role. The Bank of England has wider financial-stability responsibilities, and HM Treasury sets policy and legislation, but neither handles firm-level approval applications for a bank’s chief executive. The closest distractor is the FCA because it co-regulates the bank, but not as lead approver for this role.
The chief executive of a dual-regulated bank is a PRA-designated senior management function, so the PRA is the lead approval body.
Topic: UK Regulatory Infrastructure
While reviewing a draft client-asset control update, a UK investment firm’s compliance analyst notices that the proposed wording is based on new IOSCO recommendations mentioned in an FCA discussion paper. No CASS breach has occurred and no client has complained. What is the best next step?
Best answer: D
What this tests: UK Regulatory Infrastructure
Explanation: The issue is not a live enforcement, breach, or complaint matter. It starts with international standards that may influence future UK requirements, so the correct next step is to route it through regulatory change governance to assess likely UK impact and monitor any FCA response.
The core concept is distinguishing a regulatory-development trigger from a domestic conduct incident. IOSCO is an international standard-setting body, and an FCA discussion paper signals possible future UK policy thinking rather than an immediate rule breach. Because there is no actual CASS failure and no client complaint, the firm should treat this as a horizon-scanning and impact-assessment issue.
A sensible process is to:
The closest distractor is updating client communications immediately, but that skips the necessary UK impact assessment step.
This is a regulatory-development issue with possible cross-border influence, so it should enter the firm’s regulatory change and horizon-scanning process.
Topic: UK Regulatory Infrastructure
A firm has weak oversight and repeated failures to escalate concerns. Staff no longer trust normal line-management reporting. Which support mechanism best provides a protected route for employees to raise the issue?
Best answer: A
What this tests: UK Regulatory Infrastructure
Explanation: Whistleblowing arrangements are specifically designed to let staff raise serious concerns about misconduct or governance failings through a protected channel. Where normal management escalation is not trusted or has failed, this is the most appropriate support mechanism.
The core concept is whistleblowing as a firm-level support mechanism for governance and control failures. In a UK regulatory context, whistleblowing arrangements allow staff to raise concerns about weak oversight, misconduct, poor escalation, or other serious issues to an appropriate level when ordinary reporting lines are ineffective or compromised. That protected route supports a firm’s systems and controls by helping important issues reach senior or independent review. Internal audit may later assess the control environment, but it is not the staff reporting channel itself. The key clue is the need for a protected employee escalation route, not just a control, review, or customer-facing process.
This gives staff a protected channel to report serious concerns when normal management escalation is ineffective or inappropriate.
Topic: UK Regulatory Infrastructure
In UK financial regulation, what is meant by supervision?
Best answer: A
What this tests: UK Regulatory Infrastructure
Explanation: Supervision is the FCA’s or PRA’s ongoing monitoring and engagement with firms. It is aimed at identifying and reducing risk and checking standards, rather than running a formal case or imposing sanctions.
Supervision is the day-to-day regulatory oversight of authorised firms. The FCA or PRA uses it to monitor business models, governance, systems, controls, and customer outcomes, with the aim of identifying issues early and reducing harm. It is different from an investigation, which is a more formal fact-finding process into suspected misconduct or breaches. It is also different from enforcement, which is the regulator’s disciplinary response and may lead to outcomes such as fines, public censures, or prohibitions. Guidance is different again: it helps firms understand how to comply with requirements, but it is not the same as active regulatory oversight. The key distinction is that supervision is continuous monitoring, not formal casework or punishment.
Supervision is the regulator’s continuing oversight activity, focused on monitoring risks and standards rather than investigating or punishing specific breaches.
Topic: UK Regulatory Infrastructure
Which UK body is the correct recipient of an external suspicious activity report when a firm suspects money laundering?
Best answer: C
What this tests: UK Regulatory Infrastructure
Explanation: The correct recipient of an external suspicious activity report is the National Crime Agency. The FCA may supervise a firm’s AML controls, but the formal disclosure of suspected money laundering is made to the NCA.
The core concept is the distinction between AML supervision and AML reporting. When a firm makes an external suspicious activity report because it knows, suspects, or has reasonable grounds to suspect money laundering, that report is made to the National Crime Agency. The NCA receives and analyses SARs as part of the UK’s law-enforcement framework.
The FCA supervises authorised firms’ systems, controls, and conduct, but it is not the normal destination for SARs. HM Treasury has policy and sanctions-related roles, while the Joint Money Laundering Steering Group provides industry guidance rather than handling reports. The key takeaway is that suspicion is reported externally to the NCA, even though other bodies may influence AML rules or supervision.
Suspicious activity reports are submitted to the National Crime Agency, not to the firm’s regulator or an industry guidance body.
Topic: UK Regulatory Infrastructure
A UK deposit-taking bank, authorised by the PRA and regulated by the FCA for conduct, discovers through internal audit that its liquidity monitoring controls have been weak for several weeks. No misleading client communication or complaint is involved. What is the best immediate internal next step for the head of compliance?
Best answer: B
What this tests: UK Regulatory Infrastructure
Explanation: Weak liquidity monitoring at a PRA-authorised bank is mainly a prudential issue because it affects safety and soundness rather than customer communications or complaint handling. The first internal escalation should therefore be through the prudential governance route, using the PRA’s Fundamental Rules as the primary framework.
The core distinction is the purpose of each framework. The PRA’s Fundamental Rules are most relevant where the issue concerns the prudential soundness of a PRA-authorised firm, such as capital, liquidity, governance, or risk controls. Here, the audit finding is about liquidity monitoring at a bank, and the stem gives no conduct trigger such as misleading communications, unsuitable advice, or a customer complaint. That makes the prudential route the right starting point.
The head of compliance should therefore escalate through the bank’s prudential risk and senior management chain and assess the issue first under the PRA framework. The FCA’s Principles for Businesses still apply more broadly and may also matter if the weakness later creates conduct problems, but they are not the most relevant first lens on these facts. The key takeaway is to match prudential issues to the PRA framework and conduct issues to the FCA framework.
This is primarily a prudential safety-and-soundness issue at a PRA-authorised bank, so the PRA framework should lead the initial escalation.
Topic: UK Regulatory Infrastructure
A dual-regulated UK bank is authorised for deposit-taking and dealing as principal. It plans an electronic platform where several external asset managers can enter buying and selling interests in UK corporate bonds and trade with each other under preset, non-discretionary rules. The product head says the bank can launch because all users are professional clients. Which response by the compliance officer best applies integrity and conduct-risk awareness?
Best answer: B
What this tests: UK Regulatory Infrastructure
Explanation: The best response is to stop and check the regulatory perimeter before launch. Bringing together multiple third-party trading interests under fixed rules may require separate FCA authorisation as a trading venue, and client type does not remove that requirement.
The core issue is scope of authorisation. In UK regulation, a firm’s permissions are activity-specific, so being authorised as a bank or for dealing activity does not automatically permit it to operate a market or trading venue. Where a system allows multiple external participants to place buying and selling interests and trade under non-discretionary rules, the compliance officer should treat this as a serious perimeter question and escalate it before launch.
Acting with integrity and professionalism means checking whether the activity needs specific FCA authorisation, recognition, or a variation of permission. The fact that the users are professional clients affects conduct protections, but it does not switch off authorisation requirements. Labels and disclaimers also do not change the substance of the activity.
The key takeaway is that firms must assess what they are actually doing, not rely on status, labels, or assumptions.
A firm acting with integrity should not launch a service that may fall outside its permissions, especially where it could amount to operating a trading venue.
Topic: UK Regulatory Infrastructure
Which UK body considers unresolved complaints from eligible complainants against authorised financial services firms and can require redress on the individual case?
Best answer: C
What this tests: UK Regulatory Infrastructure
Explanation: The Financial Ombudsman Service deals with individual complaints that a firm has not resolved satisfactorily. Its role is dispute resolution and redress, which is different from the FCA’s regulatory role, the FSCS’s compensation role, and HMRC’s tax role.
The core concept is distinguishing a regulator from other UK financial-services bodies. The Financial Ombudsman Service is the body that reviews unresolved complaints from eligible complainants about authorised firms and decides what is fair and reasonable in the specific case. If appropriate, it can require the firm to pay redress.
By contrast, the FCA is a regulator: it authorises, supervises, and enforces rules for firms and markets. The FSCS is a compensation scheme: it may compensate eligible claimants when a firm has failed and protected claims apply. HMRC is the UK tax authority and is not responsible for resolving retail financial-services complaints.
The key takeaway is that complaint adjudication belongs to the ombudsman, not the regulator, compensation scheme, or tax authority.
The Financial Ombudsman Service resolves individual disputes between eligible complainants and firms, rather than regulating firms or paying compensation as a default scheme.
Topic: UK Regulatory Infrastructure
Which term describes a person or firm that may carry on certain regulated activities without direct FCA authorisation because an authorised principal has accepted responsibility for those activities?
Best answer: C
What this tests: UK Regulatory Infrastructure
Explanation: This is an authorisation-scope concept, not a conduct or complaints issue. An appointed representative can carry on certain regulated activities without its own direct authorisation because its principal firm has accepted responsibility.
Under the UK regulatory perimeter, an appointed representative is permitted to carry on certain regulated activities as the representative of an authorised principal. The principal must have the relevant permission and takes regulatory responsibility for the representative’s activities within that scope. That is why the key issue is authorisation and permissions, not complaints handling or conduct classification.
An exempt person is different: it does not need authorisation because of a statutory exemption, not because a principal firm has accepted responsibility. An authorised person has its own direct permission. A certified employee is part of the SM&CR fitness-and-propriety regime and does not obtain permission to carry on regulated activities through a principal.
The closest confusion is the exempt person, but that status does not depend on a principal relationship.
An appointed representative relies on an authorised principal, which accepts regulatory responsibility for the representative’s regulated activities.
Use the CISI UK RPI Practice Test page for the full Securities Prep route, mixed-topic practice, timed mock exams, explanations, and web/mobile app access.
Read the CISI UK RPI guide on SecuritiesMastery.com, then return to Securities Prep for timed practice.