Try 100 free CCC questions across the exam domains, with answers and explanations, then continue in Securities Prep.
This free full-length CCC practice exam includes 100 original Securities Prep questions across the exam domains.
The questions are original Securities Prep practice questions aligned to the exam outline. They are not official exam questions and are not copied from any exam sponsor.
Count note: this page uses the full-length practice count maintained in the Mastery exam catalog. Some exam sponsors publish total questions, scored questions, duration, or unscored/pretest-item rules differently; always confirm exam-day rules with the sponsor.
For concept review before or after this set, use the CCC guide on SecuritiesMastery.com.
Treat this free exam as a compliance-program simulation, not just a score check. After each miss, write down three things: the control area, the owner of the next action, and the evidence that would make the response defensible during a review.
| If your misses look like… | Drill next |
|---|---|
| You identify the issue but pick the wrong owner | Role of compliance, compliance supervision, and governance questions |
| You treat client dissatisfaction as informal service work | Complaint classification and escalation questions |
| You rely on disclosure for every conflict | Conflicts of interest and remediation questions |
| You choose quick closure over documented remediation | Surveillance, reviews, and regulator-interaction questions |
| You run out of time | Mixed timed sets with shorter explanation review after each block |
| Item | Detail |
|---|---|
| Issuer | CSI |
| Exam route | CCC |
| Official exam name | CSI Canadian Compliance Course (CCC) |
| Full-length set on this page | 100 questions |
| Exam time | 180 minutes |
| Topic areas represented | 12 |
| Topic | Approximate official weight | Questions used |
|---|---|---|
| The Role of Compliance | 5% | 5 |
| The Regulators | 13% | 13 |
| Corporate Legislation and Governance | 8% | 8 |
| Financial Condition | 3% | 3 |
| The Compliance Regime | 7% | 7 |
| Key Principles for Compliance Supervision | 9% | 9 |
| Compliance Supervision | 16% | 16 |
| Surveillance and Reviews | 12% | 12 |
| Conflicts of Interest | 10% | 10 |
| Complaints | 7% | 7 |
| Dealing with the Regulators | 6% | 6 |
| Legal Actions | 4% | 4 |
Topic: The Regulators
A portfolio manager that is not a CIRO member routes managed-account trades through an affiliated CIRO dealer and uses the dealer’s operations staff under a service agreement. During a surveillance review, the PM’s CCO finds several post-trade allocation changes affecting PM clients; the changes were made by dealer operations staff, and the PM’s own exception report did not flag them. No complaint has been received, and the relevant records are on the dealer’s system. What is the best compliance response by the PM’s CCO?
Best answer: B
What this tests: The Regulators
Explanation: This issue spans the PM, an affiliated CIRO dealer, shared operations, and a gap in the PM’s own surveillance. The PM cannot outsource accountability for compliance over its client accounts, so the CCO should coordinate a documented response, preserve evidence, escalate promptly, and assess both client impact and any regulatory implications.
This is a cross-organizational regulatory issue because it involves PM clients, an affiliated CIRO dealer’s staff and systems, and a failure in the PM’s own supervisory controls. In that situation, the CCO should not leave the matter in one silo or wait for a complaint. The PM remains responsible for oversight of outsourced or shared functions that affect its registered activity and clients.
A sound response is to:
Treating the issue as only the affiliate’s problem misses the PM’s accountability.
A cross-boundary issue requires coordinated escalation and evidence preservation because the PM remains responsible for compliance over functions affecting its clients.
Topic: Corporate Legislation and Governance
A Canadian portfolio manager has delegated oversight of compliance and conflicts to a board governance committee. Directors say they currently receive full policy binders once a year and informal verbal updates between meetings, but they cannot tell whether issues are increasing, being remediated, or require escalation. Which action best aligns with effective governance oversight?
Best answer: A
What this tests: Corporate Legislation and Governance
Explanation: The best information flow is regular, risk-based, and useful for oversight rather than operational overload. Directors and committees need concise reporting on trends, material issues, remediation progress, and clear escalation points so they can challenge management and monitor whether risks are being addressed.
Effective governance oversight requires information that is timely, synthesized, and tied to oversight decisions. In this scenario, annual policy binders and informal updates do not let the committee see patterns, unresolved issues, or whether management is fixing problems. A scheduled exception-based report from management and compliance gives the committee the right level of information: key metrics, trend analysis, material incidents, complaints or conflict themes, overdue remediation items, and defined triggers for escalation to the board.
This approach supports governance because it:
Raw operational data, breach-only reporting, or a once-a-year attestation each leave the committee either overloaded or underinformed. The key takeaway is that good governance depends on structured, decision-useful information flows, not just more information.
Effective governance oversight depends on regular, decision-useful reporting that highlights risks, trends, unresolved issues, and when escalation is required.
Topic: Dealing with the Regulators
A portfolio manager receives an information request from a provincial securities regulator. The request names the CCO as the firm contact and asks for one consolidated response by Friday. On Wednesday, the CCO reviews the tracker below.
Exhibit: Regulator response tracker
| Request item | SME owner | Reply already sent by | Logged centrally |
|---|---|---|---|
| KYC sample files | Operations | Operations manager | No |
| Trade allocation exceptions | Portfolio management | PM desk head | No |
| Complaint log | Compliance | CCO | Yes |
| Capital calculation | Finance | CFO | No |
Which follow-up is most appropriate?
Best answer: A
What this tests: Dealing with the Regulators
Explanation: The exhibit shows multiple business areas already replying directly to the regulator even though the regulator asked for one consolidated response through the CCO. That indicates fragmented responsibility, so the immediate fix is to centralize further communications and reconcile what has already been sent.
The core issue is governance of regulator responses. When a regulator names one firm contact and requests a consolidated submission, the firm should have one accountable coordinator, clear internal content owners, and a central record of everything provided. Here, Operations, the PM desk head, and the CFO have already communicated directly, and most of those replies were not logged centrally. That creates a real risk of inconsistent statements, duplicate production, and missed follow-up items.
The right response is to keep subject-matter experts involved for content, but route their input through one controlled communication channel and reconcile any materials already sent. A departmental certification process or a rush to meet the deadline does not solve the fragmented-ownership problem.
The key takeaway is that decentralized content support is acceptable, but decentralized regulator communications are not.
The tracker shows fragmented regulator communications despite a single-contact request, so one accountable coordinator should control and reconcile the response.
Topic: The Compliance Regime
A Quebec-registered portfolio manager is preparing to implement a new personal trading surveillance procedure. During a dry run, Compliance learns that portfolio managers think Operations will maintain the restricted list, Operations thinks Compliance will review alerts, and no one has been assigned to escalate breaches or keep the follow-up file. What is the best next step for the CCO before the procedure goes live?
Best answer: A
What this tests: The Compliance Regime
Explanation: The immediate weakness is unclear ownership, not a lack of policy text. An effective compliance regime needs each control step assigned to a specific role so the firm knows who performs it, who reviews it, and who escalates issues.
Responsibility allocation is central because a compliance regime works only when key tasks have clear owners. In this scenario, several functions assume someone else will maintain the restricted list, review alerts, and follow up on breaches. That means the procedure could fail even if it is well written.
The best next step is to assign and document:
This creates accountability, supports testing by the CCO, and helps senior management oversee whether the control is actually operating. Training and approvals are useful, but only after ownership is clear. Going live first would leave a known control gap in place.
Responsibility allocation turns a written procedure into an operating control by making each step accountable and testable.
Topic: Complaints
A mutual fund dealer’s intake policy says a matter is a complaint if a client expresses dissatisfaction about a product, service, or conduct and seeks, or could reasonably be understood to expect, a response or corrective action. Routine administrative requests are not complaints. Based on the exhibit, which follow-up is most appropriate?
Exhibit: Same-day intake log
| Entry | Client message |
|---|---|
| 1 | “Please resend my February statement.” |
| 2 | “My pre-authorized contribution did not go through. Please restart it next month.” |
| 3 | “Your representative switched me into a higher-fee fund series without explaining the fees. Review this and reverse the extra charges.” |
| 4 | “Please update my mailing address before tax slips are mailed.” |
Best answer: C
What this tests: Complaints
Explanation: The only entry that clearly meets the stated complaint definition is the allegation about the representative’s unexplained fund-series switch and the request to reverse charges. The other entries are routine service requests because they seek administrative help, not redress for alleged misconduct or mishandling.
Complaint classification turns on substance, not labels. Here, Entry 3 expresses dissatisfaction with a representative’s conduct and asks the firm to review the matter and reverse charges, so it should be handled under the firm’s complaint procedures. A complaint does not need to arrive as a formal written submission if the client’s message already shows dissatisfaction and an expectation of corrective action.
Those are routine service issues on the facts given because they do not allege wrongdoing, mishandling, or loss requiring redress. The key takeaway is to classify intake items by what the client is actually saying, not by whether the client uses the word “complaint.”
Entry 3 alleges improper conduct and seeks review and fee reversal, so it meets the firm’s complaint definition.
Topic: The Compliance Regime
An exempt market dealer is reviewing whether its KYC exception process properly separates accountability from oversight. Artifact: Supervision procedure excerpt
Based on this excerpt, what is the best supported conclusion?
Best answer: D
What this tests: The Compliance Regime
Explanation: The excerpt places day-to-day KYC exception handling with sales managers, so they are the control owners. Compliance reviews trends and performs sample testing, which are oversight activities rather than operation of the control. Board reporting supports governance, not first-line ownership.
Control ownership belongs to the business area that performs the control, follows up exceptions, and is accountable for timely resolution. In this excerpt, sales managers receive the daily exception report, chase corrections, and certify monthly that issues were resolved or escalated, so they own the KYC completeness control. Compliance has an independent oversight role: reviewing trends, testing samples, and escalating recurring issues to the UDP are second-line activities meant to challenge and monitor the first line without becoming the operator.
The closest trap is treating testing as ownership; testing supports independence only when Compliance is not running the daily control.
The excerpt makes sales managers responsible for operating and certifying the KYC exception process, while Compliance monitors and tests it independently.
Topic: Key Principles for Compliance Supervision
At a portfolio manager, policy requires each high-risk finding to be remediated within 30 days and marked closed only after Compliance validates the fix. On April 20, the CCO reviews the tracker.
Exhibit: Issue tracker snapshot
| Finding | Risk | Due | Status |
|---|---|---|---|
| Trade-review overrides lack rationale | High | Feb 14 | Closed Mar 28 by desk head; same exception reappeared in April sample; no compliance retest |
| Outside activity attestations incomplete | High | Mar 2 | Open; due date extended twice to Apr 30 |
| KYC update gaps | Medium | Apr 12 | Closed Apr 11; compliance retest passed |
What is the best follow-up by the CCO?
Best answer: B
What this tests: Key Principles for Compliance Supervision
Explanation: The exhibit shows weak remediation follow-through on the high-risk items. One was closed late by the business without the required compliance validation and then reappeared, while another has already been extended twice, so the CCO should escalate and insist on independent verification before closure.
Weak follow-up is usually visible in issue aging, unsupported closure, and repeat findings. Here, one high-risk finding missed the firm’s 30-day standard, was marked closed by the desk head even though policy requires Compliance validation, and then reappeared in later testing. The other high-risk finding has been extended twice, which suggests the remediation plan is not being driven to completion effectively. Those facts support escalation, challenge of the action plan, and independent retesting before closure.
A single timely medium-risk closure does not outweigh weak follow-through on higher-risk issues.
High-risk findings were late, repeatedly extended, or closed without required validation, and one reappeared, showing weak follow-through that needs escalation and retesting.
Topic: Compliance Supervision
An exempt market dealer reviews one dealing representative after he sold units of Maple Ridge Solar LP to 11 clients in six weeks. His latest quarterly attestation says he has no outside activity or issuer relationship. During the review, compliance finds:
Which finding is the most important supervision red flag?
Best answer: C
What this tests: Compliance Supervision
Explanation: The issuer title is the key red flag because it suggests the representative may have an undisclosed outside activity and a direct conflict of interest while selling that issuer’s securities. It also conflicts with his attestation, raising an integrity concern that warrants immediate escalation and broader file review.
Risk-based supervision prioritizes issues that can create material client harm, conflicted advice, or concerns about a representative’s honesty. Here, the seminar slide identifying the representative as an executive of the issuer he is selling is far more serious than the administrative deficiencies. It suggests a possible undisclosed outside activity, a direct conflict of interest, and a mismatch with the representative’s attestation.
Compliance should treat that as an escalation item, verify whether the role was disclosed and approved, review affected client files for suitability and disclosure, and assess whether other sales or communications were impacted. Late uploads, outdated branding, and a missing initial still require correction and documentation, but they are typically control weaknesses rather than the clearest sign of potentially conflicted selling. The key takeaway is to prioritize supervision findings that point to client harm and integrity risk over isolated clerical errors.
An apparent executive role with the issuer being sold signals a serious undisclosed conflict and possible false attestation, requiring immediate escalation.
Topic: Legal Actions
A portfolio manager is served with a civil claim from a former client alleging that one advising representative traded outside the client’s written investment mandate. The CCO reviews this artifact:
Draft internal memo
What is the best next action for the CCO?
Best answer: D
What this tests: Legal Actions
Explanation: The memo includes sensible legal steps, such as retaining counsel and preserving records, but it shows a compliance gap. A civil claim alleging representative misconduct should be entered into the firm’s compliance process promptly and assessed for possible broader client impact or control weakness.
When a firm faces a civil claim, it should respond on two tracks at once: legal defence and compliance oversight. In this scenario, retaining counsel, imposing a legal hold, and limiting direct contact with the claimant are appropriate legal-response measures. The problem is waiting for a court loss before logging the matter or reviewing other accounts handled by the same representative.
A legal action can reveal a supervision, conduct, or control issue even before liability is decided. The CCO should ensure the matter is documented in the firm’s issue-management process, escalated internally as appropriate, and reviewed on a risk-based basis to determine whether similar clients may have been affected. That allows timely remediation and evidence-based decision-making without prejudging the lawsuit. Simply defending the claim is not enough if the allegations point to a possible systemic gap.
The allegations may indicate a broader conduct or supervision issue, so the firm should log and investigate the matter now rather than wait for the lawsuit outcome.
Topic: Compliance Supervision
A portfolio manager’s new online onboarding tool approved 60 retail managed accounts even when required KYC fields were blank or copied from a template. Several accounts were funded and trading has begun, but no client complaints have been received. As CCO, which response best aligns with sound Canadian compliance practice?
Best answer: D
What this tests: Compliance Supervision
Explanation: Weak onboarding controls can undermine the firm’s ability to support suitability and fair dealing. The best response is a documented, risk-based review of affected accounts, prompt correction of deficient client information, targeted restrictions where the file cannot be relied on, and clear escalation.
When onboarding controls are unreliable, the issue is more than an administrative defect. Incomplete or templated KYC can mean the firm cannot show that account opening and suitability decisions were based on accurate client information. A prudent Canadian compliance response is to identify the scope of the problem, prioritize higher-risk accounts, remediate the missing or unreliable data, and restrict trading or recommendations where the firm cannot support them. The control failure should also be documented and escalated so senior management can oversee remediation, accountability, and follow-up testing. Waiting for the normal update cycle is too passive, and disclosure does not cure deficient KYC. By contrast, an immediate firm-wide shutdown or external reporting before scoping the issue may be disproportionate on the stated facts.
A documented, risk-based lookback with remediation, targeted restrictions, and escalation best protects clients when onboarding data cannot support suitability.
Topic: The Regulators
A Canadian financial group is assigning training for incoming CCO candidates across affiliates. The firm wants to use the CCC where it is most directly aligned with the affiliate’s registration category.
Exhibit: Affiliate registration plan
| Affiliate | Registration category |
|---|---|
| Northview Advice | Mutual fund dealer |
| Northview Private Markets | Exempt market dealer |
| Northview Portfolio Counsel | Portfolio manager |
| Northview Fund Services | Investment fund manager |
| Northview Education Plans | Scholarship plan dealer |
| Northview Execution | Investment dealer |
Based on the exhibit, which follow-up is best supported?
Best answer: A
What this tests: The Regulators
Explanation: The supported follow-up is to assign the CCC to the five affiliates whose registration categories fall within its core CCO proficiency scope. Those categories are mutual fund dealer, exempt market dealer, portfolio manager, investment fund manager, and scholarship plan dealer.
This item tests whether you can match the CCC to the registered-firm categories it most directly supports. In Canada, the CCC is recognized for individuals seeking to act as Chief Compliance Officer of a mutual fund dealer, exempt market dealer, scholarship plan dealer, investment fund manager, or portfolio manager. Reading the exhibit, five affiliates match that list exactly.
The investment dealer affiliate does not make the CCC the primary fit for that CCO track, so an answer that includes every affiliate is too broad. A common mistake is to treat all dealer categories the same, but the relevant point is the specific registration category, not just the word “dealer.” The best follow-up is to target the affiliates whose categories align with the CCC’s core scope.
CCC is directly aligned with CCO proficiency for those five registration categories, not specifically for the investment dealer affiliate.
Topic: Compliance Supervision
A Canadian exempt market dealer recently expanded from selling a small set of proprietary products through in-person channels to distributing third-party exempt securities nationally using online onboarding and referral arrangements. Its supervision program still focuses on monthly trade blotter reviews and pre-approval of marketing materials, with no targeted reviews of KYC/KYP suitability, referral conflicts, or oversight of the onboarding vendor. Which action best aligns with sound compliance design?
Best answer: D
What this tests: Compliance Supervision
Explanation: The firm’s activities have changed, but its supervision framework still monitors the old business model. The best response is a documented, risk-based redesign of supervision that covers the new products, channels, conflicts, and outsourced functions, with clear accountability and escalation.
A supervision program should match the firm’s actual activities and risks. In this scenario, the exempt market dealer added third-party products, online onboarding, and referral arrangements, but its controls still focus on legacy reviews. That is a design mismatch, not just a frequency issue. Sound Canadian compliance practice is to reassess the business risks, update supervisory procedures to cover the new activity areas, assign responsibility for each control, define how evidence will be documented, and escalate the revised framework to senior management or the board as appropriate. Effective supervision is risk-based and forward-looking. It should address likely sources of client harm and compliance failure before complaints, deficiencies, or regulatory findings occur. Simply doing the old reviews more often, or relying on staff attestations, does not fix missing coverage.
A material change in business activities requires a risk-based update to supervisory coverage, accountability, and evidence.
Topic: Surveillance and Reviews
A registered exempt market dealer’s CCO is preparing a quarterly surveillance report for the UDP and senior management. The firm wants the report to help decision-makers focus on the most important issues, not just activity volume. Based on the exhibit, which interpretation is best supported?
Exhibit: Q2 surveillance summary
| Business line | Alerts reviewed | High-risk exceptions | Repeat exceptions | Open >30 days |
|---|---|---|---|---|
| Corporate issuer offerings | 120 | 1 | 0 | 0 |
| Private funds | 45 | 6 | 4 | 3 |
| Mortgage syndications | 30 | 0 | 0 | 0 |
Best answer: B
What this tests: Surveillance and Reviews
Explanation: The private funds line is the main concern because it has the highest number of high-risk exceptions, the most repeat issues, and the only aged open items. Decision-makers need surveillance reporting that highlights where risk is concentrated and remediation may be lagging, not just where alert volume is highest.
Useful surveillance reporting helps management and oversight bodies decide where to direct attention, escalation, and remediation. In this exhibit, total alerts alone would point to corporate issuer offerings, but that line has almost no serious findings and no aged open issues. The private funds line is more important because the exceptions are higher risk, recurring, and still unresolved after 30 days. That pattern is more consistent with a control weakness or ineffective follow-up. For decision-makers, the most valuable reporting emphasizes severity, repeat findings, aging, trends, and whether remediation is progressing. Raw workload counts are helpful context, but they are not the best indicator of compliance risk. The closest trap is treating the largest alert count as the highest-risk area.
This option correctly focuses on severity, recurrence, and unresolved aging, which are the most decision-useful signals in the exhibit.
Topic: The Regulators
A portfolio manager is registered in Ontario, Alberta, and British Columbia. During a governance meeting, the CCO recommends updating the firm’s conflicts procedures after a new CSA staff notice describes a harmonized regulatory approach across Canadian jurisdictions. One director argues that the CSA is itself the national securities regulator, while another says the notice matters only in Ontario because that is the firm’s principal regulator. What is the best interpretation for the CCO to provide?
Best answer: B
What this tests: The Regulators
Explanation: The CSA promotes harmonized oversight by coordinating Canada’s provincial and territorial securities regulators. A firm registered in several jurisdictions should use a CSA staff notice as a strong compliance baseline, then verify whether any jurisdiction-specific requirements still apply.
The key concept is harmonized oversight. The CSA is not a single national securities regulator; it is the umbrella organization through which provincial and territorial regulators coordinate national instruments, staff notices, and common policy positions. For a firm registered in several jurisdictions, a CSA publication is an important starting point because it signals a coordinated regulatory approach across Canada, but the firm still remains subject to the authority and any local requirements of each jurisdiction where it is registered.
The closest mistake is treating the principal regulator as the only relevant source, which ignores the firm’s obligations in other jurisdictions.
The CSA coordinates harmonized oversight among provincial and territorial regulators, but each jurisdiction keeps its own legal authority.
Topic: Surveillance and Reviews
A portfolio manager’s CCO reviews the monthly exception log below. Based on the artifact, which deficiency is best supported?
Exhibit: Monthly exception log
| Exception | Age/status | Owner | Notes |
|---|---|---|---|
| KYC refresh overdue | Open 90 days | Branch managers | Carry forward; no escalation noted |
| Trade-alert review evidence missing | Marked closed | Supervisors | No closure support attached |
| Client risk-score field missing | Open 120 days | TBD | Appeared in 4 monthly reports |
Best answer: D
What this tests: Surveillance and Reviews
Explanation: The artifact shows the firm is identifying exceptions, but its follow-up process is not controlled. Repeated or aged items are not consistently assigned, escalated, or supported with evidence before closure.
The core concept is that effective exception management is not just about generating a report; it must drive accountable, timely, and documented remediation. In the exhibit, one issue has been open for 120 days with the owner listed as TBD, another is being carried forward at 90 days with no escalation noted, and a third was marked closed without any support attached. Those facts point to the same weakness: the firm can detect exceptions, but it cannot show disciplined follow-up to resolution.
The closest distractor is the claim that surveillance is absent, but the log itself shows surveillance is finding issues.
The log shows detected issues, but follow-up is weak: one item has no owner, one has no escalation, and one lacks closure support.
Topic: The Regulators
A firm registered only as a portfolio manager wants to offer units of a new pooled fund to non-discretionary clients referred by outside planners. Sales has asked compliance to adapt the firm’s existing portfolio manager supervision controls so the launch can proceed this month, but no one has yet determined whether the activity changes the firm’s registration category or creates additional registration requirements. What is the best compliance action?
Best answer: C
What this tests: The Regulators
Explanation: When a proposed activity may place the firm in a different registration category or require another registration, compliance should not move straight to control design. The threshold issue is whether the firm can conduct the activity under its current status, so escalation and legal/regulatory review come first.
Firm-category questions are foundational compliance issues. If a proposed business line may move the firm outside its current registration or add a registration requirement, compliance should escalate that issue before approving supervision, surveillance, or launch plans. In this scenario, a portfolio manager wants to distribute pooled fund units to non-discretionary clients, and the firm has not yet confirmed whether its current registration covers that activity.
The proper sequence is:
Controls cannot fix an activity the firm may not be authorized to conduct, which is why temporary monitoring is not enough.
An unresolved registration-category issue must be escalated and analyzed before the firm approves controls or starts the activity.
Topic: Legal Actions
A registered portfolio management firm is served with a statement of claim from a former client alleging unsuitable recommendations and deficient supervision. The advising representative named in the claim wants to call the claimant immediately, and operations is still following its routine 30-day email deletion cycle. Neither legal counsel nor the firm’s insurer has been notified yet. What is the best next step for the CCO?
Best answer: D
What this tests: Legal Actions
Explanation: When a registered firm is served with a civil claim, the first priority is to control the response and preserve evidence. The CCO should trigger the firm’s legal-action process immediately so counsel, management, and the insurer are involved before anyone contacts the claimant or routine records are destroyed.
The core concept is immediate escalation and preservation once a legal action is received. In this scenario, the firm already has a statement of claim, routine email deletion is still occurring, and front-line staff want to communicate directly with the claimant. That creates legal, evidentiary, and insurance-notice risk if the matter is not centralized right away.
A merits review may still be needed, but it should follow proper escalation and preservation, not come first.
A filed civil claim requires immediate controlled escalation and record preservation before informal contact or delayed review.
Topic: Compliance Supervision
A mutual fund dealer runs a monthly post-trade suitability report that compares each trade to the client information on file, including risk tolerance, investment objectives, time horizon, and net worth. The CCO reviews the following branch summary.
Exhibit:
| Branch | Suitability alerts per 100 trades | New accounts with missing KYC fields | Existing accounts overdue for KYC update |
|---|---|---|---|
| Toronto | 7 | 2% | 4% |
| Calgary | 6 | 3% | 5% |
| Vancouver | 1 | 18% | 22% |
Which follow-up is best supported by the exhibit?
Best answer: A
What this tests: Compliance Supervision
Explanation: Suitability oversight depends on accurate and current client information. Vancouver’s very low alert rate is not reassuring because the same branch has far more missing and stale KYC data, which can weaken both suitability assessments and the surveillance built on them.
The core issue is data quality. Suitability monitoring tests recommendations or trades against the client information recorded in the firm’s systems. If that information is incomplete at account opening or not updated when required, the surveillance output can be misleading. A branch may appear to have fewer suitability issues simply because the monitoring is using weak inputs.
Here, Vancouver has the lowest alert rate but the highest level of missing KYC fields and overdue KYC updates by a wide margin. That combination supports a review of how client information is collected, approved, refreshed, and fed into the monitoring process before anyone treats the low alert rate as evidence of better suitability supervision. Reducing sampling would assume the report is reliable when the exhibit suggests the opposite.
Low suitability alerts are not reliable comfort when the underlying client information is frequently missing or outdated.
Topic: The Role of Compliance
A fast-growing exempt market dealer opens two new sales offices. The CCO receives this draft governance memo.
Artifact: Governance memo excerpt
Which deficiency is best supported by the memo?
Best answer: A
What this tests: The Role of Compliance
Explanation: The main issue is role confusion. A compliance function should advise, monitor, test, and escalate, while business management keeps day-to-day supervisory ownership. By moving approvals and daily file supervision to Compliance and removing sales manager reviews, the memo weakens first-line accountability.
The purpose of the compliance function in a registered firm is to support and assess the firm’s compliance regime through advice, monitoring, testing, escalation, and follow-up. It is not meant to replace business-line management as the owner of routine supervisory controls. In this memo, sales managers are relieved of new account approvals, KYC update approvals, and daily file supervision, and those duties are shifted to Compliance. That creates a control-design problem because compliance is being asked to run the first line instead of independently overseeing it. The memo does include escalation to the UDP, and it expressly keeps dealing representatives responsible for KYC collection and suitability discussions. Quarterly testing may or may not be sufficient depending on the firm’s risks, so that conclusion cannot be drawn from the artifact alone. The key takeaway is that compliance should challenge and monitor supervisory controls, not become the everyday supervisor.
The memo transfers operational approvals and daily supervision from sales management to compliance, blurring independent oversight with line responsibility.
Topic: Corporate Legislation and Governance
The CCO of an investment fund manager incorporated under a provincial corporate statute is preparing for a securities regulator review. During a governance check, the CCO finds the following:
Exhibit: Governance review tracker
| Item | Corporate records | Current evidence |
|---|---|---|
| Signing officer | CFO authorized for regulatory filings | CFO left 5 months ago; COO signed recent filing |
| Business approval | Board resolution required for new business line | CEO email approved a new product line |
| Director changes | Last minute book update 14 months ago | One director resigned 8 months ago |
No corrective resolutions have been passed. Which follow-up is most appropriate?
Best answer: C
What this tests: Corporate Legislation and Governance
Explanation: The exhibit shows that current approvals and signatures do not match the firm’s corporate records. Corporate legislation matters to compliance because it determines who has valid authority to act for the firm and provides the governance evidence regulators expect to see.
Corporate legislation matters to a compliance function because it governs the firm’s legal structure, the appointment of directors and officers, delegation of authority, and the records that evidence valid decisions. In the exhibit, someone not currently authorized in the corporate records signed a filing, a business decision that required board approval was approved informally, and the minute book does not reflect an actual director change. Those are governance and legal-authority issues, not mere housekeeping errors.
A compliance function should escalate promptly so the firm can confirm who is legally authorized to sign, approve, and oversee key matters, and then update resolutions and records. If authority is unclear or improperly documented, the firm may be relying on approvals that are hard to defend in a regulatory review. The closest distractor treats the problem as administrative, but the real issue is the validity and evidence of corporate authority.
These gaps affect legal authority and governance evidence, so they require prompt escalation and formal corporate cleanup.
Topic: Key Principles for Compliance Supervision
A mutual fund dealer’s head office compliance team reviews the following branch-review note for one dealing representative.
Artifact: Branch review note
What is the best next supervisory action?
Best answer: C
What this tests: Key Principles for Compliance Supervision
Explanation: This is more than a note-quality issue. The artifact shows a pattern of potentially unsuitable concentration for older, low-risk clients, combined with weak file support and ineffective first-line supervision, so compliance should respond immediately with focused review and tighter interim controls.
The best response is to treat this as an active client-protection issue requiring prompt supervisory intervention. The concern is not just concentration by itself; it is the combination of older clients, low risk tolerance, repeated recommendations of the same sector fund, boilerplate rationale, and a branch manager approval process with no documented challenge or follow-up. That pattern suggests possible unsuitable recommendations and a gap in first-line supervision.
A simple reminder would be too weak for current client exposure, while immediate external reporting goes beyond what the artifact alone proves.
The artifact shows a live suitability and supervision concern, so immediate targeted review plus temporary tighter approval is the strongest client-protection response.
Topic: Compliance Supervision
An exempt market dealer reviews a two-week sales campaign for a new real estate limited partnership. Compliance finds: one brochure used outdated occupancy data but was withdrawn before any subscriptions; six files had KYC updates entered a few days after signed order forms; one seminar invitation omitted the firm’s full legal name; and one dealing representative placed four retired clients with limited liquid assets into the new product at 55%-70% of investable assets, used near-identical suitability notes in each file, and relied on generic conflict disclosure even though the product paid double the usual commission. What is the best next step for the CCO?
Best answer: A
What this tests: Compliance Supervision
Explanation: The concentrated sales pattern is the most significant compliance weakness because it presents the clearest risk of client harm. A focused supervisory review is the right first response when suitability concerns, copied notes, and conflicted compensation appear together.
In sales-practice oversight, the most urgent issue is usually the one with the greatest potential client harm, not the one that is easiest to fix administratively. Here, the concentrated recommendations to retired clients with limited liquid assets raise suitability and concentration concerns, the near-identical notes suggest weak or non-genuine suitability analysis, and the above-normal commission creates a meaningful conflict that may not have been properly addressed. Those factors together indicate a possible systemic supervision failure in how the product was sold.
The right compliance response is to open an immediate focused review of the affected sales, assess whether clients were harmed, determine whether additional escalation is needed, and decide whether interim restrictions or remediation are warranted. The brochure error, missing firm name, and late KYC entries still matter, but they are secondary compared with a live sales-practice issue involving vulnerable clients and conflicted recommendations.
This addresses the highest-risk weakness because it combines possible unsuitability, excessive concentration, weak rationale, and a heightened compensation conflict.
Topic: Compliance Supervision
An exempt market dealer’s CCO reviews the monthly communications monitoring report. Under firm policy, high-risk communication exceptions are escalated when they suggest broader disclosure or sales-practice weaknesses. Which follow-up is best supported by the exhibit?
Exhibit: Monthly communications monitoring summary
| Business line | Items reviewed | High-risk exceptions | Repeat individuals | Client complaints |
|---|---|---|---|---|
| Private issuer offerings | 18 | 7 | 3 | 1 |
| Mortgage syndications | 32 | 1 | 0 | 0 |
| Exempt fund sales | 26 | 0 | 0 | 0 |
High-risk exceptions include promissory wording, incomplete risk disclosure, and unapproved performance comparisons.
Best answer: C
What this tests: Compliance Supervision
Explanation: Communication controls are central because client-facing materials often reveal misleading claims, disclosure gaps, and other conduct issues before complaint volumes rise. Here, the pattern is concentrated in one business line and involves repeat individuals, which supports targeted supervisory escalation and stronger pre-use review.
Communication monitoring is not just an editing exercise; it is a core supervisory control because it can surface conduct risk early. In this report, private issuer offerings show a much higher rate of high-risk exceptions than the other business lines, and the issues involve three repeat individuals. That combination points to a potential weakness in how the business line is supervised, how disclosure is delivered, or how sales communications are approved.
A low complaint count does not reduce the need to act. Complaints are a lagging indicator, while communication exceptions are often an early-warning signal of broader sales-practice problems. The best follow-up is targeted escalation of that business line and stronger pre-use approval, rather than treating the issues as isolated drafting mistakes.
The concentrated exceptions and repeat individuals in private issuer offerings suggest a broader supervisory problem, not isolated wording mistakes.
Topic: Conflicts of Interest
A registered portfolio manager plans to allocate discretionary client accounts to a new fund managed by an affiliate. The affiliate arrangement will increase the firm’s fee revenue on those assets. The draft launch memo says the conflict will be addressed by adding disclosure to client documents, but it includes no approval, suitability, or monitoring controls. You are the CCO reviewing the rollout for sign-off. What is the best next step?
Best answer: B
What this tests: Conflicts of Interest
Explanation: The affiliate fund creates a material conflict because the firm earns extra revenue when client assets are directed to it. Disclosure alone is not a control; the firm should first put in place safeguards such as approval, suitability parameters, and monitoring, then disclose any remaining conflict.
The key distinction is that disclosure informs clients about a conflict, while control reduces the risk that the conflict will influence firm conduct. In this scenario, the firm has a financial incentive to place discretionary client assets into an affiliated fund, so the CCO should not approve the rollout until the conflict is actually controlled in the client’s best interest.
After those safeguards are in place, the firm should disclose the residual conflict to clients. A post-launch review or leaving the decision to individual advisers is too late and too inconsistent for a firm-level material conflict.
A material affiliate conflict requires concrete pre-launch controls, with disclosure used only for any remaining conflict.
Topic: Dealing with the Regulators
A portfolio manager receives a securities regulator request at 9:30 a.m. for records and explanations by 4:00 p.m. the same day. The CCO reviews the file.
Exhibit: Internal response tracker
What is the best immediate response by the CCO?
Best answer: C
What this tests: Dealing with the Regulators
Explanation: The exhibit shows three immediate problems: no preservation notice, multiple uncoordinated replies, and relevant business communications outside firm systems. The best response is to preserve records promptly, move to one controlled response channel, and communicate transparently with the regulator about timing if needed.
When a regulator requests records on short notice, the priority is controlled, defensible response discipline. Here, the firm has not yet issued a preservation notice, two business areas have already replied separately, and at least one adviser has approved business texts on a personal device. That means the CCO should immediately preserve potentially relevant records, stop fragmented communications, and coordinate one complete response across all repositories.
A sound approach is to:
The tempting “move fastest” approach is to let each area answer on its own, but that increases the risk of inconsistent explanations, missed records, and poor evidence control.
This addresses the missing hold, stops fragmented responses, and manages the short deadline without risking incomplete production.
Topic: Conflicts of Interest
A portfolio manager and its affiliated investment fund manager plan to launch an in-house pooled fund. Advising representatives would receive a higher bonus for placing clients in the affiliated fund than in comparable third-party funds, although the new fund may be suitable for some clients. Which action best aligns with Canadian conflict-management principles?
Best answer: D
What this tests: Conflicts of Interest
Explanation: The best response is to reduce the incentive creating the conflict and add controls that show recommendations are defensible for clients. In Canadian compliance practice, disclosure alone is not enough for a material conflict, and full avoidance is used when the conflict cannot otherwise be addressed fairly.
Material conflicts should be addressed through a practical sequence: identify the conflict, reduce or control it where possible, and avoid it if the firm cannot show the client is being treated fairly. Here, higher compensation for recommending an affiliated fund creates a clear incentive to favour the proprietary product over comparable alternatives.
A strong response includes:
Disclosure can support transparency, but it does not by itself neutralize a strong financial incentive. At the same time, a blanket ban is not always necessary if the product can be recommended appropriately after the conflict has been materially reduced and controlled. The key principle is that the client interest must come before the firm’s sales incentive.
It reduces the source of bias, adds evidence for the recommendation, and avoids the conflict when it cannot be addressed fairly for the client.
Topic: The Compliance Regime
A registered portfolio manager has doubled in size in 18 months. During an internal review, the CCO finds that trade allocation exceptions, personal trading pre-clearance, and KYC update follow-up are being handled through informal team practices, and the policy manual states broad principles only. The manual does not assign control owners, set review frequency, or require prompt escalation of breaches to the UDP. What is the single best action to strengthen the firm’s compliance regime?
Best answer: A
What this tests: The Compliance Regime
Explanation: The firm’s weakness is structural, not just educational. The best response is to formalize the compliance regime with clear written procedures, assigned accountability, defined monitoring, timely escalation, and documented remediation.
The core elements of an effective compliance regime include written policies and procedures, clear allocation of responsibilities, supervision and monitoring, escalation of issues, and documented follow-up. In this scenario, key control activities are being handled informally, and the firm’s manual lacks the operational detail needed to make compliance work consistently. The strongest action is to convert broad principles into specific controls by assigning owners, setting review frequency, defining escalation to the CCO and UDP, and keeping records of breaches and corrective action.
Training, attestations, and outside legal advice can support a compliance program, but they do not replace a properly designed regime. The key point is that an effective regime must be actionable, supervised, and evidenced in practice, not just described at a high level.
An effective compliance regime requires documented procedures, clear responsibility, ongoing monitoring, timely escalation, and evidence of follow-up.
Topic: Surveillance and Reviews
An exempt market dealer is designing surveillance for concentration in illiquid exempt products. The firm’s policy measures concentration by each client’s total exposure to a single issuer, but the proposed report flags only single subscriptions over $100,000 and ignores existing positions and repeat purchases. Internal testing shows most past concentration issues arose through several smaller subscriptions. Before rollout, what is the best next step?
Best answer: D
What this tests: Surveillance and Reviews
Explanation: The main weakness is that the alert logic does not match the risk the firm’s policy is meant to control. Because concentration is defined by total client exposure, the design should be rebuilt and calibrated before the firm relies on it.
Effective surveillance starts with matching the alert logic to the underlying conduct risk and the firm’s own policy standard. Here, the policy is about cumulative client exposure to a single issuer, but the proposed report only looks for one large subscription. That means the report is structurally mis-specified and will predictably miss the very pattern that internal testing has already shown: concentration created through several smaller purchases.
The best next step is to redesign the surveillance before rollout so it:
Manual review, training, or later tuning may help support supervision, but they do not fix a core alert-design flaw.
The alert must measure cumulative issuer exposure, because the current trigger misses the main concentration pattern already identified in testing.
Topic: Complaints
A portfolio manager’s intake policy states: ‘A complaint is any written or verbal expression of dissatisfaction about a product or service where the client reasonably appears to expect a response or corrective action.’ A client emails operations: ‘My transfer took far too long, no one returned my calls, and I want the $150 transfer fee reversed.’ Which action best aligns with sound complaint-classification practice?
Best answer: C
What this tests: Complaints
Explanation: This is more than a routine service issue because the client expresses dissatisfaction and asks for a specific remedy, the $150 fee reversal. Good complaint intake practice is to classify by substance, document it, and route it through the firm’s complaint process.
The key principle is to assess the substance of the communication, not whether the client uses the word “complaint.” Here, the client describes poor service, states dissatisfaction, and asks for corrective action through a fee reversal. That combination makes this a complaint under the firm’s own intake standard, so it should be logged, investigated, and handled through the complaint process.
A routine service issue is typically a neutral administrative request, such as updating contact information or requesting a duplicate statement, without an expression of dissatisfaction or a request for redress. Operations can still work on fixing the transfer problem, but the firm should not bypass complaint documentation and escalation once the complaint elements are present.
The main takeaway is that expected remedy plus dissatisfaction usually means complaint, even when the underlying issue is operational.
The email shows dissatisfaction and seeks a remedy, so it meets the firm’s complaint definition and should enter complaint handling.
Topic: Compliance Supervision
A mutual fund dealer’s compliance team reviews new account files from one branch. Fourteen of 15 accounts opened in the past month show the same KYC profile: balanced growth objective, medium risk tolerance, and a 10-year horizon. In eight files, system logs show the dealing representative changed KYC information after the client e-signature, and the branch manager approved the accounts without documented follow-up. No client has complained. What is the best compliance response?
Best answer: D
What this tests: Compliance Supervision
Explanation: The pattern of identical KYC entries and post-signature changes is a serious account-opening supervision red flag. The best response is an immediate targeted review with independent client confirmation and interim limits on the representative’s new account activity while the firm assesses the extent of the problem.
At account opening, supervision must ensure client information is accurate, complete, and not altered to fit a sales outcome. A cluster of nearly identical KYC profiles can signal form-filling bias or unsuitable standardization, and edits made after client e-signature raise a stronger concern about the integrity of the record itself. Because KYC drives suitability and account approval, compliance should escalate promptly, independently confirm what affected clients actually provided, review the representative’s conduct and the branch manager’s approval process, and use temporary restrictions if needed to protect clients while the review is underway.
Simply repairing documentation later does not resolve whether the original account-opening process was reliable.
This addresses possible KYC manipulation by independently verifying client information and applying interim controls rather than relying on compromised approvals.
Topic: The Regulators
A Canadian financial group is documenting a proficiency matrix for future Chief Compliance Officer appointments. It wants to use the Canadian Compliance Course where it is most directly aligned to the registered-firm categories covered by the syllabus. Which recommendation best aligns with that goal?
Best answer: B
What this tests: The Regulators
Explanation: The CCC is positioned for compliance leadership roles across several Canadian securities-registered firm categories, not for every financial business and not only for dealer firms. The best recommendation is the one that matches the core set of categories most directly tied to the syllabus and CCO proficiency use case.
This question turns on correctly identifying the Canadian registered-firm categories most closely associated with the CCC. In practice, a firm should map training and proficiency to the actual registration category of the entity and the responsibilities of the proposed CCO role. The CCC is broadly relevant to compliance oversight in the securities-registered firm context, especially for portfolio managers, investment fund managers, exempt market dealers, mutual fund dealers, and scholarship plan dealers.
A governance-approved proficiency matrix should therefore distinguish between securities-registered firms that fit this scope and other affiliates, such as insurance or general banking operations, that may need different training paths. The closest distractors either add categories outside this core scope or leave out important firm types that the CCC is designed to support.
This option identifies the main Canadian registered-firm categories for which the CCC is directly relevant to CCO proficiency.
Topic: Compliance Supervision
A portfolio management firm with four regional offices finds that each branch manager supervises account-opening reviews differently. One uses a monthly checklist, one reviews only exceptions, one keeps notes in email, and one retains almost no evidence. A compliance review also found recurring KYC deficiencies in two offices. Which action is the best improvement for the CCO to implement?
Best answer: D
What this tests: Compliance Supervision
Explanation: The best improvement is a firm-wide supervisory framework that sets minimum review steps, documentation expectations, and escalation triggers. That creates consistent branch oversight and comparable evidence of supervision while still allowing more intensive reviews where risk is higher.
When branch or business-line supervision is inconsistent, the core weakness is the lack of a controlled, repeatable process. The strongest response is to establish minimum supervisory activities for all locations, define what evidence must be retained, and set clear escalation and follow-up expectations. The firm can then apply added scrutiny to higher-risk branches, products, or individuals. This aligns with Canadian compliance principles of governance, risk-based supervision, documentation, and accountability. It also makes testing, remediation, and regulator interactions more effective because the firm can show what was reviewed, who reviewed it, and how issues were addressed. Measures that rely only on attestations, training, or summaries may help communication, but they do not by themselves create consistent supervision.
A common supervisory baseline with documentation and escalation rules directly fixes inconsistency while allowing closer oversight of higher-risk areas.
Topic: The Regulators
A new compliance analyst is mapping the firm’s external rule sources for an onboarding memo.
Exhibit: Regulatory snapshot
| Item | Details |
|---|---|
| Firm registrations | Portfolio manager; investment fund manager |
| Registered in | Ontario and British Columbia |
| CIRO membership | None |
| Trade execution | Through an unrelated CIRO member dealer |
Which interpretation is best supported by the exhibit?
Best answer: C
What this tests: The Regulators
Explanation: Canada’s securities regime is primarily provincial and territorial, with the CSA coordinating harmonized instruments rather than acting as a single regulator. Because the firm is not a CIRO member, routing trades through a CIRO dealer does not make CIRO its primary rule source.
The core concept is the layered structure of Canadian securities regulation. Registered firms are directly regulated by provincial and territorial securities regulators under local securities legislation, with harmonized requirements often set through CSA national instruments and related policies. In the exhibit, the firm is registered as a portfolio manager and investment fund manager in Ontario and British Columbia, so its main registration and conduct obligations come from those securities law sources.
CIRO is relevant where a firm is a member or operates in a category subject to CIRO oversight. Here, the firm is not a CIRO member; it simply uses an unrelated CIRO dealer for execution. Federal corporate law may affect incorporation or governance, but it does not replace securities law as the main rule source for registrant conduct. The key distinction is coordination by the CSA versus direct oversight by the actual provincial regulators.
The firm’s registrations are provincial, and using a CIRO dealer does not make a non-member directly subject to CIRO membership rules.
Topic: Conflicts of Interest
An exempt market dealer plans a sales campaign for debentures issued by a real estate company controlled by the dealer’s parent. Representatives would earn an extra 1% on these sales, and the draft client materials emphasize yield but do not disclose the affiliate relationship. The CCO also finds no documented analysis showing why this product would be in clients’ interests compared with similar third-party products. What is the single best compliance response?
Best answer: B
What this tests: Conflicts of Interest
Explanation: The facts point to a material conflict of interest: an affiliated product, higher compensation for selling it, incomplete disclosure, and no evidence that the recommendation process puts clients first. The best response is to stop the campaign until the conflict is properly reduced or controlled and the firm can support the sales process with adequate disclosure and supervision.
A registered firm must identify material conflicts of interest and address them in the clients’ best interests. Here, the affiliate relationship and extra compensation create a strong incentive to favour the parent’s product, while the missing disclosure and missing comparative analysis show that the firm has not yet demonstrated a client-first sales process. The best compliance action is to halt the campaign and remediate before any sales occur. That typically means reassessing the compensation structure, adding clear conflict disclosure, documenting why the product is appropriate relative to alternatives, and setting effective pre-sale supervisory controls. If the conflict cannot be addressed in clients’ best interests, the firm should avoid it rather than rely on disclosure alone. Disclosure helps, but it does not cure a poorly controlled material conflict.
This is a material conflict, so the firm should not proceed until it can show the conflict is properly controlled and clients’ interests come first.
Topic: Compliance Supervision
At a mutual fund dealer, the CCO reviews the following tracker for one dealing representative. No client complaints or client losses are known.
Exhibit: Review tracker
| Review cycle | Files reviewed | Exceptions found | Response after cycle |
|---|---|---|---|
| January | 12 | 3 outdated KYC; 2 weak suitability notes | Verbal coaching |
| April | 12 | 2 outdated KYC; 3 weak suitability notes | Written reminder and checklist |
| July | 12 | 3 outdated KYC; 2 weak suitability notes; 2 seniors | No new action yet |
Based on the exhibit, what is the best supervisory follow-up?
Best answer: B
What this tests: Compliance Supervision
Explanation: The same representative has repeated KYC and suitability deficiencies across three review cycles, despite two prior interventions. That supports a documented escalation to heightened supervision with clear remediation steps and follow-up testing, not more generic training or delay.
Repeated deficiencies in core KYC and suitability duties show that ordinary supervision and informal coaching have not corrected the behaviour. In that situation, the best response is a proportionate but formal escalation: document the pattern, place the representative under heightened supervision, set specific remediation expectations, and test whether the deficiencies actually stop. The fact that two July files involved seniors increases the urgency, even though no complaint or loss has yet been identified.
Firmwide training can support the control environment, but it does not replace targeted supervision of a repeat-deficiency representative.
Repeated KYC and suitability deficiencies after coaching and a written reminder show normal supervision was ineffective and require formal targeted escalation.
Topic: Corporate Legislation and Governance
A registered portfolio manager and investment fund manager is reviewing whether its governance documents support timely escalation of serious compliance issues. The CCO receives this memo excerpt:
Exhibit: Governance memo excerpt
Which next action is best supported by the exhibit?
Best answer: B
What this tests: Corporate Legislation and Governance
Explanation: The exhibit points to a governance information-flow weakness. Material compliance issues are not clearly routed promptly to the board or committee chair, and current documents allow delay or filtering of urgent matters, so the best response is to formalize direct escalation between meetings.
Governance documents should create clear, timely information flows so the board can exercise effective oversight of significant compliance matters. Here, the board gets only quarterly summaries, the compliance committee meets only twice a year, committee minutes do not automatically flow upward, and the CCO’s urgent escalation route goes through the CEO. For a material issue that has already remained unresolved for 10 weeks, that structure can delay or filter critical reporting.
The strongest next action is to revise the board charter, committee terms, or CCO mandate so material compliance issues are escalated directly and promptly to the board chair or compliance committee chair between scheduled meetings. Administrative reporting to the CEO can still be acceptable if direct access for serious matters is preserved. The key takeaway is that oversight depends not just on committee existence, but on documented escalation paths and reliable information flow.
The memo shows a documented information-flow gap because urgent material issues can reach the board only indirectly and may wait for scheduled meetings.
Topic: Complaints
During a branch review at a mutual fund dealer, the CCO sees the following intake log excerpt.
Artifact: Intake log excerpt
What is the best next action?
Best answer: B
What this tests: Complaints
Explanation: A complaint in a compliance program is broader than a formal allegation or legal threat. The fee-reversal email shows dissatisfaction with a firm charge and implicitly expects resolution, so it should be handled as a complaint.
The core issue is complaint classification at intake. A complaint arises when a client expresses dissatisfaction about the firm’s product, service, fee, conduct, or handling of an account and expects a response or remedy. The March 3 email fits that standard because the client challenges a fee and asks for it to be reversed.
The compliance risk here is under-classifying dissatisfaction as ordinary service, which can cause the firm to miss its complaint handling, tracking, and escalation steps.
The email disputes a firm fee and asks for it to be fixed, so it is an expression of dissatisfaction that should enter the complaint process.
Topic: Corporate Legislation and Governance
A Canadian exempt market dealer is registered as a limited partnership. Under its legal structure, the general partner manages the firm, but the compliance manual still says a board approves material conflicts and receives quarterly CCO reports. The CCO finds there is no board at the limited partnership level and no documented delegation from the general partner’s directors. A quarterly report is due next week. What is the best next step?
Best answer: B
What this tests: Corporate Legislation and Governance
Explanation: The issue is not the report itself; it is that the firm’s governance framework does not match its legal structure. In a limited partnership, oversight must rest with the legally authorized governing body, so the CCO should escalate immediately to the general partner’s directors and formalize the reporting authority.
A firm’s governance arrangements must align with its legal form. Here, the registrant is a limited partnership, and the stem states that the LP has no board. That means board-style oversight cannot simply be assumed at the operating entity level; it must sit with the general partner or with a properly documented delegation from the general partner’s authorized body.
The best next step is to escalate the gap to the general partner’s directors, confirm who is authorized to receive the current compliance report and approve conflict matters, and update the firm’s governance documents and reporting lines accordingly. Using an officer informally, waiting for the annual review, or going to external counsel before internal escalation all leave the firm relying on unclear authority. The key takeaway is that governance documents should reflect the firm’s actual legal structure, not a generic corporate template.
Because the firm’s legal structure determines who can exercise governance authority, the CCO should first route oversight to the authorized governing body and formalize it.
Topic: Key Principles for Compliance Supervision
A registered portfolio manager has historically served only pension plans and foundations. It has started onboarding high-net-worth retail clients through a digital process and hired three new advising representatives in another province. In the first two months, compliance testing found a sharp rise in incomplete KYC records and several suitability files that needed rework, but there have been no client complaints. The CCO wants to strengthen supervision without imposing unnecessary controls on the low-risk institutional business; what is the best response?
Best answer: A
What this tests: Key Principles for Compliance Supervision
Explanation: The firm’s risk profile has changed because it added a retail channel, new representatives, and a digital onboarding process, and testing already shows control weakness. The best response is to update the risk assessment and increase targeted supervision over the higher-risk area, rather than waiting for harm or burdening low-risk business lines.
Risk-based supervision should change when the firm’s activities, client base, or control results change. Here, the portfolio manager added a new retail business line, new representatives, and digital onboarding, and compliance testing is already showing KYC and suitability weaknesses. The appropriate control adjustment is to update the firm’s risk assessment and increase the frequency and depth of targeted reviews for that higher-risk area, with clear follow-up on exceptions. That is proportional because it concentrates stronger controls where risk has increased while allowing the lower-risk institutional business to remain under its existing supervisory approach. Waiting for complaints is reactive, and training or attestations alone do not provide enough evidence that the new risk is being controlled.
A changed business mix and early KYC and suitability exceptions call for a documented, risk-based increase in supervision focused on the new retail business.
Topic: Conflicts of Interest
A portfolio manager often places clients in affiliated pooled funds. The welcome package says the firm “may receive fees from related entities.” Two recent complaints say clients did not understand the firm earned fees at both the account and fund level. A supervisory spot check also found advisers usually discuss the conflict after making recommendations, and file notes rarely show the discussion. No suitability issues have yet been identified. What is the best next step for compliance?
Best answer: A
What this tests: Conflicts of Interest
Explanation: Effective conflict disclosure is not proved by handing out a document. Here, client confusion, generic wording, late discussion, and weak file evidence are all signs the disclosure may be incomplete or ineffective, so a targeted review is the right immediate step.
The core issue is whether the conflict disclosure was meaningful, timely, and evidenced, not simply whether some disclosure existed. In this scenario, the wording is generic, clients appear not to understand the dual-fee conflict, advisers discuss it only after recommendations, and files do not reliably document the conversation. Those are strong indicators that the disclosure may not be effective in helping clients make informed decisions.
The better process is to confirm the extent of the weakness first, rather than assume disclosure worked or jump straight to a blanket prohibition.
The facts suggest the disclosure may be too generic, too late, and poorly evidenced, so compliance should validate the scope and cause before setting remediation.
Topic: Dealing with the Regulators
A portfolio manager receives an email from its principal regulator requesting records and explanations about client concentration monitoring over the last six months. Several employees want to contact the regulator directly to explain their decisions, and routine deletion of internal chat messages will occur overnight unless stopped. Which action by the CCO best aligns with prudent response discipline?
Best answer: D
What this tests: Dealing with the Regulators
Explanation: The best response is to preserve potentially relevant records immediately and control who communicates with the regulator. That helps the firm provide complete, reliable information, reduces the risk of inconsistent or speculative statements, and shows an organized good-faith response.
When a regulator makes an inquiry, the firm’s priority is to protect the integrity of the factual record and ensure a coordinated response. Here, potentially relevant evidence may include emails, chats, drafts, and other records related to concentration monitoring, so routine deletion should be stopped immediately. Communications should also be centralized through a designated compliance or legal lead so submissions are accurate, consistent, and documented rather than fragmented across employees.
Responding quickly matters, but uncontrolled speed creates avoidable regulatory risk.
This protects evidence integrity, avoids inconsistent statements, and supports a complete, defensible response.
Topic: The Regulators
A compliance analyst at a portfolio manager finds that the automated restricted-list feed for employee personal trading failed for three weeks. Fourteen employee trades were approved without the intended block, and the same monitoring gap was flagged in writing during the firm’s last provincial securities regulator review. No client harm has yet been confirmed. What is the best next step?
Best answer: D
What this tests: The Regulators
Explanation: A repeat failure in a personal trading control that a regulator previously flagged is more than an isolated operations issue. The firm should immediately escalate it, preserve evidence, assess the scope and impact, and document remediation so it is prepared for likely external questions.
This fact pattern points to likely external scrutiny because the weakness affects a conflict-sensitive control and was already identified in a prior regulator review. That makes the issue a potential sign of ineffective remediation or weak supervision, not just a one-off processing error. The best next step is to escalate promptly, preserve books and records, determine the full scope of affected activity, assess any client impact, and assign documented remediation with accountable owners.
Simply fixing the tool or focusing only on individual trades misses the broader control failure that may matter most to a regulator.
A repeat failure in a conflict-sensitive control previously flagged by a regulator should be handled as a significant, regulator-ready issue.
Topic: Corporate Legislation and Governance
A portfolio manager’s CCO reports to the Head of Business Development. That executive approves the annual compliance testing plan, reviews draft compliance reports before they go to the board, and decides whether issues are escalated to the UDP. After a regulatory review noted weak governance, the board asks for the best corrective action. Which action best aligns with sound Canadian compliance governance?
Best answer: A
What this tests: Corporate Legislation and Governance
Explanation: The governance weakness is that a revenue-focused executive can shape what compliance tests, what directors see, and what gets escalated. Sound Canadian compliance governance calls for independent compliance reporting, direct access to the UDP and board, and the ability to raise material issues without business-line approval.
When a CCO reports through a revenue-generating executive who can approve the testing plan, filter reports, or block escalation, oversight is weakened because the supervised business can influence the compliance function. The strongest corrective action is to give the CCO a direct functional reporting line to the UDP and regular, unfiltered access to the board or a board committee.
The CCO should be able to:
Administrative support can sit elsewhere, but effective governance requires that business management not control the second line’s judgments or communications. Measures that leave escalation or reporting subject to business review may improve process, but they do not fix the core independence problem.
This restores compliance independence by removing business-line control over planning, reporting, and escalation.
Topic: Financial Condition
At a mutual fund dealer, payroll was late twice this quarter and management cut two back-office roles to conserve cash. The firm has not reported a capital deficiency, but trust account reconciliations that internal policy requires daily are now sometimes completed three business days late. As CCO, which follow-up is most appropriate?
Best answer: A
What this tests: Financial Condition
Explanation: When financial stress starts weakening a control tied to client money, the issue is no longer only a finance concern. The best response is a documented, risk-based escalation that assesses the impact on client protection and adds interim supervision until the control is working effectively again.
A financial warning sign becomes a compliance priority when it starts to impair controls that protect clients or support reliable books and records. In this scenario, the key fact is not just late payroll; it is that trust account reconciliations are no longer being performed on time. That creates a current risk to client protection and control effectiveness. The CCO should promptly escalate the issue to appropriate senior oversight, assess the specific risk created by the delayed reconciliations, implement interim measures such as enhanced review or temporary resourcing, and document the analysis, decisions, and follow-up. A prudent Canadian compliance response is risk-based and evidence-driven, not passive. Waiting for a formal capital breach or an actual client loss would be too late.
Financial stress has already weakened a client-protection control, so the CCO should escalate, assess the impact, strengthen supervision, and keep a clear record.
Topic: The Role of Compliance
An exempt market dealer introduced a policy requiring Compliance approval before any revised offering presentation is used with clients. During a fundraising push, the VP Sales told representatives, “Use the new deck now and send it to Compliance later; we cannot miss subscriptions over process.” Branch managers repeated the instruction and stopped checking for approval evidence. The CCO learns the unapproved deck is already being used. What is the best next step?
Best answer: A
What this tests: The Role of Compliance
Explanation: The facts show weak tone from management: a senior business leader told staff to bypass a required control, and supervisors stopped enforcing it. The best next step is to stop the activity, document the override, and escalate it to the UDP with monitored remediation.
Weak tone from management exists when leaders treat compliance requirements as optional, especially to protect sales or fundraising. In this scenario, the VP Sales explicitly told staff to use unapproved material first and deal with compliance later, and branch managers reinforced that message by stopping their follow-up. That is both a culture issue and a supervisory breakdown.
A sound next step is to:
Waiting, trying to bless the conduct after the fact, or disciplining representatives before addressing management conduct misses the main compliance problem.
Management has overridden a required control, so the CCO should contain the risk, document the tone issue, and escalate it through governance immediately.
Topic: Surveillance and Reviews
A portfolio manager uses one concentration-alert report across three advisory teams. The same concentration threshold and escalation criteria apply to every team. In an internal QA check, the CCO found the sampled client files were materially similar and no team had different mandate limits.
Exhibit: Q2 concentration alert tracker
| Reviewer | Alerts reviewed | Escalated | Closed no issue | Closures with written rationale |
|---|---|---|---|---|
| Singh | 20 | 2 | 18 | 19 |
| Roy | 21 | 15 | 6 | 18 |
| Chen | 19 | 3 | 16 | 7 |
What is the best follow-up?
Best answer: C
What this tests: Surveillance and Reviews
Explanation: The exhibit points to inconsistent exception handling, not an overly sensitive alert threshold. Because the same criteria apply and the files were materially similar, the CCO should standardize how alerts are triaged and perform a look-back on closed items.
When the same surveillance threshold and escalation criteria apply, materially different outcomes across reviewers are a control weakness. Here, one reviewer escalated most alerts while two others closed most alerts, and one reviewer also had weak closure documentation. Since QA found the underlying files were materially similar, the variation is not well explained by client differences; it suggests inconsistent reviewer judgment and follow-up.
Raising thresholds, waiting another cycle, or fixing notes alone would not address the underlying inconsistency in exception handling.
Similar files are receiving materially different dispositions, so the firm should standardize exception handling and validate prior closures.
Topic: Dealing with the Regulators
A portfolio manager’s CCO reviews recent information requests from a provincial securities regulator. The firm met every stated deadline.
Exhibit: Regulator request tracker
| Request | Prepared by | Independent review before submission | Regulator follow-up |
|---|---|---|---|
| KYC exception sample | Sales | None | Asked for missing population definition |
| Marketing materials | Marketing | None | None |
| Outside activity list | HR | None | Asked for corrected dates |
| Referral arrangement files | Sales | None | Asked for 3 omitted files |
What is the best follow-up for the CCO?
Best answer: C
What this tests: Dealing with the Regulators
Explanation: The exhibit points to a quality-control weakness, not a timing weakness. Several responses were sent on time but still required regulator follow-up for missing or incorrect information, so the CCO should add centralized compliance review and sign-off before submission.
An effective regulator-response framework is measured by accuracy, completeness, consistency, and clear accountability, not just by whether a deadline was met. In the exhibit, every request was answered on time, but three of four responses triggered follow-up because information was missing or incorrect, and none received independent review before submission. That pattern shows the business units are responding directly without a centralized compliance challenge and sign-off step.
The strongest follow-up is to require compliance to coordinate each response, verify source support, review for completeness and consistency, and retain the final submission record. More reminders would not solve the core issue because timeliness is already working. The key takeaway is that regulator-response governance fails when fast responses are not also reliable.
Repeated follow-up on on-time submissions shows the firm lacks an independent completeness and accuracy review before sending responses.
Topic: The Compliance Regime
An exempt market dealer introduces a monthly review of outstanding know-your-client updates for high-risk clients. After three months, overdue cases remain unresolved because operations assumes dealing representatives will obtain missing information, while the branch manager believes compliance owns all follow-up. The CCO concludes accountability for this process is unclear. Which action best aligns with a durable compliance regime?
Best answer: A
What this tests: The Compliance Regime
Explanation: When a key compliance process lacks clear ownership, the best response is to assign accountability, separate execution from oversight, and document how exceptions are escalated and evidenced. That makes the control repeatable and supportable in supervision, testing, and regulatory review.
In a Canadian registered firm, a key compliance process should have clear ownership, defined supporting roles, and documented evidence. Here, the real weakness is not only the overdue KYC updates; it is that operations, branch supervision, and compliance each have a different view of who must act. The durable fix is to assign first-line responsibility for executing the process, keep compliance in an oversight and challenge role, and set out escalation triggers and records to be retained.
Centralizing execution in compliance, relying on informal coordination, or leaving ownership to whoever notices a problem undermines accountability and weakens control testing.
Clear first-line accountability, with defined compliance oversight and escalation, creates a repeatable control instead of ad hoc follow-up.
Topic: Key Principles for Compliance Supervision
An exempt market dealer begins selling a new real estate limited partnership with a seven-year lock-up. In its first two weeks, one dealing representative accounts for 14 of 18 subscriptions, and post-trade reviews find three files missing evidence that liquidity risk was discussed with first-time exempt market clients. The firm’s normal control is a monthly five-file sample per representative. What is the best next step for the CCO?
Best answer: A
What this tests: Key Principles for Compliance Supervision
Explanation: This situation shows several higher-risk indicators at once: a new illiquid product, concentrated activity by one representative, first-time clients, and early file deficiencies. A risk-based supervision program should respond by increasing the intensity of controls for that specific activity, with documented follow-up.
Risk-based supervision means supervisory intensity should be proportionate to the level of risk. Here, the risk is elevated because the product is illiquid, the sales are concentrated with one dealing representative, the clients are new to the exempt market, and post-trade reviews already show missing evidence of an important suitability discussion. The best next step is to escalate supervision for that representative and product now, rather than wait for harm to occur.
The key takeaway is that stronger controls should be targeted and proportionate, not reactive or indiscriminately firm-wide.
The new illiquid product, concentrated sales, and early documentation gaps justify proportionately stronger, targeted supervision.
Topic: Compliance Supervision
At an exempt market dealer, compliance reviews the following monthly monitoring summary for one dealing representative. All emails were captured by the firm’s archive.
Exhibit: Monitoring summary
| Metric | Count |
|---|---|
| Unapproved client emails sent | 14 |
| Emails using “guaranteed income” wording | 6 |
| Purchases of ABC Mortgage LP within 7 days of those emails | 9 clients |
| Those purchases later flagged for suitability exceptions | 5 clients |
| Complaints alleging returns were “promised” | 2 |
What is the best supported interpretation?
Best answer: D
What this tests: Compliance Supervision
Explanation: This is not just an approval or wording problem. The exhibit links misleading communications to actual sales, later suitability concerns, and complaints, so the firm should treat it as a broader sales-practice and conduct matter and review the impacted accounts.
Communications-review issues usually involve control failures such as missing pre-approval, outdated disclosure, or prohibited wording in marketing materials. A broader conduct issue is indicated when the communication is tied to recommendations, transactions, suitability concerns, or client-impact signals. Here, the same representative used “guaranteed income” language, clients bought the promoted product soon after, several of those accounts were later flagged for suitability exceptions, and complaints say returns were promised. That pattern supports escalation beyond simply correcting templates or retraining on approvals.
If the data showed only unapproved wording with no linked sales or complaint indicators, a communications-only response might be reasonable.
The misleading return language is linked to purchases, suitability flags, and complaints, which goes beyond a communications-control failure.
Topic: Conflicts of Interest
At an exempt market dealer, the ultimate designated person (UDP) is also the founder and largest shareholder. The CCO learns that the UDP personally owns 12% of a private issuer the firm is about to distribute and has told sales management to make the offering a quarterly priority. The firm’s conflicts procedure requires material conflicts involving executive management to be escalated to the board, which includes two directors who are not part of management. What is the best next compliance action?
Best answer: D
What this tests: Conflicts of Interest
Explanation: Because the conflict involves the UDP personally, the CCO should escalate above that individual to the board and remove the UDP from the review. A material conflict driven by senior management must be assessed and controlled in clients’ best interests before the distribution proceeds.
When a material conflict involves senior management, the escalation path should bypass the conflicted person and move to independent governance. Here, the UDP has a direct financial interest in the issuer and is influencing distribution priorities, so the CCO should follow the firm’s procedure and escalate promptly to the board, with the UDP recused from the review. The firm then needs to assess whether the conflict can be properly controlled in clients’ best interests or whether the activity should be restricted or not proceed.
Disclosure can support a control, but it is not a substitute for escalation and governance oversight when the conflicted person is senior and involved in the business decision. The key takeaway is that a senior person’s conflict requires independent review, not informal handling within the normal reporting line.
Because the conflict involves the UDP personally, escalation must bypass that individual and go to the board for independent review before the offering proceeds.
Topic: Surveillance and Reviews
A mutual fund dealer’s quarterly surveillance review of one branch found that 18 of 60 client files lacked evidence of suitability reassessment after leveraged fund switches. The same branch had a similar finding in the prior quarter, and the branch manager did not complete the promised remediation. The draft report places the issue in an appendix as “process inconsistencies” and states in the executive summary that “no material issues were identified.” As CCO, what is the best action?
Best answer: C
What this tests: Surveillance and Reviews
Explanation: The issue is repeated, unresolved, and tied to suitability documentation after leveraged switches, so it raises a material supervisory and client-protection concern. Reporting it as an appendix item with “no material issues” obscures its seriousness; the report should clearly elevate the finding and track remediation.
In compliance reporting, the key question is whether the report accurately conveys the severity of the finding. Here, the issue is recurring, affects a meaningful portion of the files reviewed, involves suitability reassessment, and prior remediation was not completed. Describing it as mere “process inconsistencies” while also saying “no material issues” understates an unresolved supervisory weakness and can mislead senior management or the governing body.
Effective reporting should:
Simply softening the wording or waiting for more evidence still buries a serious finding that already warrants clearer escalation.
Repeated suitability control failures and incomplete remediation should be reported as a significant supervisory issue, not softened in an appendix.
Topic: Surveillance and Reviews
A mutual fund dealer’s branch compliance analyst prepared the exception log below for the CCO before quarter-end. Which deficiency is best supported by the artifact?
Exhibit: Branch exception log (April)
| Exception | Closure note | Follow-up |
|---|---|---|
| 4 concentration alerts | Rep says client wanted higher exposure | Closed; no file recheck |
| 6 trades using KYC older than the firm’s policy limit | Rep says update was discussed by phone | Closed; no note requested |
| 2 high-risk fund switches for seniors | Branch manager is comfortable with rationale | Closed; next review blank |
Best answer: C
What this tests: Surveillance and Reviews
Explanation: The log shows alerts being closed based on verbal explanations or general comfort statements rather than verified review steps. In a sound compliance process, closure should follow documented analysis, evidence gathering, and any needed remediation or follow-up.
The key control in exception handling is not just identifying alerts; it is showing how the firm investigated them before deciding they were resolved. Here, each item is closed even though the notes rely only on a representative’s explanation or a branch manager’s comfort level. The log does not show file testing, requests for supporting notes, suitability review, client contact, remediation steps, or a follow-up date.
That is a classic sign of weak closure discipline: the firm is treating an explanation as proof that the issue is resolved. In practice, recurring problems can be missed when alerts are closed without evidence, root-cause assessment, or tracked corrective action. The strongest conclusion is therefore an inadequate analysis and follow-up process, not a problem with complaint classification or alert calibration.
Each item is marked closed based mainly on explanations, with no evidence of testing, documentation, or tracked remediation.
Topic: The Compliance Regime
An exempt market dealer rolled out a new referral-arrangement policy after an internal review. The policy requires pre-approval, written agreements, and quarterly staff attestations, and staff received training. Six months later, the CCO finds that finance pays referral invoices when received, but no one compares those payments to the approved-arrangements register and there is no documented process to escalate exceptions. What is the best next step?
Best answer: A
What this tests: The Compliance Regime
Explanation: The firm already has a policy, training, and attestations. What is missing is an operating supervisory control that checks actual referral payments against approved arrangements and escalates exceptions. Adding that monitoring step is the most important next step.
A compliance regime is not complete when it stops at policy drafting and employee acknowledgements. In this scenario, the firm has documented requirements and staff awareness, but it lacks a control that tests whether actual activity matches the policy. The key missing element is ongoing monitoring with clear responsibility and documented escalation.
A sound next step is to:
Re-training or waiting for an annual review does not address the immediate control gap, and contacting the regulator before assessing the transactions is premature. The main weakness is execution and follow-up, not policy awareness.
The regime already has policy and training; the missing element is a documented monitoring control with clear ownership and follow-up.
Topic: Legal Actions
At a portfolio manager, a former client’s lawyer sends a written demand alleging unsuitable trades and threatening a civil claim. The adviser named in the letter resigned last week, and the firm’s routine deletion of former employees’ emails is scheduled for tonight. Under the firm’s procedures, the legal-action protocol immediately preserves relevant records and centralizes all external communications through legal counsel. What is the best next step for the CCO?
Best answer: B
What this tests: Legal Actions
Explanation: The best next step is to activate the firm’s legal-action protocol as soon as a credible written threat of civil action is received. That protects relevant records before deletion and ensures the firm’s response is coordinated through legal counsel rather than handled informally.
A written demand from a client’s lawyer creates immediate legal-exposure concerns even before a formal claim is served. In this case, the key risk is loss of potentially relevant evidence because the former adviser’s emails are scheduled for deletion. The CCO should therefore trigger the firm’s legal-action protocol right away so records are preserved and communications are managed through counsel.
This approach helps the firm:
Gathering facts is still important, but it should follow prompt preservation and controlled escalation, not replace them. The closest distractor is the idea of collecting an informal chronology first, but that comes in the wrong order when relevant records may be lost immediately.
A written threat of civil action and imminent record deletion require immediate preservation and controlled escalation.
Topic: Corporate Legislation and Governance
A Canadian portfolio manager has doubled in size over the past year. The CCO reports to the Chief Revenue Officer, who also approves compliance technology spending, and significant client onboarding deficiencies have remained unresolved for six months. The board receives only a one-page annual compliance summary and no remediation dashboard. What is the single best action to strengthen governance over compliance effectiveness?
Best answer: B
What this tests: Corporate Legislation and Governance
Explanation: The key governance weakness is the combination of limited board oversight and a conflicted reporting line for the CCO. An effective governance structure gives the board meaningful, regular compliance reporting and allows the CCO to escalate material issues and resource needs independently.
In a Canadian registered firm, governance should support an effective compliance function through proper oversight, authority, and escalation. Here, the board is receiving minimal information, while the CCO reports through a revenue-focused executive who controls compliance spending. That can impair independence, delay remediation, and prevent the board from understanding whether material deficiencies are being addressed.
The strongest response is to formalize direct access for the CCO to the board or an appropriate board committee and require regular reporting on material issues, remediation status, and compliance resources. This improves the board’s ability to oversee compliance effectiveness and reduces the risk that business pressures will weaken escalation. More testing or better annual summaries may help, but they do not fix the core governance problem of independent, timely oversight.
Direct board access and regular reporting improve board oversight and protect the CCO’s ability to escalate material issues independently.
Topic: Compliance Supervision
A registered portfolio manager has historically managed only one proprietary pooled fund. It is now launching separately managed accounts for retail clients with discretionary authority. During rollout, the CCO finds the supervision manual covers account-opening files and quarterly marketing reviews but has no procedures for trade exception monitoring, mandate-breach review, or escalation for discretionary-account activity. The first client accounts are scheduled to open in three weeks. What is the best next step?
Best answer: B
What this tests: Compliance Supervision
Explanation: A supervision program must fit the firm’s actual business activities. Here, discretionary managed accounts introduce risks that are not covered by the existing framework, so the appropriate next step is to pause the rollout, complete a documented gap assessment, and implement activity-specific supervision before launch.
The core concept is that supervision must be designed around the firm’s real activities and risks, not just legacy procedures. In this scenario, moving from a single pooled fund to discretionary separately managed accounts adds new supervisory needs, including trade exception review, mandate monitoring, and clear escalation responsibilities. Because those controls do not exist, the firm has identified a framework mismatch before clients are onboarded.
A generic reminder, delayed policy update, or post-launch testing does not fix a known supervision gap at the point of rollout.
New discretionary activity creates risks the current framework does not supervise, so the firm should document the gap and implement tailored controls before launch.
Topic: Key Principles for Compliance Supervision
An exempt market dealer’s monthly surveillance report shows that one dealing representative sold the same illiquid offering to 14 clients aged 68 to 81, with positions ranging from 35% to 60% of each client’s investable assets. The firm’s policy requires documented supervisory approval before any illiquid holding exceeds 25%, and none of the files shows that approval. All files contain signed risk acknowledgements, and no complaints have been received. Which action best aligns with fair dealing and prudent supervision?
Best answer: D
What this tests: Key Principles for Compliance Supervision
Explanation: The surveillance results show a current client-protection concern, not just a paperwork gap. Fair dealing and prudent supervision require a prompt, risk-based response to review affected accounts, prevent additional harm, and escalate and document the issue.
In a Canadian registered firm, signed forms do not end the analysis when surveillance reveals a pattern suggesting possible unsuitable or poorly supervised sales. Here, the concern is heightened by three facts: older clients, large concentrations in one illiquid offering, and missing approvals required by the firm’s own policy. That combination calls for immediate supervisory action.
A prudent supervisor addresses both existing client exposure and the control failure that allowed the pattern to occur.
A repeated pattern involving older clients, high concentrations, illiquid products, and missing approvals requires prompt review, interim controls, and escalation.
Topic: Corporate Legislation and Governance
An exempt market dealer is organized as a limited partnership. Its general partner is controlled by the founder, who also controls several issuers the dealer distributes. Approval records are combined across the dealer, the general partner, and the related issuers, and the CCO escalates issues to the founder. Which action best aligns with sound Canadian compliance governance?
Best answer: A
What this tests: Corporate Legislation and Governance
Explanation: The main governance issue is blurred accountability across legally distinct but commonly controlled entities. The best response is to separate authority, records, and escalation so the registered firm can show independent oversight of related-party conflicts.
In a limited partnership structure, the registered dealer acts through its general partner, so common control with distributed issuers creates governance and conflict risk. If approvals and records are combined, it becomes difficult to show which entity made a decision, whose interests were considered, and whether the dealer met its own regulatory obligations. A durable compliance response is to formalize entity-level governance.
Disclosure and outside legal review can support the framework, but they do not replace clear internal accountability and evidence of oversight.
Separate entity-level approvals and escalation address the governance weakness created by common control and overlapping legal entities.
Topic: Surveillance and Reviews
An exempt market dealer has written policies on KYC, suitability, and conflicts, but compliance reviews files only when a dealing representative asks for help. After noticing that two representatives have sold the same high-risk issuer to many clients, the CCO wants to strengthen the firm’s surveillance program. Which action best aligns with the purpose of surveillance within the compliance framework?
Best answer: D
What this tests: Surveillance and Reviews
Explanation: Surveillance is meant to detect higher-risk patterns and exceptions on an ongoing basis so the firm can investigate, escalate, and remediate issues early. A recurring exception report tied to concentration, KYC, and issuer-sale patterns best serves that purpose.
Surveillance is the ongoing, risk-based monitoring layer in a compliance program. Its purpose is not just to confirm that policies exist, but to detect patterns, exceptions, and emerging issues that may not be visible through routine approvals or occasional file reviews. In this scenario, repeated sales of the same high-risk issuer across many clients could indicate suitability, concentration, or conflict concerns, so the strongest response is to build recurring exception reporting with documented investigation and follow-up.
Attestations and complaint handling still matter, but they do not replace surveillance’s core function of early detection and evidence-based follow-up.
Recurring exception reporting with documented investigation helps detect patterns early and supports escalation and remediation.
Topic: Financial Condition
The CCO of an exempt market dealer reviews the month-end summary below. The firm’s policy requires immediate notice to the UDP if excess working capital is negative or payroll source deductions are remitted late. No client complaints or conduct issues were identified in the same period. All amounts are in CAD.
Exhibit: Financial-condition summary
| Metric | April | May | June |
|---|---|---|---|
| Excess working capital | $84,000 | $19,000 | -$12,000 |
| Payables over 60 days | $0 | $8,500 | $41,000 |
| Payroll source deductions | On time | On time | 4 days late |
What is the best compliance follow-up?
Best answer: A
What this tests: Financial Condition
Explanation: The exhibit supports a financial-condition escalation, not a conduct or complaints response. Excess working capital has turned negative, aged payables are rising, and payroll remittances are late, so the CCO should escalate promptly and require a documented remediation plan.
Financial-condition monitoring is meant to detect when a registered firm may struggle to meet obligations or stay in compliance. Here, the trend is worsening, not merely volatile: excess working capital moved from positive to negative, older payables increased sharply, and payroll source deductions were remitted late. Because the firm’s own policy makes either negative excess working capital or late remittances an immediate escalation trigger, the CCO should treat this as a financial-condition issue, notify the UDP promptly, and obtain a documented remediation and follow-up plan.
The closest distractor is the bookkeeping explanation, but this pattern points to real financial stress, not a simple timing error.
Negative excess working capital and late remittances are clear warning signs of financial stress that require immediate escalation.
Topic: The Regulators
A provincial securities regulator emails an exempt market dealer as part of a targeted compliance review. The email requests 10 client files, the firm’s conflicts of interest policy, and a written explanation of how suitability was assessed, with a response due in 10 business days. Several dealing representatives worked on the files. As the firm’s CCO, what is the best next step?
Best answer: B
What this tests: The Regulators
Explanation: The best next step is to centralize the inquiry under compliance and acknowledge it promptly. That approach supports an accurate, complete response and reduces the risk of inconsistent or incomplete communications with the regulator.
When a regulator requests records or explanations, the firm should treat the matter as a controlled compliance process even if the request arrives by email rather than by formal order. The CCO should take ownership of the response, coordinate document collection, verify what will be produced, and manage communications so the regulator receives one consistent submission.
This is usually the sound first step because it protects record integrity and shows the firm is organized and cooperative.
A centralized, compliance-led response helps preserve records and ensures the firm provides a complete, accurate, and consistent submission.
Topic: Key Principles for Compliance Supervision
An exempt market dealer can add enhanced supervision to only one area in Q3. The CCO reviews the Q2 monitoring summary; repeat exceptions are issues also found in Q1.
| Area | Inherent risk | Files reviewed | Exceptions | Repeat exceptions |
|---|---|---|---|---|
| Retail exempt sales | High | 15 | 4 | 3 |
| Accredited investor sales | Medium | 30 | 5 | 1 |
| Marketing approvals | Low | 60 | 6 | 0 |
Based on a risk-based supervision approach, which follow-up is best supported?
Best answer: B
What this tests: Key Principles for Compliance Supervision
Explanation: Risk-based supervision should be strongest where client harm and control weakness are most likely. Retail exempt sales stands out because it is high risk, has 4 exceptions in only 15 files, and shows 3 repeat exceptions, indicating prior remediation may not be working.
Risk-based supervision is not driven by raw exception counts alone. A compliance officer should weigh inherent risk, the proportion of files with exceptions, and whether issues are repeating after they were already identified. In this exhibit, retail exempt sales is the clearest priority because it is the only high-risk area, its exception rate is the highest, and most of its exceptions are repeats from the prior quarter. That combination supports more frequent review, deeper sampling, and targeted testing of whether corrective actions were effective.
The key takeaway is to scale supervisory intensity to both risk level and persistence of problems, not just activity volume.
This area has the highest inherent risk, the highest exception rate, and the most recurring issues, so it warrants more intensive supervisory attention.
Topic: Compliance Supervision
A mutual fund dealer introduced digital onboarding at its North Branch 2 months ago. The branch manager says the team is still adjusting and asks compliance to wait another month before changing controls. Based on the monitoring report, what is the best compliance response?
Exhibit: Monthly onboarding review
| Measure from 30-file sample | Downtown Branch | North Branch |
|---|---|---|
| Missing KYC fields at approval | 1 | 9 |
| Unsigned relationship disclosure | 0 | 6 |
| Accounts traded before approval | 0 | 4 |
| Repeat deficiencies from prior month | 0 | 5 |
Best answer: D
What this tests: Compliance Supervision
Explanation: The exhibit shows more than isolated paperwork errors. Repeated missing KYC information, unsigned disclosures, and accounts traded before approval support treating North Branch onboarding as a control weakness that needs escalation, a lookback review, and interim tighter supervision.
When onboarding monitoring shows repeated deficiencies and some accounts becoming active before approval, the issue is not just advisor learning or document cleanup. It indicates weak supervisory controls over account opening and client information collection. The appropriate compliance response is to escalate the issue, assess potential client impact through a targeted review of affected accounts, and impose a temporary control such as centralized or head-office approval until remediation is working.
This response addresses both investor protection and evidence of effective supervision. Waiting for another sample is too passive because the problem has already repeated, and fixing only one document type misses the broader breakdown. The key takeaway is that weak onboarding controls require immediate containment and verification, not just training or form changes.
Repeat deficiencies and trading before approval show a branch control failure that needs escalation, a lookback, and temporary tighter approval gates.
Topic: Conflicts of Interest
A portfolio manager at a registered portfolio manager tells the Chief Compliance Officer (CCO) that her brother has become the controlling shareholder of a private issuer the firm is researching for client portfolios. She also says she will receive warrants under a separate family investment agreement if the issuer completes its next financing. No recommendation has been made yet. What is the best next step for the CCO?
Best answer: D
What this tests: Conflicts of Interest
Explanation: The portfolio manager has both a related-party connection to the issuer and a personal financial incentive tied to its financing outcome. The CCO should treat this as a conflict immediately, recuse her from the decision process, and assess whether the conflict can be controlled or must be avoided before any client recommendation.
This scenario presents a conflict risk because the portfolio manager’s judgment could be influenced by two linked personal interests: her brother controls the issuer, and she may receive warrants if the issuer completes its financing. In a Canadian registered-firm compliance framework, the proper next step is to identify and assess the conflict before the affected person participates further in the decision.
A sound process is to:
The key point is timing: the firm should address the conflict before the recommendation process is influenced. Committee awareness or later disclosure does not replace early assessment and recusal.
The family relationship and contingent warrants create a clear conflict risk that should be assessed and controlled, with the portfolio manager recused before clients are affected.
Topic: Financial Condition
A registered portfolio manager uses a third-party custodian, but performs daily cash and trade reconciliations internally. The CCO receives the monthly monitoring summary below. The firm still meets its minimum capital requirement.
| Measure | April | May | June |
|---|---|---|---|
| Excess working capital | $420,000 | $180,000 | $95,000 |
| Payables over 60 days | 0 | 3 | 6 |
| Operations vacancy days | 0 | 8 | 27 |
| Unresolved reconciliation breaks over 5 days | 0 | 2 | 6 |
What is the best follow-up?
Best answer: A
What this tests: Financial Condition
Explanation: The exhibit shows more than shrinking capital. Rising aged payables, a prolonged operations vacancy, and increasing unresolved reconciliation breaks indicate that financial stress may already be affecting control effectiveness, so the CCO should escalate and test the impact on client protection now.
This is a warning-signs question, not a minimum-capital filing question. The key compliance point is that deteriorating financial condition can matter before an actual capital breach if it begins to impair staffing, reconciliations, supervision, or other controls that protect clients. Here, the drop in excess working capital is accompanied by more aged payables, longer vacancy periods, and more unresolved reconciliation breaks, which together support concern that core operational controls are weakening.
The appropriate follow-up is to escalate to the UDP and senior management, assess which controls are affected, require documented remediation, and increase monitoring until the risk is stabilized. The closest distractor is waiting for a formal deficiency, but that reacts too late when the data already suggests possible harm to control effectiveness.
The combined trend suggests financial stress may already be weakening key controls, so prompt escalation and documented remediation are needed.
Topic: The Role of Compliance
A Canadian portfolio manager’s CCO receives the following monthly monitoring summary for its discretionary managed account desk.
Exhibit: April monitoring summary
| Metric | March | April |
|---|---|---|
| KYC updates overdue 3e30 days | 2 | 12 |
| Client mandate exceptions | 1 | 7 |
| Trade allocation reviews missing rationale | 0 | 4 |
| Client complaints on account activity | 0 | 2 |
What is the best compliance follow-up?
Best answer: D
What this tests: The Role of Compliance
Explanation: Compliance supports client protection and market integrity by using monitoring results to spot patterns, challenge weak controls, and ensure timely remediation. Here, several indicators worsened at once, so a targeted review with escalation is the strongest risk-based response.
The core concept is that compliance is an oversight and challenge function that helps protect clients and support fair, orderly markets through surveillance, escalation, and follow-up. In this scenario, the same desk shows a sharp increase in overdue KYC, more client mandate exceptions, missing trade allocation rationale, and new complaints. That combination suggests a broader supervision or control weakness, not an isolated error.
A sound compliance response is to:
This is stronger than waiting for confirmed losses, because compliance is meant to be preventive as well as detective.
The exhibit shows a multi-indicator control breakdown, so compliance should investigate, escalate, and verify corrective action.
Topic: Conflicts of Interest
A mutual fund dealer offers proprietary and third-party funds. Senior management proposes a quarterly bonus for dealing representatives and branch managers based only on net sales of the dealer’s proprietary income fund, which generates higher margins than comparable third-party funds. Management suggests adding general disclosure to new account forms. Which action best aligns with Canadian compliance principles?
Best answer: D
What this tests: Conflicts of Interest
Explanation: A bonus tied only to sales of a higher-margin proprietary fund creates a strong incentive to favour that product over comparable alternatives. Because the compensation structure itself can bias recommendations, compliance should treat it as a material conflict, document and escalate it, and redesign or stop it rather than rely on disclosure alone.
Compensation design can itself create a material conflict of interest. Here, the proposed bonus rewards sales of only one higher-margin proprietary fund, even though comparable third-party funds are available. That creates a clear incentive for the firm and its staff to prefer the product that benefits the firm, not necessarily the client. A sound compliance response is to identify the practice as a material conflict, document the analysis, escalate it to appropriate senior management, and redesign or stop the program if it cannot be addressed in the client’s interest.
Training, monitoring, and disclosure may support controls, but they do not cure a compensation structure built to steer recommendations.
A product-specific bonus tied to a higher-margin proprietary fund is a material conflict that should be escalated and removed or significantly reduced.
Topic: Surveillance and Reviews
A registered portfolio manager’s quarterly compliance test reviewed 20 client files from one advising team and found 8 files where KYC changes were recorded after discretionary trades were entered. The same team had similar exceptions in the prior quarter, but the supervising officer responded only with a reminder email and there is no evidence of follow-up testing. No client complaints have been received. What is the CCO’s single best next step?
Best answer: A
What this tests: Surveillance and Reviews
Explanation: This is a review-and-testing issue, not just a documentation issue. Because the same exception recurred and the earlier response was weak, the CCO should expand targeted testing, determine the cause, and ensure remediation is formally escalated and tracked.
Compliance testing should be risk-based and iterative. When a sample shows repeated exceptions in the same area, especially after a prior response that was limited to a reminder email, the issue points to a possible control or supervision failure rather than an isolated mistake. In that situation, the best next step is to expand testing to determine scope, identify the root cause, and assign documented remediation with management accountability. Re-testing should then confirm that the corrective action actually worked. The absence of complaints does not make the issue low risk, because weak controls can still expose clients and the firm to harm. Immediate regulator notification is not the default on these facts; the stronger first step is disciplined internal escalation, remediation, and evidence-based follow-up.
Repeated exceptions and failed prior follow-up indicate a supervisory control weakness that requires broader testing and accountable remediation.
Topic: Conflicts of Interest
An exempt market dealer plans to distribute securities of a private issuer controlled by the dealer’s CEO. If the financing closes above $10 million, the CEO will receive a personal bonus from the issuer, and he has told dealing representatives to make this offering the firm’s top sales priority. The firm has no independent committee or alternate supervisor for related-issuer offerings, and management proposes only enhanced written disclosure in the subscription package. What is the best action for the CCO?
Best answer: C
What this tests: Conflicts of Interest
Explanation: This conflict requires stronger action than disclosure because the firm’s CEO has a direct financial incentive tied to the sale and is influencing registrants’ conduct. With no independent oversight, the firm should halt the activity unless it can materially reduce, avoid, or independently control the conflict.
A registered firm must address material conflicts of interest in the client’s best interest, not simply disclose them and continue as usual. Here, the conflict is severe because the dealer’s CEO personally benefits if the financing succeeds and is actively pressuring representatives to prioritize the sale. That creates a strong risk of biased recommendations and undermines objective supervision. The absence of an independent committee or alternate supervisor makes the control environment even weaker.
In this situation, the better compliance response is to stop the distribution unless the conflict can be meaningfully reduced, avoided, or subjected to credible independent oversight. If that cannot be achieved, the firm should not proceed. Disclosure and client acknowledgments may inform clients, but they do not neutralize conflicted incentives or sales pressure.
The CEO’s personal bonus and sales pressure create a material conflict that disclosure alone cannot cure, so the activity should not proceed unless the conflict is genuinely controlled.
Topic: Complaints
At an exempt market dealer, a client emails the operations inbox: “Your dealing representative told me this note could be redeemed on 30 days’ notice, but I am now told it is locked in for three years. Please review this and make me whole.” The representative says he can call the client and explain. Under the firm’s compliance program, what is the best next step?
Best answer: C
What this tests: Complaints
Explanation: This communication is a complaint based on its substance, not its format. The client alleges a problem with what was communicated, describes resulting harm, and asks the firm to make her whole, so the firm should capture and escalate it through its complaint process immediately.
A complaint in a compliance program is not limited to a formal letter or a threat of legal action. Here, the client clearly expresses dissatisfaction about the representative’s statements, identifies a potential loss or disadvantage, and asks the firm to provide a remedy. That is enough to trigger complaint intake.
Once a communication meets that definition, the firm should record it, preserve the evidence, and route it through its complaint-handling process. That supports consistent acknowledgement, investigation, supervision, and recordkeeping. Leaving the matter with the representative first can weaken oversight and create gaps in the firm’s records. The key point is to assess the substance of the client’s message, not whether it arrived in a special format or has already escalated externally.
The email already meets the definition of a complaint because it expresses dissatisfaction and seeks remediation.
Topic: The Regulators
At a mutual fund dealer subject to CIRO rules, a dealing representative is offered two hockey tickets worth $150 by an investment fund manager whose funds the firm sells. For this scenario, assume provincial securities law requires conflicts to be addressed in the client’s interest, CIRO rules prohibit accepting gifts over $100 from product issuers, and the firm’s outdated policy still allows gifts up to $200 with supervisor approval. Which action by compliance best aligns with Canadian compliance principles?
Best answer: D
What this tests: The Regulators
Explanation: The best action is to follow the highest applicable binding standard and fix the internal control gap. Here, the stated CIRO rule prohibits the gift, securities law reinforces conflict management, and the outdated firm policy cannot permit what an external rule bars.
Compliance obligations come from multiple sources, but they do not carry the same weight. Provincial securities law and applicable CIRO rules are binding external requirements; firm policies are internal controls meant to implement those requirements and may be stricter, but they cannot be weaker. In this scenario, the representative cannot keep a $150 gift because the stated CIRO rule prohibits gifts over $100 from product issuers, and the general securities law conflict standard points the same way.
Relying on the old policy or on disclosure alone would leave the firm non-compliant with an external rule.
A firm policy cannot authorize conduct barred by a binding CIRO rule, so compliance should stop the gift and remediate the policy conflict.
Topic: The Compliance Regime
A portfolio manager has grown quickly and now operates in three provinces. An internal review found onboarding exceptions in KYC updates, marketing approvals, and personal trading attestations because staff assumed another team was handling them. The CCO is redesigning the firm’s compliance regime. Which action best supports effective responsibility allocation?
Best answer: D
What this tests: The Compliance Regime
Explanation: Responsibility allocation is central because a compliance regime only works when obligations are assigned to specific people or functions, with clear oversight and escalation. A documented responsibility matrix reduces gaps, duplication, and the risk that everyone assumes someone else is responsible.
An effective Canadian registered-firm compliance regime depends on more than written policies; it requires clear ownership of each compliance obligation. In this scenario, the failures arose because accountability was unclear. The strongest response is to assign named business owners for key tasks, define compliance oversight, and set out when and how exceptions are escalated.
This helps the firm:
Making the CCO personally approve everything may look strict, but it weakens first-line ownership and can create a bottleneck rather than a durable control framework.
Clear, documented ownership makes each obligation actionable, supervised, and accountable when issues arise.
Topic: Complaints
At a mutual fund dealer, a client emails a branch administrator: “I am upset that my representative switched me into a higher-fee fund series without explaining it. Please reverse the change or reimburse the extra fee. I do not want to make a formal complaint if this can be fixed quickly.” What is the best next step?
Best answer: A
What this tests: Complaints
Explanation: This message should be treated as a complaint because it clearly expresses dissatisfaction and asks for corrective action. The firm’s next step is to log and escalate it through its complaint-handling process rather than rely on the client’s label or wait for more detail.
A client communication should be treated as a complaint when it expresses dissatisfaction about the firm’s or representative’s conduct, product, service, or fees and seeks an explanation, correction, or compensation. Here, the client says she is upset about being moved to a higher-fee fund series without explanation and asks for reversal or reimbursement. That is enough to trigger complaint intake, even though she says she does not want a “formal complaint.” The proper next step is to classify and log the matter promptly and route it under the firm’s complaint procedures so records are preserved and the response is handled consistently. Waiting for informal resolution or for a quantified loss creates avoidable risk and can undermine proper complaint handling.
The client has expressed dissatisfaction and requested remediation, which should be treated as a complaint even without using the word “complaint.”
Topic: The Regulators
An exempt market dealer uses one subscription package for a private placement sold in several provinces. Compliance reviews the first 21 files after launch. The firm’s legal memo states that Saskatchewan and Manitoba require one additional prescribed investor form for this offering.
Exhibit: Review summary
| File group | Result |
|---|---|
| Ontario, Alberta, British Columbia | 12 of 12 files complete |
| Saskatchewan, Manitoba | 7 of 9 files missing the additional local form |
| Back-office processing times | Within internal standard for all 21 files |
| Procedure manual | Refers only to the national package |
Which follow-up is most appropriate?
Best answer: A
What this tests: The Regulators
Explanation: The pattern is tied to provinces with an additional local requirement, while processing times were normal across all files. That supports a regulatory-framework issue: the firm’s procedures did not capture all applicable rule sources for each jurisdiction.
This is fundamentally a regulatory-framework problem, not an operational one. In Canada, registered firms often rely on national instruments and common forms, but some obligations can still vary by province or territory. Here, the exceptions appear only in the provinces where the legal memo says an extra prescribed form is required, and the procedure manual refers only to the national package. That makes the most likely root cause an incomplete mapping of applicable rule sources and jurisdiction-specific requirements.
The right compliance response is to update the procedure manual and subscription package, identify affected files, and complete any remediation needed. Adding staff or searching records may be useful in some situations, but neither addresses a process built on incomplete regulatory requirements.
The exceptions track provinces with an extra legal requirement, and the manual omits that requirement, so the root cause is a regulatory-framework gap.
Topic: The Regulators
A Canadian registered portfolio manager’s marketing team wants to send prospects a deck showing back-tested returns for a new strategy. The deck labels the figures “illustrative” but does not explain the assumptions, limits, or differences from live performance. Which action best aligns with the most relevant Canadian regulatory lens?
Best answer: A
What this tests: The Regulators
Explanation: The main lens is securities regulation because the problem is a client-facing communication that may mislead prospects. Compliance should review the deck against fair-dealing expectations under provincial securities law and CSA guidance, require clearer context, and document the approval decision.
When a registered firm prepares marketing material for prospects, the primary regulatory source is provincial securities law, informed by CSA expectations around fair dealing and communications that are not false, misleading, or unbalanced. Here, the issue is not the existence of performance data itself; it is the presentation of back-tested results without the assumptions, limitations, or a clear distinction from live performance. That makes this first a securities-regulatory communication problem. A sound compliance response is to require balanced disclosure, support for claims, appropriate approval, and a documented review trail.
Governance, privacy, and AML controls may matter in other contexts, but they do not replace the primary securities-law lens for this fact pattern.
The concern is a potentially misleading client-facing communication, so the primary lens is securities-law fair dealing.
Topic: Conflicts of Interest
A mutual fund dealer’s CCO reviews the following branch-review note about recommendations of proprietary funds.
Exhibit: Branch-review note
Which deficiency is best supported by the note?
Best answer: B
What this tests: Conflicts of Interest
Explanation: The note shows the firm disclosed the higher-compensation conflict but did not put real controls around it. For a material conflict, disclosure alone is not enough when the firm can supervise, reduce, or otherwise address the conflict’s impact on clients.
The core issue is the difference between telling clients about a conflict and actually managing it. Here, the branch disclosed that proprietary products may pay higher compensation, and the proprietary funds have current KYP support. But the branch has no pre-trade review, no concentration monitoring, and no compensation offset to reduce the incentive for representatives to favour those funds.
A material conflict should be addressed through substantive controls that support the client’s interest, such as:
The closest distractors either ignore the stated disclosure or overstate the remedy by assuming the products must be banned rather than properly controlled.
The note shows disclosure and current KYP, but no supervisory measures to reduce or monitor the compensation conflict.
Topic: Complaints
A portfolio manager firm’s CCO is testing whether branch staff classify client contacts properly. The review includes this branch-review note.
Artifact: Branch-review note
Client email: "I am upset that my annual fee went up without notice. Please tell me why this happened."
Current coding: Service inquiry
Advisor note: No complaint opened because no reimbursement was requested.
Based on the artifact, what is the best supported next action?
Best answer: D
What this tests: Complaints
Explanation: The client clearly expressed dissatisfaction about a fee-related matter, which is enough to trigger complaint treatment. Complaint classification does not depend on a reimbursement request or special wording, so the intake coding should be corrected immediately.
Complaint intake turns on the substance of the communication, not the label the client uses. A client expression of dissatisfaction about the firm’s products, services, fees, or conduct should be treated as a complaint whether it is oral or written and whether or not the client asks for compensation. Here, the client says they are upset about a fee increase and asks why it happened. The advisor’s note shows the item was excluded only because no reimbursement was requested, which is a complaint-classification control gap. The firm should reclassify the contact, log it through its complaint process, and then investigate the underlying fee issue. Reviewing the fee disclosure may also be appropriate, but that does not replace complaint intake.
The email is an expression of dissatisfaction about a fee-related service issue, so it should be treated as a complaint even without a compensation demand.
Topic: Compliance Supervision
An exempt market dealer uses the same quarterly file-review checklist and the same sample size for each product line. After two quarters, the CCO sees the following:
Exhibit: Monitoring summary
| Product line | Sales mix | Files with exceptions |
|---|---|---|
| Mortgage syndications | 20% | 12 of 20 |
| Real estate LPs | 30% | 3 of 20 |
| Private issuer debt | 50% | 2 of 20 |
Most mortgage syndication exceptions involve client concentration and weak risk-disclosure notes. Which enhancement would best tailor the supervision program to the firm’s risk profile?
Best answer: C
What this tests: Compliance Supervision
Explanation: A supervision program should be risk-based, not uniformly applied when the data show risk is concentrated. Here, mortgage syndications produce far more exceptions than their sales mix suggests, and the issues are specific enough to justify deeper, targeted review.
The core concept is risk-based supervision. When a firm’s monitoring results show that one business line has a much higher exception rate than others, the supervision program should be adjusted to reflect that higher residual risk.
In the exhibit, mortgage syndications account for only 20% of sales, but 12 of 20 reviewed files had exceptions, compared with much lower exception counts in the other lines. The exceptions are also thematically consistent: client concentration and weak risk-disclosure notes. That means the best enhancement is not a generic increase everywhere, but more focused supervision where the evidence shows the problem is concentrated.
The key takeaway is that supervision should be calibrated to actual risk indicators, not just applied evenly for the sake of consistency.
The exception pattern is concentrated and issue-specific in mortgage syndications, so supervision should become more frequent and targeted there.
Topic: Surveillance and Reviews
A mutual fund dealer’s quarterly branch review again finds 8 of 40 client files missing evidence that the branch manager reviewed suitability after a material KYC change, as required by the firm’s procedure. The same finding appeared in the prior two reviews. After the first finding, the CCO sent a reminder email and branch managers confirmed they discussed it with staff, but no new control or follow-up testing was added. What is the best next step?
Best answer: B
What this tests: Surveillance and Reviews
Explanation: Because the weakness has recurred, the earlier reminder-based remediation was not effective. The best next step is a formal remediation approach: identify the root cause, escalate the repeat deficiency, strengthen the control, and test quickly whether the fix works.
Recurring review findings indicate a control-effectiveness problem, not just a training problem. In this scenario, the firm already used a reminder email and management discussion, yet the same deficiency appeared again. That means the response was too weak or aimed at the wrong cause. The appropriate next step is to treat the issue as a repeated supervisory weakness and move to structured remediation.
Simply restating expectations or delaying action does not show effective remediation.
Repeated findings show the prior remediation failed, so the firm needs root-cause analysis, stronger controls, escalation, and prompt retesting.
Topic: The Compliance Regime
At a Canadian exempt market dealer, a quarterly control review followed two suitability breaches found in post-trade testing. Firm policy says Sales management performs suitability supervision and Compliance conducts independent testing.
Exhibit: Control review tracker
| Control | Policy role | Named owner | Q2 status | Comment |
|---|---|---|---|---|
| Pre-trade concentration exception review | Sales management | None | Not operating | Both teams assumed the other owned it |
| Monthly post-trade suitability testing | Compliance | CCO | Operating | Exceptions reported |
| Weekly escalation of exceptions | Sales management | Regional manager | Operating | Sent to UDP |
What is the best follow-up?
Best answer: C
What this tests: The Compliance Regime
Explanation: The exhibit shows more than a simple exception: a key pre-trade control is not operating because no business owner was assigned. The right response is to restore clear first-line accountability in Sales management and have Compliance independently verify remediation.
This is a control-ownership gap. The pre-trade concentration exception review is a business-line supervisory control, the policy already assigns that role to Sales management, and the tracker shows it is not operating because both teams assumed the other owned it. In a registered firm, Compliance should challenge, monitor, and test controls, but it should not become the permanent first-line operator of a business control just because ownership was unclear.
The practical response is to:
The closest distraction is shifting the control to Compliance, but that weakens the separation between business supervision and independent oversight.
The exhibit shows an unowned first-line supervisory control, so Sales management should own it while Compliance independently validates the fix.
Topic: Legal Actions
A portfolio manager has been served with a civil claim by a former client alleging unsuitable discretionary trading. Before outside counsel is engaged, the advising representative’s supervisor asks staff to send him only their “cleaned-up” notes so he can prepare one consistent narrative. No litigation hold has been issued, and the same client file is also subject to an outstanding provincial securities regulator information request. As CCO, what is the best immediate response?
Best answer: C
What this tests: Legal Actions
Explanation: The firm’s position is already being weakened because staff are being asked for “cleaned-up” notes and no preservation hold exists. The best response is immediate counsel-led escalation with document preservation and controlled, coordinated handling of both the civil and regulatory matters.
Once a legal action starts, the firm’s response process must preserve records, protect the integrity of evidence, and control communications. Asking staff for “cleaned-up” notes or a single aligned narrative is a warning sign because it can look like file reconstruction rather than objective fact gathering. That risk is even greater when the same client file is also under review by a provincial securities regulator.
The CCO should move the matter into a controlled process immediately: involve legal counsel, issue a document-preservation or litigation hold, instruct staff not to alter or refine records, and coordinate the civil and regulatory responses from the same factual record. This helps the firm avoid inconsistent explanations and protects its position. Notifying the insurer may also be necessary, but it does not replace immediate preservation and escalation.
A counsel-led, preservation-focused response is needed immediately because cleaned-up notes and uncoordinated handling can damage evidence and create inconsistent responses.
Topic: Dealing with the Regulators
A portfolio manager receives an email at 4:15 p.m. from its principal regulator requesting records and an explanation by 11:00 a.m. the next day. The CCO reviews this internal note:
Based on this artifact, what is the best next action?
Best answer: C
What this tests: Dealing with the Regulators
Explanation: The artifact shows two clear control failures: ad hoc desk-level contact with the regulator and planned deletion of drafts during an active request. The best response is to centralize the production under compliance, preserve potentially relevant records, and promptly confirm scope or timing if needed.
When a regulator seeks records or explanations on short notice, the firm should respond with discipline, not speed alone. Compliance should coordinate collection, control communications, and ensure the response is complete, accurate, and consistent with the regulator’s request. Once the request is live, potentially relevant records should be preserved, including drafts and related materials that may help explain the firm’s actions or demonstrate what existed at the time.
Allowing desks to respond directly creates inconsistency and weakens oversight. Sending only part of what was requested is usually inferior to promptly discussing scope or timing with the regulator. Deleting drafts to “reduce confusion” is a serious preservation error. The key takeaway is to centralize, preserve, and communicate promptly rather than improvise.
A short-notice regulatory request requires a controlled, centralized response and immediate preservation of potentially relevant records.
Topic: Surveillance and Reviews
A registered portfolio manager historically ran buy-and-hold mandates but launched a weekly tactical model six months ago. The CCO reviews this surveillance dashboard excerpt.
Exhibit:
defer until annual reviewBased on the artifact, what is the best next action for the CCO?
Best answer: A
What this tests: Surveillance and Reviews
Explanation: An effective surveillance program is risk-based and should reflect the firm’s current activities. Because the firm added a weekly trading model but has no trade-frequency surveillance for it, the clearest immediate action is to implement and document alert logic for that new risk.
The core issue is alignment between surveillance and the firm’s actual business model. A firm that historically used buy-and-hold mandates has introduced a weekly tactical strategy, which changes the transaction pattern and creates a need for surveillance logic that can identify unusual or problematic trading activity in that context. The artifact shows a clear gap: trade-frequency surveillance is not configured and has been deferred.
An effective surveillance program should:
Existing reviews of price overrides do not fix a missing control, and zero concentration alerts do not by themselves prove that threshold is wrong. The key takeaway is that new business activity should trigger prompt surveillance design or recalibration, not delay.
An effective surveillance program must be updated for new business risks, and the artifact shows no alert logic for the firm’s new trading pattern.
Topic: Compliance Supervision
A registered exempt market dealer operates a branch office with one supervising officer and four dealing representatives. During a branch review, the CCO finds two recent client files that used an obsolete KYC form, even though head office replaced the form 3 months earlier. The supervising officer says the change was covered in a webinar, but attendance was not tracked and there is no record of who completed the training. No client complaint or loss has been identified. What is the single best compliance action?
Best answer: A
What this tests: Compliance Supervision
Explanation: The issue is not only the obsolete form; it is also the lack of evidence that affected staff were trained and supervised after the change. The best response is targeted retraining with documented completion, plus a review of recent branch files to determine whether the weakness is isolated or systemic.
When errors appear after a process change, compliance should assess both training effectiveness and evidence of supervision. Here, the branch cannot show who attended the webinar or who understood the new KYC requirement, so the firm lacks defensible evidence that the control was properly implemented. A risk-based response should both remediate the immediate gap and test for wider impact.
Simply redistributing the form or focusing only on the two identified representatives would not adequately address the broader supervisory weakness.
This best addresses both the training gap and the missing evidence of supervision while checking whether the issue extends beyond the two files found.
Topic: Complaints
A portfolio manager’s complaint procedure states that if 3 or more complaints with a common cause occur in one quarter, Compliance must escalate the trend to the UDP, document a root-cause review, assign a remediation owner, and assess whether other clients may be affected. The CCO reviews the following Q2 complaint tracker.
| Date | Complaint summary | Remedy | Trend action |
|---|---|---|---|
| Apr 8 | Advisory fee not clear in onboarding package | Fee reversed | Closed; none |
| May 12 | Same fee-disclosure concern after account opening | Fee reversed | Closed; none |
| Jun 3 | Fee schedule in welcome kit unclear | Fee reversed | Closed; none |
| Jun 25 | Joint account client surprised by same advisory fee | Fee reversed | Closed; none |
Based on the procedure and tracker, what is the best next action for the CCO?
Best answer: A
What this tests: Complaints
Explanation: The tracker shows four similar fee-disclosure complaints in one quarter and no documented trend action. Under the firm’s stated procedure, that requires escalation, a root-cause review, assigned remediation, and assessment of broader client impact rather than simply closing the files after refunds.
Complaint remediation is broader than resolving each client file. When a complaint log shows repeated complaints with a common cause, Compliance should determine whether a systemic weakness exists and document corrective action. Here, the tracker shows four similar fee-disclosure complaints in Q2, and every entry says “Closed; none” for trend action. That means the firm addressed individual client harm but did not evidence the steps its own procedure requires: escalation to the UDP, a root-cause review, a remediation owner, and a check for other affected clients.
The appropriate response is to treat the pattern as a common-cause issue and launch documented remediation. Refunds alone do not address possible ongoing harm, control weakness, or the firm’s complaint-remediation recordkeeping obligations.
Four similar complaints in one quarter with no trend action trigger the firm’s required escalation, root-cause review, and broader client-impact assessment.
Topic: Dealing with the Regulators
A portfolio manager receives an email from its provincial securities regulator requesting trading records, client communications, and supervisory notes for one advising representative over the last 18 months. The email states that the inquiry relates to a specific client complaint and instructs the firm to preserve all relevant records. The branch supervisor says he can send the files directly because he knows the account best. What is the best next step?
Best answer: A
What this tests: Dealing with the Regulators
Explanation: This inquiry should be treated as a heightened regulatory matter because it is tied to a specific complaint and expressly requires preservation of records. The firm should immediately centralize the response through the CCO and ensure relevant records are preserved before any collection, review, or production begins.
The core concept is response discipline when a regulator inquiry signals elevated risk. A targeted request linked to a client complaint, combined with an instruction to preserve records, should trigger the firm’s formal regulatory-response process rather than an informal business-unit reply.
The appropriate next step is to centralize the response under the CCO, issue a document hold on potentially relevant records, and control how information is gathered and communicated. That helps the firm preserve evidence, avoid inconsistent statements, and maintain a defensible record of what was collected and produced. Business staff may help locate documents, but they should not respond independently or start “fixing” files first. Waiting for a more formal notice is also inappropriate because the preservation instruction already calls for heightened escalation.
The key takeaway is to preserve and control first, then collect and respond.
A targeted regulator inquiry with an express preservation instruction requires immediate centralized escalation and a records hold.
Topic: Compliance Supervision
A portfolio manager requires branch supervisors to submit monthly attestations confirming that KYC changes, personal trading exceptions, and high-risk client files were reviewed. During compliance testing, the CCO finds that one supervisor signed three monthly attestations but cannot produce logs, notes, or evidence of follow-up for that period. The supervisor says the reviews were completed but not documented. Which action best aligns with sound Canadian compliance practice?
Best answer: B
What this tests: Compliance Supervision
Explanation: The best response is to treat the unsupported attestation as a supervision exception, not just a paperwork issue. The firm should verify whether the required reviews actually occurred, document the results, and escalate or remediate based on the risk and findings.
Supervisory attestations are useful only if the firm can reasonably support them with evidence. When evidence is missing, compliance should not rely on the signature alone. A prudent response is to perform a risk-based review of the affected period and activities, determine whether required supervision actually occurred, assess whether any client-risk issues or unresolved exceptions exist, and document the work performed and conclusions reached. If the gap is confirmed or appears systemic, it should be escalated to the appropriate compliance or management level and remediated. This approach addresses both the possible supervision failure and the recordkeeping weakness while creating a defensible audit trail. Simply accepting the explanation or replacing the form would leave the firm unable to demonstrate effective supervision.
An attestation without evidence is insufficient, so the firm should verify the supervision through a documented, risk-based review and escalate any confirmed gap.
Topic: The Regulators
A mutual fund dealer that is a CIRO member discovers that one dealing representative has been accepting client instructions through personal text messages for six months. No client loss has been identified, but 18 client accounts may be affected, and the messages were not captured in the firm’s records. Which action by the CCO best aligns with CIRO’s role in registered-firm oversight?
Best answer: B
What this tests: The Regulators
Explanation: For a CIRO member, CIRO is directly relevant to the firm’s conduct and supervision obligations. A repeated off-channel communication issue calls for prompt containment, documented review, escalation, remediation, and any required reporting rather than a passive or purely internal response.
CIRO’s role for a member firm is ongoing oversight of conduct, supervision, and compliance, not just periodic examinations. In this scenario, the problem involves unapproved communication methods, incomplete firm records, and possible impact across multiple client accounts. A sound compliance response is to stop the conduct, preserve evidence, assess the scope of affected accounts and any client harm, escalate the matter to appropriate senior management, and document remediation steps. If the firm’s analysis shows that a report to CIRO is required, it should be made accurately and promptly. This reflects durable Canadian compliance principles: risk-based supervision, proper documentation, escalation, and prudent regulator readiness. The training-only approach is the closest distractor, but it is too weak for a repeated control failure affecting multiple accounts.
Because CIRO oversees conduct and supervision of its member firms, the strongest response is prompt containment, documented review, internal escalation, and any required reporting.
Topic: The Role of Compliance
An exempt market dealer’s CCO identifies repeated KYC documentation failures in its top-producing sales team. At the quarterly management meeting, the CEO says the team is “too important to slow down,” tells the CCO to keep the issue out of the board package until after the next capital raise, and asks operations to clear the backlog without further escalation. The firm updated its policies this year and delivered annual compliance training last month. Which interpretation is most accurate?
Best answer: D
What this tests: The Role of Compliance
Explanation: Weak tone from management is shown when leaders minimize, delay, or suppress escalation of known compliance problems for business reasons. Here, the CEO is prioritizing sales and fundraising over transparent board reporting and independent compliance escalation.
Tone from management is assessed by what leaders reward, tolerate, and escalate. In this scenario, the decisive fact is not just that KYC failures occurred; it is that the CEO wants the issue kept out of the board package until after a capital raise and wants the backlog cleared without further escalation. That behaviour undermines the compliance function, limits board oversight, and signals that commercial objectives take priority over addressing a known control weakness. A firm can have current policies and recent training and still have a poor compliance culture if leadership discourages challenge or delays remediation for revenue-related reasons.
The key takeaway is that weak tone is revealed by leadership behaviour, not by the mere existence of a compliance breach.
Directing the CCO to hide a repeated control failure from the board shows business priorities are overriding compliance oversight.
Topic: Key Principles for Compliance Supervision
A portfolio manager has two adviser teams. Team Stable serves long-standing discretionary clients using plain-vanilla ETF strategies and has had no material compliance exceptions for two years. Team Launch was created six months ago, onboards clients remotely, uses more complex permitted strategies, and had repeated KYC documentation deficiencies last quarter. The CCO is reallocating supervisory resources for the next quarter. Which action best aligns with risk-based supervision?
Best answer: B
What this tests: Key Principles for Compliance Supervision
Explanation: Risk-based supervision means control intensity should rise where inherent risk and observed control weaknesses are higher. A newer team with remote onboarding, more complex strategies, and repeated KYC deficiencies warrants deeper and more frequent review, with the rationale documented.
The core principle is proportionality: supervision should be calibrated to the level of risk, not spread evenly without regard to facts. In this scenario, Team Launch presents several clear risk indicators at once: it is new, uses more complex strategies, relies on remote onboarding, and has already shown repeated KYC documentation problems. Those facts support increasing the depth and frequency of monitoring for that team.
A sound compliance response is to target resources where client harm, control failure, or supervisory gaps are more likely, while maintaining baseline oversight of the lower-risk team. Documenting the reasons for the enhanced review is also important, because it shows the firm is using a thoughtful, defensible risk-based approach rather than acting arbitrarily. Training may help, but it does not replace enhanced monitoring when risk indicators are already present.
Higher-risk activity and recent deficiencies justify more intensive, documented supervision than lower-risk areas.
Topic: Key Principles for Compliance Supervision
An exempt market dealer recently launched an illiquid note that pays a higher commission than the firm’s other products. Three dealing representatives account for most sales, and the latest surveillance report shows rising concentration exceptions and more suitability overrides in accounts holding that note; other product lines remain stable and there have been no complaints. The CCO is updating the supervision plan. What is the best next step?
Best answer: B
What this tests: Key Principles for Compliance Supervision
Explanation: Risk-based supervision means adjusting oversight to the areas showing the greatest current risk, using evidence such as exception trends and product features. Here, the higher-risk note and the small group of representatives selling it warrant targeted enhanced supervision and documented follow-up.
In practice, a risk-based approach does not mean supervising every activity the same way. It means using available risk indicators to decide where to increase the depth, frequency, or scope of review. In this scenario, the product is illiquid, pays higher commissions, and is linked to rising concentration exceptions and suitability overrides. Those facts point to elevated client and conduct risk in a defined part of the business.
The best next step is to focus supervision on that product and the representatives selling it, while documenting the reasons for the change in approach. That is proportionate and evidence-based. Waiting for a complaint is too reactive, and imposing firm-wide enhanced reviews ignores proportionality. A full sales stop could be justified later if the targeted review shows serious immediate harm, but it is premature as the first response on these facts.
The key takeaway is that risk-based supervision directs resources where risk indicators are highest, not uniformly or only after harm appears.
A risk-based approach concentrates supervisory effort where current evidence shows higher client and conduct risk, with documented rationale.
Topic: The Regulators
A mutual fund dealer’s CCO reviews the monthly oversight summary below. The firm is a CIRO member, and clients have CIPF protection only if member insolvency causes a shortfall in client property. Which interpretation is best supported?
Exhibit:
| Item | Observation |
|---|---|
| Excess working capital | Above minimum, but declining for 3 months |
| Branch complaints | 6 complaints about unsuitable leverage recommendations |
| Client inquiries | 4 ask whether CIPF covers investment losses |
| Insolvency or client property shortfall | None identified |
Best answer: B
What this tests: The Regulators
Explanation: The exhibit points to a conduct problem: repeated complaints about unsuitable leverage recommendations. It also says there is no insolvency or client property shortfall, so CIPF is not the body that addresses this issue or ordinary investment losses.
The key distinction is between conduct oversight and compensation protection. A conduct regulator and the firm’s compliance function deal with client-facing misconduct such as suitability, supervision, complaint handling, and sales practices. A compensation-protection body such as CIPF is not a misconduct forum and does not cover normal market losses; it becomes relevant when a member firm’s insolvency leaves a shortfall in client property.
Here, the strongest signal is the concentration of unsuitable leverage complaints at one branch. The declining capital trend may warrant monitoring, but the exhibit expressly says capital is still above minimum and no insolvency or client property shortfall exists. That makes the supported interpretation a conduct issue requiring compliance attention, not a CIPF matter.
The main takeaway is not to confuse investor protection against insolvency with regulation of sales conduct.
The exhibit shows a supervision and suitability concern, while it also states there is no insolvency or client property shortfall to trigger CIPF relevance.
Topic: Surveillance and Reviews
An exempt market dealer has shifted heavily into mortgage syndications over the last six months. The CCO reviews the summary below to decide whether surveillance coverage still matches the firm’s risks.
Exhibit:
| Business line | % of new client assets | Recent indicators | Current surveillance |
|---|---|---|---|
| Mortgage syndications | 62% | 18 concentration alerts; 4 suitability escalations | Annual thematic review |
| Private issuer shares | 23% | 3 KYC documentation exceptions | Quarterly file review |
| Short-term exempt debt | 15% | 1 minor exception | Monthly concentration review |
Which follow-up is most appropriate?
Best answer: B
What this tests: Surveillance and Reviews
Explanation: The exhibit shows a clear mismatch between risk and coverage. Mortgage syndications account for most new client assets and most recent alerts, yet they receive only an annual review, so the surveillance program should be recalibrated with more frequent, targeted monitoring.
Risk-based surveillance should follow the firm’s current areas of highest conduct and client risk. Here, mortgage syndications represent 62% of new client assets and generate far more concentration and suitability indicators than the other lines, but the current coverage is only an annual thematic review. That means the firm’s surveillance frequency and focus no longer match where the main risk sits.
The key point is to adjust surveillance where the data show elevated risk, not to wait for a confirmed breach or monitor every line the same way.
That line now drives both sales activity and risk indicators, so risk-based surveillance should be strengthened there rather than left to an annual review.
Topic: Corporate Legislation and Governance
A portfolio manager that is a wholly owned subsidiary of a holding company is preparing for a regulatory review. The CCO reads the following memo.
Artifact: Governance memo excerpt
Which governance deficiency is best supported by the memo?
Best answer: A
What this tests: Corporate Legislation and Governance
Explanation: The strongest issue is entity-level governance. A registered firm can be part of a corporate group and can use affiliates, but its own board still needs direct information and meaningful oversight of the legal entity.
This memo points to a governance gap created by the firm’s legal structure. The registered subsidiary appears to be relying on parent-level governance instead of exercising its own board oversight: the board is only ratifying decisions already made by the parent, the CCO’s reporting is filtered through the parent CFO, and affiliate shared services are not governed through a formal arrangement with reporting to the subsidiary board. In a Canadian registered-firm context, a parent company may influence strategy and affiliates may provide services, but accountability for the registered entity cannot be blurred. The subsidiary board should receive direct compliance reporting, oversee key outsourced or affiliate functions, and make documented decisions for the legal entity itself. The key takeaway is that group structure does not replace entity-level governance.
The memo shows the subsidiary board is mainly ratifying parent decisions and is not receiving direct compliance or affiliate-service oversight information.
Topic: Conflicts of Interest
A dealing representative at a registered exempt market dealer is raising capital for an issuer in a private placement. The CCO learns that the representative’s spouse has just accepted the issuer’s CFO role, and the representative has already recommended the offering to several clients this week. The firm’s disclosure template refers only to possible personal conflicts, and the compliance file shows no targeted monitoring or documented review. What is the single best compliance response?
Best answer: D
What this tests: Conflicts of Interest
Explanation: The conflict is specific, current, and tied to active client recommendations. The best response is to assess and document the material conflict, apply a tailored control such as removing the representative from the offering, and keep evidence of targeted supervisory review.
Registered firms must identify existing and reasonably foreseeable material conflicts and address them in the client’s best interest. Here, the conflict is not hypothetical: the representative’s spouse has become the issuer’s CFO while the representative is actively recommending that same private placement to clients. That calls for a documented conflict assessment, an immediate control such as recusal or removal from the offering, and targeted review of the affected recommendations and subscription files.
Generic disclosure alone is too weak when the conflict is specific and current. Waiting until the financing closes is reactive and leaves clients exposed while the conflict is ongoing. A fresh attestation may support the file, but it does not replace supervision or monitoring evidence. The key takeaway is that conflict management must be tailored, timely, and documented.
A current family relationship with the issuer creates a specific material conflict that requires tailored controls and documented monitoring.
Topic: Surveillance and Reviews
A registered portfolio manager introduced automated rebalancing and began trading more thinly traded small-cap issuers. Six months later, the CCO sees that most daily employee-trading surveillance alerts are cleared as immaterial, but an internal review also found two employee trades in issuers held for clients were not escalated because the alert logic still reflects the firm’s old trading volumes. What is the best next step?
Best answer: A
What this tests: Surveillance and Reviews
Explanation: Because the firm’s business mix and trading patterns changed, the surveillance settings cannot be assumed to remain effective. A documented reassessment with testing is the best next step because it addresses both excessive noise and missed events before revised thresholds are put into production.
Surveillance thresholds and logic must be reassessed periodically because they are calibrated to a firm’s business, activity levels, and risk indicators at a point in time. When the business changes, or when results show both too many low-value alerts and missed higher-risk events, the firm should not treat the system as fixed. The appropriate response is a documented, risk-based review of the rule design, assumptions, and thresholds using recent exceptions and missed cases, followed by testing and formal approval before implementation. That helps keep alerts meaningful, supports efficient supervision, and shows regulators that the firm adapts its controls to current risks.
Adding reviewer guidance or waiting longer may help administration, but it does not fix outdated surveillance logic.
Business changes and mixed alert outcomes show the current settings may no longer fit the firm’s risk profile, so they should be reviewed, tested, and updated through governance.
Topic: Compliance Supervision
The CCO of a mutual fund dealer reviews the following branch-review note. Based on the artifact, which supervision deficiency is best supported?
Exhibit: Branch-review note
Sample: 15 new client files opened in the last month
5 files had one or more blank KYC fields when the first purchase was accepted
3 files showed risk tolerance or net worth changed after the first purchase, with no note of client contact
4 files were approved by the branch manager 2-6 days after the first purchase
Local practice: “Representatives may fill in missing items after funding if the client is travelling”
A. The branch’s primary deficiency is inadequate mutual fund product due diligence.
B. The branch’s main weakness is annual KYC updating for existing clients.
C. The branch lacks a control that prevents account activity before complete client information and supervisory approval.
D. The exceptions are only minor paperwork delays and do not show a supervisory gap.
Best answer: C
What this tests: Compliance Supervision
Explanation: The artifact shows a pattern of accounts being used before KYC was complete and before branch approval. Unsupported changes to risk tolerance or net worth after the first purchase further indicate weak supervision over the accuracy and timing of client information.
At account opening, supervision should ensure client information is complete, reliable, and reviewed before the account is used. Here, several files had blank KYC fields when the first purchase was accepted, some key client details were changed afterward without evidence of client confirmation, and branch approval occurred after the purchase. The stated local practice shows this was not an isolated clerical issue but an accepted workaround, which weakens suitability oversight and the firm’s audit trail.
A sound compliance response would be to stop the practice, review affected accounts, confirm unsupported changes with clients, and reinforce pre-activity approval controls. This is more than a documentation backlog because the control failed before client activity occurred.
Repeated blank KYC fields, unsupported post-purchase changes, and late approval show the onboarding control is failing before account activity occurs.
Topic: The Role of Compliance
A registered portfolio manager is preparing to offer clients a new fund managed by an affiliate. The fund has higher fees than similar options, and internal emails describe it as a priority product for advisers. The CCO finds that the conflict assessment is incomplete and the draft client disclosure is still generic. Which action best aligns with the compliance function’s role in supporting client protection and market integrity?
Best answer: D
What this tests: The Role of Compliance
Explanation: Compliance protects clients by addressing material conflicts before clients are exposed, not after harm appears. In this scenario, the best response is a documented challenge to the incomplete conflict review, with stronger controls and escalation through governance channels if management does not fix the issue.
The core compliance principle here is independent oversight and challenge. When a firm promotes a higher-fee affiliated product, there is a clear risk that commercial interests could interfere with fair client outcomes. Compliance supports client protection and market integrity by requiring the conflict to be properly identified, assessed, documented, and controlled before the product is pushed to clients.
A sound response includes:
Compliance does not own the business line, but it does have a duty to challenge, advise, and escalate when risks are not being managed properly. Waiting for complaints or relying on verbal explanations is weaker because it is inconsistent, hard to supervise, and may leave clients exposed to avoidable harm.
Compliance should challenge an unmanaged material conflict before launch, require evidence of effective controls, and escalate if the business does not remediate.
Topic: Key Principles for Compliance Supervision
A mutual fund dealer’s escalation matrix requires the CCO and UDP to be notified when the same material supervisory issue continues after local corrective action. A compliance analyst reviews the following tracker for one dealing representative. No client complaint has been received.
Exhibit: Review tracker
| Month | Missing suitability rationale | Local action | Status |
|---|---|---|---|
| May | 5 trades | Branch manager coaching | Recurred in June |
| June | 4 trades | Written reminder and retraining | Recurred in July |
| July | 6 trades | None yet | Open |
What is the best follow-up?
Best answer: D
What this tests: Key Principles for Compliance Supervision
Explanation: The tracker shows a repeated suitability-documentation problem despite coaching and retraining, so first-line supervision has not been effective. Under the stated escalation matrix, the matter should move to the CCO and UDP with a documented targeted review.
The key concept is evidence-based escalation. Here, the same material suitability-documentation deficiency appears in three consecutive months, and the branch manager has already applied local corrective action twice. That pattern shows the issue is recurring rather than isolated and that first-line remediation may be ineffective.
The best follow-up is to escalate internally to the CCO and UDP and document a targeted review that:
A recurring supervisory exception does not become a complaint just because it may affect clients, and the stem does not state any separate trigger for immediate external reporting.
The same material issue has recurred after local action, so the stated escalation trigger has been met.
Use the CCC Practice Test page for the full Securities Prep route, mixed-topic practice, timed mock exams, explanations, and web/mobile app access.
Read the CCC guide on SecuritiesMastery.com for concept review, then return here for Securities Prep practice.