CCC: Surveillance and Reviews

Topic snapshot

Surveillance checklist before the questions

Surveillance questions test whether the review design would catch the risk that actually matters. A report can look active while still missing concentration, trend, suitability, complaint, or trading-conduct risk.

• Check whether thresholds fit the account size, product, branch, or representative risk.
• Watch for stale exception reports with no documented investigation or closure.
• Prefer targeted review and root-cause follow-up when the same pattern repeats.

What to drill next after surveillance misses

If you miss these questions, practise reading exhibits for what the control fails to detect. Then move to conflicts, complaints, and supervision questions to connect surveillance exceptions to escalation.

Sample questions

These questions are original Securities Prep practice items aligned to this topic area. They are designed for self-assessment and are not official exam questions.

Question 1

Topic: Surveillance and Reviews

At a Canadian exempt market dealer, private placements are the firm’s highest-risk activity and were the source of two suitability deficiencies last year. The CCO’s Q2 review used random file testing only.

Exhibit: Q2 review tracker

What is the best follow-up by the CCO?

• A. Scale back private placement testing for the next quarter.
• B. Expand and target private placement testing before drawing comfort.
• C. Close prior private placement remediation based on the clean result.
• D. Focus on KYC updates because they produced an exception.

Best answer: B

What this tests: Surveillance and Reviews

Explanation: The private placement review is too shallow for the risk involved. Zero exceptions from only three randomly selected files do not provide enough evidence that controls are working in the firm’s highest-risk activity, especially where there were prior suitability issues.

This is a risk-based testing question. Review depth should reflect the activity’s inherent risk, transaction volume, and known issues. Here, private placements are the highest-risk business line, they generated prior suitability deficiencies, and they had 240 Q2 files, yet only three were tested. That is not enough to treat a zero-exception result as meaningful assurance.

A stronger follow-up would be to:

• increase the sample in private placements
• target testing to the prior deficiency themes
• verify whether remediation actually changed front-line behaviour
• document why the revised scope is proportionate to the risk

The medium-risk KYC exception may still need correction, but it does not remove the need for deeper testing where the risk and exposure are greatest.

• Single exception focus overweights the medium-risk KYC finding; one detected issue does not justify leaving the highest-risk area lightly tested.
• Premature closure treats a clean result from three random files as proof that prior private placement remediation worked.
• Reduced coverage confuses no detected exceptions with low risk, even though private placements remain high risk and high volume.

A three-file random sample in the highest-risk area, after prior suitability deficiencies, is too limited to support reliance on a zero-exception result.

Question 2

Topic: Surveillance and Reviews

An exempt market dealer is designing surveillance for concentration in illiquid exempt products. The firm’s policy measures concentration by each client’s total exposure to a single issuer, but the proposed report flags only single subscriptions over $100,000 and ignores existing positions and repeat purchases. Internal testing shows most past concentration issues arose through several smaller subscriptions. Before rollout, what is the best next step?

• A. Launch the report and tune it after the first quarter
• B. Require supervisory sign-off on each large subscription
• C. Keep the design and add adviser training on concentration
• D. Rebuild the alert around total client exposure and test thresholds

Best answer: D

What this tests: Surveillance and Reviews

Explanation: The main weakness is that the alert logic does not match the risk the firm’s policy is meant to control. Because concentration is defined by total client exposure, the design should be rebuilt and calibrated before the firm relies on it.

Effective surveillance starts with matching the alert logic to the underlying conduct risk and the firm’s own policy standard. Here, the policy is about cumulative client exposure to a single issuer, but the proposed report only looks for one large subscription. That means the report is structurally mis-specified and will predictably miss the very pattern that internal testing has already shown: concentration created through several smaller purchases.

The best next step is to redesign the surveillance before rollout so it:

• aggregates existing and new positions at the client level
• captures repeat purchases over time
• uses tested thresholds that produce meaningful alerts

Manual review, training, or later tuning may help support supervision, but they do not fix a core alert-design flaw.

• Quarterly tuning later is premature because the firm already knows the proposed logic misses the main risk pattern.
• Large-trade sign-off still relies on the wrong trigger and would miss concentration built through smaller purchases.
• Training only may improve awareness, but it does not repair a surveillance report that is misaligned with policy.

The alert must measure cumulative issuer exposure, because the current trigger misses the main concentration pattern already identified in testing.

Question 3

Topic: Surveillance and Reviews

An exempt market dealer sells a related issuer mortgage fund, and many clients subscribe in several installments. The CCO asks for surveillance that can detect when a dealing representative builds material client exposure to that fund over time. Management proposes a monthly alert that flags only any single subscription over $50,000 and does not combine prior purchases in the same client account. What is the most important weakness in this design?

• A. It reviews monthly instead of after each subscription.
• B. It is limited to the related fund rather than all products.
• C. It is not cumulative and can miss material client concentration.
• D. It lacks a documented basis for the $50,000 trigger.

Best answer: C

What this tests: Surveillance and Reviews

Explanation: The key design test is whether the alert logic matches the risk the firm wants to monitor. Here, the risk is gradual accumulation of exposure in a related issuer fund, so a single-subscription trigger is the main weakness because it can miss the very pattern of concern.

A surveillance report should be built around the risk event it is supposed to detect. In this scenario, the firm is worried that a representative may build a client’s exposure to a related issuer fund through several smaller subscriptions over time. An alert based only on one subscription above $50,000 is misaligned because it measures ticket size, not resulting concentration.

Effective alert logic would aggregate purchases over a defined look-back period and test the client’s current or projected exposure to the fund. Review frequency, threshold documentation, and overall product scope are all relevant design choices, but they are secondary if the alert cannot identify the target pattern at all. The closest distractor is the timing issue: more frequent review helps timeliness, yet it does not solve a non-cumulative alert.

• Threshold rationale: documenting why $50,000 was chosen is good governance, but it does not fix an alert that ignores accumulated exposure.
• Review frequency: faster review may improve timeliness, but even daily review would still miss the risk if the logic remains single-transaction only.
• Product scope: focusing on the related fund is reasonable because the stated conflict and concentration concern is tied to that product.

Because the risk is exposure built over time, single-trade logic that ignores prior purchases will miss the main pattern the surveillance is meant to detect.

Question 4

Topic: Surveillance and Reviews

A mutual fund dealer’s quarterly surveillance review of one branch found that 18 of 60 client files lacked evidence of suitability reassessment after leveraged fund switches. The same branch had a similar finding in the prior quarter, and the branch manager did not complete the promised remediation. The draft report places the issue in an appendix as “process inconsistencies” and states in the executive summary that “no material issues were identified.” As CCO, what is the best action?

• A. Wait for a client complaint or regulator inquiry before elevating the issue.
• B. Reclassify the finding as significant, quantify its scope, and escalate it with formal remediation tracking.
• C. Remove the phrase “no material issues” but leave the finding in the appendix for now.
• D. Keep it as a process issue, but require branch retraining and report results next quarter.

Best answer: B

What this tests: Surveillance and Reviews

Explanation: The issue is repeated, unresolved, and tied to suitability documentation after leveraged switches, so it raises a material supervisory and client-protection concern. Reporting it as an appendix item with “no material issues” obscures its seriousness; the report should clearly elevate the finding and track remediation.

In compliance reporting, the key question is whether the report accurately conveys the severity of the finding. Here, the issue is recurring, affects a meaningful portion of the files reviewed, involves suitability reassessment, and prior remediation was not completed. Describing it as mere “process inconsistencies” while also saying “no material issues” understates an unresolved supervisory weakness and can mislead senior management or the governing body.

Effective reporting should:

• state the issue plainly
• quantify the scope and recurrence
• note that remediation was not completed
• assign and track corrective action through escalation

Simply softening the wording or waiting for more evidence still buries a serious finding that already warrants clearer escalation.

• Treating it as a simple training matter fails because the repeat pattern and missed remediation show a broader supervisory weakness.
• Deleting “no material issues” helps, but leaving the matter buried in an appendix still downplays severity.
• Waiting for a complaint or regulator contact is reactive and inconsistent with timely internal escalation of significant findings.

Repeated suitability control failures and incomplete remediation should be reported as a significant supervisory issue, not softened in an appendix.

Question 5

Topic: Surveillance and Reviews

A registered portfolio manager’s CCO sends the UDP and board the following excerpt after a quarterly best-execution review.

Exhibit: Surveillance dashboard excerpt

• Orders reviewed: 120
• Exceptions: 13 (prior quarter: 4)
• Repeat exceptions from prior quarter: 8
• Root cause field: Under review
• Reported status to management: “No material issues”
• Remediation owner / target date: blank

What is the best supported deficiency in this reporting?

• A. It masks an adverse trend and lacks remediation accountability.
• B. It needs client-level trade details before management can assess it.
• C. It is adequate because quarterly exception counts already show oversight.
• D. It should wait for final root-cause analysis before escalation.

Best answer: A

What this tests: Surveillance and Reviews

Explanation: The report downplays a worsening, repeat exception pattern by calling it “No material issues” and leaving ownership and timing blank. Surveillance findings must be reported clearly enough for decision-makers to understand significance, require action, and track remediation.

Surveillance findings are only useful if they are reported in a way that allows accountable decision-makers to assess seriousness and act on it. Here, exceptions increased from 4 to 13, eight are repeats, the root cause is still under review, yet the report says “No material issues” and provides no remediation owner or target date. That is ineffective reporting because it obscures trend, repeat nature, and accountability. Effective reporting should highlight material changes, unresolved recurrence, interim risk assessment, clear escalation, assigned ownership, and follow-up timing. Management and the board do not need every underlying trade detail to oversee the issue; they need a decision-useful summary that supports timely remediation. Waiting for perfect information can delay oversight when the pattern already warrants attention.

• Waiting for final root-cause analysis delays escalation when the report already shows a worsening repeat issue.
• Asking for client-level trade detail misses the main gap, which is significance, ownership, and follow-up.
• Treating the report as adequate ignores the contradictory “No material issues” label and the blank remediation fields.

Effective reporting must show significance, escalation need, and ownership so management can direct and monitor corrective action.

Question 6

Topic: Surveillance and Reviews

A dual-registered portfolio manager and exempt market dealer proposes a monthly concentration report. An alert is generated only when a single purchase exceeds $50,000 and the position in one issuer will exceed 50% of the client’s account after the trade. Compliance tests the logic on last quarter’s activity.

Exhibit: Pilot results

What is the most important weakness in the proposed surveillance design?

• A. The $50,000 trade-size gate misses concentrated EMD accounts.
• B. Managed accounts are being over-monitored relative to EMD accounts.
• C. Monthly review frequency is the main design weakness.
• D. The results mainly show inconsistent reviewer judgment across lines.

Best answer: A

What this tests: Surveillance and Reviews

Explanation: The exhibit shows that most highly concentrated EMD accounts would not alert because the rule requires a single purchase above $50,000. That absolute size filter makes the surveillance logic insensitive to material concentration risk in smaller accounts, which is the key design weakness.

The core issue is alert calibration. A concentration report should capture material client risk in the population where that risk is actually arising. Here, 7 EMD accounts ended above 50% in one issuer, but 6 of those accounts had no purchase above $50,000, so the proposed rule would miss most of the extreme concentrations in that business line. That means the absolute trade-size gate is creating false negatives, even though the underlying concentration is already severe.

A better design would test concentration at the account level and then set any dollar threshold so it does not screen out smaller but still material accounts. The key takeaway is that surveillance quality depends on what the logic misses, not just how many alerts it produces.

• Monthly frequency is not the main issue because the exhibit points to missed detection caused by the threshold logic, not by the review cycle.
• Over-monitoring managed accounts misreads the table; full capture of 2 concentrated managed accounts is less important than missing 6 of 7 concentrated EMD accounts.
• Reviewer inconsistency is unsupported because the exhibit reports alert output, not differences in how reviewers assessed the same cases.

Because 6 of 7 highly concentrated EMD accounts had no purchase above $50,000, the size gate suppresses material concentration alerts.

Question 7

Topic: Surveillance and Reviews

A portfolio manager recently began recommending a proprietary private credit fund. In the quarterly compliance review, staff checked only whether five client files contained completed KYC and conflict-disclosure forms. A separate surveillance report for the same period shows 14 clients above the firm’s internal 25% concentration alert for that fund, yet the reviewer proposes closing the review as “no material issues.” As CCO, which next step best aligns with sound Canadian compliance practice?

• A. Obtain adviser attestations and revisit the issue next quarter.
• B. Close the review because required forms were largely present.
• C. Wait for a client complaint before broadening the review.
• D. Expand to substantive, risk-based testing and document any needed escalation.

Best answer: D

What this tests: Surveillance and Reviews

Explanation: The initial review is too shallow for the risks shown in the surveillance data. When a proprietary product and concentration alerts raise suitability and conflict concerns, compliance should deepen the testing, expand the scope, and document any escalation rather than treating paperwork completion as enough.

Review testing should be proportionate to the risks actually identified. Here, the fund is proprietary, which raises conflict risk, and the concentration alerts point to possible suitability and supervision concerns. A review limited to checking whether forms were present is too shallow because it tests documentation completeness, not whether recommendations were appropriate or controls worked.

A stronger compliance response is to:

• expand the sample, especially higher-concentration and recent accounts;
• test suitability rationale, concentration decisions, disclosures, and approvals;
• document why the scope was increased and what evidence was reviewed; and
• escalate interim concerns if there may be client harm or a control weakness.

Business-line confirmations may support a review, but they do not replace independent compliance testing.

• Form-complete focus fails because signed or completed forms do not show that suitability and concentration risks were properly assessed.
• Self-attestation only fails because adviser certifications are not a substitute for independent compliance evidence.
• Wait for a complaint fails because existing surveillance alerts already justify deeper testing and possible escalation.

It applies risk-based supervision by moving from form checks to substantive testing tied to the concentration alerts and proprietary-product conflict risk.

Question 8

Topic: Surveillance and Reviews

A portfolio manager’s quarterly supervision review found that 18 discretionary accounts in one team were traded using KYC information that had not been updated as required, despite prior reminders. No client loss has been identified, but the issue is recurring and could affect suitability oversight. The CCO is preparing a report for the UDP and senior management. Which action best aligns with effective reporting of surveillance and review findings?

• A. Delay reporting until the next quarterly review after the team fixes the files.
• B. Give an oral update focused on the lack of client loss and keep no formal record.
• C. Report only the number of exceptions and provide detail later if requested.
• D. Submit a written, risk-based report covering impact, root cause, remediation owners, and follow-up dates.

Best answer: D

What this tests: Surveillance and Reviews

Explanation: Effective reporting must help management understand the significance of a finding and respond to it. A written, risk-based report with impact, cause, ownership, and follow-up supports timely escalation, accountability, and evidence that the firm is managing the issue prudently.

Surveillance and review findings should be reported in a way that decision-makers can act on them. Here, the problem is recurring, relates to suitability oversight, and continued after prior reminders, so management needs more than an exception count. Effective reporting explains the nature and seriousness of the issue, the affected clients or business area, the likely cause, the remediation plan, who is responsible, and when follow-up testing will occur. That supports client protection, governance oversight, and a documented record showing the firm identified the problem and responded appropriately. When reporting is delayed, minimized, or left undocumented, accountability weakens and the firm is less able to demonstrate that its compliance program is functioning effectively.

• Reporting only counts is too thin because management cannot judge materiality, client impact, or whether the proposed fix is sufficient.
• Delaying until the next review cycle is inappropriate because recurring control failures should be escalated promptly, not after more time passes.
• An oral update focused on no current loss is inadequate because the issue still affects supervision quality and should be formally documented and tracked.

It gives management a clear, documented basis to assess risk, direct remediation, assign accountability, and verify follow-up.

Question 9

Topic: Surveillance and Reviews

An exempt market dealer’s monthly surveillance report flags eight new subscriptions to an illiquid real estate limited partnership sold by the same dealing representative. In each case, the client KYC shows low risk tolerance or a short time horizon, and the representative was flagged for similar exceptions last month. The supervisor’s only documented response last month was a coaching note. The report does not confirm whether the alerts are false positives or true suitability concerns. What is the best next step for the CCO?

• A. Send a firm-wide suitability reminder and revisit the issue next month.
• B. Rely on last month’s coaching note and close the new exceptions.
• C. Report the representative to the securities regulator before validating the alerts.
• D. Perform a documented targeted file review, obtain the representative’s explanation, and decide on escalation or heightened supervision.

Best answer: D

What this tests: Surveillance and Reviews

Explanation: Surveillance alerts are a starting point, not a final finding. Because the same representative has recurring alerts and prior coaching did not resolve them, compliance should promptly validate the flagged trades through a documented targeted review and then determine appropriate escalation and interim controls.

In surveillance follow-up, the key step is to turn an alert into a fact-based assessment. Here, the pattern has repeated, the previous response was weak, and the report itself does not prove whether the trades were truly unsuitable. The CCO should therefore launch a prompt, documented review of the flagged files, including KYC information, product features, concentration, notes, and the representative’s explanations, and then decide whether remediation, client contact, heightened supervision, management escalation, or regulatory reporting is required. This sequence protects clients and creates an evidence trail. Acting before validating the alerts is premature, while closing the matter or waiting for another cycle leaves a possible supervisory failure unaddressed.

• Reporting to the regulator first is premature because the firm has not yet confirmed the alerts or assessed their scope.
• Relying on prior coaching skips the required follow-up for recurring exceptions and leaves current activity untested.
• Sending a general reminder may be part of later remediation, but it does not address the specific flagged trades that need review now.

Repeated alerts require documented validation and follow-up before the firm decides on remediation, management escalation, or external reporting.

Question 10

Topic: Surveillance and Reviews

The CCO of an exempt market dealer reviews a new concentration-surveillance rule for retail clients.

Artifact: Surveillance dashboard excerpt

• Rule: single-issuer concentration
• Population monitored: client accounts with a purchase over $50,000 in the last 30 days
• Alert trigger: one issuer exceeds 25% of documented client financial assets
• Excluded: transferred-in positions and accounts with no recent trade
• Spot check: 3 client accounts above 40% concentration were not captured because no recent purchase occurred

Which surveillance-design deficiency is best supported by the artifact?

• A. The spot check shows the firm’s asset records are unreliable.
• B. The report is deficient because it only runs every 30 days.
• C. The 25% threshold is automatically prohibited for retail clients.
• D. The monitored population is too narrow and misses existing concentration risk.

Best answer: D

What this tests: Surveillance and Reviews

Explanation: A surveillance rule must first cover the relevant risk population. Here, the dashboard excludes transferred-in and inactive accounts, and the spot check confirms that highly concentrated clients were missed, so the main weakness is under-inclusive alert logic.

Good surveillance design starts with population coverage. In this scenario, the rule reviews only accounts with a recent purchase over $50,000 and expressly excludes transferred-in positions and accounts with no recent trade, even though concentration risk can already exist or worsen without a new purchase. The spot check is direct evidence that the rule is missing material exceptions, so the key control gap is in the rule’s scope and trigger logic. A threshold such as 25% may need calibration, but calibration is secondary if the report never screens a meaningful part of the risk universe. The closest distractors either assume a universal prohibition or misread the 30-day lookback.

• Absolute prohibition fails because the artifact does not say 25% is universally banned; the problem shown is incomplete coverage.
• 30-day misread fails because 30 days describes which accounts enter the rule, not how often the report runs.
• Data-quality leap fails because the missed accounts were excluded by rule design, not shown to result from inaccurate records.

Because the rule screens only recent large purchases and excludes inactive or transferred-in positions, it misses material concentration already present in client accounts.

Continue with full practice

Use the CCC Practice Test page for the full Securities Prep route, mixed-topic practice, timed mock exams, explanations, and web/mobile app access.

Related focused pages

• Free CCC Full-Length Practice Exam
• CCC: The Role of Compliance
• CCC: The Regulators
• CCC: Corporate Legislation and Governance
• CCC: Financial Condition
• CCC: The Compliance Regime
• CCC: Key Principles for Compliance Supervision
• CCC: Compliance Supervision
• CCC: Conflicts of Interest
• CCC: Complaints
• CCC: Dealing with the Regulators
• CCC: Legal Actions

Free review resource

Read the CCC guide on SecuritiesMastery.com, then return to Securities Prep for timed practice.