RIBO Level 1: Information Management

Topic snapshot

Sample questions

These questions are original Securities Prep practice items aligned to this topic area. They are designed for self-assessment and are not official exam questions.

Question 1

Topic: Information Management

At renewal, an Ontario homeowner told her broker she wanted sewer backup coverage only and declined overland water. The broker kept a dated file note, emailed the selected coverage to the client, and received the insurer’s endorsement confirming sewer backup coverage with a $15,000 limit effective June 1. In August, heavy rain caused both sewage backup and surface water to enter the basement. Which statement best describes how the file should support the broker’s response?

• A. It supports assuming overland water applies whenever sewer backup happens in the same storm.
• B. It supports ignoring the $15,000 limit because the renewal discussion was broader.
• C. It supports treating all storm-related water damage as fully covered once one water endorsement exists.
• D. It supports confirming sewer backup was added from June 1 up to $15,000; overland water is not documented.

Best answer: D

What this tests: Information Management

Explanation: Complete and accurate file documentation lets the broker confirm what was actually bound and communicate that accurately after a loss. Here, the records support sewer backup coverage effective June 1 with a $15,000 limit, but they do not show overland water was added.

The core concept is data quality in the client file. For later claims, service, underwriting, or compliance review, the file should clearly show the client’s request, what coverage was selected or declined, the insurer’s confirmation, the effective date, and any limit. In this scenario, the dated note, confirmation email, and issued endorsement all point to the same result: sewer backup coverage was added effective June 1 with a $15,000 limit, and overland water was not documented as insured.

A broker’s basic response should match those records. The broker should not expand the coverage based on assumptions, memory, or the fact that both causes happened in the same storm. The insurer will make the final claim decision, but the broker file should accurately support what was purchased and when.

• All water damage fails because one water endorsement does not create every type of water coverage.
• Ignore the limit fails because the written endorsement confirms a specific $15,000 maximum.
• Same storm, same coverage fails because sewer backup and overland water are separate coverage grants.

The dated note, client email, and insurer endorsement show the exact coverage selected, its effective date, and its limit.

Question 2

Topic: Information Management

While working remotely, a Level 1 broker receives a client’s email asking to add a vehicle and attaching ownership documents. Brokerage policy requires emailed client documents to be transferred immediately into the approved brokerage management system and secure portal workflow, not kept on personal apps or storage. The broker also needs supervisor approval before any bind request is sent to the insurer. Which action is appropriate?

• A. Send the documents through personal text and transmit the bind request right away.
• B. Transfer the documents into the approved workflow, document the request, and seek approval before sending the bind request.
• C. Store the documents in personal cloud storage until the office reopens.
• D. Forward the change request to FSRA for policy processing.

Best answer: B

What this tests: Information Management

Explanation: The proper response is to use the brokerage’s approved systems for client records and documents, then follow the supervision rule before any binding request goes to the insurer. A Level 1 broker can gather and document information, but cannot bypass secure tools or required approval steps.

This question tests two related duties: proper use of employer-required digital applications and a Level 1 broker’s authority limit. When the brokerage requires its management system and secure portal, client information must be handled and documented there, not in personal texting or personal cloud tools. That supports privacy, recordkeeping, and cyber hygiene.

A Level 1 broker may collect the client’s request and update the file, but a request that could bind or change coverage must follow the brokerage’s supervision process before it is sent to the insurer. FSRA regulates broker conduct; it does not process routine client policy changes. The compliant approach is to move the documents into the approved workflow, document the request, and obtain the required approval before any bind request is sent.

• Personal texting fails because it bypasses the brokerage’s approved secure workflow and ignores the stated approval rule.
• Personal cloud storage fails because client documents must stay within the brokerage’s authorized recordkeeping system.
• Sending it to FSRA confuses the regulator’s oversight role with routine policy servicing done by the brokerage and insurer.

This follows the brokerage’s required digital tools and the Level 1 broker’s supervision limit before any binding step.

Question 3

Topic: Information Management

During a renewal call, a client says she still lives in her house but now rents a self-contained basement apartment to an unrelated tenant on a monthly basis. To keep the file complete and accurate for later underwriting, claims, and compliance review, what is the most appropriate occupancy classification to record?

• A. Owner-occupied dwelling with a rental unit
• B. Vacant dwelling
• C. Seasonal dwelling
• D. Tenant-occupied rental dwelling

Best answer: A

What this tests: Information Management

Explanation: This is primarily an occupancy and use classification issue. Because the insured still occupies the home and now rents part of it to a tenant, the file should show an owner-occupied dwelling with a rental unit, not a fully rented, seasonal, or vacant risk.

The core concept is accurate documentation of a material change in occupancy. The insured continues to live in the dwelling, so it is not a fully tenant-occupied property. However, renting a self-contained basement apartment creates an added rental exposure that affects underwriting, policy suitability, and how a later claim may be reviewed.

A complete file should clearly show the actual use of the premises at renewal, including:

• owner occupancy remains in place
• part of the dwelling is rented to an unrelated tenant
• the rental arrangement is ongoing, not temporary vacancy

Recording the risk too broadly or under the wrong class can lead to underwriting issues, service errors, or claim disputes later.

• Tenant-only classification fails because the client still lives in the home, so the property is not fully tenant occupied.
• Seasonal use fails because the dwelling is being lived in as a regular residence, not used only part of the year.
• Vacancy fails because both the client and the tenant occupy the premises.

The client still lives in the home, but the basement tenant creates a rental-unit exposure that must be documented accurately.

Question 4

Topic: Information Management

In brokerage practice, PCI compliance is best described as which of the following?

• A. A privacy rule requiring client consent for collection and disclosure of personal information.
• B. A security standard for handling payment card data through approved secure processes.
• C. A recordkeeping rule requiring payment records to be kept for the brokerage’s retention period.
• D. A marketing rule requiring consent before most promotional emails or texts are sent.

Best answer: B

What this tests: Information Management

Explanation: PCI compliance deals specifically with payment card security. For a broker, its practical meaning is using approved procedures and systems to protect card data, not treating it as ordinary client information or a marketing-permission issue.

PCI compliance refers to the payment-card security standard brokerages follow when they accept credit card payments. In routine broker work, it means card information must be handled through secure, approved processes, with limited access and no unnecessary storage or transmission. This is different from PIPEDA, which governs how personal information is collected, used, and disclosed, and different from CASL, which governs consent for most promotional electronic messages.

A Level 1 broker should follow the brokerage’s payment procedures exactly, use approved systems, and avoid recording or sharing card details outside those procedures. The key takeaway is that PCI is about safeguarding payment card data, not general privacy consent or marketing consent.

• Privacy consent describes PIPEDA-style rules for personal information, which is broader than payment card security.
• Marketing consent points to CASL, which applies to most promotional emails and texts, not card handling.
• Retention period relates to recordkeeping, but keeping records is separate from the secure treatment of card data.

PCI compliance focuses on protecting payment card information during collection, transmission, and any permitted storage.

Question 5

Topic: Information Management

For a Level 1 Ontario broker, what is the best practical meaning of data verification before relying on file information?

• A. Checking that key details are complete, accurate, current, and consistent before use.
• B. Sending client details to the insurer exactly as received.
• C. Limiting collection to only information needed for the transaction.
• D. Keeping client records for the required retention period.

Best answer: A

What this tests: Information Management

Explanation: Data verification means confirming that information in the file is complete, accurate, current, and internally consistent before relying on it. In brokerage work, that check helps support proper advice, cleaner processing, and fewer errors at binding, renewal, cancellation, or claims stages.

The core concept is data verification. In a brokerage file, collecting information is only the first step; before using it to advise a client, bind coverage, process a renewal or cancellation, or assist with a claim, the broker should confirm the facts are usable and trustworthy. That means checking for missing details, conflicting answers, outdated information, and obvious inaccuracies, then clarifying them with the client or another reliable source. This supports good client service and helps prevent coverage gaps, underwriting issues, or claim problems caused by bad data. Privacy, consent, and record retention are also important information-management duties, but they are different from confirming that the data itself is complete and accurate.

• Minimum collection is a privacy principle about how much information should be gathered, not whether existing information is correct.
• Record retention deals with how long the brokerage keeps files, not whether the file can be safely relied on now.
• Forwarding as received skips the needed check for missing, outdated, or inconsistent details.

Data verification means confirming the file information is reliable enough to use for advice or transactions.

Question 6

Topic: Information Management

A Level 1 broker at an Ontario brokerage accidentally emails a client’s completed auto application, including date of birth and driver’s licence number, to the wrong Gmail address. The unintended recipient replies that the attachment was opened. What is the primary exposure that must be recognized and addressed first?

• A. A privacy breach requiring containment and escalation
• B. A trust-account problem requiring fund reconciliation
• C. A claims matter requiring insurer reporting
• D. An underwriting issue requiring a revised quote

Best answer: A

What this tests: Information Management

Explanation: This situation is an unauthorized disclosure of personal information, which makes it a privacy breach. The broker should first try to contain the disclosure, then promptly escalate it within the brokerage and document the incident.

The core concept is privacy and confidentiality management. When client information is sent to the wrong person and that person opens it, the main exposure is a privacy breach, not a routine clerical or underwriting issue. For a Level 1 broker acting under supervision, the proper response is to focus first on containment and internal escalation so the brokerage can assess impact, follow its privacy procedure, and decide on any further notification steps.

• Attempt immediate containment, such as recalling the email if possible and asking the unintended recipient to delete it.
• Notify the supervising broker, privacy contact, or Principal Broker according to brokerage procedure.
• Document what was sent, who received it, and whether it was accessed.

The key point is that the privacy exposure must be handled before any secondary service or underwriting concern.

• Treating it as only an underwriting issue misses the unauthorized disclosure of personal information.
• Treating it as a claims matter is incorrect because no insured loss is being reported to the insurer.
• Treating it as a trust-account problem is unrelated because the facts involve client data, not client funds.

Sending client personal information to an unintended recipient is an unauthorized disclosure, so the first response is to contain the breach and escalate it internally.

Question 7

Topic: Information Management

In an Ontario general-insurance brokerage file, what is the best definition of an audit trail?

• A. A reminder list of future tasks on the account
• B. A chronological record of instructions, advice, documents, transactions, and timing
• C. A consent form for collecting and sharing the client’s personal information
• D. A summary of the insurer’s underwriting reasons for accepting the risk

Best answer: B

What this tests: Information Management

Explanation: An audit trail is the documented history of the client file. It shows communications, instructions, documents, transactions, and timing so the brokerage can support later service, underwriting, claims, and compliance review.

The core concept is file reconstructability. In brokerage practice, an audit trail means a clear, chronological record of what information was received, what the client requested, what the broker explained or recommended, what documents were sent or received, what transaction occurred, who handled it, and when each step happened. Good file notes, saved emails, applications, endorsements, and transaction records all contribute to that history.

A proper audit trail helps with:

• later servicing when a client questions a change
• underwriting review of what was disclosed
• claims support when facts are disputed
• compliance review of advice, consent, and timing

Keeping only a final summary, a consent form, or a personal reminder does not fully show the path from instruction to action.

• Underwriting summary is only one part of a file and does not document the full sequence of communications and transactions.
• Privacy consent deals with permission to collect or disclose information, not with recording everything that happened on the account.
• Task reminder helps workflow, but it does not create a reliable history of advice, instructions, and completed changes.

An audit trail allows the brokerage to reconstruct what happened in the file, who handled it, and when.

Question 8

Topic: Information Management

A Level 1 Ontario broker accidentally emails a client’s auto insurance application to the wrong address. The email includes the client’s full name, home address, date of birth, and driver’s licence number. The unintended recipient replies, “You have the wrong person.” What is the best next step?

• A. Delete the sent email from your mailbox and correct the client file.
• B. Notify your supervisor or privacy contact immediately, seek deletion confirmation, and document the breach.
• C. Inform the client and ask them to deal directly with the unintended recipient.
• D. Send the application to the correct address and wait to see if any issue arises.

Best answer: B

What this tests: Information Management

Explanation: Because confidential client information was disclosed to the wrong person, the priority is immediate containment and escalation. A Level 1 broker should follow brokerage procedure by notifying a supervisor or privacy contact right away, documenting the incident, and supporting secure deletion or other containment steps.

A misdirected email containing personal information is a privacy incident. In this situation, the proper response is to contain the disclosure and escalate it immediately rather than handle it informally. A Level 1 broker should promptly notify the supervisor, Principal Broker, or designated privacy contact, record what happened, and follow the brokerage’s breach process. Reasonable containment includes requesting that the unintended recipient delete the email and confirm no further use or sharing.

The brokerage can then decide on any client notification, follow-up, and recordkeeping steps. Simply fixing the service issue by resending the application does not address the wrongful disclosure. The key takeaway is that privacy incidents require prompt internal escalation plus practical containment.

• Resending the application to the correct address fixes service, but it does not contain or escalate the privacy breach.
• Deleting your own sent email does not remove the message from the unintended recipient or create the needed incident record.
• Leaving the matter to the client shifts responsibility and delays proper brokerage handling of the breach.

A privacy breach involving client information should be contained, escalated, and documented right away under brokerage procedure.

Question 9

Topic: Information Management

A Level 1 broker is handling an Ontario auto renewal. The brokerage system shows the vehicle is garaged in Ottawa, but the client’s email says they moved to Kingston two months ago. Before relying on the file to give renewal advice or submit the renewal, which responsibility applies?

• A. The insurer is solely responsible for checking whether the brokerage’s renewal data is accurate.
• B. The Principal Broker must personally confirm every address change before the file can be used.
• C. The Level 1 broker must verify the new garaging details with the client, document the update, and seek supervision if anything remains unclear.
• D. The broker may use the prior year’s application until a claim proves the address was wrong.

Best answer: C

What this tests: Information Management

Explanation: Before a broker relies on information for advice or renewal, the data must be complete and accurate. A Level 1 broker cannot assume the older garaging address is still correct; the discrepancy must be verified with the client, documented, and escalated under supervision if it remains unresolved.

The core issue is data quality before action. A garaging address can affect underwriting and rating, so once the file contains conflicting information, the broker should not rely on the old record or guess which version is correct. The Level 1 broker handling the file should confirm the current details with the client, update the brokerage record, and document the source of the correction. If the information cannot be confirmed clearly, or office procedures require review, the matter should be referred through supervision before advice is given or the renewal is submitted.

The insurer may underwrite the risk later, but basic verification of a known discrepancy is still part of the broker’s responsibility before relying on the file.

• Insurer role fails because the broker cannot shift basic data verification to the insurer before giving advice or sending the renewal.
• Principal Broker overreach fails because Level 1 work is supervised, but the Principal Broker does not have to personally confirm every routine file update.
• Old file reliance fails because prior application data is not reliable once the broker knows the file contains conflicting current information.

A broker cannot rely on conflicting renewal data; it must be verified, documented, and escalated if unresolved.

Question 10

Topic: Information Management

At renewal, a Level 1 broker sees a homeowner file listed as owner-occupied, single-family dwelling. A recent client email says, “We moved out last year and now rent the whole house to two unrelated tenants.” The client asks whether the policy can renew unchanged. Before relying on the file for renewal advice, what is the primary exposure that must be verified?

• A. Occupancy and rental use affecting the dwelling’s risk class
• B. Email privacy handling for the client message
• C. Potential sewer backup exposure from tenant use
• D. Mortgagee information missing from the record

Best answer: A

What this tests: Information Management

Explanation: The main issue is conflicting information about who occupies the home and how it is used. Occupancy is a core underwriting fact, so a broker should confirm it before relying on the file for renewal advice or assuming the existing policy still fits.

This tests data quality in an underwriting context. A home insured as owner-occupied is not the same risk as a house rented to unrelated tenants, and that difference can affect eligibility, rating, and whether the current habitational policy is still appropriate. When the file and the client’s new information conflict, the broker should not rely on the old record. The broker must first verify the actual occupancy and rental use, document the change, and then decide what advice or renewal action is appropriate.

The key point is that complete and accurate material information comes before coverage advice. Other concerns may exist, but they are secondary until the broker confirms the home’s true risk classification.

• Water damage issue is secondary because coverage concerns like sewer backup come after confirming the property’s actual occupancy and use.
• Privacy issue is not the main problem here; the decision risk comes from conflicting underwriting data, not from receiving the email itself.
• Mortgagee details matter for records, but they do not drive the basic habitational risk class as directly as occupancy does.

Conflicting occupancy information is material underwriting data, so the broker must verify the home’s actual use before giving renewal advice.

Continue with full practice

Use the RIBO Level 1 Practice Test page for the full Securities Prep route, mixed-topic practice, timed mock exams, explanations, and web/mobile app access.

Related focused pages

• Free RIBO Level 1 Full-Length Practice Exam
• RIBO Level 1: Legal and Regulatory Compliance
• RIBO Level 1: Professionalism, Integrity, and Ethics
• RIBO Level 1: Insurance Product and Industry Knowledge
• RIBO Level 1: Risk Identification, Assessment, and Classification
• RIBO Level 1: Consulting and Advising
• RIBO Level 1: Relationship Management
• RIBO Level 1: Claim Services
• RIBO Level 1: Critical and Analytical Thinking
• RIBO Level 1: Continuous Learning and Development

Free review resource

Use the full Securities Prep practice page above for the latest review links and practice route.