The correct answer reflects the fundamental principle of ‘tone from the top’, a cornerstone of UK financial crime prevention. The Board of Directors holds ultimate responsibility for a firm’s anti-financial crime systems and controls. Under the UK’s Senior Managers and Certification Regime (SM&CR), senior managers, including board members, have a prescribed responsibility and a duty of responsibility, making them personally accountable for failures. The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLR 2017) mandate that firms must apply customer due diligence measures before the establishment of a business relationship. The proposed ‘streamlined’ process, which defers Enhanced Due Diligence (EDD), would likely breach these regulations. The Joint Money Laundering Steering Group (JMLSG) guidance, which UK regulators consider best practice, explicitly states that senior management must lead the firm’s AML/CTF efforts. Prioritising commercial targets over clear regulatory obligations and the MLRO’s expert advice would demonstrate a weak compliance culture and expose the firm and its board to severe regulatory sanctions, fines, and potential criminal liability under the Proceeds of Crime Act 2002 (POCA). Approving a trial or delegating the decision abdicates the board’s non-delegable, ultimate responsibility for risk management and compliance.

Under the UK’s anti-financial crime regime, the primary legislation concerning terrorist financing is the Terrorism Act 2000 (TA 2000), supplemented by the Proceeds of Crime Act 2002 (POCA 2002) regarding reporting obligations. When a firm has knowledge or suspicion of terrorist financing, it is legally obligated to report this to the National Crime Agency (NCA) by submitting a Suspicious Activity Report (SAR). In this scenario, the combination of a high-risk NPO client, operations in a high-risk jurisdiction, the founder’s sympathies for a proscribed group, and an urgent transaction to an opaque third party constitutes strong grounds for suspicion. As a transaction is pending, the firm must not proceed as this could constitute an offence under TA 2000 (e.g., Section 17, ‘Funding arrangements’). Therefore, the MLRO must submit a SAR to the NCA and specifically request a ‘defence’ (often referred to as a Defence Against Money Laundering or DAML, though the legal basis is a defence against committing a principal offence under TA 2000). This provides the firm with a statutory defence if it proceeds with the NCA’s consent. Contacting the client would be ‘tipping off’, a criminal offence. Simply proceeding with the transaction would be illegal, and terminating the relationship without reporting fails to meet the statutory reporting obligation.

This question assesses the ability to identify a specific type of financial crime from a scenario, a key topic in the CISI Combating Financial Crime syllabus. The correct answer is ‘Fraud by false representation’. Under the UK’s Fraud Act 2006, this offence is committed when a person dishonestly makes a false representation with the intent to make a gain for themselves or another, or to cause loss to another. In this scenario, the senior manager is dishonestly making a false representation (the inflated valuation) with the clear intent of making a personal financial gain. ‘Insider dealing’, defined under the Criminal Justice Act 1993, involves trading securities based on non-public, price-sensitive information; while the manager has inside knowledge, the primary crime described is the act of deception itself, not trading. ‘Money laundering’, governed by the Proceeds of Crime Act 2002 (POCA), involves concealing or dealing with the proceeds of crime, which is not occurring here. ‘Bribery’, under the Bribery Act 2010, involves offering or receiving an inducement for improper performance of a function, which is also not the central issue in this scenario.

The correct answer is the FATF Recommendation 13 on Correspondent Banking. This is a cornerstone of the international framework for combating financial crime, which the UK has implemented into its domestic legislation. For the UK CISI exam, it is crucial to understand how international standards translate into UK law. The Financial Action Task Force (FATF) sets the global standard, and its Recommendation 13 specifically requires financial institutions to perform enhanced due diligence (EDD) on cross-border correspondent banking relationships. This includes assessing the respondent institution’s AML/CFT controls and understanding the nature of its business. The scenario describes a clear failure to apply these principles, particularly the ongoing monitoring aspect, after the respondent’s jurisdiction was identified as high-risk. The UK’s Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLRs 2017), specifically Regulation 34, directly implements this requirement, mandating UK firms to apply EDD to correspondent relationships with institutions outside the UK. The other options are incorrect because while related to AML, they are not the most specific principle being violated. The Basel Committee’s principles are high-level guidance, the Vienna Convention primarily targets drug trafficking proceeds, and the Palermo Convention focuses on transnational organised crime more broadly, whereas FATF Rec 13 is the specific standard for the activity described.

This question tests knowledge of the UK Bribery Act 2010, a key piece of legislation for the CISI Combating Financial Crime exam. The Act has extra-territorial reach, meaning a UK-based firm can be prosecuted for bribery committed anywhere in the world. The scenario describes a payment that is likely a bribe to a foreign public official (an offence under Section 6 of the Act). The most significant risk for the firm itself is prosecution under Section 7, the corporate offence of ‘failing to prevent bribery’ by an ‘associated person’ (the local agent). The only defence against this charge is proving the firm had ‘adequate procedures’ in place to prevent bribery. The Act makes no exception for payments that are part of a ‘local custom’, nor does it permit ‘facilitation payments’ (small bribes to expedite routine government action), which were a grey area under previous legislation. The firm’s liability is not limited to actions of its direct employees but extends to agents acting on its behalf.

This question assesses understanding of the Financial Action Task Force (FATF) Recommendation 10 concerning Customer Due Diligence (CDD), a fundamental principle directly implemented into UK law. For the CISI Combating Financial Crime exam, it is crucial to know how international standards translate into national obligations. The UK’s Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLRs) codify the FATF standards. Regulation 28 explicitly requires firms to identify and verify the identity of customers and their beneficial owners before establishing a business relationship. Regulation 33(1)(this approach states that where a firm is unable to apply CDD measures, it ‘must not establish a business relationship’. Furthermore, if the inability to complete CDD raises suspicion of money laundering or terrorist financing, the firm must consider its reporting obligations under the Proceeds of Crime Act 2002 (POCA) and the Terrorism Act 2000 (TACT), which involves submitting a Suspicious Activity Report (SAR) to the UK’s National Crime Agency (NCA). Therefore, the correct course of action is twofold: cease the onboarding process and consider making a SAR. The other options are incorrect as they involve proceeding with the relationship, which is a direct breach of the MLRs, or misidentify the correct reporting authority for suspicion (it is the NCA, not the FCA).

This question assesses the candidate’s understanding of the three-stage model of money laundering, a fundamental concept in combating financial crime. The correct answer is ‘Placement’. 1. Placement: This is the first stage, where illicit funds (in this case, cash from drug sales) are physically introduced into the legitimate financial system. The scenario describes this perfectly: using ‘smurfs’ to make numerous small cash deposits to avoid detection thresholds. This is a classic placement technique. 2. Layering: This is the second stage, which involves creating complex layers of financial transactions to obscure the audit trail and sever the link between the funds and their criminal origin. Examples include moving money through various accounts in different jurisdictions or converting it into different financial instruments. 3. Integration: This is the final stage, where the laundered funds are reintroduced into the legitimate economy, appearing to have come from a legitimate source. This could involve purchasing property, luxury assets, or investing in a legitimate business. From a UK CISI exam perspective, this activity is criminalised under the Proceeds of Crime Act 2002 (POCA). The financial institution receiving these deposits has obligations under the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLR 2017) to have systems and controls in place to detect and report such suspicious activity. Guidance from the Joint Money Laundering Steering Group (JMLSG) provides practical assistance to firms on how to identify and handle suspicious transactions, including structured cash deposits (smurfing).

This question assesses the candidate’s ability to identify the specific criminal offence of insider dealing under UK legislation. The correct answer is dealing on the basis of inside information, which is a primary offence under Part V of the Criminal Justice Act 1993 (CJA 1993). The scenario provides all the necessary elements: the portfolio manager is an ‘insider’ because he obtained information from a primary insider (his brother-in-law); the information about the clinical trial results was specific, not public, and price-sensitive; and he ‘dealt’ in the related securities for personal gain. This activity would also be considered market abuse under the civil regime of the UK Market Abuse Regulation (MAR). The other options are incorrect. Market manipulation involves distorting the market (e.g., through misleading transactions), which is not what occurred. Laundering proceeds of crime relates to disguising the origins of illicit funds, which is not the primary offence here. While failing to obtain pre-trade clearance is a serious internal policy breach, it is a regulatory/procedural failing, not the principal criminal offence defined by the CJA 1993.

This question tests knowledge of the core requirements for a firm-wide risk assessment under UK anti-money laundering legislation. The correct answer is based on The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLR 2017), which is a cornerstone of the UK’s financial crime prevention framework and a key topic in the CISI Combating Financial Crime exam. Regulation 18 of MLR 2017 explicitly requires firms to conduct a written risk assessment to identify and assess their exposure to money laundering and terrorist financing. In doing so, the regulation mandates that firms must take into account specific risk factors, including: (this approach its customers; (other approaches the countries or geographic areas in which it operates; (other approaches its products or services; (other approaches its transactions; and (e) its delivery channels. The correct option directly lists these five mandatory risk categories. The other options are incorrect as they list factors that, while potentially relevant to a firm’s overall business risk, are not the specific categories mandated by MLR 2017 for the financial crime risk assessment. For instance, factors like staff turnover, share price performance, or the number of SARs filed are either operational risks, market indicators, or outputs of the control framework, not the foundational risk categories required for the initial assessment. The Joint Money Laundering Steering Group (JMLSG) Guidance, which is approved by HM Treasury and provides firms with practical guidance on interpreting the MLR 2017, further elaborates on these five core risk areas.

The correct answer identifies the most severe and specific offence based on the scenario. Under the UK’s Terrorism Act 2000 (TACT 2000), there is a legal obligation for individuals and firms in the regulated sector to report any knowledge or suspicion of terrorist financing to the National Crime Agency (NCA) by submitting a Suspicious Activity Report (SAR). Section 21A of TACT 2000 makes it a criminal offence to fail to disclose this information. The scenario describes classic indicators of potential terrorist financing (structured payments to a high-risk area) which should have triggered a suspicion and subsequent report. The failure to escalate and report is therefore a direct breach of TACT 2000. The other options are incorrect. While the firm’s systems and controls have clearly failed, which is a breach of the Money Laundering Regulations 2017 (MLRs 2017), the failure to report a formed suspicion is a more specific and serious criminal offence under TACT 2000. The Proceeds of Crime Act 2002 (POCA) primarily deals with money laundering, and while the reporting mechanisms are similar, the underlying suspected criminality in this case is terrorist financing, which is governed by TACT 2000. Finally, the Sanctions and Anti-Money Laundering Act 2018 (SAMLA) relates to breaches of financial sanctions regimes; the scenario does not state that the recipients were designated persons on a sanctions list, only that there was a suspicion of terrorist financing based on activity.

The correct answer is The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLRs). For the UK CISI exam, it is crucial to distinguish between the key pieces of anti-financial crime legislation. While the Proceeds of Crime Act 2002 (POCA) establishes the principal money laundering offences and the requirement to submit Suspicious Activity Reports (SARs), it is the MLRs that set out the detailed, prescriptive requirements for regulated firms. The MLRs mandate a risk-based approach and specify the practical systems and controls firms must implement, including Customer Due Diligence (CDD), ongoing monitoring, and record-keeping. The Financial Conduct Authority (FCA) uses its powers under the Financial Services and Markets Act 2000 (FSMA) to supervise firms for compliance with the MLRs, often detailed in its Senior Management Arrangements, Systems and Controls (SYSC) sourcebook. The Bribery Act 2010 is a separate piece of legislation focused specifically on bribery and corruption, not the broader AML/CDD framework. Therefore, any cost-benefit analysis suggesting a change to CDD procedures must first and foremost ensure full compliance with the detailed requirements of the MLRs.

This question tests the understanding of a firm’s obligations regarding ongoing monitoring of customer relationships under the UK’s anti-money laundering regime. The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLR 2017), specifically Regulation 28, mandates that firms conduct ongoing monitoring of a business relationship. This includes scrutinising transactions undertaken throughout the course of the relationship to ensure that the transactions are consistent with the firm’s knowledge of the customer, their business, and their risk profile. When a transaction alert, such as the one described, is triggered, the Joint Money Laundering Steering Group (JMLSG) Guidance advises that the first step is to examine the activity to understand its background and purpose. The correct action is to conduct further scrutiny and engage with the customer to refresh the Customer Due Diligence (CDD) information, understand the change in business activity, and verify the source of funds. Filing a Suspicious Activity Report (SAR) with the National Crime Agency (NCA) is only required once a firm has formed a suspicion of money laundering, which typically follows an initial investigation. Immediately freezing the account or re-classifying the risk without investigation is inappropriate and not aligned with a risk-based approach. Ignoring the alert is a clear breach of regulatory duties.

This question assesses the application of a risk-based approach as mandated by UK financial crime legislation. The correct answer is the client who is a Politically Exposed Person (PEP) from a high-risk third country. According to the UK’s Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLRs 2017), firms must apply a risk-based approach (Regulation 33) to identify and assess money laundering risks. Regulation 35 specifically mandates the application of Enhanced Due Diligence (EDD) for any business relationship with a PEP. Furthermore, guidance from the Joint Money Laundering Steering Group (JMLSG) highlights that several factors compound risk, including the client’s jurisdiction (a high-risk third country), the use of complex or opaque corporate structures (the trust), and the PEP status itself, as PEPs are considered to be in positions that can be abused for the purpose of committing money laundering and corruption offences. The other options represent significantly lower risk profiles: a UK-regulated pension fund is a low-risk entity; a domestic charity with transparent accounts is lower risk; and a tech entrepreneur from a low-risk jurisdiction with a clear source of wealth, while requiring due diligence, does not have the combination of high-risk indicators present in the correct answer.

Under the UK’s Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLR 2017), when a firm identifies a new or existing client as a Politically Exposed Person (PEP), it is mandated to apply Enhanced Due Diligence (EDD). Regulation 35 of MLR 2017 specifies the required EDD measures. A critical and mandatory step, which must be taken before the business relationship is established, is to obtain approval from senior management. This ensures that the firm’s leadership is aware of and accepts the heightened risks associated with the PEP relationship. Filing a Suspicious Activity Report (SAR) is incorrect as PEP status alone is not grounds for suspicion. Applying standard due diligence is a direct contravention of the regulations. While a firm can refuse a client based on its risk appetite, an automatic refusal is contrary to the Financial Conduct Authority’s (FCA) guidance, which promotes a risk-based approach rather than wholesale de-risking.

The correct answer is to report the suspicion internally to the firm’s Nominated Officer. Under the UK’s Proceeds of Crime Act 2002 (POCA), tax evasion is a criminal offence, and the funds derived from it are considered ‘criminal property’. By stating the funds are from ‘undeclared cash-in-hand work’, the client has raised a clear suspicion of money laundering. For an individual working in the regulated sector, such as a wealth manager, there is a legal obligation under Section 331 of POCA to report any knowledge or suspicion of money laundering to the firm’s Nominated Officer (also known as the Money Laundering Reporting Officer – MLRO) as soon as is reasonably practicable. Proceeding with the transaction would risk committing a principal money laundering offence under POCA, such as ‘arranging’ (Section 328). Advising the client to declare the income could constitute the offence of ‘tipping off’ under Section 333A of POCA. While a Suspicious Activity Report (SAR) must be filed with the National Crime Agency (NCA), the correct internal procedure for an employee is to report to the Nominated Officer, who then makes the decision on external reporting.

The correct answer is to submit a SAR to the National Crime Agency (NCA) without delay. Under the UK’s Proceeds of Crime Act 2002 (POCA), specifically Section 330, individuals in the regulated sector have a legal obligation to report knowledge or suspicion of money laundering to their firm’s Money Laundering Reporting Officer (MLRO). The MLRO then has a duty to report this to the NCA. The threshold for reporting is ‘suspicion,’ which is more than a vague feeling of unease but does not require proof. Commercial considerations, such as damaging a client relationship, are not a valid reason to fail to report. Informing the client would constitute the offence of ‘tipping off’ under Section 333A of POCA. While a Defence Against Money Laundering (DAML) SAR might be appropriate if the firm wishes to proceed with the transaction, the primary and immediate obligation upon forming a suspicion is to make a report to the NCA. Prioritising the client relationship over this legal duty could lead to severe criminal penalties for both the individual and the firm.

The correct answer identifies the most significant red flag indicating the ‘layering’ stage of money laundering. While all the options are valid red flags that would contribute to a high-risk client profile under the UK’s Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLR 2017), the rapid movement of a large sum through the account with no apparent business purpose is the most compelling indicator of active financial crime. This ‘pass-through’ activity is a classic money laundering typology designed to obscure the origin of funds. Under the Proceeds of Crime Act 2002 (POCA), this activity would form the basis of a suspicion of dealing with criminal property, legally obligating the compliance officer to submit a Suspicious Activity Report (SAR) to the National Crime Agency (NCA). The Joint Money Laundering Steering Group (JMLSG) guidance specifically highlights such transactional behaviour as a key indicator requiring immediate scrutiny and reporting.

The correct answer identifies the key whistleblower provisions established under Section 922 of the US Dodd-Frank Act. For a UK CISI Combating Financial Crime exam, it is crucial to understand the extraterritorial reach of this US legislation and how it contrasts with the UK’s domestic framework. The Dodd-Frank Act created a powerful incentive structure by offering significant financial rewards (10-30% of monetary sanctions exceeding $1 million) to individuals who provide original information about securities law violations to the US Securities and Exchange Commission (SEC). It also provides robust anti-retaliation protections. This is distinct from the UK’s primary whistleblowing legislation, the Public Interest Disclosure Act 1998 (PIDA), which offers legal protection from detriment or dismissal but does not provide for financial rewards. Furthermore, the UK’s Financial Conduct Authority (FCA) rules, particularly in the Senior Management Arrangements, Systems and Controls (SYSC) sourcebook (SYSC 18), mandate that firms establish effective internal whistleblowing arrangements and appoint a ‘whistleblowers’ champion’. However, Dodd-Frank’s provisions allow a whistleblower, even in the UK, to bypass these internal channels and report directly to the US regulator, creating a complex compliance landscape for multinational firms.

This question assesses understanding of the evolution of European Union Anti-Money Laundering Directives (AMLDs) and their direct implementation into UK law. The UK’s primary AML/CTF legislation, the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLR 2017), was based on the EU’s 4th Anti-Money Laundering Directive (4AMLD). However, the UK subsequently implemented the 5th Anti-Money Laundering Directive (5AMLD) through the Money Laundering and Terrorist Financing (Amendment) Regulations 2019. A key change introduced by 5AMLD was the enhancement of due diligence measures, including a more robust approach to identifying beneficial owners and requiring firms to report any discrepancies they find between their own information and the information held on the central beneficial ownership register (at Companies House in the UK). Therefore, simply relying on a policy aligned only with the original 4AMLD/MLR 2017 is non-compliant. The correct action is to update procedures to align with the current UK law, which incorporates the requirements of 5AMLD, demonstrating a proactive and compliant approach to the evolving regulatory landscape.

The correct answer is based on the specific obligations under the UK’s Terrorism Act 2000 (TACT 2000). Section 19 of TACT creates a criminal offence for a person in the regulated sector who fails to disclose information to the authorities as soon as is reasonably practicable. This disclosure, a Suspicious Activity Report (SAR) to the National Crime Agency (NCA), is required if they know, suspect, or have reasonable grounds for knowing or suspecting that another person has committed a terrorist financing offence. The scenario describes multiple red flags for terrorist financing (e.g., small, regular payments from multiple sources, a high-risk jurisdiction, and immediate withdrawal/transfer to an unregulated entity), which constitute ‘reasonable grounds for suspicion’. The relationship manager’s failure to escalate this means the firm is at significant risk of committing this specific criminal offence. While there are failures in ongoing monitoring under the Money Laundering Regulations 2017, the primary criminal offence related to the non-reporting of the specific suspicion falls under TACT 2000. The other offences, such as entering a funding arrangement (TACT Section 17) or concealing property (POCA 2002), require a higher level of knowledge or intent than the failure to report a suspicion.

This question assesses the candidate’s ability to differentiate between the key pieces of UK financial crime legislation and their specific functions, a core topic for the CISI Combating Financial Crime exam. The correct answer is The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLRs). The MLRs are the primary UK legislative instrument that translates the EU Money Laundering Directives into UK law, setting out the detailed, prescriptive and preventative obligations for regulated firms. These include the specific requirements for conducting Customer Due Diligence (CDD), risk assessments, ongoing monitoring, and maintaining appropriate policies and procedures. The other options are incorrect for the following reasons: – The Proceeds of Crime Act 2002 (POCA) is the UK’s principal legislation that criminalises money laundering. It establishes the main money laundering offences (e.g., concealing, arranging, acquiring criminal property under sections 327-329) and the legal framework for submitting Suspicious Activity Reports (SARs) to the National Crime Agency (NCA). While fundamental to the AML regime, it does not detail the specific administrative CDD procedures firms must follow; those are mandated by the MLRs. – The Bribery Act 2010 specifically addresses bribery and corruption. It creates offences such as offering or receiving a bribe and the corporate offence of ‘failure of a commercial organisation to prevent bribery’. It is not concerned with CDD for anti-money laundering purposes. – The Criminal Finances Act 2017 introduced significant new powers, including Unexplained Wealth Orders (UWOs) and the corporate criminal offences of failing to prevent the facilitation of UK or foreign tax evasion. It enhances the UK’s anti-financial crime toolkit but is not the source of the core CDD obligations for regulated firms.

The correct answer is based on Section 7 of the UK Bribery Act 2010, a key piece of legislation for the CISI Combating Financial Crime exam. This section introduces the corporate offence of ‘failure of a commercial organisation to prevent bribery’. In the scenario, UKBuild PLC is a ‘relevant commercial organisation’ as it is incorporated in the UK. The local agent is an ‘associated person’ performing services on behalf of the company. The payment, described as a ‘success fee’ to ‘ensure smooth processing’, is a significant red flag for a bribe being paid to a foreign public official (an offence under Section 6 of the Act) by the agent. If this bribe is paid, UKBuild PLC would be liable under Section 7 for failing to prevent it. The only defence is for the company to prove it had ‘adequate procedures’ in place to prevent bribery, which the compliance department’s flag suggests may be insufficient or are being bypassed. other approaches is incorrect because the UK Bribery Act 2010 makes no exception for facilitation payments; they are illegal. other approaches is incorrect because while the company’s directors could be liable for consenting or conniving in bribery, the primary corporate-level offence is the failure to prevent it. other approaches is incorrect because while the funds involved could become criminal property under the Proceeds of Crime Act 2002 (POCA), the principal offence being committed relates directly to bribery under the specific and stringent UK Bribery Act 2010.

This question assesses understanding of the Financial Action Task Force (FATF) Recommendations, specifically Recommendation 1, which mandates the adoption of a risk-based approach (RBA). The correct answer demonstrates the core principle of the RBA: identifying, assessing, and understanding money laundering and terrorist financing risks, and then applying commensurate measures to mitigate them. In the UK, this FATF standard is enshrined in law through the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLRs 2017). Regulation 18 requires firms to take appropriate steps to identify and assess risks, while Regulation 33 allows for the application of Simplified Due Diligence (SDD) in low-risk situations and Regulation 33 requires Enhanced Due Diligence (EDD) for high-risk situations, such as for Politically Exposed Persons (PEPs). Applying a uniform, high level of scrutiny to all clients is inefficient and contrary to the RBA. Refusing all business from a specific jurisdiction without individual assessment is a form of de-risking that can be misaligned with the RBA’s nuanced approach. Filing SARs based on a fixed monetary threshold is incorrect; under the Proceeds of Crime Act 2002 (POCA), SARs must be filed based on knowledge or suspicion of criminal property, regardless of the amount.

Under the UK’s Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLR 2017), a business relationship with a Politically Exposed Person (PEP) automatically requires the application of Enhanced Due Diligence (EDD). Regulation 35 of MLR 2017 specifically mandates several steps for PEPs. Crucially, a firm must obtain senior management approval before establishing or continuing a business relationship with a PEP. Additionally, the firm must take adequate measures to establish the source of wealth and source of funds for the transaction or relationship, and conduct enhanced ongoing monitoring. Simply applying standard due diligence or proceeding without senior management approval would be a direct breach of these regulations. Filing a SAR is not appropriate at this stage, as being a PEP is a risk factor requiring management, not an automatic indicator of criminal activity.

The correct answer is based on the fundamental principle of the risk-based approach (RBA), which is mandated by UK regulation. Regulation 18 of The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLR 2017) requires firms to conduct a comprehensive business risk assessment to identify, understand, and evaluate their exposure to financial crime. This assessment must consider risk factors related to customers, products/services, delivery channels, and geographic areas of operation. The scenario describes significant changes in all these areas (new HNWIs, complex products, online channel, high-risk jurisdictions). Therefore, the first and most critical step is to formally assess these new risks. This assessment forms the foundation for developing all other appropriate policies, controls, and procedures, such as enhanced due diligence (EDD), staff training, and system updates. The Joint Money Laundering Steering Group (JMLSG) guidance, which is considered best practice in the UK, heavily emphasizes that the risk assessment is the starting point for an effective AML/CTF framework. Implementing EDD or training before conducting a risk assessment would be reactive and may not adequately address the specific risks identified.

The correct answer is to submit a Suspicious Activity Report (SAR) to the National Crime Agency (NCA). Under the UK’s Terrorism Act 2000 (TA 2000), there is a legal obligation for individuals in the regulated sector to report any information that comes to them in the course of their business where they have a suspicion that another person is involved in terrorist financing. The threshold for reporting is ‘suspicion,’ not concrete proof. Delaying the report to conduct a further internal investigation is a breach of this obligation. The report must be made to the NCA as soon as is reasonably practicable. Referring to the Proceeds of Crime Act 2002 (POCA) and seeking a Defence Against Money Laundering (DAML) is incorrect. While the reporting mechanism (a SAR to the NCA) is the same, the legal framework is different. POCA deals with money laundering, whereas TA 2000 deals with terrorist financing. A DAML is a specific provision under POCA to gain consent to proceed with a transaction suspected of involving criminal property; it is not the appropriate mechanism for a terrorist financing suspicion, where the primary duty is to report and cease activity. Reporting to the Financial Conduct Authority (FCA) is also incorrect. The FCA is the UK’s conduct regulator and is concerned with a firm’s systems and controls, but the designated authority for receiving SARs for both money laundering and terrorist financing is the NCA. Freezing the account without direction from law enforcement and before filing a SAR could risk tipping off the client, which is a separate criminal offence.

This question assesses the ability to identify a specific type of financial crime from a given scenario, a core competency for the CISI Combating Financial Crime exam. The correct answer is bribery and corruption. The UK Bribery Act 2010 defines bribery as offering, promising, or giving a financial or other advantage to another person to induce them to perform a relevant function or activity improperly. In this scenario, the procurement manager is accepting a financial advantage (a portion of the overpayment) to improperly perform their function of approving invoices, which constitutes corruption. The other options are incorrect: Market abuse, governed by the UK Market Abuse Regulation (MAR), involves insider dealing or market manipulation, which is not depicted. Tax evasion is the illegal non-payment or under-payment of tax, and while the manager may also be committing this, the primary crime described is the corrupt act itself. Fraud by false representation involves making a false statement to make a gain or cause a loss, which is related but less specific than the clear act of bribery and corruption shown.

This question assesses the candidate’s understanding of how international standards, specifically those from the Financial Action Task Force (FATF), are integrated into UK law. The correct answer is to apply Enhanced Due Diligence (EDD). The UK’s Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLRs 2017), specifically Regulation 33, mandates that firms must apply EDD measures in situations presenting a higher risk of money laundering or terrorist financing. A key trigger for EDD is when a client is established in a ‘high-risk third country’. The FATF’s list of ‘Jurisdictions under Increased Monitoring’ (the ‘grey list’) identifies countries with strategic deficiencies in their AML/CFT regimes. UK regulations require firms to treat these jurisdictions as high-risk, thus mandating EDD. Simply terminating the relationship is not the required first step; a risk-based approach involving EDD is necessary. Proceeding with standard CDD would be a regulatory breach, as the high-risk factor has been clearly identified. Involving the Office of Financial Sanctions Implementation (OFSI) is incorrect as this relates to financial sanctions regimes, not the general AML/CFT risk ratings provided by FATF.

This question assesses the core requirements of a firm-wide financial crime risk assessment under UK regulations. The correct answer is to conduct a comprehensive, documented review that specifically evaluates the firm’s unique risk exposures. This aligns directly with Regulation 18 of The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLR 2017), which mandates that firms must identify and assess the risks of money laundering and terrorist financing to which their business is subject. The Joint Money Laundering Steering Group (JMLSG) guidance, which is considered standard practice in the UK, further clarifies that this assessment must consider specific risk factors, including the firm’s customer base, the countries or geographies it deals with, its products and services, its transactions, and its delivery channels. The firm’s current generic approach is non-compliant. Simply increasing the monitoring budget or exiting all high-risk relationships is a disproportionate and ineffective response that ignores the nuances of a risk-based approach. Training is essential, but it must be informed by a properly conducted risk assessment, making the assessment itself the priority.

This question assesses understanding of ongoing monitoring obligations under the UK’s anti-money laundering regime. The correct answer is that the primary failure was the lack of scrutiny of transactions to ensure they were consistent with the firm’s knowledge of the customer. Under the UK’s Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLR 2017), specifically Regulation 28(11), firms are required to conduct ongoing monitoring of a business relationship. This includes scrutinising transactions to ensure they are consistent with the firm’s knowledge of the customer, their business, and risk profile. The Joint Money Laundering Steering Group (JMLSG) guidance, which is considered best practice for UK financial institutions, reinforces that a long-standing relationship does not remove this obligation; in fact, any change in a customer’s transaction patterns should trigger enhanced scrutiny. The relationship manager’s decision to override the alert based on the client’s tenure without any further investigation is a direct breach of this core requirement. The other options are incorrect because: – The firm did have a transaction monitoring system; it generated the necessary alerts. – The failure was not in the initial CDD, but in the ongoing monitoring phase of the relationship. – While a Suspicious Activity Report (SAR) should have been considered, the primary process failure was the lack of investigation and scrutiny which is the necessary step before a firm can form the suspicion required to file a SAR under the Proceeds of Crime Act 2002 (POCA).