CISI Combating Financial Crime study guide for combating corruption and using corruption indicators, with learning objectives, UK control cues, and exam traps.
Combating corruption and using corruption indicators belongs to the CISI Combating Financial Crime Bribery and Corruption exam topic, weighted at 6%. Study it as a UK financial-crime control lesson: the paper usually asks whether you can classify the risk, place the right authority or obligation, and choose the next defensible control, escalation, or reporting step.
| Concept | What to know for CISI CFC review |
|---|---|
| Corruption indicators | External risk signals that help assess country, sector, public-sector, procurement, and institutional vulnerability. |
| Benchmark limitation | Indicators guide risk assessment but do not prove that a specific customer, employee, or third party is corrupt. |
| Sector exposure | Defence, infrastructure, extractives, public procurement, licensing, customs, and state-owned enterprises often carry heightened risk. |
| Intermediary risk | Agents and consultants can obscure who receives value and why a decision is made. |
| Control objective | Use indicators to calibrate due diligence, approvals, monitoring, training, and escalation. |
Corruption indicators are inputs to judgment. They can come from international organizations, public-sector assessments, adverse media, enforcement actions, country-risk publications, procurement history, sanctions information, and internal experience. They help the firm decide where controls need to be stronger.
The exam trap is overreliance. A high-corruption jurisdiction does not prove every transaction is corrupt. A lower-risk jurisdiction does not eliminate risk. A sound answer uses indicators to ask better questions: who is involved, what decision is being influenced, what value is being transferred, and what evidence supports the business purpose?
Corruption indicators should move the firm from broad risk awareness to specific action. A good exam answer does not stop at “country is high risk.” It identifies the corruption route and then strengthens controls around the relevant people, payments, approvals, and evidence.
| Step | Question to ask | Better action |
|---|---|---|
| identify jurisdiction risk | does the country or region have corruption, procurement, customs, licensing, or enforcement weaknesses? | raise due-diligence intensity, but avoid assuming guilt |
| identify sector risk | does the transaction involve public contracts, extractives, defence, infrastructure, healthcare, customs, or licences? | require sector-aware review and senior approval |
| identify actor risk | are public officials, state-owned enterprises, politically exposed persons, agents, or connected parties involved? | perform ownership, role, and conflict checks |
| identify value transfer | is value moving through fees, gifts, donations, sponsorships, discounts, employment, or offshore payments? | test purpose, proportionality, and recipient legitimacy |
| identify evidence gap | can the firm prove services, commercial rationale, and payment route? | pause approval until evidence supports the arrangement |
| decide escalation | do unresolved indicators suggest improper influence? | escalate to compliance, legal, or senior anti-bribery owner |
This sequence keeps indicators in their proper role. They are not proof, but they tell the firm where proof or stronger evidence is needed.
| Indicator | What it suggests |
|---|---|
| Country or regional weakness | Enhanced scrutiny may be needed for public officials, licensing, customs, procurement, and intermediaries. |
| State-owned enterprise involvement | The counterparty may involve public-official risk even when it looks commercial. |
| Opaque procurement | Tender timing, specifications, or evaluation can be manipulated. |
| Third-party payment route | A consultant or introducer may be used to move value to a decision maker. |
| Poor institution or enforcement history | Documentation and independent verification become more important. |
| Unusual contractual terms | Vague services, high success fees, or offshore accounts can indicate hidden value transfer. |
Country and sector indicators are most useful when they explain why a normal-looking transaction deserves more scrutiny. A success fee in a low-risk private contract may be ordinary. The same success fee in a public-infrastructure bid in a jurisdiction with weak procurement controls may require enhanced review.
| Indicator | Why it matters | Stronger control |
|---|---|---|
| public procurement exposure | decisions may be influenced by officials, tender criteria, or intermediaries | tender-document review, conflict checks, and senior approval |
| customs or licensing dependence | small facilitation payments may be disguised as routine fees | review official fee schedules and reject unofficial payments |
| extractives or infrastructure sector | large contracts and state approvals increase bribery incentives | enhanced third-party due diligence and payment monitoring |
| state-owned enterprise | counterparty may involve public-official or government-influence risk | identify decision makers, owners, and approval chain |
| weak enforcement environment | local acceptance of improper payments may be normalized | apply firm standards and document refusal/escalation |
| recent corruption enforcement | typologies may reveal similar risks in the firm’s transaction | compare facts to published red flags and update controls |
The exam may describe country risk indirectly: slow permits, unofficial expedite fees, politically connected consultants, vague procurement criteria, or pressure to route payments through a local intermediary. Treat these as practical indicators even if no index is named.
Third parties are central because they can turn a payment from the firm into value for a hidden decision maker. A firm may face risk even if it does not pay the bribe directly, especially where the third party acts on the firm’s behalf or is retained to influence a decision.
| Red flag | What to ask | Better control response |
|---|---|---|
| high success fee | does the fee match legitimate services and market rates? | benchmark fee and require detailed service evidence |
| refusal to disclose ownership | is a public official, family member, or conflicted person hidden? | do not approve until ownership and control are resolved |
| recommended by official | is the intermediary a required conduit for improper influence? | escalate and test independence before appointment |
| vague consulting scope | what service will be delivered and how will it be evidenced? | tighten contract scope, deliverables, and invoicing evidence |
| offshore or unrelated account | why is payment not made to the contracted party? | verify account ownership and reject unsupported routes |
| no relevant expertise | why is this party needed for the transaction? | reassess business rationale and procurement process |
| urgency before award | is the payment tied to influencing a decision? | pause approval and escalate timing concern |
The strongest exam answer normally combines due diligence with payment control. It is not enough to identify a risky intermediary if invoices, contracts, and bank-account changes can still bypass review.
International bodies and initiatives do not approve individual transactions for a firm. Their role is to set standards, publish risk information, support cooperation, benchmark country performance, and identify typologies. The firm then uses that information inside its own anti-bribery and corruption framework.
For CISI purposes, keep the roles separate:
| Body or source type | Practical use by a firm |
|---|---|
| International standard setters | Shape anti-corruption expectations and cooperation principles. |
| Transparency or country-risk indices | Inform jurisdictional risk ratings and due-diligence intensity. |
| Enforcement publications | Provide typologies, red flags, and examples of control failures. |
| Development or public-sector reports | Highlight procurement, customs, licensing, and institutional weaknesses. |
| Internal incidents and audit findings | Convert external risk indicators into firm-specific remediation. |
External material helps the firm assess risk, but it should not be used mechanically. A country index, public report, adverse media item, or enforcement notice can justify enhanced review, but the firm still needs transaction-specific analysis.
| Source | Useful for | Not enough for |
|---|---|---|
| country-risk index | setting geographic risk and due-diligence depth | proving a specific person is corrupt |
| enforcement action | identifying typologies and control failures | assuming every similar transaction is unlawful |
| adverse media | prompting inquiry into named parties or practices | replacing verified evidence |
| public procurement report | identifying sector vulnerabilities | approving or rejecting without firm review |
| sanctions or PEP data | identifying connected-party and public-official exposure | proving bribery without additional facts |
| internal audit finding | showing control weakness in the firm | concluding all transactions in the area are improper |
Exam answers should avoid two extremes: treating indicators as proof, or dismissing them as irrelevant. The correct use is to calibrate inquiry, controls, and escalation.
Indicators should drive proportionate controls, not automatic rejection. A higher-risk case may require enhanced third-party due diligence, senior approval, contract review, beneficial ownership checks, payment-account verification, gifts and hospitality review, procurement-record review, monitoring of invoices, or targeted staff training.
The answer should also preserve commercial realism. A firm can do legitimate business in higher-risk markets, but it needs evidence that the transaction is genuine, the counterparties are understood, the payment route is defensible, and decision makers are not improperly influenced.
| Combined indicators | Control response |
|---|---|
| high-risk jurisdiction plus public procurement | enhanced review of tender process, decision makers, and local-law constraints |
| politically connected consultant plus success fee | ownership review, conflict checks, fee benchmarking, and senior approval |
| vague invoice plus offshore payment | hold payment, require service evidence, verify account, and escalate |
| state-owned enterprise plus hospitality | gifts/hospitality approval, proportionality review, and public-official analysis |
| weak due diligence plus urgent onboarding | pause onboarding until ownership, purpose, and payment route are evidenced |
| internal audit finding plus similar transaction | remediate controls and test whether the pattern is wider |
| adverse media plus intermediary refusal | escalate, document concerns, and do not approve until resolved |
Corruption controls need evidence because many improper payments are disguised as legitimate business costs. The firm should be able to show why the payment, appointment, or benefit was approved, who reviewed it, and what changed if red flags appeared.
| Evidence | What it demonstrates |
|---|---|
| beneficial-ownership records | the firm knows who controls the third party or counterparty |
| services description and deliverables | the fee has a legitimate business purpose |
| fee benchmarking | compensation is proportionate to real work |
| public-official and conflict checks | decision makers and connected parties were assessed |
| contract terms | anti-bribery clauses, audit rights, and payment terms were defined |
| invoice and payment records | payment matches contracted services and approved account |
| gifts and hospitality register | benefits were transparent, proportionate, and approved |
| escalation notes | unresolved indicators were reviewed by the right function |
| monitoring or audit results | the control continued after onboarding or appointment |
Unsupported comfort is not enough. Phrases such as “local custom,” “relationship fee,” “urgent market practice,” or “consultant knows the ministry” should increase scrutiny rather than reduce it.
| Trigger | Why escalation is needed |
|---|---|
| public official or SOE connection is hidden or unclear | improper influence may be concealed |
| payment route differs from contracted party | value may be diverted to a hidden recipient |
| intermediary refuses ownership disclosure | conflicts or politically connected persons may be hidden |
| requested fee is disproportionate | excess value may fund a kickback |
| gift or hospitality is timed before an award | benefit may influence a decision |
| staff are pressured to approve despite missing evidence | control override risk exists |
| local law or procurement process is unclear | legal and compliance review is needed before proceeding |
Escalation does not always mean rejection. It means the firm should stop treating the matter as ordinary low-risk business until the concerns are resolved and documented.
| Scenario cue | Better answer pattern |
|---|---|
| “everyone pays this facilitation fee” | apply firm policy, reject improper payment, and escalate |
| “the official recommended this adviser” | test whether the adviser is a conduit for improper influence |
| “success fee is payable only if licence is granted” | assess whether value is tied to official action |
| “invoice describes strategic support only” | require evidence of real services before payment |
| “payment account belongs to another company” | verify recipient and pause unsupported payment |
| “country index is high risk but evidence is clean” | enhance review proportionately, not automatic rejection |
| “country index is low risk but red flags are strong” | escalate based on transaction-specific facts |
A firm is considering a public-infrastructure transaction in a country with elevated corruption-risk indicators. A local intermediary requests a large success fee and refuses to identify its beneficial owner. What is the best use of the corruption indicators in this scenario?
A. They prove that the intermediary is corrupt, so no internal review is needed. B. They should be ignored because country-level indicators never apply to individual transactions. C. They should trigger enhanced due diligence, ownership review, fee scrutiny, senior approval, and escalation if the concerns remain unresolved. D. They allow the firm to approve the intermediary as long as the project is commercially attractive.
Answer: C. Corruption indicators inform risk-based controls; they do not by themselves prove misconduct or remove the firm’s need for evidence. The combination of public infrastructure, high-risk jurisdiction, opaque ownership, and large success fee requires enhanced scrutiny.
When revising, group indicators into country, sector, counterparty, transaction, payment, and behaviour. Exam questions usually combine at least two of those categories. The better answer recognizes the combined risk and strengthens controls proportionately.
Also practise converting each indicator into a control. “High-risk public procurement” should lead to tender and decision-maker review. “Opaque intermediary” should lead to ownership and services evidence. “Offshore payment” should lead to payment-account verification and escalation.
Return to the CISI Combating Financial Crime guide for the full exam-topic table, or use the CFC Cheat Sheet for threat classification, UK authority cues, and final review prompts.