Browse CISI Exam Guides: UK RPI, IRT, Risk, CFC & Investment Management

Combating Financial Crime Cheat Sheet — High-Yield Concepts, UK Terms, and Common Traps

April 12, 2026

High-yield CISI Combating Financial Crime reference covering format, weighted topics, UK-specific distinctions, and fast review cues.

On this page

Use this as a saved recall page after the guide structure is already clear. It works best once you know where each chapter sits inside the paper.

Quick links:

At a glance

  • Exam role: a focused compliance and financial-crime paper with UK and international relevance
  • Official format: 50 multiple choice questions in 1 hour
  • Award structure: can be taken as the stand-alone Level 3 Award or combined with a regulatory paper for the wider certificate route
  • Best fit: compliance, AML, financial-crime, surveillance, onboarding, and risk candidates who need a differentiated anti-financial-crime guide rather than a broad advice or markets route
  • Common mistake: turning a UK CISI paper into generic finance revision with nicer spelling

Weighted coverage buckets

TopicOfficial weightingWhat it is really doing
Money Laundering8%expect crime-type classification, control design, and escalation-route logic
Financial Crime Risk Management8%expect UK body, rule, permission, or escalation-route distinctions rather than product recall only
The Role of the Financial Services Sector7%expect the exam to test the decisive distinction in this section rather than every detail equally
Bribery and Corruption6%expect crime-type classification, control design, and escalation-route logic
The Background and Nature of Financial Crime5%expect UK body, rule, permission, or escalation-route distinctions rather than product recall only

Fast route check

If your role sounds most like…Better first CISI instinct
AML, sanctions, monitoring, onboarding, MLRO support, or financial-crime controlsCombating Financial Crime can fit well
broad enterprise risk, governance, limits, and oversightRisk in Financial Services may fit better first
UK retail-advice conduct and regulatory permissionsUK Regulation and Professional Integrity is usually the better first move
operations career with a wider qualification wrapperIOC may be the better route if you need the broader operations structure

Better first instinct

If the prompt feels most like…Better first instinct
suspicious funds, source of wealth, layering, unusual transfers, or criminal propertyclassify money laundering and then decide whether onboarding, monitoring, reporting, or record evidence is weak
extremist purpose, small-value movement, charity misuse, or cross-border support networkclassify terrorist financing and focus on purpose, destination, and escalation rather than transaction size alone
gifts, facilitation payments, public officials, agents, or procurementclassify bribery or corruption and assess adequate procedures, third-party controls, and senior accountability
false statements, account takeover, scams, internal dishonesty, or market manipulationseparate fraud, market abuse, and insider dealing before choosing the control response
sanctioned person, country, sector, ownership link, or asset freezeclassify sanctions risk and check screening, escalation, freeze, and reporting logic
weak governance, ignored alerts, poor MI, or under-resourced compliancetreat it as financial-crime risk management, not as a single transaction problem

Financial-crime classifier

Threat familyFast recognition cueStrong control response
Money launderingcriminal property enters or moves through the systemCDD, EDD, monitoring, suspicious activity escalation, records
Terrorist financingvalue supports terrorist purpose, sometimes in small or legitimate-looking amountspurpose-focused due diligence, sanctions screening, escalation, information sharing
Bribery and corruptionimproper advantage, inducement, facilitation, agent or public-official riskgifts and hospitality controls, third-party due diligence, training, senior tone
Frauddeception for gain or loss avoidanceprevention controls, verification, investigation, reporting, remediation
Market abuseinside information, manipulation, improper disclosure, misleading behavioursurveillance, restricted lists, wall-crossing controls, escalation
Tax evasion facilitationhelping another party evade tax or hide taxable assetsprevention procedures, staff training, risk assessment, escalation
Sanctions breachprohibited party, ownership, control, geography, sector, or asset dealingscreening, freeze, reject or block logic, licensing check, reporting

Red-flag pattern map

PatternWhy it matters
complex structure with unclear beneficial ownermay hide control, source of wealth, or sanctioned ownership
transactions inconsistent with customer profilemay indicate laundering, fraud, mule activity, or sanctions evasion
urgency plus secrecyoften appears in bribery, fraud, or suspicious transfer cases
third-party payment with weak rationalecan indicate layering, corruption, or fraud
politically exposed person plus unusual fundsincreases bribery, corruption, and source-of-wealth risk
payment routed through high-risk jurisdictionmay increase AML, sanctions, tax, or terrorist-financing concern
employee overrides alerts without evidenceturns a customer risk into a governance and culture problem

Money laundering stage sorter

Stage or patternWhat the criminal is trying to doExam control cue
Placementintroduce criminal value into a financial channelsource of funds, cash activity, unusual account opening, onboarding checks
Layeringdistance funds from source or ownerrapid transfers, circular flows, shell companies, securities trades without rationale
Integrationmake proceeds look like legitimate wealthproperty, investments, business revenue, loan repayment, apparent sale proceeds
Predicate offencegenerate the criminal propertyfraud, bribery, tax evasion, corruption, trafficking, cybercrime
Professional facilitationdesign or legitimise the schemelawyer, accountant, adviser, agent, introducer, trust or company service provider

Authority and body role sorter

Body or roleWhat it doesDo not confuse with
FATFinternational standard setting, typologies, mutual evaluationsreceiving a firm’s SAR or prosecuting a customer
FIU / NCA-style rolereceives and analyses suspicious activity informationthe firm’s own MLRO decision process
FCAsupervises regulated firms’ systems, controls, governance, and conductcriminal prosecution of every underlying offence
OFSI-style sanctions authoritysanctions implementation, asset-freeze discipline, reporting or licensing issuesordinary AML suspicion review
HMRC or tax authoritytax enforcement and tax-evasion contextgeneric money-laundering-only analysis
Law enforcementinvestigates crime and gathers evidenceday-to-day firm screening or onboarding
Firm / MLROoperates controls, assesses suspicion, preserves records, escalates and reports where appropriatepublic authority investigation powers

Sanctions decision cues

Stem clueStronger response
name match with designated personinvestigate match quality, escalate, and avoid release until resolved
ownership or control by listed personassess control, not just direct name match
asset freezestop dealing with funds or economic resources and preserve evidence
licence possibilityroute to sanctions/legal process; do not improvise permission
sectoral or jurisdictional restrictioncheck activity, goods, services, counterparties, and geography
stale screening dataupdate lists, re-screen, and review process weakness

Bribery and corruption cues

CueWhat to test
public official or state-owned enterpriseofficial-risk exposure and approval controls
agent or introducerdue diligence, beneficial ownership, fee rationale, contract, monitoring
facilitation paymentdo not assume local custom makes it acceptable
gifts or hospitalityvalue, timing, recipient, purpose, approvals, register
procurement or licence decisionpossible improper influence
vague invoice or success feehidden value transfer and books-and-records concern
adequate proceduresproportionate controls, top-level commitment, risk assessment, due diligence, training, monitoring

Tax evasion and facilitation cues

CueFirst question
offshore transfer before disclosure deadlineis the customer hiding taxable assets or income?
request not to document tax purposeis there dishonest concealment or facilitation risk?
false invoiceis the record designed to disguise income, expense, or ownership?
adviser or employee helps conceal ownershipcould an associated person be facilitating evasion?
tax-efficient wrapperis it legal planning or is there concealment, sham purpose, or false information?
foreign tax issuedo not dismiss automatically; assess cross-border facilitation and escalation needs

Suspicious activity handling

If the firm has…Better next step
unusual facts but no suspicion yetgather available information through normal controls and document rationale
knowledge or suspicion of launderingescalate internally to MLRO / financial-crime route
customer asks why activity is delayedavoid tipping off; use authorised internal guidance
planned activity involving possible criminal propertypreserve facts and consider DAML / consent route where relevant
poor records supporting the decisionremediate evidence weakness before closing the case
repeated similar alertstreat as possible control or typology issue, not isolated noise

Firm-control failure cues

FailureWhy it matters
generic CDD with no beneficial-owner evidenceownership, control, and sanctions/AML risks may be missed
alerts closed without rationalemonitoring cannot be defended to compliance, audit, or regulator
high-risk customers reviewed on ordinary cyclerisk-based approach is not operating
sales override compliance challengeculture and governance weakness
outsourced screening not testedaccountability remains with the firm
no lessons learned after incidentsremediation is incomplete
management information hides backlogssenior oversight cannot function

Control-response ladder

Use this when the stem asks what the firm should do next:

  1. classify the threat family before choosing the control
  2. identify whether the issue is onboarding, monitoring, screening, investigation, reporting, or remediation
  3. preserve evidence and records before closing the file
  4. escalate through the appropriate internal route, such as MLRO or financial-crime compliance where relevant
  5. avoid tipping off or prejudicing an investigation where suspicious activity rules apply
  6. fix the root control weakness if the problem reflects more than one customer or transaction

Scenario mini-drills

Mini stemFirst classification
Client sells low-risk securities after two weeks and wires proceeds to unrelated third partypossible layering / money laundering
Charity receives small payments then sends funds to conflict regionterrorist-financing risk despite low values
Local consultant requests offshore success fee before licence approvalbribery, corruption, and records-control risk
Name is not listed but entity is controlled by listed personsanctions ownership/control issue
Staff member helps client hide tax residencytax-evasion facilitation and firm-control risk
Insider information is shared before a trademarket abuse and unlawful disclosure
AML system suppresses alerts with no validationtechnology/model governance weakness
Regulator asks for evidence of alert closure but records are missingrecord-keeping and defensibility failure

Section lesson map

Use these lessons when a quick-check line needs full explanation.

TopicLessons
The Background and Nature of Financial Crime4
Money Laundering4
Terrorist Financing3
Bribery and Corruption6
Fraud and Market Abuse4
Tax Evasion2
Financial Sanctions3
Financial Crime Risk Management3
The Role of the Financial Services Sector8

Five things to remember under pressure

  • keep the UK frame active, but remember CISI also expects cross-border crime vocabulary and institutional response
  • classify the topic before you chase detail
  • use the official topic weightings to control where your time goes
  • do not let a familiar nearby term pull you into the wrong chapter
  • verify live rules and thresholds in the official sources instead of trusting memory for moving details

What stronger answers usually do

  • identify the right chapter before comparing the options
  • keep the UK body, wrapper, or route aligned with the fact pattern
  • use the correct level of CISI depth instead of overcomplicating a clean exam question
  • choose the decisive distinction and ignore decorative facts
  • stay within the official paper scope rather than importing specialist material from a different route
  • classify the threat family before selecting the reporting or control response
  • distinguish suspicious activity handling from ordinary customer-service escalation
  • connect individual red flags to governance, evidence, and remediation where the stem shows a pattern
  • separate sanctions freezes from AML suspicion and tax facilitation from ordinary tax planning
  • identify the role of the body named in the question before assigning an action
  • preserve records and avoid tipping off before trying to satisfy a customer’s explanation request

Common traps

  • revising all topics equally when the weightings clearly say otherwise
  • knowing the right concept but choosing the wrong threat family or reporting route
  • treating the paper as a definitions test instead of a classification-and-judgment paper
  • opening timed practice before the structure of the guide is stable
  • assuming a small transaction cannot matter because the value is low
  • choosing to contact the customer for an explanation when the facts suggest tipping-off risk
  • treating sanctions, AML, bribery, fraud, and market abuse as interchangeable financial-crime labels
  • ignoring third-party and employee-conduct risk when the case facts point beyond the customer
  • assuming a regulator, standard setter, FIU, MLRO, and law-enforcement body all do the same thing
  • relying on customer explanations when the facts require independent evidence
  • treating a technology tool or outsourced provider as a substitute for firm accountability

Pressure checklist

  • Can I restate the heaviest topics from memory?
  • Do I know which UK body, wrapper, route, or metric is actually being tested?
  • Am I answering at the right CISI depth for this paper?
  • Did I classify the threat family before selecting the control?
  • Did I separate firm responsibility from public-authority responsibility?
  • Did I check for tipping-off, sanctions freeze, record preservation, and escalation issues?
  • If money appears, am I reading the question in GBP unless it clearly says otherwise?
  • If the rule could change, have I checked the official source recently?

If you are using this as a saved page

  • reread the weighted coverage table before mixed practice
  • use the Study Plan if your revision still feels random
  • use the FAQ when the real problem is route fit or paper structure
  • use Resources whenever the question turns on live official wording

Practice this exam

Use this free guide for review, then Start CISI Combating Financial Crime Practice on Finance Prep for timed questions, topic drills, and detailed explanations.

Revised on Friday, May 29, 2026
Study Plan
FAQ