CISI Combating Financial Crime study guide for criminal finances act 2017 and prevention procedures, with learning objectives, UK control cues, and exam traps.
Criminal Finances Act 2017 and prevention procedures belongs to the CISI Combating Financial Crime Tax Evasion exam topic, weighted at 4%. Study it as the corporate-prevention lesson in the tax-evasion chapter. The exam can test whether you can separate a customer’s tax evasion from criminal facilitation by an associated person, then decide whether the organization had reasonable procedures to prevent that facilitation.
| Concept | What to know for CISI CFC review |
|---|---|
| Corporate offences | The Criminal Finances Act 2017 introduced failure-to-prevent offences for organizations where associated persons criminally facilitate tax evasion. |
| Three-stage logic | There must be taxpayer tax evasion, criminal facilitation by an associated person, and failure by the organization to prevent that facilitation. |
| Associated person | Employees, agents, introducers, contractors, or other persons performing services for or on behalf of the organization can create exposure. |
| Reasonable procedures | A defence focuses on whether the organization had reasonable prevention procedures, or whether it was not reasonable to expect procedures in the circumstances. |
| UK and foreign tax | The framework can be relevant to UK tax evasion and foreign tax evasion where the statutory conditions are met. |
| Control evidence | Risk assessment, proportional controls, due diligence, training, communication, monitoring, and review are central exam cues. |
The Criminal Finances Act 2017 is tested because it converts tax-evasion facilitation into a corporate-control issue. The exam does not usually ask for procedural detail. It asks whether you can identify who did what and what the organization should have done to prevent it.
Use this sequence:
| Stage | Question to ask | Exam cue |
|---|---|---|
| 1. Taxpayer evasion | Did a taxpayer dishonestly evade tax? | hidden income, false invoices, undeclared assets, sham ownership |
| 2. Criminal facilitation | Did an associated person knowingly assist, encourage, or enable that evasion? | employee, agent, introducer, adviser, or intermediary helps conceal or move assets |
| 3. Corporate failure | Did the organization fail to prevent the facilitation? | weak procedures, no training, poor due diligence, ignored red flags |
This sequence prevents a common mistake: blaming the organization merely because a customer evaded tax. The corporate offence is about failure to prevent criminal facilitation by an associated person.
| If the facts show… | Do not jump straight to… | First ask… |
|---|---|---|
| customer underpaid tax | corporate liability | did anyone associated with the firm criminally facilitate it? |
| employee altered records | customer-only tax issue | was the employee helping conceal or misrepresent tax facts? |
| offshore company used | automatic evasion | is there dishonest concealment, false ownership, or missing rationale? |
| introducer recommends secrecy | ordinary referral risk | is the introducer performing services for or on behalf of the firm? |
| weak training | policy issue only | did the control weakness allow facilitation risk to occur? |
The first stage is taxpayer tax evasion. That means dishonesty or fraudulent conduct by the taxpayer, not merely a tax error, late filing, aggressive but disclosed planning, or lawful use of tax-efficient arrangements. The exam may use phrases such as “tax efficiency” or “privacy” to disguise a possible evasion fact pattern.
| More consistent with evasion | Less conclusive by itself |
|---|---|
| false residency or beneficial-ownership information | use of an offshore structure |
| sham invoices or services not performed | ordinary cross-border investment |
| instruction not to record purpose | legitimate confidentiality request with full documentation |
| concealed account or undeclared income | disclosed tax planning |
| nominee ownership with hidden control | genuine trust or company with documented control |
The firm should not give tax-law advice in an exam answer. It should identify suspicious concealment, preserve evidence, and escalate through compliance, legal, MLRO, or financial-crime routes where facilitation or criminal-property risk may arise.
The second stage is the hinge for the corporate offence. The organization is not exposed merely because a customer evaded tax. The concern is that an associated person criminally facilitated the evasion. Associated-person risk is broad in practice. A firm should not limit its prevention framework to permanent employees.
| Associated person | Facilitation example |
|---|---|
| relationship manager | helps client describe controlled assets as belonging to someone else |
| private banker or adviser | suggests an offshore route to hide taxable income |
| introducer | sends clients with secrecy instructions and false ownership narratives |
| agent or intermediary | arranges sham invoices, nominee structures, or unsupported transfers |
| contractor | prepares documentation that misstates service purpose or tax status |
| group entity or affiliate | moves funds or records to obscure undeclared assets |
The exam may describe facilitation indirectly: “do not record this,” “use the other company name,” “do not ask about tax residency,” “invoice the service differently,” or “the client needs this completed before disclosure rules apply.” The better answer focuses on knowledge, assistance, encouragement, concealment, and firm controls.
Reasonable prevention procedures are evidence-based. A firm does not prove control quality by pointing to a policy title. It should be able to show a tax-evasion facilitation risk assessment, proportionate controls, senior commitment, due diligence, communication, training, monitoring, review, and remediation.
| Prevention area | Strong evidence |
|---|---|
| Risk assessment | documented exposure by business line, product, geography, client type, and intermediary use |
| Proportionality | stronger controls for private wealth, offshore structures, introducers, and cross-border flows |
| Due diligence | checks on clients, associated persons, ownership, tax residency, and service rationale |
| Communication and training | staff know tax-evasion red flags and escalation routes |
| Monitoring and review | testing of files, payment patterns, introducer activity, and unresolved red flags |
| Remediation | control gaps are owned, tracked, retested, and reported to senior management |
| Senior commitment | management does not reward revenue gained by bypassing tax-evasion controls |
Reasonable procedures should match the firm’s actual risk. A retail broker with low tax-advisory exposure will not need the same procedures as a private-wealth or cross-border advisory business. But if the firm uses introducers, offshore administrators, complex trusts, or private-client structures, the prevention framework should reflect that exposure.
The risk assessment should identify where tax-evasion facilitation could occur. It should not be a generic statement that the firm opposes tax evasion. Products, client types, geographies, staff incentives, third-party channels, documentation standards, and payment routes can all change the risk.
| Risk driver | Why it matters |
|---|---|
| private wealth or high-net-worth clients | complex structures and tax-sensitive planning may appear |
| offshore companies, trusts, or foundations | ownership and control can be obscured |
| cross-border payments | foreign tax, residency, and information exchange may be relevant |
| introducers and referral partners | facilitation can occur outside direct employment |
| advisory or structuring services | staff may influence how assets, income, or ownership are presented |
| undocumented customer instructions | weak records make concealment easier |
| revenue pressure | staff may overlook or assist suspicious requests |
Proportionality means stronger controls where exposure is higher. It does not mean skipping controls because a client is valuable or because the tax issue is uncomfortable.
Prevention procedures should cover both customers and the associated persons who may facilitate evasion. A firm can fail by understanding the client but ignoring the agent or introducer who brings the risk.
| Due-diligence subject | What to test |
|---|---|
| customer | identity, tax residency, source of wealth, source of funds, purpose, ownership, expected activity |
| beneficial owner | whether ownership and control are transparent and consistent |
| offshore entity | commercial rationale, governance, tax transparency, and real controllers |
| introducer | competence, reputation, compensation, relationship to clients, and red-flag history |
| adviser or intermediary | role, qualifications, conflicts, and secrecy requests |
| transaction | economic purpose, documentation, timing, and tax-sensitive context |
If an associated person refuses transparency, discourages records, or proposes false descriptions, the firm should not treat that as routine commercial flexibility. It should escalate and reassess the relationship.
The Act is not limited to purely domestic fact patterns. Cross-border wealth, foreign taxpayers, offshore accounts, and overseas advisers can all raise relevant risk. For exam purposes, avoid two extremes: do not assume every foreign tax issue is outside scope, and do not assume every foreign structure is criminal. The key is whether the statutory logic and the firm’s connection to facilitation are present.
Where foreign tax is involved, legal and compliance review is especially important because the firm may need to assess local law, statutory conditions, group exposure, record preservation, information exchange, and regulator expectations.
| Cross-border clue | Control implication |
|---|---|
| customer asks to hide residency | possible taxpayer evasion and facilitation risk |
| transfer before disclosure deadline | timing may indicate concealment |
| foreign adviser requests vague records | associated-person or intermediary risk |
| offshore structure lacks commercial rationale | ownership and purpose need review |
| staff say “foreign tax is not our problem” | weak training and escalation culture |
| client uses multiple jurisdictions with no clear purpose | consider tax, AML, and beneficial-ownership risks together |
Weak controls around introducers, intermediaries, and offshore structures are high-yield because they are practical routes through which facilitation can occur. The firm may not be preparing a tax return, but it may still enable concealment through records, structures, payments, or advice.
| Scenario | Better control response |
|---|---|
| introducer sends clients with identical offshore narratives | review introducer activity, compensation, and red flags |
| client asks staff to omit tax-residency concern | refuse the omission, preserve evidence, and escalate |
| offshore administrator will not identify controllers | pause reliance on the structure and require ownership evidence |
| adviser suggests invoice wording that does not match services | assess false-document, fraud, tax, and AML risk |
| relationship manager bypasses tax-evasion training | investigate conduct and remediate training/control weakness |
Good procedures should tell staff what to do when a client or associated person asks for secrecy, false descriptions, undocumented instructions, or changes that appear designed to mislead tax authorities.
Failure-to-prevent risk is not only a technical criminal-law concern. A firm may also face regulatory criticism, reputational damage, remediation costs, staff discipline, relationship exits, control restrictions, and senior-management scrutiny. The exam may describe consequences indirectly through audit findings, regulatory visits, or repeated red flags ignored by the business.
| Consequence area | Example |
|---|---|
| criminal exposure | corporate failure-to-prevent investigation |
| regulatory exposure | criticism of systems, controls, governance, training, or escalation |
| reputational exposure | public association with tax evasion or offshore concealment |
| operational exposure | file remediation, third-party review, and control redesign |
| staff-conduct exposure | disciplinary action where employees assist concealment |
| business exposure | termination of introducers or exit from unmanaged high-risk relationships |
The strongest exam answer normally addresses both the case and the framework: investigate the specific red flag, preserve records, escalate, and test whether prevention procedures failed.
When the facts suggest possible tax-evasion facilitation, use this sequence:
This sequence avoids two weak answers: treating the issue as purely the customer’s tax problem, or making an external accusation before the firm has preserved evidence and followed internal procedures.
A private-client adviser helps a customer move investment assets to an offshore company and tells operations staff not to document the customer’s tax-residency concern. The firm has no tax-evasion facilitation training for advisers and has never reviewed offshore introducer files. What is the main Criminal Finances Act 2017 risk?
A. The firm is automatically liable whenever any customer uses an offshore company. B. The adviser may be an associated person facilitating tax evasion, and weak prevention procedures could expose the organization to failure-to-prevent risk. C. The matter is only a personal tax issue for the customer and cannot involve the firm. D. The firm should treat the issue only as market abuse because investment assets are involved.
Answer: B. The facts show potential taxpayer evasion, possible facilitation by an associated person, and weak prevention controls. The firm should escalate, preserve evidence, assess reporting obligations, and review its prevention framework.
Memorise the offence as a three-step chain: taxpayer evasion, associated-person facilitation, corporate failure to prevent. Then memorise the defence as evidence: risk assessment, proportionality, due diligence, training, communication, monitoring, and review.
Use this quick distinction:
| If the facts show… | Think first about… |
|---|---|
| customer’s false tax statement | taxpayer evasion risk |
| employee helps conceal facts | associated-person facilitation |
| introducer pushes secrecy | third-party facilitation and due-diligence weakness |
| no training or monitoring | prevention-procedure weakness |
| cross-border offshore structure | ownership, residency, tax-transparency, and commercial rationale |
| repeated ignored red flags | corporate governance and remediation failure |
Return to the CISI Combating Financial Crime guide for the full exam-topic table, or use the CFC Cheat Sheet for threat classification, UK authority cues, and final review prompts.