CISI Combating Financial Crime study guide for international standards and UK or regional initiatives, with learning objectives, UK control cues, and exam traps.
International standards and UK or regional initiatives belongs to the CISI Combating Financial Crime Terrorist Financing exam topic, weighted at 4%. Study it as the standards-to-controls bridge in the terrorist-financing chapter. The exam can test whether you know how FATF, UN measures, UK implementation, regional cooperation, sanctions lists, typology alerts, and firm-level procedures fit together without confusing the role of each body.
| Concept | What to know for CISI CFC review |
|---|---|
| FATF standards | FATF sets international expectations for criminalization, targeted financial sanctions, preventive measures, supervision, and international cooperation. |
| UN measures | UN conventions and Security Council resolutions support asset freezing, terrorist designations, and state-level CFT obligations. |
| UK implementation | UK firms translate global standards into CDD, EDD, screening, monitoring, escalation, reporting, sanctions compliance, and record keeping. |
| Regional influence | EU and regional initiatives can shape lists, cooperation, typologies, and expectations even where the firm operates under UK rules. |
| Enterprise integration | CFT should be part of the wider financial-crime risk assessment, not a disconnected special process. |
| Targeted financial sanctions | Controls that prevent funds or economic resources from being made available to designated persons, entities, or controlled parties. |
Terrorist-financing risk is cross-border by nature. Funds, beneficiaries, messaging, travel, online activity, and support networks may sit in different jurisdictions. That is why the CFC exam connects firm-level controls to international standards. The firm does not create those standards, but it must operate procedures that make the standards effective in customer onboarding, payment processing, monitoring, escalation, and reporting.
Do not memorize FATF, UN, EU, and UK references as isolated names. For exam purposes, map each body to the operational question it creates for a firm: what must be criminalized, who must be screened, what must be frozen, what must be reported, and what evidence must be retained.
| Body or initiative | Primary role | Firm-side control implication |
|---|---|---|
| FATF | international standard setter and evaluator | risk-based AML/CFT framework, CDD, monitoring, supervision, and cooperation |
| UN measures | conventions, resolutions, designations, and asset-freezing expectations | screening, freezing, prohibitions, and not making funds available |
| UK legal and regulatory framework | local obligations for UK firms | policies, controls, MLRO escalation, SAR handling, sanctions procedures, and records |
| EU or regional initiatives | cooperation, typologies, list influence, and regional consistency | risk assessment updates and cross-border alert awareness |
| law enforcement | investigation and follow-up | evidence preservation and controlled response to lawful requests |
| regulated firm | operational implementation | CDD, EDD, screening, monitoring, escalation, reporting, and governance |
The strongest answer separates standard setting from firm execution. FATF does not approve a customer’s payment. A UN designation does not remove the need for firm procedures. A UK firm still needs to classify the risk and route it through the right internal control owner.
| Source or initiative | Practical meaning for a firm |
|---|---|
| FATF Recommendations | Build a risk-based AML/CFT framework, including CDD, EDD, sanctions controls, reporting, supervision, and cooperation. |
| FATF typologies and evaluations | Update risk assessments and monitoring scenarios when new methods or jurisdictional weaknesses are identified. |
| UN Security Council measures | Screen for designated persons and entities and prevent funds or economic resources from being made available. |
| UK legal and regulatory framework | Implement policies, controls, MLRO escalation, SAR processes, sanctions handling, and senior-management oversight. |
| Regional lists and cooperation mechanisms | Consider cross-border alerts, information-sharing routes, and sanctions or designation updates. |
| Supervisory communications | Benchmark systems, controls, training, monitoring, and governance against stated expectations. |
An exam answer should connect the external source to a practical control. A typology alert should lead to exposure review, updated red flags, monitoring changes, or training. A designation should lead to sanctions screening, freezing analysis, and reporting where required. A high-risk jurisdiction finding should affect CDD, EDD, country risk, and transaction monitoring.
FATF is usually tested as a standard setter rather than as the firm-side decision maker. It expects countries and regulated firms to identify, assess, and understand risk, then apply controls proportionate to that risk. A higher-risk case requires more evidence, scrutiny, monitoring, and escalation; a lower-risk case can justify simpler controls only where the legal framework allows it and the risk assessment supports it.
For CFT, the risk-based approach does not mean “do less when convenient.” It means matching the control intensity to the risk drivers: customer type, geography, payment route, beneficial ownership, non-profit exposure, delivery channel, product, adverse media, and destination.
| FATF-related cue | Better firm response |
|---|---|
| jurisdiction has strategic CFT weaknesses | update country risk and review exposed relationships or corridors |
| typology highlights non-profit diversion | reassess charity clients, local partners, payment purposes, and end-use evidence |
| evaluation criticises beneficial-ownership transparency | strengthen ownership and control checks in affected structures |
| guidance highlights virtual assets or informal transfer | test products, channels, and monitoring rules for exposure |
| cross-border cooperation is emphasized | preserve records and ensure escalation routes can support lawful requests |
Risk-based does not mean optional. If risk indicators combine, the firm should increase scrutiny even if no party is currently designated.
UN measures are central to CFT because they support designation, asset-freezing, and prohibitions on making funds or economic resources available to designated persons and entities. For the firm, this makes sanctions screening and connected-party review a core part of terrorist-financing control.
| Sanctions-related fact | Control response |
|---|---|
| customer name matches a designated person | pause ordinary processing, escalate, and resolve match status |
| beneficial owner or controller may be designated | review ownership/control, not only direct customer name |
| payment beneficiary appears on a list | stop release until sanctions handling is complete |
| charity partner is connected to a designated group | review indirect availability of funds and end-use evidence |
| false positive is cleared | document identifiers and rationale |
| possible match remains unresolved | do not process because of urgency or relationship pressure |
Targeted sanctions are not simply another AML risk factor. They can require a specific legal response: freezing, blocking, reporting, refusal to make funds available, or licence analysis. The exam may offer a generic “monitor more closely” answer; that is usually weak where a possible designation or asset-freeze issue is unresolved.
UK firms should understand how global expectations become local obligations. A question may refer to FATF principles, UN sanctions, UK legislation, FCA expectations, MLRO escalation, suspicious activity reporting, or sanctions administration. The correct answer normally separates the source of the standard from the operational duty of the firm.
| If the question mentions… | Focus on… |
|---|---|
| FATF | international standards, risk-based approach, country evaluation, typologies, and preventive measures |
| UN designation or Security Council language | targeted financial sanctions, freezing, screening, and not making funds available |
| UK firm procedures | CDD, EDD, monitoring, staff escalation, MLRO review, SAR thinking, records, and governance |
| EU or regional initiative | cross-border cooperation, designation influence, typology sharing, and implementation consistency |
| Law-enforcement follow-up | evidence preservation, reporting route, and avoiding tipping-off or uncontrolled disclosure risks |
| Supervisory statement | update control expectations, training, MI, assurance, or remediation where relevant |
Regional initiatives matter because terrorist-financing networks may exploit jurisdictional gaps. A UK firm may still need to consider regional information as an input into country risk, sanctions screening, typology awareness, and correspondent or payment-route controls.
CFT scenarios often involve more than one control route. A suspicious payment pattern may require MLRO escalation and SAR analysis. A sanctions match may require freezing and sanctions reporting. A law-enforcement request may require preservation and lawful response. These are connected but not identical.
| Issue type | Main question | Firm-side route |
|---|---|---|
| suspicious purpose or beneficiary | is there suspicion of terrorist financing? | internal escalation and SAR analysis |
| possible sanctions match | can funds or economic resources be made available? | sanctions team, freezing analysis, reporting, and licence checks |
| confirmed designated party | what must be frozen or blocked? | asset-freezing and no-funds-available procedures |
| law-enforcement request | what authority and scope apply? | legal/compliance-controlled response |
| customer asks about review | could disclosure tip off or prejudice action? | confidentiality and MLRO/legal guidance |
The best answer usually preserves evidence and routes the matter correctly. It should not process the payment first, ask the customer to explain away suspicion informally, or send information externally without checking authority.
CFT should sit inside the enterprise financial-crime risk framework. Separate ownership can create gaps: sanctions teams may see names, transaction monitoring may see payment patterns, relationship managers may hear customer explanations, and compliance may see adverse media. The risk assessment should bring those signals together.
Exam stems often reward the answer that aggregates weak indicators. Adverse media alone may be inconclusive; a high-risk destination alone may be explainable; a charity payment alone may be legitimate. Together with unclear controllers, poor end-use evidence, and urgency, the case becomes more serious.
| Risk driver | What to assess |
|---|---|
| customer type | charity, money service, politically exposed person, correspondent, or high-risk business |
| geography | conflict zone, weak CFT controls, sanctions exposure, or high-risk corridor |
| ownership and control | beneficial owners, controllers, trustees, signatories, and connected parties |
| payment purpose | humanitarian relief, family support, trade payment, donation, or vague description |
| delivery channel | digital onboarding, intermediary, correspondent route, informal value transfer, or cryptoasset exposure |
| transaction pattern | small repeated payments, rapid pass-through, inconsistent counterparties, or unusual urgency |
| adverse information | credible media, regulator warning, typology alert, or law-enforcement intelligence |
The firm should combine these drivers rather than treating each in isolation. CFT risk can become clear only when the full picture is assembled.
Charities and non-profit organizations can be legitimate and socially important. The exam trap is an extreme answer: treat every charity as suspect, or treat humanitarian purpose as automatic clearance. The risk-based answer asks whether the firm understands governance, beneficiaries, local partners, payment route, and end use.
| Review area | Stronger question |
|---|---|
| governance | who controls the organization and authorises payments? |
| beneficiaries | who ultimately receives funds or services? |
| local partner | is the implementing partner credible and screened? |
| jurisdiction | does the route involve conflict zones, sanctioned areas, or weak controls? |
| end-use evidence | can the customer evidence project purpose and distribution route? |
| adverse information | is media or public information credible and relevant? |
| urgency | is pressure to process being used to bypass checks? |
Enhanced scrutiny does not mean assuming the charity is criminal. It means gathering enough evidence to process lawfully, escalate unresolved concern, or refuse activity where risk cannot be understood.
International and regional bodies often publish typologies, risk indicators, high-risk jurisdiction information, and thematic findings. A firm should convert those signals into practical updates.
| External signal | Internal control update |
|---|---|
| typology on small repeated payments | adjust monitoring rules and alert training |
| warning about abuse of charities | review NPO due diligence and end-use evidence |
| jurisdictional weakness report | update country risk and EDD triggers |
| sanctions evasion advisory | strengthen ownership, control, and payment-message screening |
| supervisory finding on weak alert closure | improve case notes, quality assurance, and management information |
| law-enforcement alert | preserve evidence and review exposure through legal/compliance channels |
The firm should document why it acted or did not act. External information is most useful when it changes controls, not when it is filed away as background reading.
When a CFT standards question becomes a practical scenario, use this sequence:
This sequence prevents the two common mistakes: doing nothing because the external source is not the direct decision maker, or overreacting without evidence by closing every relationship connected to a broad risk area.
A CISI CFC question states that FATF has identified terrorist-financing weaknesses in a jurisdiction where a firm’s customer sends frequent charitable payments. The customer is not sanctioned, but the payments involve changing local partners and limited evidence of end beneficiaries. What is the strongest interpretation for the firm?
A. FATF will decide whether the customer’s payments can be processed. B. The firm should ignore the FATF information unless the customer is already sanctioned. C. The firm should incorporate the jurisdictional weakness into its risk assessment, apply proportionate enhanced scrutiny, review local partners and end-use evidence, and escalate unresolved CFT concerns. D. The firm should treat every customer in the jurisdiction as criminal and close all accounts immediately.
Answer: C. FATF information informs the firm’s risk-based controls; it does not replace firm judgment or become an automatic account-closure rule. The firm should use the typology or jurisdictional weakness to calibrate CDD, monitoring, screening, connected-party review, and escalation.
For final review, make a four-line authority map: FATF sets standards and evaluates systems; UN measures support designations and asset freezing; UK law and regulation create local firm obligations; the firm implements controls through CDD, screening, monitoring, escalation, reporting, and records.
Use this quick distinction:
| If the facts mention… | Think first about… |
|---|---|
| FATF weakness or typology | risk assessment, monitoring scenarios, EDD, and training updates |
| UN designation | targeted sanctions, freezing, screening, and no funds made available |
| UK firm procedure | internal escalation, MLRO or sanctions team review, records, and governance |
| charity or humanitarian route | evidence-sensitive review of governance, beneficiaries, and end use |
| low-value repeated payments | destination, purpose, pattern, and beneficiary rather than size alone |
| regional initiative | country risk, cooperation, typology sharing, and implementation consistency |
Return to the CISI Combating Financial Crime guide for the full exam-topic table, or use the CFC Cheat Sheet for threat classification, UK authority cues, and final review prompts.