CISI Combating Financial Crime study guide for measures to combat the financing of terrorism, with learning objectives, UK control cues, and exam traps.
Measures to combat the financing of terrorism belongs to the CISI Combating Financial Crime Terrorist Financing exam topic, weighted at 4%. Study this page as the operating-control lesson. The exam can test whether you know how counter-terrorist-financing standards turn into screening, asset-freezing, connected-party review, transaction monitoring, internal escalation, suspicious reporting, record keeping, and decisions about whether funds can be released.
| Concept | What to know for CISI CFC review |
|---|---|
| International legal basis | UN conventions and Security Council measures create broad obligations to criminalize terrorist financing, freeze assets, and support cooperation. |
| Targeted financial sanctions | Firms must screen relevant parties and prevent funds or economic resources from being made available to designated persons or entities. |
| Reporting and escalation | Potential CFT concerns require rapid internal escalation, MLRO review where appropriate, and preservation of evidence. |
| Risk-based controls | Enhanced scrutiny is required where geography, sector, ownership, payment route, or customer behaviour increases risk. |
| Connected-party screening | The customer name alone may be insufficient; controllers, beneficial owners, signatories, counterparties, trustees, and intermediaries may matter. |
CFT controls are designed to stop funds, services, and economic resources from supporting terrorism. In exam terms, the correct answer usually combines prevention, detection, escalation, and evidence. It is rarely enough to say “monitor the account” if the facts indicate a designated party, higher-risk route, unresolved connected-party concern, or suspicious terrorist-financing pattern.
Typical measures include:
The exam focus is operational sequencing. A firm should not release funds first and clarify a possible terrorist-financing or sanctions concern later. It should pause where required, escalate, review evidence, decide whether a false positive can be cleared, and follow reporting or freezing obligations when applicable.
| Measure | What the firm must make operational |
|---|---|
| UN or national sanctions regime | Up-to-date screening, alert review, freezing or blocking where required, and regulator notification where applicable. |
| Criminalization of terrorist financing | Policies that identify suspicion even where funds appear to come from legitimate sources. |
| International cooperation | Accurate records and prompt escalation so authorities can reconstruct the movement of funds. |
| Risk-based approach | Higher scrutiny for elevated sector, country, product, delivery-channel, or customer-profile risk. |
| Non-profit sector sensitivity | Evidence-based review of governance, purpose, beneficiaries, and payment route without treating the whole sector as suspect. |
The control answer should match the measure. A sanctions-name concern requires sanctions handling, not only ordinary AML monitoring. A suspicious but non-designated transaction may require MLRO escalation and SAR analysis. A weak charity file may require enhanced due diligence and end-use evidence before payment processing.
Screening is not a tick-box name search. A sound control considers spelling variations, aliases, ownership and control, connected persons, payment messages, geographic cues, and counterparties. Where a sanctions match or likely terrorist-financing connection arises, the firm should not continue ordinary processing while the issue is unresolved.
The exam may test the difference between a false positive, a possible match, and a confirmed match. A false positive can be cleared with documented reasoning. A possible match needs escalation and further review. A confirmed match can require freezing, reporting, and stopping the provision of funds or economic resources.
| Alert status | Better firm response |
|---|---|
| clear false positive | document why the person or entity is not the listed target and continue only if no other concern remains |
| possible match | pause ordinary processing, escalate, gather identifying information, and keep records |
| confirmed sanctions match | follow asset-freezing, blocking, reporting, and no-funds-available procedures |
| match to connected party | review ownership/control, payment data, signatories, beneficiaries, and indirect availability of funds |
| unresolved match near payment deadline | do not release funds merely because the payment is urgent |
Asset-freezing discipline is specific. It is not simply “higher monitoring.” If a designated person or entity is involved, the firm may need to ensure funds or economic resources are not made available directly or indirectly. That is why connected-party and ownership data are central.
The direct customer can be clear while the real concern sits behind or around the transaction. The exam often uses this structure because it tests whether the candidate understands ownership, control, and indirect availability of funds.
| Party to consider | Why it can matter |
|---|---|
| beneficial owner | a listed or high-risk person may control the customer through ownership |
| controller or trustee | decision-making power may sit with someone other than the named customer |
| signatory or authorised user | a person able to move funds may create exposure |
| payment beneficiary | funds may reach a designated or suspicious recipient |
| intermediary bank or payment service | routing can create sanctions or CFT concerns |
| charity partner or implementing agency | end-use risk may sit with the local partner |
| donor or source of funds | incoming funds can be linked to suspicious networks |
The stronger answer identifies which connected party creates the risk and what evidence is needed. Screening only the named customer is incomplete when the facts mention controllers, agents, trustees, counterparties, or overseas partners.
Terrorist-financing monitoring differs from ordinary large-value laundering detection. Values may be small, funds may be lawful in origin, and the risk may depend on destination, purpose, connected parties, or patterns over time.
| Monitoring cue | Why it matters |
|---|---|
| repeated small payments to higher-risk destination | low value does not remove CFT concern |
| rapid pass-through activity | account may be used as a conduit |
| payments to new overseas partner with weak documents | end use and beneficiary may be unclear |
| charity collections followed by unrelated withdrawals | stated purpose may not match use |
| payment references avoid detail | purpose and beneficiary may be deliberately vague |
| customer resists questions about recipient | inability to evidence purpose increases concern |
| adverse media on local partner | legitimate purpose and risk information must be reconciled |
Monitoring should generate action. If an alert is closed with a generic note, or if staff process the payment because the amount is below an ordinary AML threshold, the control has missed the CFT risk.
Higher-risk CFT cases often involve multiple weak signals. One fact alone may not be conclusive, but the combination can require escalation.
| Combined facts | Why the answer should escalate |
|---|---|
| charity account, new overseas beneficiary, weak records | The firm cannot verify end use or beneficiary legitimacy. |
| small payments, repeated pattern, higher-risk destination | Low value does not neutralize terrorism-financing risk. |
| customer name clear, controller or counterparty unclear | Screening the customer alone may miss the relevant risk actor. |
| humanitarian explanation, adverse media on local partner | Legitimate purpose and adverse information must be reconciled before processing. |
| urgent payment request, reluctance to provide evidence | Behavioural pressure can be a red flag independent of value. |
Enhanced scrutiny does not mean assuming guilt. It means asking for enough evidence to understand the customer, purpose, destination, beneficiary, ownership/control, payment route, and expected end use. If the risk cannot be understood or the legal restriction is clear, the firm should not process the activity.
Charities and non-profit organizations are not automatically suspicious. They can provide legitimate and essential services, including in high-risk areas. The exam trap is to choose an extreme answer: process everything because the purpose is humanitarian, or reject every charity because the sector can be misused.
| Review area | What a firm should understand |
|---|---|
| governance | who controls the organization and who approves payments |
| purpose | what project, relief effort, or beneficiary the funds support |
| local partner | who receives or distributes funds on the ground |
| payment route | whether funds move through expected banks, intermediaries, or jurisdictions |
| end-use evidence | invoices, project records, beneficiary records, or credible reporting |
| sanctions exposure | whether any listed person, entity, territory, ownership, or control issue appears |
| adverse information | whether media, typologies, or public notices create unresolved concern |
The stronger response is evidence-sensitive. If a charity can show governance, beneficiaries, purpose, and clean screening, the relationship may be supportable. If the charity cannot identify recipients, local partners, or payment purpose, escalation is required before funds are released.
When a possible CFT or sanctions issue appears, front-line staff should not solve it informally. They should follow the firm’s escalation route, preserve records, and avoid unnecessary disclosure.
| Step | Practical action |
|---|---|
| identify concern | classify whether the issue is sanctions, CFT suspicion, AML, fraud, or a combination |
| pause where required | stop ordinary processing while a possible match or serious concern is unresolved |
| gather evidence | collect identity, ownership, payment, beneficiary, purpose, and communication records |
| escalate internally | route to sanctions team, financial crime, MLRO, legal, or senior management as appropriate |
| decide status | false positive, unresolved concern, confirmed match, suspicion, or lawful activity |
| report or freeze where required | follow sanctions reporting, SAR, consent, or authority-contact procedures |
| document decision | retain rationale, evidence reviewed, approvals, and next steps |
This sequence is high-yield because exam options often include premature processing, permanent rejection without analysis, or direct external action by the wrong person. The best answer usually preserves evidence and routes the decision to the correct function.
When a question mentions terrorist financing, sanctions, designated persons, conflict regions, charities, or unexplained counterparties, ask five questions before choosing the answer:
If a possible sanctions or terrorist-financing issue remains unresolved, a “process now and monitor later” answer is usually weak. The point of CFT controls is to prevent funds from reaching prohibited or suspicious channels, not merely to identify the issue after release.
A payments analyst identifies a possible sanctions match involving the controller of an overseas recipient named in a charity customer’s payment instruction. The customer is not itself on a sanctions list and says the payment is urgent humanitarian support. What is the best next step?
A. Process the payment because only the direct customer must be screened. B. Pause ordinary processing, escalate the possible match, review connected-party evidence, and follow sanctions/CFT procedures before releasing funds. C. Process the payment because humanitarian payments are exempt from CFT review. D. Reject the customer permanently without documenting the possible match or preserving records.
Answer: B. The relevant risk may sit with a connected party rather than the direct customer. The firm should escalate, document, review the match, and avoid making funds available until the sanctions and CFT issue is resolved.
Memorize CFT measures as an operating chain: know the customer, know the connected parties, screen names and payments, investigate possible matches, stop or freeze where required, escalate internally, report externally when required, and preserve records. That chain is easier to apply than a long list of authorities.
Use this quick distinction in scenarios:
| If the facts show… | Think first about… |
|---|---|
| designated person, owned entity, or possible sanctions match | sanctions handling and asset-freezing discipline |
| suspicious purpose, route, or beneficiary but no confirmed match | CFT escalation and SAR analysis |
| charity or humanitarian route with weak evidence | enhanced scrutiny, not automatic rejection or automatic processing |
| lawful-source funds moving to concerning destination | terrorist-financing risk can still exist |
| small repeated payments | pattern, destination, and beneficiary matter more than value alone |
Return to the CISI Combating Financial Crime guide for the full exam-topic table, or use the CFC Cheat Sheet for threat classification, UK authority cues, and final review prompts.