CISI Combating Financial Crime study guide for definitions and forms of financial crime, with learning objectives, UK control cues, and exam traps.
Definitions and forms of financial crime belongs to the CISI Combating Financial Crime The Background and Nature of Financial Crime exam topic, weighted at 5%. Study it as a UK financial-crime control lesson: the paper usually asks whether you can classify the risk, place the right authority or obligation, and choose the next defensible control, escalation, or reporting step.
| Concept | What to know for CISI CFC review |
|---|---|
| Financial crime | Illegal or abusive conduct involving money, property, markets, services, documents, or financial systems. |
| Predicate offence | The underlying crime that generates criminal property or financial benefit. |
| Criminal property | Property that represents a person’s benefit from criminal conduct, directly or indirectly. |
| Professional facilitator | A person or firm that helps design, move, conceal, document, or legitimize financial-crime activity. |
| Cross-border complexity | Use of jurisdictions, entities, accounts, nominees, and assets across borders to frustrate detection and recovery. |
Financial crime is an umbrella category, not one single offence. The exam expects you to classify the dominant risk before selecting a control response. A fact pattern about hidden beneficial ownership, unexplained wealth, and unusual transfers points to laundering risk. A fact pattern about a designated person points to sanctions. A fact pattern about a bribe, market rumour, or false invoice requires a different answer.
| Financial-crime type | Core exam distinction |
|---|---|
| Money laundering | Dealing with, concealing, arranging, or integrating criminal property. |
| Terrorist financing | Moving or making funds available for terrorist purposes; funds may be lawful or unlawful. |
| Bribery and corruption | Improper advantage, abuse of entrusted position, kickbacks, or third-party inducements. |
| Fraud | Dishonest gain, loss, misrepresentation, omission, or abuse of position. |
| Tax evasion | Dishonest non-payment or concealment of tax liabilities, including facilitation risk. |
| Sanctions breach | Prohibited dealing with designated persons, controlled entities, sectors, jurisdictions, or economic resources. |
| Market abuse | Insider dealing, unlawful disclosure, manipulation, or misleading market signals. |
For exam questions, classification is not a vocabulary exercise. It determines what the firm should do next. A strong answer starts with the facts that create the risk, identifies the financial-crime family, then chooses a control that would actually reduce that risk.
| Step | Question to ask | Why it matters |
|---|---|---|
| identify the actor | customer, employee, public official, issuer, trader, vendor, intermediary, or designated person | different actors create different control routes |
| identify the property or benefit | funds, securities, tax saving, market advantage, contract, fee, access, or economic resource | helps distinguish laundering, fraud, bribery, sanctions, and market abuse |
| identify the conduct | concealment, transfer, false statement, inducement, breach of restriction, or misuse of information | links facts to the relevant offence family |
| identify the control point | onboarding, screening, monitoring, approval, surveillance, reporting, or investigation | prevents generic compliance answers |
| identify the escalation route | MLRO, sanctions officer, compliance, legal, senior management, HR, or law enforcement | ensures the response is operationally realistic |
Use this sequence before answer choices. It reduces the chance of choosing the option with the most severe wording instead of the option that matches the facts.
A predicate offence is the underlying criminal conduct that produces the benefit. Fraud, tax evasion, corruption, theft, drug trafficking, cybercrime, sanctions evasion, and organized crime can all create property that is later laundered. The laundering issue is separate from the original offence, but the two are connected because laundering deals with the proceeds or benefit.
| Predicate-offence clue | Why it matters for CFC |
|---|---|
| fraud victims send funds to accounts | proceeds may become criminal property once controlled or moved |
| bribe paid through a consultant | consultancy fee may disguise corrupt payment |
| undeclared income is invested | tax evasion can produce proceeds that need laundering analysis |
| cybercrime proceeds are converted | movement into accounts, securities, or crypto may be integration or layering |
| market manipulation generates profit | profit may raise both market-abuse and proceeds-of-crime concerns |
| sanctioned person uses nominees | sanctions breach may overlap with laundering and ownership-control risk |
Do not assume the predicate offence must be proved in court before the firm can act. For financial-crime controls, suspicion, reasonable grounds, or red-flag-based escalation may be enough to trigger internal review, enhanced due diligence, transaction handling, or reporting analysis.
Several CFC topics overlap in real life. The exam may deliberately combine facts so that one answer choice sounds plausible but is incomplete.
| If the main issue is… | More likely classification | Common distractor |
|---|---|---|
| proceeds from fraud entering investment accounts | money laundering linked to predicate fraud | market abuse because investments are involved |
| lawful funds sent to support terrorism | terrorist financing | money laundering only |
| payment to win public-sector business | bribery and corruption | ordinary marketing expense |
| false documents used to open accounts | fraud and possible laundering | simple administrative error |
| dealing with a designated person’s controlled company | sanctions breach | ordinary high-risk customer |
| non-public deal information used to trade | market abuse or insider dealing | general confidentiality breach only |
| deliberate concealment of tax liabilities | tax evasion or facilitation | lawful tax planning |
The stronger answer normally names both the immediate risk and the follow-on risk where relevant. For example, a fraud victim’s funds moving through a customer’s account may first indicate fraud, but the firm’s control response must also consider money laundering because the funds may be criminal property.
Financial crime harms more than the immediate victim. It can fund violence, distort markets, weaken tax systems, undermine public procurement, damage investor confidence, expose firms to penalties, and reduce trust in financial institutions. This is why CFC questions often connect private firm controls to broader public-interest outcomes.
Organized crime groups and corrupt actors exploit the same features that make modern finance efficient: speed, cross-border transfers, complex legal entities, professional services, digital channels, and deep markets. The firm does not need to solve every public problem, but it must operate controls that prevent misuse of its services.
Financial-services firms can be misused at different points in a criminal plan. A bank account, investment account, broker relationship, payment service, trust structure, nominee arrangement, or professional introduction can give criminal activity a legitimate appearance.
| Financial-service feature | How it may be exploited | Control focus |
|---|---|---|
| speed of payment | funds are moved before review or recall | monitoring, holds, callbacks, escalation |
| liquidity of investments | criminal proceeds are converted into apparently legitimate assets | source-of-funds and transaction review |
| legal entities | ownership and control are hidden behind companies or trusts | beneficial-ownership and control analysis |
| cross-border access | funds pass through multiple jurisdictions | geographic risk and correspondent/intermediary review |
| professional advice | documents and structures appear credible | professional-facilitator risk and sceptical review |
| market access | inside information or manipulation affects prices | surveillance, restricted lists, and escalation |
| remote channels | identity, authority, or device control is harder to verify | authentication, fraud controls, and EDD |
The exam may describe a service feature rather than naming the crime. When that happens, identify what the feature helps the criminal do: move, conceal, disguise, convert, access, influence, or profit.
Professional facilitators are important because they can make financial crime appear routine. They may create companies, arrange introductions, manage assets, prepare documents, structure transactions, or provide credibility. Not every professional intermediary is suspicious, but unexplained complexity, reluctance to identify beneficial owners, unusual payment routes, or insistence on secrecy should trigger deeper review.
| Facilitator risk clue | Better response |
|---|---|
| intermediary refuses to identify beneficial owners | do not rely on unsupported assertions; obtain ownership and control evidence |
| complex structure has no commercial rationale | assess source of wealth, purpose, and jurisdiction risk |
| professional adviser controls all communication | consider whether the customer is being shielded or nominee arrangements exist |
| documents are technically complete but inconsistent | investigate inconsistency rather than treating paperwork as sufficient |
| fees or commissions are routed to third parties | assess bribery, fraud, tax, sanctions, or laundering implications |
For CFC purposes, the key is sceptical proportionality. The firm should not reject every complex structure automatically, but it should be able to explain why the structure is legitimate and why the evidence supports that conclusion.
| If the facts emphasize… | Classify first as… | Control response starts with… |
|---|---|---|
| unexplained wealth or suspicious movement | money laundering | CDD/EDD, monitoring, MLRO escalation, SAR thinking |
| lawful funds to risky destination | terrorist financing | CFT review, sanctions screening, purpose and beneficiary evidence |
| public official or hidden commission | bribery and corruption | third-party due diligence, approvals, escalation |
| false documents or abuse of access | fraud | evidence preservation, access controls, investigation |
| designated person or owned entity | sanctions | stop processing, ownership/control analysis, reporting/licensing review |
| non-public information or manipulated trading | market abuse | surveillance, restricted lists, evidence preservation |
Cross-border activity increases financial-crime risk because information, assets, and legal responsibilities may sit in different places. A legitimate international customer may still require enhanced understanding if the structure includes high-risk jurisdictions, opaque entities, inconsistent tax rationale, or payment flows that do not match the customer’s stated business.
| Cross-border feature | Risk question |
|---|---|
| offshore company | who owns and controls it, and why is it needed? |
| multiple jurisdictions | do the flows match the business purpose and source of wealth? |
| nominee shareholder or director | who is the real decision-maker? |
| trust or foundation | who can benefit, control, revoke, or direct assets? |
| payments through unrelated third parties | why is the customer not paying directly? |
| funds from higher-risk country | what source-of-funds and source-of-wealth evidence is credible? |
| legal advice used to justify secrecy | does the explanation support or obscure the risk assessment? |
Cross-border does not automatically mean suspicious. The exam trap is at both extremes: assuming every foreign structure is criminal, or accepting complexity without asking what risk it creates.
| Crime family | First-line controls | Specialist escalation |
|---|---|---|
| money laundering | CDD, EDD, transaction monitoring, source-of-funds review | MLRO or nominated officer review and reporting decision |
| terrorist financing | purpose and beneficiary review, sanctions screening, unusual-destination monitoring | financial-crime and sanctions escalation |
| bribery and corruption | gifts, hospitality, third-party due diligence, approval controls | compliance, legal, and senior management review |
| fraud | authentication, callbacks, access controls, reconciliation, evidence preservation | fraud, security, legal, HR, or financial-crime investigation |
| tax evasion | tax-residency, source-of-wealth, facilitation, and structure review | tax-risk and financial-crime escalation |
| sanctions | screening, ownership/control analysis, payment holds, licence checks | sanctions officer, legal, and regulatory reporting |
| market abuse | surveillance, restricted lists, wall-crossing controls, order review | compliance surveillance and regulator-reporting analysis |
This table is a study tool, not a rigid rule. Real cases may require multiple control paths. A sanctioned person’s nominee may raise sanctions, money laundering, beneficial-ownership, and reporting issues at the same time.
| Scenario cue | Better answer pattern |
|---|---|
| funds are lawful but destination is terrorist-linked | classify as terrorist financing risk, not only laundering |
| customer uses offshore structures without rationale | obtain beneficial-ownership, purpose, and source-of-wealth evidence |
| employee bypasses controls for a vendor | consider fraud, bribery, conflict, and evidence preservation |
| customer asks for secrecy around a payment | escalate and consider laundering, fraud, sanctions, or tax risk |
| issuer or trader uses inside information | classify as market abuse and preserve surveillance evidence |
| false invoices generate investment funds | recognize predicate fraud and laundering of proceeds |
| designated person appears behind an entity | conduct ownership/control analysis before processing |
A customer with no clear business rationale uses several offshore entities to receive payments from fraud victims, then invests the funds through a UK account. Which classification best fits the core risk?
A. Market abuse only, because investments are involved. B. Money laundering of criminal property generated by predicate fraud. C. Sanctions only, because offshore entities are always designated persons. D. No financial-crime risk if the funds enter a regulated account.
Answer: B. The fraud is the predicate offence and the movement into investments indicates laundering of criminal property. The firm should identify the laundering risk before selecting escalation and reporting controls.
For final review, practise naming the risk family in one sentence before reading answer choices. CISI CFC often makes several options sound plausible; the strongest answer usually matches the exact financial-crime category in the stem.
A useful revision drill is to write three columns: fact, classification, control. For example, “hidden beneficial owner” points to ownership/control and laundering risk, which points to EDD and escalation. “Designated person’s company” points to sanctions ownership/control risk, which points to payment hold and sanctions review. This keeps the answer grounded in the evidence.
Return to the CISI Combating Financial Crime guide for the full exam-topic table, or use the CFC Cheat Sheet for threat classification, UK authority cues, and final review prompts.