Study the role of the financial services sector for CISI Combating Financial Crime, with a UK-specific reading frame built around the official chapter structure and exam weighting.
This final chapter is where the qualification becomes most directly relevant to day-to-day financial-services work. It asks what the sector must do, not just what crimes exist. The strongest answers understand that firms are expected to prevent misuse of their services through governance, due diligence, monitoring, reporting, sanctions handling, record keeping, and culture. A well-designed programme is not optional supporting material. It is part of the sector’s role in protecting the integrity of the financial system.
| Check | What matters |
|---|---|
| Official topic weighting | 7% |
| Core distinction under pressure | separate the sector’s specific control duties from the wider roles of regulators and law enforcement, while keeping the interfaces between them clear. |
| Strongest use of this page | use it as the capstone chapter because it pulls together due diligence, reporting, governance, consent-style escalation, and technology-enabled controls |
| UK note | Keep the UK frame active: FCA, NCA, UKFIU, SARs, MLRO, CDD, EDD, record keeping, fintech controls, compliance culture, and GBP when a monetary example helps. |
The exam usually tests whether you understand what the financial-services sector is actually expected to do. Firms are not prosecutors, but they are expected to know their customers, understand their risk exposure, screen and monitor effectively, escalate concern, report where required, and maintain defensible records.
It also tests whether you understand that governance and culture are inseparable from technical controls. Customer due diligence, monitoring, sanctions handling, and SAR processes will all weaken if responsibilities are unclear or if staff do not feel supported in raising concern.
| Section | Main exam angle |
|---|---|
| Relations with regulators | If the issue is supervisory interaction or expectations, separate the firm’s obligations from the regulator’s role |
| Specific responsibilities and governance roles | If ownership or accountability is unclear, governance is usually the decisive issue |
| Compliance and culture | If staff behaviour, challenge, or escalation is weak, culture is the real clue |
| Fintech and technology-enabled controls | If the firm is relying on digital tooling, ask whether technology improves control or creates dependency and blind spots |
| Customer due diligence and enhanced due diligence | If the client or structure is high risk, CDD and EDD intensity become central |
| Reporting obligations | If suspicion arises, think internal escalation, SAR obligations, and reporting discipline |
| Consent regimes | If the firm is considering whether to proceed with potentially suspicious activity, consent or DAML-style thinking may be central |
| Record-keeping obligations | If the question is about evidencing controls, decisions, or reviews, record keeping is the main issue |
Firms need to engage honestly and effectively with regulators and supervisors. The exam usually does not want performative “cooperation” language. It wants recognition that firms should maintain robust systems, respond accurately, and treat supervision as part of risk management rather than as an external nuisance.
This section tests role clarity. Boards, senior management, MLROs, compliance teams, operational staff, and control functions all have different duties. The stronger answer usually places responsibility where it belongs rather than moving everything to the compliance team.
Compliance culture shapes whether staff recognise red flags, challenge profitable but risky behaviour, and escalate when the facts are uncomfortable. The paper often rewards candidates who see weak culture as a control failure in its own right.
Technology can improve screening, monitoring, case management, alert handling, data analysis, and record retention. It can also create concentration risk, false reassurance, model weakness, or blind spots if the design is poor. The stronger answer usually balances benefit and dependency risk.
CDD and EDD sit at the heart of the private-sector response. The point is to know who the customer is, understand beneficial ownership and purpose, and apply stronger review where the relationship is higher risk. The exam often tests when the firm should go beyond standard checks.
Once suspicion arises, reporting discipline matters. Internal escalation, MLRO review, SAR submission where required, and careful handling of information are central. The exam usually tests what should happen next when concern is genuine, not what looks politically safest.
This section typically concerns the question of whether activity should proceed once a suspicion has been identified and reporting has occurred. The candidate does not need procedural over-detail. The key is to recognise that some cases require the firm to pause, escalate, and follow the proper legal route rather than simply proceeding because a client demands speed.
Records matter because firms must be able to demonstrate what they knew, what checks they performed, what decisions they took, and why. Good records support supervision, investigation, auditability, and internal learning.
flowchart TD
A["Customer or transaction enters firm"] --> B["CDD, EDD, screening, and monitoring"]
B --> C{"Suspicion or high-risk concern?"}
C -->|"No"| D["Ongoing review and record keeping"]
C -->|"Yes"| E["Internal escalation to MLRO or control function"]
E --> F["Reporting and proceed-or-pause decision through proper route"]
F --> G["Records, governance review, and control improvement"]
A firm’s transaction-monitoring tool flags a client relationship for repeated unusual payments and beneficial-ownership inconsistencies. Front-office staff want to proceed quickly because the client is commercially valuable. Which is the strongest immediate response?
Answer: B.
The correct response is escalation through the firm’s control framework, followed by reassessment and any reporting or proceed-or-pause decision required by the facts. Commercial importance does not remove the control duty.