Chapter 8 · Regulation & Ethics

4 exam questions · regulators globally, AML/CTF, insider trading & market abuse, CISI Code of Conduct
← Back to quiz
Why this chapter matters. 4 of 50 exam questions (8%). Trap zones: 3 stages of ML — Placement / Layering / Integration, SARs go to the FIU, not the police, Tipping-off = criminal offence, Special resolution 75% vs ordinary 50% (cross-ref Ch 3), Twin Peaks (UK) = PRA + FCA, Ordinary vs special ordinary vs unlawful disclosure vs manipulation, CISI Code = 8 principles.
📖 Related guide: AML thresholds across CISI exams — side-by-side comparison with UAE FRR and UK CFC.

8.1 Aims & models of regulation

The three universal aims syllabus 8.1

  1. Consumer protection — protect retail investors from unfair practices
  2. Market integrity — fair, orderly, transparent markets
  3. Financial stability — avoid systemic failures, protect payment systems

The UK FCA explicitly names three operational objectives that map directly to these.

Twin Peaks regulation syllabus 8.1

A model where two separate authorities handle different concerns:

  • Prudential regulator — focused on firm safety, capital, systemic risk
  • Conduct regulator — focused on consumer protection, market abuse, treating customers fairly

Used by the UK (PRA + FCA) and Australia (APRA + ASIC). Avoids the "single agency owning both prudential + conduct" conflict.

SROs (Self-Regulatory Organisations) syllabus 8.1

An industry body delegated supervisory / rule-making authority over its own members. Examples: FINRA (US broker-dealers), various stock exchanges.

Pros: industry expertise + faster rule-making. Cons: potential conflicts of interest, regulator-of-last-resort risk.

8.2 Global regulators

UK — FCA + PRA syllabus 8.1

FCA (Financial Conduct Authority): conduct supervision + prudential for firms outside PRA's remit. ~50,000 firms. Three operational objectives — protect consumers, market integrity, effective competition.

PRA (Prudential Regulation Authority): part of the Bank of England. Prudential supervision of banks, building societies, insurers, major investment firms (~1,500 firms). Focus = safety and soundness.

US — SEC (+ Fed, OCC, FDIC) syllabus 8.1

SEC (Securities and Exchange Commission): US securities markets regulator. Established 1934 after the 1929 crash. Enforces disclosure, anti-fraud, market-manipulation rules under the Securities Act 1933 + Securities Exchange Act 1934.

Banking is supervised separately by OCC, Federal Reserve, FDIC.

EU — ESMA syllabus 8.1

ESMA (European Securities and Markets Authority): EU-level regulator coordinating national supervisors (NCAs). Directly supervises credit rating agencies, trade repositories, benchmarks. Based in Paris.

Part of the ESAs alongside EBA (banking) and EIOPA (insurance).

MENA — SCA (UAE) + CMA (Saudi) syllabus 8.1

UAE SCA (Securities and Commodities Authority): federal UAE securities regulator. Covers onshore activity — ADX and DFM. Financial free zones (DIFC, ADGM) are separately regulated by DFSA and FSRA respectively. Three-tier UAE regulation.

Saudi CMA (Capital Market Authority): Saudi securities regulator. Oversees Tadawul, listed companies, brokers, asset managers. Banking is separately supervised by SAMA (Saudi Central Bank).

IOSCO — the global standard setter syllabus 8.1

IOSCO (International Organization of Securities Commissions): promotes cooperation among national securities regulators. Sets International Standards (IOSCO Principles). Members include US SEC, UK FCA, ESMA, UAE SCA, Saudi CMA, MAS (Singapore), HKMA (Hong Kong).

8.3 Money laundering — the three stages

Placement → Layering → Integration syllabus 8.2.1

Universal AML model. Each stage offers detection opportunities.

  1. PLACEMENT — introducing dirty cash into the financial system. Most exposed / detectable stage.
  2. LAYERING — a series of complex transactions to obscure the source (cross-border transfers, shell companies, trusts, layered ownership).
  3. INTEGRATION — the funds re-enter the legitimate economy as ostensibly clean wealth (real estate, businesses, securities, luxury goods).
Almost certain to appear as a "what are the three stages" question. Order matters — Placement is FIRST. It's also the RISKIEST stage for the launderer, so highest detection opportunity.

Placement — examples syllabus 8.2.1

Getting cash INTO the system:

  • Structuring / smurfing — multiple sub-threshold cash deposits below reporting limits
  • Cash-intensive business fronts (car washes, restaurants, laundromats)
  • Bureau de change / money service business
  • Buying high-value goods with cash (jewellery, art)
  • Gambling

Terrorist financing vs money laundering syllabus 8.2.1

Different flow, similar controls:

  • Money laundering: DIRTY funds → made to appear CLEAN
  • Terrorist financing: often CLEAN funds (salaries, donations) → directed to ILLEGITIMATE purposes

TF is often LOWER value (small operational costs can fund attacks) — harder to detect by transaction size alone. Same suspicious-activity reporting regime applies.

FATF — the global standard setter syllabus 8.2.1

Financial Action Task Force: inter-governmental body based at the OECD in Paris. Publishes the 40 Recommendations covering the risk-based approach, CDD, STR reporting, sanctions, and proliferation finance. Countries assessed via mutual evaluations. Non-compliant jurisdictions can be greylisted or blacklisted.

8.4 KYC, PEPs, SARs, tipping-off

KYC / CDD — Know Your Customer syllabus 8.2.1

Firms must IDENTIFY + VERIFY customer identity, understand the nature of the relationship and source of funds, and MONITOR ongoing activity for unusual patterns.

EDD (Enhanced Due Diligence) is required for higher-risk customers — PEPs, high-risk jurisdictions, unusual transaction patterns.

Politically Exposed Persons (PEPs) syllabus 8.2.1

A person entrusted with a PROMINENT PUBLIC FUNCTION — heads of state, senior politicians, military, judicial or central bank officials, senior executives of state-owned enterprises. Definition extends to CLOSE FAMILY and KNOWN CLOSE ASSOCIATES.

PEPs are higher-risk because their position offers corruption / bribery opportunities. Requires senior-management approval, source-of-wealth verification, enhanced ongoing monitoring.

Suspicious Activity Reports (SARs) syllabus 8.2.1

Confidential report filed with the national Financial Intelligence Unit (FIU) — NOT the police directly.

CountryFIU
UKNCA (National Crime Agency)
USFinCEN (Financial Crimes Enforcement Network)
UAEUAE FIU

Volume dwarfs successful prosecutions — but the data feeds intelligence + operations.

Tipping-off — a criminal offence syllabus 8.2.1

It is a CRIMINAL offence to tell a customer (or any unauthorised person) that a SAR has been filed about them, or that a money-laundering investigation is being (or may be) carried out.

Why customers should NEVER be told why a transaction has been refused or delayed. Use neutral phrasing. Significant prison-time penalties.

Frequently tested. If a Q asks "which is a criminal offence?" — tipping-off is often the answer, next to failing to file a SAR when suspicion arises.

Sanctions screening syllabus 8.2

Firms must SCREEN customers + transactions against sanctions lists (UN, US OFAC, UK OFSI, EU consolidated list) and BLOCK / REPORT matches. Screening must be live on onboarding AND ongoing — designated lists change frequently.

Breach penalties are enormous: BNP Paribas $8.9bn (2014) for sanctions violations.

Bribery syllabus 8.2.2

Offering, giving, receiving, or soliciting something of value to influence an official / business decision. Illegal virtually everywhere.

Key statutes: UK Bribery Act 2010, US FCPA (Foreign Corrupt Practices Act). Both have broad extraterritorial reach. Facilitation payments — small payments to speed routine services — are ILLEGAL under UK law but historically tolerated under US FCPA (now tightening).

8.5 Insider trading & market abuse

Inside information — four tests syllabus 8.3.1

Information that is:

  1. Precise
  2. Not publicly available
  3. Relates to issuers / financial instruments
  4. Would have a significant effect on price if made public

All four tests must be met. Examples: M&A talks, profit warnings, regulatory decisions, large contracts, leadership departures.

Insider dealing — three behaviours syllabus 8.3.1

  1. DEALING on inside information
  2. ENCOURAGING / inducing another to deal
  3. DISCLOSING inside information improperly

Criminal offence under UK Criminal Justice Act 1993 + civil offence under MAR. Significant prison time + unlimited fines.

Market abuse — three categories syllabus 8.3.2

EU/UK Market Abuse Regulation (MAR) covers:

  1. Insider dealing
  2. Unlawful disclosure of inside information
  3. Market manipulation — wash trades, spoofing, layering, pump-and-dump, rumour spreading

Spoofing / layering syllabus 8.3.2

Placing orders with the INTENTION to cancel before execution — to create a false impression of demand / supply and move the market in the direction of a separately-placed real trade.

Illegal under Dodd-Frank (US, 2010) + MAR (EU/UK). Notable prosecutions: Navinder Sarao (Flash Crash 2010), various JP Morgan precious-metals traders.

Wash trades syllabus 8.3.2

SAME beneficial owner on both sides of a trade — creates the APPEARANCE of activity / liquidity without any change in beneficial ownership. Inflates apparent volume, misleads other participants. A major problem in less-regulated cryptocurrency exchanges.

Pump and dump syllabus 8.3.2

Disseminating false / misleading information to ARTIFICIALLY INFLATE the price of a security (often a thinly-traded small-cap), then SELLING the manipulator's holding at the inflated price before the price collapses.

Crypto era brought a new wave of pump-and-dumps via Telegram / Discord channels.

Front-running syllabus 8.3.2

A broker / trader PERSONALLY trades on advance knowledge of a CLIENT's pending large order — profiting from the price impact the client order is expected to cause. Breach of fiduciary duty + market abuse.

8.6 Integrity, ethics & the CISI Code

Ethics vs regulation syllabus 8.1.4

Regulation sets the LEGAL FLOOR. Ethics asks what is RIGHT — including in situations not covered by specific rules. A behaviour can be legal but unethical.

Managing conflicts of interest syllabus 8.4

Three-step response:

  1. Identify the conflict
  2. Disclose to affected parties
  3. Manage via appropriate controls (information barriers, segregation of duties, mandatory recusal)

Where the conflict CANNOT be adequately managed, decline the engagement.

Information barriers ("Chinese walls") syllabus 8.4

Organisational, physical, or systems-based controls that PREVENT the flow of confidential / market-sensitive information between business units with potential conflicts (e.g. corporate finance advice vs trading vs research).

Implemented via system access controls, physical separation, segregated email, wall-crossing procedures.

CISI Code of Conduct — 8 principles syllabus 8.1.3

Broadly summarised:

  1. Act with integrity
  2. Put client interests first
  3. Exercise reasonable care, diligence and competence
  4. Maintain confidentiality
  5. Manage conflicts of interest
  6. Comply with rules and regulatory standards
  7. Treat people fairly
  8. Support and respect colleagues

Confidentiality — with lawful exceptions syllabus 8.4.1

Default: lock it down. Do NOT disclose confidential client information without consent.

Lawful exceptions where disclosure IS required: regulatory demands (SARs, regulator information requests), court orders, fraud prevention. Modern data-protection laws (GDPR + equivalents) add layered rules on personal data.

Whistleblowing syllabus 8.4

Employees / others who raise genuine concerns about misconduct can do so via PROTECTED channels — regulator hotlines, internal mechanisms. LEGAL PROTECTION against retaliation.

Key regimes: UK Public Interest Disclosure Act 1998, US Dodd-Frank § 922 (with bounty awards), EU Whistleblower Directive 2019.

TCF and the Consumer Duty syllabus 8.4

Treating Customers Fairly (TCF): FCA principles requiring firms to embed fair treatment throughout the customer lifecycle. Six outcomes covering suitable products, clear information, appropriate advice, fair complaint handling.

Consumer Duty (2023): replaced/elevated TCF. Firms must "act to deliver good outcomes" for retail customers — four outcomes pillars: products & services, price & value, consumer understanding, consumer support. Higher bar than TCF: proactive, evidence-based, outcomes-focused.

Vulnerable customers syllabus 8.4

FCA defines vulnerability across four drivers: health, life events, capability, resilience. ~50% of UK adults show characteristics of vulnerability. Consumer Duty requires firms to monitor outcomes for vulnerable customers + prevent foreseeable harm.

Continuing Professional Development (CPD) syllabus 8.4

Ongoing structured learning to keep knowledge current in a fast-changing industry. CISI members: minimum ~35 hours per year, portion of which must be structured. Recorded and reportable. Failure to comply can lead to membership lapse.

8.7 All the numbers (cheat sheet)

Ch 8 cheat sheet chapter compression

ConceptRule / value
Three universal regulator aimsConsumer protection · Market integrity · Financial stability
UK Twin PeaksPRA (prudential) + FCA (conduct)
US securities regulatorSEC (est. 1934)
EU securities regulatorESMA (Paris)
UAE onshore regulatorSCA (DIFC = DFSA, ADGM = FSRA)
Saudi securities regulatorCMA (banking = SAMA)
Global standard setter (securities)IOSCO
Global standard setter (AML)FATF — 40 Recommendations
3 stages of MLPlacement → Layering → Integration
SAR filed withNational FIU (UK: NCA · US: FinCEN)
Tipping-offCRIMINAL offence
PEP EDD requiredYes + senior mgmt sign-off + source of wealth
Sanctions record fine (BNPP 2014)$8.9bn
UK Bribery Act year2010
Inside info — 4 testsPrecise, non-public, relates to issuer, price-material
Insider dealing — 3 behavioursDealing, encouraging, disclosing
Market abuse — 3 categoriesInsider dealing, unlawful disclosure, manipulation
Spoofing definitionOrders placed intending to cancel
CISI Code — number of principles8
UK Consumer Duty year2023
Vulnerability — 4 driversHealth · Life events · Capability · Resilience
CISI CPD minimum (annual)~35 hours
22 lines. Recall these and Ch 8's 4 exam Qs are yours.