8.1 Aims & models of regulation
▼The three universal aims syllabus 8.1
- Consumer protection — protect retail investors from unfair practices
- Market integrity — fair, orderly, transparent markets
- Financial stability — avoid systemic failures, protect payment systems
The UK FCA explicitly names three operational objectives that map directly to these.
Twin Peaks regulation syllabus 8.1
A model where two separate authorities handle different concerns:
- Prudential regulator — focused on firm safety, capital, systemic risk
- Conduct regulator — focused on consumer protection, market abuse, treating customers fairly
Used by the UK (PRA + FCA) and Australia (APRA + ASIC). Avoids the "single agency owning both prudential + conduct" conflict.
SROs (Self-Regulatory Organisations) syllabus 8.1
An industry body delegated supervisory / rule-making authority over its own members. Examples: FINRA (US broker-dealers), various stock exchanges.
Pros: industry expertise + faster rule-making. Cons: potential conflicts of interest, regulator-of-last-resort risk.
8.2 Global regulators
▼UK — FCA + PRA syllabus 8.1
FCA (Financial Conduct Authority): conduct supervision + prudential for firms outside PRA's remit. ~50,000 firms. Three operational objectives — protect consumers, market integrity, effective competition.
PRA (Prudential Regulation Authority): part of the Bank of England. Prudential supervision of banks, building societies, insurers, major investment firms (~1,500 firms). Focus = safety and soundness.
US — SEC (+ Fed, OCC, FDIC) syllabus 8.1
SEC (Securities and Exchange Commission): US securities markets regulator. Established 1934 after the 1929 crash. Enforces disclosure, anti-fraud, market-manipulation rules under the Securities Act 1933 + Securities Exchange Act 1934.
Banking is supervised separately by OCC, Federal Reserve, FDIC.
EU — ESMA syllabus 8.1
ESMA (European Securities and Markets Authority): EU-level regulator coordinating national supervisors (NCAs). Directly supervises credit rating agencies, trade repositories, benchmarks. Based in Paris.
Part of the ESAs alongside EBA (banking) and EIOPA (insurance).
MENA — SCA (UAE) + CMA (Saudi) syllabus 8.1
UAE SCA (Securities and Commodities Authority): federal UAE securities regulator. Covers onshore activity — ADX and DFM. Financial free zones (DIFC, ADGM) are separately regulated by DFSA and FSRA respectively. Three-tier UAE regulation.
Saudi CMA (Capital Market Authority): Saudi securities regulator. Oversees Tadawul, listed companies, brokers, asset managers. Banking is separately supervised by SAMA (Saudi Central Bank).
IOSCO — the global standard setter syllabus 8.1
IOSCO (International Organization of Securities Commissions): promotes cooperation among national securities regulators. Sets International Standards (IOSCO Principles). Members include US SEC, UK FCA, ESMA, UAE SCA, Saudi CMA, MAS (Singapore), HKMA (Hong Kong).
8.3 Money laundering — the three stages
▼Placement → Layering → Integration syllabus 8.2.1
Universal AML model. Each stage offers detection opportunities.
- PLACEMENT — introducing dirty cash into the financial system. Most exposed / detectable stage.
- LAYERING — a series of complex transactions to obscure the source (cross-border transfers, shell companies, trusts, layered ownership).
- INTEGRATION — the funds re-enter the legitimate economy as ostensibly clean wealth (real estate, businesses, securities, luxury goods).
Placement — examples syllabus 8.2.1
Getting cash INTO the system:
- Structuring / smurfing — multiple sub-threshold cash deposits below reporting limits
- Cash-intensive business fronts (car washes, restaurants, laundromats)
- Bureau de change / money service business
- Buying high-value goods with cash (jewellery, art)
- Gambling
Terrorist financing vs money laundering syllabus 8.2.1
Different flow, similar controls:
- Money laundering: DIRTY funds → made to appear CLEAN
- Terrorist financing: often CLEAN funds (salaries, donations) → directed to ILLEGITIMATE purposes
TF is often LOWER value (small operational costs can fund attacks) — harder to detect by transaction size alone. Same suspicious-activity reporting regime applies.
FATF — the global standard setter syllabus 8.2.1
Financial Action Task Force: inter-governmental body based at the OECD in Paris. Publishes the 40 Recommendations covering the risk-based approach, CDD, STR reporting, sanctions, and proliferation finance. Countries assessed via mutual evaluations. Non-compliant jurisdictions can be greylisted or blacklisted.
8.4 KYC, PEPs, SARs, tipping-off
▼KYC / CDD — Know Your Customer syllabus 8.2.1
Firms must IDENTIFY + VERIFY customer identity, understand the nature of the relationship and source of funds, and MONITOR ongoing activity for unusual patterns.
EDD (Enhanced Due Diligence) is required for higher-risk customers — PEPs, high-risk jurisdictions, unusual transaction patterns.
Politically Exposed Persons (PEPs) syllabus 8.2.1
A person entrusted with a PROMINENT PUBLIC FUNCTION — heads of state, senior politicians, military, judicial or central bank officials, senior executives of state-owned enterprises. Definition extends to CLOSE FAMILY and KNOWN CLOSE ASSOCIATES.
PEPs are higher-risk because their position offers corruption / bribery opportunities. Requires senior-management approval, source-of-wealth verification, enhanced ongoing monitoring.
Suspicious Activity Reports (SARs) syllabus 8.2.1
Confidential report filed with the national Financial Intelligence Unit (FIU) — NOT the police directly.
| Country | FIU |
|---|---|
| UK | NCA (National Crime Agency) |
| US | FinCEN (Financial Crimes Enforcement Network) |
| UAE | UAE FIU |
Volume dwarfs successful prosecutions — but the data feeds intelligence + operations.
Tipping-off — a criminal offence syllabus 8.2.1
It is a CRIMINAL offence to tell a customer (or any unauthorised person) that a SAR has been filed about them, or that a money-laundering investigation is being (or may be) carried out.
Why customers should NEVER be told why a transaction has been refused or delayed. Use neutral phrasing. Significant prison-time penalties.
Sanctions screening syllabus 8.2
Firms must SCREEN customers + transactions against sanctions lists (UN, US OFAC, UK OFSI, EU consolidated list) and BLOCK / REPORT matches. Screening must be live on onboarding AND ongoing — designated lists change frequently.
Breach penalties are enormous: BNP Paribas $8.9bn (2014) for sanctions violations.
Bribery syllabus 8.2.2
Offering, giving, receiving, or soliciting something of value to influence an official / business decision. Illegal virtually everywhere.
Key statutes: UK Bribery Act 2010, US FCPA (Foreign Corrupt Practices Act). Both have broad extraterritorial reach. Facilitation payments — small payments to speed routine services — are ILLEGAL under UK law but historically tolerated under US FCPA (now tightening).
8.5 Insider trading & market abuse
▼Inside information — four tests syllabus 8.3.1
Information that is:
- Precise
- Not publicly available
- Relates to issuers / financial instruments
- Would have a significant effect on price if made public
All four tests must be met. Examples: M&A talks, profit warnings, regulatory decisions, large contracts, leadership departures.
Insider dealing — three behaviours syllabus 8.3.1
- DEALING on inside information
- ENCOURAGING / inducing another to deal
- DISCLOSING inside information improperly
Criminal offence under UK Criminal Justice Act 1993 + civil offence under MAR. Significant prison time + unlimited fines.
Market abuse — three categories syllabus 8.3.2
EU/UK Market Abuse Regulation (MAR) covers:
- Insider dealing
- Unlawful disclosure of inside information
- Market manipulation — wash trades, spoofing, layering, pump-and-dump, rumour spreading
Spoofing / layering syllabus 8.3.2
Placing orders with the INTENTION to cancel before execution — to create a false impression of demand / supply and move the market in the direction of a separately-placed real trade.
Illegal under Dodd-Frank (US, 2010) + MAR (EU/UK). Notable prosecutions: Navinder Sarao (Flash Crash 2010), various JP Morgan precious-metals traders.
Wash trades syllabus 8.3.2
SAME beneficial owner on both sides of a trade — creates the APPEARANCE of activity / liquidity without any change in beneficial ownership. Inflates apparent volume, misleads other participants. A major problem in less-regulated cryptocurrency exchanges.
Pump and dump syllabus 8.3.2
Disseminating false / misleading information to ARTIFICIALLY INFLATE the price of a security (often a thinly-traded small-cap), then SELLING the manipulator's holding at the inflated price before the price collapses.
Crypto era brought a new wave of pump-and-dumps via Telegram / Discord channels.
Front-running syllabus 8.3.2
A broker / trader PERSONALLY trades on advance knowledge of a CLIENT's pending large order — profiting from the price impact the client order is expected to cause. Breach of fiduciary duty + market abuse.
8.6 Integrity, ethics & the CISI Code
▼Ethics vs regulation syllabus 8.1.4
Regulation sets the LEGAL FLOOR. Ethics asks what is RIGHT — including in situations not covered by specific rules. A behaviour can be legal but unethical.
Managing conflicts of interest syllabus 8.4
Three-step response:
- Identify the conflict
- Disclose to affected parties
- Manage via appropriate controls (information barriers, segregation of duties, mandatory recusal)
Where the conflict CANNOT be adequately managed, decline the engagement.
Information barriers ("Chinese walls") syllabus 8.4
Organisational, physical, or systems-based controls that PREVENT the flow of confidential / market-sensitive information between business units with potential conflicts (e.g. corporate finance advice vs trading vs research).
Implemented via system access controls, physical separation, segregated email, wall-crossing procedures.
CISI Code of Conduct — 8 principles syllabus 8.1.3
Broadly summarised:
- Act with integrity
- Put client interests first
- Exercise reasonable care, diligence and competence
- Maintain confidentiality
- Manage conflicts of interest
- Comply with rules and regulatory standards
- Treat people fairly
- Support and respect colleagues
Confidentiality — with lawful exceptions syllabus 8.4.1
Default: lock it down. Do NOT disclose confidential client information without consent.
Lawful exceptions where disclosure IS required: regulatory demands (SARs, regulator information requests), court orders, fraud prevention. Modern data-protection laws (GDPR + equivalents) add layered rules on personal data.
Whistleblowing syllabus 8.4
Employees / others who raise genuine concerns about misconduct can do so via PROTECTED channels — regulator hotlines, internal mechanisms. LEGAL PROTECTION against retaliation.
Key regimes: UK Public Interest Disclosure Act 1998, US Dodd-Frank § 922 (with bounty awards), EU Whistleblower Directive 2019.
TCF and the Consumer Duty syllabus 8.4
Treating Customers Fairly (TCF): FCA principles requiring firms to embed fair treatment throughout the customer lifecycle. Six outcomes covering suitable products, clear information, appropriate advice, fair complaint handling.
Consumer Duty (2023): replaced/elevated TCF. Firms must "act to deliver good outcomes" for retail customers — four outcomes pillars: products & services, price & value, consumer understanding, consumer support. Higher bar than TCF: proactive, evidence-based, outcomes-focused.
Vulnerable customers syllabus 8.4
FCA defines vulnerability across four drivers: health, life events, capability, resilience. ~50% of UK adults show characteristics of vulnerability. Consumer Duty requires firms to monitor outcomes for vulnerable customers + prevent foreseeable harm.
Continuing Professional Development (CPD) syllabus 8.4
Ongoing structured learning to keep knowledge current in a fast-changing industry. CISI members: minimum ~35 hours per year, portion of which must be structured. Recorded and reportable. Failure to comply can lead to membership lapse.
8.7 All the numbers (cheat sheet)
▼Ch 8 cheat sheet chapter compression
| Concept | Rule / value |
|---|---|
| Three universal regulator aims | Consumer protection · Market integrity · Financial stability |
| UK Twin Peaks | PRA (prudential) + FCA (conduct) |
| US securities regulator | SEC (est. 1934) |
| EU securities regulator | ESMA (Paris) |
| UAE onshore regulator | SCA (DIFC = DFSA, ADGM = FSRA) |
| Saudi securities regulator | CMA (banking = SAMA) |
| Global standard setter (securities) | IOSCO |
| Global standard setter (AML) | FATF — 40 Recommendations |
| 3 stages of ML | Placement → Layering → Integration |
| SAR filed with | National FIU (UK: NCA · US: FinCEN) |
| Tipping-off | CRIMINAL offence |
| PEP EDD required | Yes + senior mgmt sign-off + source of wealth |
| Sanctions record fine (BNPP 2014) | $8.9bn |
| UK Bribery Act year | 2010 |
| Inside info — 4 tests | Precise, non-public, relates to issuer, price-material |
| Insider dealing — 3 behaviours | Dealing, encouraging, disclosing |
| Market abuse — 3 categories | Insider dealing, unlawful disclosure, manipulation |
| Spoofing definition | Orders placed intending to cancel |
| CISI Code — number of principles | 8 |
| UK Consumer Duty year | 2023 |
| Vulnerability — 4 drivers | Health · Life events · Capability · Resilience |
| CISI CPD minimum (annual) | ~35 hours |