Diploma in Investment Compliance (Level 6)

Correct: Under Section 5(b)(1) of the Investment Company Act of 1940, a diversified company must have at least 75% of its total assets in cash and securities, limited to 5% per issuer.

Correct: Under United States law, the Investment Advisers Act of 1940 requires registration for any person or firm that provides investment advice for compensation. While broker-dealers have a ‘solely incidental’ exclusion, receiving ‘special compensation’ like an assets-under-management fee typically triggers the requirement to register as an Investment Adviser.

Correct: Under US federal regulations, a SAR must be filed within 30 days of detection if a suspect is identified. Identifying the delay as a failure and recommending a workflow review addresses the specific regulatory breach and seeks to prevent future non-compliance.

Correct: The internal auditor’s role is to provide assurance on the effectiveness of disclosure controls and procedures. By identifying the root cause of the communication failure, the auditor helps management strengthen the process for identifying and reporting material events as required by the Securities Exchange Act of 1934.

Correct: SEC Rule 15c3-5 requires broker-dealers with market access to implement risk management controls and supervisory procedures that are under their direct and exclusive control. This mandate ensures that the broker-dealer prevents the entry of orders that exceed pre-set credit or capital limits, which is essential for maintaining market integrity and firm stability.

Correct: Under US federal securities laws, specifically the Securities Exchange Act of 1934, market manipulation includes activities like spoofing that involve placing and then canceling orders to create a false impression of market demand. A surveillance system that only captures executed trades fails to monitor the order book activity necessary to identify these manipulative patterns, representing a fundamental weakness in the firm’s compliance framework.

Correct: National securities exchanges in the United States are designated as Self-Regulatory Organizations (SROs) under the Securities Exchange Act of 1934. This status allows them to create and enforce rules for their members, provided those rules are consistent with SEC regulations. Internal auditors must verify that the firm has controls to comply with these specific exchange rules in addition to federal laws.

Correct: Under United States AML regulations and the Bank Secrecy Act, financial institutions are required to maintain programs capable of detecting and reporting suspicious activities that may signify money laundering. This obligation extends beyond simple cash reporting to include the monitoring of all transaction types, such as wire transfers, for patterns like structuring or layering. An effective program must be designed to identify and report these activities via Suspicious Activity Reports (SARs) to FinCEN, regardless of the specific dollar amount if the activity is deemed suspicious.

Incorrect: Relying solely on the capture of cash transactions for Currency Transaction Reports fails to address the broader regulatory mandate to detect and report all forms of suspicious financial activity. Simply conducting a manual review once a year is inadequate for the timely detection and reporting required by federal law, which generally requires SAR filing within 30 days of detection. Choosing to increase the reporting threshold to reduce alerts is a violation of the fixed $10,000 regulatory requirement for cash reporting and would likely lead to a failure in identifying significant suspicious activity.

Takeaway: United States AML programs must monitor all transaction types, including wire transfers, to satisfy federal Suspicious Activity Report (SAR) filing requirements.

Correct: Under the Investment Company Act of 1940, any investment company offering securities to the public must register with the Securities and Exchange Commission (SEC). The auditor must ensure the registration statement is not only filed but also declared effective by the SEC before the fund commences sales.

Correct: Under the Sarbanes-Oxley Act and SEC rules, the audit committee of a listed company is mandated to be directly responsible for the appointment, compensation, and oversight of the external auditor. This requirement is designed to enhance the independence of the audit process by removing the external auditor’s reliance on management for their tenure and pay.

Correct: The New York Stock Exchange (NYSE) requires listed companies to have a compensation committee composed entirely of independent directors. This requirement is part of the broader corporate governance standards designed to protect shareholder interests and ensure executive pay is determined without conflicts of interest.

Incorrect: Establishing a mandatory retirement age for directors is a matter of individual company policy rather than a requirement of the exchange. Requiring the Chief Executive Officer to serve as Chairman is not a listing standard and often contradicts best practices for independent oversight. Having the internal audit function report to the Chief Financial Officer would impair independence and violate the requirement for the function to provide objective oversight to the audit committee.

Correct: Under United States law and SEC regulations, the Board of Directors has a fiduciary duty to oversee the company’s affairs, which includes ensuring a functional internal control system. While committees perform specific tasks to increase efficiency, the full Board remains accountable for the overall effectiveness of the governance and risk management frameworks. This oversight ensures that management is held responsible for maintaining controls that protect investor interests and ensure accurate financial reporting.

Incorrect: The approach of transferring all legal liability to a committee is incorrect because fiduciary duties to shareholders cannot be fully abdicated through delegation. Relying on the Board for direct implementation of controls confuses the oversight role of the Board with the execution role of management. Simply focusing on the signing of certifications by executives is insufficient, as the Board must provide active oversight of the processes that lead to those certifications rather than just the signatures themselves.

Takeaway: The Board of Directors maintains ultimate accountability for internal control oversight regardless of delegation to specific committees or management.

Correct: Evaluating the underlying logic of surveillance parameters is essential to ensure that controls are designed to detect specific manipulative behaviors like layering or spoofing. This approach confirms that the system can differentiate between high-frequency trading strategies and prohibited market abuse under the Securities Exchange Act of 1934.

Correct: Under SEC Rule 14a-8, if a company intends to exclude a shareholder proposal from its proxy materials, it must file its reasons with the Securities and Exchange Commission. Seeking a no-action letter is the standard regulatory process in the United States to confirm that the SEC staff will not recommend enforcement action if the proposal is omitted based on specific permitted exclusions, such as duplication or lack of relevance.

Incorrect: Relying on a 1 percent ownership threshold is incorrect because the SEC uses specific tiered dollar amounts based on holding duration rather than a flat percentage of total outstanding shares. The strategy of using supplemental ballots for specific investor classes violates the principle of equitable treatment of shareholders and established SEC proxy rules. Choosing to reject a proposal solely by citing the business judgment rule is insufficient, as the company must still adhere to the procedural requirements and specific exclusion criteria defined by federal securities laws.

Takeaway: U.S. public companies must follow formal SEC no-action procedures to legally exclude eligible shareholder proposals from their proxy materials.

Correct: Under Section 5(b)(1) of the Investment Company Act of 1940, a diversified fund must ensure that at least 75% of its total assets are represented by cash, government securities, and other securities limited to 5% of the fund’s total assets per issuer. This ’75/5/10′ rule is applied at the time of acquisition. If a position exceeds these limits solely due to market appreciation (a passive breach), the fund does not lose its diversified status and is not required to sell the shares, though it cannot make further purchases of that security until it falls back within the limits.

Incorrect: The strategy of requiring immediate liquidation fails to recognize the distinction between active and passive breaches under U.S. federal securities law. Simply reclassifying the fund as non-diversified is an unnecessary and potentially permanent change to the fund’s fundamental investment policy which requires shareholder approval. Focusing only on the 10% threshold as an automatic disqualifier ignores the fact that the 1940 Act allows for fluctuations caused by market movements rather than intentional investment actions.

Takeaway: U.S. diversification requirements for mutual funds are tested at the time of purchase, allowing for passive breaches caused by market appreciation.

Correct: This substantive testing approach directly identifies potential control failures by checking if employees traded on information before it was restricted or made public. It provides empirical evidence of whether the information barrier successfully prevented prohibited trading activity by correlating confidential deal timelines with actual trading behavior.

Correct: Under SEC Rule 15c3-5, broker-dealers providing access to US exchanges must have financial and regulatory risk management controls under their direct and exclusive control. Relying on third-party or exchange-level controls is insufficient because the broker-dealer is legally responsible for all orders submitted under its identifier and must prevent erroneous entries systematically.

Correct: SEC Regulation S-X and US GAAP require companies to evaluate material events occurring after the balance sheet date but before the financial statements are issued. Internal audit’s role is to ensure that management’s controls identify these subsequent events and determine the appropriate accounting treatment—either adjusting the financial statements or providing a disclosure in the notes—to ensure the 10-K is not misleading and complies with the Securities Exchange Act of 1934.

Incorrect: The strategy of deferring material information to a later quarterly filing risks violating federal law, which requires timely and accurate disclosure of material facts in the current reporting period. Simply issuing a Form 8-K does not relieve the registrant of the obligation to include material information in the annual 10-K report if the event occurs before the filing date. Choosing to have internal audit participate in management decision-making or voting on committees impairs the auditor’s independence and violates professional standards regarding the separation of audit and management functions.

Takeaway: Internal auditors must verify that management’s disclosure controls effectively capture and report material subsequent events in accordance with SEC regulations.

Correct: The Securities Exchange Act of 1934 requires entities effecting securities transactions for others or themselves to register as broker-dealers with the SEC and join an SRO.

Incorrect: Focusing only on Form 13F filings is incorrect because this requirement pertains to institutional investment managers disclosing holdings, not the fundamental registration required to execute trades. The strategy of registering as a Transfer Agent is misplaced as these entities maintain ownership records rather than executing trades in the secondary market. Choosing to obtain a banking charter from the Federal Reserve is a separate regulatory process and does not satisfy the specific registration requirements for broker-dealers.

Correct: Under the Securities Exchange Act of 1934 and the Dodd-Frank Act, spoofing and layering are illegal manipulative practices. Internal auditors must verify that the firm’s automated surveillance controls are specifically designed and functioning to detect these non-bona fide orders that distort market prices.

Correct: Section 301 of the Sarbanes-Oxley Act and related SEC rules mandate that every member of a listed company’s audit committee must be independent. Furthermore, the committee must have the explicit authority to engage independent counsel and other advisers as it deems necessary to carry out its duties.

Correct: SEC Rule 15c3-5, also known as the Market Access Rule, requires broker-dealers with market access to implement risk management controls that prevent the entry of orders that exceed pre-set capital or credit thresholds or are otherwise erroneous.

Correct: Form PF requires specific, standardized reporting of fund strategies to the SEC under the Dodd-Frank Act. A cross-functional data governance committee ensures that different departments, such as risk and compliance, are aligned on regulatory definitions. This alignment is essential for accurate reporting and prevents the data silos that led to the filing error.

Incorrect: Relying on internal risk definitions that conflict with SEC instructions will lead to continued non-compliance and potential regulatory penalties for inaccurate disclosure. Simply stopping the trading activity is an extreme business disruption that fails to address the underlying data governance failure. The strategy of having internal audit prepare the filings violates the core principle of auditor independence and creates a conflict of interest by having the auditor perform management functions.

Takeaway: Effective regulatory reporting requires standardized data governance and cross-departmental alignment to meet SEC disclosure requirements accurately.

Correct: Under the Investment Company Act of 1940, any investment company intending to offer shares to the public must register with the SEC. Form N-1A is the specific filing used by open-end management companies to provide the required disclosures and prospectus to potential investors.

Correct: Under US securities laws and FINRA rules, layering is a prohibited form of market manipulation. The internal auditor’s role is to evaluate whether the firm’s internal controls, specifically surveillance systems, are effectively designed and operating to identify and escalate such deceptive practices to ensure compliance with the Securities Exchange Act of 1934.

Correct: When a listed company in the United States falls below the quantitative listing requirements of an exchange like Nasdaq, it is required to notify the exchange promptly. The exchange typically grants a cure period, during which the company must provide a plan to regain compliance, such as through a secondary offering or other capital restructuring, to avoid delisting.

Incorrect: The strategy of halting trading is an extreme measure typically reserved for material non-public information disclosures and is not a standard remedy for quantitative listing deficiencies. Simply reclassifying restricted shares held by insiders is a violation of exchange definitions, as the public float specifically excludes shares held by officers, directors, or large shareholders. Opting to delay disclosure until an SEC notice is received ignores the immediate reporting obligations to the exchange and increases the risk of involuntary delisting and loss of investor confidence.

Takeaway: Companies must proactively monitor exchange listing standards and engage in transparent communication with exchange authorities to resolve quantitative deficiencies within established timeframes.

Correct: The FCA Principles for Businesses require firms to conduct business with integrity and maintain an open, cooperative relationship with the regulator. Exploiting leaked government fiscal policy information regarding social welfare funding constitutes a significant breach of market integrity and professional standards. Under Principle 11, the firm must disclose this matter to the FCA as it represents a material concern regarding the firm’s reputation and the fairness of the UK financial system.

Incorrect: The strategy of recalibrating the model to meet technical parameters fails to address the underlying ethical breach of using confidential government data. Focusing only on the internal whistleblowing process under SYSC 18 is insufficient because it ignores the mandatory requirement to report potential market abuse to the regulator. The method of prioritizing the distribution of profits to clients does not mitigate the regulatory failure of exploiting fiscal policy shifts for unfair gain.

Takeaway: Firms must report integrity breaches involving government fiscal data to the FCA to maintain market confidence and regulatory compliance.

Correct: Under the FCA Threshold Conditions (COND 2.5), a firm must satisfy the regulator that it is fit and proper, which includes having management with adequate experience and integrity. By suspending access and investigating, the firm demonstrates it is taking active steps to maintain its suitability and protect its business model. Notifying the regulator is essential if the firm believes it may no longer satisfy a threshold condition due to internal governance failures.

Incorrect: The strategy of reassigning the officer to a different department fails to address the underlying integrity risk and the potential breach of the suitability threshold condition. Focusing only on automated blocks and remedial training treats the issue as a technical error rather than a fundamental failure of professional standards and governance. Choosing to seek retrospective waivers for policy breaches is a regulatory failure that directly contradicts the requirement for firms to conduct business with integrity.

Takeaway: Firms must maintain high standards of integrity and effective supervision to continuously satisfy the FCA’s suitability threshold conditions for authorisation.

Correct: The Financial Conduct Authority requires firms to provide clear disclosure regarding the nature of their advice, specifically whether it is independent or restricted under COBS 6. Under the Consumer Duty, firms must also ensure that suitability assessments are robust and that products are targeted at the correct consumer group to deliver good outcomes. This approach ensures that the firm meets the high standards of the Consumer Principle by proactively monitoring client outcomes and maintaining rigorous assessment standards.

Incorrect: Relying on historical suitability reports for up to twenty-four months fails to account for changes in client circumstances and violates the requirement for current assessments. The strategy of using broad risk buckets and assuming high-net-worth retail clients possess professional-level knowledge ignores the FCA’s specific protections for all retail categories. Focusing only on the delivery of Key Information Documents as the primary disclosure method neglects the broader obligation to ensure the client understands how a specific recommendation fits their unique financial needs.

Takeaway: Firms must combine clear disclosure of advice status with rigorous, individualized suitability assessments to meet the FCA Consumer Duty standards.

Correct: Under FCA COBS 6.1A and MiFID II requirements, firms must provide clients with a comprehensive breakdown of all costs and charges. This includes specific disclosure of adviser charges and any permitted third-party inducements. The disclosure must be provided both before the service is rendered and through a personalised annual statement. This ensures the client understands the total cost of investing and how the firm is compensated. Under the Consumer Duty, this transparency is essential to demonstrate that the product or service provides fair value to the retail customer.

Incorrect: Relying solely on the total aggregate percentage fails to meet the regulatory requirement for granular itemisation of specific cost components. The strategy of providing detailed breakdowns only upon a specific client request ignores the mandate for proactive, periodic disclosure. Focusing only on initial disclosures in the Terms of Business is insufficient because firms must provide actual, personalised cost data on an annual basis. Opting to omit third-party payment details because they fall within a mandate violates the principle of transparency regarding potential conflicts of interest and compensation structures.

Takeaway: Firms must provide proactive, itemised, and personalised disclosures of all compensation and costs both before and after providing investment services.