CIRE practice questions: ethics and conduct (Element 9)

10 free questions

Click a question to reveal the answer and the explanation. The full bank includes an AI tutor on every wrong answer with the rule citation behind the question.

1. 1

   A registered representative receives a phishing email appearing to come from CIRO requesting that she log in to a portal and verify her account credentials. She clicks the link, enters her username and password, and the next day discovers her access to firm systems has been used to view confidential client data. Under CIRO's cybersecurity and privacy framework, which obligation is most directly triggered?

   Outcome 9.1 · click for answer

   A.The representative must file a large cash transaction report because client data may have been used for financial gain.

   B.The dealer member must assess whether the incident constitutes a privacy breach requiring notification to affected clients and potentially to the Office of the Privacy Commissioner, in addition to notifying CIRO of the cybersecurity incident per applicable CIRO requirements.Correct

   C.No regulatory obligation arises unless the attacker actually transfers client funds.

   D.The obligation is limited to resetting the representative's password and documenting the incident internally.

   Under PIPEDA (and its provincial equivalents) and CIRO's cybersecurity and recordkeeping obligations, unauthorized access to client personal information constitutes a potential privacy breach that may require notification to affected individuals and the Office of the Privacy Commissioner if there is a real risk of significant harm. CIRO rules also require dealer members to have incident response procedures and to notify CIRO of material cybersecurity events. An attacker gaining access to confidential client data triggers these obligations well before any fund transfer occurs.

2. 2

   Under CIRO's recordkeeping requirements, for how long must a dealer member generally retain records related to client accounts and transactions?

   Outcome 9.2 · click for answer

   A.Records must be retained for a minimum of one year from the date of the transaction.

   B.Records must be retained for a minimum of seven years, with certain records accessible for the first two years.Correct

   C.Records need only be retained until the client relationship ends.

   D.Records must be retained for 25 years to align with the provincial statutes of limitations for civil claims.

   CIRO's recordkeeping rules generally require dealer members to retain books and records related to client accounts and transactions for a minimum of seven years, with records from the most recent period remaining readily accessible. This retention period supports both regulatory examinations and client dispute resolution. Retention ending at the close of the client relationship or after only one year would be inconsistent with the multi-year investigative and litigation windows that regulators and courts apply.

3. 3

   Under IDPC Rule 1201, a 'material conflict of interest' is defined as a conflict that could be expected to affect what?

   Outcome 9.2 · click for answer

   A.The dealer's regulatory capital ratios by more than 5%.

   B.The registrant's compensation in any calendar quarter.

   C.The decisions made by a reasonable client, or that a reasonable client would expect to be told about.Correct

   D.The suitability assessment of at least 10% of the dealer's retail accounts.

   IDPC Rule 1201 defines a material conflict of interest as one that a reasonable client would expect to know about, or that could reasonably be expected to affect the decisions of a reasonable client. The test is objective; it focuses on the perspective of the reasonable client, not on monetary thresholds relative to the dealer's capital or the number of accounts affected. Conflicts that are purely internal administrative matters and would not affect client decisions are not material under this definition.

4. 4

   A registrant's dealer is subject to IDPC Rule 1406 ('most stringent prevails'). A provincial securities regulator publishes a rule requiring a shorter complaint resolution timeline than the timeline specified in IDPC Rule 3700. Which timeline applies?

   Outcome 9.1 · click for answer

   A.The IDPC Rule 3700 timeline applies because CIRO rules supersede provincial rules for its members.

   B.Both timelines apply simultaneously, requiring dual reporting to CIRO and the provincial regulator.

   C.The dealer may choose either timeline at its discretion.

   D.The provincial rule applies because it is more stringent, and IDPC Rule 1406 requires compliance with whichever requirement is most stringent.Correct

   IDPC Rule 1406 establishes that where a provincial or territorial requirement is more stringent than the corresponding CIRO requirement, the member must comply with the more stringent standard. CIRO rules set a floor, not a ceiling. If a provincial regulator mandates a shorter complaint resolution period, the dealer must meet that shorter deadline. There is no discretion to choose the less stringent standard, and the rule does not require dual reporting; it simply requires compliance with whichever standard is higher.

5. 5

   Under IDPC Rule 1201, which Approved Person is the most senior officer of a CIRO dealer member responsible for the firm's overall compliance with CIRO requirements, and how many such persons may a dealer member have?

   Outcome 9.1 · click for answer

   A.The Chief Financial Officer (CFO); one per firm.

   B.The UDP and CCO are co-equal and there must be one of each per branch, not per firm.

   C.The Ultimate Designated Person (UDP); each dealer member must have exactly one UDP, who is personally accountable for the firm's overall compliance culture.Correct

   D.The Chief Compliance Officer (CCO); a firm may have multiple CCOs across branches.

   IDPC Rule 1201 defines the Ultimate Designated Person as the most senior officer responsible for the Dealer Member's overall compliance with CIRO requirements. There must be exactly one UDP per Dealer Member; the UDP role is firm-wide, not branch-level. The CCO is a separate Approved Person responsible for the day-to-day compliance function, reporting to the UDP. While a firm may have multiple CCOs in practice (e.g., for different business lines), the UDP is singular. The CFO has financial reporting obligations but is not the designated compliance officer.

6. 6

   Under IDPC Rule 1403, a CIRO dealer member is held responsible for the unauthorized trading activity of one of its RRs. The RR acted without client instruction and the dealer member claims it was unaware of the activity. Which principle best explains the dealer's liability?

   Outcome 9.1 · click for answer

   A.Under IDPC Rule 1403, dealer members bear vicarious responsibility for all acts and omissions of their employees, partners, directors, and officers; lack of knowledge of the specific act does not eliminate the firm's liability.Correct

   B.The dealer is not liable because the RR acted without authorization.

   C.Vicarious liability in securities regulation only applies to intentional misconduct, not unauthorized trading errors.

   D.The dealer is only liable if CIRO can prove the firm directed the unauthorized trading.

   IDPC Rule 1403(1) imposes vicarious responsibility on dealer members for all acts and omissions of their employees, partners, directors, and officers. This is not limited to authorized or known conduct; the firm is responsible for the full scope of its personnel's activities in the course of their duties. A dealer cannot avoid liability simply by claiming ignorance of an RR's unauthorized trading. The rationale is that firms are in the best position to supervise their staff and should bear the consequences when that supervision fails. Both the firm and the individual RR can face enforcement simultaneously.

7. 7

   Under IDPC Rule 1404, a dealer member is required to establish and maintain two separate sets of written policies and procedures. What is the purpose of each set?

   Outcome 9.1 · click for answer

   A.One set filed with CIRO and one set kept confidentially at the firm.

   B.One set for retail clients and one for institutional clients.

   C.One set for front-office staff and one for back-office staff.

   D.One set governing the firm's business activities (including conduct, compliance with rules, and ethical standards), and a second set establishing a control and supervision system that provides reasonable assurance of compliance with CIRO requirements and applicable securities laws.Correct

   IDPC Rule 1404(1) requires two distinct sets of written policies and procedures: the first governs the dealer member's business activities and embeds the conduct and ethical standards required by CIRO and securities law; the second is the control and supervision system; the firm's internal compliance monitoring and supervisory framework designed to provide reasonable assurance that all staff are following the rules. Both sets must be maintained and applied on an ongoing basis, not drafted once and filed. This dual-framework structure reflects the distinction between substantive rules (what to do) and the control system (how to verify it is being done).

8. 8

   Under IDPC Rule 1407, a dealer member must provide training to its Approved Persons on six mandatory topics. Which of the following correctly lists those six topics?

   Outcome 9.1 · click for answer

   A.Product due diligence, suitability, margin requirements, derivative strategies, market integrity, and insider trading.

   B.Conflicts of interest, KYC, account appropriateness, product due diligence, KYP, and suitability determination.Correct

   C.Conflicts of interest, account opening, trade execution, settlement, complaint handling, and recordkeeping.

   D.AML/ATF, KYC, suitability, cybersecurity, complaint handling, and ethics.

   IDPC Rule 1407(1) explicitly names six mandatory training topics: (1) conflicts of interest, (2) know-your-client (KYC), (3) account appropriateness, (4) product due diligence, (5) know-your-product (KYP), and (6) suitability determination. These six mirror the key pillars of the client relationship model. The firm must train Approved Persons on all six on an ongoing basis; not merely at hire. AML training, cybersecurity, and complaint handling are important but are not among the six specifically mandated topics in Rule 1407(1).

9. 9

   Under IDPC Rule 1406, a CIRO rule requires a dealer member to provide a 90-day notice period before changing a fee schedule, but a provincial securities law requires only 30 days' notice. Which standard governs?

   Outcome 9.1 · click for answer

   A.The provincial law governs only in that province; the CIRO rule governs in all other provinces.

   B.The dealer member may choose whichever standard is more commercially convenient.

   C.The CIRO rule governs because IDPC Rule 1406 requires compliance with the most stringent applicable standard; the 90-day CIRO requirement is stricter than the 30-day provincial standard.Correct

   D.The provincial law governs because it is enacted legislation, which takes precedence over SRO rules.

   IDPC Rule 1406(2) requires Dealer Members to comply with the most stringent applicable standard when CIRO requirements, securities laws, and other laws conflict or provide different levels of protection. The CIRO 90-day notice period is stricter than the provincial 30-day requirement, so the CIRO standard governs. A Dealer Member cannot rely on a less stringent provincial rule to avoid a stricter CIRO obligation. This 'most stringent prevails' principle protects clients by ensuring the highest available standard of conduct applies regardless of which body sets it.

10. 10

    A CIRO dealer appoints both an Ultimate Designated Person (UDP) and a Chief Compliance Officer (CCO). Under IDPC rules, which function is exclusively assigned to the UDP and cannot be delegated to the CCO?

    Outcome 9.1 · click for answer

    A.Conducting annual compliance examinations of registered representatives.

    B.Reviewing and approving the dealer's written compliance policies under Rule 1404.

    C.Fostering a culture of compliance within the firm and escalating material compliance issues to the board of directors or equivalent governing body.Correct

    D.Filing net capital reports with CIRO.

    Under IDPC rules, the UDP is the most senior officer of the dealer who is accountable for the firm's overall compliance culture. The UDP's unique function is to take reasonable steps to foster a culture of compliance and to escalate material compliance issues to the board or equivalent governing body. The CCO is responsible for the day-to-day compliance program, including reviewing policies, conducting examinations, and filing regulatory reports. Culture and board escalation accountability rest specifically with the UDP; these cannot be effectively discharged by the CCO alone.

FAQ

Why does Element 9 have such a high fail rate?

Candidates spend study time on products and regulation. Ethics feels intuitive on a first read. The exam catches them on the specifics: the disclosure timing rules under CIRO IDPC Rule 1400, the difference between a suitability obligation and a fiduciary duty, what counts as a personal financial dealing under NI 31-103 §13.5. The fail rate drops sharply for candidates who treat Element 9 as memorization, not common sense.

How do I study Element 9 efficiently?

Read the CIRO IDPC Rule 1400 series and NI 31-103 §13.4 (OBA disclosure) and §13.5 (personal financial dealing) directly. Then drill 30-50 questions on the element. Score each by the specific outcome (9.1, 9.2, etc.) so you know which sub-topic still trips you up.

Is ethics really 10 percent of the CIRE?

Element 9 is one of the larger elements on the CIRE blueprint by question count. Exact weights are not published as fixed percentages by CIRO. Our internal estimate is 14-16 percent of the live exam, based on the blueprint outcome density.

What is the difference between suitability and fiduciary duty?

Suitability is a regulatory obligation under CIRO Rule 3402: the recommendation must be suitable given the client's KYC profile. Fiduciary duty is a common-law standard requiring you to put the client's interest above your own. CIRO registrants generally owe a suitability obligation. A fiduciary duty arises in specific relationships (managed accounts under discretionary authority, certain trustee roles). Confusing these is a frequent wrong answer.

Can I get more questions like these?

Yes. Ciroexam includes 144 published questions on Element 9 alone, plus the AI tutor on every wrong answer. Take the free 25-question diagnostic first to see your element-level scores, then drill the elements you score below 70 on.

Related practice

• CIRE practice questions: derivatives (Element 8)

  10 free questions

• CIRE practice questions: fixed income

  10 free questions