RCC Cheat Sheet 2026

The 30 highest-yield RCC facts, distilled from real exam questions. Print it, save it as a PDF, or study it here β€” free, no sign-up.

115 questions
120 min time limit
70.00% to pass
  1. Which regulation requires public companies to establish internal controls for financial reporting? β†’ SOX
  2. Which U.S. federal law prohibits American companies and their agents from bribing foreign government officials to obtain or retain business? β†’ The Foreign Corrupt Practices Act (FCPA)
  3. When a compliance officer uses a 'heat map' during monitoring activities, they are primarily: β†’ Visually representing the likelihood and impact of compliance risks
  4. An organization's 'acceptable use policy' for information systems PRIMARILY serves to: β†’ Establish rules for appropriate use of company technology and data resources
  5. What is the MAIN purpose of a compliance awareness campaign? β†’ To reinforce compliance values and keep obligations top-of-mind across the organization
  6. Which element is MOST critical when communicating a new regulatory requirement to business units? β†’ Explaining the practical business impact and required actions clearly and concisely
  7. The concept of 'compliance fatigue' describes: β†’ Employee disengagement caused by excessive or repetitive compliance communications
  8. What is a 'compliance dashboard' MOST commonly used for? β†’ Providing real-time or periodic visibility into key compliance metrics
  9. Which activity is crucial for effective internal control evaluation? β†’ Internal auditing
  10. Which document typically outlines a company’s risk tolerance? β†’ Risk management policy
  11. Why is documentation important during a compliance investigation? β†’ To support findings and protect against liability
  12. Why is it important to regularly monitor internal controls? β†’ To confirm effectiveness and adapt to changes
  13. Under the FCPA, which of the following is NOT considered a 'foreign official'? β†’ A private sector executive with no government role
  14. What does 'data minimization' mean in a privacy compliance context? β†’ Collecting only the personal data necessary for the specified purpose
  15. Under the California Consumer Privacy Act (CCPA), consumers have the right to: β†’ Know what personal information is collected about them and request its deletion
  16. Under U.S. enforcement trends, which whistleblower program specifically incentivizes individuals to report FCPA violations to the SEC? β†’ The SEC Whistleblower Program established under Dodd-Frank Section 922
  17. Which of the following is an example of 'middle management pressure' as a root cause of compliance failures? β†’ A manager ignoring safety rules because meeting productivity targets earns bonuses
  18. What is the main objective of risk management in a compliance program? β†’ Prevent noncompliance and legal exposure
  19. Which of the following is a key function of the Securities and Exchange Commission (SEC)? β†’ Regulate financial disclosures by public companies
  20. Which governance document MOST directly establishes the duties and powers of a corporation's board of directors? β†’ The corporate charter and bylaws
  21. In the context of US securities law, 'material non-public information' (MNPI) is significant because: β†’ Trading on MNPI constitutes insider trading, which is illegal under SEC Rule 10b-5
  22. Which regulatory guidance document addresses vendor management obligations for US financial institutions? β†’ OCC Bulletin 2013-29 on Third-Party Relationships
  23. Which of the following BEST describes a 'continuous monitoring' approach to compliance? β†’ Using automated tools to flag exceptions in real time
  24. Which ethical principle is most important when handling confidential reports? β†’ Confidentiality
  25. Speak-up culture in an organization is BEST supported by: β†’ Ensuring employees know how to report concerns and feel protected from retaliation
  26. Which technique involves systematically reviewing a representative portion of transactions to assess compliance? β†’ Sampling
  27. What is a key component of a risk assessment? β†’ Severity and likelihood of risk
  28. A 'compliance newsletter' distributed to employees PRIMARILY serves to: β†’ Reinforce awareness of compliance topics, recent changes, and success stories
  29. What is the primary purpose of the Foreign Corrupt Practices Act (FCPA)? β†’ Prohibit bribery of foreign officials
  30. Why is ethical leadership important in compliance? β†’ To reinforce ethical behavior organization-wide