CAMS: Building an Anti-Financial Crime Compliance Program

Use this page to isolate Building an Anti-Financial Crime Compliance Program before returning to mixed CAMS practice.

Topic snapshot

Sample questions

These questions are original Finance Prep practice items aligned to this topic area. They are designed for self-assessment and are not official exam questions.

Question 1

Topic: Building an Anti-Financial Crime Compliance Program

An AFC investigator reviews a transaction-monitoring alert for a small import business. Over two weeks, the customer received wires from unrelated individuals in several countries and sent most of the funds the same day to a newly added offshore supplier. The customer provides generic invoices that do not match its stated business and gives no credible explanation for the individuals. What is the BEST action?

• A. Ask the relationship manager to warn the customer that a report may be filed unless better invoices are provided.
• B. Close the alert with detailed internal notes because no underlying criminal offense has been proven.
• C. Escalate for suspicious activity or transaction reporting under the firm’s procedures and document the facts supporting the decision.
• D. Continue monitoring until the pattern repeats in a future review period before considering a report.

Best answer: C

What this tests: Building an Anti-Financial Crime Compliance Program

Explanation: Internal investigation documentation records what was reviewed, the evidence obtained, the analysis performed, and the rationale for the outcome. It is not a substitute for suspicious activity or suspicious transaction reporting when suspicion remains after reasonable inquiry. In this scenario, unrelated incoming wires, rapid onward transfers, a new offshore supplier, mismatched invoices, and no credible customer explanation create unresolved suspicion. The best action is to follow the institution’s escalation and reporting process, typically through the designated AML/AFC reporting function, and preserve the investigation record supporting the decision.

• Closing the alert because a crime is not proven sets the bar too high; reporting is based on suspicion, not proof.
• Waiting for repetition may delay required escalation when the current facts already support suspicion.
• Warning the customer creates tipping-off risk and can compromise an investigation or report.

Unresolved indicators of suspicious activity require reporting escalation, while the investigation file supports but does not replace that process.

Question 2

Topic: Building an Anti-Financial Crime Compliance Program

A bank’s enterprise risk assessment rates a new remote-onboarding corporate payments product as high risk because customers may have complex ownership, non-face-to-face onboarding, and cross-border payments to higher-risk jurisdictions. The current CDD checklist is the same as for low-risk domestic corporates, and transaction monitoring uses legacy domestic payroll scenarios. Which action is the best way to align the control framework to the assessed risk?

• A. Apply additional annual compliance training to relationship managers without changing CDD or monitoring controls.
• B. Reject all customers using the product from higher-risk jurisdictions to eliminate the assessed risk.
• C. Enhance onboarding due diligence for ownership and source-of-funds risk, implement targeted cross-border monitoring scenarios, and test control outcomes against the identified risks.
• D. Keep the existing CDD and monitoring controls until suspicious activity is confirmed through customer transactions.

Best answer: C

What this tests: Building an Anti-Financial Crime Compliance Program

Explanation: A risk-based AFC program should translate assessed risk into proportionate controls. Here, the product’s risk comes from complex ownership, remote onboarding, and cross-border payments involving higher-risk jurisdictions. The best response is not merely to acknowledge the risk, but to design and implement controls that address those risk drivers, such as enhanced beneficial ownership and source-of-funds review, plus monitoring scenarios suited to cross-border payment behavior. Monitoring should then be tested and reviewed to confirm the controls are working as intended and adjusted when results show gaps or excessive false positives. This connects risk assessment, control design, operational implementation, and ongoing effectiveness monitoring.

• Waiting for confirmed suspicious activity is reactive and leaves known high-risk features insufficiently controlled.
• Blanket rejection of higher-risk jurisdictions may be inappropriate de-risking rather than a risk-based control response.
• Training can support implementation, but it does not replace changes to CDD standards or transaction monitoring design.

This links control design, implementation, and monitoring directly to the specific inherent risks identified in the assessment.

Question 3

Topic: Building an Anti-Financial Crime Compliance Program

During an AML investigation, an analyst links several alerts to a customer whose transactions are inconsistent with the stated business, involve rapid movement through unrelated accounts, and are not explained by documentation obtained. The investigator concludes there is a reasonable basis to suspect money laundering under the institution’s policy. Which escalation path best matches these facts? Select ONE.

• A. Send the case to the front office for routine customer relationship management follow-up.
• B. Refer the case to model governance for transaction monitoring scenario tuning only.
• C. Escalate to the MLRO, nominated officer, or equivalent for a suspicious activity or transaction reporting decision and FIU filing process.
• D. Defer the case to the next periodic KYC refresh without a reporting escalation.

Best answer: C

What this tests: Building an Anti-Financial Crime Compliance Program

Explanation: When an investigation establishes a reasonable basis to suspect money laundering, the appropriate escalation is through the institution’s designated suspicious activity or transaction reporting process. In many frameworks, that means escalation to the MLRO, nominated officer, or equivalent function to make or approve the reporting decision and proceed with FIU filing according to local requirements. Governance review may be appropriate for control weaknesses or trends, but it does not replace the reporting escalation when suspicion is supported. Routine relationship management or periodic KYC refresh is also insufficient once the investigation has reached a suspicion threshold.

• Model governance may address monitoring performance, but it does not resolve a case where suspicion has been formed.
• Front-office follow-up can create tipping-off concerns and is not the correct reporting escalation.
• Periodic KYC refresh is a lifecycle control, not a substitute for SAR/STR escalation when facts support suspicion.

When investigation facts support suspicion, the case should move through the institution’s formal SAR/STR escalation and reporting process.

Question 4

Topic: Building an Anti-Financial Crime Compliance Program

A bank’s AFC steering committee reviews a quarterly pack showing changes in enterprise financial-crime risk, overdue control remediation, staff training completion and test scores, alert quality results, and suspicious-reporting trends. It uses the pack to challenge management and reprioritize resources. Which concept is best described?

• A. Independent audit of the AFC program
• B. Customer due diligence at onboarding
• C. Management information for program effectiveness oversight
• D. Transaction monitoring scenario tuning

Best answer: C

What this tests: Building an Anti-Financial Crime Compliance Program

Explanation: An effective AFC program is not judged by one control in isolation. Governance bodies need management information that connects the risk assessment, control performance, training outcomes, monitoring quality, issue remediation, and reporting trends. This allows senior management or a committee to challenge results, identify gaps, allocate resources, and track whether remediation improves the program. In the scenario, the quarterly pack is being used for oversight and decision-making across multiple program pillars, so it best maps to management information for program effectiveness oversight.

• Customer due diligence focuses on identifying and understanding customers, not oversight of the whole AFC program.
• Transaction monitoring scenario tuning is narrower; it adjusts detection rules or thresholds rather than reviewing multiple program pillars.
• Independent audit provides periodic assurance, but the scenario describes ongoing governance review by a steering committee.

The dashboard links risk, controls, training, monitoring, and reporting so governance can assess effectiveness and direct remediation.

Question 5

Topic: Building an Anti-Financial Crime Compliance Program

A bank is considering onboarding a payment intermediary that will collect funds and pay commissions to sales agents. KYC notes show the agents operate in several high-corruption jurisdictions, one beneficial owner is a close associate of a senior public official, and the applicant refuses to identify the agents, citing confidentiality. What is the BEST action?

• A. Pause onboarding and escalate for enhanced due diligence on the intermediary, beneficial owner, and third-party agents before any risk acceptance decision.
• B. Approve onboarding with lower transaction limits and review the first 90 days of activity for unusual payments.
• C. Open the account but prohibit payments to jurisdictions rated high risk by the bank’s country risk model.
• D. File an internal suspicious activity referral and continue onboarding while the investigation is pending.

Best answer: A

What this tests: Building an Anti-Financial Crime Compliance Program

Explanation: High-risk third-party relationships require risk-based escalation before the institution accepts the customer or processes activity. Here, the intermediary’s undisclosed agents, exposure to high-corruption jurisdictions, and beneficial owner’s proximity to a senior public official create heightened bribery, corruption, and money laundering risk. The best action is to pause onboarding and conduct enhanced due diligence, including understanding the role and identity of third-party agents, beneficial ownership, expected payment flows, adverse media, and the basis for any senior management risk acceptance. Monitoring after approval is not a substitute for resolving material KYC and third-party risk concerns at onboarding.

• Lower transaction limits do not cure the lack of transparency over third-party agents.
• Blocking only high-risk jurisdictions is too narrow because the unresolved risks include beneficial ownership, PEP proximity, and agent opacity.
• Continuing onboarding during an unresolved suspicious activity review can allow activity before the bank has made an informed risk decision.

The combination of opaque third parties, high-corruption jurisdictions, and PEP proximity requires escalation and EDD before onboarding.

Question 6

Topic: Building an Anti-Financial Crime Compliance Program

A bank’s AFC governance committee must decide whether transaction monitoring controls remain effective after a rapid expansion in correspondent banking. In the last quarter, payment volume increased 40%, exposure to higher-risk jurisdictions increased, and the investigation backlog exceeded the bank’s internal service-level target. Which reporting information is BEST to add to the committee pack?

• A. Trend metrics showing alert volumes, backlog aging, SLA breaches, and suspicious-report conversion by correspondent banking risk segment
• B. A first-line statement that the correspondent banking expansion met revenue targets
• C. The total number of suspicious reports filed compared with the prior quarter
• D. A list of all open alert narratives so committee members can reperform investigator decisions

Best answer: A

What this tests: Building an Anti-Financial Crime Compliance Program

Explanation: Governance reporting should help senior committees make risk-based decisions, not simply provide raw operational detail or business performance updates. In this scenario, the key decision is whether monitoring controls are still effective given higher payment volume, higher-risk jurisdiction exposure, and missed investigation service levels. The best reporting connects risk exposure with control outcomes: alert trends, backlog aging, SLA breaches, and suspicious-report conversion by relevant risk segment. This allows the committee to assess whether controls, staffing, thresholds, or escalation processes require adjustment.

• Reperforming investigator decisions is too granular for governance and does not provide an aggregated view of control effectiveness.
• Suspicious-report totals alone are incomplete because they do not show workload, aging, missed targets, or risk-segment impact.
• Revenue performance may matter to the business, but it does not evidence AFC control effectiveness.

These metrics connect changing inherent risk to control performance and allow governance to assess effectiveness, capacity, and remediation needs.

Question 7

Topic: Building an Anti-Financial Crime Compliance Program

An AFC team is refreshing its enterprise risk assessment. One data extract groups the institution’s portfolio by customer segment and attributes: politically exposed persons, nonresident customers, cash-intensive businesses, complex legal entity ownership, and nonprofit organizations operating in higher-risk areas. Which enterprise risk assessment input does this description best represent?

• A. Jurisdictional risk factors
• B. Product and service risk factors
• C. Customer risk factors
• D. Delivery-channel risk factors

Best answer: C

What this tests: Building an Anti-Financial Crime Compliance Program

Explanation: An enterprise AFC risk assessment uses multiple input categories to identify inherent risk, including customers, products and services, delivery channels, jurisdictions, and relevant financial-crime typologies. The described extract focuses on customer segments and customer attributes, such as PEP status, residency, business type, legal entity complexity, and nonprofit activity. Although some attributes may include jurisdictional elements, the organizing principle is the customer profile, making it a customer risk input rather than a product, channel, or standalone country-risk input.

• Product and service risk factors would focus on offerings such as private banking, trade finance, prepaid cards, or virtual asset services.
• Delivery-channel risk factors would focus on how customers access services, such as non-face-to-face onboarding or intermediaries.
• Jurisdictional risk factors would focus on country or geographic exposure rather than customer segments and attributes.

The extract primarily categorizes who the institution serves and the risk characteristics of those customers.

Question 8

Topic: Building an Anti-Financial Crime Compliance Program

A bank completed CDD when onboarding a trading company. Six months later, transaction monitoring shows frequent payments to new counterparties in a higher-risk jurisdiction that are inconsistent with the customer’s stated business model. The AFC team refreshes KYC information, reassesses the customer risk rating, and considers whether EDD or exit is needed. Which customer lifecycle control does this best describe?

• A. Initial customer due diligence
• B. Customer offboarding
• C. Event-driven customer review
• D. Scheduled periodic review

Best answer: C

What this tests: Building an Anti-Financial Crime Compliance Program

Explanation: Customer lifecycle controls continue after onboarding. When monitoring identifies activity inconsistent with the customer’s expected profile, the institution should reassess the relationship using a risk-based approach. An event-driven review is initiated by a trigger, such as new high-risk jurisdictions, changed ownership, unusual transaction patterns, adverse media, or a sanctions concern. It may lead to refreshed KYC, a revised risk rating, EDD, enhanced monitoring, reporting consideration, or offboarding if the risk cannot be managed. In this scenario, the key feature is that the review is caused by a post-onboarding change in activity, not by the original onboarding process or a routine calendar-based review.

• Initial customer due diligence occurs at onboarding, before or at the start of the relationship.
• Scheduled periodic review is time-based; this review is triggered by new activity and risk indicators.
• Customer offboarding may be an outcome, but the described control is the review and reassessment process.

The control is triggered by a material change in behavior or risk profile after onboarding, rather than by a fixed review cycle.

Question 9

Topic: Building an Anti-Financial Crime Compliance Program

A corporate customer was onboarded as medium risk. Six months later, it adds an offshore beneficial owner, begins sending funds to a higher-risk jurisdiction, and is linked in adverse media to possible corruption. Which due-diligence response best matches this change?

• A. Treat the change only as a transaction-monitoring alert tuning issue.
• B. Automatically exit the relationship before collecting updated customer information.
• C. Conduct a trigger-based CDD refresh, apply EDD as appropriate, and reassess the customer risk rating.
• D. Wait until the next scheduled periodic review because onboarding CDD was already completed.

Best answer: C

What this tests: Building an Anti-Financial Crime Compliance Program

Explanation: Customer due diligence is not a one-time onboarding activity. When material risk factors increase after onboarding—such as new beneficial ownership, exposure to higher-risk jurisdictions, or credible adverse media—the firm should perform an event- or trigger-based refresh. That refresh updates KYC/CDD information, assesses whether enhanced due diligence is needed, and recalibrates the customer risk rating and controls. The activity may also support investigation or suspicious activity reporting if facts indicate suspicion, but the due-diligence response is to reassess and update the customer profile rather than wait for a scheduled review or automatically terminate the relationship.

• Waiting for the scheduled review ignores a material trigger event that may change the customer’s risk profile.
• Treating the issue only as monitoring tuning misses the need to update KYC/CDD and beneficial ownership information.
• Automatic exit is not the first due-diligence response; risk-based review and escalation should occur before any offboarding decision.

Material post-onboarding risk changes should trigger updated due diligence, possible EDD, and a revised risk assessment.

Question 10

Topic: Building an Anti-Financial Crime Compliance Program

A bank wants business units, operations, and compliance testing teams to apply the same AFC risk appetite when making onboarding, monitoring, and escalation decisions. Which communication approach best supports that goal?

• A. Cascade the statement into plain-language scenarios, control expectations, KRIs, and escalation points.
• B. Circulate only the approved statement and require each function to define its own interpretation.
• C. Convert the statement into a blanket prohibition on all customers or products with elevated AFC risk.
• D. Communicate only closed investigation summaries to AFC analysts after monitoring alerts are resolved.

Best answer: A

What this tests: Building an Anti-Financial Crime Compliance Program

Explanation: An AFC risk appetite statement is most useful when it is communicated in operational terms. Business and control functions need to understand what the appetite means for real decisions, such as accepting a higher-risk customer, applying enhanced due diligence, escalating unusual activity, or limiting product access. Cascading the statement into plain-language examples, expected controls, key risk indicators, and escalation points helps create a shared interpretation across the first and second lines. This supports a risk-based approach without turning the appetite into either vague governance language or blanket de-risking.

• Circulating only the approved statement leaves room for inconsistent local interpretations.
• A blanket prohibition confuses risk appetite with de-risking and may be inconsistent with a risk-based approach.
• Closed investigation summaries may support learning, but they do not communicate enterprise risk appetite for day-to-day decisions.

This translates the approved appetite into practical decision guidance that both business and control functions can apply consistently.

Continue with full practice

Use the CAMS Practice Test page for the full Finance Prep practice bank, mixed-topic practice, timed mock exams, and explanations.

Related focused pages

• Free CAMS Full-Length Practice Exam
• CAMS: Understanding the Risks and Methods of Financial Crime
• CAMS: Global AFC Frameworks, Governance, and Regulations
• CAMS: Tools and Technologies to Fight Financial Crime

Free review resource

Use the full Finance Prep practice page above for the latest review links and practice page.