Free CAMS Practice Questions: Building an Anti-Financial Crime Compliance Program
Practice 10 free CAMS sample exam questions on Building an Anti-Financial Crime Compliance Program, with answers, explanations, practice tests, topic drills, and the Finance Prep next step.
Use this focused CAMS page as a short practice test for Building an Anti-Financial Crime Compliance Program. The items are original Finance Prep sample exam questions built for scenario-based practice, not trivia, puzzle questions, official ACAMS questions, copied live-exam content, or exam dumps.
Topic snapshot
| Field | Detail |
|---|---|
| Exam route | CAMS |
| Issuer | ACAMS |
| Topic area | Building an Anti-Financial Crime Compliance Program |
| Blueprint weight | 30% |
| Page purpose | Focused sample questions before returning to mixed practice |
How to use this topic drill
Use this page to isolate Building an Anti-Financial Crime Compliance Program for CAMS. Work through the 10 questions first, then review the explanations and return to mixed practice in Finance Prep.
| Pass | What to do | What to record |
|---|---|---|
| First attempt | Answer without checking the explanation first. | The fact, rule, calculation, or judgment point that controlled your answer. |
| Review | Read the explanation even when you were correct. | Why the best answer is stronger than the closest distractor. |
| Repair | Repeat only missed or uncertain items after a short break. | The pattern behind misses, not the answer letter. |
| Transfer | Return to mixed practice once the topic feels stable. | Whether the same skill holds up when the topic is no longer obvious. |
Blueprint context: 30% of the practice outline. A focused topic score can overstate readiness if you recognize the pattern too quickly, so use it as repair work before timed mixed sets.
Sample questions
These are original Finance Prep practice questions aligned to this topic area. They are not official ACAMS CAMS questions, copied live-exam content, or exam dumps. Use them to preview question style and explanation depth before continuing with topic drills, mixed sets, and timed mock exams in Finance Prep.
Question 1
Topic: Building an Anti-Financial Crime Compliance Program
An AFC investigator reviews a transaction-monitoring alert for a small import business. Over two weeks, the customer received wires from unrelated individuals in several countries and sent most of the funds the same day to a newly added offshore supplier. The customer provides generic invoices that do not match its stated business and gives no credible explanation for the individuals. What is the BEST action?
- A. Ask the relationship manager to warn the customer that a report may be filed unless better invoices are provided.
- B. Close the alert with detailed internal notes because no underlying criminal offense has been proven.
- C. Escalate for suspicious activity or transaction reporting under the firm’s procedures and document the facts supporting the decision.
- D. Continue monitoring until the pattern repeats in a future review period before considering a report.
Best answer: C
What this tests: Building an Anti-Financial Crime Compliance Program
Explanation: Internal investigation documentation records what was reviewed, the evidence obtained, the analysis performed, and the rationale for the outcome. It is not a substitute for suspicious activity or suspicious transaction reporting when suspicion remains after reasonable inquiry. In this scenario, unrelated incoming wires, rapid onward transfers, a new offshore supplier, mismatched invoices, and no credible customer explanation create unresolved suspicion. The best action is to follow the institution’s escalation and reporting process, typically through the designated AML/AFC reporting function, and preserve the investigation record supporting the decision.
- Closing the alert because a crime is not proven sets the bar too high; reporting is based on suspicion, not proof.
- Waiting for repetition may delay required escalation when the current facts already support suspicion.
- Warning the customer creates tipping-off risk and can compromise an investigation or report.
Unresolved indicators of suspicious activity require reporting escalation, while the investigation file supports but does not replace that process.
Question 2
Topic: Building an Anti-Financial Crime Compliance Program
A bank’s enterprise risk assessment rates a new remote-onboarding corporate payments product as high risk because customers may have complex ownership, non-face-to-face onboarding, and cross-border payments to higher-risk jurisdictions. The current CDD checklist is the same as for low-risk domestic corporates, and transaction monitoring uses legacy domestic payroll scenarios. Which action is the best way to align the control framework to the assessed risk?
- A. Apply additional annual compliance training to relationship managers without changing CDD or monitoring controls.
- B. Reject all customers using the product from higher-risk jurisdictions to eliminate the assessed risk.
- C. Enhance onboarding due diligence for ownership and source-of-funds risk, implement targeted cross-border monitoring scenarios, and test control outcomes against the identified risks.
- D. Keep the existing CDD and monitoring controls until suspicious activity is confirmed through customer transactions.
Best answer: C
What this tests: Building an Anti-Financial Crime Compliance Program
Explanation: A risk-based AFC program should translate assessed risk into proportionate controls. Here, the product’s risk comes from complex ownership, remote onboarding, and cross-border payments involving higher-risk jurisdictions. The best response is not merely to acknowledge the risk, but to design and implement controls that address those risk drivers, such as enhanced beneficial ownership and source-of-funds review, plus monitoring scenarios suited to cross-border payment behavior. Monitoring should then be tested and reviewed to confirm the controls are working as intended and adjusted when results show gaps or excessive false positives. This connects risk assessment, control design, operational implementation, and ongoing effectiveness monitoring.
- Waiting for confirmed suspicious activity is reactive and leaves known high-risk features insufficiently controlled.
- Blanket rejection of higher-risk jurisdictions may be inappropriate de-risking rather than a risk-based control response.
- Training can support implementation, but it does not replace changes to CDD standards or transaction monitoring design.
This links control design, implementation, and monitoring directly to the specific inherent risks identified in the assessment.
Question 3
Topic: Building an Anti-Financial Crime Compliance Program
During an AML investigation, an analyst links several alerts to a customer whose transactions are inconsistent with the stated business, involve rapid movement through unrelated accounts, and are not explained by documentation obtained. The investigator concludes there is a reasonable basis to suspect money laundering under the institution’s policy. Which escalation path best matches these facts? Select ONE.
- A. Send the case to the front office for routine customer relationship management follow-up.
- B. Refer the case to model governance for transaction monitoring scenario tuning only.
- C. Escalate to the MLRO, nominated officer, or equivalent for a suspicious activity or transaction reporting decision and FIU filing process.
- D. Defer the case to the next periodic KYC refresh without a reporting escalation.
Best answer: C
What this tests: Building an Anti-Financial Crime Compliance Program
Explanation: When an investigation establishes a reasonable basis to suspect money laundering, the appropriate escalation is through the institution’s designated suspicious activity or transaction reporting process. In many frameworks, that means escalation to the MLRO, nominated officer, or equivalent function to make or approve the reporting decision and proceed with FIU filing according to local requirements. Governance review may be appropriate for control weaknesses or trends, but it does not replace the reporting escalation when suspicion is supported. Routine relationship management or periodic KYC refresh is also insufficient once the investigation has reached a suspicion threshold.
- Model governance may address monitoring performance, but it does not resolve a case where suspicion has been formed.
- Front-office follow-up can create tipping-off concerns and is not the correct reporting escalation.
- Periodic KYC refresh is a lifecycle control, not a substitute for SAR/STR escalation when facts support suspicion.
When investigation facts support suspicion, the case should move through the institution’s formal SAR/STR escalation and reporting process.
Question 4
Topic: Building an Anti-Financial Crime Compliance Program
A bank’s AFC steering committee reviews a quarterly pack showing changes in enterprise financial-crime risk, overdue control remediation, staff training completion and test scores, alert quality results, and suspicious-reporting trends. It uses the pack to challenge management and reprioritize resources. Which concept is best described?
- A. Independent audit of the AFC program
- B. Customer due diligence at onboarding
- C. Management information for program effectiveness oversight
- D. Transaction monitoring scenario tuning
Best answer: C
What this tests: Building an Anti-Financial Crime Compliance Program
Explanation: An effective AFC program is not judged by one control in isolation. Governance bodies need management information that connects the risk assessment, control performance, training outcomes, monitoring quality, issue remediation, and reporting trends. This allows senior management or a committee to challenge results, identify gaps, allocate resources, and track whether remediation improves the program. In the scenario, the quarterly pack is being used for oversight and decision-making across multiple program pillars, so it best maps to management information for program effectiveness oversight.
- Customer due diligence focuses on identifying and understanding customers, not oversight of the whole AFC program.
- Transaction monitoring scenario tuning is narrower; it adjusts detection rules or thresholds rather than reviewing multiple program pillars.
- Independent audit provides periodic assurance, but the scenario describes ongoing governance review by a steering committee.
The dashboard links risk, controls, training, monitoring, and reporting so governance can assess effectiveness and direct remediation.
Question 5
Topic: Building an Anti-Financial Crime Compliance Program
A bank is considering onboarding a payment intermediary that will collect funds and pay commissions to sales agents. KYC notes show the agents operate in several high-corruption jurisdictions, one beneficial owner is a close associate of a senior public official, and the applicant refuses to identify the agents, citing confidentiality. What is the BEST action?
- A. Pause onboarding and escalate for enhanced due diligence on the intermediary, beneficial owner, and third-party agents before any risk acceptance decision.
- B. Approve onboarding with lower transaction limits and review the first 90 days of activity for unusual payments.
- C. Open the account but prohibit payments to jurisdictions rated high risk by the bank’s country risk model.
- D. File an internal suspicious activity referral and continue onboarding while the investigation is pending.
Best answer: A
What this tests: Building an Anti-Financial Crime Compliance Program
Explanation: High-risk third-party relationships require risk-based escalation before the institution accepts the customer or processes activity. Here, the intermediary’s undisclosed agents, exposure to high-corruption jurisdictions, and beneficial owner’s proximity to a senior public official create heightened bribery, corruption, and money laundering risk. The best action is to pause onboarding and conduct enhanced due diligence, including understanding the role and identity of third-party agents, beneficial ownership, expected payment flows, adverse media, and the basis for any senior management risk acceptance. Monitoring after approval is not a substitute for resolving material KYC and third-party risk concerns at onboarding.
- Lower transaction limits do not cure the lack of transparency over third-party agents.
- Blocking only high-risk jurisdictions is too narrow because the unresolved risks include beneficial ownership, PEP proximity, and agent opacity.
- Continuing onboarding during an unresolved suspicious activity review can allow activity before the bank has made an informed risk decision.
The combination of opaque third parties, high-corruption jurisdictions, and PEP proximity requires escalation and EDD before onboarding.
Question 6
Topic: Building an Anti-Financial Crime Compliance Program
A bank’s AFC governance committee must decide whether transaction monitoring controls remain effective after a rapid expansion in correspondent banking. In the last quarter, payment volume increased 40%, exposure to higher-risk jurisdictions increased, and the investigation backlog exceeded the bank’s internal service-level target. Which reporting information is BEST to add to the committee pack?
- A. Trend metrics showing alert volumes, backlog aging, SLA breaches, and suspicious-report conversion by correspondent banking risk segment
- B. A first-line statement that the correspondent banking expansion met revenue targets
- C. The total number of suspicious reports filed compared with the prior quarter
- D. A list of all open alert narratives so committee members can reperform investigator decisions
Best answer: A
What this tests: Building an Anti-Financial Crime Compliance Program
Explanation: Governance reporting should help senior committees make risk-based decisions, not simply provide raw operational detail or business performance updates. In this scenario, the key decision is whether monitoring controls are still effective given higher payment volume, higher-risk jurisdiction exposure, and missed investigation service levels. The best reporting connects risk exposure with control outcomes: alert trends, backlog aging, SLA breaches, and suspicious-report conversion by relevant risk segment. This allows the committee to assess whether controls, staffing, thresholds, or escalation processes require adjustment.
- Reperforming investigator decisions is too granular for governance and does not provide an aggregated view of control effectiveness.
- Suspicious-report totals alone are incomplete because they do not show workload, aging, missed targets, or risk-segment impact.
- Revenue performance may matter to the business, but it does not evidence AFC control effectiveness.
These metrics connect changing inherent risk to control performance and allow governance to assess effectiveness, capacity, and remediation needs.
Question 7
Topic: Building an Anti-Financial Crime Compliance Program
An AFC team is refreshing its enterprise risk assessment. One data extract groups the institution’s portfolio by customer segment and attributes: politically exposed persons, nonresident customers, cash-intensive businesses, complex legal entity ownership, and nonprofit organizations operating in higher-risk areas. Which enterprise risk assessment input does this description best represent?
- A. Jurisdictional risk factors
- B. Product and service risk factors
- C. Customer risk factors
- D. Delivery-channel risk factors
Best answer: C
What this tests: Building an Anti-Financial Crime Compliance Program
Explanation: An enterprise AFC risk assessment uses multiple input categories to identify inherent risk, including customers, products and services, delivery channels, jurisdictions, and relevant financial-crime typologies. The described extract focuses on customer segments and customer attributes, such as PEP status, residency, business type, legal entity complexity, and nonprofit activity. Although some attributes may include jurisdictional elements, the organizing principle is the customer profile, making it a customer risk input rather than a product, channel, or standalone country-risk input.
- Product and service risk factors would focus on offerings such as private banking, trade finance, prepaid cards, or virtual asset services.
- Delivery-channel risk factors would focus on how customers access services, such as non-face-to-face onboarding or intermediaries.
- Jurisdictional risk factors would focus on country or geographic exposure rather than customer segments and attributes.
The extract primarily categorizes who the institution serves and the risk characteristics of those customers.
Question 8
Topic: Building an Anti-Financial Crime Compliance Program
A bank completed CDD when onboarding a trading company. Six months later, transaction monitoring shows frequent payments to new counterparties in a higher-risk jurisdiction that are inconsistent with the customer’s stated business model. The AFC team refreshes KYC information, reassesses the customer risk rating, and considers whether EDD or exit is needed. Which customer lifecycle control does this best describe?
- A. Initial customer due diligence
- B. Customer offboarding
- C. Event-driven customer review
- D. Scheduled periodic review
Best answer: C
What this tests: Building an Anti-Financial Crime Compliance Program
Explanation: Customer lifecycle controls continue after onboarding. When monitoring identifies activity inconsistent with the customer’s expected profile, the institution should reassess the relationship using a risk-based approach. An event-driven review is initiated by a trigger, such as new high-risk jurisdictions, changed ownership, unusual transaction patterns, adverse media, or a sanctions concern. It may lead to refreshed KYC, a revised risk rating, EDD, enhanced monitoring, reporting consideration, or offboarding if the risk cannot be managed. In this scenario, the key feature is that the review is caused by a post-onboarding change in activity, not by the original onboarding process or a routine calendar-based review.
- Initial customer due diligence occurs at onboarding, before or at the start of the relationship.
- Scheduled periodic review is time-based; this review is triggered by new activity and risk indicators.
- Customer offboarding may be an outcome, but the described control is the review and reassessment process.
The control is triggered by a material change in behavior or risk profile after onboarding, rather than by a fixed review cycle.
Question 9
Topic: Building an Anti-Financial Crime Compliance Program
A corporate customer was onboarded as medium risk. Six months later, it adds an offshore beneficial owner, begins sending funds to a higher-risk jurisdiction, and is linked in adverse media to possible corruption. Which due-diligence response best matches this change?
- A. Treat the change only as a transaction-monitoring alert tuning issue.
- B. Automatically exit the relationship before collecting updated customer information.
- C. Conduct a trigger-based CDD refresh, apply EDD as appropriate, and reassess the customer risk rating.
- D. Wait until the next scheduled periodic review because onboarding CDD was already completed.
Best answer: C
What this tests: Building an Anti-Financial Crime Compliance Program
Explanation: Customer due diligence is not a one-time onboarding activity. When material risk factors increase after onboarding—such as new beneficial ownership, exposure to higher-risk jurisdictions, or credible adverse media—the firm should perform an event- or trigger-based refresh. That refresh updates KYC/CDD information, assesses whether enhanced due diligence is needed, and recalibrates the customer risk rating and controls. The activity may also support investigation or suspicious activity reporting if facts indicate suspicion, but the due-diligence response is to reassess and update the customer profile rather than wait for a scheduled review or automatically terminate the relationship.
- Waiting for the scheduled review ignores a material trigger event that may change the customer’s risk profile.
- Treating the issue only as monitoring tuning misses the need to update KYC/CDD and beneficial ownership information.
- Automatic exit is not the first due-diligence response; risk-based review and escalation should occur before any offboarding decision.
Material post-onboarding risk changes should trigger updated due diligence, possible EDD, and a revised risk assessment.
Question 10
Topic: Building an Anti-Financial Crime Compliance Program
A bank wants business units, operations, and compliance testing teams to apply the same AFC risk appetite when making onboarding, monitoring, and escalation decisions. Which communication approach best supports that goal?
- A. Cascade the statement into plain-language scenarios, control expectations, KRIs, and escalation points.
- B. Circulate only the approved statement and require each function to define its own interpretation.
- C. Convert the statement into a blanket prohibition on all customers or products with elevated AFC risk.
- D. Communicate only closed investigation summaries to AFC analysts after monitoring alerts are resolved.
Best answer: A
What this tests: Building an Anti-Financial Crime Compliance Program
Explanation: An AFC risk appetite statement is most useful when it is communicated in operational terms. Business and control functions need to understand what the appetite means for real decisions, such as accepting a higher-risk customer, applying enhanced due diligence, escalating unusual activity, or limiting product access. Cascading the statement into plain-language examples, expected controls, key risk indicators, and escalation points helps create a shared interpretation across the first and second lines. This supports a risk-based approach without turning the appetite into either vague governance language or blanket de-risking.
- Circulating only the approved statement leaves room for inconsistent local interpretations.
- A blanket prohibition confuses risk appetite with de-risking and may be inconsistent with a risk-based approach.
- Closed investigation summaries may support learning, but they do not communicate enterprise risk appetite for day-to-day decisions.
This translates the approved appetite into practical decision guidance that both business and control functions can apply consistently.
Continue in the web app
Use Finance Prep for interactive CAMS practice with mixed sets, timed mock exams, topic drills, explanations, and progress tracking.
Related focused pages
- Free CAMS Practice Exam
- Free CAMS Practice Questions: Understanding the Risks and Methods of Financial Crime
- Free CAMS Practice Questions: Global AFC Frameworks, Governance, and Regulations
- Free CAMS Practice Questions: Tools and Technologies to Fight Financial Crime
Practice next step
Use the Finance Prep web app above when you want interactive practice beyond this static page.