Try 120 free CAMS questions across the exam domains, with answers and explanations, then continue in Finance Prep.
This free full-length CAMS practice exam includes 120 original Finance Prep questions across the exam domains.
The questions are original Finance Prep practice questions aligned to the exam outline. They are not official exam questions and are not copied from any exam sponsor.
Practice count note: exam sponsors can describe total questions, scored questions, task-based simulations, duration, or unscored/pretest-item rules differently. Always confirm current exam-day rules with the sponsor.
Before you start, skim the ACAMS CAMS Cheat Sheet if you want a compact review of AML typologies, customer due diligence, sanctions screening, suspicious activity, compliance-program controls, and common traps.
| Item | Detail |
|---|---|
| Issuer | ACAMS |
| Exam route | CAMS |
| Official exam name | ACAMS Certified Anti-Money Laundering Specialist (CAMS) |
| Full-length set on this page | 120 questions |
| Exam time | 210 minutes |
| Topic areas represented | 4 |
| Topic | Approximate official weight | Questions used |
|---|---|---|
| Understanding the Risks and Methods of Financial Crime | 30% | 36 |
| Global AFC Frameworks, Governance, and Regulations | 20% | 24 |
| Building an Anti-Financial Crime Compliance Program | 30% | 36 |
| Tools and Technologies to Fight Financial Crime | 20% | 24 |
Topic: Tools and Technologies to Fight Financial Crime
A bank’s financial-crime investigations unit has a growing alert backlog. Each alert already has a risk score, but investigators spend much of their time logging into KYC, payments, screening, and adverse-media systems and manually copying evidence into case notes. Management wants to speed triage while retaining investigator judgment for escalation and reporting. What is the BEST action?
Best answer: A
What this tests: Tools and Technologies to Fight Financial Crime
Explanation: Automation can improve investigation efficiency without replacing the investigator’s responsibility to assess facts, document reasoning, and escalate or report where appropriate. In this scenario, the bottleneck is manual evidence collection and case administration, not the absence of human judgment. A case-management or workflow automation solution can pull KYC, transaction, screening, and adverse-media information into one workspace, prioritize or route alerts based on defined criteria, track tasks, and maintain an audit trail. That supports faster and more consistent triage while keeping final investigative decisions under appropriate human oversight.
This automation directly supports triage, data gathering, case organization, workflow routing, and documented human review.
Topic: Understanding the Risks and Methods of Financial Crime
After an AFC compliance breach, a financial institution receives a formal supervisory finding, a monetary penalty, a mandated remediation plan, and restrictions on opening certain high-risk accounts until deficiencies are corrected. Which institutional impact is primarily illustrated?
Best answer: B
What this tests: Understanding the Risks and Methods of Financial Crime
Explanation: AFC violations can affect an institution in several ways, but the impact type is identified by the facts given. Regulatory impact involves consequences from supervisory or enforcement authorities, such as findings, fines, remediation orders, license conditions, or restrictions on activities. In this scenario, the decisive facts are the formal supervisory finding, monetary penalty, mandated remediation plan, and restrictions on opening certain accounts. Those are regulatory consequences, even though they may also create operational burdens later.
Formal supervisory findings, penalties, mandated remediation, and business restrictions are consequences imposed by regulators.
Topic: Understanding the Risks and Methods of Financial Crime
A VASP receives an inbound transfer from a self-hosted wallet for a newly onboarded customer. Blockchain analytics shows the wallet’s transaction history and no direct sanctions exposure, but the wallet has not been linked to the customer and the customer gives only a vague explanation that the funds came from “trading profits,” inconsistent with the customer’s stated profile. What is the BEST action?
Best answer: C
What this tests: Understanding the Risks and Methods of Financial Crime
Explanation: Blockchain transparency means transactions may be visible and traceable on-chain, but it does not automatically identify who controls a wallet or whether the customer’s source of funds is legitimate. In this scenario, the lack of a sanctions hit reduces one risk but does not resolve the ownership and source-of-funds concerns. The best action is a risk-based due diligence step: verify control of the wallet, request appropriate source-of-funds information, document the review, and escalate if the explanation remains inconsistent or unsupported.
Public blockchain data can show transaction flows, but it does not by itself establish the customer’s ownership of the wallet or legitimate source of funds.
Topic: Building an Anti-Financial Crime Compliance Program
A bank is investigating unusual cross-border wires and has prepared a customer RFI. Before sending it, the bank receives a court order from law enforcement requiring production of records and instructing the bank not to alert the customer. The investigator pauses the RFI, preserves relevant records, and routes the matter to legal and AFC compliance for controlled handling. Which concept best matches this response?
Best answer: D
What this tests: Building an Anti-Financial Crime Compliance Program
Explanation: When a law-enforcement request, subpoena, or court order is received, the institution should not treat the matter as an ordinary customer outreach task. The response may require legal review, confidentiality controls, record preservation, and careful coordination with AFC compliance to avoid tipping off the customer or interfering with an investigation. In this scenario, the planned RFI is paused because the court order specifically requires production of records and instructs the bank not to alert the customer. That fact changes response handling from routine investigation workflow to controlled law-enforcement request handling.
A court order or similar compulsory request can override ordinary RFI handling and requires controlled escalation, confidentiality, and record preservation.
Topic: Global AFC Frameworks, Governance, and Regulations
A bank is reviewing correspondent relationships with small remittance firms serving migrant workers. Rather than exiting the entire sector after elevated AML/CFT risk is identified, the AFC committee recommends customer-by-customer risk assessment, proportionate enhanced due diligence, and monitoring so legitimate users are not unnecessarily excluded from financial services. Which concept is best illustrated?
Best answer: B
What this tests: Global AFC Frameworks, Governance, and Regulations
Explanation: AFC decisions can create broader conduct, ethics, and financial inclusion consequences. A blanket exit from an entire sector may reduce the institution’s exposure, but it can also push legitimate customers toward less transparent channels and undermine access to regulated financial services. A risk-based approach supports proportionate controls: assess each customer’s actual risk, apply EDD where needed, monitor activity, and document the rationale. This does not require keeping every relationship, but it does require avoiding automatic de-risking when targeted controls can manage the risk.
The decision balances AFC risk controls with the potential exclusionary impact of blanket account closures.
Topic: Building an Anti-Financial Crime Compliance Program
A bank plans to outsource first-level transaction-monitoring alert review to a new third-party vendor. The vendor’s analysts will access customer KYC files and recommend alert closures, and the vendor’s ownership information is incomplete. Procurement asks AFC to approve the vendor based only on price and a standard information-security questionnaire. What is the best action before approval?
Best answer: C
What this tests: Building an Anti-Financial Crime Compliance Program
Explanation: Third-party due diligence should match the financial-crime risk created by the relationship. A vendor that can access KYC files and recommend alert closures may affect detection, escalation, confidentiality, and insider-threat controls. Incomplete ownership information also increases risk because the institution cannot fully understand who controls or benefits from the vendor relationship. Before approval, AFC should require risk-based due diligence covering ownership and key personnel screening, competence and control environment, conflicts or insider-threat risks, contractual rights, auditability, and ongoing oversight. Cybersecurity review is important, but it is not a substitute for AFC vendor due diligence.
A vendor with customer-data access and alert-review authority requires AFC-focused due diligence and governance before approval.
Topic: Understanding the Risks and Methods of Financial Crime
A private wealth client is introduced by a law firm. The ownership chart shows a discretionary trust owning a holding company, which owns several non-operating companies. Nominee directors sign documents, and the trust deed gives an undisclosed settlor power to replace trustees. Which beneficial ownership concern does this best illustrate?
Best answer: C
What this tests: Understanding the Risks and Methods of Financial Crime
Explanation: Trusts, shell companies, nominee directors, and layered legal entities can be legitimate, but they are also commonly used to obscure who ultimately owns or controls assets. In this scenario, the concern is not merely that a law firm introduced the client or that directors sign documents. The key issue is that a discretionary trust, non-operating companies, nominee directors, and an undisclosed settlor with control powers make it difficult to identify the natural person exercising ultimate control. This is a beneficial ownership red flag requiring careful CDD or EDD focused on ownership, control, source of wealth, and purpose of the structure.
The structure creates uncertainty about the natural person who ultimately controls the assets or decisions.
Topic: Building an Anti-Financial Crime Compliance Program
A corporate customer was onboarded as medium risk. Six months later, it adds an offshore beneficial owner, begins sending funds to a higher-risk jurisdiction, and is linked in adverse media to possible corruption. Which due-diligence response best matches this change?
Best answer: D
What this tests: Building an Anti-Financial Crime Compliance Program
Explanation: Customer due diligence is not a one-time onboarding activity. When material risk factors increase after onboarding—such as new beneficial ownership, exposure to higher-risk jurisdictions, or credible adverse media—the firm should perform an event- or trigger-based refresh. That refresh updates KYC/CDD information, assesses whether enhanced due diligence is needed, and recalibrates the customer risk rating and controls. The activity may also support investigation or suspicious activity reporting if facts indicate suspicion, but the due-diligence response is to reassess and update the customer profile rather than wait for a scheduled review or automatically terminate the relationship.
Material post-onboarding risk changes should trigger updated due diligence, possible EDD, and a revised risk assessment.
Topic: Tools and Technologies to Fight Financial Crime
A regional bank’s transaction monitoring program relies on broad rules-based thresholds that generate a large backlog of low-quality alerts. The bank has several years of alert dispositions, suspicious activity filings, and customer-risk data, but some source-system fields are inconsistent. Management wants to use AI or machine learning to improve efficiency when moving beyond the current rules. What is the best action?
Best answer: A
What this tests: Tools and Technologies to Fight Financial Crime
Explanation: AI and machine-learning tools can improve AFC efficiency by ranking alerts, identifying complex patterns, and reducing false positives that broad rules often produce. A sound transition should not simply switch off existing controls. The bank should first address data quality, pilot the model, compare outcomes against current rules, document performance, and retain human review for investigation and reporting decisions. This approach improves effectiveness while managing model risk, explainability, governance, and regulatory expectations. The available historical dispositions and filing data are useful for supervised learning, but inconsistent fields make data cleansing and validation essential before broad deployment.
This uses AI/ML to prioritize and improve alert quality while controlling data, validation, and human-review risks during transition.
Topic: Global AFC Frameworks, Governance, and Regulations
An AFC analyst is mapping global AML/CFT governance actors. The description reads: “A regional organization of member jurisdictions promotes FATF Recommendations in its region, conducts peer mutual evaluations, monitors follow-up, and shares regional typologies.” Which concept does this description match?
Best answer: B
What this tests: Global AFC Frameworks, Governance, and Regulations
Explanation: FATF-style regional bodies extend the global FATF framework into specific regions. They help jurisdictions understand and implement FATF standards, conduct or participate in mutual evaluations, monitor progress on deficiencies, and develop regional typologies. Their role is not to receive suspicious transaction reports or investigate cases; it is to support consistent implementation and assessment of AML/CFT and related financial-crime standards across member jurisdictions. The stem’s references to a regional membership structure, peer mutual evaluations, follow-up monitoring, and regional typologies point directly to an FSRB.
FSRBs support regional implementation of FATF standards through peer assessment, follow-up, cooperation, and typologies work.
Topic: Global AFC Frameworks, Governance, and Regulations
A regional bank is refreshing its AML scenarios and staff training. The team wants an external source that describes emerging financial-crime trends, common methods, and practical indicators observed across cases, rather than a source focused on one institution’s deficiencies or a country’s technical compliance. Which report source best matches this goal?
Best answer: B
What this tests: Global AFC Frameworks, Governance, and Regulations
Explanation: When the goal is trend identification, typology awareness, or improving monitoring and training controls, typologies reports are usually the most relevant source. FIUs, FATF, and FATF-style regional bodies publish typologies to explain how financial crime is being conducted, what red flags have been observed, and how institutions can adapt controls. These reports are broader than a single case and more operational than a country-level compliance assessment. Enforcement actions and internal reports can provide useful lessons, but they are narrower and often focused on specific failures or customers rather than broader patterns.
Typologies reports are designed to summarize trends, methods, indicators, and lessons that can inform controls and awareness.
Topic: Tools and Technologies to Fight Financial Crime
A digital bank wants low-risk applicants to complete onboarding with minimal friction, while applicants with higher AFC indicators—such as adverse media, PEP exposure, or inconsistent identity data—must provide additional evidence or receive manual review before account opening. Which onboarding control best matches this approach?
Best answer: D
What this tests: Tools and Technologies to Fight Financial Crime
Explanation: A risk-based digital onboarding control uses initial data, screening, identity checks, and risk scoring to decide how much friction is appropriate before opening the account. Low-risk applicants can proceed through streamlined checks, improving customer experience. Applicants with higher AFC indicators are routed to stronger controls, such as additional document verification, liveness checks, enhanced due diligence, or manual review. This balances customer experience with financial-crime risk because the control intensity is proportionate to the risk presented at onboarding, rather than applying the same burden to all customers or deferring key checks until after account opening.
Step-up controls add friction only when the applicant’s risk indicators justify stronger verification or review.
Topic: Tools and Technologies to Fight Financial Crime
A bank’s real-time payment-screening tool flags an outgoing wire before release. The beneficiary name is a close fuzzy match to an alias on a UN sanctions list, and the beneficiary address includes the same city and country as the listed party. Operations notes that similar names have often been false positives and asks to release the payment to meet the cutoff. What is the BEST action?
Best answer: C
What this tests: Tools and Technologies to Fight Financial Crime
Explanation: When screening identifies a potential sanctions or prohibited-party concern before a transaction is released, the safest risk-based action is to prevent completion until the alert is reviewed by the appropriate sanctions escalation function. Here, the fuzzy name match is strengthened by an address connection, so operations should not override the alert for processing convenience. The compliance team should assess identifiers, list data, transaction context, and internal policy to decide whether the hit is a false positive, a true match, or requires further action. Customer confirmation alone is not reliable, and post-transaction review may allow a prohibited payment to occur.
A potential sanctions match with supporting identifiers should be held and escalated for sanctions review before the transaction is processed.
Topic: Building an Anti-Financial Crime Compliance Program
A bank is considering a new payment processor that will provide same-day cross-border payouts for online gaming merchants. The processor operates through agents in several higher-risk jurisdictions, has a layered offshore ownership structure, and wants activation before providing agent due diligence files. What is the BEST control response?
Best answer: C
What this tests: Building an Anti-Financial Crime Compliance Program
Explanation: High-risk scenarios should trigger proportionate controls before exposure is accepted. Here, the customer combines several elevated risks: a payment processor, online gaming merchants, same-day cross-border payouts, agents in higher-risk jurisdictions, incomplete third-party due diligence, and opaque ownership. The best response is not automatic rejection or ordinary onboarding, but enhanced due diligence and governance before activation. The institution should understand beneficial ownership and control, licensing or regulatory status, agent oversight, merchant onboarding standards, expected activity, and monitoring needs. Senior management or designated governance approval may be appropriate if the relationship remains within risk appetite. Suspicious activity reporting generally requires a suspicion based on facts and analysis, not merely the presence of a high-risk profile.
The facts require a risk-based control response before enabling a high-risk product, channel, sector, and jurisdiction exposure.
Topic: Building an Anti-Financial Crime Compliance Program
A retail bank requires manual enhanced due diligence for every new digital account applicant after several mule-account cases. The cases shared specific indicators: synthetic-identity concerns, disposable email domains, and immediate third-party transfer activity. The blanket rule has increased onboarding abandonment among salaried domestic customers whose identity and source-of-funds checks are otherwise complete, with no meaningful increase in confirmed suspicious findings. What is the BEST action?
Best answer: C
What this tests: Building an Anti-Financial Crime Compliance Program
Explanation: A risk-based AFC program should apply stronger controls where risk indicators support them, not impose the same friction on all customers when evidence shows the risk is concentrated. Here, the blanket EDD rule creates measurable customer impact for lower-risk applicants and does not improve suspicious-finding rates. The better action is to redesign the control around the actual mule-account indicators, such as synthetic-identity concerns, disposable email domains, and immediate third-party transfer activity. The bank should also track effectiveness metrics, such as detection quality, false positives, abandonment, and residual risk, to confirm the control remains proportionate.
This aligns control intensity to demonstrated risk while testing whether the revised control remains effective.
Topic: Understanding the Risks and Methods of Financial Crime
A bank analyst reviews an existing corporate customer. Public records allege the company’s director won government contracts by paying bribes. Soon after contract payments arrive, the account sends large “consulting fee” transfers to an offshore shell company with no clear services, then funds a property purchase held by the director’s relative. Which interpretation and action is BEST?
Best answer: D
What this tests: Understanding the Risks and Methods of Financial Crime
Explanation: A predicate crime is the underlying offense that generates illicit proceeds, such as bribery, fraud, tax evasion, or trafficking. Money laundering is the later conduct used to place, layer, conceal, or integrate those proceeds so they appear legitimate or are harder to trace. In this scenario, the alleged bribery explains why the contract proceeds may be criminal property. The offshore shell-company “consulting” payments and related-party property purchase are separate indicators of laundering because they may disguise ownership, purpose, or source of funds. The best action is to document the distinction and escalate based on suspicion; a criminal conviction is not required for internal escalation or suspicious activity consideration.
The alleged bribery is the possible source offense, while the shell-company transfers and related-party property purchase may disguise or integrate its proceeds.
Topic: Global AFC Frameworks, Governance, and Regulations
A national authority receives suspicious transaction reports and other disclosures from reporting entities, analyzes them with other available information, and disseminates financial intelligence to competent domestic authorities or foreign counterparts when appropriate. Which concept does this description match?
Best answer: A
What this tests: Global AFC Frameworks, Governance, and Regulations
Explanation: A financial intelligence unit is the national center for handling financial intelligence. Reporting entities submit suspicious activity or transaction reports and other required disclosures to the FIU. The FIU analyzes those reports, often combining them with additional data, and disseminates intelligence to law enforcement, supervisors, tax authorities, or foreign FIUs when appropriate. This differs from a sanctions body, which designates or oversees sanctions measures; a prudential supervisor, which focuses on safety, soundness, and compliance oversight; and prosecutors, who pursue criminal cases after investigative development.
An FIU is the central authority for receiving, analyzing, and disseminating financial intelligence related to suspected financial crime.
Topic: Understanding the Risks and Methods of Financial Crime
A bank is reviewing an ecommerce marketplace that is applying for payment services. The marketplace will be the named merchant, but its payment diagram shows customer funds moving through unrelated third-party wallets and pooled PSP settlement accounts before reaching the marketplace. The applicant says it cannot provide underlying payer or wallet-owner details because the PSPs control that data. What is the BEST action for the bank’s customer risk assessment?
Best answer: D
What this tests: Understanding the Risks and Methods of Financial Crime
Explanation: Third-party payment flows can create opacity when the financial institution cannot clearly identify who initiated payments, who controls intermediary wallets, or how funds move through pooled settlement accounts. In an ecommerce and PSP context, that opacity can weaken source-of-funds understanding, customer risk assessment, transaction monitoring, sanctions screening, and investigation capabilities. The best response is not to assume the flow is acceptable or prohibited solely because a PSP is involved. A risk-based approach requires updating the risk assessment and obtaining enhanced information about the payment chain, PSP roles, settlement accounts, data access, and compensating controls before deciding whether the relationship fits the institution’s risk appetite.
Third-party wallets and pooled settlement accounts obscure the origin of funds and parties involved, so the opacity should affect risk scoring and due diligence.
Topic: Building an Anti-Financial Crime Compliance Program
A multinational bank’s horizon-scanning team identifies two developments: a binding local rule requiring documented source-of-wealth checks for certain high-risk legal entity customers, and a regulator guidance paper encouraging stronger risk-based adverse media screening. The global AFC policy owner is updating the CDD policy and related onboarding procedures. Which action is BEST?
Best answer: B
What this tests: Building an Anti-Financial Crime Compliance Program
Explanation: Regulatory horizon scanning should feed a controlled policy and procedure update process. Binding legal or regulatory obligations must be mapped to affected products, customers, jurisdictions, and processes, then reflected in policy standards and detailed procedures. Regulatory guidance may not be legally binding in the same way, but it should still be assessed against the institution’s risk profile and used to improve controls where appropriate. A sound response distinguishes mandatory requirements from supervisory expectations, obtains appropriate governance approval, and gives staff clear procedural instructions on steps, evidence, roles, and escalation.
This approach distinguishes binding requirements from guidance and translates both into governed, risk-based policy and procedure changes.
Topic: Global AFC Frameworks, Governance, and Regulations
A multinational bank is reviewing a payment for a customer booked in one country, processed through a correspondent in another, and involving a counterparty in a third. The applicable rules overlap: one regime may require sanctions blocking, while another limits cross-border sharing of customer data. Which response is most appropriate?
Best answer: B
What this tests: Global AFC Frameworks, Governance, and Regulations
Explanation: When a customer or transaction touches multiple jurisdictions, an AFC team should not assume that one location’s rules control the entire case. The appropriate response is to identify all applicable AML/CFT, sanctions, privacy, and reporting obligations; document the analysis; and escalate true conflicts to compliance, legal, or a governance forum. Institutions generally seek to apply the stricter applicable control where lawful, while using approved local workarounds when one obligation, such as data localization or tipping-off restrictions, limits how another control can be performed. This is different from regulatory arbitrage, blanket de-risking, or automatic multi-jurisdictional reporting.
Overlapping regimes require a documented jurisdictional analysis and escalation so the institution can meet the strictest lawful obligation without violating another applicable law.
Topic: Tools and Technologies to Fight Financial Crime
A bank’s transaction-monitoring system is designed to alert on high-risk cross-border wire patterns. After a core banking migration, a quality review finds that many customer residence fields are blank, related accounts are no longer linked under the same customer ID, and alert volumes have dropped despite stable wire activity. What is the BEST action?
Best answer: A
What this tests: Tools and Technologies to Fight Financial Crime
Explanation: When poor data quality weakens an AFC technology control, the priority is to remediate the data problem at its source and validate that the control is working as intended. Blank residence fields and broken customer-account linkage directly affect segmentation, aggregation, and risk scoring, so the reduced alert volume may reflect missed detection rather than lower risk. The best action is to correct the feed or mapping issue, test completeness and linkage, and reprocess the impacted period so potentially missed activity is assessed. Tuning thresholds or changing tools before fixing the data can mask the defect and create unreliable alerts.
Fixing and validating the underlying data restores the control’s reliability before alert results are relied upon.
Topic: Tools and Technologies to Fight Financial Crime
A bank’s digital onboarding workflow is screening a new corporate customer. The company registry API confirms the entity is active, but the directors field is unavailable due to a data-source error. A commercial ownership database lists a 70% owner as “A. Petrova,” while an adverse-media feed returns a low-confidence match to a similarly named person linked to sanctions-evasion procurement. The workflow proposes standard-risk approval because there is no exact list match. What is the BEST action?
Best answer: B
What this tests: Tools and Technologies to Fight Financial Crime
Explanation: Automated external data can improve screening, but it should not replace judgment when key data is incomplete or conflicting. Here, the directors field is missing, the ownership source identifies a majority owner, and adverse media produces a possible match involving sanctions-evasion procurement. Even though there is no exact list match, these facts affect the customer’s risk profile and the reliability of the automated standard-risk decision. The appropriate control is to pause or route the case for manual review, validate identifiers, reconcile sources, and document the risk-based decision before approval. Automatic approval would rely on incomplete evidence, while automatic rejection would overstate an unresolved low-confidence match.
Conflicting and incomplete external data affecting ownership and adverse-media risk should be manually reviewed before making the onboarding decision.
Topic: Building an Anti-Financial Crime Compliance Program
A bank’s senior leaders from compliance, legal, operations, risk, and customer-facing businesses meet monthly to review AFC KRIs, significant investigation trends, high-risk customer escalations, policy exceptions, and resource gaps. The group can direct remediation, escalate unresolved issues to executive management or the board, and align actions with the bank’s AFC risk appetite. Which concept best matches this description?
Best answer: A
What this tests: Building an Anti-Financial Crime Compliance Program
Explanation: Governing committees in an AFC program provide structured oversight and decision-making across functions. They review management information such as KRIs, investigation trends, exceptions, and remediation status; help resolve cross-functional issues; and escalate material concerns to senior management or the board when needed. They are not a substitute for day-to-day control execution, investigations, or independent testing. In this scenario, the group’s senior, cross-functional membership and authority to direct remediation and escalate unresolved issues make it an AFC governance committee or financial crime risk committee.
An AFC governance committee provides cross-functional oversight, decision support, and escalation for material financial-crime compliance matters.
Topic: Tools and Technologies to Fight Financial Crime
An AFC team uses an automated customer-risk tool to refresh KYC ratings. A corporate customer is scored low risk, but the source-system feed omitted beneficial-owner nationality and country-of-operation fields, and the customer recently added cross-border payment activity. What is the BEST action for the analyst before relying on the tool output?
Best answer: C
What this tests: Tools and Technologies to Fight Financial Crime
Explanation: Automated AFC tools are only as reliable as the data used to generate their outputs. Missing beneficial-owner and country-of-operation information can materially affect customer risk scoring, especially when the customer has added cross-border payment activity. The best action is not to ignore the tool, but to treat the result as requiring review: remediate or obtain the missing information, assess whether the new activity changes the risk profile, and document the decision. Tool approval does not eliminate the need for human review when known data limitations may affect the outcome.
The low-risk output may be unreliable because material customer and activity data needed for the model are missing or outdated.
Topic: Building an Anti-Financial Crime Compliance Program
An AFC investigator concludes that a customer’s wire activity is inconsistent with its stated business purpose and recommends escalation for possible suspicious transaction reporting. Which documentation best supports the investigation conclusion and escalation decision?
Best answer: C
What this tests: Building an Anti-Financial Crime Compliance Program
Explanation: Investigation documentation should allow an independent reviewer to understand what was reviewed, how the facts were analyzed, and why the investigator reached a conclusion. For an escalation or possible suspicious activity report, the strongest support is a case narrative with relevant KYC facts, transaction details, external information, evidence considered, and a clear rationale. Rule descriptions, policies, and quality assurance materials may support the broader compliance program, but they do not by themselves substantiate the case-specific conclusion.
A well-supported case narrative connects the facts and analysis to the investigator’s conclusion and escalation recommendation.
Topic: Tools and Technologies to Fight Financial Crime
A bank’s mobile app uses document OCR, selfie liveness, and sanctions screening for straight-through retail onboarding. A new applicant passes those automated checks, but the stated residential address cannot be validated against reference data, and the device/IP location is in a different high-risk jurisdiction from the claimed residence. What is the best action before account opening?
Best answer: A
What this tests: Tools and Technologies to Fight Financial Crime
Explanation: Digital onboarding can support efficient customer identification, but it should not be treated as conclusive when important data points conflict. A passed document, liveness, and sanctions check confirms only part of the onboarding risk picture. An address that cannot be validated and a device/IP location in a different high-risk jurisdiction create unresolved risk that warrants additional controls before account opening. The risk-based response is to pause straight-through processing and use manual review, independent databases, reliable external sources, or additional verification to determine whether the discrepancy is explainable or suspicious.
Conflicting location and unvalidated address are risk signals that automated checks alone have not resolved.
Topic: Building an Anti-Financial Crime Compliance Program
A corporate customer was onboarded as low risk. Ongoing monitoring now shows a rapid shift to large third-party payments involving a higher-risk jurisdiction, and updated registry information shows a new beneficial owner who is a foreign politically exposed person. The next scheduled periodic review is 18 months away, and no transaction has yet been confirmed as suspicious. What is the best action?
Best answer: B
What this tests: Building an Anti-Financial Crime Compliance Program
Explanation: When customer risk factors increase after onboarding, the institution should not rely only on the original risk rating or wait for the next periodic review. A material change—such as new beneficial ownership by a foreign PEP and activity involving a higher-risk jurisdiction—should trigger an event-driven CDD refresh. The due-diligence response should be risk based and may include updating beneficial ownership information, understanding the purpose and expected activity, assessing source of funds or wealth where appropriate, obtaining required approvals, and adjusting ongoing monitoring. A suspicious activity report may be needed if investigation identifies suspicion, but increased risk alone does not automatically mean suspicious activity. Automatic exit is also not the best first response unless the risks cannot be understood or controlled within the institution’s risk appetite.
Material post-onboarding changes require refreshed CDD and risk-based EDD rather than waiting for the next scheduled review.
Topic: Understanding the Risks and Methods of Financial Crime
A private bank is onboarding a customer who is not a public official. KYC shows she is the adult daughter of a country’s minister of energy, is the beneficial owner of a newly formed commodities trading company, and expects a $3 million incoming transfer from an offshore consulting firm while giving only vague explanations of her wealth. What is the BEST action?
Best answer: B
What this tests: Understanding the Risks and Methods of Financial Crime
Explanation: PEP risk is not limited to someone who personally holds public office. Family members and close associates of a person entrusted with a prominent public function can present heightened bribery, corruption, and money-laundering risk, especially where the customer’s business, wealth, or funds are difficult to explain. The bank should not rely only on the absence of a sanctions hit or the fact that the customer is not herself an official. The best action is to treat the relationship as PEP-related high risk, escalate according to policy, obtain enhanced information on source of wealth and source of funds, and secure appropriate senior management approval before deciding whether to onboard.
The family relationship to a prominent public official plus unclear wealth and offshore funding warrants PEP-related EDD and governance approval.
Topic: Global AFC Frameworks, Governance, and Regulations
A financial institution joins a formally governed forum with law enforcement, the financial intelligence unit, regulators, and peer institutions. Within legal limits, participants exchange typologies, threat indicators, and feedback on cases so firms can refine monitoring and detect emerging financial-crime patterns earlier. Which concept is described?
Best answer: C
What this tests: Global AFC Frameworks, Governance, and Regulations
Explanation: Public-private partnerships bring together public authorities and private-sector participants to share financial-crime intelligence, typologies, threat indicators, and feedback in a controlled and lawful way. Their purpose is to improve the quality of detection, investigations, and risk understanding across the financial system. They do not replace a firm’s own customer due diligence, monitoring, escalation, or suspicious activity reporting obligations. Instead, they help institutions identify emerging typologies, tune monitoring controls, prioritize higher-risk activity, and understand law-enforcement priorities while respecting confidentiality, data protection, and legal gateways.
Public-private partnerships enable lawful intelligence sharing between public authorities and private firms to improve detection of financial crime.
Topic: Tools and Technologies to Fight Financial Crime
An AFC team is integrating two KYC systems into a monitoring platform. Both systems provide a field named onboarding date, but one uses the first account-opening date and the other uses the latest KYC refresh date. The monitoring rules produce inconsistent periodic-review triggers because the same field name has different meanings. Which issue is primarily illustrated?
Best answer: A
What this tests: Tools and Technologies to Fight Financial Crime
Explanation: A data definitions issue arises when a field, attribute, or data element is not consistently defined across systems or business units. Here, the AFC tool receives an onboarding date from both KYC systems, but the field represents two different events. That creates inconsistent monitoring results even if the data is otherwise available and accurately transmitted. Data access would concern whether the tool or users can retrieve the needed data. Data integrity would focus on whether the data is accurate, complete, and unaltered. Taxonomy would concern classification structures, such as customer types, product categories, or alert reason codes.
The problem is that the same data field is defined differently across source systems, causing the AFC tool to interpret it inconsistently.
Topic: Global AFC Frameworks, Governance, and Regulations
An international bank’s AFC team reviews a special report from a non-governmental research organization describing emerging laundering typologies linked to environmental crime. The report was not issued by a regulator, FIU, or legislature. The team uses it to refine its enterprise risk assessment and monitoring scenarios while separately checking applicable laws and supervisory expectations. Which concept best matches this use of the report?
Best answer: B
What this tests: Global AFC Frameworks, Governance, and Regulations
Explanation: Reports and typologies from non-government bodies, research institutes, industry groups, or civil society can be valuable AFC risk intelligence. They may highlight emerging methods, sectors, red flags, or geographic exposure that a firm should consider under a risk-based approach. However, unless incorporated into law, regulation, supervisory guidance, or contractual obligations, they are not direct legal requirements. In the scenario, the bank appropriately uses the report to reassess risk and consider monitoring changes, while separately validating what binding obligations apply.
A non-government special report can inform risk understanding and control calibration without itself creating direct legal obligations.
Topic: Global AFC Frameworks, Governance, and Regulations
A national risk assessment published by the bank’s primary regulator identifies increased money laundering risk in cross-border trade finance involving free-trade zones and opaque beneficial ownership. A sectoral assessment for banks notes weak CDD and transaction monitoring controls in this area. Your institution offers trade-finance services to import/export customers, but its enterprise risk assessment still rates the product as moderate risk using a three-year-old methodology. What is the BEST action?
Best answer: A
What this tests: Global AFC Frameworks, Governance, and Regulations
Explanation: National and sectoral risk assessments are important external inputs to an institution’s risk-based approach. They do not automatically determine the outcome for every customer, but they should prompt the institution to reassess whether its own inherent risk ratings, customer risk factors, due diligence standards, and monitoring scenarios remain appropriate. Here, the institution has direct product exposure to the risk highlighted by both assessments, and its methodology is dated. The best action is to update the enterprise and product risk assessments and apply proportionate controls, such as enhanced beneficial ownership review, trade-document scrutiny, or targeted monitoring for exposed customers.
National and sectoral risk assessments should inform the institution’s own risk-based assessment and proportionate control design.
Topic: Understanding the Risks and Methods of Financial Crime
A bank reviews a small local restaurant’s business checking account. KYC states the account purpose is to deposit local daily sales and pay suppliers in the same city. Over two months, unidentified individuals make frequent cash deposits at branches in several distant border towns, and the funds are quickly transferred to accounts in a neighboring high-risk jurisdiction. Which banking-segment risk indicator best matches this activity?
Best answer: B
What this tests: Understanding the Risks and Methods of Financial Crime
Explanation: Funnel account activity often involves funds being placed through deposits in multiple locations and then quickly moved to another location or jurisdiction. The key indicators here are the mismatch between the customer’s stated local business purpose and the actual transaction pattern, deposits by unidentified third parties at distant branches, and transfers to a neighboring high-risk jurisdiction. A cash-intensive restaurant may legitimately make cash deposits, but the geography and rapid onward movement are inconsistent with normal local operating activity and should prompt further review or escalation under a risk-based monitoring process.
The activity is inconsistent with a local restaurant’s stated purpose and shows dispersed cash deposits followed by rapid movement to a higher-risk geography.
Topic: Global AFC Frameworks, Governance, and Regulations
A multinational bank’s compliance committee proposes updating CDD and transaction monitoring standards to reflect FATF risk-based guidance. Legal notes that FATF itself does not directly enforce obligations against the bank; enforceable duties come from local AML/CFT law and regulators. Which concept best explains why the FATF guidance can still influence the bank’s controls?
Best answer: A
What this tests: Global AFC Frameworks, Governance, and Regulations
Explanation: FATF Recommendations and guidance are not usually direct legal obligations for a financial institution. Their influence comes from FATF’s role as the global AML/CFT standard setter. Countries are assessed against FATF standards through mutual evaluations and are expected to implement those standards through domestic laws, regulations, and supervisory practices. As a result, an institution may adjust policies, CDD, monitoring, training, and governance to align with FATF guidance because local regulators and examiners may treat that guidance as an important benchmark for an effective risk-based AFC program. The enforceable obligation remains local law, but FATF helps shape what local frameworks and supervisory expectations become.
FATF guidance influences controls because countries and supervisors often use it as the benchmark for local AML/CFT frameworks and examinations.
Topic: Tools and Technologies to Fight Financial Crime
An AFC platform refreshes external sanctions lists and an internal prohibited-party list, standardizes aliases and transliterations, and compares the updated lists overnight against all existing customers. Possible name matches above a similarity threshold are queued for analyst review. Which technology function is being described?
Best answer: C
What this tests: Tools and Technologies to Fight Financial Crime
Explanation: Customer or batch sanctions screening compares a firm’s customer records, often on a scheduled basis, against external lists such as sanctions lists and internal lists such as prohibited or exited parties. Fuzzy matching helps identify potential matches despite spelling differences, aliases, transliteration issues, or incomplete data. List management supports this process by ensuring that the lists used for screening are current, authorized, and properly configured. In the scenario, the key features are list refresh, customer population comparison, approximate name matching, and analyst review of possible hits, which together point to customer batch sanctions screening rather than transaction monitoring or payment filtering.
This function periodically compares the customer population against sanctions or other watch lists using approximate matching to identify potential hits.
Topic: Understanding the Risks and Methods of Financial Crime
A financial institution is onboarding a newly formed private investment vehicle. KYC shows it is owned through two offshore holding companies, uses a nominee director, has no clear operating history, and intends to make high-value cross-border transfers for a PEP-linked beneficial owner. No sanctions match is found. Which concept best matches the appropriate AML risk interpretation?
Best answer: B
What this tests: Understanding the Risks and Methods of Financial Crime
Explanation: Under a risk-based approach, due-diligence intensity should increase when several risk factors combine. A complex offshore ownership chain, nominee director, limited operating history, high-value cross-border activity, and PEP-linked beneficial ownership each may raise concern. Together, they create a higher-risk profile that warrants enhanced due diligence, such as deeper beneficial ownership verification, source of wealth/source of funds inquiries, senior management approval where required by policy, and closer ongoing monitoring. The absence of a sanctions match does not make the customer low risk, and the facts do not by themselves require an immediate suspicious transaction report without further assessment.
Multiple high-risk features in the customer structure and profile should increase due-diligence intensity even without a sanctions match.
Topic: Tools and Technologies to Fight Financial Crime
A bank’s payment screening tool stops an outgoing cross-border payment because the beneficiary name and location partially match a current prohibited-party list entry. The operations analyst cannot determine from available identifiers that the alert is a false positive. Which action best matches the appropriate escalation?
Best answer: B
What this tests: Tools and Technologies to Fight Financial Crime
Explanation: Sanctions and prohibited-party screening is a preventive control: when a possible match cannot be safely discounted as a false positive, the transaction should not proceed until an authorized sanctions or AFC function reviews and documents the disposition. The escalation should focus on confirming or discounting the match using available identifiers, list data, payment information, and any approved procedures. A good customer history does not override a potential list match, and periodic KYC is not a substitute for real-time payment-screening escalation. Suspicious activity reporting may become relevant depending on the facts and jurisdiction, but it does not replace the immediate need to stop and resolve the potential sanctions concern before processing.
A potential sanctions or prohibited-party match that cannot be cleared should be held and escalated for specialized review before any release.
Topic: Understanding the Risks and Methods of Financial Crime
A bank is onboarding a commodity trading company incorporated in a country the bank rates as low risk. KYC shows that most sales are arranged through agents in a conflict-affected neighboring country subject to targeted sanctions, and payments often pass through banks in jurisdictions publicly identified as having weak AML/CFT controls. Which is the BEST action?
Best answer: C
What this tests: Understanding the Risks and Methods of Financial Crime
Explanation: Jurisdiction risk is not limited to where a customer is incorporated. A customer can present elevated geographic risk through agents, counterparties, revenue sources, payment routes, and exposure to sanctioned or conflict-affected locations. Here, the low-risk incorporation country is outweighed by business activity tied to targeted sanctions, conflict exposure, and payment flows through weak-control jurisdictions. The best action is not automatic exit or simple name screening; it is a risk-based escalation and enhanced due diligence to understand the purpose of the relationship, involved parties, sanctions nexus, source of funds, and control expectations before approval.
The customer’s geographic links create corruption, sanctions, conflict, and weak-control exposure that should drive risk-based enhanced due diligence.
Topic: Building an Anti-Financial Crime Compliance Program
A financial institution decides to terminate all accounts for nonprofit organizations operating in conflict-affected regions without reviewing each customer’s purpose, activity, controls, or available risk mitigants. Which concept does this most closely describe?
Best answer: A
What this tests: Building an Anti-Financial Crime Compliance Program
Explanation: A risk-based approach evaluates the specific risks presented by a customer, product, geography, channel, and activity, then applies controls proportionate to those risks. It does not require serving every customer, but decisions should be based on documented, case-specific analysis and the institution’s ability to manage the risk. De-risking occurs when an institution broadly exits or refuses whole customer groups, sectors, or regions without individualized assessment. In the scenario, the institution does not review the nonprofits’ purposes, transactions, controls, or mitigants, so the practice is best characterized as de-risking rather than risk-based control design.
This is de-risking because the institution exits an entire customer category without case-specific risk assessment or mitigation analysis.
Topic: Global AFC Frameworks, Governance, and Regulations
A multinational financial institution plans to centralize transaction-monitoring alerts from multiple countries so its group AFC team can detect cross-border terrorist-financing patterns. Legal advises that some customer data cannot be moved or reused unless the bank documents a permitted basis, limits the data to the AML/CFT purpose, and applies cross-border transfer safeguards. Which concept does this description best illustrate?
Best answer: B
What this tests: Global AFC Frameworks, Governance, and Regulations
Explanation: Data privacy and data-protection rules can directly affect AML/CFT collaboration and monitoring. They do not necessarily prohibit information sharing or centralized monitoring, but they may require a lawful or permitted basis, restrict secondary use, limit data to what is necessary, require retention controls, or impose safeguards for cross-border transfers. In this scenario, the key issue is not whether the activity is useful for detecting terrorist financing; it is that customer data movement and reuse must comply with privacy obligations while supporting AML/CFT objectives.
Privacy rules may permit AML/CFT activity but condition it through lawful basis, proportionality, data minimization, and transfer controls.
Topic: Tools and Technologies to Fight Financial Crime
A fintech’s digital onboarding workflow confirms a new applicant’s passport authenticity and biometric liveness. The applicant is opening an account for a newly formed company with layered foreign ownership, expects frequent cross-border transfers, and has not explained the source of funds or business purpose. Which is the BEST action before account activation?
Best answer: A
What this tests: Tools and Technologies to Fight Financial Crime
Explanation: Digital onboarding tools often support identity proofing, document authentication, biometric matching, and screening. Those controls help establish that a person is who they claim to be, but they do not by themselves answer broader CDD questions. For a business customer, the institution still needs a risk-based understanding of beneficial ownership and control, source of funds, purpose of the relationship, and expected account activity. The layered ownership, cross-border activity, and missing source-of-funds explanation make it inappropriate to treat the identity check as sufficient. The best action is to complete appropriate CDD or EDD before activating the account, rather than deferring core onboarding questions to later monitoring or applying blanket de-risking.
Identity verification confirms who the applicant is, but the unresolved ownership, funding, purpose, and activity facts require broader due diligence before activation.
Topic: Building an Anti-Financial Crime Compliance Program
An AFC compliance team’s horizon-scanning log notes that a regulator has issued final guidance expecting firms to assess instant-payment fraud and mule-account indicators. Industry information-sharing forums report a sharp increase in the same typology, and the bank’s current financial-crime policy addresses only traditional wire transfers. What is the BEST action for the compliance officer?
Best answer: A
What this tests: Building an Anti-Financial Crime Compliance Program
Explanation: Horizon scanning is used to identify external changes—such as new regulatory expectations, typology shifts, enforcement trends, and industry intelligence—that may require changes to an AFC program. Here, the regulator’s final guidance and peer-reported rise in mule-account activity directly reveal a gap: the bank’s policy covers traditional wires but not instant payments. The best response is not an automatic service ban or a passive wait for losses. Compliance should trigger a targeted review, update the risk assessment, and determine whether policy, procedures, monitoring, ownership, training, or reporting need changes under a risk-based approach.
Horizon scanning should trigger policy review when external regulatory expectations and emerging typologies expose a gap in the current AFC framework.
Topic: Tools and Technologies to Fight Financial Crime
An AFC operations manager wants to reduce a transaction-monitoring alert backlog while preserving control effectiveness. The proposal keeps existing typology coverage, uses alert outputs and customer-risk factors to rank work, routes higher-risk alerts to experienced investigators first, and applies quality assurance to lower-risk closures. Which technology-enabled efficiency improvement is being described?
Best answer: B
What this tests: Tools and Technologies to Fight Financial Crime
Explanation: A sound efficiency improvement in AFC technology should reduce operational burden without creating blind spots or abandoning the risk-based approach. Risk-based alert prioritization and case triage uses available risk indicators—such as customer risk, transaction pattern, scenario output, and prior activity—to rank alerts and route them appropriately. This helps investigators focus first on alerts most likely to indicate suspicious activity, while lower-risk alerts can follow standardized review and quality assurance. The key distinction is that the control remains active and risk-sensitive; the institution is not simply suppressing alerts or removing human oversight where it is still needed.
This improves efficiency by focusing review effort on higher-risk alerts while retaining control coverage and QA oversight.
Topic: Understanding the Risks and Methods of Financial Crime
A trust and company service provider presents a new corporate customer. KYC notes show nominee shareholders and directors, a discretionary trust, and holding companies in multiple jurisdictions; no clear natural person can be identified as exercising ultimate control. Which concept best describes the key financial-crime risk?
Best answer: C
What this tests: Understanding the Risks and Methods of Financial Crime
Explanation: Trust and company service providers can be misused as gatekeepers when they create or administer entities, trusts, nominee directors, or nominee shareholders that obscure who really owns or controls assets. The concern is not simply that the customer has multiple legal entities, but that the structure prevents identification of the ultimate beneficial owner or controlling person. This is a classic opaque ownership and control risk, often requiring enhanced due diligence, verification of beneficial ownership, and scrutiny of the purpose of the structure.
The facts point to a TCSP-enabled structure that can conceal the natural persons who ultimately own or control the customer.
Topic: Global AFC Frameworks, Governance, and Regulations
A bank files a suspicious transaction report after identifying payments that appear structured to evade a UN sanctions measure. The FIU acknowledges receipt and states that the information may be shared with competent authorities. Senior management asks what role law enforcement would play if the matter proceeds. What is the best explanation?
Best answer: D
What this tests: Global AFC Frameworks, Governance, and Regulations
Explanation: In a global AFC framework, law enforcement is responsible for investigating suspected criminal activity and helping pursue criminal outcomes. After an FIU receives and analyzes suspicious reporting, it may disseminate intelligence to law enforcement or other competent authorities. Law enforcement can then use legal powers—such as interviews, production orders, searches, arrests, or asset restraint where authorized—to build an evidentiary case and work with prosecutors. The bank’s role remains to maintain controls, preserve records, comply with reporting and sanctions obligations, and respond appropriately to lawful requests without tipping off the customer.
Law enforcement’s core role is to investigate suspected crimes and support the pursuit of criminal outcomes through lawful investigative powers.
Topic: Building an Anti-Financial Crime Compliance Program
A bank’s monitoring team identifies repeated payments by a long-standing trade-finance customer to shell-company counterparties in jurisdictions with elevated sanctions and corruption risk. AFC investigators recommend exiting the relationship, but the business line asks to retain the customer because it is strategically important. The AFC policy requires committee review for disputed high-risk exits and material risk-appetite exceptions. What is the best action?
Best answer: C
What this tests: Building an Anti-Financial Crime Compliance Program
Explanation: AFC governing committees are used to oversee significant financial-crime risk decisions, especially where there is disagreement between compliance and the business or where a decision may exceed normal risk appetite. The committee should receive enough information to make or endorse a documented decision, such as investigation findings, risk assessment, proposed controls, customer impact, and exit or retention recommendation. This does not remove the need for any required suspicious activity reporting or operational controls, but it ensures that material escalation, accountability, and oversight occur at the appropriate governance level. In this scenario, the policy specifically requires committee review, so bypassing that forum would weaken governance.
The committee’s role is to provide oversight, resolve material AFC risk decisions, and document escalation outcomes within risk appetite.
Topic: Building an Anti-Financial Crime Compliance Program
A bank requires the same manual enhanced questionnaire and senior approval for every customer opening a basic low-value account, including low-risk domestic retail customers. The process increases abandonment and delays but does not improve detection of financial-crime risk. Which concept best matches this situation?
Best answer: B
What this tests: Building an Anti-Financial Crime Compliance Program
Explanation: A risk-based AFC program should align control intensity with the customer, product, channel, and jurisdiction risks presented. A blanket control may be appropriate in limited circumstances, but applying the same high-friction requirement to all customers regardless of risk can be inefficient and may weaken the customer experience without improving risk outcomes. In this scenario, low-risk customers are subjected to enhanced steps that do not produce better detection or mitigation. That indicates a disproportionate blanket control rather than a calibrated risk-based control.
The control applies uniformly without risk differentiation, creating excessive friction without a proportionate risk-management benefit.
Topic: Global AFC Frameworks, Governance, and Regulations
A bank in Country A investigates a corporate customer whose incoming payments appear linked to online fraud victims in Country B and are quickly transferred to virtual-asset accounts at a VASP in Country C. The bank has account and transaction records, but victim evidence, beneficiary wallet information, and company registry data sit in other jurisdictions. Local law restricts direct disclosure of customer data to foreign private parties. What is the BEST action for the AFC team?
Best answer: C
What this tests: Global AFC Frameworks, Governance, and Regulations
Explanation: Cross-border financial crime often involves customers, victims, transactions, records, assets, and predicate offenses spread across multiple jurisdictions. No single institution or authority is likely to have the full picture or legal power to obtain all relevant information. The best response is to meet the institution’s local reporting and escalation obligations while using authorized channels—such as FIU-to-FIU cooperation, regulator-to-regulator cooperation, law-enforcement requests, or other permitted mechanisms—to exchange information lawfully. This approach supports evidence gathering, asset tracing, and coordinated disruption while respecting confidentiality, data protection, and tipping-off restrictions.
This recognizes that cross-border cases require lawful coordination because relevant evidence and authority are divided across jurisdictions.
Topic: Building an Anti-Financial Crime Compliance Program
An AFC investigator at a cross-border bank reviews an alert involving a newly onboarded trading company. The customer receives wires from several unrelated entities and quickly sends most funds to a virtual asset service provider in a high-risk jurisdiction. The invoices provided are generic, and the customer cannot explain the commercial purpose. The relationship manager asks the investigator to close the alert because there is no sanctions match and the client is “strategic.” What is the BEST action?
Best answer: A
What this tests: Building an Anti-Financial Crime Compliance Program
Explanation: When investigation facts indicate possible layering, lack of economic purpose, weak supporting documents, and an unexplained high-risk virtual asset destination, the case should be escalated through the institution’s suspicious activity or transaction reporting process. The investigator should document the facts and refer the matter to the designated reporting officer, MLRO, or equivalent role that determines whether to file with the FIU. The relationship manager’s request to close the alert for business reasons is not merely a customer-service issue; it may indicate pressure to override AFC controls and should be escalated through compliance governance according to policy. A sanctions screen result does not resolve AML/CFT concerns, and customer communications must avoid tipping-off risk.
The facts support a suspicious reporting escalation, and the attempted business override creates a separate governance concern.
Topic: Building an Anti-Financial Crime Compliance Program
A bank is onboarding a newly formed import-export company. The customer expects frequent high-value cross-border wires involving higher-risk jurisdictions, has a layered ownership structure with a trust as an intermediate owner, and identifies a beneficial owner who is a close associate of a foreign PEP. Sanctions screening has no confirmed matches. What is the BEST action for the bank?
Best answer: D
What this tests: Building an Anti-Financial Crime Compliance Program
Explanation: A risk-based AFC program increases control intensity when customer, ownership, geography, product, or activity risks exceed ordinary baseline expectations. Here, the absence of a confirmed sanctions match does not eliminate AML, corruption, or concealment risk. The customer has several higher-risk indicators: expected high-value cross-border wires, higher-risk jurisdictions, a layered ownership structure, and a PEP-related beneficial owner. The best response is not automatic rejection or immediate reporting based only on risk rating; it is enhanced due diligence and enhanced monitoring before approving or continuing the relationship, with escalation according to policy.
The combined jurisdiction, ownership, and PEP-related risk factors exceed baseline CDD and justify enhanced controls.
Topic: Understanding the Risks and Methods of Financial Crime
A PSP monitors a newly onboarded ecommerce merchant that sells digital vouchers. The merchant’s application said it would serve local retail customers, but its first weekend activity shows 1,200 purchases of USD 10–USD 20 using hundreds of unrelated payment cards, with many transactions tied to the same two device fingerprints and IP locations in jurisdictions the PSP rates as high risk. What is the best action?
Best answer: B
What this tests: Understanding the Risks and Methods of Financial Crime
Explanation: PSPs and ecommerce platforms should look beyond individual transaction size. In this scenario, several facts combine into a meaningful risk indicator: digital vouchers are easily monetized, the activity is unusually concentrated soon after onboarding, many unrelated cards are linked to the same devices, and IP locations conflict with the merchant’s stated local customer base. These facts may indicate card testing, fraud proceeds movement, mule activity, or laundering through merchant processing. The best response is to escalate for fraud/AFC investigation and consider risk-based controls, such as payout holds or additional merchant due diligence, while evidence is reviewed.
The combination of digital goods, many low-value payments from unrelated cards, shared devices, and high-risk IP locations is a PSP/ecommerce risk indicator requiring escalation.
Topic: Understanding the Risks and Methods of Financial Crime
A PSP reviews ecommerce activity for a merchant selling digital vouchers. In a 30-minute period, 42 low-value purchases are made with different cardholder names and card numbers, but all originate from the same device fingerprint and IP address. Which PSP/ecommerce risk indicator does this best represent?
Best answer: A
What this tests: Understanding the Risks and Methods of Financial Crime
Explanation: For PSPs and ecommerce platforms, risk indicators may arise from the merchant, jurisdictions, transaction pattern, or customer behavior. Here, the decisive fact is that many different cardholders are transacting from the same device fingerprint and IP address in a short period. That points to suspicious customer behavior, such as card testing, account takeover, mule coordination, or synthetic identity misuse. The stem does not state that the merchant’s business model is inconsistent, that countries involved are high risk, or that refunds and chargebacks are being used to move value.
The shared device and IP across many different cardholders indicates coordinated or suspicious customer behavior rather than a merchant or jurisdiction issue.
Topic: Tools and Technologies to Fight Financial Crime
A bank is tuning a traditional rules-based transaction monitoring scenario for outgoing international wires. The current scenario uses one threshold for all business customers and has produced many false positives for import/export companies, while a small charity with low KYC-declared international activity sent repeated wires just below the same threshold. KYC records include customer type, geography, and expected monthly wire activity. Which action is BEST?
Best answer: B
What this tests: Tools and Technologies to Fight Financial Crime
Explanation: Traditional transaction monitoring commonly relies on rules and scenarios with thresholds, but those thresholds should be calibrated to meaningful customer segments and expected activity. In this scenario, one generic business threshold is not working: it over-alerts customers whose wire activity may be expected, while potentially missing unusual activity for a customer with much lower expected international activity. The best action is to use available KYC and risk attributes, such as customer type, geography, and expected monthly wires, to define segments and tune/test thresholds for each segment. This improves alert relevance without removing monitoring coverage or treating all business customers as having the same risk profile.
Traditional transaction monitoring should use relevant segmentation and expected activity to make rule thresholds more risk-based and effective.
Topic: Building an Anti-Financial Crime Compliance Program
A financial institution assigns a team that is separate from day-to-day AFC operations to test whether onboarding, screening, monitoring, and escalation controls are working as designed. The team reports findings and remediation status to senior management. Which core pillar of an effective AFC compliance program does this best describe?
Best answer: D
What this tests: Building an Anti-Financial Crime Compliance Program
Explanation: A core pillar of an effective AFC compliance program is independent testing or audit. This pillar provides objective assurance that program controls are functioning as intended, identifies gaps, and tracks management’s corrective actions. The key clues are that the team is separate from day-to-day operations, tests multiple controls, and reports findings and remediation to senior management. Written policies and procedures define what should happen, training helps staff understand and perform their duties, and customer due diligence collects and updates customer risk information. None of those functions primarily describes independent assurance over control effectiveness.
Independent testing verifies whether AFC controls are designed and operating effectively and reports issues outside daily operations.
Topic: Understanding the Risks and Methods of Financial Crime
An AFC risk assessment gives a higher inherent risk score to relationships involving countries with significant corruption, active sanctions, weak AML/CFT supervision, armed conflict, or elevated organized-crime exposure. Which cross-cutting risk factor best matches this description?
Best answer: D
What this tests: Understanding the Risks and Methods of Financial Crime
Explanation: Jurisdiction risk, sometimes called geographic risk, arises when the location of a customer, counterparty, transaction, ownership link, or business activity increases exposure to financial crime. Countries or territories associated with sanctions, corruption, weak AML/CFT controls, conflict, terrorism financing, tax evasion, or organized crime can increase inherent risk and may require enhanced due diligence, closer monitoring, or restrictions under the institution’s risk appetite. The stem is not focused on what product is used, how the customer accesses the institution, or the customer’s occupation or entity type; it is focused on geography and country-level exposure.
Jurisdiction risk focuses on how a country or territory’s sanctions, corruption, control environment, conflict, or criminal exposure affects financial-crime risk.
Topic: Building an Anti-Financial Crime Compliance Program
During an AML investigation, an analyst links several alerts to a customer whose transactions are inconsistent with the stated business, involve rapid movement through unrelated accounts, and are not explained by documentation obtained. The investigator concludes there is a reasonable basis to suspect money laundering under the institution’s policy. Which escalation path best matches these facts? Select ONE.
Best answer: A
What this tests: Building an Anti-Financial Crime Compliance Program
Explanation: When an investigation establishes a reasonable basis to suspect money laundering, the appropriate escalation is through the institution’s designated suspicious activity or transaction reporting process. In many frameworks, that means escalation to the MLRO, nominated officer, or equivalent function to make or approve the reporting decision and proceed with FIU filing according to local requirements. Governance review may be appropriate for control weaknesses or trends, but it does not replace the reporting escalation when suspicion is supported. Routine relationship management or periodic KYC refresh is also insufficient once the investigation has reached a suspicion threshold.
When investigation facts support suspicion, the case should move through the institution’s formal SAR/STR escalation and reporting process.
Topic: Global AFC Frameworks, Governance, and Regulations
A cross-border payments firm is refreshing its group AFC standards for AML, CFT, and proliferation-financing controls. Senior management asks how FATF requirements should be applied because local implementation details differ across countries and FATF has not issued any directive to the firm. What is the best action?
Best answer: D
What this tests: Global AFC Frameworks, Governance, and Regulations
Explanation: FATF’s core role is to set international standards for combating money laundering, terrorist financing, proliferation financing, and related financial-crime measures. Its Recommendations, guidance, and mutual evaluation process influence national laws, supervisory expectations, and institutional AFC programs. However, FATF is not normally the direct regulator of individual firms and does not approve a firm’s policies. A financial institution should use FATF standards as a global benchmark, assess how each jurisdiction has implemented them, and design risk-based controls that comply with local requirements while supporting group-wide consistency.
FATF sets global AML/CFT and proliferation-financing standards and evaluates implementation by jurisdictions, while national authorities implement and enforce requirements.
Topic: Building an Anti-Financial Crime Compliance Program
A regional bank’s AFC program review finds that business units decide whether repeated transaction monitoring exceptions are escalated, alert-closure standards differ by region, and the governance committee receives only alert-volume metrics. What is the BEST program improvement?
Best answer: C
What this tests: Building an Anti-Financial Crime Compliance Program
Explanation: An effective AFC program needs clear ownership, documented controls, and reliable escalation to governance. The facts show a control design and governance weakness: business units are making inconsistent escalation decisions, regional standards are not aligned, and the committee lacks meaningful information about exceptions. The best improvement is to assign accountable control owners, standardize procedures for disposition and escalation, and provide governance reporting on exceptions and overdue escalations. This strengthens program effectiveness without creating unnecessary blanket restrictions or shifting management responsibilities to internal audit.
This directly fixes weak ownership, inconsistent controls, and poor escalation with governance oversight.
Topic: Tools and Technologies to Fight Financial Crime
A multinational bank wants to improve AFC monitoring for mule-account networks across subsidiaries in several jurisdictions. Privacy counsel says raw customer identifiers and transaction narratives cannot be moved into a central analytics hub except where local law permits. Investigators still need to detect linked customers, devices, and counterparties across entities and generate explainable alerts. What is the best action?
Best answer: D
What this tests: Tools and Technologies to Fight Financial Crime
Explanation: Privacy-enhancing technologies can allow AFC teams to detect risk patterns without unnecessarily moving or exposing raw personal data. Privacy-preserving entity resolution, tokenization, secure matching, and federated analytics can help identify links across subsidiaries while keeping sensitive data controlled locally where required. This approach should be paired with governance, legal review, access controls, auditability, and explainable alert outputs. Fully centralizing raw data may breach privacy or localization rules. Purely anonymized aggregate dashboards may be useful for management reporting but usually cannot support case-level investigations. Relying only on customer consent is not a robust AFC control and may not satisfy legal, operational, or investigative needs.
This supports cross-entity AFC detection while reducing exposure of raw personal data and respecting local privacy constraints.
Topic: Global AFC Frameworks, Governance, and Regulations
An international bank’s AFC team is conducting quarterly horizon scanning. It notes an FIU advisory and a FATF typologies paper describing increased use of shell importers, altered invoices, and rapid repayments in trade finance to move value through electronics shipments. The bank has recently expanded trade-finance services for small electronics importers in the same corridors, and its last institutional risk assessment predates that expansion. Which action is BEST?
Best answer: D
What this tests: Global AFC Frameworks, Governance, and Regulations
Explanation: External typology reports, FIU advisories, national risk assessments, and similar publications are key inputs to horizon scanning. They do not automatically prove customer suspicion, but they can identify emerging threats that should be compared with the institution’s own exposure. Here, the reports describe a typology that matches the bank’s recently expanded trade-finance activity, customer segment, and corridors. The best action is to review exposure, determine whether inherent risk has changed, identify control gaps, and update the institutional risk assessment and monitoring or due diligence controls as needed. This is a risk-based use of external intelligence rather than a blanket response.
External reports should be mapped to the institution’s actual products, customers, channels, and geographies to determine whether risk assessment and controls need updating.
Topic: Understanding the Risks and Methods of Financial Crime
A VASP monitoring alert shows that a new corporate customer onboarded as a software consultancy received several cryptoasset deposits from addresses tagged by blockchain analytics as linked to ransomware payments and a sanctioned wallet cluster. The customer immediately converted the funds to a stablecoin and requested withdrawal to another VASP in a high-risk jurisdiction. What is the BEST action?
Best answer: A
What this tests: Understanding the Risks and Methods of Financial Crime
Explanation: Cryptoasset activity can create sanctions and ransomware exposure even when the customer is not directly named on a sanctions list. Blockchain analytics tags, links to ransomware payment flows, rapid conversion, and withdrawal to a higher-risk VASP are red flags that should be reviewed by the appropriate AFC or sanctions investigation team before funds are released. The investigation should document the source of funds, wallet exposure, customer explanation, and any reporting or asset-control obligations under applicable law and policy. A risk-based response is stronger than either ignoring the alert or taking an undocumented exit action.
The wallet links, rapid conversion, and high-risk outbound transfer create potential sanctions and ransomware exposure requiring escalation before release.
Topic: Building an Anti-Financial Crime Compliance Program
During routine client contact, a relationship manager at a bank notices that a long-standing import business suddenly asks to route payments through an unrelated personal account and becomes evasive when asked about counterparties. Which concept best matches the relationship manager’s AFC role in this situation?
Best answer: D
What this tests: Building an Anti-Financial Crime Compliance Program
Explanation: Front-office staff such as relationship managers, tellers, and customer service teams contribute to AFC detection because they interact directly with customers and see transaction behavior in context. They are not expected to make final legal determinations, but they should recognize unusual requests, evasive explanations, or activity inconsistent with the customer profile and escalate according to internal procedures. In this scenario, the relationship manager’s awareness of the customer’s normal business and the unusual request to use an unrelated personal account are first-line detection inputs that can support further review by compliance or investigations.
Front-office staff are the first line and can identify unusual behavior or transaction requests during normal customer dealings.
Topic: Building an Anti-Financial Crime Compliance Program
A financial institution is conducting its enterprise AFC risk assessment. The team rates exposure from customer types, products, delivery channels, and jurisdictions before evaluating KYC, sanctions screening, transaction monitoring, or other mitigating controls. Which risk assessment concept is being identified?
Best answer: C
What this tests: Building an Anti-Financial Crime Compliance Program
Explanation: In an enterprise AFC risk assessment, inherent risk is the level of financial crime exposure arising from the institution’s business model, customers, products, services, channels, and geographies before controls are applied. It answers the question: “How risky is this activity if no mitigating controls are considered?” After the institution evaluates controls such as CDD, EDD, screening, monitoring, training, and escalation processes, it can assess the remaining or residual risk. The stem specifically states that the team is rating exposure before evaluating mitigating controls, so the matching concept is inherent risk.
Inherent risk is the exposure that exists before considering the effect of mitigating controls.
Topic: Tools and Technologies to Fight Financial Crime
A bank onboarded an exporter last month and screened its KYC profile with no sanctions match. Today, before release of an outgoing cross-border payment, the sanctions filter flags the beneficiary name and intermediary bank contained in the payment message. What is the BEST action?
Best answer: D
What this tests: Tools and Technologies to Fight Financial Crime
Explanation: Customer screening and transaction or payment screening use different timing and data. Customer screening is applied to customer records, beneficial owners, controllers, and related KYC data at onboarding, periodic review, or trigger events. Payment screening is applied to transaction instructions before execution or release and uses payment-message details such as originator, beneficiary, intermediary bank, vessel, address, or narrative fields. In this scenario, the customer’s onboarding screen was not the decisive event. The new alert came from beneficiary and intermediary-bank information in a pending payment, so the bank should investigate the payment-screening hit before allowing the transaction to proceed.
The hit arises before payment release from transaction-message fields, so it should be handled through payment screening.
Topic: Global AFC Frameworks, Governance, and Regulations
A public authority receives a referral about possible sanctions evasion and money laundering. It uses investigative powers to gather evidence, identify suspects, coordinate with prosecutors, and support criminal outcomes such as seizure, arrest, or prosecution. Which public authority role is described?
Best answer: D
What this tests: Global AFC Frameworks, Governance, and Regulations
Explanation: In the global AFC framework, law enforcement agencies are responsible for investigating suspected criminal conduct and helping pursue criminal outcomes. They may use powers such as interviews, search or production orders, surveillance, asset tracing, restraint, seizure, and arrest, depending on local law. They commonly receive intelligence from FIUs, regulators, or foreign partners, but they convert intelligence into evidence suitable for criminal proceedings. FIUs analyze and disseminate financial intelligence; supervisors test compliance programs and impose regulatory consequences; UN sanctions bodies establish or oversee sanctions regimes. The described role centers on criminal investigation and enforcement, so it maps to law enforcement.
Law enforcement investigates suspected criminal activity and develops evidence for criminal actions with prosecutors and courts.
Topic: Understanding the Risks and Methods of Financial Crime
A bank provides a correspondent account to a foreign respondent bank. During review, the AML team finds that payment activity includes transactions for several smaller third-country banks that access the account through the respondent, and the respondent cannot clearly describe those banks’ AML controls. Which concept best matches this risk?
Best answer: D
What this tests: Understanding the Risks and Methods of Financial Crime
Explanation: Correspondent banking allows one financial institution to provide services to another, often supporting cross-border payments. A key AML/CFT risk arises when the respondent bank gives other financial institutions indirect access to the correspondent account. This is commonly described as nested correspondent banking. The correspondent bank may have limited visibility into the downstream banks, their customers, jurisdictions, and AML controls. That lack of transparency can make it harder to identify sanctions exposure, suspicious cross-border flows, or weak respondent-bank oversight. In the scenario, the decisive facts are the third-country banks using the account through the respondent and the respondent’s inability to explain their AML controls.
The risk arises because other banks are indirectly accessing the correspondent account through the respondent without clear visibility into their controls.
Topic: Building an Anti-Financial Crime Compliance Program
A bank provides an operating account to a payment processor that uses an outsourced vendor to onboard small merchants. During periodic review, the processor states that merchant KYC files are retained by the vendor and the bank can receive only aggregate transaction summaries. Recent monitoring shows rapid growth in cross-border payments from newly onboarded merchants in higher-risk jurisdictions. What is the best action for the bank to take?
Best answer: B
What this tests: Building an Anti-Financial Crime Compliance Program
Explanation: When a customer’s third-party or vendor arrangement limits visibility into underlying parties, the institution should strengthen controls rather than accept reduced transparency. Here, the processor’s vendor controls merchant KYC files, while transaction activity is growing quickly in higher-risk jurisdictions. A risk-based response is to require access to relevant underlying customer information, assess and test the vendor’s controls, and condition further growth on adequate oversight. This addresses both customer transparency and operational risk. Certification alone is not enough when the bank cannot verify the control environment or understand the activity it is processing.
The facts show reduced customer transparency and increased operational risk, so the bank should apply enhanced oversight and data-access controls tied to the third-party arrangement.
Topic: Building an Anti-Financial Crime Compliance Program
A retail customer’s KYC profile shows a monthly salary deposit of $4,000, local bill payments, and no expected international activity. Over 10 days, the account receives five third-party wires totaling $85,000 from unrelated overseas companies and quickly sends most of the funds to newly added beneficiaries. Which concept should transaction monitoring identify?
Best answer: C
What this tests: Building an Anti-Financial Crime Compliance Program
Explanation: Transaction monitoring compares actual account activity with expected customer behavior established through KYC/CDD and ongoing knowledge of the relationship. A retail customer expected to receive salary deposits and make local payments is now receiving large third-party international wires and rapidly transferring funds onward. That mismatch is a core trigger for an unusual-activity alert and may warrant investigation to determine whether suspicious activity reporting is appropriate. The issue is not simply that the customer is foreign-facing; it is that the activity is inconsistent with the stated profile, source of funds, and expected transaction pattern.
The transaction pattern materially deviates from the customer’s known profile and should be reviewed as unusual or potentially suspicious activity.
Topic: Building an Anti-Financial Crime Compliance Program
A regional bank’s AFC steering committee and product risk committee both review proposals to onboard virtual asset service providers. Recent minutes show conflicting decisions on the same proposal, and neither committee’s terms of reference states which committee owns AFC risk acceptance or escalation to the board risk committee. Which is the best action to strengthen governance?
Best answer: D
What this tests: Building an Anti-Financial Crime Compliance Program
Explanation: Committee structure supports AFC governance when each committee has a documented purpose, authority, membership, reporting line, and escalation trigger. Terms of reference help prevent duplicated reviews, unclear ownership, and inconsistent decisions by defining who recommends, who approves, who challenges, and when matters go to senior management or the board. In this scenario, the problem is not simply the VASP risk; it is overlapping committee authority with no documented owner for AFC risk acceptance. Revising the terms of reference is the best action because it clarifies responsibilities while preserving appropriate management oversight and board escalation.
Clear terms of reference assign ownership and escalation responsibilities, reducing overlap and inconsistent risk decisions.
Topic: Building an Anti-Financial Crime Compliance Program
A bank is refreshing its enterprise AFC risk assessment. Since the prior assessment, it launched remote onboarding for non-resident import/export SMEs, expanded virtual account services, and saw higher transaction volumes with jurisdictions rated higher-risk in the bank’s country-risk methodology. The FIU also issued a typology alert on trade-based money laundering using shell importers. What is the best action for the risk assessment team?
Best answer: C
What this tests: Building an Anti-Financial Crime Compliance Program
Explanation: An enterprise AFC risk assessment should consider changes in the institution’s risk profile across products and services, customer types, delivery channels, jurisdictions, and known financial-crime typologies. The facts in the scenario are all relevant inputs: non-resident import/export SMEs affect customer risk, virtual accounts affect product/service risk, remote onboarding affects channel risk, higher-risk corridors affect jurisdiction risk, and the FIU alert affects typology risk. The team should first reflect these inputs in the inherent risk assessment and then evaluate whether controls reduce the risk to an acceptable residual level.
These are core enterprise risk assessment inputs and should inform inherent risk before residual risk is assessed.
Topic: Building an Anti-Financial Crime Compliance Program
An AML investigator reviews a corporate customer whose account normally pays local suppliers, but recent activity shows large incoming wires from unrelated foreign companies followed by same-day outgoing payments to a virtual asset service provider. Which information would best help determine whether the activity has a legitimate explanation?
Best answer: B
What this tests: Building an Anti-Financial Crime Compliance Program
Explanation: Investigating unusual activity requires gathering facts that explain the transaction pattern and allow comparison with the customer’s known profile. Key information includes who the counterparties are, their relationship to the customer, the source of funds, the intended use of funds, and documentary support such as invoices, contracts, shipping records, or service agreements. These details help the investigator decide whether the activity is merely unusual or potentially suspicious. Governance documents, model metrics, and staff records may be relevant to program oversight, but they do not directly explain the customer’s specific transactions.
These facts directly address the purpose, parties, and economic rationale for the unusual transactions.
Topic: Building an Anti-Financial Crime Compliance Program
An AFC committee is beginning the annual enterprise risk assessment. Since the last assessment, the institution launched instant cross-border payments, expanded onboarding of nonresident money services businesses, and experienced a 40% increase in transaction-monitoring alerts. A business head proposes satisfying the exercise by reviewing the largest open alerts and changing the risk ratings of those customers. Which action is BEST?
Best answer: D
What this tests: Building an Anti-Financial Crime Compliance Program
Explanation: An enterprise risk assessment is a broad, periodic evaluation of the institution’s financial-crime risk profile. It considers inherent risk across products, services, customer types, geographies, delivery channels, and business changes, then evaluates controls to determine residual risk and resource needs. Customer risk ratings operate at the customer level and support CDD, EDD, and monitoring intensity. Transaction-monitoring alert reviews assess specific activity to decide whether it is explainable, suspicious, or reportable. In this scenario, the new payment product, expanded high-risk customer segment, and increased alert volumes should inform the enterprise assessment, but they do not replace it.
An enterprise risk assessment evaluates institution-wide risk and control effectiveness, while alerts and customer ratings are inputs rather than substitutes.
Topic: Understanding the Risks and Methods of Financial Crime
A private bank is reviewing an online onboarding request for a discretionary investment account in the name of a private foundation. The stated settlor is the spouse of a senior public official from a jurisdiction with high corruption risk. The foundation is controlled through nominee directors and two offshore holding companies, and the opening funds will come from a law firm client account in another jurisdiction. What is the best interpretation of the most relevant financial-crime exposure?
Best answer: B
What this tests: Understanding the Risks and Methods of Financial Crime
Explanation: The most relevant exposure is the combined risk presented by the customer structure and related facts. A private foundation, nominee directors, offshore holding companies, and funding through a law firm client account can make it difficult to identify who ultimately owns or controls the assets and where the wealth came from. The spouse of a senior public official from a high-corruption-risk jurisdiction adds a politically exposed person risk, making potential bribery or corruption proceeds a key concern. The investment account may be legitimate, but the layered structure should drive enhanced scrutiny of beneficial ownership, control, source of wealth, and source of funds.
The PEP connection, high-corruption jurisdiction, nominee control, offshore layering, and third-party funding point most directly to obscured ownership and corruption-related laundering risk.
Topic: Global AFC Frameworks, Governance, and Regulations
A sectoral risk assessment issued by a national authority newly identifies online gaming payment flows as higher money-laundering risk because of rapid cross-border movement of funds and weak source-of-funds controls. A bank provides accounts and payment services to several online gaming merchants that are currently rated medium risk in its institutional risk assessment. Which update best reflects the new finding?
Best answer: D
What this tests: Global AFC Frameworks, Governance, and Regulations
Explanation: National and sectoral risk assessments are external inputs to an institution’s own risk assessment. When a new finding identifies a sector as higher risk, the institution should determine where it has exposure to that sector, adjust inherent risk ratings as appropriate, and evaluate whether existing controls—such as CDD, EDD, transaction monitoring, and governance reporting—remain adequate. The result may change residual risk ratings, control priorities, or monitoring coverage. The finding does not automatically make every customer suspicious, require blanket exit, or limit the response to sanctions screening unless those specific risks are identified.
A new national or sectoral risk finding should be mapped into the institution’s risk assessment for relevant exposures, then compared with controls and residual risk.
Topic: Understanding the Risks and Methods of Financial Crime
A retail bank onboards a customer as a salaried employee earning about $3,000 per month who says the account will be used for payroll deposits and household expenses. Within two months, the account receives frequent cash deposits totaling far above stated income and sends payments to several unrelated third parties. Which red flag is best illustrated?
Best answer: C
What this tests: Understanding the Risks and Methods of Financial Crime
Explanation: A core retail-banking AML red flag is customer activity that does not match the profile established through KYC/CDD, including stated occupation, income, source of funds, account purpose, and expected behavior. Here, a salaried retail customer expected to receive payroll and pay household expenses is instead receiving cash volumes far above stated income and making payments to unrelated third parties. That mismatch should prompt review and possible escalation because it may indicate misuse of the account, layering, mule activity, or undisclosed business activity.
The observed deposits and payments do not align with the customer’s stated income, occupation, or intended retail account use.
Topic: Tools and Technologies to Fight Financial Crime
An AFC manager is reviewing the first 90 days of a new transaction monitoring tool. Most alerts come from low-risk domestic account activity with very low escalation rates, while a smaller high-risk cross-border scenario has produced several well-supported suspicious activity reports. Analyst backlog has doubled, causing delayed review of higher-risk alerts. What is the BEST action to assess and improve operational effectiveness?
Best answer: C
What this tests: Tools and Technologies to Fight Financial Crime
Explanation: Operational effectiveness is not measured only by the number of alerts generated. A monitoring tool should support the institution’s risk-based priorities, produce useful investigative outcomes, and use analyst resources efficiently. In this scenario, low-risk activity is consuming capacity while higher-risk alerts are delayed, which weakens control effectiveness. The best response is a governed tuning review that evaluates alert volumes, escalation and reporting quality, typology coverage, and workload impact. Adjustments should improve prioritization without creating unmanaged gaps in risk coverage.
This links tool performance to risk-based outcomes and resource use while preserving governance over tuning decisions.
Topic: Building an Anti-Financial Crime Compliance Program
A fast-growing payments firm is formalizing its groupwide AFC program. It already performs basic customer onboarding and transaction monitoring, but it has no named AFC compliance owner, no structured employee training, and no independent review of control effectiveness. What is the best action to address the program gap?
Best answer: C
What this tests: Building an Anti-Financial Crime Compliance Program
Explanation: An effective AFC compliance program is built on core pillars such as risk-based policies, procedures and controls; designated compliance accountability with sufficient authority and resources; ongoing employee training; and independent testing or audit. The firm already has some operational controls, but the facts identify missing governance, training, and independent effectiveness review. The best action is therefore to strengthen those missing pillars rather than merely adjust monitoring, outsource responsibility, or apply blanket de-risking. Vendors can support execution, and customer restrictions may be appropriate in specific cases, but the institution remains responsible for maintaining an effective program.
These actions address core program pillars: accountable oversight, training, and independent testing to support effective controls.
Topic: Building an Anti-Financial Crime Compliance Program
A global bank uses a three-lines model. The front office owns the customer relationship and initial KYC collection, while the financial-crime compliance team is the second line. A relationship manager submits a high-risk onboarding file with complex ownership, adverse media, and missing beneficial-owner verification, then asks compliance to approve it so the account can open before quarter-end. What is the best action for the financial-crime compliance team?
Best answer: A
What this tests: Building an Anti-Financial Crime Compliance Program
Explanation: In a three-lines model, the first line owns the business relationship and performs operational controls such as collecting KYC information. The financial-crime compliance team usually operates as the second line: it designs or interprets policy, provides advice, reviews higher-risk matters, challenges incomplete or weak controls, and escalates issues when risk is outside policy or appetite. Here, the file has clear high-risk features and missing beneficial-owner verification, so the second line should not approve opening merely for a business deadline. The appropriate action is to require completion of risk-based due diligence and any required escalation before approval, with the decision documented.
A second-line financial-crime team typically sets standards, advises, challenges, reviews high-risk cases, and ensures proper escalation rather than rubber-stamping incomplete files.
Topic: Understanding the Risks and Methods of Financial Crime
A retail bank’s monitoring system alerts on a long-standing restaurant customer. In one month, the customer made frequent cash deposits at multiple branches just below the bank’s internal review trigger, then sent same-day wires to unrelated overseas consulting companies. When asked for support, the customer provided only generic email invoices. What is the best AFC action?
Best answer: D
What this tests: Understanding the Risks and Methods of Financial Crime
Explanation: Banking-product risk depends on how the product is being used. Cash deposits can be misused to place illicit funds into the financial system, especially when deposits are split across branches or kept just below internal review points. Same-day outgoing wires to unrelated overseas parties can then indicate layering, particularly when the customer cannot provide credible commercial support. The best action is not automatic clearance or immediate exit; it is escalation to AML investigations, documentation of the facts, and assessment of whether suspicious activity or transaction reporting is required under the institution’s process.
The pattern combines cash-deposit structuring indicators, rapid movement by wire, unrelated beneficiaries, and weak support.
Topic: Tools and Technologies to Fight Financial Crime
A bank plans to launch a mobile-only account for small import/export businesses that will send cross-border payments to jurisdictions the bank rates as higher risk. Current AFC tools verify identity and screen customers at onboarding, but transaction monitoring is tuned for domestic consumer activity only. Which action is BEST to align lifecycle tool coverage with the risk profile? Select ONE.
Best answer: C
What this tests: Tools and Technologies to Fight Financial Crime
Explanation: Lifecycle tool coverage should follow the risk assessment for the customer type, product, delivery channel, and jurisdictions involved. Here, the new offering changes several risk drivers: SME import/export customers, cross-border payments, mobile-only onboarding, and higher-risk corridors. Existing onboarding checks are necessary but insufficient because risks may emerge after account opening through payment behavior, device or channel indicators, sanctions exposure, and transaction patterns. The best action is to identify tool coverage gaps and tune or add controls across onboarding, screening, and ongoing monitoring before relying on the product launch controls.
This aligns controls across the customer lifecycle with the specific customer, product, channel, and jurisdiction risks in the launch.
Topic: Understanding the Risks and Methods of Financial Crime
A customer has already deposited illicit cash into a bank account. Over the next week, the funds are split among multiple shell-company accounts in different countries and moved through several rapid wire transfers with no clear business purpose to make the audit trail difficult to follow. Which money-laundering stage is best illustrated?
Best answer: C
What this tests: Understanding the Risks and Methods of Financial Crime
Explanation: The scenario best illustrates layering, the stage in which illicit proceeds already placed into the financial system are moved, divided, converted, or transferred to disguise their origin and ownership. The use of shell-company accounts, cross-border wires, rapid movement, and no clear business purpose are classic indicators of attempts to obscure the audit trail. Placement would focus on first introducing illicit cash into the financial system. Integration would involve returning the funds to the criminal as apparently legitimate wealth, such as through investments, business revenue, or asset purchases. Structuring can be a placement technique, but the key behavior here is complex movement after deposit.
Layering involves moving funds through complex transactions to obscure their illicit origin after the funds have entered the financial system.
Topic: Building an Anti-Financial Crime Compliance Program
A bank has already collected and verified customer information. It then combines factors such as customer type, beneficial ownership complexity, jurisdictions, products, channels, and expected activity to assign a rating that determines the level and frequency of ongoing controls. Which concept is being described?
Best answer: B
What this tests: Building an Anti-Financial Crime Compliance Program
Explanation: Customer risk assessment is the process of evaluating customer-specific risk factors and assigning a risk rating, such as low, medium, or high. That rating helps determine how much due diligence is needed, how often the file should be refreshed, and how closely activity should be monitored. KYC and CDD provide key inputs by identifying the customer and understanding the relationship. EDD is applied when the risk assessment or other facts indicate higher risk. Transaction monitoring is a separate ongoing control that reviews actual activity against expected behavior and typologies.
A customer risk assessment rates a customer by combining risk factors to drive the level and frequency of controls.
Topic: Global AFC Frameworks, Governance, and Regulations
Funds from an online fraud are layered through accounts at banks in three countries, held by companies incorporated in a fourth country, and linked to suspects resident in a fifth. Records, beneficial ownership data, freezing powers, and prosecutorial authority sit with different public bodies. Which concept best matches why this case cannot be handled effectively by one authority acting alone?
Best answer: B
What this tests: Global AFC Frameworks, Governance, and Regulations
Explanation: Cross-border financial crime often exploits gaps between legal systems, supervisory powers, and information sources. Money, customers, beneficial owners, victims, and suspects may be located in different jurisdictions, so no single FIU, regulator, or law-enforcement agency can obtain all records, compel all witnesses, freeze all assets, or prosecute all conduct by itself. Coordination allows authorities to exchange intelligence, align investigative steps, preserve evidence, and support asset restraint or recovery without duplicating effort or missing key links. In this scenario, the relevant data and powers are fragmented across several countries, so cross-border cooperation is the matching concept.
The facts show that evidence, authority, and enforcement powers are split across jurisdictions, requiring coordinated information sharing and action.
Topic: Global AFC Frameworks, Governance, and Regulations
A bank’s AFC team reviews a recent NGO report describing how illicit logging proceeds are laundered through trade invoices and front companies in several high-risk corridors. The report includes public case studies and red-flag indicators, but it was not issued by a regulator or FIU. The bank has timber import/export customers operating in some of the corridors. What is the BEST action?
Best answer: D
What this tests: Global AFC Frameworks, Governance, and Regulations
Explanation: NGOs do not usually create binding legal obligations for financial institutions, but they often contribute important research, typologies, case studies, and awareness about emerging financial-crime risks. A risk-based AFC program can use credible NGO material as external intelligence, especially where the bank has relevant sector, product, customer, or jurisdiction exposure. The best action is to evaluate the report’s relevance, corroborate it where appropriate, and incorporate useful red flags into the bank’s risk assessment, customer due diligence, enhanced due diligence, and monitoring logic. The NGO report alone should not trigger automatic suspicious activity reporting, nor should it be dismissed simply because it is not official regulatory guidance.
NGO research can be valuable typology and awareness input, but the bank should validate and apply it through its risk-based AFC controls.
Topic: Building an Anti-Financial Crime Compliance Program
A bank refreshes the customer risk assessment for a corporate client. The client is now rated high risk because it added offshore beneficial owners and began sending frequent payments to higher-risk jurisdictions. No suspicious activity has yet been concluded, but the current transaction-monitoring profile uses standard domestic corporate thresholds. What is the BEST action for the AFC team?
Best answer: D
What this tests: Building an Anti-Financial Crime Compliance Program
Explanation: A customer risk assessment is not just a static rating exercise; it informs the design and intensity of ongoing monitoring. When a customer’s risk increases due to ownership changes and higher-risk cross-border activity, the AFC team should update the KYC profile and adjust monitoring to reflect the new risk drivers. This may include more targeted scenarios, lower or more sensitive thresholds, enhanced review, or more frequent customer reviews. A high-risk rating alone does not prove suspicious activity, but it does justify stronger, risk-based controls. The best action is therefore to make monitoring proportionate to the assessed risk rather than either ignoring the change or automatically filing or exiting without supporting evidence.
The customer risk assessment should drive proportionate monitoring intensity and controls tailored to the customer’s changed risk profile.
Topic: Understanding the Risks and Methods of Financial Crime
A business client is owned through several companies before the natural-person owners are identified. The account is expected to have frequent cash deposits and incoming payments from many unrelated parties. Which concept best matches why this relationship may carry elevated financial-crime risk?
Best answer: A
What this tests: Understanding the Risks and Methods of Financial Crime
Explanation: Business banking can present elevated AML/CFT risk because legal entities may have layered or complex ownership, making it harder to identify who ultimately owns or controls the customer. Business accounts may also process cash and payments from many counterparties, which can obscure the true source of funds or allow third-party funds to be commingled with legitimate business revenue. These features do not automatically mean the customer is suspicious, but they are key reasons banks apply risk-based CDD, beneficial ownership checks, and ongoing monitoring to business relationships.
The legal-entity layers, cash activity, and third-party inflows can make beneficial ownership and source of funds harder to understand.
Topic: Global AFC Frameworks, Governance, and Regulations
An FIU typology report describes import-export businesses that justify large cross-border transfers using invoices that overstate or understate the value of goods, with payments routed through unrelated third parties. Which criminal method is the report describing?
Best answer: B
What this tests: Global AFC Frameworks, Governance, and Regulations
Explanation: Authority and FIU typology reports often describe criminal methods by showing how a sector, product, or channel is misused. In this scenario, the key indicators are import-export activity, false or manipulated invoices, misstatement of goods values, and third-party payment routing. Those features point to trade-based money laundering, where criminals exploit legitimate trade processes to transfer value and obscure the origin or destination of funds. The concept is distinct from cash placement methods, fraud against an account holder, or informal value-transfer techniques that do not depend on falsified trade documentation.
The use of manipulated trade documents and goods values to move and disguise value is characteristic of trade-based money laundering.
Topic: Tools and Technologies to Fight Financial Crime
A bank’s onboarding platform compares a new customer’s name, aliases, date of birth, and identification details against sanctions lists, terrorist-financing lists, fraud databases, and the bank’s internal watch list. Potential matches are routed to analysts for disposition before the account is approved. Which concept does this description best match?
Best answer: C
What this tests: Tools and Technologies to Fight Financial Crime
Explanation: Customer or name screening is an AFC control used at onboarding and throughout the customer lifecycle to compare customer identifying information against external and internal lists. These lists may include sanctions, terrorist-financing, fraud, law-enforcement, politically exposed person, adverse-media, or institution-specific watch lists. The purpose is to identify potential matches that require review, escalation, blocking, rejection, enhanced due diligence, or other action depending on the list type and jurisdictional obligations. In the stem, the control is driven by customer identity attributes and watch-list comparison before account approval, which makes customer or name screening the best match.
Customer or name screening compares customer identity data with watch lists to identify potential prohibited or high-risk relationships.
Topic: Building an Anti-Financial Crime Compliance Program
A bank’s quarterly horizon-scanning review identifies a new FIU typology report on mule accounts using instant payments. The bank’s enterprise AFC risk assessment already rates retail instant payments as elevated, and recent monitoring reviews found inconsistent escalation of suspected mule activity. The current procedures are silent on interim updates between annual policy reviews. What is the BEST action for the AFC compliance manager?
Best answer: B
What this tests: Building an Anti-Financial Crime Compliance Program
Explanation: Horizon scanning should not be a passive news-gathering exercise. When new typologies, regulatory expectations, or enforcement themes are relevant to the institution’s risk profile, best practice is to perform and document an impact assessment, identify affected policies and procedures, and implement risk-based changes through the organization’s normal governance process. Here, the typology is directly relevant because instant payments are already elevated risk and existing reviews show inconsistent escalation. Updating procedures with clear escalation criteria, approvals, communication, and training aligns the control framework with both organizational risk and obligations without overreacting or bypassing governance.
This converts horizon-scanning intelligence into a risk-aligned procedural improvement with documented governance, control ownership, and implementation.
Topic: Understanding the Risks and Methods of Financial Crime
A retail banking customer whose KYC profile lists only salaried employment makes repeated cash deposits and labels them as “family gifts.” Relationship notes indicate the cash comes from an unregistered rental business, and the customer asks to transfer the funds to an account in a cousin’s name to buy property for the customer’s use. Which financial-crime indicator best matches this description?
Best answer: A
What this tests: Understanding the Risks and Methods of Financial Crime
Explanation: Tax-evasion indicators include funds that appear inconsistent with the customer’s declared source of wealth or income, efforts to disguise the purpose of transactions, and use of nominees or relatives to hold assets. In this scenario, the customer’s cash appears to come from an undeclared business rather than the stated “family gifts.” The request to move funds to a cousin’s account to buy property for the customer’s use adds a hidden-asset and nominee element. These facts most directly map to potential tax evasion, even though other financial-crime risks could be considered during investigation.
The facts point to income being concealed, the stated purpose being misleading, and a relative being used to hold assets for the customer’s benefit.
Topic: Understanding the Risks and Methods of Financial Crime
A customer buys a cash-value life insurance policy, funds it with an unusually large initial premium, and after a short period asks to surrender the policy despite fees so the insurer will return the policy value by bank transfer. Which insurance financial-crime risk does this best illustrate?
Best answer: B
What this tests: Understanding the Risks and Methods of Financial Crime
Explanation: Cash-value life insurance can create AML risk because it allows value to accumulate and later be withdrawn, borrowed against, assigned, or surrendered. A rapid surrender after a large premium payment is a classic red flag because the customer may be less concerned with economic loss than with converting funds into a payment from a reputable insurer. The product feature that matters is the accessible cash value, and the behavior that heightens concern is the short holding period and willingness to incur surrender charges. This is different from ordinary underwriting, claims, or reinsurance risk because the concern is potential placement, layering, or integration through the insurance product.
The key red flag is using a cash-value product and rapid surrender despite cost to receive funds back from the insurer.
Topic: Understanding the Risks and Methods of Financial Crime
A payment service provider processes payments for a large online marketplace. The payment records show the marketplace as the merchant of record and include only generic order IDs, with no visibility into the individual sellers, buyers, goods sold, or transaction purpose. Which risk concept does this best describe?
Best answer: B
What this tests: Understanding the Risks and Methods of Financial Crime
Explanation: Ecommerce marketplaces can create financial-crime risk when the platform or marketplace appears as the visible merchant while underlying sellers, buyers, goods, and transaction purposes are hidden from the PSP or financial institution. This opacity can weaken customer due diligence, sanctions screening, transaction monitoring, and detection of prohibited or illicit goods. The key concept is not simply that payments are digital, but that marketplace aggregation limits transparency into who is transacting and why. A risk-based control response may include stronger platform due diligence, seller controls, data-sharing expectations, and monitoring for unusual marketplace patterns.
The marketplace structure obscures the true parties, goods, and purpose behind the payment activity.
Topic: Tools and Technologies to Fight Financial Crime
A payments firm is onboarding a private company through a non-face-to-face channel. The customer provided a self-certified ownership chart showing a foreign holding company as majority owner, and the initial internal name screen found no sanctions hit. Which is the BEST action to complete KYC and screening?
Best answer: A
What this tests: Tools and Technologies to Fight Financial Crime
Explanation: External data sources help validate customer-provided information and identify risks that may not appear in an internal or sanctions-only screen. For a non-face-to-face corporate onboarding involving a foreign holding company, the firm should use independent sources such as company or beneficial ownership registers, electronic identity and document checks, adverse media, and criminal-record data where legally available. These sources support KYC, beneficial ownership understanding, and screening decisions before account approval. A clean initial sanctions result does not confirm ownership, identity, reputation, or criminal-risk issues.
These sources independently validate ownership, identity, and negative information relevant to KYC and screening.
Topic: Understanding the Risks and Methods of Financial Crime
An AFC analyst reviews onboarding for a small accounting firm. The firm requests a pooled client account to receive funds from several nonresident companies and make investments on their behalf. The accountant will be the sole authorized signer and says client confidentiality prevents disclosing the companies’ beneficial owners or the purpose of specific transfers. What is the BEST action?
Best answer: B
What this tests: Understanding the Risks and Methods of Financial Crime
Explanation: Accountants and other professional gatekeepers may legitimately manage client funds, companies, and investments, but those same services can conceal beneficial ownership, assets, income, source of funds, or transaction purpose. In this scenario, the pooled account, nonresident companies, sole accountant control, and refusal to disclose underlying-client information create elevated financial-crime risk. The best response is not automatic onboarding or blanket rejection; it is risk-based escalation and enhanced due diligence. The institution should seek enough information to understand who ultimately owns or benefits from the funds, why transactions are occurring, and whether the activity fits the stated professional-service relationship before deciding whether to onboard or report concerns.
Professional-services relationships can be used to obscure ownership and transaction purpose, so refusal to provide underlying-client information requires EDD and escalation before onboarding.
Topic: Understanding the Risks and Methods of Financial Crime
A life insurer is reviewing an application for a single-premium cash-value policy. The proposed policy owner is a recently formed holding company, the premium will be paid by an unrelated offshore company, and the named beneficiary is an individual with no documented relationship to the insured. What is the best action?
Best answer: B
What this tests: Understanding the Risks and Methods of Financial Crime
Explanation: Cash-value insurance can be misused to place illicit funds into a financial product and later access value through surrender, loans, assignment, or beneficiary arrangements. In this scenario, several facts point in the same direction: a newly formed policy owner may obscure control, an unrelated offshore payer raises source-of-funds concerns, and an unexplained beneficiary may indicate a nominee or value-transfer arrangement. The best response is not automatic issuance or routine deferral; it is escalation for enhanced due diligence before accepting the risk. EDD should clarify beneficial ownership and control, source of funds and wealth, the relationship among payer, owner, insured, and beneficiary, and whether the arrangement has a legitimate purpose.
The combination of opaque ownership, third-party premium funding, and an unexplained beneficiary creates insurance-related money-laundering red flags that require escalation and EDD.
Topic: Building an Anti-Financial Crime Compliance Program
A regional bank is updating its AFC training plan. Recent quality reviews found that relationship managers accepted vague invoice descriptions for new import/export customers, analysts closed alerts without comparing activity to the customer profile, and RFI responses often lacked supporting KYC documents. Which training content is the best priority?
Best answer: D
What this tests: Building an Anti-Financial Crime Compliance Program
Explanation: Training should be risk-based and responsive to the organization’s actual control gaps and financial-crime exposure. The reviews show three linked issues: staff are missing trade-related warning signs, analysts are not testing activity against the customer’s expected profile, and RFI responses are not supported by adequate KYC evidence. The best training priority is therefore role-based content for the teams involved, with practical examples and documentation expectations. Generic or unrelated training may still be useful, but it would not address the observed AFC weaknesses. Training that reduces follow-up questions would be especially inappropriate because it could weaken due diligence and investigation quality.
This content directly addresses the observed weaknesses in risk recognition, alert handling, and RFI support.
Topic: Building an Anti-Financial Crime Compliance Program
Quality testing finds that client-facing employees sometimes tell customers their recent wires are “under suspicious-activity review” and suggest changing transaction patterns while compliance decides whether to file a report. Which staff awareness topic best matches this observed risk?
Best answer: C
What this tests: Building an Anti-Financial Crime Compliance Program
Explanation: Training should be targeted to the financial-crime risks and control weaknesses observed in the organization. Here, employees are revealing that activity is under suspicious-activity review and advising customers how to alter behavior. That creates tipping-off risk and can compromise an investigation or future reporting. The best-matched awareness content is how to handle customer requests for information, customer due diligence questions, and investigation-related communications without disclosing internal suspicion, escalation, or reporting decisions. The issue is not model tuning, routine KYC refresh, or sanctions matching; it is front-line communication during potential suspicious-activity handling.
The observed behavior risks disclosing a suspicious-activity review, so training should focus on controlled customer communications and tipping-off prevention.
Topic: Tools and Technologies to Fight Financial Crime
A bank’s AFC analytics team is tuning a cash-structuring transaction monitoring scenario. The current threshold produces 4,500 alerts per month, investigators close 92% as false positives, and a 20-day backlog has developed. A recent validation also found several suspicious activity reports involved repeated deposits just below the current threshold by higher-risk business customers. What is the best action?
Best answer: D
What this tests: Tools and Technologies to Fight Financial Crime
Explanation: Transaction monitoring thresholds directly affect both alert volume and detection effectiveness. A threshold that is too low may create excessive false positives and backlogs, reducing timely review. A threshold that is too high may miss suspicious patterns, especially activity designed to stay below review levels. The best response is not a blanket increase or decrease, but controlled tuning: analyze historical alerts, filed reports, missed-event patterns, customer risk segments, and operational capacity. This supports a documented, risk-based threshold decision and helps determine whether different thresholds, segmentation, or scenario logic are needed for higher-risk business customers.
Thresholds should be tuned as a risk-based control design choice that balances detection effectiveness with manageable alert volume.
Topic: Understanding the Risks and Methods of Financial Crime
A payments processor reviews a logistics company seeking to win government port contracts. The company pays a “market access fee” to an overseas agent who has no clear services contract and is a close relative of a port official. Internal emails say the payment should help “make approvals happen.” Which financial-crime concept best matches this description?
Best answer: C
What this tests: Understanding the Risks and Methods of Financial Crime
Explanation: Bribery and corruption risk arises when something of value is offered, paid, or promised to improperly influence a public or private decision-maker. The risk can be indirect: payments routed through consultants, agents, distributors, or relatives may still be corrupt if the purpose is to influence an official action. Here, the unclear services, relationship to a port official, and email language about making approvals happen point to an improper influence scheme, not merely a commercial fee.
The agent, vague fee, official relationship, and intent to influence approvals indicate improper influence through an intermediary.
Topic: Tools and Technologies to Fight Financial Crime
A financial institution sees a sharp increase in transaction monitoring alerts after migrating core banking data. Investigation shows that customer risk ratings, country codes, and expected-activity fields are blank or inconsistently formatted in the monitoring feed, causing scenarios to segment customers incorrectly. Which remediation action best matches the problem?
Best answer: C
What this tests: Tools and Technologies to Fight Financial Crime
Explanation: When unreliable alerts are caused by missing, inconsistent, or incorrectly mapped data, the remediation should address the data defect before relying on tuning or operational workarounds. In this case, the monitoring scenarios are segmenting customers incorrectly because key fields in the feed are incomplete or inconsistent. The appropriate response is to cleanse and standardize the data, correct source-to-monitoring mappings, add validation controls to prevent recurrence, and retest the alert outputs. This preserves the integrity of the AFC control and creates evidence that the control is functioning as intended after remediation.
This addresses the root data-quality weakness and verifies that the monitoring control produces reliable alerts.
Topic: Building an Anti-Financial Crime Compliance Program
A customer was onboarded as a local clothing wholesaler expected to receive domestic payments from retailers and make payments to listed suppliers, with monthly activity around USD 80,000. Transaction monitoring detects five inbound wires from unrelated individuals in different countries over one week, followed within 24 hours by transfers to a virtual asset service provider. The customer has no prior virtual-asset activity in 18 months. What is the BEST action for the monitoring team?
Best answer: C
What this tests: Building an Anti-Financial Crime Compliance Program
Explanation: Transaction monitoring should identify activity that is inconsistent with the customer’s known profile, products, counterparties, geography, and expected transaction behavior. Here, the customer’s expected activity involves domestic retailer payments and supplier payments, but the detected pattern involves unrelated foreign individuals and rapid transfers to a virtual asset service provider. That mismatch makes the activity unusual and requires escalation for investigation, possible customer inquiry, documentation, and further review. The facts may ultimately support suspicious activity reporting, but that decision should be based on the investigation and applicable escalation process, not an automatic response.
The pattern materially deviates from the customer’s expected behavior and should be investigated before deciding whether it is suspicious.
Topic: Understanding the Risks and Methods of Financial Crime
A trust and company service provider introduces a newly formed holding company seeking a private banking relationship. The customer is owned through three corporate layers in different secrecy-oriented jurisdictions, all directors are nominees supplied by the service provider, and the service provider will not identify the natural persons who ultimately control the structure. What is the best action?
Best answer: C
What this tests: Understanding the Risks and Methods of Financial Crime
Explanation: Trust and company service providers can be legitimate gatekeepers, but they also present elevated financial-crime risk when they create or administer structures that obscure ownership or control. In this scenario, the decisive facts are the complex cross-jurisdictional ownership chain, nominee directors, and refusal to identify the natural persons exercising ultimate ownership or control. A risk-based response is to pause onboarding, escalate the case, and perform enhanced due diligence focused on beneficial ownership, control, purpose, and source of wealth or funds before accepting the customer. The facts raise concern, but they do not automatically prove reportable suspicious activity without further assessment under the institution’s procedures.
Nominee directors, layered ownership, and refusal to identify natural controllers are core TCSP opacity risks requiring escalation and EDD before onboarding.
Topic: Understanding the Risks and Methods of Financial Crime
A bank services the client trust account of a law firm that normally handles residential property closings. Most transactions match closing statements. A new matter involves a large wire from an offshore company that is not named in the purchase contract, followed by instructions to send most of the funds the next day to an unrelated foreign investment company. What is the bank’s BEST action?
Best answer: B
What this tests: Understanding the Risks and Methods of Financial Crime
Explanation: Professional-service activity can be legitimate, including lawyers holding funds in trust for property closings or other client matters. The issue is whether the activity is consistent with the stated service and supported by a clear economic or legal purpose. Here, the usual pattern is property-closing activity supported by settlement documents, but the new transaction includes an offshore third party not named in the contract and rapid onward movement to an unrelated foreign investment company. Those facts suggest possible misuse of a gatekeeper account to move or layer funds. The best response is risk-based inquiry and escalation as needed, not automatic processing or blanket de-risking.
The unusual third-party funding and rapid onward transfer outside the stated legal matter are risk indicators that require additional inquiry.
Topic: Understanding the Risks and Methods of Financial Crime
A currency exchange with an affiliated remittance desk notices that several unrelated walk-in customers repeatedly convert cash amounts just below the firm’s enhanced review trigger and then send the funds to the same overseas beneficiary. Which financial-crime risk is best illustrated?
Best answer: C
What this tests: Understanding the Risks and Methods of Financial Crime
Explanation: Money services businesses, remittance providers, and currency exchanges are vulnerable to cash-intensive placement and layering because they can move value quickly, sometimes across borders, and may involve non-account-based walk-in activity. A common red flag is splitting activity into smaller amounts to avoid identification, reporting, or enhanced review controls. When several apparent third parties use similar behavior and direct funds to the same beneficiary, the risk may include structuring, smurfing, mule activity, or use of a remittance corridor to obscure the true source or controller of funds.
The pattern shows multiple small transactions arranged to avoid review while moving value through currency exchange and remittance channels.
Topic: Global AFC Frameworks, Governance, and Regulations
A payments institution headquartered in one country is opening a licensed branch in another jurisdiction. The branch will onboard local customers and process cross-border transfers. Compliance learns the host jurisdiction has AML/CFT reporting rules and a national sanctions list that are not included in the group’s current policy. What is the best action before launch?
Best answer: C
What this tests: Global AFC Frameworks, Governance, and Regulations
Explanation: Institutions need awareness of the AML, CFT, and sanctions regimes in each jurisdiction where they operate, not only where they are headquartered. A branch onboarding local customers and processing cross-border transfers may be subject to host-country reporting, due diligence, recordkeeping, and sanctions-screening expectations. The best action is to identify the applicable obligations, assess gaps against group standards, update procedures and systems, and secure appropriate governance approval before launch. This supports a risk-based, compliant operating model and reduces the risk of missed sanctions hits or reporting failures.
A licensed branch must understand and operationalize applicable local AML/CFT and sanctions requirements where it conducts business.
Topic: Global AFC Frameworks, Governance, and Regulations
A national agency has statutory authority to issue AML/CFT rules for regulated financial institutions, conduct examinations, require remediation, and impose penalties for noncompliance. Which type of body is being described?
Best answer: C
What this tests: Global AFC Frameworks, Governance, and Regulations
Explanation: In AFC governance, a public authority acts under legal or regulatory mandate. Examples include financial supervisors, regulators, law-enforcement agencies, customs authorities, and FIUs, depending on the function. The decisive facts in the stem are statutory authority, enforceable rules, examinations, remediation requirements, and penalties. Industry associations and NGOs can publish guidance, share typologies, advocate policy positions, or support training, but they generally do not have legal power to compel compliance or impose sanctions. Public-private forums can improve collaboration and information sharing, but participation and outputs do not replace binding regulatory obligations.
A public supervisory authority derives powers from law and can set enforceable requirements, examine institutions, and sanction noncompliance.
Topic: Understanding the Risks and Methods of Financial Crime
A bank reviews a retail customer whose profile shows salaried employment and modest expected discretionary spending. Over two months, the customer sends frequent high-value transfers to an online gambling operator, receives near-matching withdrawals shortly afterward, and provides no explanation for the funds used. Which concept best matches this activity?
Best answer: D
What this tests: Understanding the Risks and Methods of Financial Crime
Explanation: Gambling activity is not automatically suspicious; many customers spend money on entertainment. The distinction turns on whether the activity is consistent with the customer profile and whether it appears to move value rather than pay for leisure. Frequent high-value transfers to a gambling operator, near-matching withdrawals, and unexplained funds are indicators that the gambling channel may be used for placement or layering, or to create an apparent source of funds. This is different from occasional betting or entertainment spending that fits the customer’s known income and expected behavior.
Frequent high-value gambling transfers followed by near-matching withdrawals can indicate movement or layering of value and should prompt source-of-funds scrutiny.
Topic: Understanding the Risks and Methods of Financial Crime
A private company seeking onboarding is owned by two corporate shareholders in different jurisdictions. Its listed director is a professional nominee for many companies, and the relationship manager cannot identify any natural person who ultimately directs the company’s activities. Which risk concern does this most directly indicate?
Best answer: D
What this tests: Understanding the Risks and Methods of Financial Crime
Explanation: Legal entities and arrangements can present heightened financial-crime risk when their ownership or control is difficult to determine. Layered corporate shareholders across jurisdictions and nominee directors may be legitimate, but they can also obscure who ultimately owns, benefits from, or controls the customer. That lack of transparency weakens CDD and can prevent the institution from understanding the true risk of the relationship. In this scenario, the decisive concern is not the movement of cash, trade goods, or charitable funds; it is the weakened visibility into beneficial ownership and control created by the structure.
The layered entities and nominee director weaken transparency over the natural persons who own or control the customer.
Topic: Tools and Technologies to Fight Financial Crime
An AFC team reviews a digital onboarding platform and finds that identity verification is strong for all customers, but sanctions screening, adverse media checks, transaction monitoring, and periodic review are not adjusted for high-risk products, non-face-to-face channels, or higher-risk jurisdictions. The team recommends mapping tool capabilities across onboarding and ongoing monitoring to those risk drivers. Which concept best matches this recommendation?
Best answer: D
What this tests: Tools and Technologies to Fight Financial Crime
Explanation: Lifecycle AFC tools should be deployed and calibrated according to the institution’s risk profile, not applied uniformly without regard to risk drivers. Customer risk, product features, delivery channel, and jurisdiction exposure should influence which tools are used and how intensively they operate across onboarding, screening, transaction monitoring, periodic review, and investigations. In the scenario, the gap is not simply whether one tool works; it is whether the overall tool coverage matches the risks presented by products, channels, and jurisdictions throughout the customer lifecycle.
This concept aligns AFC tools across the customer lifecycle with customer, product, channel, and jurisdiction risks.
Topic: Understanding the Risks and Methods of Financial Crime
A financial institution is publicly linked to laundering proceeds through its accounts. Customers and correspondent banks begin to question the institution’s controls, and media coverage suggests the broader financial sector may be vulnerable to criminal abuse. Which impact of money laundering is best described?
Best answer: D
What this tests: Understanding the Risks and Methods of Financial Crime
Explanation: Money laundering harms more than the individual institution that processed illicit funds. When a regulated firm is used to move or disguise criminal proceeds, customers, counterparties, and the public may question whether the firm’s controls are reliable and whether the financial system can prevent criminal abuse. This weakens institutional reputation and can reduce confidence in financial-system integrity. Predicate offenses, sanctions screening, and due diligence controls are related AFC concepts, but they do not describe the broader damage caused when laundering undermines trust.
Money laundering can make an institution and the wider financial system appear unsafe or complicit, damaging reputation and confidence.
Topic: Understanding the Risks and Methods of Financial Crime
A VASP analyst reviews a new retail customer who converted $85,000 from fiat to Bitcoin two days after onboarding. Within 30 minutes, the customer sent the funds to multiple new external wallets, after which blockchain analytics show consolidation through a mixer and swaps into a privacy coin. The customer’s stated purpose is only “personal investing,” and there is no sanctions match. What is the BEST next action?
Best answer: A
What this tests: Understanding the Risks and Methods of Financial Crime
Explanation: The pattern combines several virtual-asset typology indicators: rapid movement shortly after onboarding, splitting funds across new wallets, use of a mixer, and conversion into a privacy-enhancing asset. A lack of sanctions match does not resolve AML concerns, and a legitimate fiat source does not explain subsequent obfuscation. The best action is to escalate for investigation, apply enhanced due diligence as appropriate, review blockchain analytics and customer rationale, and determine whether suspicious activity reporting is required under the institution’s procedures.
Rapid movement through new wallets, a mixer, and a privacy coin are typology indicators that warrant escalation beyond routine monitoring.
Topic: Tools and Technologies to Fight Financial Crime
A bank’s AFC team wants to improve detection of mule-account networks using patterns from several affiliates, but data protection rules limit the transfer or disclosure of raw personal data between jurisdictions. Which technology concept best matches this need?
Best answer: A
What this tests: Tools and Technologies to Fight Financial Crime
Explanation: Privacy-enhancing technologies (PETs) help institutions use data for AFC purposes while managing privacy and data protection constraints. Examples may include federated learning, secure multiparty computation, homomorphic encryption, tokenization, and differential privacy. These methods can support model training, typology sharing, or collaborative analytics without broadly moving or exposing raw personal data. They do not eliminate legal, governance, or model-risk obligations, but they can make AFC controls more compatible with privacy principles such as data minimization and controlled access.
Privacy-enhancing technologies allow AFC analysis or collaboration while reducing exposure of identifiable customer data.
Topic: Global AFC Frameworks, Governance, and Regulations
An FIU in Country A has provided intelligence to national prosecutors about suspected laundering of corruption proceeds through accounts in Country B. Prosecutors now need certified bank records from Country B that can be used in a criminal trial, and the foreign bank will not produce them without legal compulsion. Both countries have a formal mutual legal-assistance channel. What is the BEST action?
Best answer: B
What this tests: Global AFC Frameworks, Governance, and Regulations
Explanation: Cross-border cooperation channels should match the purpose of the request. FIU-to-FIU channels, including Egmont mechanisms, are valuable for rapid intelligence exchange, but they generally are not the best route for compelled evidence intended for use in court. When prosecutors need certified bank records, legal compulsion, and admissibility in a criminal proceeding, the formal mutual legal assistance process is the best fit. It uses designated authorities and preserves the legal basis for obtaining and transmitting evidence. Supervisory cooperation and private bank-to-bank outreach may support oversight or due diligence, but they do not replace a formal evidence-gathering channel for criminal prosecution.
Formal mutual legal assistance is the appropriate cross-border channel when prosecutors need legally compelled, court-usable evidence.
Topic: Building an Anti-Financial Crime Compliance Program
An AFC committee is redesigning its board dashboard. The current dashboard lists all metrics as “risk indicators”: 97% of transaction-monitoring alerts closed within the target timeframe, 99.9% sanctions-screening system uptime, 94% staff training completion, and a 32% quarterly increase in newly onboarded customers using complex offshore ownership from higher-risk jurisdictions. The committee wants reporting that separates control performance from changes in financial-crime exposure. What is the best action?
Best answer: D
What this tests: Building an Anti-Financial Crime Compliance Program
Explanation: AFC management reporting should separate indicators of control performance from indicators of risk exposure. Performance indicators, often KPIs, show whether processes and controls are operating as intended, such as alert closure timeliness, sanctions-screening availability, and training completion. Risk indicators, often KRIs, point to changes in inherent or residual financial-crime risk, such as growth in higher-risk customers, geographies, ownership structures, products, or typologies. In this scenario, the increase in customers with complex offshore ownership from higher-risk jurisdictions is a risk indicator because it changes the institution’s exposure. The other measures are performance indicators, although poor performance against them could still require escalation.
The customer growth metric signals changing financial-crime exposure, while the other metrics measure how well AFC controls and processes are operating.
Topic: Understanding the Risks and Methods of Financial Crime
A bank is onboarding a privately held electronics wholesaler. The customer is newly incorporated, was introduced through a non-face-to-face channel, has beneficial owners in two different jurisdictions, and expects regular cross-border payments to multiple counterparties. The bank’s policy rates each factor as moderate when viewed alone. Which action best reflects a risk-based assessment?
Best answer: C
What this tests: Understanding the Risks and Methods of Financial Crime
Explanation: A risk-based approach considers the combined effect of customer, product, channel, jurisdiction, and transaction factors. Moderate risks do not remain moderate simply because they are assessed one at a time. Here, a new company, remote onboarding, cross-border ownership, and expected international payments create a more complex profile and may increase exposure to money laundering, sanctions evasion, or fraud typologies. The best response is not automatic rejection or immediate suspicious reporting; rather, the institution should aggregate the risks, determine whether the overall rating should be elevated, and apply controls such as enhanced due diligence, clearer expected activity, ownership verification, and tailored ongoing monitoring.
Multiple moderate factors can compound into elevated overall risk even when no single factor is rated high.
Topic: Understanding the Risks and Methods of Financial Crime
A trade-finance analyst reviews a payment for a small textile importer. The invoice names a long-standing supplier, but the incoming funds are from a newly formed consulting company in a different country. The customer says the consulting company is “helping with settlement” but cannot explain its role or provide an agency agreement. Which is the best next action?
Best answer: A
What this tests: Understanding the Risks and Methods of Financial Crime
Explanation: Unusual intermediaries and unexplained third-party payments are important financial-crime risk indicators, especially when they do not match the stated business purpose of a transaction. Here, the payer is not the supplier named on the invoice and the customer cannot explain why a newly formed consulting company in another country is involved. The best action is not to rely solely on the invoice or automatically exit the relationship; it is to escalate for enhanced review, seek supporting documentation, and assess whether the arrangement has a legitimate business rationale or suggests layering, trade-based money laundering, or concealment of beneficial parties.
The unexplained intermediary and third-party payment are inconsistent with the stated trade rationale and warrant EDD/escalation.
Topic: Building an Anti-Financial Crime Compliance Program
A bank applies ordinary CDD to most customers. A new corporate customer has a complex cross-border ownership chain, adverse media alleging corruption, and expected high-volume payments to higher-risk jurisdictions. Compliance recommends additional ownership verification, senior management approval, and more frequent monitoring before onboarding. Which concept best matches this response?
Best answer: B
What this tests: Building an Anti-Financial Crime Compliance Program
Explanation: A risk-based AFC program scales controls to the level of financial-crime risk. When multiple risk factors exceed the ordinary baseline—such as complex ownership, adverse media, higher-risk jurisdictions, or unusual expected activity—the institution should apply enhanced due diligence or other enhanced controls. These may include deeper source-of-wealth or ownership checks, senior management approval, tighter onboarding conditions, and more frequent ongoing monitoring. The goal is not to reject every higher-risk customer automatically, but to determine whether the risk can be understood, mitigated, and accepted within the institution’s risk appetite.
EDD applies additional controls when customer, product, geographic, or activity risk exceeds the institution’s baseline risk tolerance.
Topic: Global AFC Frameworks, Governance, and Regulations
A country’s latest national risk assessment states that cross-border remittance providers serving conflict-affected corridors present elevated terrorism-financing risk. A bank has a licensed remittance customer in that sector. The latest review shows activity consistent with the customer’s profile, no sanctions matches, and no adverse media. The relationship manager asks whether the assessment requires an immediate suspicious activity report. What is the best action?
Best answer: C
What this tests: Global AFC Frameworks, Governance, and Regulations
Explanation: National and sector risk assessments provide external insight into typologies, vulnerable sectors, jurisdictions, and products. They should feed the institution’s enterprise risk assessment, customer risk scoring, due diligence depth, monitoring scenarios, and management reporting. However, an external assessment does not by itself prove that a particular customer is suspicious. In this scenario, the customer is licensed, activity is consistent with its profile, and there are no sanctions or adverse-media concerns. The best action is to incorporate the external risk signal into the bank’s risk-based controls while continuing to look for customer- or transaction-specific evidence before escalating for suspicious activity reporting.
External risk assessments inform risk-based controls, but suspicious reporting generally requires customer- or transaction-specific grounds for suspicion.
Topic: Understanding the Risks and Methods of Financial Crime
A VASP reviews an alert showing that a customer’s wallet received cryptoassets from addresses identified by blockchain intelligence as recent victim payment wallets in malware-extortion incidents. The customer then routed the funds through a mixer and requested withdrawal. Which exposure is most directly indicated?
Best answer: C
What this tests: Understanding the Risks and Methods of Financial Crime
Explanation: Cryptoasset activity can create different financial-crime exposures depending on the source, destination, and behavior of funds. Payments traced from victim wallets associated with malware-extortion incidents are a classic indicator of ransomware-related proceeds. The use of a mixer and rapid withdrawal request may strengthen the laundering concern, but the decisive concept is the connection to ransomware victim payments. Other crypto risks may involve sanctioned wallet exposure, terrorist fundraising, or concealment of taxable gains, but those require different indicators than the facts provided.
Victim payment wallets tied to malware extortion point most directly to ransomware proceeds being laundered.
Topic: Global AFC Frameworks, Governance, and Regulations
An AFC analyst is updating a sector risk assessment for correspondent banking. The analyst needs nonbinding, non-government guidance that reflects practices and typology insights from major global financial institutions rather than an official regulator or FIU. Which source is the best match?
Best answer: D
What this tests: Global AFC Frameworks, Governance, and Regulations
Explanation: Non-government sources can help compliance teams understand emerging typologies, sector-specific risks, and good practices without replacing legal or regulatory obligations. The Wolfsberg Group is a private-sector body made up of major global banks and is known for publishing nonbinding AML/CFT principles, statements, and guidance. These materials are useful for benchmarking controls and understanding financial-institution perspectives on risks such as correspondent banking, customer due diligence, and transaction monitoring. Official reports from FATF, national authorities, or FIUs are also important, but they are governmental or intergovernmental sources rather than the non-government guidance requested in the stem.
The Wolfsberg Group is a private-sector association that publishes nonbinding AML/CFT guidance and typology-relevant materials for financial institutions.
Use the CAMS Practice Test page for the full Finance Prep practice bank, mixed-topic practice, timed mock exams, and explanations.
Use the full Finance Prep practice page above for the latest review links and practice page.