CAMS — ACAMS Certified Anti-Money Laundering Specialist (CAMS) Quick Reference

Compact independent review for ACAMS Certified Anti-Money Laundering Specialist (CAMS) candidates: AML lifecycle, CDD/EDD, sanctions, typologies, investigations, and exam traps.

Exam Identity

ItemDetail
Vendor/providerACAMS
Official exam titleACAMS Certified Anti-Money Laundering Specialist (CAMS)
Official exam codeCAMS
Page purposeIndependent Quick Reference for final review and practice support; not an official ACAMS document.

AML/CFT Core Framework

Money Laundering Lifecycle

StageWhat HappensCommon ExamplesExam Trap
PlacementCriminal proceeds enter the financial systemCash deposits, currency exchange, casino chips, prepaid cards, funnel accountsPlacement is not always cash, but cash-intensive methods are classic.
LayeringTransactions obscure origin, ownership, or audit trailWire transfers, shell companies, trade transactions, crypto mixing, securities tradesLayering is often the most complex stage and may involve legitimate-looking activity.
IntegrationFunds appear legitimate and re-enter economyReal estate, luxury goods, business investment, loans, dividendsIntegration is about apparent legitimacy, not just spending.

Terrorist Financing vs. Money Laundering

AreaMoney LaunderingTerrorist Financing
Primary concernConcealing proceeds of crimeFunding terrorist activity
Source of fundsUsually illicit, but may be mixedMay be illicit or legitimate
Transaction sizeCan be large or structuredOften small, routine-looking transactions
Direction of analysisFollow proceeds back to predicate crimeFollow funds toward intended use
Key exam distinctionCriminal origin is centralIntended use is central

Proliferation Financing

ConceptQuick Reference
MeaningFinancing, facilitation, or support connected to weapons of mass destruction proliferation or sanctioned programs.
Common exposure pointsTrade finance, dual-use goods, shipping, correspondent banking, sanctions evasion, front companies.
Key controlsSanctions screening, trade document review, end-user/end-use checks, vessel and routing review, customer due diligence.
Exam trapIt may look like ordinary trade activity; the risk often appears in goods, counterparties, routes, and sanctions connections.

Risk-Based Approach

Risk-Based Program Logic

StepPractical QuestionOutput
Identify riskWho are the customers, products, geographies, channels, and intermediaries?Risk universe
Assess riskWhat is the likelihood and impact of misuse?Inherent risk
Control riskWhat policies, systems, staffing, and monitoring reduce risk?Control design
Test effectivenessAre controls operating as intended?Residual risk
AdjustAre typologies, sanctions, products, or customer profiles changing?Updated program

Inherent vs. Residual Risk

TermMeaningCAMS Exam Clue
Inherent riskRisk before controlsHigh-risk customer, high-risk geography, complex product
Control effectivenessStrength of mitigationCDD, monitoring, sanctions screening, training, audit
Residual riskRisk after controlsWhat management must accept, reduce, or exit

A simple risk model is:

\[ \text{Residual Risk} = \text{Inherent Risk} - \text{Control Effectiveness} \]

Use the formula conceptually. Actual scoring models vary by institution and jurisdiction.

AML Program Components

ComponentPurposeKey Evidence
Policies and proceduresSet expectations and required stepsAML policy, CDD procedures, escalation playbooks
Designated compliance officer/functionOwns program oversight and escalationRole description, committee reports, issue tracking
TrainingMakes staff able to detect and escalate riskRole-based training records, testing, refreshers
Independent testing/auditChallenges program design and operationAudit reports, remediation plans, validation
Customer due diligenceUnderstand customer identity, activity, and riskKYC files, beneficial ownership, risk ratings
Transaction monitoringDetect unusual or suspicious activityAlerts, cases, scenarios, tuning records
Suspicious activity reportingNotify relevant authority when requiredSAR/STR decision memo, filing record, confidentiality controls
Sanctions screeningPrevent prohibited dealingsScreening logs, alert dispositions, list update controls
RecordkeepingPreserve evidence and audit trailAccount records, transaction records, investigation files

CDD, KYC, and EDD

CDD Workflow

    flowchart TD
	    A[Customer onboarding or event trigger] --> B[Identify customer]
	    B --> C[Verify identity using reliable information]
	    C --> D[Identify beneficial owners/controllers where applicable]
	    D --> E[Understand purpose and expected activity]
	    E --> F[Assign customer risk rating]
	    F --> G{Higher risk?}
	    G -- No --> H[Standard monitoring and periodic refresh]
	    G -- Yes --> I[Enhanced due diligence and approval]
	    I --> J[Enhanced monitoring and review]

CDD Decision Table

SituationStandard CDD FocusEDD Trigger Indicators
Individual customerIdentity, address, occupation/source of funds as relevant, expected activityPEP status, unusual wealth, high-risk geography, adverse media, nominee use
Legal entityLegal existence, ownership/control, business purpose, expected activityComplex ownership, shell indicators, offshore secrecy, bearer-share-like risk, unexplained control structure
Nonprofit/charityPurpose, leadership, funding sources, beneficiaries, geographiesConflict zones, cash-intensive donations, opaque beneficiaries, links to sanctioned regions
Correspondent bankingRespondent bank profile, ownership, license, supervision, AML controlsNested relationships, payable-through access, weak jurisdiction, shell bank concerns
MSB/payment firmLicenses/registration as applicable, agent network, products, AML programHigh cash volume, cross-border remittance corridors, agent control weakness
Private bankingClient identity, source of wealth, source of funds, relationship purposePEP, complex vehicles, secrecy requests, rapid movement of large funds
Trade finance customerNature of trade, goods, counterparties, shipping routesDual-use goods, inconsistent pricing, unusual routes, sanctions exposure
Virtual asset exposureWallet/service provider risk, purpose, source of fundsMixers/tumblers, darknet links, sanctions exposure, chain-hopping

CDD vs. EDD vs. Ongoing Monitoring

ControlWhen UsedMain Question
CDDAt onboarding and refreshDo we know who the customer is and what activity is expected?
EDDHigher-risk customers or situationsDo we have enough additional information to understand and manage elevated risk?
Ongoing monitoringThroughout relationshipIs actual activity consistent with expected activity and risk profile?
Event-driven reviewTriggered by change or red flagHas the customer’s risk materially changed?

Source of Funds vs. Source of Wealth

TermMeaningExample
Source of fundsOrigin of specific funds used in a transaction or relationshipSalary deposit, sale of property, business revenue
Source of wealthOverall origin of customer’s total net worthBusiness ownership, inheritance, investment gains
Exam trapDo not treat a bank statement showing current balance as full source-of-wealth evidence.Balance proves possession, not necessarily origin.

Beneficial Ownership and Control

ConceptQuick Reference
Beneficial ownerNatural person who ultimately owns or controls a legal entity or arrangement.
Control personPerson with significant responsibility to control, manage, or direct the entity.
NomineePerson listed on paper but acting for another party.
Shell companyEntity with little or no independent operations/assets; can be legitimate or abused.
Shelf companyPre-existing inactive company; risk rises when used to obscure history or ownership.
Front companyOperating business used to disguise illicit activity.

Beneficial Ownership Red Flags

Red FlagWhy It Matters
Ownership chain includes many entities without clear business reasonMay hide true control.
Entities in secrecy or high-risk jurisdictionsMay limit transparency.
Nominee directors/shareholders appear repeatedlyMay indicate professional concealment.
Customer refuses ownership informationCDD cannot be completed.
Control exercised by someone not listed as ownerHidden beneficial ownership risk.
Frequent ownership changes without rationalePotential layering or sanctions evasion.

Sanctions, PEPs, and Adverse Media

High-Yield Distinctions

TopicMeaningKey ControlExam Trap
SanctionsLegal/economic restrictions against persons, entities, vessels, sectors, or countriesScreening, blocking/rejecting/escalation per applicable rulesSanctions compliance is not the same as AML monitoring, although they overlap.
PEPPolitically exposed person with potential corruption/bribery riskRisk-based EDD and senior review where required by policy/lawPEP status alone does not prove criminal activity.
Adverse mediaNegative public information suggesting financial crime, corruption, fraud, or sanctions riskInvestigation, corroboration, risk-rating updateMedia must be assessed for reliability, relevance, and recency.
Watchlist/internal listInstitution-created list from prior concernsInternal screening and escalationNot the same as an official sanctions list.

Sanctions Screening Decision Path

    flowchart TD
	    A[Potential match from screening] --> B[Compare identifiers]
	    B --> C{Clearly not same party?}
	    C -- Yes --> D[False positive; document rationale]
	    C -- No --> E{Strong or possible match?}
	    E -- Possible --> F[Escalate for review; gather more identifiers]
	    E -- Strong --> G[Apply hold/block/reject/escalate per policy and applicable law]
	    F --> H[Final disposition and audit trail]
	    G --> H

Screening Quality Factors

FactorWhy It Matters
Data qualityPoor names, dates, addresses, and IDs increase false positives and missed matches.
List updatesScreening must reflect current applicable lists and internal rules.
Fuzzy matchingHelps identify spelling variations but can increase alert volume.
TransliterationNames may appear differently across alphabets and systems.
Alert documentationReviewers must show why an alert was cleared or escalated.
Payment screening timingScreening too late can allow prohibited activity to proceed.

Customer and Product Risk Matrix

Risk CategoryLower-Risk IndicatorsHigher-Risk Indicators
Customer typeSalaried individual, transparent ownership, local operating businessPEP, cash-intensive business, offshore vehicle, shell company, MSB, arms-related business
GeographyStrong AML supervision, transparent registries, low corruptionSanctioned/high-risk regions, secrecy jurisdictions, conflict zones, corruption exposure
Product/serviceLow-value, traceable, limited transferabilityPrivate banking, correspondent banking, trade finance, prepaid access, virtual assets
Delivery channelFace-to-face onboarding, verified documentsNon-face-to-face onboarding, intermediaries, agents, remote-only relationship
Transaction behaviorConsistent with profile, documented purposeRapid movement, no economic rationale, unusual counterparties, structuring
OwnershipClear natural-person ownership/controlLayered entities, nominee arrangements, trusts without clear rationale
Source of fundsVerifiable salary/business revenueCash, third-party funding, unexplained wealth, high-risk counterparties

Typologies and Red Flags

Cash and Structuring

Red FlagPossible Concern
Multiple cash deposits below reporting or internal review thresholdsStructuring/smurfing
Cash activity inconsistent with business typePlacement of illicit proceeds
Deposits at many branches or ATMs into one accountFunnel account activity
Rapid cash deposit followed by wire outPlacement followed by layering
Customer nervous or coached during transactionPossible third-party control

Wire Transfers and Correspondent Banking

Red FlagPossible Concern
Wires to/from high-risk jurisdictions without business reasonLayering, sanctions evasion, fraud
Funds pass through account quickly with little retentionPass-through activity
Same-day incoming and outgoing wires in similar amountsLayering
Payment details vague or inconsistentConcealment of purpose
Nested correspondent activity not disclosedHidden respondent/customer risk
Use of shell banks or unregulated institutionsSevere AML and sanctions risk

Trade-Based Money Laundering

Red FlagPossible Concern
Over- or under-invoicingValue transfer outside normal payment channels
Multiple invoices for same goodsDuplicate financing or laundering
Goods inconsistent with customer businessFalse trade activity
Unusual shipping route or transshipmentSanctions evasion or concealment
Phantom shipments or vague goods descriptionsFabricated trade
Price inconsistent with marketValue manipulation
Dual-use goods with high-risk end userProliferation financing risk

Securities, Insurance, and Investment Products

Red FlagPossible Concern
Early surrender of policy despite penaltiesLaundering through insurance product
Third-party premium paymentsHidden source of funds
Securities trades with no apparent investment rationaleLayering
Wash-like activity or offsetting tradesCreating artificial movement/value
Rapid liquidation after fundingIntegration or fraud proceeds
Funds from unrelated jurisdictionsConcealed beneficial owner or source

Real Estate and High-Value Assets

Red FlagPossible Concern
Purchase through complex entities without clear rationaleBeneficial ownership concealment
All-cash purchase by high-risk customerIntegration
Use of nominee buyerHidden owner
Price materially above/below marketValue transfer
Rapid resale without economic reasonLayering/integration
Third-party funding or repaymentHidden source of funds

Virtual Assets

Red FlagPossible Concern
Use of mixers/tumblersObscuring origin or destination
Darknet marketplace exposureCriminal proceeds
Chain-hopping across assetsLayering
Transfers involving sanctioned wallet/serviceSanctions breach risk
Rapid in/out movement with no stated purposePass-through activity
Privacy-enhancing coins or anonymity toolsIncreased traceability risk

Suspicious Activity Investigation and Reporting

Investigation Workflow

    flowchart TD
	    A[Alert, referral, subpoena, media hit, or law enforcement request] --> B[Initial triage]
	    B --> C{Reasonable concern?}
	    C -- No --> D[Close with documented rationale]
	    C -- Yes --> E[Gather customer, transaction, CDD, and external information]
	    E --> F[Analyze against expected activity and typologies]
	    F --> G{Suspicion remains?}
	    G -- No --> H[Close; update risk rating if needed]
	    G -- Yes --> I[Escalate for SAR/STR decision]
	    I --> J[File/report per applicable rules and preserve confidentiality]
	    J --> K[Continue monitoring or exit decision]

Alert vs. Case vs. SAR/STR

ItemMeaningKey Evidence
AlertSystem or manual trigger requiring reviewScenario hit, referral, screening match
CaseInvestigative file opened to analyze activityNarrative, documents, transaction analysis
SAR/STR decisionDetermination whether reporting is required/appropriateDecision memo, approval trail
SAR/STR filingReport to relevant financial intelligence unit or authorityFiling confirmation, confidentiality controls

Strong Investigation File Characteristics

CharacteristicPractical Standard
Clear issue statementWhat triggered the review?
Customer profile comparisonWhy is activity normal or unusual for this customer?
Transaction timelineShows sequence, amounts, counterparties, and jurisdictions.
Evidence retainedCDD, statements, wires, invoices, media, screening results.
Typology linkageExplains why activity resembles laundering, fraud, sanctions evasion, etc.
Decision rationaleSupports filing or no-filing decision.
ConfidentialityAvoids improper disclosure to the customer or unauthorized parties.

SAR/STR Narrative Checklist

IncludeAvoid
Who is involvedUnsupported accusations
What happenedGeneric boilerplate only
When activity occurredIrrelevant background
Where funds movedUnexplained acronyms
Why activity is suspiciousConclusions without facts
How activity was conductedRevealing reporting to customer

Tipping Off and Confidentiality

ConceptPractical Meaning
Tipping offImproperly informing a customer or third party that a suspicious activity report/investigation exists or may be filed.
Safe staff responseAsk ordinary business questions needed for CDD or transaction clarification without revealing suspicion.
Internal sharingShare on a need-to-know basis under policy and applicable law.
Exam trapRefusing to ask any customer questions can weaken investigations; the issue is revealing the report/investigation, not routine inquiry.

Law Enforcement, Regulators, and Information Requests

Request TypeAML Team Response
Regulator examinationProvide records, program documentation, testing results, remediation evidence.
Law enforcement inquiryFollow legal process and internal escalation; preserve confidentiality.
Subpoena/court orderRoute to legal/compliance; produce responsive records as required.
Search warrantContact legal/compliance immediately; do not obstruct authorized search.
Informal requestVerify authority and follow policy before disclosure.
Account closure requestConsider legal, law enforcement, risk, and operational impacts before exiting.

Internal Controls, Audit, and Governance

Three Lines Model

LineTypical RoleAML/CFT Responsibility
First lineBusiness operations, relationship managers, branch/payment staffOwn customer risk, perform procedures, escalate red flags.
Second lineCompliance, financial crime risk, sanctions teamSet policy, advise, monitor, investigate, report.
Third lineInternal audit/independent testingIndependently evaluate design and effectiveness.

Governance Evidence

EvidenceWhy It Matters
Board/senior management reportingShows oversight of AML risk and issues.
Risk assessment methodologyDemonstrates structured risk-based approach.
Issue trackingShows deficiencies are identified, owned, and remediated.
Model/scenario tuning recordsSupports monitoring effectiveness.
Training completion and role mappingShows staff receive relevant AML instruction.
Independent audit reportsConfirms challenge and validation.

Common Control Weaknesses

WeaknessRisk
Incomplete CDD filesCustomer risk cannot be understood.
Unreviewed transaction monitoring alertsSuspicious activity may not be escalated.
Poor data qualityScreening and monitoring fail.
Overreliance on manual controlsInconsistent outcomes and weak audit trail.
No documented rationale for decisionsRegulators/auditors cannot validate judgment.
Stale risk assessmentProgram no longer reflects current risk.
Training not role-specificStaff miss risks relevant to their function.

Transaction Monitoring

Monitoring Scenario Reference

ScenarioDetectsTuning Considerations
Cash structuringMultiple smaller cash transactionsCustomer type, cash norms, aggregation logic
Rapid movementFunds quickly enter and leaveTime window, percentage of funds moved
High-risk geographyActivity involving risky jurisdictionsCountry risk list, customer business rationale
Dormant account reactivationSudden activity after inactivityDormancy period, activity size
Round-dollar transactionsPatterned or artificial activityProduct type, customer profile
Unusual counterpartiesNew or unrelated payeesRelationship history, geography, occupation/business
Trade anomaliesInconsistent invoices or routesGoods type, pricing, shipping data
Virtual asset exposureTransfers to/from VASPs or walletsBlockchain analytics, sanctions indicators

Good Alert Disposition

Required ElementExample of Strong Rationale
Facts reviewed“Reviewed 90 days of account activity, CDD profile, wire details, and invoices.”
Expected activity comparison“Customer is an importer; wires to supplier are consistent with declared business.”
Explanation“Invoices and shipping documents support purpose and counterparties.”
Decision“Close as not suspicious; maintain current risk rating.”
Escalation if needed“Escalate due to unexplained third-party wires and adverse media.”

FATF-Style Concepts Commonly Tested

ConceptQuick Reference
Risk-based approachAllocate stronger controls to higher risks instead of treating all risk equally.
Customer due diligenceIdentify/verify customer and understand relationship purpose.
Beneficial ownership transparencyIdentify natural persons who ultimately own/control entities.
Financial intelligence unitReceives and analyzes suspicious activity reports and related information.
Mutual legal assistanceCooperation mechanism between jurisdictions for investigations/proceedings.
Targeted financial sanctionsRestrictions directed at designated persons/entities or defined sanctions programs.
Correspondent banking controlsDue diligence on respondent banks and nested/payable-through risks.
New technologiesAssess risks before launching new products, delivery channels, or technology.
DNFBPsNonfinancial businesses/professions that can be abused, such as casinos, real estate, dealers in precious metals/stones, lawyers/accountants in certain activities.

High-Yield Vocabulary

TermMeaning
Predicate offenseCrime that generates proceeds laundered through the financial system.
SmurfingUse of multiple people or transactions to break up funds.
StructuringDesigning transactions to avoid reporting or detection thresholds.
Funnel accountAccount receiving deposits from many locations and moving funds elsewhere.
MulePerson or account used to move illicit funds, sometimes knowingly, sometimes not.
NomineePerson/entity acting on behalf of another to hide true control.
Correspondent bankBank providing services to another financial institution.
Respondent bankFinancial institution receiving correspondent services.
Payable-through accountAccount allowing respondent’s customers direct or indirect access through correspondent relationship.
Nested relationshipRespondent bank provides access to other institutions through its correspondent account.
Shell bankBank with no physical presence and not affiliated with a regulated financial group.
Front companyBusiness used to commingle or disguise illicit proceeds.
GatekeeperProfessional or intermediary who may facilitate access to financial system.
PEPPerson with prominent public function, plus risk-relevant associates/family depending on policy/law.
De-riskingExiting or restricting categories of customers rather than managing risk individually.
False positiveScreening/monitoring hit that is not a true match or not suspicious after review.
False negativeMissed risk event that should have been detected.
TypologyPattern or method used to launder money or finance illicit activity.
Adverse mediaNegative information relevant to customer or counterparty risk.

Scenario Decision Rules

If the Question Says…Think…Likely Best Action
Customer refuses to provide required CDDCannot understand/manage riskDo not onboard or escalate/exit per policy.
Activity is unusual but explainable with documentsNot automatically suspiciousDocument review and rationale; update risk if needed.
PEP with legitimate transparent source of wealthHigher risk, not prohibited by defaultApply risk-based EDD and approvals.
Possible sanctions matchMust not casually clearEscalate and compare identifiers; act under policy/law.
Employee suspects SAR/STR may be neededConfidentiality mattersEscalate internally; do not tell customer.
Law enforcement asks to keep account openRisk and legal coordination neededEscalate to legal/compliance; document decision.
Monitoring model produces too many poor alertsControl effectiveness issueTune, validate, improve data/scenarios.
Complex entity has no clear business purposeBeneficial ownership concernObtain more information; consider EDD/escalation.
Trade documents conflict with payment detailsTBML concernInvestigate invoices, goods, route, counterparties.
High-risk customer has weak CDD fileProgram deficiencyRemediate CDD before relying on monitoring alone.

Common Exam Traps

TrapCorrect Approach
Treating high risk as automatically illegalHigh risk requires stronger controls, not automatic rejection unless prohibited by law/policy.
Confusing PEP screening with sanctions screeningPEPs require risk-based EDD; sanctions may prohibit or restrict activity.
Assuming small transactions are low riskTerrorist financing and structuring may involve small amounts.
Equating documentation volume with qualityEvidence must answer identity, ownership, purpose, source, and activity questions.
Forgetting beneficial owners are natural personsLegal entities may be in the chain, but the goal is ultimate natural-person ownership/control.
Closing alerts without explaining normal activityA good closure compares activity to expected profile and evidence.
Filing SAR/STR based only on a system alertAlerts require investigation and judgment.
Ignoring geography in trade financeRoute, origin, destination, transshipment, and end user matter.
Thinking AML is only compliance’s jobFirst line owns risk; compliance oversees; audit tests.
Overlooking data qualityBad customer or transaction data undermines screening and monitoring.

Final Review Checklist

AreaCan You Do This Quickly?
AML lifecycleDistinguish placement, layering, and integration in scenarios.
CFTExplain why legitimate funds can still create terrorist financing risk.
CDD/EDDSelect standard vs. enhanced due diligence based on risk.
Beneficial ownershipIdentify hidden ownership/control red flags.
SanctionsDistinguish false positive, possible match, and true match escalation.
PEPsApply risk-based controls without assuming criminality.
SAR/STRDescribe investigation, decision, filing, and confidentiality steps.
MonitoringMatch typologies to detection scenarios and alert review evidence.
TBMLSpot invoice, goods, route, and counterparty anomalies.
GovernanceExplain roles of business, compliance, and audit.
Audit trailKnow what evidence supports a defensible AML decision.

Practical Next Step

Use this Quick Reference to build mixed practice sets: one scenario for CDD/EDD, one for sanctions, one for transaction monitoring, one for SAR/STR decisions, and one for governance or audit. For each question, force yourself to identify the risk, the control, the escalation point, and the documentation needed.