Exam Identity
| Item | Detail |
|---|
| Vendor/provider | ACAMS |
| Official exam title | ACAMS Certified Anti-Money Laundering Specialist (CAMS) |
| Official exam code | CAMS |
| Page purpose | Independent Quick Reference for final review and practice support; not an official ACAMS document. |
AML/CFT Core Framework
Money Laundering Lifecycle
| Stage | What Happens | Common Examples | Exam Trap |
|---|
| Placement | Criminal proceeds enter the financial system | Cash deposits, currency exchange, casino chips, prepaid cards, funnel accounts | Placement is not always cash, but cash-intensive methods are classic. |
| Layering | Transactions obscure origin, ownership, or audit trail | Wire transfers, shell companies, trade transactions, crypto mixing, securities trades | Layering is often the most complex stage and may involve legitimate-looking activity. |
| Integration | Funds appear legitimate and re-enter economy | Real estate, luxury goods, business investment, loans, dividends | Integration is about apparent legitimacy, not just spending. |
Terrorist Financing vs. Money Laundering
| Area | Money Laundering | Terrorist Financing |
|---|
| Primary concern | Concealing proceeds of crime | Funding terrorist activity |
| Source of funds | Usually illicit, but may be mixed | May be illicit or legitimate |
| Transaction size | Can be large or structured | Often small, routine-looking transactions |
| Direction of analysis | Follow proceeds back to predicate crime | Follow funds toward intended use |
| Key exam distinction | Criminal origin is central | Intended use is central |
Proliferation Financing
| Concept | Quick Reference |
|---|
| Meaning | Financing, facilitation, or support connected to weapons of mass destruction proliferation or sanctioned programs. |
| Common exposure points | Trade finance, dual-use goods, shipping, correspondent banking, sanctions evasion, front companies. |
| Key controls | Sanctions screening, trade document review, end-user/end-use checks, vessel and routing review, customer due diligence. |
| Exam trap | It may look like ordinary trade activity; the risk often appears in goods, counterparties, routes, and sanctions connections. |
Risk-Based Approach
Risk-Based Program Logic
| Step | Practical Question | Output |
|---|
| Identify risk | Who are the customers, products, geographies, channels, and intermediaries? | Risk universe |
| Assess risk | What is the likelihood and impact of misuse? | Inherent risk |
| Control risk | What policies, systems, staffing, and monitoring reduce risk? | Control design |
| Test effectiveness | Are controls operating as intended? | Residual risk |
| Adjust | Are typologies, sanctions, products, or customer profiles changing? | Updated program |
Inherent vs. Residual Risk
| Term | Meaning | CAMS Exam Clue |
|---|
| Inherent risk | Risk before controls | High-risk customer, high-risk geography, complex product |
| Control effectiveness | Strength of mitigation | CDD, monitoring, sanctions screening, training, audit |
| Residual risk | Risk after controls | What management must accept, reduce, or exit |
A simple risk model is:
\[
\text{Residual Risk} = \text{Inherent Risk} - \text{Control Effectiveness}
\]
Use the formula conceptually. Actual scoring models vary by institution and jurisdiction.
AML Program Components
| Component | Purpose | Key Evidence |
|---|
| Policies and procedures | Set expectations and required steps | AML policy, CDD procedures, escalation playbooks |
| Designated compliance officer/function | Owns program oversight and escalation | Role description, committee reports, issue tracking |
| Training | Makes staff able to detect and escalate risk | Role-based training records, testing, refreshers |
| Independent testing/audit | Challenges program design and operation | Audit reports, remediation plans, validation |
| Customer due diligence | Understand customer identity, activity, and risk | KYC files, beneficial ownership, risk ratings |
| Transaction monitoring | Detect unusual or suspicious activity | Alerts, cases, scenarios, tuning records |
| Suspicious activity reporting | Notify relevant authority when required | SAR/STR decision memo, filing record, confidentiality controls |
| Sanctions screening | Prevent prohibited dealings | Screening logs, alert dispositions, list update controls |
| Recordkeeping | Preserve evidence and audit trail | Account records, transaction records, investigation files |
CDD, KYC, and EDD
CDD Workflow
flowchart TD
A[Customer onboarding or event trigger] --> B[Identify customer]
B --> C[Verify identity using reliable information]
C --> D[Identify beneficial owners/controllers where applicable]
D --> E[Understand purpose and expected activity]
E --> F[Assign customer risk rating]
F --> G{Higher risk?}
G -- No --> H[Standard monitoring and periodic refresh]
G -- Yes --> I[Enhanced due diligence and approval]
I --> J[Enhanced monitoring and review]
CDD Decision Table
| Situation | Standard CDD Focus | EDD Trigger Indicators |
|---|
| Individual customer | Identity, address, occupation/source of funds as relevant, expected activity | PEP status, unusual wealth, high-risk geography, adverse media, nominee use |
| Legal entity | Legal existence, ownership/control, business purpose, expected activity | Complex ownership, shell indicators, offshore secrecy, bearer-share-like risk, unexplained control structure |
| Nonprofit/charity | Purpose, leadership, funding sources, beneficiaries, geographies | Conflict zones, cash-intensive donations, opaque beneficiaries, links to sanctioned regions |
| Correspondent banking | Respondent bank profile, ownership, license, supervision, AML controls | Nested relationships, payable-through access, weak jurisdiction, shell bank concerns |
| MSB/payment firm | Licenses/registration as applicable, agent network, products, AML program | High cash volume, cross-border remittance corridors, agent control weakness |
| Private banking | Client identity, source of wealth, source of funds, relationship purpose | PEP, complex vehicles, secrecy requests, rapid movement of large funds |
| Trade finance customer | Nature of trade, goods, counterparties, shipping routes | Dual-use goods, inconsistent pricing, unusual routes, sanctions exposure |
| Virtual asset exposure | Wallet/service provider risk, purpose, source of funds | Mixers/tumblers, darknet links, sanctions exposure, chain-hopping |
CDD vs. EDD vs. Ongoing Monitoring
| Control | When Used | Main Question |
|---|
| CDD | At onboarding and refresh | Do we know who the customer is and what activity is expected? |
| EDD | Higher-risk customers or situations | Do we have enough additional information to understand and manage elevated risk? |
| Ongoing monitoring | Throughout relationship | Is actual activity consistent with expected activity and risk profile? |
| Event-driven review | Triggered by change or red flag | Has the customer’s risk materially changed? |
Source of Funds vs. Source of Wealth
| Term | Meaning | Example |
|---|
| Source of funds | Origin of specific funds used in a transaction or relationship | Salary deposit, sale of property, business revenue |
| Source of wealth | Overall origin of customer’s total net worth | Business ownership, inheritance, investment gains |
| Exam trap | Do not treat a bank statement showing current balance as full source-of-wealth evidence. | Balance proves possession, not necessarily origin. |
Beneficial Ownership and Control
| Concept | Quick Reference |
|---|
| Beneficial owner | Natural person who ultimately owns or controls a legal entity or arrangement. |
| Control person | Person with significant responsibility to control, manage, or direct the entity. |
| Nominee | Person listed on paper but acting for another party. |
| Shell company | Entity with little or no independent operations/assets; can be legitimate or abused. |
| Shelf company | Pre-existing inactive company; risk rises when used to obscure history or ownership. |
| Front company | Operating business used to disguise illicit activity. |
Beneficial Ownership Red Flags
| Red Flag | Why It Matters |
|---|
| Ownership chain includes many entities without clear business reason | May hide true control. |
| Entities in secrecy or high-risk jurisdictions | May limit transparency. |
| Nominee directors/shareholders appear repeatedly | May indicate professional concealment. |
| Customer refuses ownership information | CDD cannot be completed. |
| Control exercised by someone not listed as owner | Hidden beneficial ownership risk. |
| Frequent ownership changes without rationale | Potential layering or sanctions evasion. |
High-Yield Distinctions
| Topic | Meaning | Key Control | Exam Trap |
|---|
| Sanctions | Legal/economic restrictions against persons, entities, vessels, sectors, or countries | Screening, blocking/rejecting/escalation per applicable rules | Sanctions compliance is not the same as AML monitoring, although they overlap. |
| PEP | Politically exposed person with potential corruption/bribery risk | Risk-based EDD and senior review where required by policy/law | PEP status alone does not prove criminal activity. |
| Adverse media | Negative public information suggesting financial crime, corruption, fraud, or sanctions risk | Investigation, corroboration, risk-rating update | Media must be assessed for reliability, relevance, and recency. |
| Watchlist/internal list | Institution-created list from prior concerns | Internal screening and escalation | Not the same as an official sanctions list. |
Sanctions Screening Decision Path
flowchart TD
A[Potential match from screening] --> B[Compare identifiers]
B --> C{Clearly not same party?}
C -- Yes --> D[False positive; document rationale]
C -- No --> E{Strong or possible match?}
E -- Possible --> F[Escalate for review; gather more identifiers]
E -- Strong --> G[Apply hold/block/reject/escalate per policy and applicable law]
F --> H[Final disposition and audit trail]
G --> H
Screening Quality Factors
| Factor | Why It Matters |
|---|
| Data quality | Poor names, dates, addresses, and IDs increase false positives and missed matches. |
| List updates | Screening must reflect current applicable lists and internal rules. |
| Fuzzy matching | Helps identify spelling variations but can increase alert volume. |
| Transliteration | Names may appear differently across alphabets and systems. |
| Alert documentation | Reviewers must show why an alert was cleared or escalated. |
| Payment screening timing | Screening too late can allow prohibited activity to proceed. |
Customer and Product Risk Matrix
| Risk Category | Lower-Risk Indicators | Higher-Risk Indicators |
|---|
| Customer type | Salaried individual, transparent ownership, local operating business | PEP, cash-intensive business, offshore vehicle, shell company, MSB, arms-related business |
| Geography | Strong AML supervision, transparent registries, low corruption | Sanctioned/high-risk regions, secrecy jurisdictions, conflict zones, corruption exposure |
| Product/service | Low-value, traceable, limited transferability | Private banking, correspondent banking, trade finance, prepaid access, virtual assets |
| Delivery channel | Face-to-face onboarding, verified documents | Non-face-to-face onboarding, intermediaries, agents, remote-only relationship |
| Transaction behavior | Consistent with profile, documented purpose | Rapid movement, no economic rationale, unusual counterparties, structuring |
| Ownership | Clear natural-person ownership/control | Layered entities, nominee arrangements, trusts without clear rationale |
| Source of funds | Verifiable salary/business revenue | Cash, third-party funding, unexplained wealth, high-risk counterparties |
Typologies and Red Flags
Cash and Structuring
| Red Flag | Possible Concern |
|---|
| Multiple cash deposits below reporting or internal review thresholds | Structuring/smurfing |
| Cash activity inconsistent with business type | Placement of illicit proceeds |
| Deposits at many branches or ATMs into one account | Funnel account activity |
| Rapid cash deposit followed by wire out | Placement followed by layering |
| Customer nervous or coached during transaction | Possible third-party control |
Wire Transfers and Correspondent Banking
| Red Flag | Possible Concern |
|---|
| Wires to/from high-risk jurisdictions without business reason | Layering, sanctions evasion, fraud |
| Funds pass through account quickly with little retention | Pass-through activity |
| Same-day incoming and outgoing wires in similar amounts | Layering |
| Payment details vague or inconsistent | Concealment of purpose |
| Nested correspondent activity not disclosed | Hidden respondent/customer risk |
| Use of shell banks or unregulated institutions | Severe AML and sanctions risk |
Trade-Based Money Laundering
| Red Flag | Possible Concern |
|---|
| Over- or under-invoicing | Value transfer outside normal payment channels |
| Multiple invoices for same goods | Duplicate financing or laundering |
| Goods inconsistent with customer business | False trade activity |
| Unusual shipping route or transshipment | Sanctions evasion or concealment |
| Phantom shipments or vague goods descriptions | Fabricated trade |
| Price inconsistent with market | Value manipulation |
| Dual-use goods with high-risk end user | Proliferation financing risk |
Securities, Insurance, and Investment Products
| Red Flag | Possible Concern |
|---|
| Early surrender of policy despite penalties | Laundering through insurance product |
| Third-party premium payments | Hidden source of funds |
| Securities trades with no apparent investment rationale | Layering |
| Wash-like activity or offsetting trades | Creating artificial movement/value |
| Rapid liquidation after funding | Integration or fraud proceeds |
| Funds from unrelated jurisdictions | Concealed beneficial owner or source |
Real Estate and High-Value Assets
| Red Flag | Possible Concern |
|---|
| Purchase through complex entities without clear rationale | Beneficial ownership concealment |
| All-cash purchase by high-risk customer | Integration |
| Use of nominee buyer | Hidden owner |
| Price materially above/below market | Value transfer |
| Rapid resale without economic reason | Layering/integration |
| Third-party funding or repayment | Hidden source of funds |
Virtual Assets
| Red Flag | Possible Concern |
|---|
| Use of mixers/tumblers | Obscuring origin or destination |
| Darknet marketplace exposure | Criminal proceeds |
| Chain-hopping across assets | Layering |
| Transfers involving sanctioned wallet/service | Sanctions breach risk |
| Rapid in/out movement with no stated purpose | Pass-through activity |
| Privacy-enhancing coins or anonymity tools | Increased traceability risk |
Suspicious Activity Investigation and Reporting
Investigation Workflow
flowchart TD
A[Alert, referral, subpoena, media hit, or law enforcement request] --> B[Initial triage]
B --> C{Reasonable concern?}
C -- No --> D[Close with documented rationale]
C -- Yes --> E[Gather customer, transaction, CDD, and external information]
E --> F[Analyze against expected activity and typologies]
F --> G{Suspicion remains?}
G -- No --> H[Close; update risk rating if needed]
G -- Yes --> I[Escalate for SAR/STR decision]
I --> J[File/report per applicable rules and preserve confidentiality]
J --> K[Continue monitoring or exit decision]
Alert vs. Case vs. SAR/STR
| Item | Meaning | Key Evidence |
|---|
| Alert | System or manual trigger requiring review | Scenario hit, referral, screening match |
| Case | Investigative file opened to analyze activity | Narrative, documents, transaction analysis |
| SAR/STR decision | Determination whether reporting is required/appropriate | Decision memo, approval trail |
| SAR/STR filing | Report to relevant financial intelligence unit or authority | Filing confirmation, confidentiality controls |
Strong Investigation File Characteristics
| Characteristic | Practical Standard |
|---|
| Clear issue statement | What triggered the review? |
| Customer profile comparison | Why is activity normal or unusual for this customer? |
| Transaction timeline | Shows sequence, amounts, counterparties, and jurisdictions. |
| Evidence retained | CDD, statements, wires, invoices, media, screening results. |
| Typology linkage | Explains why activity resembles laundering, fraud, sanctions evasion, etc. |
| Decision rationale | Supports filing or no-filing decision. |
| Confidentiality | Avoids improper disclosure to the customer or unauthorized parties. |
SAR/STR Narrative Checklist
| Include | Avoid |
|---|
| Who is involved | Unsupported accusations |
| What happened | Generic boilerplate only |
| When activity occurred | Irrelevant background |
| Where funds moved | Unexplained acronyms |
| Why activity is suspicious | Conclusions without facts |
| How activity was conducted | Revealing reporting to customer |
Tipping Off and Confidentiality
| Concept | Practical Meaning |
|---|
| Tipping off | Improperly informing a customer or third party that a suspicious activity report/investigation exists or may be filed. |
| Safe staff response | Ask ordinary business questions needed for CDD or transaction clarification without revealing suspicion. |
| Internal sharing | Share on a need-to-know basis under policy and applicable law. |
| Exam trap | Refusing to ask any customer questions can weaken investigations; the issue is revealing the report/investigation, not routine inquiry. |
| Request Type | AML Team Response |
|---|
| Regulator examination | Provide records, program documentation, testing results, remediation evidence. |
| Law enforcement inquiry | Follow legal process and internal escalation; preserve confidentiality. |
| Subpoena/court order | Route to legal/compliance; produce responsive records as required. |
| Search warrant | Contact legal/compliance immediately; do not obstruct authorized search. |
| Informal request | Verify authority and follow policy before disclosure. |
| Account closure request | Consider legal, law enforcement, risk, and operational impacts before exiting. |
Internal Controls, Audit, and Governance
Three Lines Model
| Line | Typical Role | AML/CFT Responsibility |
|---|
| First line | Business operations, relationship managers, branch/payment staff | Own customer risk, perform procedures, escalate red flags. |
| Second line | Compliance, financial crime risk, sanctions team | Set policy, advise, monitor, investigate, report. |
| Third line | Internal audit/independent testing | Independently evaluate design and effectiveness. |
Governance Evidence
| Evidence | Why It Matters |
|---|
| Board/senior management reporting | Shows oversight of AML risk and issues. |
| Risk assessment methodology | Demonstrates structured risk-based approach. |
| Issue tracking | Shows deficiencies are identified, owned, and remediated. |
| Model/scenario tuning records | Supports monitoring effectiveness. |
| Training completion and role mapping | Shows staff receive relevant AML instruction. |
| Independent audit reports | Confirms challenge and validation. |
Common Control Weaknesses
| Weakness | Risk |
|---|
| Incomplete CDD files | Customer risk cannot be understood. |
| Unreviewed transaction monitoring alerts | Suspicious activity may not be escalated. |
| Poor data quality | Screening and monitoring fail. |
| Overreliance on manual controls | Inconsistent outcomes and weak audit trail. |
| No documented rationale for decisions | Regulators/auditors cannot validate judgment. |
| Stale risk assessment | Program no longer reflects current risk. |
| Training not role-specific | Staff miss risks relevant to their function. |
Transaction Monitoring
Monitoring Scenario Reference
| Scenario | Detects | Tuning Considerations |
|---|
| Cash structuring | Multiple smaller cash transactions | Customer type, cash norms, aggregation logic |
| Rapid movement | Funds quickly enter and leave | Time window, percentage of funds moved |
| High-risk geography | Activity involving risky jurisdictions | Country risk list, customer business rationale |
| Dormant account reactivation | Sudden activity after inactivity | Dormancy period, activity size |
| Round-dollar transactions | Patterned or artificial activity | Product type, customer profile |
| Unusual counterparties | New or unrelated payees | Relationship history, geography, occupation/business |
| Trade anomalies | Inconsistent invoices or routes | Goods type, pricing, shipping data |
| Virtual asset exposure | Transfers to/from VASPs or wallets | Blockchain analytics, sanctions indicators |
Good Alert Disposition
| Required Element | Example of Strong Rationale |
|---|
| Facts reviewed | “Reviewed 90 days of account activity, CDD profile, wire details, and invoices.” |
| Expected activity comparison | “Customer is an importer; wires to supplier are consistent with declared business.” |
| Explanation | “Invoices and shipping documents support purpose and counterparties.” |
| Decision | “Close as not suspicious; maintain current risk rating.” |
| Escalation if needed | “Escalate due to unexplained third-party wires and adverse media.” |
FATF-Style Concepts Commonly Tested
| Concept | Quick Reference |
|---|
| Risk-based approach | Allocate stronger controls to higher risks instead of treating all risk equally. |
| Customer due diligence | Identify/verify customer and understand relationship purpose. |
| Beneficial ownership transparency | Identify natural persons who ultimately own/control entities. |
| Financial intelligence unit | Receives and analyzes suspicious activity reports and related information. |
| Mutual legal assistance | Cooperation mechanism between jurisdictions for investigations/proceedings. |
| Targeted financial sanctions | Restrictions directed at designated persons/entities or defined sanctions programs. |
| Correspondent banking controls | Due diligence on respondent banks and nested/payable-through risks. |
| New technologies | Assess risks before launching new products, delivery channels, or technology. |
| DNFBPs | Nonfinancial businesses/professions that can be abused, such as casinos, real estate, dealers in precious metals/stones, lawyers/accountants in certain activities. |
High-Yield Vocabulary
| Term | Meaning |
|---|
| Predicate offense | Crime that generates proceeds laundered through the financial system. |
| Smurfing | Use of multiple people or transactions to break up funds. |
| Structuring | Designing transactions to avoid reporting or detection thresholds. |
| Funnel account | Account receiving deposits from many locations and moving funds elsewhere. |
| Mule | Person or account used to move illicit funds, sometimes knowingly, sometimes not. |
| Nominee | Person/entity acting on behalf of another to hide true control. |
| Correspondent bank | Bank providing services to another financial institution. |
| Respondent bank | Financial institution receiving correspondent services. |
| Payable-through account | Account allowing respondent’s customers direct or indirect access through correspondent relationship. |
| Nested relationship | Respondent bank provides access to other institutions through its correspondent account. |
| Shell bank | Bank with no physical presence and not affiliated with a regulated financial group. |
| Front company | Business used to commingle or disguise illicit proceeds. |
| Gatekeeper | Professional or intermediary who may facilitate access to financial system. |
| PEP | Person with prominent public function, plus risk-relevant associates/family depending on policy/law. |
| De-risking | Exiting or restricting categories of customers rather than managing risk individually. |
| False positive | Screening/monitoring hit that is not a true match or not suspicious after review. |
| False negative | Missed risk event that should have been detected. |
| Typology | Pattern or method used to launder money or finance illicit activity. |
| Adverse media | Negative information relevant to customer or counterparty risk. |
Scenario Decision Rules
| If the Question Says… | Think… | Likely Best Action |
|---|
| Customer refuses to provide required CDD | Cannot understand/manage risk | Do not onboard or escalate/exit per policy. |
| Activity is unusual but explainable with documents | Not automatically suspicious | Document review and rationale; update risk if needed. |
| PEP with legitimate transparent source of wealth | Higher risk, not prohibited by default | Apply risk-based EDD and approvals. |
| Possible sanctions match | Must not casually clear | Escalate and compare identifiers; act under policy/law. |
| Employee suspects SAR/STR may be needed | Confidentiality matters | Escalate internally; do not tell customer. |
| Law enforcement asks to keep account open | Risk and legal coordination needed | Escalate to legal/compliance; document decision. |
| Monitoring model produces too many poor alerts | Control effectiveness issue | Tune, validate, improve data/scenarios. |
| Complex entity has no clear business purpose | Beneficial ownership concern | Obtain more information; consider EDD/escalation. |
| Trade documents conflict with payment details | TBML concern | Investigate invoices, goods, route, counterparties. |
| High-risk customer has weak CDD file | Program deficiency | Remediate CDD before relying on monitoring alone. |
Common Exam Traps
| Trap | Correct Approach |
|---|
| Treating high risk as automatically illegal | High risk requires stronger controls, not automatic rejection unless prohibited by law/policy. |
| Confusing PEP screening with sanctions screening | PEPs require risk-based EDD; sanctions may prohibit or restrict activity. |
| Assuming small transactions are low risk | Terrorist financing and structuring may involve small amounts. |
| Equating documentation volume with quality | Evidence must answer identity, ownership, purpose, source, and activity questions. |
| Forgetting beneficial owners are natural persons | Legal entities may be in the chain, but the goal is ultimate natural-person ownership/control. |
| Closing alerts without explaining normal activity | A good closure compares activity to expected profile and evidence. |
| Filing SAR/STR based only on a system alert | Alerts require investigation and judgment. |
| Ignoring geography in trade finance | Route, origin, destination, transshipment, and end user matter. |
| Thinking AML is only compliance’s job | First line owns risk; compliance oversees; audit tests. |
| Overlooking data quality | Bad customer or transaction data undermines screening and monitoring. |
Final Review Checklist
| Area | Can You Do This Quickly? |
|---|
| AML lifecycle | Distinguish placement, layering, and integration in scenarios. |
| CFT | Explain why legitimate funds can still create terrorist financing risk. |
| CDD/EDD | Select standard vs. enhanced due diligence based on risk. |
| Beneficial ownership | Identify hidden ownership/control red flags. |
| Sanctions | Distinguish false positive, possible match, and true match escalation. |
| PEPs | Apply risk-based controls without assuming criminality. |
| SAR/STR | Describe investigation, decision, filing, and confidentiality steps. |
| Monitoring | Match typologies to detection scenarios and alert review evidence. |
| TBML | Spot invoice, goods, route, and counterparty anomalies. |
| Governance | Explain roles of business, compliance, and audit. |
| Audit trail | Know what evidence supports a defensible AML decision. |
Practical Next Step
Use this Quick Reference to build mixed practice sets: one scenario for CDD/EDD, one for sanctions, one for transaction monitoring, one for SAR/STR decisions, and one for governance or audit. For each question, force yourself to identify the risk, the control, the escalation point, and the documentation needed.