CAMS: Tools and Technologies to Fight Financial Crime

Use this page to isolate Tools and Technologies to Fight Financial Crime before returning to mixed CAMS practice.

Topic snapshot

Sample questions

These questions are original Finance Prep practice items aligned to this topic area. They are designed for self-assessment and are not official exam questions.

Question 1

Topic: Tools and Technologies to Fight Financial Crime

An AML team proposes raising thresholds in a transaction-monitoring scenario because false positives are high. The governance standard requires documented rationale, testing against historical suspicious cases, independent challenge, approval before release, and post-implementation performance monitoring. Which concept does this description best illustrate?

• A. Periodic customer due diligence refresh
• B. Investigation case assignment workflow
• C. Watch-list fuzzy matching optimization
• D. Scenario tuning change control and model validation

Best answer: D

What this tests: Tools and Technologies to Fight Financial Crime

Explanation: Transaction-monitoring scenarios can create model risk when rules, thresholds, segmentation, or assumptions are changed without sufficient evidence and oversight. Effective scenario tuning should include a documented rationale, impact analysis, testing against relevant historical activity, independent challenge or validation, approval before implementation, and ongoing performance monitoring. This helps avoid reducing false positives in a way that also suppresses genuinely suspicious activity. In the stem, the focus is not simply operational alert reduction; it is controlled change management and validation of a monitoring scenario before and after release.

• Periodic customer due diligence refresh concerns updating customer information and risk ratings, not validating monitoring logic changes.
• Watch-list fuzzy matching optimization relates to sanctions or screening name-matching sensitivity, not transaction-monitoring scenario thresholds.
• Investigation case assignment workflow concerns routing alerts or cases to analysts, not testing and approving model or scenario changes.

The controls described manage model risk by testing, challenging, approving, and monitoring changes to transaction-monitoring logic.

Question 2

Topic: Tools and Technologies to Fight Financial Crime

A bank’s real-time payment-screening tool flags an outgoing wire before release. The beneficiary name is a close fuzzy match to an alias on a UN sanctions list, and the beneficiary address includes the same city and country as the listed party. Operations notes that similar names have often been false positives and asks to release the payment to meet the cutoff. What is the BEST action?

• A. Keep the payment pending and escalate the alert with the match evidence to the sanctions compliance team before release.
• B. Close the alert as a false positive because fuzzy-name matches often generate noise.
• C. Ask the customer to confirm whether the beneficiary is the sanctioned party, then release the payment if the customer denies it.
• D. Release the payment and document that the alert will be reviewed after processing.

Best answer: A

What this tests: Tools and Technologies to Fight Financial Crime

Explanation: When screening identifies a potential sanctions or prohibited-party concern before a transaction is released, the safest risk-based action is to prevent completion until the alert is reviewed by the appropriate sanctions escalation function. Here, the fuzzy name match is strengthened by an address connection, so operations should not override the alert for processing convenience. The compliance team should assess identifiers, list data, transaction context, and internal policy to decide whether the hit is a false positive, a true match, or requires further action. Customer confirmation alone is not reliable, and post-transaction review may allow a prohibited payment to occur.

• Releasing first and reviewing later defeats interdiction controls for a pre-release sanctions alert.
• Closing the alert based only on historical false positives ignores the additional address similarity.
• Asking the customer to self-clear the match is not an adequate sanctions disposition control.

A potential sanctions match with supporting identifiers should be held and escalated for sanctions review before the transaction is processed.

Question 3

Topic: Tools and Technologies to Fight Financial Crime

A bank’s screening platform uses official sanctions lists, terrorist-financing lists, fraud lists, and internal watchlists. Before a new internal list is loaded, the AFC team requires documentation of the list owner, source, inclusion and removal criteria, update frequency, and approval of changes. Which list-management consideration does this describe?

• A. List governance and change control
• B. Fuzzy matching threshold calibration
• C. Alert disposition quality assurance
• D. Payment message field parsing

Best answer: A

What this tests: Tools and Technologies to Fight Financial Crime

Explanation: When screening depends on multiple list types, list management must ensure that each list is appropriate, current, controlled, and auditable. Documenting ownership, source, inclusion and removal criteria, update frequency, and approvals addresses governance and change control over the list itself. This helps prevent outdated, unauthorized, poorly sourced, or overly broad lists from creating missed matches or excessive false positives. Matching thresholds, data parsing, and alert review are important screening controls, but they operate after the list has been accepted and loaded into the screening environment.

• Fuzzy matching threshold calibration concerns how closely names or data must match, not whether the list is properly owned and maintained.
• Payment message field parsing concerns extracting data from transactions for screening.
• Alert disposition quality assurance reviews analyst decisions after alerts are generated, not list approval and maintenance.

These controls establish accountability, source reliability, update discipline, and approved changes before a list is used for screening.

Question 4

Topic: Tools and Technologies to Fight Financial Crime

A bank recently migrated customer data into a new AFC platform. After go-live, cross-border payment alerts dropped sharply, and a sample review found missing aliases, stale country-of-residence fields, and inconsistent occupation codes feeding customer risk scoring and sanctions screening. What is the best action?

• A. Lower transaction-monitoring thresholds until alert volumes return to historical levels, then address missing fields during the next scheduled KYC refresh.
• B. Accept the reduced alert volume as evidence that the new platform is more effective and continue normal operations.
• C. Require investigators to correct missing fields only for cases already escalated for suspicious activity review.
• D. Initiate a data-quality impact assessment and remediation plan, apply interim compensating controls, and validate affected risk scoring, screening, monitoring, and case outputs before relying on them.

Best answer: D

What this tests: Tools and Technologies to Fight Financial Crime

Explanation: Data quality is foundational to lifecycle AFC tools. Customer risk assessment depends on accurate identifiers, geography, occupation, ownership, and activity data. Screening tools need complete names, aliases, dates of birth, and other attributes to reduce both false negatives and false positives. Monitoring relies on consistent customer and transaction data to generate meaningful alerts, and investigations and suspicious activity reporting depend on reliable case evidence. In this scenario, the sharp alert reduction after migration plus missing and stale fields indicates a control-input problem, not necessarily improved performance. The best response is to assess impact, remediate data defects, use interim controls where needed, and validate outputs before management relies on the platform’s results.

• Lowering thresholds may restore volume but does not fix missing or stale inputs that can cause missed risks.
• Treating fewer alerts as better performance ignores evidence of migration-related data defects.
• Correcting data only in escalated cases leaves onboarding, screening, risk scoring, and monitoring exposed to bad inputs.

Incomplete or inaccurate source data can create false risk ratings, missed screening matches, weak monitoring output, and flawed investigation or reporting decisions.

Question 5

Topic: Tools and Technologies to Fight Financial Crime

During onboarding of a corporate customer, an analyst queries an official public database that links registered legal entities to their natural-person beneficial owners and control interests. Which external data source is this?

• A. Adverse media database
• B. Identity document verification service
• C. Ownership register
• D. Criminal records database

Best answer: C

What this tests: Tools and Technologies to Fight Financial Crime

Explanation: External KYC and screening data sources help validate customer information and identify financial-crime risk indicators. An ownership register, sometimes maintained by a company registry or other official authority, provides information about legal entities and the persons or entities that own or control them. This source is especially relevant for corporate onboarding because it supports beneficial ownership checks and helps compare customer-provided ownership details against independent records. The stem describes an official database linking companies to natural-person beneficial owners and control interests, which maps directly to an ownership register rather than media, criminal-history, or identity-document checks.

• Adverse media databases identify negative news or allegations, not legal ownership and control records.
• Criminal records databases may support risk assessment for individuals but do not establish company beneficial ownership.
• Identity document verification services validate a person’s identity document or biometric match, not a corporate ownership structure.

An ownership register is used to confirm legal-entity ownership, beneficial owners, and control information from an external official source.

Question 6

Topic: Tools and Technologies to Fight Financial Crime

A regional bank’s transaction monitoring program relies on broad rules-based thresholds that generate a large backlog of low-quality alerts. The bank has several years of alert dispositions, suspicious activity filings, and customer-risk data, but some source-system fields are inconsistent. Management wants to use AI or machine learning to improve efficiency when moving beyond the current rules. What is the best action?

• A. Use machine learning only to reduce investigation staffing, without changing alert logic or measuring detection outcomes.
• B. Replace the existing rules immediately with a model that automatically closes low-scoring alerts without investigator review.
• C. Add more fixed threshold rules to capture every unusual transaction type before considering machine learning.
• D. Pilot a governed machine-learning alert-scoring layer using cleansed historical data, compare results with current rules, and keep investigator review before wider deployment.

Best answer: D

What this tests: Tools and Technologies to Fight Financial Crime

Explanation: AI and machine-learning tools can improve AFC efficiency by ranking alerts, identifying complex patterns, and reducing false positives that broad rules often produce. A sound transition should not simply switch off existing controls. The bank should first address data quality, pilot the model, compare outcomes against current rules, document performance, and retain human review for investigation and reporting decisions. This approach improves effectiveness while managing model risk, explainability, governance, and regulatory expectations. The available historical dispositions and filing data are useful for supervised learning, but inconsistent fields make data cleansing and validation essential before broad deployment.

• Immediate replacement and auto-closure overrely on the model and weaken investigation governance.
• Adding more fixed thresholds may increase noise rather than improve risk-based prioritization.
• Reducing staff without measuring detection quality treats AI as cost cutting, not an effectiveness control.

This uses AI/ML to prioritize and improve alert quality while controlling data, validation, and human-review risks during transition.

Question 7

Topic: Tools and Technologies to Fight Financial Crime

An AFC monitoring tool returns a low-risk output for a newly onboarded corporate customer. During quality review, the analyst sees that beneficial ownership, expected activity, and industry fields are blank, while the tool uses those fields to segment customers and set monitoring thresholds. Which concept best describes why the output needs additional review?

• A. Data-quality limitation from missing KYC/CDD inputs
• B. Customer experience friction in digital onboarding
• C. Model overfitting to historical alert outcomes
• D. Sanctions screening false positive management

Best answer: A

What this tests: Tools and Technologies to Fight Financial Crime

Explanation: AFC tools depend on complete, accurate, and relevant data to produce useful outputs. If key KYC/CDD fields are missing, such as beneficial ownership, expected activity, or industry, the tool may apply the wrong risk segment, thresholds, or scenarios. A low-risk result in that situation is not necessarily reliable; it should be reviewed in light of the data limitation and corrected through data remediation or additional due diligence. This is a data-quality issue affecting tool output, not simply a normal alert disposition or tuning matter.

• Sanctions false positive management concerns resolving potential name or transaction matches, not missing customer data used for segmentation.
• Model overfitting concerns poor generalization from historical training data, not blank KYC/CDD fields in production data.
• Customer experience friction may arise during onboarding, but the issue here is unreliable AFC tool output caused by incomplete inputs.

Missing customer information can cause the tool to segment or score the customer incorrectly, so the output should not be relied on without review.

Question 8

Topic: Tools and Technologies to Fight Financial Crime

A bank plans to launch a mobile-only account for small import/export businesses that will send cross-border payments to jurisdictions the bank rates as higher risk. Current AFC tools verify identity and screen customers at onboarding, but transaction monitoring is tuned for domestic consumer activity only. Which action is BEST to align lifecycle tool coverage with the risk profile? Select ONE.

• A. Keep the current tools because identity verification and sanctions screening at onboarding cover the main AFC risks.
• B. Block all payments involving higher-risk jurisdictions to avoid adding technology coverage for the new product.
• C. Apply the domestic consumer monitoring scenarios to the new accounts and rely on analysts to escalate any false positives.
• D. Perform a risk-based coverage gap assessment and tune lifecycle tools for mobile onboarding signals, cross-border payment screening, and SME transaction monitoring by jurisdiction corridor.

Best answer: D

What this tests: Tools and Technologies to Fight Financial Crime

Explanation: Lifecycle tool coverage should follow the risk assessment for the customer type, product, delivery channel, and jurisdictions involved. Here, the new offering changes several risk drivers: SME import/export customers, cross-border payments, mobile-only onboarding, and higher-risk corridors. Existing onboarding checks are necessary but insufficient because risks may emerge after account opening through payment behavior, device or channel indicators, sanctions exposure, and transaction patterns. The best action is to identify tool coverage gaps and tune or add controls across onboarding, screening, and ongoing monitoring before relying on the product launch controls.

• Current onboarding tools miss ongoing transaction and corridor-specific risks.
• Domestic consumer scenarios are unlikely to detect SME cross-border typologies effectively.
• Blanket blocking of higher-risk jurisdictions is not a risk-based technology coverage strategy.

This aligns controls across the customer lifecycle with the specific customer, product, channel, and jurisdiction risks in the launch.

Question 9

Topic: Tools and Technologies to Fight Financial Crime

An AFC team configures a tool to review customer names against credible news, regulatory notices, and other public-source information throughout the customer relationship. Alerts are used to identify reputational, criminal, sanctions, or integrity concerns that may require risk review or enhanced due diligence. Which concept does this describe?

• A. Adverse-media screening
• B. Customer risk scoring at onboarding
• C. Transaction monitoring scenario tuning
• D. Official sanctions list screening

Best answer: A

What this tests: Tools and Technologies to Fight Financial Crime

Explanation: Adverse-media screening is part of ongoing KYC because customer risk can change after onboarding. It uses credible media, regulatory notices, and other public information to identify negative developments such as criminal allegations, corruption, sanctions evasion, fraud, or other integrity concerns. These alerts do not automatically prove misconduct, but they can trigger review, enhanced due diligence, risk-rating changes, escalation, or exit consideration depending on the institution’s risk-based procedures.

• Transaction monitoring scenario tuning focuses on calibrating rules or models for transaction behavior, not scanning public-source reputational information.
• Official sanctions list screening compares parties against sanctions lists, but the stem describes broader media and public-source concerns.
• Customer risk scoring at onboarding is an initial assessment, while the described control operates throughout the relationship.

Adverse-media screening is an ongoing control that detects negative public-source information affecting a customer’s financial-crime and integrity risk.

Question 10

Topic: Tools and Technologies to Fight Financial Crime

A bank’s medium-risk corporate customer completed its scheduled KYC refresh six months ago. A perpetual KYC feed now shows a registry change adding a new 40% beneficial owner, and an adverse-media tool flags that owner for alleged procurement fraud. The next periodic refresh is not due for 30 months. What is the best action for the AFC team?

• A. Record the adverse-media alert in the case file but leave the KYC profile unchanged until the customer confirms the change.
• B. Automatically exit the relationship based solely on the adverse-media alert involving the new beneficial owner.
• C. Wait until the next scheduled periodic refresh because the customer was refreshed recently and is currently rated medium risk.
• D. Initiate an event-driven KYC review now, validate the ownership and adverse-media information, and update the customer risk assessment as needed.

Best answer: D

What this tests: Tools and Technologies to Fight Financial Crime

Explanation: Periodic refresh updates customer information on a scheduled cycle based on risk. Perpetual KYC adds ongoing, event-driven monitoring so material changes can be addressed between scheduled reviews. A new 40% beneficial owner is a significant ownership change, and adverse media linked to that person may affect the customer’s financial-crime risk profile. The best control is to trigger an event-driven review, validate the external data, update beneficial ownership and risk-rating information, and decide whether enhanced due diligence or escalation is required. The alert should not be ignored merely because a periodic review was recently completed, but it also should not lead to automatic exit without validation and risk-based assessment.

• Waiting for the next scheduled review misses the purpose of perpetual KYC controls.
• Automatic exit overreacts before validating the match and assessing the customer-specific risk.
• Recording the alert without updating KYC fails to keep customer information current when a material change is indicated.

A material beneficial-ownership change and relevant adverse media are perpetual KYC triggers that should be reviewed before the next periodic refresh.

Continue with full practice

Use the CAMS Practice Test page for the full Finance Prep practice bank, mixed-topic practice, timed mock exams, and explanations.

Related focused pages

• Free CAMS Full-Length Practice Exam
• CAMS: Understanding the Risks and Methods of Financial Crime
• CAMS: Global AFC Frameworks, Governance, and Regulations
• CAMS: Building an Anti-Financial Crime Compliance Program

Free review resource

Use the full Finance Prep practice page above for the latest review links and practice page.