Free CGSS Practice Questions: Building a Sanctions Compliance Program

Use this focused CGSS page as a short practice test for Building a Sanctions Compliance Program. The items are original Finance Prep sample exam questions built for scenario-based practice, not trivia, puzzle questions, official ACAMS questions, copied live-exam content, or exam dumps.

Topic snapshot

Sample questions

These are original Finance Prep practice questions aligned to this topic area. They are not official ACAMS questions, copied live-exam content, or exam dumps. Use them to preview question style and explanation depth before continuing with topic drills, mixed sets, and timed mock exams in Finance Prep.

Question 1

Topic: Building a Sanctions Compliance Program

A global bank is reviewing a new corporate customer that is not itself named on any sanctions list. The bank’s sanctions standard requires escalation when a listed person owns 50% or more in aggregate, directly or indirectly, or otherwise controls the entity through voting rights, board appointment rights, or veto powers. Which fact is most relevant to the sanctions decision?

• A. A listed person previously owned 60% of the customer but sold the interest three years ago, with no current rights retained.
• B. A non-listed individual owns 55% of the customer and is the only person disclosed as an AML beneficial owner.
• C. A listed person owns 22% of the customer and has the contractual right to appoint four of seven board members.
• D. The customer’s registered address is in a jurisdiction rated high risk by the bank’s AML country-risk model.

Best answer: C

What this tests: Building a Sanctions Compliance Program

Explanation: A sanctions ownership and control review should focus on whether a listed person currently owns the entity at or above the applicable threshold, whether listed persons’ interests must be aggregated, or whether a listed person controls the entity through governance rights. Control can be decisive even without majority ownership. The right to appoint most board members gives the listed person practical control over the customer and requires sanctions escalation under the stated standard. Historic ownership, general AML country risk, and ordinary AML beneficial ownership information may support broader due diligence, but they do not answer the sanctions ownership or control question as directly as current control rights held by a listed person.

• Former majority ownership is not decisive when no current ownership or control rights remain.
• High AML country risk may increase due diligence, but it is not an ownership or control fact.
• A non-listed majority owner may matter for customer due diligence, but it does not create a listed-person ownership or control issue under the stated standard.

Board appointment rights can establish control even when the listed person’s ownership is below 50%.

Question 2

Topic: Building a Sanctions Compliance Program

A sanctions analyst is reviewing a new corporate customer under a policy that treats an entity as restricted when listed persons collectively own 50% or more, directly or indirectly. The policy also requires escalation when a listed person has control rights, even below 50%.

Review notes:

• Customer: Northbay Components Ltd.
• Lira Holdings owns 40% of the customer; listed person Viktor S. owns 80% of Lira Holdings.
• Marex SA owns 20% of the customer; listed person Elena R. owns 100% of Marex SA.
• Public investors own the remaining 40%; no sanctions matches were found.
• Shareholder agreement: no veto, board-appointment, or other special control rights for Lira Holdings, Marex SA, Viktor S., or Elena R.
• Goods and jurisdictions: standard consumer goods; no restricted jurisdiction or goods indicators.

Which ownership or control fact do these notes support as most relevant to the sanctions decision?

• A. Listed persons control the customer through veto or board-appointment rights.
• B. The customer is low risk because the goods and jurisdictions do not indicate a sanctions concern.
• C. A single listed person directly owns 50% or more of the customer.
• D. Listed persons indirectly own 52% of the customer in aggregate.

Best answer: D

What this tests: Building a Sanctions Compliance Program

Explanation: The decisive sanctions ownership fact is the aggregate indirect ownership by listed persons. Viktor S. owns 80% of Lira Holdings, which owns 40% of the customer, giving him a 32% indirect interest. Elena R. owns 100% of Marex SA, which owns 20% of the customer, giving her a 20% indirect interest. Together, listed persons indirectly own 52% of Northbay Components Ltd. Under the stated policy, that makes the customer restricted even though no listed person directly owns shares in the customer and no special control rights are present. Product and jurisdiction facts may inform broader risk review, but they do not override the ownership calculation.

• A direct 50% holding by one listed person is not shown; the decisive calculation is aggregate indirect ownership.
• Control rights are specifically absent in the shareholder agreement, so veto or appointment rights do not drive the decision.
• Clean goods and jurisdictions may reduce other sanctions risk indicators, but they do not cure restricted ownership under the stated policy.

Viktor S. indirectly owns 32% and Elena R. indirectly owns 20%, so their aggregate listed ownership reaches 52% under the stated policy.

Question 3

Topic: Building a Sanctions Compliance Program

A global bank’s sanctions assurance team is reviewing repeat misses in trade finance files. The latest risk assessment rates trade finance involving dual-use goods and transshipment jurisdictions as high risk. Payment interdiction logs are complete, but 18 sampled files lack evidence that vessel and goods screening were performed. Management proposes adding a checklist and closing the issue after staff receive a reminder. What should the assurance lead do next?

• A. Link the high-risk activity to the vessel and goods controls, test file evidence, assign remediation owners and dates, and validate the fix before closure.
• B. Treat the matter as a payment-screening tuning issue because payment interdiction logs were complete.
• C. Expand the review to low-risk retail customers to confirm whether the same documentation issue exists elsewhere.
• D. Accept the new checklist as sufficient because management has acknowledged the issue and trained the staff.

Best answer: A

What this tests: Building a Sanctions Compliance Program

Explanation: Sanctions program assurance should not stop at identifying a gap or accepting a management promise. It should trace the risk to the control designed to manage it, review evidence that the control operated, require clear remediation when evidence is missing, and validate that the remediation actually works. Here, the high-risk area is trade finance involving dual-use goods and transshipment jurisdictions. The relevant gap is not payment interdiction, which has logs, but missing evidence of vessel and goods screening. A checklist and staff reminder may be part of remediation, but assurance should confirm ownership, timing, documentation standards, and operating effectiveness before closure.

• Management acknowledgment and training are not enough without evidence that the control is operating and the fix has been validated.
• Expanding immediately to low-risk retail activity does not address the specific high-risk trade finance control gap.
• Payment-screening tuning is not responsive because the documented weakness concerns vessel and goods screening evidence, not payment interdiction logs.

This response ties the identified sanctions risk to specific controls, evidence, remediation, and validation before the issue is closed.

Question 4

Topic: Building a Sanctions Compliance Program

A sanctions QA analyst is reviewing whether a customer record should have produced a potential match in the automated name-screening tool.

• Candidate-generation filter: records with name similarity of 80 or higher move to scoring.
• Weighted scoring: name similarity 70%, country match 20%, registration-year match 10%.
• Alert threshold: final weighted score must be greater than 85.
• Exclusion list: suppresses only customer-list pairs specifically recorded as prior false positives.
• Customer record: Orion Global Trading Ltd, country UAE, registration year 2018.
• Sanctions list record: Oryon Global Trade Limited, country UAE, registration year 2018.
• Matching results: name similarity 80, country match 100, registration-year match 100.
• Exclusion-list status: no entry for this customer-list pair.

What conclusion is best supported by these facts?

• A. The tool should not generate a potential match because a name similarity score of exactly 80 fails the candidate-generation filter.
• B. The tool should not generate a potential match because exclusion lists suppress all prior customer screening activity.
• C. The tool should generate a potential match because the candidate passes filtering, the weighted score is 86, and no exclusion-list entry suppresses it.
• D. The tool should not generate a potential match because the name field alone must exceed the alert threshold.

Best answer: C

What this tests: Building a Sanctions Compliance Program

Explanation: Screening tools often apply matching logic in stages. A candidate-generation filter first determines whether a list record is eligible for scoring. Here, the filter accepts name similarity scores of 80 or higher, so a score of 80 is included. The weighted score is then calculated as 80 × 70% plus 100 × 20% plus 100 × 10%, which equals 86. Because the alert threshold requires a score greater than 85, the record should alert. The exclusion list does not change the result because it only suppresses specific customer-list pairs already recorded as false positives, and no such entry exists here.

• Treating 80 as failing the filter misreads the inequality; “80 or higher” includes 80.
• Assuming broad exclusion-list suppression is incorrect; the stated exclusion applies only to specific prior false-positive pairs.
• Requiring the name field alone to exceed the alert threshold ignores the stated weighted scoring model.

The name score meets the 80-or-higher filter, the weighted score exceeds 85, and there is no prior false-positive suppression.

Question 5

Topic: Building a Sanctions Compliance Program

A bank is reviewing a trade finance request for an exporter selling high-precision thermal imaging cameras. The invoice labels the goods as dual-use and notes that a license may be required for military end use. The named buyer is an unlisted trading company in a low-risk jurisdiction, but the shipping instructions route the goods through a free trade zone and the packing list names the final delivery site as a defense maintenance facility in a comprehensively sanctioned country. Customer screening shows no list match for the exporter or buyer. What is the best next action?

• A. Proceed because the exporter and named buyer did not match sanctions lists.
• B. Process the shipment but request an updated end-use statement after release of documents.
• C. Decline the customer relationship immediately without further review of the trade documents.
• D. Place the transaction on hold and escalate for sanctions and export-control license review before proceeding.

Best answer: D

What this tests: Building a Sanctions Compliance Program

Explanation: Trade due diligence is not limited to screening the named customer and buyer. Dual-use goods, routing through a free trade zone, a final destination in a comprehensively sanctioned country, and a defense facility as the delivery site are decisive red flags. These facts create potential sanctions and export-control exposure even when the immediate parties do not appear on a sanctions list. The appropriate control is to stop processing and escalate for sanctions and export-control review, including whether a license, exemption, or prohibition applies. Proceeding first and collecting documentation later would defeat the purpose of pre-transaction controls. Immediate relationship exit may be premature if the facts require legal or compliance analysis, but the transaction itself should not move forward until cleared.

• A clean list-screening result does not resolve end-use, end-user, routing, or destination risk.
• Updated documents requested after shipment are too late when pre-approval may be required.
• Relationship exit is not the first control step when the immediate issue is whether the transaction is prohibited, licensable, or otherwise restricted.

The dual-use goods, sanctioned-country destination, and defense end-use indicators require a hold and specialist review before processing.

Question 6

Topic: Building a Sanctions Compliance Program

An international bank’s payment screening engine automatically releases payment alerts below a match score of 72. After a sanctions list update, compliance testing finds that three payments involving a newly listed party’s common transliterated alias were released because the alias field was not loaded and the match score was 68. Operations asks to expand auto-release rules to reduce the alert backlog. What response best fits a risk-based sanctions compliance program?

• A. Approve the expansion because the payments scored below the configured threshold and were processed according to existing system rules.
• B. Pause the auto-release expansion, fix the list-data issue, test alias and transliteration matching, document any tuning changes, and require human review for unresolved potential matches.
• C. Rely on customer attestations that no sanctioned parties are involved and suppress the transliterated alias to reduce false positives.
• D. Reduce the match threshold immediately so more alerts are generated, without changing list-loading controls or documenting the change.

Best answer: B

What this tests: Building a Sanctions Compliance Program

Explanation: Automated sanctions screening is a control tool, not a substitute for governance and judgment. A low match score is only reliable if the underlying list data, matching logic, thresholds, aliases, transliteration handling, and auto-disposition rules are working as intended. Here, the problem is not simply backlog volume. The tool released payments because a sanctions-list alias was not loaded and matching logic did not adequately capture a transliterated name. Before expanding auto-release, compliance should correct the data issue, test the screening logic against relevant names and aliases, tune thresholds or rules where justified, document the rationale and approvals, and preserve human review for unresolved potential matches. Expanding automation without fixing and validating the control would increase sanctions risk.

• Treating the existing threshold as sufficient ignores evidence that the threshold and source data failed to catch relevant alias matches.
• Lowering the threshold without governance or documentation may increase alerts but does not address the missing alias data or validate the tool.
• Customer attestations can support due diligence, but they do not replace sanctions screening, list management, and investigation of potential matches.

The facts show a controlled screening-tool failure that requires governance, testing, tuning, documentation, and human review before expanding automation.

Question 7

Topic: Building a Sanctions Compliance Program

An assurance review tests a bank’s sanctions interdiction controls after a new payments hub went live. The review finds:

• Names in structured originator and beneficiary fields are screened and matched correctly.
• The payments hub stores ultimate beneficiary and on behalf of information in separate fields, but those fields are not passed to the interdiction system.
• A test message containing a sanctioned party only in an on behalf of field was processed without an alert.
• The sanctions policy requires screening all payment parties available in the message before release.

Which process step best fits these findings?

• A. Treat the issue as a training gap and refresh false-positive clearing procedures.
• B. Lower the fuzzy-match threshold for originator and beneficiary names to capture more near matches.
• C. Remediate the payment data mapping to feed the missing fields into interdiction, then retest before closing the finding.
• D. Instruct analysts to perform manual random post-payment reviews of high-value transactions.

Best answer: C

What this tests: Building a Sanctions Compliance Program

Explanation: Assurance findings should drive remediation to the control weakness actually observed. Here, the screening engine works for fields it receives, and the matching threshold is not identified as the problem. The failure occurs because relevant payment-party fields are not included in the interdiction feed. The appropriate response is a data management and screening-control fix: map the ultimate beneficiary and on behalf of fields into the interdiction system, confirm they are within the pre-release screening scope, and retest using cases that previously failed. Closing the finding without confirming the corrected feed would leave the same sanctions exposure in place.

• Threshold tuning does not solve missing data; the interdiction tool cannot match a party it never receives.
• Post-payment review is weaker than correcting a required pre-release screening control.
• Analyst training may help alert handling, but the failure occurred before an alert could be generated.

The root cause is missing payment-party data in the screening feed, so remediation should correct the interface and verify the control works.

Question 8

Topic: Building a Sanctions Compliance Program

A sanctions analyst at a bank is reviewing a held USD wire. The bank’s sanctions standard treats an entity as restricted when a listed person owns 50% or more, directly or indirectly.

• Customer/payment: A Singapore customer is paying USD 240,000 through a U.S. correspondent to Nevsky Components FZE in the UAE.
• Purpose: Invoice for controller units, with shipping documents showing onward delivery to St. Petersburg, Russia.
• Screening hit: Nevsky Components LLC, a listed Russian procurement entity.
• Counterparty facts: UAE registry records show Nevsky Components FZE is 60% owned by Baltic Industrial Holdings Ltd., which is 100% owned by the listed Nevsky Components LLC.

Which disposition best fits these facts?

• A. Continue the hold and escalate as a potential sanctions prohibition based on indirect listed-party ownership, supported by the similar name and Russia-bound USD trade payment.
• B. Clear as a false positive based on different legal forms and registration countries, because the beneficiary is not the listed Russian LLC.
• C. Clear after obtaining a customer attestation about end use, because no listed party is named directly in the payment message.
• D. Escalate only for export-control review, because the goods destination is relevant but the beneficiary ownership chain does not affect sanctions disposition.

Best answer: A

What this tests: Building a Sanctions Compliance Program

Explanation: A sanctions disposition should consider the full fact pattern, not just the name in the payment message. Here, the listed Russian entity indirectly owns 60% of the UAE beneficiary through an intermediate holding company. Under the stated bank standard, that ownership level makes the beneficiary restricted even though it has a different legal form and is registered in another country. The similar name, USD clearing through a U.S. correspondent, and Russia-bound shipment all support escalation rather than closure. A customer statement about nonmilitary end use may support due diligence, but it does not replace ownership and control analysis or resolve the listed-party interest in the beneficiary.

• Different legal form and country can support a false-positive closure only when identifiers, ownership, and control do not connect the counterparty to a listed party.
• A customer attestation may be useful evidence, but it cannot override a listed party’s ownership interest.
• Export-control review may also be needed, but the ownership chain and payment facts support sanctions escalation.

The beneficiary is indirectly 60% owned by the listed Russian entity, and the payment and shipment facts reinforce the sanctions concern.

Question 9

Topic: Building a Sanctions Compliance Program

A global bank is considering a trade finance facility for an existing customer that exports medical diagnostic equipment. The customer is based in a lower-risk jurisdiction, but the proposed shipments will go to hospitals in a country subject to broad territorial sanctions. The bank’s policy allows humanitarian medical trade only when the applicable license or exemption conditions are documented and no sanctioned party, restricted bank, prohibited end user, or prohibited end use is involved. The customer has provided invoices naming distributors and a freight forwarder, but has not provided end-user details or ownership information for the distributors.

Which response best fits the sanctions risk presented?

• A. Rely on the customer’s sanctions clause and review the shipments during the next periodic customer review.
• B. Reject the facility solely because the destination country is subject to broad territorial sanctions.
• C. Approve the facility because medical diagnostic equipment is generally humanitarian in nature.
• D. Perform enhanced sanctions due diligence on the parties, ownership, end users, payment route, and license or exemption conditions before approval.

Best answer: D

What this tests: Building a Sanctions Compliance Program

Explanation: A lower-risk customer does not make the activity low risk when the product involves trade finance, a comprehensively restricted destination, intermediaries, and missing end-user and ownership information. Humanitarian medical trade may be permitted, but only within the scope of the applicable license or exemption and only if sanctioned parties, restricted banks, prohibited end users, and prohibited end uses are not involved. The bank should pause approval until it has enough evidence to screen and assess the customer, distributors, freight forwarder, end users, payment route, and ownership or control of relevant parties. Ongoing monitoring should then be aligned to the documented conditions of the permitted activity.

• Treating the medical purpose as automatically permitted ignores license or exemption conditions and party screening.
• A sanctions clause can support due diligence, but it does not replace screening, ownership analysis, and end-user review.
• A blanket rejection may avoid risk, but the facts call for a risk-based review of potentially permitted humanitarian trade.

The facts show elevated product and jurisdiction risk that requires documented sanctions due diligence before the bank can rely on a permitted humanitarian trade basis.

Question 10

Topic: Building a Sanctions Compliance Program

A regional payments firm is expanding into cross-border business payments. Its current sanctions policy says that operations must screen all customers and payments against applicable sanctions lists and comply with sanctions laws. During readiness testing, reviewers found that analysts handled similar potential matches differently: some released payments after a name-only mismatch, some escalated every hit, and some asked relationship managers to contact customers before compliance review. Management wants the most useful policy and procedure enhancement before go-live. What should be added?

• A. A customer certification requiring each client to confirm that it does not transact with sanctioned parties.
• B. A quarterly reminder that employees must comply with all sanctions laws and complete sanctions training on time.
• C. A documented alert-handling procedure that defines screening points, roles, hold/release criteria, escalation paths, evidence standards, recordkeeping, and freezing or reporting steps when required.
• D. A vendor attestation that the screening tool contains current sanctions lists and uses appropriate fuzzy matching.

Best answer: C

What this tests: Building a Sanctions Compliance Program

Explanation: Sanctions policies set management expectations, but procedures translate those expectations into repeatable controls. A program needs documented instructions that tell staff when screening occurs, who owns each step, how alerts are held and analyzed, when ownership or control checks are needed, when to escalate, what evidence supports a false positive or true match decision, and what records and regulatory actions are required. The facts show inconsistent release, over-escalation, and improper customer contact because the policy is too general. The best enhancement is an operational alert-handling and escalation procedure, not a general compliance reminder or reliance on third parties.

• Compliance reminders reinforce awareness, but they do not define how to handle, document, or escalate alerts.
• Vendor attestations support tool governance, but a current tool still requires internal decision procedures.
• Customer certifications may supplement due diligence, but they cannot replace screening, investigation, and documented decisioning.

A documented workflow gives staff consistent instructions for dispositioning alerts and escalating possible sanctions exposure before release or customer contact.

Continue in the web app

Use Finance Prep for interactive CGSS practice with mixed sets, timed mock exams, topic drills, explanations, and progress tracking.

Related focused pages

• Free ACAMS CGSS Practice Exam: Global Sanctions
• Free CGSS Practice Questions: Sanctions Frameworks and Governance
• Free CGSS Practice Questions: Detecting and Investigating Sanctions Evasion Techniques

Practice next step

Use the Finance Prep web app above when you want interactive practice beyond this static page.