Practice Free CAMS Certified Anti-Money Laundering Specialist (CAMS7 the 7th edition) Exam Questions Answers With Explanation

Customer loyalty program tracking and product usage analysis can uncover unusual patterns or behaviors that deviate from expected norms. These insights may help detect suspicious activity or hidden risks, making them valuable tools for supporting AML compliance even if not directly linked to traditional monitoring systems.

When using network analysis tools, it’s important to avoid algorithmic bias toward social criteria to ensure fairness, analyze connections between individuals or entities to identify links and structures, and study relationships within networks to uncover hierarchies, behaviors, movements, and group organization relevant to detecting criminal activity.

Trust and Company Service Providers (TCSPs) pose the greatest financial crime risks when they use trusts to obscure beneficial ownership, promote complex corporate structures that make tracing ownership difficult, and establish shell companies that can be used to hold and move illicit funds. These activities can facilitate money laundering, tax evasion, and other financial crimes by concealing the true origin and control of assets.

The vulnerability of insurance products to money laundering is typically assessed based on purpose and intended use, liquidity (how easily funds can be accessed or moved), and customer anonymity or use of third-party transactions, as these factors can be exploited to disguise illicit funds.

Under FinCEN Section 314(b), financial institutions are permitted to share information with other financial institutions about suspected money laundering or terrorist financing activities. This collaboration helps identify and report suspicious transactions while complying with legal safeguards and privacy requirements.

According to the Egmont Group and CAMS 6th Edition, PPPs benefit FIUs by:

A: “PPPs help address challenges around data protection and facilitate information sharing between public and private sectors, overcoming common legal barriers.”

B: “PPPs result in higher-quality reports from the private sector and provide valuable additional informational input for FIUs.”

E: “These partnerships give FIUs increased flexibility and agility, allowing them to respond dynamically to evolving ML/TF threats.”(CAMS 6th Edition, Egmont Group Guidance on PPPs; Egmont Group, Public-Private Partnerships for FIUs)

Professional service providers can be misused as enablers of money laundering when they abuse their trusted positions and expertise. FATF guidance highlights several risks linked to such abuse.

The creation of shell companies is a common method used to obscure beneficial ownership and facilitate placement or layering of illicit funds. Similarly, opening third-party accounts to mask the true client identity directly undermines transparency and due diligence requirements.

Additionally, actively directing or facilitating the structuring or movement of illicit funds constitutes direct involvement in money laundering schemes and is a serious criminal offense.

By contrast, opening estate or trust accounts for legitimate, transparent purposes does not inherently pose a financial crime risk when proper due diligence is applied.

The combination of frequent address changes and a recent change in the ultimate beneficial owner raises potential red flags that warrant immediate investigation. To mitigate risk, the insurance company should investigate these changes and temporarily decline any payment or withdrawal instructions until the review is complete and appropriate steps are agreed upon. This ensures both regulatory compliance and protection against potential misuse of the policy.

Key challenges in adopting new AML/CFT technologies are:

A: Data privacy—new tech often requires processing more personal data, raising privacy/regulatory concerns.

C: The Travel Rule—meeting global standards for information sharing in payments is a technology challenge.

D: Data quality—effective systems rely on accurate, comprehensive, timely data.

E: Complexity—integrating and managing new technology can increase operational complexity.(CAMS 6th Edition, Technology in AML/CFT; FATF Guidance on Digital ID and Fintech)

FIUs rely on formal cooperation mechanisms to exchange information lawfully and efficiently across borders. One of the most widely used mechanisms is a Memorandum of Understanding (MOU) between FIUs in different jurisdictions.

MOUs establish the terms, scope, confidentiality protections, and procedures for sharing financial intelligence. They enable FIUs to exchange information directly, quickly, and securely while respecting data protection and domestic legal requirements. This structure significantly reduces bureaucratic delays and supports effective cross-border investigations.

FATF and regional bodies are standard-setters and evaluators, not operational information-sharing hubs. The Wolfsberg Group is a private-sector association and does not facilitate FIU-to-FIU communication. MLATs are used primarily by law enforcement and judicial authorities for criminal proceedings and arrests—not for FIU intelligence exchange.

Therefore, MOUs are the correct and most appropriate mechanism for FIU cooperation.

The Wolfsberg Group and Transparency International are non-governmental organizations that provide information and guidance on AML/CFT matters, helping institutions and policymakers strengthen financial crime prevention practices.

Receiving funds from a decentralized mixer and using multiple incoming wires from different sources to purchase virtual currency are red flags, as they can indicate attempts to obscure the origin of funds and facilitate money laundering through virtual asset transactions.

Many jurisdictions lack robust sanctions frameworks, requiring international cooperation and education to improve compliance.

Option B (Correct):Educational initiatives such as AML/sanctions training and workshops help raise awareness and build capacity.

Option D (Correct):Bilateral cooperation allows knowledge-sharing and technical assistance between regulatory authorities.

Why Other Options Are Incorrect:

Option A (Incorrect):Trade restrictions may pressure non-compliant nations, but they do not directly improve sanctions awareness.

Option C (Incorrect):Enforcing fines without prior education or assistance is ineffective and may create diplomatic tensions.

Best Practices for Sanctions Awareness & Compliance:

Develop international AML/sanctions training programs for emerging markets.

Encourage diplomatic engagement to strengthen legal frameworks.

Leverage FATF’s Mutual Evaluation process to assess progress.

The CAMS 6th Edition specifically lists environmental crime as a predicate offense for money laundering. Environmental crimes include activities such as illegal logging, illegal mining, and illegal trade in wildlife.

“Environmental crime, including illegal logging and mining, is recognized as a predicate offense to money laundering. Such crimes often involve complex corporate structures to hide the illicit origin of the proceeds.”

(CAMS 6th Edition, Chapter: Risks and Methods of Money Laundering and Terrorist Financing; FATF Recommendations, Predicate Offenses)

Incorrect Options:

A: Trade-based ML refers to manipulating trade transactions, not the underlying crime.

B: Corruption may be involved, but the primary crime is environmental.

C: Illicit resource trade describes the act, but the official predicate crime category is environmental crime.

Transaction monitoring governanceinvolves ensuring thatAML detection systems are effective, aligned with regulatory standards, and capable of identifying evolving threats.

Option B (Correct):Legal cooperation is essential for responding to subpoenas and law enforcement inquiries.

Option D (Correct):Regularly updating transaction monitoring scenarios ensures that the system adapts to emerging financial crime trends.

Why Other Options Are Incorrect:

Option A (Incorrect):SARs cannot be withdrawn unless an error was made—once filed, SARs remain confidential and must be retained.

Option C (Incorrect):Client profile updates are a CDD/KYC function, not directly related to transaction monitoring governance.

Best Practices for Transaction Monitoring Governance:

Regularly review system effectiveness through validation tests.

Collaborate with legal and compliance teams for risk mitigation.

Use AI and data analytics to refine detection accuracy.

This scenario describes the risk assessment element of an anti-financial crime (AFC) compliance program. FATF standards require organizations to regularly assess and reassess their money laundering and terrorist financing risks, particularly when there are material changes to business models, geographic exposure, or regulatory environments.

The MLRO’s review of the company’s expansion into high-risk jurisdictions and identification of vulnerabilities reflects a dynamic and forward-looking risk assessment process. Updating the compliance framework to address identified risks ensures that controls remain proportionate and effective.

Risk assessments form the foundation of the risk-based approach and directly inform decisions on enhanced due diligence, monitoring, governance, and resource allocation. This process is distinct from transaction monitoring, governance arrangements, or training activities, although those elements may be updated as a result of the risk assessment.

Fuzzy matching is a critical technique used in name screening systems to identify potential matches where names are not spelled identically. Regulators recognize that sanctions, PEP, and watchlist screening must account for variations in spelling, transliteration, abbreviations, and phonetic differences.

Fuzzy matching algorithms compare names based on similar spelling patterns, phonetics, or character arrangements, allowing institutions to detect matches that exact matching would miss. This is especially important for names originating from different languages or alphabets.

Exact matching alone is insufficient for effective sanctions screening, as it would fail to capture common variations. While machine learning may enhance screening systems, fuzzy matching itself does not rely on predictive modeling.

Therefore, fuzzy matching improves detection effectiveness while supporting regulatory expectations for robust screening controls.

Public-private partnerships (PPPs) are widely recognized in AML/CFT frameworks, including FATF guidance, as an effective mechanism to combat financial crime. One key strength of PPPs is improving the speed of action in identifying and responding to emerging financial crime risks. By facilitating closer collaboration, PPPs enable faster detection of typologies, threats, and vulnerabilities across the financial system.

Another major strength is enhanced information-sharing between governments and financial institutions. PPPs allow public authorities to share strategic intelligence and red flag indicators, while private institutions contribute operational insights from real transaction data. This two-way exchange improves the overall quality of financial crime detection and prevention.

While some PPPs operate within legal information-sharing frameworks, they do not eliminate liability entirely, nor do they remove the obligation for institutions to comply with data protection laws. Importantly, PPPs do not replace an institution’s responsibility to conduct its own customer due diligence. Each participating organization remains accountable for maintaining independent AML controls.

A, C, D:

“Trust and asset management services can facilitate the concealment of the source of funds (A), provide a layer of anonymity to transactions (C), and obscure the true legal and beneficial owners (D). These are well-established ML/TF risks in the private wealth sector.”(CAMS 6th Edition, ML/TF Risks in Trust and Asset Management)

B and E are normal aspects of asset management and are not in themselves ML/TF risks unless combined with other suspicious behaviors.

Nominee shareholders may be used for legitimate commercial reasons; however, FATF guidance identifies nominee arrangements as a significant money laundering risk when they obscure beneficial ownership.

The greatest risk arises when nominee shareholders provide anonymity to the true beneficial owner, preventing transparency in public registers and complicating due diligence. Criminals may exploit this opacity to conceal ownership, evade sanctions, launder illicit proceeds, or avoid tax and regulatory scrutiny.

The ability to hide ownership undermines one of the core objectives of AML/CFT frameworks: identifying and verifying beneficial owners. As a result, regulators require enhanced due diligence and clear documentation when nominee shareholders are involved.

Other features—such as administrative efficiency, compliance with local laws, or ease of share transfer—do not inherently increase financial crime risk when transparency and disclosure requirements are met.

Real estate companies face key financial crime risks due to the ability to move large sums in a single transaction, the use of property by criminal networks for illicit operations, the opacity of beneficial ownership structures, and the involvement of professional gatekeepers - such as lawyers and financial institutions - who may unknowingly facilitate money laundering.

Financial institutions must conduct thorough background checks on employees in sensitive roles (e.g., private banking) to mitigate fraud, insider trading, and money laundering risks.

Option A (Correct):Past employment records help verify work history and identify any red flags related to prior financial misconduct.

Option D (Correct):Internet and media searches reveal any negative press, regulatory issues, or connections to illicit activity.

Option E (Correct):Criminal history searches help screen for prior convictions related to financial crimes.

Why Other Options Are Incorrect:

Option B (Incorrect):Personal references are less reliable and may not uncover objective risk factors.

Option C (Incorrect):A resume is self-reported and should be verified using independent sources.

Best Practices for Employee Background Screening:

Conduct enhanced due diligence for high-risk roles (e.g., private bankers, compliance officers).

Use reliable background screening tools and legal databases.

Verify employment history and check against regulatory blacklists.

Among insurance products, group insurance products are generally considered the lowest risk for money laundering, according to FATF and insurance-sector AML guidance.

Group insurance policies are typically employer-sponsored, cover a large number of individuals, and involve limited individual control over premium payments, beneficiaries, or payouts. These characteristics significantly reduce the opportunity for misuse as a money laundering vehicle.

By contrast, permanent life insurance policies and annuities often include investment components, cash surrender values, or flexible premium structures, which increase their attractiveness for laundering illicit funds. Cash-secured products may also present placement or layering risks depending on structure and liquidity.

Therefore, group insurance products pose the lowest inherent AML risk.

Accountants are classified as designated non-financial businesses and professions (DNFBPs) under FATF standards and must apply a risk-based approach to AML/CFT compliance.

A customer acceptance policy is a key tool that helps accountants define which clients or engagements fall outside their risk appetite. This supports consistent onboarding decisions and ensures high-risk clients are either subject to enhanced due diligence or declined.

Additionally, due to the nature of accounting services—such as advisory, tax preparation, and financial reporting—traditional automated transaction monitoring systems used by banks are often not appropriate. Instead, accountants rely more heavily on engagement-based risk assessments, client profiling, and professional judgment.

Accountants are subject to record-keeping requirements longer than two years in most jurisdictions, and geographic risk is always relevant when assessing AML/CFT exposure. Risk assessments must be comprehensive and proportionate, not artificially limited.

Money laundering corrodes financial-system integrity, eroding investor confidence and impeding sustainable economic growth.

Illicit funds entering legitimate economies can finance terrorism and organized crime, skew resource allocation, and stifle development.

A risk-based approach prioritizes allocating more resources to higher-risk areas and regularly reassessing risks to ensure resource allocation remains aligned with evolving threats and vulnerabilities. This maximizes the effectiveness of the AFC program.

Using multiple sanctions lists ensures that financial institutions meet international regulatory obligations and can identify sanctions-related risks across different jurisdictions. This comprehensive approach strengthens compliance and reduces the likelihood of exposure to sanctioned individuals or entities.

Key performance indicators (KPIs) are essential for evaluating the effectiveness and efficiency of transaction monitoring systems within an AML/CFT program. Regulators expect institutions to monitor how well their systems identify, prioritize, and resolve suspicious activity.

The number of alerts raised provides insight into system sensitivity and potential over- or under-alerting. Tracking alerts by region helps institutions identify geographic risk concentrations and emerging threats. The average time to review an alert measures operational efficiency and whether investigations are conducted promptly, as required by regulatory expectations.

Hiring timelines and transaction volumes by top customers are operational or business metrics and do not directly assess transaction monitoring effectiveness.

After identifying and rating inherent risks, the next key step in the risk assessment process is to evaluate the effectiveness of existing controls. This allows the organization to calculate the residual risk - i.e., the level of risk remaining after controls are applied.

Classic indicators of suspicious activity often involve use of proxies, unusual cash access, or attempts to avoid scrutiny, as highlighted in FATF and FIU guidance.

Frequent access to a safe deposit vault to withdraw cash by a person closely associated with a government official raises heightened concern. Such behavior may indicate attempts to conceal illicit funds, particularly given the potential exposure to corruption risk associated with politically exposed persons (PEPs) and their close associates.

Similarly, requesting a third party to execute wire transfers on one’s behalf to a FATF grey-listed jurisdiction is a well-recognized red flag. This behavior suggests an attempt to evade transaction monitoring, sanctions screening, or enhanced due diligence requirements by distancing oneself from the transaction.

The remaining scenarios describe activities that are either legitimate or explainable with proper documentation and transparency. Merely dealing with an institution previously fined for AML violations or conducting legitimate trade with customs compliance does not, on its own, constitute suspicious activity.

Appointing individuals to serve in official capacities poses a higher money laundering risk because it can be used to obscure the true beneficial ownership and control of the company, making it easier to conceal illicit activities or the identity of those directing the business.

The review should prioritize politically exposed persons (PEPs) risk, as state ownership increases the likelihood of political connections, and anti-bribery and corruption risk, since such environments may have higher exposure to corrupt practices and misuse of influence.

Once there is reasonable suspicion of money laundering, the next critical step is to draft and file a suspicious activity report (SAR) with the relevant financial intelligence unit within the required regulatory timeframe. The SAR should contain a clear chronology of transactions, relevant customer details, and the rationale for suspicion to support potential investigation by authorities.

Criminals may target accountants because they have the capability to create and structure companies, falsify accounts, and manipulate financial statements, which can be exploited to disguise illicit funds and facilitate money laundering.

A core requirement of applying a risk-based approach (RBA) in customer due diligence for legal entity clients is the identification and verification of beneficial ownership. FATF standards require financial institutions to take reasonable measures to identify and verify the identity of the natural persons who ultimately own or control a legal entity.

Understanding beneficial ownership is critical because complex corporate structures can be misused to conceal illicit ownership, launder money, or evade sanctions. The depth of verification required depends on the assessed risk level of the customer, with higher-risk entities requiring enhanced due diligence.

Information such as market competition or profitability is not relevant to AML/CFT risk assessment. While open-source information may support due diligence, relying solely on internet or social media sources is insufficient and inconsistent with regulatory expectations.

Therefore, verifying beneficial ownership is the most essential and regulator-mandated CDD measure under a risk-based approach.

To maximize the benefits of PPPs while addressing data privacy and regulatory concerns, the bank should establish a clear framework within the partnership that defines privacy protections and ensures all information sharing complies with applicable legal and regulatory requirements across jurisdictions. This approach fosters trust, enables effective collaboration, and mitigates potential legal risks.

Paying premium several years in advance and terminating early for a refund (A):“A typical red flag is when a policyholder pays large premiums up front and then seeks early termination to receive a refund. This can be used to launder illicit funds by integrating them into the financial system and then retrieving ‘clean’ money.”(CAMS 6th Edition, Life Insurance ML/TF Risks; FATF Guidance for a Risk-Based Approach for the Life Insurance Sector)

Regularly switching policies and accepting penalties (D):“Frequent changes in insurance policies or products, even at a financial loss, are considered suspicious. This may indicate an attempt to obscure the money trail or integrate illicit proceeds.”(CAMS 6th Edition, ML/TF Red Flags in Life Insurance)

Incorrect Options:

B: Having multiple policies is common and not itself a red flag.

C: High premiums/payouts are not inherently suspicious.

E: Beneficiary payouts to elderly people are not ML/TF red flags.

AML/CFT (Anti-Money Laundering/Countering the Financing of Terrorism) applications are heavily influenced by various laws and regulations. The most impactful areas include:

Information security, data privacy, and cybersecurity – AML/CFT compliance relies on collecting and analyzing financial data. Data protection laws (e.g., GDPR) impact how financial institutions store, share, and protect sensitive customer information while ensuring that AML measures remain effective.

Foreign exchange control, and precious gemstone and metal dealing – Criminals often launder money through foreign currency transactions, gold, diamonds, and other high-value assets. Regulations governing these sectors help prevent financial crime.

Consumer protection, financial inclusion, and ESG – AML/CFT frameworks must balance risk mitigation with ensuring access to financial services (financial inclusion). Additionally, ESG policies play a growing role in identifying illicit financial.

A key regulatory expectation for transaction monitoring systems is flexibility and adaptability. Financial crime risks evolve rapidly, and institutions must be able to respond quickly to new typologies, threats, and regulatory guidance.

The ability to build, iterate, and test rules enables compliance teams to rapidly adjust monitoring scenarios, thresholds, and logic as new risks emerge. This capability allows institutions to implement changes without lengthy system redevelopment, ensuring timely and proportionate responses to financial crime threats.

While cloud deployment and AI integration can enhance scalability and analytics, they do not directly address the need for rapid rule changes. Configurable reporting supports oversight and governance but does not directly affect detection responsiveness.

Therefore, rule agility is the most critical characteristic for rapid response.

Fingerprint is an inherent factor because it is a biometric trait - something the user is. Inherent factors rely on physical or behavioral characteristics such as fingerprints, facial recognition, or voice, which are unique to the individual.

FATF standards require organizations to adopt a risk-based approach (RBA) that is informed by both internal risk factors and national and sectoral risk assessments. These assessments provide critical insight into prevalent money laundering and terrorist financing threats within specific jurisdictions and industries.

Organizations should integrate relevant findings from these assessments into their internal risk assessments to ensure that policies, controls, and monitoring systems are aligned with identified risks. This enables institutions to tailor enhanced due diligence (EDD) measures and allocate compliance resources effectively.

Ignoring national or sectoral assessments would weaken the organization’s ability to respond to known threats and would be inconsistent with regulatory expectations. These assessments are not limited to worst-case scenarios nor intended solely for regulators; they are a foundational input for private-sector AML programs.

Public-private partnerships allow public organizations to gain insights from the private sector to shape effective policies and legislation. Additionally, strong data protection and privacy frameworks help create secure information-sharing protocols within PPPs, enhancing collaboration while preventing unauthorized access.

Risk assessment is the foundation of an effective AML compliance program. It enables an organization to identify, understand, and prioritize its exposure to money laundering and terrorist financing risks, which in turn informs the development of appropriate controls, including policies, procedures, and customer due diligence measures.

Policies outline the guiding principles and objectives of an organization’s AML framework, setting the tone for compliance. Procedures translate these policies into detailed, actionable steps that staff must follow. Both are essential for effective AML compliance.

A: “Effective training includes practical examples and use cases tailored to the business.”

B: “Firms must keep accurate records of all AML/CFT training, including completion logs.”

D: “Staff should be aware of the consequences of non-compliance with AML/CFT obligations.”(CAMS 6th Edition, AML/CFT Training and Awareness)

Incorrect:

C: Training should be tailored and role-specific.

E: Third-party trainers are not required for effective training.

Financial institutions should have a standardized process for terminating customer relationships, including conducting risk assessments and documenting the reasons for termination. A final review of the customer’s transaction history helps address any outstanding concerns or unresolved issues. Keeping thorough records of the termination process ensures compliance and provides documentation in case of any future inquiries or disputes.

When a financial institution receives a grand jury subpoena, it is legally compelled to respond, but must do so in a controlled, lawful, and coordinated manner.

The first step is to consult with legal counsel to verify the subpoena’s validity, scope, deadlines, and confidentiality requirements. Legal counsel ensures the institution responds accurately, protects privileged information, and complies with applicable laws.

Notifying the customer would constitute tipping off, which is prohibited. Immediate disclosure without legal review may result in over-disclosure or violation of customer privacy laws. Filing a SAR may be appropriate depending on the facts, but it is not the first step and must not reference the subpoena.

This approach aligns with U.S. AML, BSA, and law enforcement cooperation requirements.

Effective customer due diligence relies on authoritative, reliable, and relevant external data sources, as outlined in FATF standards and national AML regulations.

Sanctions lists, such as those maintained by OFAC, the EU, and the UN, are mandatory screening sources to ensure compliance with sanctions regimes. Registers of stolen or forged documents, where available, help detect identity fraud and false documentation during onboarding.

Additionally, beneficial ownership registers and adverse media sources are essential for identifying hidden ownership structures, corruption exposure, and reputational risk.

Customer reviews and lifestyle assessments from social media are not considered reliable or appropriate primary sources for AML screening due to privacy, accuracy, and governance concerns.

PEPs are recognized by CAMS 6th Edition and FATF as posing elevated risk due to:

A. The family members and close associates of PEPs may be involved in illicit activities:“The risks extend beyond the PEP to family members and close associates, who may be used to conceal the movement of illicit funds.”(CAMS 6th Edition, PEP Risk Factors; FATF Guidance)

C. PEPs may exploit embassy activities to conceal bribery and corruption transactions:“PEPs may use their position or diplomatic privileges, such as embassy operations, to disguise or facilitate the movement of illicit funds.”(CAMS 6th Edition, Corruption and PEP Risks)

Incorrect Options:

B: There is no such legal provision granting PEPs financial immunity or unlimited credit.

D: Banks may (and often must) exit PEP relationships not in line with their risk appetite.

The relationship manager is in the best position to identify and report money laundering risks due to their direct and ongoing interaction with clients. They have detailed knowledge of clients’ profiles, financial behaviors, and any unusual activities that may raise red flags.

Terrorist financing can be facilitated on gaming platforms particularly through the trading of in-game items for fiat currency. This mechanism allows for the movement of value outside the formal financial system, potentially evading detection and reporting requirements.

“One of the key ML/TF risks in online gaming is the ability to convert virtual assets or in-game items into real-world (fiat) currency, thereby providing a channel for laundering money or funding terrorist activities.”

(CAMS 6th Edition, Chapter: Risks and Methods of Money Laundering and Terrorist Financing; FATF, Virtual Assets Guidance 2019)

Incorrect Options:

A: Buying in-game items with in-game currency does not in itself facilitate terrorist financing.

B: Exchanging items between players may be a step in layering but is not direct TF unless items are traded for fiat.

D: Obtaining items by in-game activity is standard gameplay and not a TF method.

Financial Intelligence Units (FIUs) play a central role in national and international AML/CFT frameworks. According to FATF standards, FIUs are responsible for the receipt, analysis, and dissemination of financial intelligence related to suspected money laundering, terrorist financing, and predicate offenses.

One core function of an FIU is receiving and analyzing SARs submitted by financial institutions and other obliged entities. Through analysis of reported information, FIUs identify suspicious patterns, trends, and networks that may indicate financial crime.

Another key function is disseminating intelligence and typologies to competent authorities and, where appropriate, to the private sector. This includes sharing insights on emerging risks, new money laundering methods, and evolving threat trends, which enhances system-wide financial integrity.

FIUs do not design financial products for institutions, nor do they supervise AML programs—that responsibility lies with AML supervisory authorities. Their role is intelligence-focused rather than regulatory or commercial.

The Basel Committee on Banking Supervision (BCBS) requires that the board of directors establish and oversee the compliance function and approve the bank's AML/CTF compliance policies and procedures, including processes for identifying, assessing, monitoring, and reporting compliance risks.

“The board of directors should establish a compliance function and approve compliance policies and processes for identifying, assessing, monitoring, and reporting compliance risks throughout the organization.”

(CAMS 6th Edition, Corporate Governance and Oversight; BCBS, Corporate Governance Principles for Banks, Principle 6)

Real estate ML/TF risk is highest where transparency is low or the origin of funds is obscured:

Use of cash to purchase property (A):“All-cash transactions in real estate present a high ML risk, as they bypass traditional financial scrutiny and facilitate the placement of illicit funds.”(CAMS 6th Edition, Real Estate Money Laundering Risks)

Use of a company for the purchase of property (D):“Purchasing property through companies, especially shell companies, can conceal the beneficial owner and the true source of funds.”(CAMS 6th Edition, Real Estate ML/TF Risks; FATF, Real Estate Sector)

Incorrect Options:

B: Unlicensed agents may be risky, but the core risks are A and D.

C: Trusts may add complexity but are less common/high-risk than company structures.

E: Value manipulation is risky but less so than the above.

Trust and company service providers (TCSPs) are recognized by FATF as higher-risk gatekeepers due to the nature of services they provide, which can be misused to facilitate money laundering.

The use of nominee directors can obscure beneficial ownership, allowing criminals to hide their involvement behind third parties. This lack of transparency is a significant AML risk.

The sale of ready-made or shelf companies, particularly through offshore intermediaries, enables rapid creation of legal entities with no operating history, which are frequently used in layering schemes.

Additionally, minimal face-to-face interaction—especially in offshore service models—reduces the ability to verify customer identity and intent, increasing impersonation and misuse risks.

TCSPs do not market themselves to criminals and are subject to AML obligations in most jurisdictions, making those options incorrect.

A: The purchase of high-value real estate using cash in multiple transactions—especially without clear economic justification—is a classic money laundering typology. The goal is typically to integrate illicit funds into the legitimate economy and obscure their origin.

“Large cash purchases of property without an obvious economic rationale are a significant red flag for money laundering in the real estate sector.”

This typology is highlighted in CAMS 6th Edition and the FATF’s guidance on real estate ML/TF risks.

Hawala operatives rely on informal networks outside the regulated banking system, allowing funds to move across borders without the usual AML controls.

Because hawala transactions are settled on trust rather than recorded through formal channels, it’s often impossible to trace who originated or ultimately received the funds.

The primary compliance concern is balancing compliance with the US Bank Secrecy Act (BSA) and OFAC sanctions while also ensuring adherence to EU AML directives and GDPR requirements. GDPR’s strict data protection rules can complicate cross-border information sharing, making it challenging to align compliance across multiple jurisdictions.

The Bank Secrecy Act (BSA) is the foundational Anti-Money Laundering (AML) and Counter-Terrorist Financing (CFT) law in the United States. Enacted in 1970, the BSA requires financial institutions to establish and maintain effective AML programs designed to detect and prevent money laundering and terrorist financing.

Under the BSA and its implementing regulations, financial institutions must implement key controls such as Customer Identification Programs (CIP), customer due diligence (CDD), enhanced due diligence (EDD) for higher-risk customers, transaction monitoring, record-keeping, and the filing of Suspicious Activity Reports (SARs) and Currency Transaction Reports (CTRs) with FinCEN.

While the USA PATRIOT Act expanded AML obligations—particularly in relation to terrorist financing—it amended and strengthened the BSA rather than replacing it. The Money Laundering Control Act criminalized money laundering activities but does not establish the operational compliance framework. MiCA is an EU regulation and does not apply in the U.S.

Therefore, the BSA remains the cornerstone of U.S. AML/CFT compliance requirements.

An effective name screening process is a critical component of sanctions and AML compliance. Regulators expect financial institutions to implement strong governance, risk-based design, and ongoing validation.

Clearly defining the screening scope, frequency, and alert adjudication procedures in policies ensures consistency, transparency, and accountability across the organization.

Conducting a risk assessment allows institutions to make informed, proportionate decisions on which data attributes to screen (e.g., names, aliases, addresses), how frequently to screen, and which databases to use. This aligns with the risk-based approach.

Regular testing and validation ensure that screening systems continue to perform as intended, detect true matches, and minimize false positives or missed hits.

Selecting the most popular database or assigning a single individual for control ownership does not ensure effectiveness and may introduce governance risk.

In anEnterprise-Wide Risk Assessment (EWRA),residual riskis the level of risk that remains after applying mitigating controls to theinherent risk(the risk present before controls are applied).

In this scenario, theinherent risk is highdue to the nature of private banking—high net worth clients,cross-border transactions,complex ownership structures, andhigh-value financial products. However, the institution has implementedrobust CDD and EDD, as well asadvanced transaction monitoring systems.

According to the CAMS Study Guide – 6th Edition, wheneffective and properly implemented controlsare in place, they cansignificantly reducethe residual risk—even in high-risk business areas like private banking. However, no control framework caneliminate all riskentirely.

Option Ais correct: Controls can significantly reduce the residual risk when strong, effective systems and procedures are in place.

Option Bis partially true but suggests inadequacy, which is not indicated here.

Option Cincorrectly assumes residual risk cannot be lowered even with controls.

Option Dis incorrect because residual riskcannot be eliminated entirely.

Large individual cash transactions pose the highest money laundering risk for money services businesses. Cash is difficult to trace and, when handled in significant amounts, can be used to introduce illicit funds into the financial system with minimal transparency.

Regulatory Technology (RegTech) is a specialized subset of FinTech that focuses on improving how organizations meet regulatory and compliance obligations, including AML/CFT requirements. RegTech solutions leverage technologies such as automation, data analytics, artificial intelligence, and machine learning to enhance efficiency, accuracy, and scalability.

In the AML context, RegTech supports functions such as customer due diligence (CDD), transaction monitoring, sanctions screening, regulatory reporting, and record-keeping. These tools help financial institutions reduce manual processes, improve detection of suspicious activity, and respond more quickly to regulatory changes.

SupTech, by contrast, refers to supervisory technology used by regulators, not regulated institutions. The other options are not recognized regulatory terms.

Global regulators, including FATF and national supervisory authorities, actively encourage the responsible adoption of RegTech as part of a risk-based approach, provided appropriate governance, data quality, and model oversight are in place.

E-commerce business models are exposed to several financial crime risks that are clearly identified in Anti-Money Laundering (AML) and Counter-Terrorist Financing (CFT) regulatory guidance, including publications from the Financial Action Task Force (FATF) and national supervisory authorities.

One key risk is the use of stolen bank card or payment data to purchase goods or services online. E-commerce platforms are particularly vulnerable to card-not-present fraud, where criminals exploit remote payment channels to generate illicit proceeds.

Another common risk is fraud against customers through non-delivery of goods or services. In these cases, fraudulent merchants accept payments without any intention of fulfilling orders. This form of consumer fraud is recognized as a predicate offense to money laundering under AML frameworks.

Additionally, online marketplaces may be abused to move or disguise criminally obtained funds. Criminals may conduct fake transactions, self-purchases, or repeatedly buy and resell goods to legitimize illicit funds. This activity aligns with recognized typologies such as transaction laundering and trade-based money laundering.

Although export control evasion and bribery and corruption are serious financial crimes, they are not typically considered common or inherent financial crime risks specific to standard e-commerce business models in AML/CFT guidance.

The Basel Committee on Banking Supervision (BCBS) is a global standard-setting body that develops prudential banking standards and supervisory guidance, including key principles relevant to AML/CFT governance.

The BCBS does not have legal enforcement authority. Instead, it relies on the commitment of its member jurisdictions to implement its standards through national laws and supervisory practices. This cooperative model reflects the committee’s role as a standard-setter rather than a regulator.

Basel guidance includes international standards, implementation guidelines, and best practices designed to strengthen banking supervision and risk management frameworks globally. These materials are intended to be adopted and adapted within local legal and regulatory systems.

The Basel Core Principles for Effective Banking Supervision explicitly include guidance on customer identification, acceptance, and ongoing monitoring, aligning closely with AML/CFT expectations.

The committee is composed of central banks and supervisory authorities, not individual banks, and there are no formal penalties such as suspension for non-implementation.

B: When a subpoena is received, the institution should first consult with legal counsel to ensure the validity and scope of the subpoena. Compliance with law enforcement requests is mandatory and subject to strict legal obligations. All documentation and responses should be properly recorded.

“A subpoena requires a legal response; consult legal counsel to validate the request and respond as required by law.”

FinCEN 314(b) information-sharing requests are voluntary and can proceed only after fulfilling required legal steps, such as verifying membership in the program and ensuring information-sharing agreements are in place.

CAMS 6th Edition clarifies that “under no circumstances should a customer be notified of a law enforcement inquiry or subpoena.”

A primary objective of public sector groups in combating money laundering is to establish and enforce legal and regulatory frameworks that enable the detection, prevention, and punishment of money laundering and related financial crimes, ensuring the integrity of the financial system.

In situations involving significant AML concerns, especially with high-risk clients, thecompliance officer must follow proper escalation procedureswithin the institution. The appropriate course of action is toescalate the matter to a senior governance body, such as ahigh-risk client committee, which is typically tasked with balancing AML risk against business considerations.

Unilateral offboarding (Option B)may violate internal protocols.

Persuading the relationship manager (Option C)bypasses formal governance.

Delaying action (Option D)risks further exposure to regulatory or reputational damage.

This escalation ensuresdocumented risk-based decision-makingand demonstrates to regulators that the institution appliesstructured and objective AML governance.

A robust AML training program should incorporate the followingbest practicesto ensure awareness and ongoing engagement:

Option A – Tailored and regular training:

Training should berisk-based and role-specific, ensuring employees understand how AML applies to their function.

Option D – Variety and resources:

Use ofinteractive, digital, live, and scenario-based methodskeeps training effective and adaptable. Providing materials and resources supports continued learning.

Option E – Communication and measurement:

Ongoing AML awareness campaigns andfeedback mechanismshelp assess theeffectivenessof training and reinforce its importance.

Option Bis too vague and not recognized as a best practice.

Option C, while helpful, isnot sufficient alone—annual frequency without contextual or tailored content is inadequate.

Modern KYC solutions help reduce identity theft, provide reliable customer authentication to build trust, and shorten authentication times, enhancing both security and efficiency in customer onboarding and ongoing due diligence processes.

The most effective way to reduce irrelevant results in AI/ML-driven adverse media screening is to fine-tune the models to prioritize high-risk keywords and reliable sources. This improves precision by filtering out noise and directing focus toward content that is more likely to indicate financial crime risk.

Cryptocurrency and convertible virtual currencies present common financial crime risks such as obscuring the origin of illicit funds, being used to layer transactions for money laundering, and facilitating payments for illegal goods and services due to their pseudo-anonymous and borderless nature.

Percentage change in transaction monitoring alerts escalated for investigation and number/percentage of senior PEPs onboarded are key risk indicators that can highlight shifts in the inherent risk profile of the customer base, enabling leadership to proactively address emerging financial crime risks.

The suspicion increases when the beneficiary is a foreign company whose shareholders and director are other companies, as this can indicate the use of layered corporate structures to obscure the ultimate beneficial owner and conceal illicit fund flows.

Real estate transactions are vulnerable to ML/TF risks, particularly when there is limited transparency or unusual payment methods:

Cross-border purchases (A):“Purchases by foreign buyers, especially from high-risk jurisdictions, are a red flag for money laundering in the real estate sector.”(CAMS 6th Edition, Real Estate Money Laundering Risks; FATF, Money Laundering and Terrorist Financing through the Real Estate Sector, 2007)

Non-financed purchases (D):“Non-financed (all-cash) purchases can indicate the introduction of illicit funds into the financial system, bypassing the controls of mortgage lenders.”(CAMS 6th Edition, Real Estate ML/TF Risks)

Incorrect Options:

B: Purchasing in the name of a natural person is standard and not inherently risky.

C: Paying the true market price does not raise ML/TF risk.

Early surrender of a policy can be used to quickly access and integrate illicit funds, while funding an insurance policy with cryptocurrencies or other non-fiat currencies can obscure the source of funds, both of which are recognized money laundering risk factors in insurance products.

The Egmont Group is an international network of Financial Intelligence Units (FIUs) established to promote cooperation and information exchange in the fight against money laundering and terrorist financing. One of its core principles is to facilitate secure, timely, and lawful information sharing between FIUs.

The Egmont Group provides a framework, standards, and secure channels—such as the Egmont Secure Web—that allow FIUs to exchange intelligence related to suspicious transactions, typologies, and emerging financial crime risks across borders. This cooperation is essential given the transnational nature of money laundering and terrorist financing.

The Egmont Group does not publish reporting standards, act as a regulator, or publicly disclose investigation outcomes. Its role is operational and intelligence-focused, supporting FIUs while respecting confidentiality and national legal frameworks.

Therefore, arranging information-sharing protocols between FIUs is a fundamental principle of the Egmont Group.

Virtual Asset Service Providers (VASPs) are considered higher-risk customers due to their exposure to anonymity, speed, and cross-border transactions. FATF guidance highlights several red flags indicative of potential money laundering activity.

The use of shell companies to move funds into and out of a VASP is a strong indicator of attempts to conceal beneficial ownership and obscure transaction flows. Similarly, frequent use of mixers and tumblers is a well-recognized technique used to break transaction trails and hinder blockchain tracing.

Receiving funds from jurisdictions with weak AML frameworks significantly increases geographic risk, particularly when combined with other red flags.

By contrast, peer-to-peer infrastructure use and market volatility are inherent features of the virtual asset ecosystem and do not, on their own, indicate money laundering.

A: The first step in any suspicious activity investigation is to review the transaction history and other relevant account information to establish context, identify patterns, and determine if the behavior is consistent with known typologies of money laundering.

“The initial phase of an AML investigation is to review relevant account information and transaction activity to assess whether a SAR filing is warranted.”

This approach ensures that any subsequent decisions, such as escalation, SAR filing, or customer outreach, are based on a comprehensive understanding of the facts.

The First Line of Defense (1LoD) consists of customer-facing business units (e.g., relationship managers, front-office staff, and operational teams). Their primary responsibility in financial crime risk management is to implement AML/CFT controls as part of daily operations. This includes Collecting complete customer information.

The First Line of Defense is responsible for conducting Know Your Customer (KYC) and Customer Due Diligence (CDD) during onboarding and throughout the customer relationship. Ensuring that all relevant customer details (e.g., identity, business purpose, ownership structure) are accurately collected and documented is crucial for mitigating financial crime risks.

Artificial intelligence (AI) enhances transaction monitoring by complementing or improving upon traditional rules-based systems. Regulators recognize that AI can strengthen AML programs when deployed with appropriate governance and oversight.

One key benefit is the ability to identify changes in customer behavior over time. AI models analyze historical and real-time data to detect deviations from expected patterns, allowing institutions to reassess customer risk more dynamically and accurately.

AI can also generate predictive customer risk scores, helping institutions prioritize alerts and focus investigative resources on higher-risk customers and activities. This improves efficiency and effectiveness while supporting a risk-based approach.

AI is designed to reduce false positives, not increase them, and bias must be carefully managed during training through governance and data controls.

The Financial Action Task Force (FATF) is the global standard-setter for AML/CFT and counter-proliferation financing. Its mandate is focused on standard-setting, assessment, and international coordination, not enforcement or prosecution.

One of FATF’s primary functions is developing international standards, known as the FATF Recommendations, which form the basis of national AML/CFT regimes worldwide.

FATF also identifies high-risk and non-cooperative jurisdictions with strategic AML/CFT deficiencies and works with them to address these weaknesses. Public identification encourages reform and enhances global financial integrity.

Additionally, FATF maintains strong engagement with international organizations, regional bodies, and the private sector to promote consistent implementation of standards.

FATF does not prosecute countries or suspend membership based on evaluation outcomes.

A risk-based approach is central to AML/CFT programs and includes:

A: Creating detailed risk profiles for customers based on their behaviors and connections.

C: Applying controls that are tailored to the actual risk (not a one-size-fits-all approach).

D: Performing a thorough risk assessment, considering customer, transaction, and geographic factors.

“A risk-based approach involves risk profiling, tailored controls, and comprehensive risk assessment across key risk factors.”

(CAMS 6th Edition, Risk-Based Approach and Risk Assessment)

Incorrect:

B: Monitoring only flagged customers is not sufficient.

E: Equal allocation of resources ignores differing risk levels.