ACAMS CAMS Certified Anti-Money Laundering Specialist (CAMS7 the 7th edition) Exam Practice Test

A risk-based approach involves conducting a comprehensive risk assessment, applying controls that match the identified risk levels, and creating detailed customer risk profiles to focus monitoring and resources where they are most needed to mitigate financial crime risks effectively.

The AUSTRAC Fintel Alliance is a successful example of a public-private partnership (PPP). It brings together government agencies and private sector organizations to collaborate on detecting, preventing, and disrupting financial crime through shared intelligence, technology, and expertise.

Specialized AML training must be relevant to the specific risks the corporate banking team faces, including legal/regulatory expectations and the ML/TF typologies applicable to their products and customer base.

Applicable AML laws and regulations (B):“Staff must be aware of the applicable AML/CFT laws and regulatory requirements relevant to their business area.”(CAMS 6th Edition, Chapter: AML Training and Awareness)

Money laundering typologies applicable to corporate loans (D):“Training should include typologies and red flags that are most relevant to the risks present in the specific business line, such as corporate lending.”(CAMS 6th Edition, AML Training for High-Risk Departments)

Incorrect Options:

A: Monetary instrument reporting is more relevant to retail/branch banking.

C: Regulatory exam best practices are for compliance teams, not business-line relationship managers.

Beneficial ownership registers maintained by the country of incorporation are the most reliable external source for verifying beneficial ownership during onboarding, as they are official records mandated by law and typically subject to regulatory oversight.

The First Line of Defense (1LoD) consists of customer-facing business units (e.g., relationship managers, front-office staff, and operational teams). Their primary responsibility in financial crime risk management is to implement AML/CFT controls as part of daily operations. This includes Collecting complete customer information.

The First Line of Defense is responsible for conducting Know Your Customer (KYC) and Customer Due Diligence (CDD) during onboarding and throughout the customer relationship. Ensuring that all relevant customer details (e.g., identity, business purpose, ownership structure) are accurately collected and documented is crucial for mitigating financial crime risks.

A rules-based approach to transaction monitoring relies on predefined rules that flag specific patterns and on setting thresholds that trigger automated alerts when exceeded. These techniques are fundamental to identifying potentially suspicious activities in a structured, deterministic way.

A key advantage of privacy enhancing technologies (PETs) in anti-money laundering is their ability to securely process data while it remains encrypted. This enables data analysis and collaboration without exposing sensitive information, helping to maintain privacy while still supporting financial crime detection.

The Office of Foreign Assets Control (OFAC), part of the U.S. Department of the Treasury, is responsible for theadministration and enforcement of economic and trade sanctions. These sanctions are based on U.S. foreign policy and national security objectives and target:

Foreign countries and regimes

Terrorist organizations

Narcotics traffickers

Individuals and entities engaged in activities related to the proliferation of weapons of mass destruction

OFAC acts under various authorities, including national emergency powers granted by the President and specific legislation. One of its primary tools is theSpecially Designated Nationals(SDN) List, which identifies individuals and entities whose assets are blocked and with whom U.S. persons are generally prohibited from dealing.

It is important to note that OFAC is not responsible for designating jurisdictions as primary money laundering concerns (a task handled by FinCEN under Section 311 of the USA PATRIOT Act), nor does it manage trade agreements.

Corruption risks in the supply of goods and services often arise when contractors receive preferential treatment, enabling inflated margins, and when procurement processes lack sufficient oversight, making it easier for bribes or kickbacks to influence tender outcomes.

D: “Family members and close associates of PEPs are often used as intermediaries to launder the proceeds of corruption or conceal illicit assets.”(CAMS 6th Edition, Enhanced Due Diligence for PEPs; FATF Guidance on PEPs)

This scenario presents multiple classic money laundering red flags, particularly within the life insurance sector, which is recognized by FATF as vulnerable to misuse due to its investment and payout features.

The use of an offshore trust in a jurisdiction with no clear link to the customer raises concerns about concealment of beneficial ownership and layering. Criminals frequently use trusts and offshore structures to obscure the origin and destination of illicit funds.

The client’s request to split premium payments into multiple transactions to avoid bank charges is indicative of structuring, a known money laundering technique used to evade monitoring and reporting thresholds.

Furthermore, the lack of a legitimate source of wealth or income consistent with the high-value policy is a significant red flag. Purchasing high-value insurance products with no apparent financial means is a common placement method for laundering illicit proceeds.

While fraud or sanctions evasion could be relevant in other contexts, the combination of structuring, unexplained wealth, offshore structures, and non-residency most strongly indicates money laundering risk.

United Nations Security Council (UNSC) sanctions are a key international tool established under Chapter VII of the UN Charter. Their primary purpose is to maintain or restore international peace and security, not to punish states or provide economic advantage.

Sanctions may include asset freezes, travel bans, arms embargoes, or targeted measures against individuals and entities. These measures are designed to influence behavior, prevent escalation of conflict, and support diplomatic solutions.

The use of force is separate from sanctions and requires explicit authorization. Sanctions are not intended to be indefinite and are regularly reviewed and adjusted based on effectiveness and humanitarian considerations.

While sanctions may exert pressure on governments or actors, they are not intended as punitive measures but as preventive and corrective tools aligned with international law.

Correspondent banking relationships are recognized as higher risk under FATF guidance primarily because transactions are cross-border and conducted on behalf of third-party customers.

In correspondent banking, a respondent bank may process transactions for customers that the correspondent bank does not have a direct relationship with. This reduces transparency and limits the correspondent’s ability to fully assess customer identity, beneficial ownership, and transaction purpose.

While correspondent transactions may involve high-risk jurisdictions, this is not always the case. They are not anonymous by design, and payment messaging standards often require significant information. However, the indirect customer relationship and cross-border nature introduce complexity, jurisdictional risk, and reliance on the respondent bank’s controls.

Therefore, third-party and cross-border exposure is the key driver of heightened risk.

Artificial intelligence can significantly enhance efficiency when reviewing large volumes of privacy and data protection regulations across jurisdictions. However, regulators consistently emphasize that AI outputs must be subject to human oversight and validation.

AI-based systems may identify relevant laws, regulations, and obligations, but generated results still require expert assessment to confirm completeness, applicability, and relevance to a specific institution’s business model, jurisdictions, and data processing activities. Legal interpretation remains a human responsibility.

Training AI solely on rule content without understanding how models function undermines governance expectations. Additionally, analyzing a large volume of rules does not guarantee accuracy or applicability. AI systems can be trained to identify jurisdiction-specific rules, but they cannot independently determine legal applicability without contextual judgment.

Therefore, human review remains essential, making option A the correct answer.

Terms of Reference (ToR) are a fundamental governance document that define how a committee operates, makes decisions, and fulfills its responsibilities. Regulatory guidance and corporate governance best practices emphasize clarity and accountability in committee mandates.

The extent of power and decision-making authority must be clearly defined to ensure members understand what decisions they are authorized to make and where escalation is required. This prevents overlaps or governance gaps.

The composition and structure of the committee, including membership criteria and roles, ensures appropriate expertise and representation. This is essential for effective oversight, particularly in AML/CFT and risk committees.

Delegation of authority outlines how responsibilities may be assigned or escalated, supporting efficient decision-making while maintaining accountability.

Organization charts and company culture statements are not typically core components of a ToR, as they do not define operational authority or governance mechanics.

OFAC sanctions are a key element of the U.S. AML/CFT framework. According to the CAMS 6th Edition and OFAC regulations:

Blocked funds must be placed into an interest-bearing account on a financial institution's books (B):“Blocked property must be held in a separate interest-bearing account on the books of the U.S. financial institution.”(CAMS 6th Edition, Sanctions Compliance; OFAC FAQs)

Sanctions can be either comprehensive or selective using the blocking of assets and trade restrictions (C):“OFAC administers both comprehensive and targeted (selective) sanctions programs to fulfill U.S. foreign policy and national security goals.”(CAMS 6th Edition, Sanctions Compliance)

Incorrect Options:

A: OFAC can sanction entities, vessels, and organizations—not just individuals or those in foreign countries.

D: There is no automatic expiration of OFAC sanctions after five years.

The Basel Committee on Banking Supervision (BCBS) requires that the board of directors establish and oversee the compliance function and approve the bank's AML/CTF compliance policies and procedures, including processes for identifying, assessing, monitoring, and reporting compliance risks.

“The board of directors should establish a compliance function and approve compliance policies and processes for identifying, assessing, monitoring, and reporting compliance risks throughout the organization.”

(CAMS 6th Edition, Corporate Governance and Oversight; BCBS, Corporate Governance Principles for Banks, Principle 6)

A risk appetite statement defines the amount and type of risk an organization is willing to accept in pursuit of its objectives. It must be clearly communicated to all stakeholders and supported by corresponding controls and processes to ensure it is embedded in day-to-day decision-making and risk management.

Strong CDD, EDD, and advanced transaction monitoring can significantly reduce residual risk in high-risk areas like private banking. While no control fully eliminates risk, effective implementation and ongoing oversight can bring the residual risk down to an acceptable level from its initially high inherent risk.

The combination of frequent address changes and a recent change in the ultimate beneficial owner raises potential red flags that warrant immediate investigation. To mitigate risk, the insurance company should investigate these changes and temporarily decline any payment or withdrawal instructions until the review is complete and appropriate steps are agreed upon. This ensures both regulatory compliance and protection against potential misuse of the policy.

Financial institutions must conduct thorough background checks on employees in sensitive roles (e.g., private banking) to mitigate fraud, insider trading, and money laundering risks.

Option A (Correct):Past employment records help verify work history and identify any red flags related to prior financial misconduct.

Option D (Correct):Internet and media searches reveal any negative press, regulatory issues, or connections to illicit activity.

Option E (Correct):Criminal history searches help screen for prior convictions related to financial crimes.

Why Other Options Are Incorrect:

Option B (Incorrect):Personal references are less reliable and may not uncover objective risk factors.

Option C (Incorrect):A resume is self-reported and should be verified using independent sources.

Best Practices for Employee Background Screening:

Conduct enhanced due diligence for high-risk roles (e.g., private bankers, compliance officers).

Use reliable background screening tools and legal databases.

Verify employment history and check against regulatory blacklists.

Key challenges in adopting new AML/CFT technologies are:

A: Data privacy—new tech often requires processing more personal data, raising privacy/regulatory concerns.

C: The Travel Rule—meeting global standards for information sharing in payments is a technology challenge.

D: Data quality—effective systems rely on accurate, comprehensive, timely data.

E: Complexity—integrating and managing new technology can increase operational complexity.(CAMS 6th Edition, Technology in AML/CFT; FATF Guidance on Digital ID and Fintech)

A: The absence of professional oversight or accounting/auditing standards creates a high-risk environment for financial statement manipulation. Without external checks or mandated standards, criminals can more easily falsify statements to hide illicit assets.

“The lack of regulatory oversight and professional standards in accounting and auditing significantly increases the risk of manipulation and fraud in financial reporting.”(CAMS 6th Edition, Professional Service Providers; FATF Guidance on the Risk-Based Approach for Accountants)

Money laundering corrodes financial-system integrity, eroding investor confidence and impeding sustainable economic growth.

Illicit funds entering legitimate economies can finance terrorism and organized crime, skew resource allocation, and stifle development.

FATF standards require organizations to adopt a risk-based approach (RBA) that is informed by both internal risk factors and national and sectoral risk assessments. These assessments provide critical insight into prevalent money laundering and terrorist financing threats within specific jurisdictions and industries.

Organizations should integrate relevant findings from these assessments into their internal risk assessments to ensure that policies, controls, and monitoring systems are aligned with identified risks. This enables institutions to tailor enhanced due diligence (EDD) measures and allocate compliance resources effectively.

Ignoring national or sectoral assessments would weaken the organization’s ability to respond to known threats and would be inconsistent with regulatory expectations. These assessments are not limited to worst-case scenarios nor intended solely for regulators; they are a foundational input for private-sector AML programs.

Modern KYC solutions help reduce identity theft, provide reliable customer authentication to build trust, and shorten authentication times, enhancing both security and efficiency in customer onboarding and ongoing due diligence processes.

While regulatory compliance, cost efficiency, and operational considerations are important, the primary objective of AML/CFT measures is to reduce and manage the risks and threats of financial crime. FATF emphasizes that effectiveness should be measured by outcomes, not merely by technical compliance.

An AML/CFT framework may fully comply with laws and still be ineffective if it fails to detect, deter, or disrupt money laundering and terrorist financing. Regulators increasingly focus on whether systems and controls actually identify suspicious activity, prevent misuse of the financial system, and support law enforcement efforts.

Minimizing operational burden and controlling costs are secondary considerations and must not compromise risk mitigation. A cost-effective system that fails to detect financial crime would not meet regulatory expectations.

Therefore, the true measure of effectiveness lies in how well systems and controls mitigate financial crime risks and threats in practice.

Classic indicators of suspicious activity often involve use of proxies, unusual cash access, or attempts to avoid scrutiny, as highlighted in FATF and FIU guidance.

Frequent access to a safe deposit vault to withdraw cash by a person closely associated with a government official raises heightened concern. Such behavior may indicate attempts to conceal illicit funds, particularly given the potential exposure to corruption risk associated with politically exposed persons (PEPs) and their close associates.

Similarly, requesting a third party to execute wire transfers on one’s behalf to a FATF grey-listed jurisdiction is a well-recognized red flag. This behavior suggests an attempt to evade transaction monitoring, sanctions screening, or enhanced due diligence requirements by distancing oneself from the transaction.

The remaining scenarios describe activities that are either legitimate or explainable with proper documentation and transparency. Merely dealing with an institution previously fined for AML violations or conducting legitimate trade with customs compliance does not, on its own, constitute suspicious activity.

The United Nations Security Council (UNSC) is the only body with the legal authority under international law to impose binding sanctions on countries, entities, or individuals.

“The Security Council’s primary function in imposing sanctions is to maintain or restore international peace and security. These sanctions are legally binding on all UN member states.”

(CAMS 6th Edition, Chapter: International Sanctions and Proliferation Financing; United Nations Charter, Article 41)

Incorrect Options:

B: Sanctions may address AML/CFT failings, but the core mandate is international peace/security.

C: The UNSC does not primarily conduct research or impact analysis.

D: The purpose is international peace/security, not only domestic financial stability.

B: When a subpoena is received, the institution should first consult with legal counsel to ensure the validity and scope of the subpoena. Compliance with law enforcement requests is mandatory and subject to strict legal obligations. All documentation and responses should be properly recorded.

“A subpoena requires a legal response; consult legal counsel to validate the request and respond as required by law.”

FinCEN 314(b) information-sharing requests are voluntary and can proceed only after fulfilling required legal steps, such as verifying membership in the program and ensuring information-sharing agreements are in place.

CAMS 6th Edition clarifies that “under no circumstances should a customer be notified of a law enforcement inquiry or subpoena.”

Financial Intelligence Units (FIUs) play a central role in national and international AML/CFT frameworks. According to FATF standards, FIUs are responsible for the receipt, analysis, and dissemination of financial intelligence related to suspected money laundering, terrorist financing, and predicate offenses.

One core function of an FIU is receiving and analyzing SARs submitted by financial institutions and other obliged entities. Through analysis of reported information, FIUs identify suspicious patterns, trends, and networks that may indicate financial crime.

Another key function is disseminating intelligence and typologies to competent authorities and, where appropriate, to the private sector. This includes sharing insights on emerging risks, new money laundering methods, and evolving threat trends, which enhances system-wide financial integrity.

FIUs do not design financial products for institutions, nor do they supervise AML programs—that responsibility lies with AML supervisory authorities. Their role is intelligence-focused rather than regulatory or commercial.

FATF and CAMS 6th Edition highlight certain third-party activities as red flags for money laundering in the life insurance sector:

Payments are regularly received from third parties that have no apparent relationship with the policy holder (C):“Red flags include payments made by third parties, especially where there is no apparent connection between the third party and the policy holder.”(FATF, Risk-Based Approach for Life Insurance Sector, Section IV: Red Flags; CAMS 6th Edition, Customer Due Diligence for Life Insurance)

A customer names an apparently unrelated third party as a beneficiary (D):“Another warning sign is when beneficiaries have no apparent relation to the policyholder.”(FATF, Ibid; CAMS 6th Edition, Life Insurance ML/TF Red Flags)

Incorrect Options:

A: Consulting an attorney is not, by itself, a red flag.

B: Policy transfer may warrant review but is not specifically a red flag for third-party involvement.

Open-source intelligence (OSINT) is widely used in AML/CFT investigations to support customer due diligence, adverse media screening, and financial crime analysis. However, because OSINT sources vary widely in quality and reliability, regulators and investigative best practices emphasize verification and corroboration.

The most effective way to ensure the reliability of open-source information is cross-checking information across multiple independent sources. Corroboration helps confirm accuracy, reduce the risk of misinformation, and identify inconsistencies or bias. This approach is especially important when using online media, public records, blogs, or social media content.

Excluding entire categories of sources—such as the dark web or social media—may result in missed intelligence and does not ensure reliability. Similarly, relying only on international news agencies limits coverage and may overlook relevant local or niche reporting.

Therefore, triangulation through multiple sources is the most effective and regulator-aligned method for validating OSINT.

Scenario-based systems use algorithms to detect suspicious behaviors, such as transactions occurring at unusual times, those exceeding specified thresholds, or those taking place in locations inconsistent with a customer's typical activity. These anomalies help identify potential financial crime risks.

Effective AML programs promote aculture of compliance, which includes an environment where staff are empowered to raise concerns, challenge decisions, and continuously improve through cross-functional learning.Providing effective challengeis a supervisory expectation and best practice in institutions that value AML governance integrity.

While AML officer authority (option B) supports oversight, it is not as impactful on daily operational effectiveness as fostering a challenging and adaptive compliance culture.

Using brokerage accounts like deposit accounts (e.g., frequent cash deposits or withdrawals) and conducting transactions through nominees or third parties are common red flags in the securities industry. These behaviors can obscure the origin or ownership of funds and are often used to facilitate money laundering.

A risk-based approach is central to AML/CFT programs and includes:

A: Creating detailed risk profiles for customers based on their behaviors and connections.

C: Applying controls that are tailored to the actual risk (not a one-size-fits-all approach).

D: Performing a thorough risk assessment, considering customer, transaction, and geographic factors.

“A risk-based approach involves risk profiling, tailored controls, and comprehensive risk assessment across key risk factors.”

(CAMS 6th Edition, Risk-Based Approach and Risk Assessment)

Incorrect:

B: Monitoring only flagged customers is not sufficient.

E: Equal allocation of resources ignores differing risk levels.

Fingerprint is an inherent factor because it is a biometric trait - something the user is. Inherent factors rely on physical or behavioral characteristics such as fingerprints, facial recognition, or voice, which are unique to the individual.

The most effective way to reduce irrelevant results in AI/ML-driven adverse media screening is to fine-tune the models to prioritize high-risk keywords and reliable sources. This improves precision by filtering out noise and directing focus toward content that is more likely to indicate financial crime risk.

Analyzing the most recent National Proliferation Financing Risk Assessment from the relevant authority provides an organization with authoritative, up-to-date insights into current threats, high-risk sectors, and jurisdictional exposures, enabling better understanding and mitigation of proliferation financing risks.

Cross-border purchases increase complexity and risk due to differing regulations and potential anonymity.

Non-financed purchases, especially in cash, can facilitate money laundering by avoiding traditional financial scrutiny.

Public-private partnerships (PPPs) are widely recognized in AML/CFT frameworks, including FATF guidance, as an effective mechanism to combat financial crime. One key strength of PPPs is improving the speed of action in identifying and responding to emerging financial crime risks. By facilitating closer collaboration, PPPs enable faster detection of typologies, threats, and vulnerabilities across the financial system.

Another major strength is enhanced information-sharing between governments and financial institutions. PPPs allow public authorities to share strategic intelligence and red flag indicators, while private institutions contribute operational insights from real transaction data. This two-way exchange improves the overall quality of financial crime detection and prevention.

While some PPPs operate within legal information-sharing frameworks, they do not eliminate liability entirely, nor do they remove the obligation for institutions to comply with data protection laws. Importantly, PPPs do not replace an institution’s responsibility to conduct its own customer due diligence. Each participating organization remains accountable for maintaining independent AML controls.

Public-private partnerships allow public organizations to gain insights from the private sector to shape effective policies and legislation. Additionally, strong data protection and privacy frameworks help create secure information-sharing protocols within PPPs, enhancing collaboration while preventing unauthorized access.

AML/CFT guidance from FATF emphasizes that overly complex ownership structures are a key red flag when they appear unnecessary for legitimate business purposes and may be designed to obscure beneficial ownership.

A privately held company owned by two individuals whose interests are held through multiple layers of trusts and foundations represents an unnecessarily complex structure. Trusts and foundations are frequently identified in AML typologies as vehicles that can be misused to conceal the true beneficial owners, especially when layered without clear commercial rationale. This complexity increases the risk of money laundering and necessitates enhanced due diligence.

By contrast, a trust with two co-trustees, including the grantor and a professional service provider, is common and not inherently complex. Similarly, family-owned businesses with many shareholders may be complex but are not automatically deemed “overly complex” if ownership is transparent. Multinational banks with layered ownership tied to a publicly traded holding company are also common and subject to regulatory oversight.

Therefore, the use of multiple trusts and foundations without clear justification is the clearest indicator of an overly complex ownership structure.

Receiving funds from a decentralized mixer and using multiple incoming wires from different sources to purchase virtual currency are red flags, as they can indicate attempts to obscure the origin of funds and facilitate money laundering through virtual asset transactions.

A key regulatory expectation for transaction monitoring systems is flexibility and adaptability. Financial crime risks evolve rapidly, and institutions must be able to respond quickly to new typologies, threats, and regulatory guidance.

The ability to build, iterate, and test rules enables compliance teams to rapidly adjust monitoring scenarios, thresholds, and logic as new risks emerge. This capability allows institutions to implement changes without lengthy system redevelopment, ensuring timely and proportionate responses to financial crime threats.

While cloud deployment and AI integration can enhance scalability and analytics, they do not directly address the need for rapid rule changes. Configurable reporting supports oversight and governance but does not directly affect detection responsiveness.

Therefore, rule agility is the most critical characteristic for rapid response.

FATF Recommendation 29 states that an FIU should serve as a national center for the receipt and analysis of suspicious transaction reports and other information relevant to money laundering and terrorist financing.

“The FIU should serve as a national center for the receipt and analysis of suspicious transaction reports (STRs) and other information relevant to ML/TF, and for the dissemination of the results of that analysis.”

(CAMS 6th Edition, Role of the FIU; FATF Recommendation 29)

Fuzzy logic in customer screening systems is used to handle uncertainty and variability in data by producing outputs that include a range of intermediate possibilities between "Yes" and "No." This enables the system to identify potential matches that are not exact but still relevant, improving the detection of name variations and misspellings.

The relationship manager is in the best position to identify and report money laundering risks due to their direct and ongoing interaction with clients. They have detailed knowledge of clients’ profiles, financial behaviors, and any unusual activities that may raise red flags.

Verifying a customer’s identity is a fundamental CDD requirement under the FATF Recommendations, ensuring you know who your customer is.

Identifying the beneficial owner is required to uncover the natural persons ultimately controlling or benefiting from an account, closing the gap that would allow misuse of corporate vehicles.

The Egmont Group is an international network of Financial Intelligence Units (FIUs) established to promote cooperation and information exchange in the fight against money laundering and terrorist financing. One of its core principles is to facilitate secure, timely, and lawful information sharing between FIUs.

The Egmont Group provides a framework, standards, and secure channels—such as the Egmont Secure Web—that allow FIUs to exchange intelligence related to suspicious transactions, typologies, and emerging financial crime risks across borders. This cooperation is essential given the transnational nature of money laundering and terrorist financing.

The Egmont Group does not publish reporting standards, act as a regulator, or publicly disclose investigation outcomes. Its role is operational and intelligence-focused, supporting FIUs while respecting confidentiality and national legal frameworks.

Therefore, arranging information-sharing protocols between FIUs is a fundamental principle of the Egmont Group.

When setting a fuzzy matching threshold for sanctions screening, it is crucial to consider the reliability and accuracy of the data being screened. High-quality, verified data supports more effective matching and reduces both false positives and the risk of missing true matches.

Real estate companies face key financial crime risks due to the ability to move large sums in a single transaction, the use of property by criminal networks for illicit operations, the opacity of beneficial ownership structures, and the involvement of professional gatekeepers - such as lawyers and financial institutions - who may unknowingly facilitate money laundering.

A, C, D:

“Trust and asset management services can facilitate the concealment of the source of funds (A), provide a layer of anonymity to transactions (C), and obscure the true legal and beneficial owners (D). These are well-established ML/TF risks in the private wealth sector.”(CAMS 6th Edition, ML/TF Risks in Trust and Asset Management)

B and E are normal aspects of asset management and are not in themselves ML/TF risks unless combined with other suspicious behaviors.

“Tipping off” is a serious offense under AML/CFT legislation in many jurisdictions and is consistently addressed in FATF standards. It occurs when confidential information relating to a suspicious transaction, SAR, or ongoing investigation is disclosed without authorization to a person who is the subject of the report or whose knowledge could compromise the investigation.

Such disclosures may alert criminals, allowing them to conceal evidence, move funds, or evade law enforcement. For this reason, tipping off is typically a criminal offense, not merely a breach of internal policy.

The prohibition applies broadly—not only to AFC professionals but to anyone with access to sensitive AML information. Making detailed or targeted inquiries with a customer after a transaction has been flagged can constitute tipping off if it reveals suspicion or investigative activity. Relationship managers must be carefully controlled and should not be instructed to probe customers in a way that signals suspicion.

Therefore, the correct statement is that tipping off is an unauthorized disclosure that can prejudice an investigation.

Professional service providers can be misused as enablers of money laundering when they abuse their trusted positions and expertise. FATF guidance highlights several risks linked to such abuse.

The creation of shell companies is a common method used to obscure beneficial ownership and facilitate placement or layering of illicit funds. Similarly, opening third-party accounts to mask the true client identity directly undermines transparency and due diligence requirements.

Additionally, actively directing or facilitating the structuring or movement of illicit funds constitutes direct involvement in money laundering schemes and is a serious criminal offense.

By contrast, opening estate or trust accounts for legitimate, transparent purposes does not inherently pose a financial crime risk when proper due diligence is applied.

AI-powered dashboards summarizing flagged transactions are the most effective feature for improving investigator efficiency, as they consolidate and present relevant data from multiple sources in a structured, actionable format - reducing time spent on manual data gathering and enabling quicker decision-making.

Application Programming Interfaces (APIs)are tools that enableinterconnectivity and data exchangebetween different software applications. In AML contexts, APIs are commonly used tointegrate third-party systems, such as screening tools, customer databases, and transaction monitoring platforms, ensuring real-time and accurate flow of information.

This technological capability supports enhancedautomation, agility, and efficiencyin AML processes.

Large individual cash transactions pose the highest money laundering risk for money services businesses. Cash is difficult to trace and, when handled in significant amounts, can be used to introduce illicit funds into the financial system with minimal transparency.

When reviewing business operations of a Money Services Business (MSB), it is critical to identify behaviors that indicate potential money laundering activity. TheCAMS Study Guide – 6th Editionoutlines severalred flagscommonly associated with MSBs.

Option Ais correct:

A customer beinghesitant to provide beneficiary information, such as the name or address, is a red flag. It may indicate attempts to hide the true purpose or recipient of the funds and could suggeststructuring or layering activity.

Option Dis correct:

A customer usingmultiple accounts under different namesto conduct transactions is a strong red flag. This could indicate efforts toobscure ownership, avoid detection, or conductsuspicious structuringbehavior to stay below reporting thresholds.

Option Bis incorrect:

While large cash deposits from cash-intensive businesses may require further review, they are not inherently suspicious unlessinconsistent with the nature of the business or transaction volume.

Option Cis incorrect:

Currency exchanges under the reporting threshold, even from high-risk jurisdictions, are not in themselves red flags unless they show a pattern ofstructuringor are part oflarger suspicious behavior.

Option Eis incorrect:

Frequent small-dollar transfers to a native country may benormal remittance behaviorand only become suspicious if tied to additional indicators such asstructuring or third-party involvement.

AMutual Legal Assistance Treaty (MLAT)is aformal agreement between two or more countriesthat facilitatescooperation in legal and law enforcement matters, includingAML investigations.

Option D (Correct):MLATs allow governments to share financial intelligence, request legal assistance, and conduct joint investigations.

Option A (Incorrect):A Memorandum of Agreement (MOA) is typically a non-binding contract used for general business or governmental cooperation.

Option B (Incorrect):A Declaration of Understanding is an informal agreement and does not provide a legal framework for law enforcement cooperation.

Option C (Incorrect):A Memorandum of Understanding (MOU) is often used for informal cooperation but lacks the legal enforceability of an MLAT.

Option E (Incorrect):A Request for Urgent Information is not a recognized international legal instrument.

Best Practices for Cross-Border AML Cooperation:

Use MLATs to request access to financial records in foreign jurisdictions.

Collaborate with Financial Intelligence Units (FIUs) via the Egmont Group.

Leverage FATF’s International Cooperation Review Group (ICRG) for guidance.

Effective oversight of transaction monitoring includes:

Periodic review of client profiles to ensure up-to-date information for high-risk clients (B):“Reviewing and updating customer profiles is essential to ensure that monitoring scenarios are based on current risk data.”(CAMS 6th Edition, Transaction Monitoring and Customer Due Diligence)

Periodic review of transaction monitoring scenarios and productivity to ensure appropriate AML typologies are reflected (D):“Firms should periodically review the parameters and output of transaction monitoring systems to ensure they continue to identify relevant ML/TF risks and typologies.”(CAMS 6th Edition, Monitoring and Surveillance)

Incorrect Options:

A: Cooperation with the legal team is important, but not a core strategy for monitoring governance.

C: SARs filed with FinCEN should not be withdrawn unless new evidence requires it; review should focus on process, not withdrawal.

D: NGOs play an important role in raising awareness about money laundering, lobbying for strong AML/CFT laws, and educating the public and stakeholders about the risks and consequences.

“NGOs help combat money laundering primarily through advocacy, education, and raising public and industry awareness.”(CAMS 6th Edition, Role of NGOs in AML/CFT)

When using network analysis tools, it’s important to avoid algorithmic bias toward social criteria to ensure fairness, analyze connections between individuals or entities to identify links and structures, and study relationships within networks to uncover hierarchies, behaviors, movements, and group organization relevant to detecting criminal activity.

The primary compliance concern is balancing compliance with the US Bank Secrecy Act (BSA) and OFAC sanctions while also ensuring adherence to EU AML directives and GDPR requirements. GDPR’s strict data protection rules can complicate cross-border information sharing, making it challenging to align compliance across multiple jurisdictions.

A (Enhanced due diligence): EDD is a key control at onboarding for high-risk customers, involving deeper scrutiny, additional documentation, and approval layers to address increased ML/TF risk.

“High-risk customers must be subject to enhanced due diligence during onboarding to ensure a thorough understanding of potential ML/TF risks.”(CAMS 6th Edition, CDD/EDD for High-Risk Customers)

Countries that are members of the Egmont Group can securely exchange information between their Financial Intelligence Units (FIUs) to support money laundering and terrorist financing investigations, even when the activity involves multiple jurisdictions.

High-risk customers present elevated money laundering and terrorist financing risks, requiring careful consideration before onboarding. FATF guidance emphasizes that higher-risk relationships demand stronger controls due to their increased vulnerability to misuse.

One key risk is the greater potential for laundering illicit proceeds. High-risk customers may operate in sectors, jurisdictions, or business models that are frequently abused for financial crime, increasing the likelihood that illicit funds could pass through the institution.

Another significant risk is the increased likelihood of involvement in financial crimes, either directly or indirectly. This may include exposure to corruption, fraud, sanctions evasion, or organized crime networks.

Enhanced due diligence is not a risk but rather a risk-mitigating control imposed by regulators. Reduced regulatory scrutiny is incorrect, as high-risk customers are subject to greater—not lesser—oversight.

The US Department of the Treasury identifies money services businesses (MSBs) and non-profit organizations with international operations as high money laundering risks when they lose access to traditional financial institutions, as this can push them toward less regulated channels that are more vulnerable to abuse.

Regulatory reports—such as those published by FATF, FIUs, and supervisory authorities—provide valuable insights into emerging money laundering and terrorist financing risks.

A crucial step is systematically integrating identified risks into the institution’s internal risk assessment. This ensures that the organization’s understanding of threats remains current and aligned with regulatory expectations.

Another key action is building or enhancing transaction monitoring scenarios based on the typologies and red flags described in regulatory reports. This directly improves detection effectiveness and responsiveness to evolving threats.

While internal benchmarking and peer comparison may be useful, they are not substitutes for directly updating risk assessments and monitoring logic based on regulatory intelligence.

A: Selling assets at a significant loss, especially shortly after purchase, is a classic red flag for asset laundering and value manipulation, which can be used to disguise the true nature of proceeds.

C: Transactions involving individuals from high-risk jurisdictions, as identified by the EU and FATF, warrant heightened scrutiny due to increased ML/TF risk.(CAMS 6th Edition, Red Flags for Complex Asset Transactions; EU List of High-Risk Third Countries)

B and D may contribute to complexity but are not the primary red flags in this scenario.

Customer loyalty program tracking and product usage analysis can uncover unusual patterns or behaviors that deviate from expected norms. These insights may help detect suspicious activity or hidden risks, making them valuable tools for supporting AML compliance even if not directly linked to traditional monitoring systems.

Fuzzy matching is a critical technique used in name screening systems to identify potential matches where names are not spelled identically. Regulators recognize that sanctions, PEP, and watchlist screening must account for variations in spelling, transliteration, abbreviations, and phonetic differences.

Fuzzy matching algorithms compare names based on similar spelling patterns, phonetics, or character arrangements, allowing institutions to detect matches that exact matching would miss. This is especially important for names originating from different languages or alphabets.

Exact matching alone is insufficient for effective sanctions screening, as it would fail to capture common variations. While machine learning may enhance screening systems, fuzzy matching itself does not rely on predictive modeling.

Therefore, fuzzy matching improves detection effectiveness while supporting regulatory expectations for robust screening controls.

The CAMS 6th Edition clearly identifies a risk-based approach as the cornerstone of effective AML/CFT programs. Risk assessments should consider various risk factors that directly influence exposure to ML/TF.

Product risk (A): Certain products or services may present higher ML/TF risks, such as private banking, correspondent banking, or cash-intensive products.“Products and services offered, and their inherent risk levels, must be assessed as part of the risk-based approach.”(CAMS 6th Edition, AML Compliance Program, Risk Assessment)

Geographic risk (C): Jurisdictions where the customer operates or where transactions are conducted may present higher or lower risks due to factors such as weak AML regulations or high corruption.“Geographic risk considers where a customer is located and/or where transactions occur, referencing countries with increased risk, such as those identified by the FATF.”(CAMS 6th Edition, Risk Assessment Factors)

Customer risk (D): The type of customer, such as PEPs, non-residents, or companies with complex structures, may present higher ML/TF risks.“Customer risk assessment is based on the customer’s profile, activity, and ownership structure, and is a critical component in risk-based monitoring.”(CAMS 6th Edition, CDD/EDD)

Incorrect Options:

B (Credit risk): Related to creditworthiness, not ML/TF.

E (Liquidity risk): Refers to a firm’s ability to meet financial obligations; not an AML risk factor.

Money laundering typically occurs in three stages: placement, layering, and integration. The placement stage involves introducing illicit funds into the financial system.

In the real estate sector, using cash to purchase property is a classic placement method. Cash payments allow criminals to inject large amounts of illicit proceeds directly into high-value assets, often bypassing traditional banking scrutiny.

Using trusts to transfer ownership and rapidly reselling property are more commonly associated with layering or integration, where ownership and transaction complexity is used to disguise the origin of funds. Paying routine invoices via online banking is consistent with legitimate business activity and does not represent placement.

Therefore, cash purchases of property most directly align with the placement stage of money laundering.

A: “Hawala and similar informal value transfer systems are difficult to monitor, making it challenging to identify the originator, recipient, and source of funds.”

D: “Hawala operates through informal networks for cross-border transfers, often outside the formal banking system, increasing AML/CFT risk.”(CAMS 6th Edition, Alternative Remittance Systems; FATF, Guidance on Money Transfer Services)

B: If a bank fails to demonstrate sustained improvement or cannot resolve identified deficiencies, it can face civil or even criminal penalties from regulators. Regulators expect not just policy changes, but proof of effectiveness and ongoing compliance improvements.

C: Even after addressing many concerns, if all issues are not resolved—such as outstanding transaction monitoring backlogs—regulators may issue orders to further remediate the AML program until full compliance is achieved.

CAMS 6th Edition and regulatory guidance clarify that “regulators may impose penalties, issue consent orders, or require further remediation where weaknesses persist.”

Incorrect:

A: Secondary sanctions generally apply to sanctions violations, not standard AML program weaknesses.

D: Regulatory actions can be public and do pose reputational risk.

E: While transparency is sometimes required, this is not a universal regulatory response.

The susceptibility of a company or jurisdiction to ML/TF abuse is significantly increased by:

Permissibility of bearer shares (B):“Bearer shares make it easy to hide ownership and control, presenting a major risk for misuse by criminals.”(CAMS 6th Edition, Beneficial Ownership and Company Transparency)

Rules governing the disclosure of beneficial ownership by the jurisdiction (C):“Weak requirements or loopholes in beneficial ownership disclosure are frequently exploited to conceal criminal involvement in corporate structures.”(CAMS 6th Edition, Chapter: Legal Persons and Arrangements)

Incorrect Options:

A: High or low fees are not a significant ML/TF risk driver.

D: Ease of travel is unrelated to ML/TF risk related to company structures.

The FATF’s core role is to enhance international cooperation against money laundering and terrorist financing through setting global standards (“Recommendations”) and issuing guidance.

“The FATF is an intergovernmental body whose purpose is the development and promotion of national and international policies to combat money laundering and terrorist financing.”

The FATF does not have authority to oversee FIUs, nor does it regulate financial markets directly.

When selecting an anti-financial crime (AFC) tool, regulators and industry best practices emphasize effectiveness, sustainability, and integration over cost or automation alone.

Compatibility with existing IT infrastructure is critical to ensure seamless data integration, system stability, and governance. Poor integration can lead to data gaps, operational risk, and ineffective monitoring.

Scalability is equally important, as transaction volumes, customer bases, and regulatory requirements grow over time. An AFC tool must be able to handle increased workloads without degradation in performance or effectiveness.

While real-time analytics may be beneficial, they must align with the organization’s overall risk strategy and system capabilities. Lowest cost and full elimination of manual processes are not regulatory priorities; human oversight remains essential in AML/CFT programs.

Trust and company service providers (TCSPs) are classified as higher-risk entities under FATF guidance due to their role in forming and managing legal structures. As a result, TCSPs must implement robust AML controls to mitigate misuse for money laundering.

A key requirement is gathering and recording detailed client information, including the purpose of the legal entity and the identity of managers and ultimate beneficial owners (UBOs). This supports effective customer due diligence and transparency.

TCSPs must also apply additional safeguards when relying on instructions from another TCSP, particularly one located in a different jurisdiction. Reliance on intermediaries increases risk and requires enhanced scrutiny.

Additionally, TCSPs should document the basis on which they act as a registered officer and retain records of their involvement. This ensures accountability and traceability in line with record-keeping obligations.

Requiring clients to submit AML self-assessments to an FIU and conducting onsite evaluations are not standard or required practices under AML frameworks.

Proliferation financingrefers to the act of providing financial services or funds for thedevelopment, acquisition, or delivery of nuclear, chemical, or biological weapons. The core threat involvesnetworks of individuals and entities using the financial systemto obtain sensitive technologies, materials, or knowledge forweapons of mass destruction (WMDs).

TheFinancial Action Task Force (FATF)identifies this as a major international security threat and requires institutions to assess and mitigate such risks.