ACAMS CAMS Certified Anti-Money Laundering Specialist (CAMS7 the 7th edition) Exam Practice Test

Weak KYC policies and procedures represent a broader and more systemic risk specific to casinos and gambling. Without strong KYC, it becomes easier for individuals to engage in money laundering by exploiting anonymity and lack of oversight, regardless of transaction size or method.

The CAMS 6th Edition highlights that a risk-based approach enables organizations to efficiently allocate compliance resources, focusing efforts on areas presenting the highest risk, thereby ensuring both regulatory compliance and operational effectiveness.

“A risk-based approach allows firms to concentrate resources and controls where the risk of ML/TF is highest, while applying simplified measures to lower-risk areas. This enhances both effectiveness and efficiency.”

(CAMS 6th Edition, AML Compliance Program: Risk-Based Approach)

Incorrect Options:

A: Cost savings may occur, but it is not the main advantage.

B: Audits may still be required, just less frequently for low-risk customers.

D: Risk-based approaches are tailored, not standardized, across regions.

FATF Recommendation 29 states that an FIU should serve as a national center for the receipt and analysis of suspicious transaction reports and other information relevant to money laundering and terrorist financing.

“The FIU should serve as a national center for the receipt and analysis of suspicious transaction reports (STRs) and other information relevant to ML/TF, and for the dissemination of the results of that analysis.”

(CAMS 6th Edition, Role of the FIU; FATF Recommendation 29)

Tax evasion is the deliberate and illegal act of not paying taxes that are legally owed. It is a criminal offense that can have serious consequences, including penalties, fines, and imprisonment.

The relationship manager is in the best position to identify and report money laundering risks due to their direct and ongoing interaction with clients. They have detailed knowledge of clients’ profiles, financial behaviors, and any unusual activities that may raise red flags.

The FATF’s core role is to enhance international cooperation against money laundering and terrorist financing through setting global standards (“Recommendations”) and issuing guidance.

“The FATF is an intergovernmental body whose purpose is the development and promotion of national and international policies to combat money laundering and terrorist financing.”

The FATF does not have authority to oversee FIUs, nor does it regulate financial markets directly.

Public-private partnerships facilitate strategic information exchange between FIUs and obliged entities and operational information sharing between public authorities and obliged entities, improving collaboration and effectiveness in detecting and preventing financial crime.

The second line of defense is responsible for compliance functions, including interpreting new AML regulations and updating policies, procedures, and training programs. This ensures that client-facing staff, such as relationship managers, remain informed and aligned with regulatory expectations.

Real estate transactions are vulnerable to ML/TF risks, particularly when there is limited transparency or unusual payment methods:

Cross-border purchases (A):“Purchases by foreign buyers, especially from high-risk jurisdictions, are a red flag for money laundering in the real estate sector.”(CAMS 6th Edition, Real Estate Money Laundering Risks; FATF, Money Laundering and Terrorist Financing through the Real Estate Sector, 2007)

Non-financed purchases (D):“Non-financed (all-cash) purchases can indicate the introduction of illicit funds into the financial system, bypassing the controls of mortgage lenders.”(CAMS 6th Edition, Real Estate ML/TF Risks)

Incorrect Options:

B: Purchasing in the name of a natural person is standard and not inherently risky.

C: Paying the true market price does not raise ML/TF risk.

The Wolfsberg Group and Transparency International are non-governmental organizations that provide information and guidance on AML/CFT matters, helping institutions and policymakers strengthen financial crime prevention practices.

AML/CFT frameworks worldwide require firms to apply a risk-based approach (RBA) to customer due diligence. Under FATF standards, the risk profile of the customer is the primary factor that determines how frequently CDD information should be refreshed.

Higher-risk customers—such as politically exposed persons (PEPs), customers operating in high-risk jurisdictions, or those with complex ownership structures—require more frequent reviews and updates to ensure information remains accurate and risks are appropriately mitigated. Lower-risk customers may be subject to less frequent refresh cycles.

Operational burden, cost, or automation capabilities are not valid drivers for determining CDD refresh frequency. Regulators expect firms to design processes that align with risk, even if this requires additional resources or system enhancements.

Therefore, customer risk profile is the foremost and decisive consideration when setting periodic CDD refresh timelines.

High-risk customers present elevated money laundering and terrorist financing risks, requiring careful consideration before onboarding. FATF guidance emphasizes that higher-risk relationships demand stronger controls due to their increased vulnerability to misuse.

One key risk is the greater potential for laundering illicit proceeds. High-risk customers may operate in sectors, jurisdictions, or business models that are frequently abused for financial crime, increasing the likelihood that illicit funds could pass through the institution.

Another significant risk is the increased likelihood of involvement in financial crimes, either directly or indirectly. This may include exposure to corruption, fraud, sanctions evasion, or organized crime networks.

Enhanced due diligence is not a risk but rather a risk-mitigating control imposed by regulators. Reduced regulatory scrutiny is incorrect, as high-risk customers are subject to greater—not lesser—oversight.

A: The main objective of anti-bribery and corruption regulations is to prohibit bribes to government officials or employees of state-owned enterprises for the purpose of obtaining or retaining business or securing improper advantages.

“Anti-bribery and corruption regulations, such as the FCPA and UK Bribery Act, prohibit offering anything of value to public officials to gain a business advantage.”(CAMS 6th Edition, Anti-Bribery and Corruption)

Cryptocurrencies and convertible virtual currencies present several well-documented money laundering and terrorist financing risks, as identified in FATF guidance and national AML frameworks. These risks largely stem from the pseudonymous nature, speed, and borderless design of virtual asset transactions.

One key risk is the ability to obscure the source of illicit funds. Criminals can move value through wallets and exchanges in ways that make tracing the origin of funds more difficult, particularly when using privacy-enhancing technologies or poorly regulated platforms.

Another significant risk is the facilitation of payments for illicit goods and activities, including drugs, cybercrime services, ransomware, and sanctions evasion. Virtual currencies can be used to settle transactions outside the traditional financial system.

Additionally, criminals frequently engage in layering transactions, rapidly transferring funds across multiple wallets, platforms, or blockchains to hide the origin of illicit proceeds.

Difficulty converting into physical currency is not a recognized AML risk, as most convertible virtual currencies can be exchanged through regulated platforms. Theft of funds is a cybersecurity concern but is not itself a core AML risk indicator.

Key performance indicators (KPIs) are essential for evaluating the effectiveness and efficiency of transaction monitoring systems within an AML/CFT program. Regulators expect institutions to monitor how well their systems identify, prioritize, and resolve suspicious activity.

The number of alerts raised provides insight into system sensitivity and potential over- or under-alerting. Tracking alerts by region helps institutions identify geographic risk concentrations and emerging threats. The average time to review an alert measures operational efficiency and whether investigations are conducted promptly, as required by regulatory expectations.

Hiring timelines and transaction volumes by top customers are operational or business metrics and do not directly assess transaction monitoring effectiveness.

One of the biggest organizational challenges for law enforcement agencies and Financial Intelligence Units (FIUs) in cross-border money laundering (ML) investigations is dealing with jurisdictions that do not have an FIU or lack proper AML enforcement structures. When funds are transferred through countries without effective AML frameworks, it becomes difficult to trace, freeze, or recover illicit assets.

Key challenges include:

Lack of mutual legal assistance agreements (MLAs), which slows down or prevents information-sharing.

Weak AML regulations in some countries, making it easier for criminals to exploit financial systems.

Jurisdictional conflicts, as different countries have different legal definitions and enforcement mechanisms for money laundering.

The Financial Action Task Force (FATF) develops and promotes international standards to combat money laundering and terrorist financing, and it evaluates and monitors countries’ compliance with these standards while providing recommendations for improvement.

Receiving funds from a decentralized mixer and using multiple incoming wires from different sources to purchase virtual currency are red flags, as they can indicate attempts to obscure the origin of funds and facilitate money laundering through virtual asset transactions.

An effective supervision regime includes both onsite and offsite reviews, cooperation on international and domestic levels, and access to a range of sanctions and outreach programs. This combination allows regulators to detect and address risks comprehensively while promoting compliance through engagement and enforcement.

FATF standards require financial institutions to adopt a risk-based approach (RBA) that is informed by national and sectoral risk assessments. These assessments identify key threats, vulnerabilities, and typologies within a jurisdiction or industry and provide essential context for institutional risk management.

Financial institutions must reference and align their internal AML/CFT risk assessments with the findings of NRAs and sectoral assessments. This means demonstrating awareness of identified risks and showing how these risks are mitigated through policies, controls, and procedures.

However, institutions are not required to copy or mechanically apply the exact methodologies, weightings, or conclusions of these assessments. Each institution must tailor its risk assessment to its own business model, customer base, products, services, and geographic exposure.

Board oversight is required, but NRAs do not dictate how internal assessments must be written or approved. The key regulatory expectation is alignment, awareness, and effective risk management—not rigid adoption.

A national risk assessment can identify high-risk sectors requiring enhanced due diligence and guide resource allocation to mitigate financial crime risks effectively, helping organizations align their risk-based approach with national priorities and threats.

The most important factor when selecting an anti-financial crime tool is its ability to integrate seamlessly with existing systems and processes. Effective integration ensures data consistency, operational efficiency, and improved detection and response to financial crime risks.

Predicate offenses are crimes that generate proceeds which may subsequently be laundered. FATF standards and national AML laws define a wide range of serious crimes as predicate offenses.

Bribery and corruption are among the most common predicate offenses, often involving large illicit payments that require laundering to disguise their origin. Fraud, including financial, consumer, and corporate fraud, is another primary source of illicit proceeds and is universally recognized as a predicate offense.

Organized crime and racketeering encompass coordinated criminal activities designed to generate ongoing illegal income, making them central predicate offenses under AML frameworks.

While arson may be considered a serious crime in some jurisdictions, and assault is generally not associated with financial gain, AML regimes focus primarily on crimes that generate substantial proceeds. Therefore, bribery, fraud, and organized crime are the most consistently recognized predicate offenses across jurisdictions.

Casinos are recognized as high-risk entities under AML/CFT frameworks due to their exposure to large cash volumes and convertible instruments such as chips. Regulators and FATF guidance highlight minimal or no gaming activity combined with rapid cash-out as a major red flag.

In this scenario, the player purchases a large amount of chips using multiple funding methods, including an international wire transfer, does not engage in any gambling, and then immediately cashes out. This behavior is consistent with placement and layering techniques, where a casino is used as a pass-through to legitimize illicit funds.

The absence of gaming activity strongly suggests that the intent was not entertainment but financial manipulation. Casinos are frequently misused for this exact purpose due to their ability to convert cash into “winnings.”

The other scenarios describe activity that may be higher risk but are consistent with legitimate casino behavior when properly documented.

Effective customer due diligence relies on authoritative, reliable, and relevant external data sources, as outlined in FATF standards and national AML regulations.

Sanctions lists, such as those maintained by OFAC, the EU, and the UN, are mandatory screening sources to ensure compliance with sanctions regimes. Registers of stolen or forged documents, where available, help detect identity fraud and false documentation during onboarding.

Additionally, beneficial ownership registers and adverse media sources are essential for identifying hidden ownership structures, corruption exposure, and reputational risk.

Customer reviews and lifestyle assessments from social media are not considered reliable or appropriate primary sources for AML screening due to privacy, accuracy, and governance concerns.

Shell companies and other high-risk business structures are commonly associated with money laundering schemes designed to obscure ownership and transaction purpose. FATF guidance identifies several red flags indicative of such misuse.

A mismatch between goods or services and the company’s stated business profile suggests fictitious or manipulated transactions. Insufficient information on originators or beneficiaries of funds transfers further increases suspicion, as transparency is a core AML requirement. Additionally, payments lacking a clear purpose or meaningful description may indicate layering or attempts to conceal illicit activity.

Conversely, well-documented transactions with established partners and legitimate audit trails are indicators of lower risk. While structuring below reporting thresholds can be suspicious, it must also be inconsistent with standard business practices to qualify as a red flag.

To maximize the benefits of PPPs while addressing data privacy and regulatory concerns, the bank should establish a clear framework within the partnership that defines privacy protections and ensures all information sharing complies with applicable legal and regulatory requirements across jurisdictions. This approach fosters trust, enables effective collaboration, and mitigates potential legal risks.

For multinational financial institutions, regulatory expectations are clear: institutions must comply with all applicable laws and regulations in each jurisdiction where they operate or where a transaction has regulatory touchpoints.

In this case, the transaction is subject to both U.S. and EU AML/CFT frameworks, including BSA reporting obligations, OFAC sanctions screening, 6AMLD requirements, and EBA supervisory expectations. Selecting only one regulatory regime would expose the institution to compliance failures and enforcement risk.

A dual-compliance approach ensures that reporting, sanctions screening, customer due diligence, and record-keeping obligations are met in both jurisdictions. This approach aligns with FATF principles on cross-border compliance and consolidated supervision.

Deferring to the “most stringent” regime is not sufficient, as different rules may apply to different aspects of the transaction. Therefore, simultaneous compliance is required.

Many jurisdictions lack robust sanctions frameworks, requiring international cooperation and education to improve compliance.

Option B (Correct):Educational initiatives such as AML/sanctions training and workshops help raise awareness and build capacity.

Option D (Correct):Bilateral cooperation allows knowledge-sharing and technical assistance between regulatory authorities.

Why Other Options Are Incorrect:

Option A (Incorrect):Trade restrictions may pressure non-compliant nations, but they do not directly improve sanctions awareness.

Option C (Incorrect):Enforcing fines without prior education or assistance is ineffective and may create diplomatic tensions.

Best Practices for Sanctions Awareness & Compliance:

Develop international AML/sanctions training programs for emerging markets.

Encourage diplomatic engagement to strengthen legal frameworks.

Leverage FATF’s Mutual Evaluation process to assess progress.

Scenario-based systems use algorithms to detect suspicious behaviors, such as transactions occurring at unusual times, those exceeding specified thresholds, or those taking place in locations inconsistent with a customer's typical activity. These anomalies help identify potential financial crime risks.

Customer onboarding is a critical AML/CFT process that must balance regulatory compliance with customer experience. Excessive friction can lead to customer dissatisfaction and abandonment.

Implementing internal or external tools—such as digital onboarding platforms, document collection tools, and workflow automation—can significantly streamline information gathering and reduce delays while maintaining compliance standards.

Additionally, consistent training of all employees involved in onboarding ensures that information requests are clear, consistent, and proportionate. Well-trained staff reduce rework, confusion, and unnecessary follow-ups, improving customer trust and efficiency.

Restricting decision-making to managers can slow processes, and delaying updates to processes reduces adaptability to evolving risks and regulatory expectations.

The CAMS 6th Edition specifically lists environmental crime as a predicate offense for money laundering. Environmental crimes include activities such as illegal logging, illegal mining, and illegal trade in wildlife.

“Environmental crime, including illegal logging and mining, is recognized as a predicate offense to money laundering. Such crimes often involve complex corporate structures to hide the illicit origin of the proceeds.”

(CAMS 6th Edition, Chapter: Risks and Methods of Money Laundering and Terrorist Financing; FATF Recommendations, Predicate Offenses)

Incorrect Options:

A: Trade-based ML refers to manipulating trade transactions, not the underlying crime.

B: Corruption may be involved, but the primary crime is environmental.

C: Illicit resource trade describes the act, but the official predicate crime category is environmental crime.

OFAC sanctions are a key element of the U.S. AML/CFT framework. According to the CAMS 6th Edition and OFAC regulations:

Blocked funds must be placed into an interest-bearing account on a financial institution's books (B):“Blocked property must be held in a separate interest-bearing account on the books of the U.S. financial institution.”(CAMS 6th Edition, Sanctions Compliance; OFAC FAQs)

Sanctions can be either comprehensive or selective using the blocking of assets and trade restrictions (C):“OFAC administers both comprehensive and targeted (selective) sanctions programs to fulfill U.S. foreign policy and national security goals.”(CAMS 6th Edition, Sanctions Compliance)

Incorrect Options:

A: OFAC can sanction entities, vessels, and organizations—not just individuals or those in foreign countries.

D: There is no automatic expiration of OFAC sanctions after five years.

“Tipping off” is a serious offense under AML/CFT legislation in many jurisdictions and is consistently addressed in FATF standards. It occurs when confidential information relating to a suspicious transaction, SAR, or ongoing investigation is disclosed without authorization to a person who is the subject of the report or whose knowledge could compromise the investigation.

Such disclosures may alert criminals, allowing them to conceal evidence, move funds, or evade law enforcement. For this reason, tipping off is typically a criminal offense, not merely a breach of internal policy.

The prohibition applies broadly—not only to AFC professionals but to anyone with access to sensitive AML information. Making detailed or targeted inquiries with a customer after a transaction has been flagged can constitute tipping off if it reveals suspicion or investigative activity. Relationship managers must be carefully controlled and should not be instructed to probe customers in a way that signals suspicion.

Therefore, the correct statement is that tipping off is an unauthorized disclosure that can prejudice an investigation.

Establishing a surveillance program with periodic risk assessments, access controls, and regular compliance reviews for employees, vendors, and third parties is the most effective way to mitigate insider threats and ensure ongoing adherence to AML regulations. This proactive approach continuously monitors risk rather than relying solely on initial checks or self-certifications.

A primary objective of public sector groups in combating money laundering is to establish and enforce legal and regulatory frameworks that enable the detection, prevention, and punishment of money laundering and related financial crimes, ensuring the integrity of the financial system.

A: FIs should ensure they have a general understanding of virtual assets and VASP operations to assess risks accurately.

C: Enhanced KYC measures are recommended for VASPs due to their higher ML/TF risk profile.

“FIs must understand the business model and risk of VASPs and apply enhanced due diligence as required by FATF and regulatory guidance.”(CAMS 6th Edition, Virtual Assets and VASPs; FATF Guidance)

Incorrect:

B: While monitoring transactions is important, it’s not a primary initial consideration for onboarding.

D: The FI’s own holdings are not relevant to due diligence on VASPs.

In anEnterprise-Wide Risk Assessment (EWRA),residual riskis the level of risk that remains after applying mitigating controls to theinherent risk(the risk present before controls are applied).

In this scenario, theinherent risk is highdue to the nature of private banking—high net worth clients,cross-border transactions,complex ownership structures, andhigh-value financial products. However, the institution has implementedrobust CDD and EDD, as well asadvanced transaction monitoring systems.

According to the CAMS Study Guide – 6th Edition, wheneffective and properly implemented controlsare in place, they cansignificantly reducethe residual risk—even in high-risk business areas like private banking. However, no control framework caneliminate all riskentirely.

Option Ais correct: Controls can significantly reduce the residual risk when strong, effective systems and procedures are in place.

Option Bis partially true but suggests inadequacy, which is not indicated here.

Option Cincorrectly assumes residual risk cannot be lowered even with controls.

Option Dis incorrect because residual riskcannot be eliminated entirely.

Financial institutions should have a standardized process for terminating customer relationships, including conducting risk assessments and documenting the reasons for termination. A final review of the customer’s transaction history helps address any outstanding concerns or unresolved issues. Keeping thorough records of the termination process ensures compliance and provides documentation in case of any future inquiries or disputes.

Among insurance products, group insurance products are generally considered the lowest risk for money laundering, according to FATF and insurance-sector AML guidance.

Group insurance policies are typically employer-sponsored, cover a large number of individuals, and involve limited individual control over premium payments, beneficiaries, or payouts. These characteristics significantly reduce the opportunity for misuse as a money laundering vehicle.

By contrast, permanent life insurance policies and annuities often include investment components, cash surrender values, or flexible premium structures, which increase their attractiveness for laundering illicit funds. Cash-secured products may also present placement or layering risks depending on structure and liquidity.

Therefore, group insurance products pose the lowest inherent AML risk.

B: When a subpoena is received, the institution should first consult with legal counsel to ensure the validity and scope of the subpoena. Compliance with law enforcement requests is mandatory and subject to strict legal obligations. All documentation and responses should be properly recorded.

“A subpoena requires a legal response; consult legal counsel to validate the request and respond as required by law.”

FinCEN 314(b) information-sharing requests are voluntary and can proceed only after fulfilling required legal steps, such as verifying membership in the program and ensuring information-sharing agreements are in place.

CAMS 6th Edition clarifies that “under no circumstances should a customer be notified of a law enforcement inquiry or subpoena.”

Once there is reasonable suspicion of money laundering, the next critical step is to draft and file a suspicious activity report (SAR) with the relevant financial intelligence unit within the required regulatory timeframe. The SAR should contain a clear chronology of transactions, relevant customer details, and the rationale for suspicion to support potential investigation by authorities.

Transaction monitoring governanceinvolves ensuring thatAML detection systems are effective, aligned with regulatory standards, and capable of identifying evolving threats.

Option B (Correct):Legal cooperation is essential for responding to subpoenas and law enforcement inquiries.

Option D (Correct):Regularly updating transaction monitoring scenarios ensures that the system adapts to emerging financial crime trends.

Why Other Options Are Incorrect:

Option A (Incorrect):SARs cannot be withdrawn unless an error was made—once filed, SARs remain confidential and must be retained.

Option C (Incorrect):Client profile updates are a CDD/KYC function, not directly related to transaction monitoring governance.

Best Practices for Transaction Monitoring Governance:

Regularly review system effectiveness through validation tests.

Collaborate with legal and compliance teams for risk mitigation.

Use AI and data analytics to refine detection accuracy.

A: Selling assets at a significant loss, especially shortly after purchase, is a classic red flag for asset laundering and value manipulation, which can be used to disguise the true nature of proceeds.

C: Transactions involving individuals from high-risk jurisdictions, as identified by the EU and FATF, warrant heightened scrutiny due to increased ML/TF risk.(CAMS 6th Edition, Red Flags for Complex Asset Transactions; EU List of High-Risk Third Countries)

B and D may contribute to complexity but are not the primary red flags in this scenario.

Forming complex trust structures and acting as a nominee director, providing tax advice to clients moving assets across borders, and assisting offshore entities from opaque jurisdictions in acquiring property are all higher-risk services. These activities may facilitate concealment of beneficial ownership, asset flight, or the integration of illicit funds into legitimate systems.

A rules-based approach to transaction monitoring relies on predefined rules that flag specific patterns and on setting thresholds that trigger automated alerts when exceeded. These techniques are fundamental to identifying potentially suspicious activities in a structured, deterministic way.

Tax evasion is a criminal offense and is widely recognized as a predicate offense to money laundering under FATF standards and national AML laws.

It involves the deliberate non-payment or under-reporting of taxes, often through false declarations, concealment of income, or failure to file required tax returns. The key distinction is intentional deception of tax authorities.

In contrast, tax avoidance refers to lawful strategies used to minimize tax liability within the boundaries of the law. Deductions and tax planning activities are legal and do not constitute tax evasion.

Because tax evasion generates illicit proceeds, it is directly relevant to AML/CFT frameworks, and financial institutions must be alert to indicators of tax-related financial crime.

Regulatory Technology (RegTech) is a specialized subset of FinTech that focuses on improving how organizations meet regulatory and compliance obligations, including AML/CFT requirements. RegTech solutions leverage technologies such as automation, data analytics, artificial intelligence, and machine learning to enhance efficiency, accuracy, and scalability.

In the AML context, RegTech supports functions such as customer due diligence (CDD), transaction monitoring, sanctions screening, regulatory reporting, and record-keeping. These tools help financial institutions reduce manual processes, improve detection of suspicious activity, and respond more quickly to regulatory changes.

SupTech, by contrast, refers to supervisory technology used by regulators, not regulated institutions. The other options are not recognized regulatory terms.

Global regulators, including FATF and national supervisory authorities, actively encourage the responsible adoption of RegTech as part of a risk-based approach, provided appropriate governance, data quality, and model oversight are in place.

In the context ofgambling and gaming sectors, a well-known money laundering typology is the use of platforms tointroduce illicit funds and withdraw them as "winnings". When a customerdeposits large cash amounts and quickly withdraws themwithout engaging in actual gambling, it indicates"placement and layering"techniques.

This behavior is indicative of attempts todisguise the origin of illicit funds, converting them into legitimate-looking financial flows. It is considered a classic red flag in AML programs related to casinos and online gaming.

The effectiveness of AML training programs depends on comprehensive content that covers relevant regulatory, risk, and procedural topics, combined with engaging delivery methods that promote retention and practical application by participants.

The United Nations Security Council (UNSC) is the only body with the legal authority under international law to impose binding sanctions on countries, entities, or individuals.

“The Security Council’s primary function in imposing sanctions is to maintain or restore international peace and security. These sanctions are legally binding on all UN member states.”

(CAMS 6th Edition, Chapter: International Sanctions and Proliferation Financing; United Nations Charter, Article 41)

Incorrect Options:

B: Sanctions may address AML/CFT failings, but the core mandate is international peace/security.

C: The UNSC does not primarily conduct research or impact analysis.

D: The purpose is international peace/security, not only domestic financial stability.

The US Department of the Treasury identifies money services businesses (MSBs) and non-profit organizations with international operations as high money laundering risks when they lose access to traditional financial institutions, as this can push them toward less regulated channels that are more vulnerable to abuse.

AML/CFT (Anti-Money Laundering/Countering the Financing of Terrorism) applications are heavily influenced by various laws and regulations. The most impactful areas include:

Information security, data privacy, and cybersecurity – AML/CFT compliance relies on collecting and analyzing financial data. Data protection laws (e.g., GDPR) impact how financial institutions store, share, and protect sensitive customer information while ensuring that AML measures remain effective.

Foreign exchange control, and precious gemstone and metal dealing – Criminals often launder money through foreign currency transactions, gold, diamonds, and other high-value assets. Regulations governing these sectors help prevent financial crime.

Consumer protection, financial inclusion, and ESG – AML/CFT frameworks must balance risk mitigation with ensuring access to financial services (financial inclusion). Additionally, ESG policies play a growing role in identifying illicit financial.

The CAMS 6th Edition clearly identifies a risk-based approach as the cornerstone of effective AML/CFT programs. Risk assessments should consider various risk factors that directly influence exposure to ML/TF.

Product risk (A): Certain products or services may present higher ML/TF risks, such as private banking, correspondent banking, or cash-intensive products.“Products and services offered, and their inherent risk levels, must be assessed as part of the risk-based approach.”(CAMS 6th Edition, AML Compliance Program, Risk Assessment)

Geographic risk (C): Jurisdictions where the customer operates or where transactions are conducted may present higher or lower risks due to factors such as weak AML regulations or high corruption.“Geographic risk considers where a customer is located and/or where transactions occur, referencing countries with increased risk, such as those identified by the FATF.”(CAMS 6th Edition, Risk Assessment Factors)

Customer risk (D): The type of customer, such as PEPs, non-residents, or companies with complex structures, may present higher ML/TF risks.“Customer risk assessment is based on the customer’s profile, activity, and ownership structure, and is a critical component in risk-based monitoring.”(CAMS 6th Edition, CDD/EDD)

Incorrect Options:

B (Credit risk): Related to creditworthiness, not ML/TF.

E (Liquidity risk): Refers to a firm’s ability to meet financial obligations; not an AML risk factor.

The Bank Secrecy Act (BSA) is the foundational Anti-Money Laundering (AML) and Counter-Terrorist Financing (CFT) law in the United States. Enacted in 1970, the BSA requires financial institutions to establish and maintain effective AML programs designed to detect and prevent money laundering and terrorist financing.

Under the BSA and its implementing regulations, financial institutions must implement key controls such as Customer Identification Programs (CIP), customer due diligence (CDD), enhanced due diligence (EDD) for higher-risk customers, transaction monitoring, record-keeping, and the filing of Suspicious Activity Reports (SARs) and Currency Transaction Reports (CTRs) with FinCEN.

While the USA PATRIOT Act expanded AML obligations—particularly in relation to terrorist financing—it amended and strengthened the BSA rather than replacing it. The Money Laundering Control Act criminalized money laundering activities but does not establish the operational compliance framework. MiCA is an EU regulation and does not apply in the U.S.

Therefore, the BSA remains the cornerstone of U.S. AML/CFT compliance requirements.

Money laundering has far-reaching consequences that extend beyond individual institutions and directly affect national and global economic stability. FATF and international bodies consistently highlight that large-scale money laundering can undermine political and economic systems.

One of the most significant impacts is the destabilization of legitimate governments. Money laundering enables organized crime, corruption, and terrorist financing, which can weaken public institutions, distort policy-making, and erode public trust. In extreme cases, criminal organizations gain influence over governments, law enforcement, or key economic sectors.

While money laundering can indirectly affect inflation and growth, it does not directly cause declining money supplies. “Sectoral polarization” is not a standard or widely recognized economic impact in AML literature. The most consistently recognized systemic consequence is the erosion of governance, rule of law, and institutional integrity.

Therefore, destabilization of legitimate governments is the most accurate and regulator-supported answer.

Effective AML programs promote aculture of compliance, which includes an environment where staff are empowered to raise concerns, challenge decisions, and continuously improve through cross-functional learning.Providing effective challengeis a supervisory expectation and best practice in institutions that value AML governance integrity.

While AML officer authority (option B) supports oversight, it is not as impactful on daily operational effectiveness as fostering a challenging and adaptive compliance culture.

A key advantage of privacy enhancing technologies (PETs) in anti-money laundering is their ability to securely process data while it remains encrypted. This enables data analysis and collaboration without exposing sensitive information, helping to maintain privacy while still supporting financial crime detection.

A risk-based approach is central to AML/CFT programs and includes:

A: Creating detailed risk profiles for customers based on their behaviors and connections.

C: Applying controls that are tailored to the actual risk (not a one-size-fits-all approach).

D: Performing a thorough risk assessment, considering customer, transaction, and geographic factors.

“A risk-based approach involves risk profiling, tailored controls, and comprehensive risk assessment across key risk factors.”

(CAMS 6th Edition, Risk-Based Approach and Risk Assessment)

Incorrect:

B: Monitoring only flagged customers is not sufficient.

E: Equal allocation of resources ignores differing risk levels.

D: “Family members and close associates of PEPs are often used as intermediaries to launder the proceeds of corruption or conceal illicit assets.”(CAMS 6th Edition, Enhanced Due Diligence for PEPs; FATF Guidance on PEPs)

Trust and company service providers (TCSPs) are classified as higher-risk entities under FATF guidance due to their role in forming and managing legal structures. As a result, TCSPs must implement robust AML controls to mitigate misuse for money laundering.

A key requirement is gathering and recording detailed client information, including the purpose of the legal entity and the identity of managers and ultimate beneficial owners (UBOs). This supports effective customer due diligence and transparency.

TCSPs must also apply additional safeguards when relying on instructions from another TCSP, particularly one located in a different jurisdiction. Reliance on intermediaries increases risk and requires enhanced scrutiny.

Additionally, TCSPs should document the basis on which they act as a registered officer and retain records of their involvement. This ensures accountability and traceability in line with record-keeping obligations.

Requiring clients to submit AML self-assessments to an FIU and conducting onsite evaluations are not standard or required practices under AML frameworks.

Key challenges in adopting new AML/CFT technologies are:

A: Data privacy—new tech often requires processing more personal data, raising privacy/regulatory concerns.

C: The Travel Rule—meeting global standards for information sharing in payments is a technology challenge.

D: Data quality—effective systems rely on accurate, comprehensive, timely data.

E: Complexity—integrating and managing new technology can increase operational complexity.(CAMS 6th Edition, Technology in AML/CFT; FATF Guidance on Digital ID and Fintech)

Fuzzy logic in customer screening systems is used to handle uncertainty and variability in data by producing outputs that include a range of intermediate possibilities between "Yes" and "No." This enables the system to identify potential matches that are not exact but still relevant, improving the detection of name variations and misspellings.

A risk appetite statement defines the amount and type of risk an organization is willing to accept in pursuit of its objectives. It must be clearly communicated to all stakeholders and supported by corresponding controls and processes to ensure it is embedded in day-to-day decision-making and risk management.

The vulnerability of insurance products to money laundering is typically assessed based on purpose and intended use, liquidity (how easily funds can be accessed or moved), and customer anonymity or use of third-party transactions, as these factors can be exploited to disguise illicit funds.

Public-private partnerships (PPPs) are a key component of modern AML/CFT frameworks and are strongly encouraged by FATF and national regulators. Their primary benefit lies in enhancing timely and effective information sharing between financial institutions, regulators, law enforcement, and financial intelligence units (FIUs).

Through PPPs, authorities can share typologies, red flags, and emerging threat intelligence, while private institutions contribute operational insights derived from real transaction data. This rapid exchange of information on risks, high-risk activities, and suspicious actors significantly improves the detection and prevention of money laundering and terrorist financing.

PPPs do not exist to source staffing resources, provide salaries, or ensure basic understanding of regulatory concepts such as PEPs, which are already addressed through standard AML requirements. Their true value is the speed, quality, and relevance of shared intelligence, allowing participants to respond more effectively to evolving financial crime threats.

USA PATRIOT Act Section 314(b)allows financial institutions tovoluntarily share information with one another, after notifying the U.S. Treasury, toidentify and report possible money laundering or terrorist financing activities.

Key elements include:

Voluntary participation

Prior notice to FinCEN (part of the U.S. Treasury)

Protection from liability when acting in good faith

Enhanced collaborative detection across institutions

Section 314(a)refers toinformation sharing between law enforcement and financial institutions, not peer-to-peer sharing.

COSMICis an initiative in certain jurisdictions like Singapore, not U.S. regulation.

Regulation (EU) 2024/1624is part of the EU AML framework, not relevant to U.S. institutions.

Policies, controls, and procedures must be proportionate to the size and nature of the firm, approved by senior management, and regularly reviewed to ensure they remain effective in preventing and mitigating financial crime risk while aligning with regulatory expectations.

B: If a bank fails to demonstrate sustained improvement or cannot resolve identified deficiencies, it can face civil or even criminal penalties from regulators. Regulators expect not just policy changes, but proof of effectiveness and ongoing compliance improvements.

C: Even after addressing many concerns, if all issues are not resolved—such as outstanding transaction monitoring backlogs—regulators may issue orders to further remediate the AML program until full compliance is achieved.

CAMS 6th Edition and regulatory guidance clarify that “regulators may impose penalties, issue consent orders, or require further remediation where weaknesses persist.”

Incorrect:

A: Secondary sanctions generally apply to sanctions violations, not standard AML program weaknesses.

D: Regulatory actions can be public and do pose reputational risk.

E: While transparency is sometimes required, this is not a universal regulatory response.

A financial institution may disclose a SAR only under a valid court order and after ensuring legal review and compliance with jurisdictional requirements. In most jurisdictions, SARs are highly confidential, and unauthorized disclosure - known as “tipping off” - is prohibited.

Trust and Company Service Providers (TCSPs) pose the greatest financial crime risks when they use trusts to obscure beneficial ownership, promote complex corporate structures that make tracing ownership difficult, and establish shell companies that can be used to hold and move illicit funds. These activities can facilitate money laundering, tax evasion, and other financial crimes by concealing the true origin and control of assets.

The remote gambling sector presents unique money laundering and terrorist financing risks due to its online, non-face-to-face nature, as recognized in FATF and national regulatory guidance.

A major risk is that customers are not physically present for identification, which increases impersonation and identity fraud risks and requires robust digital onboarding controls.

Another significant risk is the use of anonymous prepaid cards or other anonymous payment methods. These instruments reduce traceability and can be used to introduce illicit funds into gambling platforms with limited customer identification.

Additionally, numerous low-level transactions may indicate structuring behavior designed to avoid enhanced due diligence thresholds and monitoring controls. This tactic allows criminals to layer transactions while appearing consistent with normal gambling behavior.

Large cash deposits are less relevant in remote gambling, as transactions are typically electronic. Betting beyond affordability may indicate problem gambling but is not, by itself, a core AML risk indicator.

Trade-based money laundering red flags include third-party involvement in transactions, amended letters of credit without clear justification, and non-standard settlement arrangements, all of which can indicate attempts to disguise illicit fund movements or the true nature of the trade.

Regulatory reports—such as those published by FATF, FIUs, and supervisory authorities—provide valuable insights into emerging money laundering and terrorist financing risks.

A crucial step is systematically integrating identified risks into the institution’s internal risk assessment. This ensures that the organization’s understanding of threats remains current and aligned with regulatory expectations.

Another key action is building or enhancing transaction monitoring scenarios based on the typologies and red flags described in regulatory reports. This directly improves detection effectiveness and responsiveness to evolving threats.

While internal benchmarking and peer comparison may be useful, they are not substitutes for directly updating risk assessments and monitoring logic based on regulatory intelligence.

A risk-based approach involves conducting a comprehensive risk assessment, applying controls that match the identified risk levels, and creating detailed customer risk profiles to focus monitoring and resources where they are most needed to mitigate financial crime risks effectively.

Understanding the source and origin of assets (C):According to the CAMS 6th Edition (Chapter: Customer Due Diligence and Enhanced Due Diligence) and the EU 4th & 5th AML Directives, regulated entities are required to take adequate measures to understand the source of funds and the origin of assets of their customers, especially when there are higher risk factors such as large transactions or PEPs.“Firms must identify the source and origin of assets to ensure they are not the proceeds of crime or corruption, particularly for higher-risk customers.”(CAMS 6th Edition, CDD/EDD Requirements; EU Directive 2015/849, Article 20)

Performing negative news checks of prospective customers (D):Adverse media screening is an essential part of the onboarding process for identifying potential risks related to money laundering, terrorist financing, or reputational harm.“Negative news or adverse media checks form a vital component of the due diligence process, helping organizations detect links to criminal or suspicious activities.”(CAMS 6th Edition, CDD/EDD Requirements)

Incorrect Options:

A: Onboarding interviews may be part of EDD, but are not a standard or required AML control.

B: PEPs are not to be automatically rejected; instead, enhanced due diligence should be applied.

E: Producing financial stability reports is not an AML control, but may be relevant for credit or investment assessment.

The origin of the funds is a primary financial crime risk when dealing with a TCSP connected to a high-risk country. Funds originating from such jurisdictions may be linked to illicit activity, especially if source verification is weak or absent.

Public-private partnerships allow public organizations to gain insights from the private sector to shape effective policies and legislation. Additionally, strong data protection and privacy frameworks help create secure information-sharing protocols within PPPs, enhancing collaboration while preventing unauthorized access.

E-commerce platforms face KYC challenges due to a global and diverse customer base, making due diligence complex, while criminals may exploit identity fraud to pass KYC checks and facilitate layering in money laundering schemes. These factors increase the financial crime risks for such businesses.

Customer segmentation is a foundational element of effective transaction monitoring and is strongly aligned with the risk-based approach promoted by FATF and national regulators.

Customers differ significantly in their transaction behavior depending on factors such as customer type, industry, geography, products used, and transaction volumes. By grouping customers into similar peer segments, institutions can more accurately establish expected behavior and identify anomalies that may indicate suspicious activity.

Comparing customers across a single large population would mask meaningful deviations and generate excessive false positives or missed risks. Segmentation improves alert quality, efficiency, and investigative focus.

Customer segmentation is not limited to sanctions compliance; it is a core AML transaction monitoring practice used to detect money laundering, terrorist financing, and other financial crimes.

Life insurance products vary significantly in their exposure to money laundering risk. FATF guidance and insurance-sector AML standards emphasize that flexibility, liquidity, and cross-border features increase product risk.

Products that allow changes to beneficiaries after policy inception present higher risk because criminals may initially name a legitimate beneficiary and later substitute another party to obscure the true recipient of funds. This flexibility can be exploited to disguise beneficial ownership.

Products with cash surrender values are particularly vulnerable to money laundering. Criminals may place illicit funds into policies and later redeem them, creating an appearance of legitimate insurance proceeds. This characteristic is widely recognized as a high-risk factor.

International coverage, including cross-border health insurance features, increases geographic risk exposure, particularly when funds or claims involve higher-risk jurisdictions with weaker AML controls.

By contrast, annuities with deferred income streams typically limit liquidity, reducing laundering risk. Products that restrict fund transfers further reduce misuse potential and are considered lower risk.

FATF standards identify several designated non-financial businesses and professions (DNFBPs) as obliged entities due to their exposure to money laundering risks. These gatekeepers are required to perform customer due diligence (CDD).

Notaries involved in real estate transactions play a critical role in property transfers and are required to identify parties and beneficial owners. Dealers in precious metals and stones handle high-value, portable assets attractive to criminals. Real estate agents facilitate property purchases often used to launder large sums of money. Accountants and auditors may assist in financial structuring, tax planning, or company formation and must conduct CDD when providing covered services.

Casino security guards and judges are not obliged entities under AML/CFT frameworks.

Unusual wire transfer transactions may include transfers in different currencies between accounts at different banks for the same client, which can be used to obscure fund flows, and incoming third-party transfers followed by real estate purchases, which may indicate layering and integration stages of money laundering. These patterns deviate from typical financial behavior and warrant closer scrutiny.