CAMS Sample Questions Answers

Explainable artificial intelligence (AI) and machine learning (ML) technologies are increasingly adopted within AML/CFT compliance to enhance effectiveness while maintaining regulatory transparency. Regulators emphasize that explainability and human oversight are essential when using advanced analytics.

One key benefit is the ability to process and analyze large volumes of data quickly and accurately. AML programs must review massive transaction datasets, customer profiles, and behavioral patterns. AI and ML models improve detection capabilities by identifying complex patterns and anomalies that may not be evident through traditional rule-based systems.

Another critical benefit of explainable AI is improved auditability, accountability, and governance. Explainable models allow compliance teams, auditors, and regulators to understand how decisions are made, why alerts are generated, and how risks are assessed. This transparency supports regulatory compliance and model governance requirements.

AI systems are not intended to replace human involvement or eliminate compliance staff. Human judgment remains essential for investigations, decision-making, and regulatory reporting.

C: “The system must be adequate and proportionate to the bank’s size, activities, complexity, and risk profile. A one-size-fits-all solution is not appropriate.”

D: “Effective monitoring systems should support the detection of unusual trends and business relationships, facilitating meaningful analysis and alerts.”(CAMS 6th Edition, Transaction Monitoring System Requirements)

Incorrect:

A: Vendor internal controls are important, but not a top selection criterion for AML system effectiveness.

B: Permissions should be appropriate for the bank’s structure, not just compared to other banks.

After identifying and rating inherent risks, the next key step in the risk assessment process is to evaluate the effectiveness of existing controls. This allows the organization to calculate the residual risk - i.e., the level of risk remaining after controls are applied.

The FATF’s core role is to enhance international cooperation against money laundering and terrorist financing through setting global standards (“Recommendations”) and issuing guidance.

“The FATF is an intergovernmental body whose purpose is the development and promotion of national and international policies to combat money laundering and terrorist financing.”

The FATF does not have authority to oversee FIUs, nor does it regulate financial markets directly.

The US Department of the Treasury identifies money services businesses (MSBs) and non-profit organizations with international operations as high money laundering risks when they lose access to traditional financial institutions, as this can push them toward less regulated channels that are more vulnerable to abuse.

Potential indicators of terrorist financing abuse in non-profit organizations include large, unaccounted cash donations from anonymous sources, which can disguise illicit funding, and operations in high-risk jurisdictions with limited oversight, where regulatory and monitoring frameworks may be weak.

Effective customer due diligence relies on authoritative, reliable, and relevant external data sources, as outlined in FATF standards and national AML regulations.

Sanctions lists, such as those maintained by OFAC, the EU, and the UN, are mandatory screening sources to ensure compliance with sanctions regimes. Registers of stolen or forged documents, where available, help detect identity fraud and false documentation during onboarding.

Additionally, beneficial ownership registers and adverse media sources are essential for identifying hidden ownership structures, corruption exposure, and reputational risk.

Customer reviews and lifestyle assessments from social media are not considered reliable or appropriate primary sources for AML screening due to privacy, accuracy, and governance concerns.

The pseudonymous nature of cryptoasset transactions enables criminals to transfer large sums globally while concealing their identities. This lack of transparency poses a significant money laundering risk, as it hinders efforts to trace the ultimate beneficial owner.

Application Programming Interfaces (APIs)are tools that enableinterconnectivity and data exchangebetween different software applications. In AML contexts, APIs are commonly used tointegrate third-party systems, such as screening tools, customer databases, and transaction monitoring platforms, ensuring real-time and accurate flow of information.

This technological capability supports enhancedautomation, agility, and efficiencyin AML processes.

The Financial Action Task Force (FATF) is the global standard-setter for AML/CFT and counter-proliferation financing. Its mandate is focused on standard-setting, assessment, and international coordination, not enforcement or prosecution.

One of FATF’s primary functions is developing international standards, known as the FATF Recommendations, which form the basis of national AML/CFT regimes worldwide.

FATF also identifies high-risk and non-cooperative jurisdictions with strategic AML/CFT deficiencies and works with them to address these weaknesses. Public identification encourages reform and enhances global financial integrity.

Additionally, FATF maintains strong engagement with international organizations, regional bodies, and the private sector to promote consistent implementation of standards.

FATF does not prosecute countries or suspend membership based on evaluation outcomes.

D: NGOs play an important role in raising awareness about money laundering, lobbying for strong AML/CFT laws, and educating the public and stakeholders about the risks and consequences.

“NGOs help combat money laundering primarily through advocacy, education, and raising public and industry awareness.”(CAMS 6th Edition, Role of NGOs in AML/CFT)

E-commerce business models are exposed to several financial crime risks that are clearly identified in Anti-Money Laundering (AML) and Counter-Terrorist Financing (CFT) regulatory guidance, including publications from the Financial Action Task Force (FATF) and national supervisory authorities.

One key risk is the use of stolen bank card or payment data to purchase goods or services online. E-commerce platforms are particularly vulnerable to card-not-present fraud, where criminals exploit remote payment channels to generate illicit proceeds.

Another common risk is fraud against customers through non-delivery of goods or services. In these cases, fraudulent merchants accept payments without any intention of fulfilling orders. This form of consumer fraud is recognized as a predicate offense to money laundering under AML frameworks.

Additionally, online marketplaces may be abused to move or disguise criminally obtained funds. Criminals may conduct fake transactions, self-purchases, or repeatedly buy and resell goods to legitimize illicit funds. This activity aligns with recognized typologies such as transaction laundering and trade-based money laundering.

Although export control evasion and bribery and corruption are serious financial crimes, they are not typically considered common or inherent financial crime risks specific to standard e-commerce business models in AML/CFT guidance.

The UN Security Council has the authority to impose sanctions specifically to maintain or restore international peace and security.

Financial institutions must conduct thorough background checks on employees in sensitive roles (e.g., private banking) to mitigate fraud, insider trading, and money laundering risks.

Option A (Correct):Past employment records help verify work history and identify any red flags related to prior financial misconduct.

Option D (Correct):Internet and media searches reveal any negative press, regulatory issues, or connections to illicit activity.

Option E (Correct):Criminal history searches help screen for prior convictions related to financial crimes.

Why Other Options Are Incorrect:

Option B (Incorrect):Personal references are less reliable and may not uncover objective risk factors.

Option C (Incorrect):A resume is self-reported and should be verified using independent sources.

Best Practices for Employee Background Screening:

Conduct enhanced due diligence for high-risk roles (e.g., private bankers, compliance officers).

Use reliable background screening tools and legal databases.

Verify employment history and check against regulatory blacklists.

The United Nations Security Council (UNSC) is authorized under the UN Charter to imposebinding sanctions measureson member states. These sanctions may target countries, entities, or individuals and can include arms embargoes, travel bans, asset freezes, and restrictions on trade or financial services.

Statement Ais correct:

Circumventing or evading UNSC sanctionsmay constitute a criminal offenseif the jurisdiction has incorporated UN obligations into domestic law. While the UNSC does not directly impose criminal penalties,member states must implement these measures locally, andmany jurisdictions have lawsthat make such violations criminal acts.

Statement Bis incorrect:

The UNSC is empowered toimpose broad restrictions, includingtrade bans beyond arms, such as on luxury goods, fuel, or specific commodities. Therefore, the idea that it cannot prohibit exports beyond arms is inaccurate.

Statement Cis correct:

Member countries of the United Nations are expected to implement and enforce UNSC sanctions, in accordance with their obligations under the UN Charter (specifically Chapter VII). Countries are responsible for transposing these sanctions into their national legal frameworks.

Statement Dis incorrect:

Although member countries are required to enforce sanctions,not all countries automatically consider breaches a criminal offense. Whether a violation is criminal depends on how each country enacts UN sanctions domestically.

Predicate offenses are crimes that generate proceeds which may subsequently be laundered. FATF standards and national AML laws define a wide range of serious crimes as predicate offenses.

Bribery and corruption are among the most common predicate offenses, often involving large illicit payments that require laundering to disguise their origin. Fraud, including financial, consumer, and corporate fraud, is another primary source of illicit proceeds and is universally recognized as a predicate offense.

Organized crime and racketeering encompass coordinated criminal activities designed to generate ongoing illegal income, making them central predicate offenses under AML frameworks.

While arson may be considered a serious crime in some jurisdictions, and assault is generally not associated with financial gain, AML regimes focus primarily on crimes that generate substantial proceeds. Therefore, bribery, fraud, and organized crime are the most consistently recognized predicate offenses across jurisdictions.

A risk-based approach to anti-financial crimes means allocating resources and implementing controls proportionate to the level of identified risk. This ensures that higher-risk areas receive more focus and resources, improving both effectiveness and efficiency in mitigating financial crime risks.

A core requirement of applying a risk-based approach (RBA) in customer due diligence for legal entity clients is the identification and verification of beneficial ownership. FATF standards require financial institutions to take reasonable measures to identify and verify the identity of the natural persons who ultimately own or control a legal entity.

Understanding beneficial ownership is critical because complex corporate structures can be misused to conceal illicit ownership, launder money, or evade sanctions. The depth of verification required depends on the assessed risk level of the customer, with higher-risk entities requiring enhanced due diligence.

Information such as market competition or profitability is not relevant to AML/CFT risk assessment. While open-source information may support due diligence, relying solely on internet or social media sources is insufficient and inconsistent with regulatory expectations.

Therefore, verifying beneficial ownership is the most essential and regulator-mandated CDD measure under a risk-based approach.

Artificial intelligence and machine learning technologies support the risk-based approach (RBA) to AML compliance by enhancing an institution’s ability to identify, assess, and prioritize financial crime risks. Regulatory guidance emphasizes that these technologies should augment—not replace—human judgment.

One key benefit is advanced customer risk assessment. AI and ML can synthesize large volumes of customer data, including background information, transaction behavior, and external risk indicators, allowing institutions to develop more accurate and dynamic risk profiles.

AI and ML also enable the identification of complex networks among seemingly unrelated clients. Through network analytics and pattern recognition, these tools can uncover hidden relationships used in layering and structuring activities.

Additionally, AI-driven systems excel at detecting complex money laundering patterns within transaction data that may not trigger traditional rule-based alerts, improving effectiveness and efficiency.

Automatically generating SARs or adapting thresholds without human oversight is inconsistent with regulatory expectations. Human review and governance remain essential components of AML compliance.

A National Risk Assessment (NRA) provides valuable guidance on which customers, products, services, and transactions pose the highest risk for money laundering and terrorist financing, enabling financial institutions to tailor their risk-based approach and allocate resources more effectively.

A (ISO): Ensures information security controls are aligned with AFC efforts, protecting sensitive data and reducing the risk of cyber-enabled financial crime.

D (DPO): Helps ensure compliance with data privacy laws and enables secure, lawful information-sharing for AML purposes.

“Collaboration with the ISO and DPO is critical to maintaining data security and privacy within AFC compliance frameworks.”(CAMS 6th Edition, Governance and Cross-Functional Collaboration)

When using network analysis tools, it’s important to avoid algorithmic bias toward social criteria to ensure fairness, analyze connections between individuals or entities to identify links and structures, and study relationships within networks to uncover hierarchies, behaviors, movements, and group organization relevant to detecting criminal activity.

Establishing a surveillance program with periodic risk assessments, access controls, and regular compliance reviews for employees, vendors, and third parties is the most effective way to mitigate insider threats and ensure ongoing adherence to AML regulations. This proactive approach continuously monitors risk rather than relying solely on initial checks or self-certifications.

Terms of Reference (ToR) are a fundamental governance document that define how a committee operates, makes decisions, and fulfills its responsibilities. Regulatory guidance and corporate governance best practices emphasize clarity and accountability in committee mandates.

The extent of power and decision-making authority must be clearly defined to ensure members understand what decisions they are authorized to make and where escalation is required. This prevents overlaps or governance gaps.

The composition and structure of the committee, including membership criteria and roles, ensures appropriate expertise and representation. This is essential for effective oversight, particularly in AML/CFT and risk committees.

Delegation of authority outlines how responsibilities may be assigned or escalated, supporting efficient decision-making while maintaining accountability.

Organization charts and company culture statements are not typically core components of a ToR, as they do not define operational authority or governance mechanics.

An adequate organizational policy must be up to date with all relevant regulatory developments to remain compliant, and it must be clearly communicated and understood by staff to ensure proper implementation and adherence.

The finance industry is inherently vulnerable to money laundering risks due to the nature, scale, and complexity of its operations. FATF and global regulators consistently identify several structural characteristics that increase exposure to illicit financial activity.

One major vulnerability is the availability of complex financial products and services, such as derivatives, correspondent banking, and structured investments. These products can be misused to disguise the origin of funds through layering and complex transaction chains.

Another key risk arises from engagement with high-risk jurisdictions. Financial institutions often operate across borders, including in countries with weak AML controls or limited regulatory oversight, increasing exposure to money laundering and terrorist financing risks.

Additionally, high transaction volumes present a significant challenge. The sheer scale and speed of transactions make it difficult to detect suspicious activity, particularly when illicit transactions are deliberately structured to blend in with legitimate activity.

In contrast, heightened regulatory obligations and investments in technology are risk-mitigating factors, not vulnerabilities. They are designed to reduce exposure to financial crime rather than increase it.

FATF standards identify several designated non-financial businesses and professions (DNFBPs) as obliged entities due to their exposure to money laundering risks. These gatekeepers are required to perform customer due diligence (CDD).

Notaries involved in real estate transactions play a critical role in property transfers and are required to identify parties and beneficial owners. Dealers in precious metals and stones handle high-value, portable assets attractive to criminals. Real estate agents facilitate property purchases often used to launder large sums of money. Accountants and auditors may assist in financial structuring, tax planning, or company formation and must conduct CDD when providing covered services.

Casino security guards and judges are not obliged entities under AML/CFT frameworks.

AI and machine learning in adverse media screening can reduce human error through consistent analysis, automate the detection of new versus previously reviewed information, and process multiple languages and scripts, enabling broader and more accurate coverage than human review alone.

Tax evasion is the deliberate and illegal act of not paying taxes that are legally owed. It is a criminal offense that can have serious consequences, including penalties, fines, and imprisonment.

Life insurance products vary significantly in their exposure to money laundering risk. FATF guidance and insurance-sector AML standards emphasize that flexibility, liquidity, and cross-border features increase product risk.

Products that allow changes to beneficiaries after policy inception present higher risk because criminals may initially name a legitimate beneficiary and later substitute another party to obscure the true recipient of funds. This flexibility can be exploited to disguise beneficial ownership.

Products with cash surrender values are particularly vulnerable to money laundering. Criminals may place illicit funds into policies and later redeem them, creating an appearance of legitimate insurance proceeds. This characteristic is widely recognized as a high-risk factor.

International coverage, including cross-border health insurance features, increases geographic risk exposure, particularly when funds or claims involve higher-risk jurisdictions with weaker AML controls.

By contrast, annuities with deferred income streams typically limit liquidity, reducing laundering risk. Products that restrict fund transfers further reduce misuse potential and are considered lower risk.

Real estate ML/TF risk is highest where transparency is low or the origin of funds is obscured:

Use of cash to purchase property (A):“All-cash transactions in real estate present a high ML risk, as they bypass traditional financial scrutiny and facilitate the placement of illicit funds.”(CAMS 6th Edition, Real Estate Money Laundering Risks)

Use of a company for the purchase of property (D):“Purchasing property through companies, especially shell companies, can conceal the beneficial owner and the true source of funds.”(CAMS 6th Edition, Real Estate ML/TF Risks; FATF, Real Estate Sector)

Incorrect Options:

B: Unlicensed agents may be risky, but the core risks are A and D.

C: Trusts may add complexity but are less common/high-risk than company structures.

E: Value manipulation is risky but less so than the above.

Analyzing the most recent National Proliferation Financing Risk Assessment from the relevant authority provides an organization with authoritative, up-to-date insights into current threats, high-risk sectors, and jurisdictional exposures, enabling better understanding and mitigation of proliferation financing risks.

Key performance indicators (KPIs) are essential for evaluating the effectiveness and efficiency of transaction monitoring systems within an AML/CFT program. Regulators expect institutions to monitor how well their systems identify, prioritize, and resolve suspicious activity.

The number of alerts raised provides insight into system sensitivity and potential over- or under-alerting. Tracking alerts by region helps institutions identify geographic risk concentrations and emerging threats. The average time to review an alert measures operational efficiency and whether investigations are conducted promptly, as required by regulatory expectations.

Hiring timelines and transaction volumes by top customers are operational or business metrics and do not directly assess transaction monitoring effectiveness.

A robust transaction monitoring system is a core component of an effective Anti-Money Laundering (AML) and Counter-Financial Crime (AFC) program. Regulatory guidance from FATF and national supervisors emphasizes that the primary purpose of transaction monitoring systems is to detect unusual or suspicious activity by analyzing customer transactions and identifying anomalies or patterns that may indicate money laundering, terrorist financing, or other financial crimes.

These systems use predefined rules, thresholds, and increasingly advanced analytics to monitor transactions in real time or retrospectively. Alerts generated by the system are reviewed by compliance professionals, who determine whether further investigation or reporting is required.

While transaction monitoring systems may support the preparation of regulatory reports, such as SARs or CTRs, the actual filing of these reports typically requires human review and approval and is not the defining capability of the monitoring system itself. Features such as automatic document translation or integration of social media profiles are not considered core or necessary functions under AML regulatory expectations.

Therefore, the essential capability of a robust transaction monitoring system is its ability to monitor transactions and detect anomalies indicative of suspicious activity.

Anti-Money Laundering (AML) regulations and guidance from bodies such as the Financial Action Task Force (FATF) emphasize the importance of a risk-based approach when identifying and managing money laundering and terrorist financing risks. Network analysis tools are commonly used by financial institutions to detect direct and indirect relationships between customers and known criminal entities. However, without prioritization, these tools may generate large volumes of alerts that reduce operational effectiveness.

Implementing risk-scoring algorithms for indirect connections allows the institution to rank identified relationships based on factors such as proximity to criminal entities, transaction volume, frequency, customer risk rating, and typology relevance. This enhances the tool’s effectiveness by enabling compliance teams to focus on the highest-risk relationships first, in line with regulatory expectations for efficient and proportionate controls.

Manually reviewing all flagged relationships is impractical and inconsistent with scalable AML programs. Integrating external databases or social media profiles may raise data quality, privacy, and governance concerns and is not a primary solution for prioritization. Focusing only on direct connections would weaken the AML framework, as criminals frequently use layered and indirect relationships to conceal illicit activity.

Therefore, applying risk-based scoring methodologies is the most effective and regulator-aligned way to enhance network analysis tools.

A financial institution may disclose a SAR only under a valid court order and after ensuring legal review and compliance with jurisdictional requirements. In most jurisdictions, SARs are highly confidential, and unauthorized disclosure - known as “tipping off” - is prohibited.

FIUs rely on formal cooperation mechanisms to exchange information lawfully and efficiently across borders. One of the most widely used mechanisms is a Memorandum of Understanding (MOU) between FIUs in different jurisdictions.

MOUs establish the terms, scope, confidentiality protections, and procedures for sharing financial intelligence. They enable FIUs to exchange information directly, quickly, and securely while respecting data protection and domestic legal requirements. This structure significantly reduces bureaucratic delays and supports effective cross-border investigations.

FATF and regional bodies are standard-setters and evaluators, not operational information-sharing hubs. The Wolfsberg Group is a private-sector association and does not facilitate FIU-to-FIU communication. MLATs are used primarily by law enforcement and judicial authorities for criminal proceedings and arrests—not for FIU intelligence exchange.

Therefore, MOUs are the correct and most appropriate mechanism for FIU cooperation.

When reviewing business operations of a Money Services Business (MSB), it is critical to identify behaviors that indicate potential money laundering activity. TheCAMS Study Guide – 6th Editionoutlines severalred flagscommonly associated with MSBs.

Option Ais correct:

A customer beinghesitant to provide beneficiary information, such as the name or address, is a red flag. It may indicate attempts to hide the true purpose or recipient of the funds and could suggeststructuring or layering activity.

Option Dis correct:

A customer usingmultiple accounts under different namesto conduct transactions is a strong red flag. This could indicate efforts toobscure ownership, avoid detection, or conductsuspicious structuringbehavior to stay below reporting thresholds.

Option Bis incorrect:

While large cash deposits from cash-intensive businesses may require further review, they are not inherently suspicious unlessinconsistent with the nature of the business or transaction volume.

Option Cis incorrect:

Currency exchanges under the reporting threshold, even from high-risk jurisdictions, are not in themselves red flags unless they show a pattern ofstructuringor are part oflarger suspicious behavior.

Option Eis incorrect:

Frequent small-dollar transfers to a native country may benormal remittance behaviorand only become suspicious if tied to additional indicators such asstructuring or third-party involvement.

Effective oversight of transaction monitoring includes:

Periodic review of client profiles to ensure up-to-date information for high-risk clients (B):“Reviewing and updating customer profiles is essential to ensure that monitoring scenarios are based on current risk data.”(CAMS 6th Edition, Transaction Monitoring and Customer Due Diligence)

Periodic review of transaction monitoring scenarios and productivity to ensure appropriate AML typologies are reflected (D):“Firms should periodically review the parameters and output of transaction monitoring systems to ensure they continue to identify relevant ML/TF risks and typologies.”(CAMS 6th Edition, Monitoring and Surveillance)

Incorrect Options:

A: Cooperation with the legal team is important, but not a core strategy for monitoring governance.

C: SARs filed with FinCEN should not be withdrawn unless new evidence requires it; review should focus on process, not withdrawal.

The First Line of Defense (1LoD) consists of customer-facing business units (e.g., relationship managers, front-office staff, and operational teams). Their primary responsibility in financial crime risk management is to implement AML/CFT controls as part of daily operations. This includes Collecting complete customer information.

The First Line of Defense is responsible for conducting Know Your Customer (KYC) and Customer Due Diligence (CDD) during onboarding and throughout the customer relationship. Ensuring that all relevant customer details (e.g., identity, business purpose, ownership structure) are accurately collected and documented is crucial for mitigating financial crime risks.

Artificial intelligence (AI) enhances transaction monitoring by complementing or improving upon traditional rules-based systems. Regulators recognize that AI can strengthen AML programs when deployed with appropriate governance and oversight.

One key benefit is the ability to identify changes in customer behavior over time. AI models analyze historical and real-time data to detect deviations from expected patterns, allowing institutions to reassess customer risk more dynamically and accurately.

AI can also generate predictive customer risk scores, helping institutions prioritize alerts and focus investigative resources on higher-risk customers and activities. This improves efficiency and effectiveness while supporting a risk-based approach.

AI is designed to reduce false positives, not increase them, and bias must be carefully managed during training through governance and data controls.

Appointing individuals to serve in official capacities poses a higher money laundering risk because it can be used to obscure the true beneficial ownership and control of the company, making it easier to conceal illicit activities or the identity of those directing the business.

The first step in designing an effective controls framework using a risk-based approach is conducting a risk assessment. This identifies and evaluates inherent risks, providing the basis for determining which controls are necessary and how they should be prioritized.

A primary objective of public sector groups in combating money laundering is to establish and enforce legal and regulatory frameworks that enable the detection, prevention, and punishment of money laundering and related financial crimes, ensuring the integrity of the financial system.

Real estate transactions are vulnerable to ML/TF risks, particularly when there is limited transparency or unusual payment methods:

Cross-border purchases (A):“Purchases by foreign buyers, especially from high-risk jurisdictions, are a red flag for money laundering in the real estate sector.”(CAMS 6th Edition, Real Estate Money Laundering Risks; FATF, Money Laundering and Terrorist Financing through the Real Estate Sector, 2007)

Non-financed purchases (D):“Non-financed (all-cash) purchases can indicate the introduction of illicit funds into the financial system, bypassing the controls of mortgage lenders.”(CAMS 6th Edition, Real Estate ML/TF Risks)

Incorrect Options:

B: Purchasing in the name of a natural person is standard and not inherently risky.

C: Paying the true market price does not raise ML/TF risk.

Under FinCEN Section 314(b), financial institutions are permitted to share information with other financial institutions about suspected money laundering or terrorist financing activities. This collaboration helps identify and report suspicious transactions while complying with legal safeguards and privacy requirements.

FATF Recommendation 29 states that an FIU should serve as a national center for the receipt and analysis of suspicious transaction reports and other information relevant to money laundering and terrorist financing.

“The FIU should serve as a national center for the receipt and analysis of suspicious transaction reports (STRs) and other information relevant to ML/TF, and for the dissemination of the results of that analysis.”

(CAMS 6th Edition, Role of the FIU; FATF Recommendation 29)

Open-source tools offer cost-effective access to diverse data sources, making them valuable for financial crime investigations. They also support partial automation of data collection and analysis, reducing manual effort and improving efficiency in identifying suspicious patterns or links.

Proliferation financingrefers to the act of providing financial services or funds for thedevelopment, acquisition, or delivery of nuclear, chemical, or biological weapons. The core threat involvesnetworks of individuals and entities using the financial systemto obtain sensitive technologies, materials, or knowledge forweapons of mass destruction (WMDs).

TheFinancial Action Task Force (FATF)identifies this as a major international security threat and requires institutions to assess and mitigate such risks.

The susceptibility of a company or jurisdiction to ML/TF abuse is significantly increased by:

Permissibility of bearer shares (B):“Bearer shares make it easy to hide ownership and control, presenting a major risk for misuse by criminals.”(CAMS 6th Edition, Beneficial Ownership and Company Transparency)

Rules governing the disclosure of beneficial ownership by the jurisdiction (C):“Weak requirements or loopholes in beneficial ownership disclosure are frequently exploited to conceal criminal involvement in corporate structures.”(CAMS 6th Edition, Chapter: Legal Persons and Arrangements)

Incorrect Options:

A: High or low fees are not a significant ML/TF risk driver.

D: Ease of travel is unrelated to ML/TF risk related to company structures.

A Financial Intelligence Unit (FIU) functions as the central hub for receiving and analyzing suspicious activity reports and can obtain additional information from reporting entities to support law enforcement in investigating and combating financial crimes.

Using multiple sanctions lists ensures that financial institutions meet international regulatory obligations and can identify sanctions-related risks across different jurisdictions. This comprehensive approach strengthens compliance and reduces the likelihood of exposure to sanctioned individuals or entities.

The real estate sector is recognized by FATF as vulnerable to money laundering due to the high value of transactions and the ability to integrate illicit funds into legitimate assets.

Key red flags include the use of commercial properties in ways inconsistent with the declared business purpose, which may indicate the property is being used to park or disguise illicit funds rather than generate legitimate income.

The use of complex loans or credit financing arrangements can be employed to obscure the true source of funds and create artificial legitimacy. Similarly, corporate vehicles and complex ownership structures are frequently used to conceal beneficial ownership.

Unexplained cash payments are among the most common and serious indicators of money laundering in real estate transactions, particularly when inconsistent with the buyer’s profile or local market practices.

The mere use of mortgages or agricultural land does not inherently indicate money laundering risk.

One of the biggest organizational challenges for law enforcement agencies and Financial Intelligence Units (FIUs) in cross-border money laundering (ML) investigations is dealing with jurisdictions that do not have an FIU or lack proper AML enforcement structures. When funds are transferred through countries without effective AML frameworks, it becomes difficult to trace, freeze, or recover illicit assets.

Key challenges include:

Lack of mutual legal assistance agreements (MLAs), which slows down or prevents information-sharing.

Weak AML regulations in some countries, making it easier for criminals to exploit financial systems.

Jurisdictional conflicts, as different countries have different legal definitions and enforcement mechanisms for money laundering.

Trade-Based Money Laundering (TBML) is a recognized method used to move and disguise illicit funds through trade transactions. Regulatory guidance from FATF highlights several red flags that may indicate TBML risks.

Irregular or inconsistent trade volume and frequency that deviates from a counterparty’s historical activity can suggest artificial or manipulated transactions. This behavior may indicate over- or under-invoicing or fictitious trade.

Structuring transactions below reporting thresholds, such as repeated cash deposits just under regulatory limits, is a classic money laundering technique used to avoid detection and reporting obligations.

Engaging in unusual shipping routes, methods, or counterparties that do not align with normal business practices is another key TBML indicator. Criminals often use complex or illogical logistics to obscure the true nature of transactions.

Conversely, detailed trade documentation and transparent pricing with proactive explanations are indicators of legitimate trade activity and reduce AML risk rather than increase it.

PEPs are recognized by CAMS 6th Edition and FATF as posing elevated risk due to:

A. The family members and close associates of PEPs may be involved in illicit activities:“The risks extend beyond the PEP to family members and close associates, who may be used to conceal the movement of illicit funds.”(CAMS 6th Edition, PEP Risk Factors; FATF Guidance)

C. PEPs may exploit embassy activities to conceal bribery and corruption transactions:“PEPs may use their position or diplomatic privileges, such as embassy operations, to disguise or facilitate the movement of illicit funds.”(CAMS 6th Edition, Corruption and PEP Risks)

Incorrect Options:

B: There is no such legal provision granting PEPs financial immunity or unlimited credit.

D: Banks may (and often must) exit PEP relationships not in line with their risk appetite.

While regulatory compliance, cost efficiency, and operational considerations are important, the primary objective of AML/CFT measures is to reduce and manage the risks and threats of financial crime. FATF emphasizes that effectiveness should be measured by outcomes, not merely by technical compliance.

An AML/CFT framework may fully comply with laws and still be ineffective if it fails to detect, deter, or disrupt money laundering and terrorist financing. Regulators increasingly focus on whether systems and controls actually identify suspicious activity, prevent misuse of the financial system, and support law enforcement efforts.

Minimizing operational burden and controlling costs are secondary considerations and must not compromise risk mitigation. A cost-effective system that fails to detect financial crime would not meet regulatory expectations.

Therefore, the true measure of effectiveness lies in how well systems and controls mitigate financial crime risks and threats in practice.

Countries that are members of the Egmont Group can securely exchange information between their Financial Intelligence Units (FIUs) to support money laundering and terrorist financing investigations, even when the activity involves multiple jurisdictions.

In anEnterprise-Wide Risk Assessment (EWRA),residual riskis the level of risk that remains after applying mitigating controls to theinherent risk(the risk present before controls are applied).

In this scenario, theinherent risk is highdue to the nature of private banking—high net worth clients,cross-border transactions,complex ownership structures, andhigh-value financial products. However, the institution has implementedrobust CDD and EDD, as well asadvanced transaction monitoring systems.

According to the CAMS Study Guide – 6th Edition, wheneffective and properly implemented controlsare in place, they cansignificantly reducethe residual risk—even in high-risk business areas like private banking. However, no control framework caneliminate all riskentirely.

Option Ais correct: Controls can significantly reduce the residual risk when strong, effective systems and procedures are in place.

Option Bis partially true but suggests inadequacy, which is not indicated here.

Option Cincorrectly assumes residual risk cannot be lowered even with controls.

Option Dis incorrect because residual riskcannot be eliminated entirely.

Strong CDD, EDD, and advanced transaction monitoring can significantly reduce residual risk in high-risk areas like private banking. While no control fully eliminates risk, effective implementation and ongoing oversight can bring the residual risk down to an acceptable level from its initially high inherent risk.

Correspondent banking relationships are recognized as higher risk under FATF guidance primarily because transactions are cross-border and conducted on behalf of third-party customers.

In correspondent banking, a respondent bank may process transactions for customers that the correspondent bank does not have a direct relationship with. This reduces transparency and limits the correspondent’s ability to fully assess customer identity, beneficial ownership, and transaction purpose.

While correspondent transactions may involve high-risk jurisdictions, this is not always the case. They are not anonymous by design, and payment messaging standards often require significant information. However, the indirect customer relationship and cross-border nature introduce complexity, jurisdictional risk, and reliance on the respondent bank’s controls.

Therefore, third-party and cross-border exposure is the key driver of heightened risk.

Lawyers, accountants, and TCSPs are considered gatekeepers because they serve as an entry point to the financial system and act as a first line of defense in preventing illicit funds from being integrated into the legitimate economy through their services and professional expertise.

Hawala operatives rely on informal networks outside the regulated banking system, allowing funds to move across borders without the usual AML controls.

Because hawala transactions are settled on trust rather than recorded through formal channels, it’s often impossible to trace who originated or ultimately received the funds.

Large individual cash transactions pose the highest money laundering risk for money services businesses. Cash is difficult to trace and, when handled in significant amounts, can be used to introduce illicit funds into the financial system with minimal transparency.

Virtual Asset Service Providers (VASPs) are considered higher-risk customers under FATF guidance due to their exposure to anonymity, speed of transactions, and cross-border activity. When onboarding a VASP, a financial institution must conduct a thorough risk assessment to determine whether the relationship aligns with its financial crime risk appetite.

Understanding the percentage of higher-risk clients served by the VASP is critical, as it indicates the level of exposure to illicit activity and the robustness of the VASP’s own risk management practices. A high concentration of higher-risk customers may significantly increase money laundering and terrorist financing risk.

Identifying which registered institutions act on behalf of the VASP, such as wallet providers or exchange operators, is also essential. Reliance on third parties introduces additional risk and requires assessment of those entities’ regulatory status and AML controls.

Finally, knowing who the VASP’s clients are, including the proportion of foreign versus domestic customers, is a core component of geographic and customer risk analysis. Cross-border exposure often elevates risk due to differing regulatory standards.

Data privacy practices and the use of central bank digital currencies, while relevant operational considerations, are not primary determinants of AML risk appetite decisions.

D: “Family members and close associates of PEPs are often used as intermediaries to launder the proceeds of corruption or conceal illicit assets.”(CAMS 6th Edition, Enhanced Due Diligence for PEPs; FATF Guidance on PEPs)

Key challenges in adopting new AML/CFT technologies are:

A: Data privacy—new tech often requires processing more personal data, raising privacy/regulatory concerns.

C: The Travel Rule—meeting global standards for information sharing in payments is a technology challenge.

D: Data quality—effective systems rely on accurate, comprehensive, timely data.

E: Complexity—integrating and managing new technology can increase operational complexity.(CAMS 6th Edition, Technology in AML/CFT; FATF Guidance on Digital ID and Fintech)

The Bank Secrecy Act (BSA) is the foundational Anti-Money Laundering (AML) and Counter-Terrorist Financing (CFT) law in the United States. Enacted in 1970, the BSA requires financial institutions to establish and maintain effective AML programs designed to detect and prevent money laundering and terrorist financing.

Under the BSA and its implementing regulations, financial institutions must implement key controls such as Customer Identification Programs (CIP), customer due diligence (CDD), enhanced due diligence (EDD) for higher-risk customers, transaction monitoring, record-keeping, and the filing of Suspicious Activity Reports (SARs) and Currency Transaction Reports (CTRs) with FinCEN.

While the USA PATRIOT Act expanded AML obligations—particularly in relation to terrorist financing—it amended and strengthened the BSA rather than replacing it. The Money Laundering Control Act criminalized money laundering activities but does not establish the operational compliance framework. MiCA is an EU regulation and does not apply in the U.S.

Therefore, the BSA remains the cornerstone of U.S. AML/CFT compliance requirements.

Higher-risk customer profilesoften include businesses that:

Regularly handle large volumes of cash

Operate in sectors withhistorical vulnerabilities to money laundering

Are involved invirtual assets or unregulated financial activities

Option C – A local used car sale lot that allows cash payments:

This business type is consideredcash-intensive, and accepting monthly payments in cash raises concerns about the source of funds, potential structuring, or placement of illicit proceeds.

Option D – A Virtual Asset Service Provider (VASP):

VASPs involved inpeer-to-peer crypto transactionspresent elevated AML risks due to theanonymity, speed, and borderless natureof virtual assets. These institutions are often subject toenhanced due diligence requirements.

Option Ais incorrect: A large multinational with documented transactions and transparency typically poseslower inherent risk, though still subject to review.

Option Bmay be reviewed, buton-site ATM replenishment using store cashis not automatically a red flag without other risk indicators.

Residual risk represents the remaining level of risk after considering the effectiveness of controls. Under a risk-based approach, strong controls reduce risk, while weak or ineffective controls increase it.

In this scenario, the inherent risk is assessed as moderate, meaning the underlying exposure is neither low nor extreme. However, the controls are evaluated as less than satisfactory, indicating that existing measures are not adequately mitigating the identified risks.

When controls are weak, residual risk increases above the inherent risk level, as vulnerabilities remain unaddressed. Regulators expect financial institutions to escalate residual risk ratings and implement remediation plans in such cases.

Therefore, the most likely residual risk conclusion is high, reflecting the combination of moderate inherent risk and ineffective controls. This outcome aligns with AML best practice and regulatory expectations.

Cross-border purchases increase complexity and risk due to differing regulations and potential anonymity.

Non-financed purchases, especially in cash, can facilitate money laundering by avoiding traditional financial scrutiny.

C: Privacy coins (like Monero, Zcash) are designed to obscure transaction details, making tracing difficult.

D: Crypto-mixers (or tumblers) mix potentially identifiable cryptocurrency funds with others, obscuring the source.

“Privacy coins and mixing services are specifically cited as high ML/TF risk tools, enabling greater anonymity.”(CAMS 6th Edition, Cryptoassets ML/TF Risks; FATF, Virtual Assets Guidance)

In the context ofgambling and gaming sectors, a well-known money laundering typology is the use of platforms tointroduce illicit funds and withdraw them as "winnings". When a customerdeposits large cash amounts and quickly withdraws themwithout engaging in actual gambling, it indicates"placement and layering"techniques.

This behavior is indicative of attempts todisguise the origin of illicit funds, converting them into legitimate-looking financial flows. It is considered a classic red flag in AML programs related to casinos and online gaming.

Virtual Asset Service Providers (VASPs) are considered higher-risk customers due to their exposure to anonymity, speed, and cross-border transactions. FATF guidance highlights several red flags indicative of potential money laundering activity.

The use of shell companies to move funds into and out of a VASP is a strong indicator of attempts to conceal beneficial ownership and obscure transaction flows. Similarly, frequent use of mixers and tumblers is a well-recognized technique used to break transaction trails and hinder blockchain tracing.

Receiving funds from jurisdictions with weak AML frameworks significantly increases geographic risk, particularly when combined with other red flags.

By contrast, peer-to-peer infrastructure use and market volatility are inherent features of the virtual asset ecosystem and do not, on their own, indicate money laundering.

Transaction monitoring governanceinvolves ensuring thatAML detection systems are effective, aligned with regulatory standards, and capable of identifying evolving threats.

Option B (Correct):Legal cooperation is essential for responding to subpoenas and law enforcement inquiries.

Option D (Correct):Regularly updating transaction monitoring scenarios ensures that the system adapts to emerging financial crime trends.

Why Other Options Are Incorrect:

Option A (Incorrect):SARs cannot be withdrawn unless an error was made—once filed, SARs remain confidential and must be retained.

Option C (Incorrect):Client profile updates are a CDD/KYC function, not directly related to transaction monitoring governance.

Best Practices for Transaction Monitoring Governance:

Regularly review system effectiveness through validation tests.

Collaborate with legal and compliance teams for risk mitigation.

Use AI and data analytics to refine detection accuracy.