- Which of the following best describes the placement stage of money laundering?
- Reporting suspicious activity to the financial intelligence unit
- Introducing illicit cash into the financial system
- Reintroducing laundered funds into the legitimate economy
- Moving funds through complex layers of transactions to obscure their origin
Correct answer: Introducing illicit cash into the financial system
Placement is the first stage of money laundering, where illicit proceeds (often cash) are introduced into the financial system. Layering then obscures the trail, and integration returns funds to the legitimate economy.
- A customer makes multiple cash deposits just below the reporting threshold across several branches. This is most consistent with which technique?
- Trade-based money laundering
- Round-tripping
- Bust-out fraud
- Structuring (smurfing)
Correct answer: Structuring (smurfing)
Deliberately breaking large amounts into smaller deposits below the reporting threshold to avoid currency transaction reports is known as structuring or smurfing.
- Which characteristic most distinguishes terrorist financing from traditional money laundering?
- Terrorist financing always involves cross-border wires
- Terrorist financing can originate from legitimate sources, not just illicit ones
- Terrorist financing never uses the formal banking system
- Terrorist financing only involves large transaction amounts
Correct answer: Terrorist financing can originate from legitimate sources, not just illicit ones
Unlike money laundering, where the funds are derived from crime, terrorist financing may use funds from entirely legitimate sources such as salaries, donations, or businesses, making it harder to detect.
- Over-invoicing and under-invoicing of goods are hallmarks of which laundering method?
- Hawala settlement
- Trade-based money laundering
- Layering through securities
- Casino chip walking
Correct answer: Trade-based money laundering
Trade-based money laundering manipulates the price, quantity, or quality of goods on invoices to transfer value and disguise the movement of illicit funds across borders.
- Why are casinos considered higher risk for money laundering?
- They allow conversion of cash into chips and back into a check or cash with the appearance of gambling winnings
- They are prohibited from filing suspicious activity reports
- They are exempt from customer identification requirements
- They cannot accept cash under any circumstances
Correct answer: They allow conversion of cash into chips and back into a check or cash with the appearance of gambling winnings
Casinos enable launderers to buy chips with illicit cash, gamble minimally, and cash out via check or wire, giving the funds an apparent legitimate gambling source.
- What is a hawala system?
- A regulated money services business license
- A type of correspondent banking arrangement
- A formal interbank settlement network
- An informal value transfer system based on trust and a network of brokers
Correct answer: An informal value transfer system based on trust and a network of brokers
Hawala is an informal value transfer system in which money is moved through a network of brokers (hawaladars) based on trust, often leaving little or no paper trail.
- Which feature of shell companies makes them attractive for money laundering?
- They must disclose all owners to the public
- They are required to publish detailed financial statements
- They can obscure beneficial ownership while having no genuine operations
- They cannot open bank accounts
Correct answer: They can obscure beneficial ownership while having no genuine operations
Shell companies typically have no significant operations or assets and can be used to hide the identity of beneficial owners and the true source of funds.
- A nonprofit organization receives large donations and quickly transfers funds to high-risk jurisdictions with minimal documentation. This is a red flag primarily for:
- Terrorist financing abuse of charities
- Tax evasion only
- Market manipulation
- Securities fraud
Correct answer: Terrorist financing abuse of charities
Charities and nonprofits can be exploited for terrorist financing, particularly when funds move rapidly to high-risk areas with little supporting documentation.
- Which of the following is a red flag in correspondent banking relationships?
- Nested or downstream banking activity not disclosed by the respondent
- Regular settlement reporting from the respondent
- Maintaining current beneficial ownership records
- Conducting periodic relationship reviews
Correct answer: Nested or downstream banking activity not disclosed by the respondent
Nested correspondent banking, where a respondent bank provides services to other financial institutions without disclosure, hides the ultimate originators and is a significant red flag.
- Why does real estate present a money laundering risk?
- Real estate cannot be resold
- Real estate transactions are always cash-only
- Property values never fluctuate
- High-value purchases can absorb large sums and may be made through anonymous entities
Correct answer: High-value purchases can absorb large sums and may be made through anonymous entities
Real estate can absorb large amounts of illicit funds, and purchases through shell companies or third parties can mask the true beneficial owner, facilitating integration of laundered money.
- What is 'smurfing' in the context of money laundering?
- Using multiple people to make many small transactions below reporting thresholds
- Buying and selling securities rapidly
- Mislabeling goods in international trade
- Transferring value through informal brokers
Correct answer: Using multiple people to make many small transactions below reporting thresholds
Smurfing uses multiple individuals (smurfs) to conduct numerous small deposits or purchases that stay under reporting thresholds, a form of structuring.
- Prepaid cards pose money laundering risk primarily because they:
- Can be loaded with value and moved across borders with limited identification
- Cannot be used internationally
- Always require full KYC at every reload
- Have unlimited transaction monitoring
Correct answer: Can be loaded with value and moved across borders with limited identification
Open-loop prepaid cards can store significant value, be transported across borders easily, and in some cases be obtained or reloaded with minimal customer identification.
- Which best describes the integration stage of money laundering?
- A suspicious activity report is filed
- Illicit funds are made to appear legitimate and re-enter the economy
- Cash is first deposited into the banking system
- Funds are moved through layered transactions
Correct answer: Illicit funds are made to appear legitimate and re-enter the economy
Integration is the final stage where laundered funds are reintroduced into the legitimate economy, appearing as lawful income or assets.
- Why are virtual assets (cryptocurrencies) a money laundering concern?
- They are always fully anonymous and untraceable
- They are issued by central banks
- They cannot be exchanged for fiat currency
- Pseudonymity and the ability to transfer value rapidly across borders
Correct answer: Pseudonymity and the ability to transfer value rapidly across borders
Virtual assets allow pseudonymous, fast cross-border transfers. While many blockchains are traceable, mixers and unregistered exchanges can obscure flows.
- A 'bust-out' scheme typically involves:
- Using charities to move funds
- Manipulating trade invoices
- Building creditworthiness then maxing out credit lines with no intent to repay
- Depositing small amounts to avoid thresholds
Correct answer: Building creditworthiness then maxing out credit lines with no intent to repay
In a bust-out, a fraudster establishes a good credit history, obtains large credit lines, draws them down fully, and disappears without repaying.
- Which product feature in the insurance sector creates laundering risk?
- Early surrender of a single-premium policy for a refund check
- Prohibition on cash premiums
- Mandatory medical underwriting
- Long claim investigation periods
Correct answer: Early surrender of a single-premium policy for a refund check
A launderer can buy a single-premium life policy with illicit funds and then surrender it early, accepting a penalty in exchange for a clean refund check.
- What does 'layering' aim to accomplish?
- Distance illicit funds from their source through complex transactions
- Report suspicious transactions
- Introduce cash into the system for the first time
- Verify customer identity
Correct answer: Distance illicit funds from their source through complex transactions
Layering uses a series of transactions and transfers to separate illicit proceeds from their criminal origin, making the audit trail difficult to follow.
- Which scenario is a red flag for money laundering through a money services business?
- Transactions matching the customer's stated business
- Periodic enhanced due diligence reviews
- Frequent remittances to multiple unrelated beneficiaries by one sender
- Customer providing valid identification
Correct answer: Frequent remittances to multiple unrelated beneficiaries by one sender
One person sending frequent remittances to many unrelated recipients, especially in unusual patterns, suggests possible structuring or layering through the MSB.
- Why are gatekeepers such as lawyers and accountants relevant to AML risk?
- They are exempt from all professional obligations
- They are required to act as law enforcement
- They cannot open accounts on behalf of clients
- They can facilitate the formation of entities and movement of funds, sometimes shielding clients
Correct answer: They can facilitate the formation of entities and movement of funds, sometimes shielding clients
Professional gatekeepers can set up companies, hold funds in client accounts, and lend an air of legitimacy, making them attractive to launderers if they fail their due diligence duties.
- What is 'chip walking' at a casino?
- Reporting winnings to the tax authority
- Leaving with unredeemed chips to redeem later or at another venue, obscuring source
- Depositing cash into a casino account
- Exchanging chips for foreign currency
Correct answer: Leaving with unredeemed chips to redeem later or at another venue, obscuring source
Chip walking involves taking gaming chips off the premises rather than cashing out, allowing them to be redeemed later or elsewhere to obscure the funds' origin.
- A customer reluctant to provide information about the source of a large deposit is exhibiting:
- A behavioral red flag warranting further scrutiny
- Compliance with AML requirements
- A reason to immediately close all accounts without review
- A normal expectation of privacy with no concern
Correct answer: A behavioral red flag warranting further scrutiny
Reluctance or refusal to provide source-of-funds information is a recognized behavioral red flag that should prompt enhanced due diligence and possible escalation.
- Why are politically exposed persons (PEPs) treated as higher risk?
- They cannot conduct international transactions
- They are always involved in criminal activity
- Their position may be abused for bribery, corruption, and laundering of proceeds
- They are prohibited from holding bank accounts
Correct answer: Their position may be abused for bribery, corruption, and laundering of proceeds
PEPs hold prominent public functions that can be exploited for corruption; their potential to launder the proceeds of bribery warrants enhanced due diligence, not automatic guilt.
- Which is a typology of money laundering using securities markets?
- Mandatory disclosure of beneficial owners
- Conducting customer due diligence
- Mirror trading or wash trades that move value with little market risk
- Filing suspicious transaction reports
Correct answer: Mirror trading or wash trades that move value with little market risk
Mirror trades and wash trades involve offsetting buy/sell orders that transfer value between parties or jurisdictions while creating the appearance of legitimate market activity.
- Funnel accounts are characterized by:
- Long-term dormancy with no activity
- Deposits in one geographic area and withdrawals in another, often quickly
- Small balances with no transactions
- Single deposits matched to single withdrawals
Correct answer: Deposits in one geographic area and withdrawals in another, often quickly
Funnel accounts receive deposits in one location and have withdrawals made in another, often rapidly, to move illicit funds across regions while avoiding cross-border reporting.
- Which is an emerging risk associated with new payment technologies?
- Increased face-to-face verification
- Slower settlement times
- Rapid anonymous value transfer through peer-to-peer platforms
- Mandatory paper records for all transfers
Correct answer: Rapid anonymous value transfer through peer-to-peer platforms
New payment methods and peer-to-peer platforms can enable rapid, sometimes pseudonymous value transfers that outpace traditional monitoring controls.
- What is 'round-tripping' in money laundering?
- Surrendering an insurance policy early
- Sending funds abroad and returning them disguised as foreign investment or loans
- Buying chips and immediately cashing out
- Making multiple small deposits in one day
Correct answer: Sending funds abroad and returning them disguised as foreign investment or loans
Round-tripping moves money out of a country, then brings it back, often disguised as foreign direct investment or loans, to legitimize the funds.
- Why do dealers in precious metals and stones present AML risk?
- High value, portability, and the ability to store and move wealth discreetly
- They are required to report all sales to a central registry
- They cannot accept payment in any form
- Their goods have no resale market
Correct answer: High value, portability, and the ability to store and move wealth discreetly
Precious metals and stones are high-value, easily transportable, and can hold value across borders, making them useful for storing or moving illicit wealth.
- A sudden increase in account activity inconsistent with the customer's known profile should be treated as:
- Routine activity needing no review
- A reason to increase the customer's credit limit
- An automatic reason to file a SAR without analysis
- A transactional red flag requiring investigation
Correct answer: A transactional red flag requiring investigation
Activity that deviates significantly from a customer's expected behavior is a key transactional red flag that should trigger review, though a SAR is filed only after analysis warrants it.
- Which describes 'cuckoo smurfing'?
- Investing illicit funds in real estate
- Over-invoicing exported goods
- Using multiple casinos to launder chips
- Depositing illicit funds into the account of an unwitting third party expecting a legitimate transfer
Correct answer: Depositing illicit funds into the account of an unwitting third party expecting a legitimate transfer
Cuckoo smurfing places illicit cash into the accounts of innocent customers who are expecting legitimate funds (such as remittances), with the launderer's funds substituting for the expected transfer.
- Free trade zones can pose money laundering risk because:
- They prohibit all commercial activity
- Reduced oversight and customs controls can facilitate trade-based laundering
- They are exempt from money laundering entirely
- They require enhanced due diligence on every shipment
Correct answer: Reduced oversight and customs controls can facilitate trade-based laundering
Free trade zones often have relaxed regulatory and customs oversight, which can be exploited for trade-based money laundering and the movement of illicit goods and value.
- The Financial Action Task Force (FATF) is best described as:
- A national financial intelligence unit
- A private industry trade association
- A bank that processes cross-border payments
- An intergovernmental body that sets international AML/CFT standards
Correct answer: An intergovernmental body that sets international AML/CFT standards
FATF is an intergovernmental policy-making body that develops and promotes international standards to combat money laundering, terrorist financing, and proliferation financing.
- The FATF Recommendations are most accurately characterized as:
- Legally binding treaties enforced by FATF directly
- Voluntary guidelines with no peer review
- Rules applicable only to the United States
- International standards that countries are expected to implement in national law
Correct answer: International standards that countries are expected to implement in national law
The FATF Recommendations are international standards that member jurisdictions are expected to implement domestically; compliance is assessed through mutual evaluations, though FATF itself does not enforce them like a court.
- What is the primary purpose of FATF mutual evaluations?
- To license money services businesses
- To assess a country's compliance with and effectiveness of AML/CFT measures
- To set interest rates for member countries
- To impose criminal penalties on individuals
Correct answer: To assess a country's compliance with and effectiveness of AML/CFT measures
Mutual evaluations are peer reviews that assess both technical compliance with the FATF Recommendations and the effectiveness of a country's AML/CFT system.
- A country placed on the FATF 'grey list' is best described as:
- Subject to mandatory countermeasures by all members
- Under increased monitoring while addressing strategic deficiencies
- Permanently barred from international banking
- Fully compliant with all recommendations
Correct answer: Under increased monitoring while addressing strategic deficiencies
Jurisdictions under increased monitoring (the grey list) have strategic AML/CFT deficiencies and have committed to action plans; the black list (call for action) carries stronger consequences.
- The Wolfsberg Group is best known for:
- Setting national tax policy
- Enforcing sanctions globally
- Developing AML guidance and principles for the financial industry
- Operating a financial intelligence unit
Correct answer: Developing AML guidance and principles for the financial industry
The Wolfsberg Group is an association of global banks that develops frameworks and guidance for managing financial crime risks, such as principles for correspondent banking and private banking.
- The Egmont Group is an international network of:
- Central banks that set monetary policy
- Sanctions enforcement agencies
- Financial intelligence units that share information
- Commercial banks offering correspondent services
Correct answer: Financial intelligence units that share information
The Egmont Group is a global network of financial intelligence units (FIUs) that facilitates secure information exchange to combat money laundering and terrorist financing.
- Under U.S. law, the Bank Secrecy Act primarily requires financial institutions to:
- Guarantee customer deposits
- Issue currency
- Set foreign exchange rates
- Keep records and file reports useful for detecting financial crime
Correct answer: Keep records and file reports useful for detecting financial crime
The Bank Secrecy Act (BSA) requires financial institutions to maintain records and file reports, such as currency transaction reports and suspicious activity reports, that assist in detecting and preventing financial crime.
- The USA PATRIOT Act expanded AML obligations notably by:
- Removing all reporting obligations
- Strengthening requirements for correspondent and private banking and prohibiting shell bank relationships
- Eliminating customer identification requirements
- Permitting anonymous accounts
Correct answer: Strengthening requirements for correspondent and private banking and prohibiting shell bank relationships
The USA PATRIOT Act enhanced due diligence for correspondent and private banking, required customer identification programs, and prohibited U.S. institutions from maintaining accounts for foreign shell banks.
- OFAC (Office of Foreign Assets Control) is responsible for:
- Administering and enforcing U.S. economic and trade sanctions
- Setting FATF recommendations
- Operating the SWIFT network
- Issuing banking licenses
Correct answer: Administering and enforcing U.S. economic and trade sanctions
OFAC, part of the U.S. Treasury, administers and enforces economic and trade sanctions against targeted countries, individuals, and entities based on U.S. foreign policy and national security goals.
- U.S. economic sanctions enforced by OFAC are generally based on which standard for liability?
- Negligence only
- Strict liability, meaning intent is not required for a violation
- Criminal intent required in all cases
- Liability only for banks, never individuals
Correct answer: Strict liability, meaning intent is not required for a violation
Many OFAC sanctions violations are subject to strict civil liability, meaning a party can be held responsible even without knowledge or intent, though intent affects penalty severity.
- What does the SDN List maintained by OFAC contain?
- Approved counterparties for trade
- Specially Designated Nationals and blocked persons with whom dealings are prohibited
- A list of all licensed banks
- Companies exempt from sanctions
Correct answer: Specially Designated Nationals and blocked persons with whom dealings are prohibited
The Specially Designated Nationals (SDN) List names individuals and entities whose assets are blocked and with whom U.S. persons are generally prohibited from dealing.
- The European Union AML Directives are best described as:
- Rules applicable only to non-EU countries
- Voluntary industry guidance
- A sanctions list
- Legislation that member states must transpose into national law
Correct answer: Legislation that member states must transpose into national law
EU AML Directives set requirements that member states are obligated to transpose into their national legislation, harmonizing AML/CFT standards across the bloc.
- The Basel Committee on Banking Supervision contributes to AML by:
- Operating as a financial intelligence unit
- Prosecuting money launderers
- Maintaining the global sanctions list
- Issuing guidance on sound management of risks related to money laundering and terrorist financing
Correct answer: Issuing guidance on sound management of risks related to money laundering and terrorist financing
The Basel Committee issues supervisory guidance, including on customer due diligence and the sound management of ML/TF risks, to promote consistent banking supervision.
- What is the FATF '40 Recommendations' framework?
- A list of sanctioned countries
- A comprehensive set of measures countries should adopt to combat ML, TF, and proliferation financing
- A set of accounting standards
- A treaty on extradition
Correct answer: A comprehensive set of measures countries should adopt to combat ML, TF, and proliferation financing
The FATF 40 Recommendations form the international standard covering legal systems, preventive measures, transparency, powers of authorities, and international cooperation against financial crime.
- Which best describes the concept of 'extraterritorial reach' of certain sanctions regimes?
- Sanctions can apply to conduct or persons outside the issuing country's borders
- Sanctions apply only to government entities
- Sanctions only apply within the issuing country
- Sanctions never affect foreign banks
Correct answer: Sanctions can apply to conduct or persons outside the issuing country's borders
Some sanctions, notably U.S. secondary sanctions, can reach non-U.S. persons or conduct occurring entirely outside the issuing country, creating compliance obligations globally.
- The purpose of the FATF Recommendation on beneficial ownership is to:
- Prohibit the formation of any companies
- Require all entities to be government-owned
- Make all ownership information public for free
- Ensure adequate, accurate, and timely information on the true owners of legal entities is available
Correct answer: Ensure adequate, accurate, and timely information on the true owners of legal entities is available
FATF requires countries to ensure that accurate and timely beneficial ownership information is available to competent authorities, reducing the misuse of legal persons and arrangements.
- Which international convention is foundational to criminalizing the laundering of drug proceeds?
- The Treaty of Rome
- The Geneva Conventions
- The 1988 Vienna Convention
- The Bretton Woods Agreement
Correct answer: The 1988 Vienna Convention
The 1988 UN Convention against Illicit Traffic in Narcotic Drugs (Vienna Convention) was among the first to require criminalizing money laundering tied to drug trafficking.
- The Palermo Convention (2000) is significant because it:
- Abolished bank secrecy worldwide
- Created the FATF
- Expanded the predicate offenses for money laundering beyond drug crimes to transnational organized crime
- Established OFAC
Correct answer: Expanded the predicate offenses for money laundering beyond drug crimes to transnational organized crime
The UN Convention against Transnational Organized Crime (Palermo Convention) broadened money laundering predicate offenses to encompass serious transnational organized crime, not just drug offenses.
- What is the role of a financial intelligence unit (FIU)?
- To issue sanctions
- To license financial institutions
- To set monetary policy
- To receive, analyze, and disseminate reports of suspicious activity to authorities
Correct answer: To receive, analyze, and disseminate reports of suspicious activity to authorities
An FIU is the national center that receives suspicious transaction and other reports, analyzes them, and disseminates intelligence to law enforcement and other competent authorities.
- Sectoral sanctions differ from comprehensive sanctions in that they:
- Target specific sectors or activities rather than prohibiting all dealings
- Apply only to individuals
- Prohibit all transactions with an entire country
- Are never enforced
Correct answer: Target specific sectors or activities rather than prohibiting all dealings
Sectoral sanctions restrict specific activities or sectors (such as certain financing or energy dealings) with targeted parties, unlike comprehensive sanctions that broadly prohibit dealings with a jurisdiction.
- The '50 Percent Rule' under OFAC guidance generally means:
- Half of a bank's customers must be screened
- Entities owned 50 percent or more by blocked persons are themselves blocked
- Sanctions apply to half of all transactions
- Only 50 percent of a transaction must be screened
Correct answer: Entities owned 50 percent or more by blocked persons are themselves blocked
Under OFAC's 50 Percent Rule, any entity owned 50 percent or more, directly or indirectly, by one or more blocked persons is itself considered blocked, even if not separately listed.
- Which document provides FATF guidance specifically for higher-risk countries through periodic public statements?
- The Basel Core Principles
- The SDN list
- The lists of high-risk and other monitored jurisdictions
- The Wolfsberg Principles
Correct answer: The lists of high-risk and other monitored jurisdictions
FATF periodically publishes lists identifying high-risk jurisdictions (call for action) and jurisdictions under increased monitoring to guide the risk-based approach of financial institutions.
- What does 'de-risking' refer to in the AML context?
- Financial institutions exiting relationships or sectors rather than managing risk
- Lowering interest rates
- Increasing customer onboarding
- Reducing capital requirements
Correct answer: Financial institutions exiting relationships or sectors rather than managing risk
De-risking is the practice of terminating or restricting relationships with categories of customers to avoid, rather than manage, perceived AML/CFT risk, which FATF cautions against when done wholesale.
- Which best describes the relationship between AML laws and predicate offenses?
- Money laundering requires proceeds derived from an underlying criminal (predicate) offense
- Predicate offenses are unrelated to laundering
- Predicate offenses must be tax crimes only
- Money laundering can occur with no underlying crime
Correct answer: Money laundering requires proceeds derived from an underlying criminal (predicate) offense
Money laundering involves disguising proceeds derived from a predicate offense; the scope of predicate offenses is defined by each jurisdiction, increasingly broadly per FATF standards.
- The purpose of correspondent banking due diligence standards is to:
- Eliminate all cross-border banking
- Avoid keeping any records
- Allow anonymous nested relationships
- Understand the respondent bank's AML controls and customer base before providing services
Correct answer: Understand the respondent bank's AML controls and customer base before providing services
Correspondent banking due diligence requires the correspondent to assess the respondent's ownership, management, AML controls, and reputation, especially for higher-risk relationships.
- Proliferation financing relates to:
- Financing real estate development
- Funding charitable activities
- Financing terrorist recruitment only
- Financing the spread of weapons of mass destruction
Correct answer: Financing the spread of weapons of mass destruction
Proliferation financing involves providing funds or financial services used for the manufacture, acquisition, or movement of weapons of mass destruction, addressed by specific FATF recommendations and UN sanctions.
- Which is a core element of an effective AML compliance program?
- Eliminating employee training
- Prohibiting independent audits
- Avoiding any written policies
- A designated compliance officer with sufficient authority and independence
Correct answer: A designated compliance officer with sufficient authority and independence
Designating a qualified compliance officer with adequate authority, resources, and independence is a foundational pillar of an effective AML program.
- The traditional 'four pillars' of a U.S. AML compliance program include all of the following EXCEPT:
- Independent testing and training
- A designated compliance officer
- Guaranteeing zero suspicious activity
- Internal controls
Correct answer: Guaranteeing zero suspicious activity
The four pillars are internal controls, a designated compliance officer, ongoing training, and independent testing. No program can guarantee zero suspicious activity; a fifth pillar adds risk-based CDD/beneficial ownership.
- What is the primary goal of Know Your Customer (KYC) procedures?
- Avoid collecting any customer data
- Guarantee profitability of each account
- Verify customer identity and understand the nature of the customer's activities
- Maximize the number of new accounts
Correct answer: Verify customer identity and understand the nature of the customer's activities
KYC aims to verify a customer's identity, understand their expected activity, and assess risk so the institution can detect unusual or suspicious behavior.
- When should enhanced due diligence (EDD) be applied?
- Never, since standard due diligence always suffices
- To higher-risk customers, products, or geographies
- To every customer equally regardless of risk
- Only after a SAR is filed
Correct answer: To higher-risk customers, products, or geographies
A risk-based approach requires EDD for higher-risk situations such as PEPs, high-risk jurisdictions, or complex ownership, with simplified measures permitted for lower-risk cases.
- A risk-based approach to AML means an institution should:
- Apply identical controls to all customers
- Ignore low-risk customers entirely
- Allocate resources and controls in proportion to assessed risks
- Focus only on transaction volume
Correct answer: Allocate resources and controls in proportion to assessed risks
The risk-based approach directs institutions to identify, assess, and mitigate their ML/TF risks, applying more intensive controls where risk is higher and lighter measures where it is lower.
- What is the purpose of an institution-wide AML risk assessment?
- To eliminate the need for a compliance officer
- To replace transaction monitoring entirely
- To identify and evaluate the ML/TF risks the institution faces and inform controls
- To set the institution's stock price
Correct answer: To identify and evaluate the ML/TF risks the institution faces and inform controls
An enterprise risk assessment identifies inherent risks across customers, products, geographies, and channels, and evaluates controls to determine residual risk and guide the program.
- Customer Due Diligence at onboarding should include:
- Identifying and verifying the customer and, where relevant, the beneficial owner
- Avoiding verification to speed onboarding
- Only recording the customer's name
- Collecting information only after suspicious activity occurs
Correct answer: Identifying and verifying the customer and, where relevant, the beneficial owner
CDD requires identifying and verifying the customer's identity and, for legal entities, identifying the beneficial owners, along with understanding the purpose of the relationship.
- Why is ongoing monitoring of customer transactions important?
- To eliminate the need for onboarding due diligence
- To increase customer fees
- To detect activity inconsistent with the customer's profile or expected behavior
- To guarantee no false positives
Correct answer: To detect activity inconsistent with the customer's profile or expected behavior
Ongoing monitoring helps identify transactions that deviate from the customer's known profile, which may indicate money laundering or other illicit activity requiring investigation.
- The 'tone at the top' in an AML program refers to:
- Senior management and the board demonstrating commitment to a culture of compliance
- The geographic location of headquarters
- The volume setting on the alert system
- The highest-paid employee's role
Correct answer: Senior management and the board demonstrating commitment to a culture of compliance
Tone at the top describes the commitment of senior leadership and the board to compliance, which is essential for an effective AML culture and adequate resourcing.
- What is the purpose of sanctions screening?
- To replace customer due diligence
- To set interest rates
- To rank customers by profitability
- To identify customers or transactions involving sanctioned parties before processing
Correct answer: To identify customers or transactions involving sanctioned parties before processing
Sanctions screening compares customers and transactions against sanctions lists (such as OFAC's SDN list) to prevent prohibited dealings with designated parties.
- A 'false positive' in transaction monitoring or screening is:
- A missed suspicious transaction
- A confirmed money laundering transaction
- A duplicate SAR filing
- An alert that, upon review, does not indicate actual suspicious or prohibited activity
Correct answer: An alert that, upon review, does not indicate actual suspicious or prohibited activity
A false positive is an alert generated by monitoring or screening systems that, after investigation, turns out not to involve a real match or genuine suspicious activity.
- Independent testing (audit) of an AML program should be:
- Performed only by the compliance officer who runs the program
- Conducted by qualified parties independent of the function being tested
- Avoided to reduce costs
- Limited to reviewing marketing materials
Correct answer: Conducted by qualified parties independent of the function being tested
Independent testing must be carried out by qualified individuals or units independent of the day-to-day AML function to objectively assess the program's effectiveness.
- Why must AML training be tailored to different roles?
- Training is only for the board of directors
- All employees perform identical functions
- Tailoring is prohibited by regulators
- Different employees face different risks and need relevant, job-specific knowledge
Correct answer: Different employees face different risks and need relevant, job-specific knowledge
Role-based training ensures front-line staff, compliance personnel, and management each receive content relevant to the specific ML/TF risks and obligations they face.
- What is beneficial ownership in CDD?
- The institution's compliance officer
- The named account signatory only
- The bank that holds the account
- The natural person(s) who ultimately own or control a legal entity
Correct answer: The natural person(s) who ultimately own or control a legal entity
Beneficial owners are the natural persons who ultimately own or control a customer or on whose behalf a transaction is conducted, which institutions must identify to prevent misuse of legal entities.
- Record retention requirements under AML rules typically require institutions to:
- Delete all records immediately after a transaction
- Maintain CDD and transaction records for a specified period after the relationship ends
- Retain records for one day only
- Keep records only if a SAR is filed
Correct answer: Maintain CDD and transaction records for a specified period after the relationship ends
AML rules require retaining identification, account, and transaction records for a defined period (commonly five years) so they are available to authorities for investigations.
- When onboarding a correspondent banking relationship, an institution should NOT:
- Assess the respondent's AML controls
- Document the purpose of the relationship
- Identify the respondent's ownership
- Open or maintain accounts for foreign shell banks
Correct answer: Open or maintain accounts for foreign shell banks
Institutions should not maintain correspondent accounts for shell banks (banks with no physical presence and not affiliated with a regulated group), which is prohibited under laws like the USA PATRIOT Act.
- What is the role of the board of directors in AML compliance?
- Conduct front-line customer onboarding
- Personally review every transaction alert
- Provide oversight, approve the program, and ensure adequate resources
- File all suspicious activity reports
Correct answer: Provide oversight, approve the program, and ensure adequate resources
The board provides governance and oversight, approves AML policies, and ensures the program has the resources and authority it needs, while day-to-day operations rest with management and compliance staff.
- Periodic customer reviews (refresh) are important because:
- Regulators forbid updating customer data
- Onboarding data never becomes outdated
- Customers must reapply for accounts annually
- Customer risk profiles and circumstances change over time
Correct answer: Customer risk profiles and circumstances change over time
Customer information and risk can change over time, so periodic reviews keep CDD current and ensure controls remain proportionate to the customer's actual risk.
- A customer risk rating model should consider:
- Factors such as customer type, geography, products used, and channels
- Only the customer's account balance
- The compliance officer's personal opinion alone
- The customer's social media following
Correct answer: Factors such as customer type, geography, products used, and channels
Risk rating combines multiple factors, including customer type, geography, products, services, and delivery channels, to assign a risk level guiding the level of due diligence.
- What is the purpose of escalation procedures within an AML program?
- To route potential issues to appropriate decision-makers for review and action
- To bypass the compliance function
- To increase customer credit limits
- To delay all investigations indefinitely
Correct answer: To route potential issues to appropriate decision-makers for review and action
Escalation procedures ensure that alerts, concerns, and potential suspicious activity are promptly raised to the right personnel who can investigate and decide on actions such as filing a SAR.
- Why are automated transaction monitoring systems used?
- To replace the AML risk assessment
- To detect patterns and anomalies across large transaction volumes that manual review cannot
- To eliminate the need for human investigators
- To guarantee detection of every illicit transaction
Correct answer: To detect patterns and anomalies across large transaction volumes that manual review cannot
Automated systems apply rules and analytics to large data volumes to flag potentially suspicious activity, but human analysts must still investigate and decide on alerts.
- Model validation in the AML context refers to:
- Setting the marketing budget
- Selecting board members
- Independently confirming that monitoring or screening models work as intended
- Approving new product launches
Correct answer: Independently confirming that monitoring or screening models work as intended
Model validation independently tests the logic, data inputs, thresholds, and outputs of monitoring and screening models to ensure they effectively detect risk and are properly tuned.
- What is a key reason to tune transaction monitoring thresholds periodically?
- To balance detection effectiveness against excessive false positives
- To stop filing SARs
- To reduce staff training
- To increase customer fees
Correct answer: To balance detection effectiveness against excessive false positives
Threshold tuning seeks an appropriate balance so that the system catches genuinely suspicious activity (effectiveness) without generating an unmanageable number of false positives.
- When a new product or service is introduced, AML best practice requires:
- Assessing its ML/TF risk before launch and implementing appropriate controls
- Ignoring beneficial ownership
- Launching first and assessing risk only if problems arise
- Exempting it from all monitoring
Correct answer: Assessing its ML/TF risk before launch and implementing appropriate controls
New products, services, and delivery channels should undergo an ML/TF risk assessment before launch so that appropriate controls are designed and built in from the start.
- Why is segregation of duties important in AML operations?
- To reduce the risk that one person can both commit and conceal wrongdoing
- To increase the number of false positives
- To slow down all processes
- To eliminate independent testing
Correct answer: To reduce the risk that one person can both commit and conceal wrongdoing
Segregating duties so that no single individual controls all aspects of a process reduces opportunities for fraud, collusion, and concealment, strengthening internal controls.
- What should an AML program do when a customer is identified as a PEP?
- Apply enhanced due diligence, including senior management approval and source-of-wealth checks
- Treat the customer as standard risk
- Stop monitoring the account
- Automatically close the account without review
Correct answer: Apply enhanced due diligence, including senior management approval and source-of-wealth checks
PEPs warrant enhanced due diligence such as senior management approval to open or continue the relationship, establishing source of wealth and funds, and enhanced ongoing monitoring.
- Why must sanctions lists be updated frequently in screening systems?
- Updates reduce the need for screening
- Designations change often, and outdated lists can miss newly sanctioned parties
- Lists never change
- Updates are optional and cosmetic
Correct answer: Designations change often, and outdated lists can miss newly sanctioned parties
Sanctions designations are added and removed regularly, so screening systems must use current lists to avoid processing prohibited transactions with newly designated parties.
- An effective whistleblower or internal reporting mechanism supports AML by:
- Eliminating the compliance officer role
- Publicly naming all customers
- Allowing employees to report concerns confidentially without retaliation
- Replacing transaction monitoring
Correct answer: Allowing employees to report concerns confidentially without retaliation
Confidential, non-retaliatory internal reporting channels encourage employees to surface concerns about potential misconduct or control weaknesses, strengthening the overall program.
- What is the purpose of a customer identification program (CIP)?
- To set product pricing
- To form a reasonable belief that the institution knows the true identity of each customer
- To avoid collecting identification
- To maximize new account openings
Correct answer: To form a reasonable belief that the institution knows the true identity of each customer
A CIP requires obtaining and verifying identifying information so the institution can form a reasonable belief that it knows the true identity of each customer at onboarding.
- Which statement about simplified due diligence (SDD) is accurate?
- SDD is required for high-risk jurisdictions
- SDD means no due diligence at all
- SDD applies to all PEPs
- SDD may be applied to demonstrably lower-risk situations, with reduced but not eliminated measures
Correct answer: SDD may be applied to demonstrably lower-risk situations, with reduced but not eliminated measures
Simplified due diligence reduces the extent of measures for verified lower-risk customers or products, but it never eliminates due diligence entirely.
- Why should an AML program maintain clear written policies and procedures?
- To avoid training employees
- To document expectations, ensure consistency, and demonstrate compliance to regulators
- To keep practices secret from staff
- To replace the need for any controls
Correct answer: To document expectations, ensure consistency, and demonstrate compliance to regulators
Written policies and procedures define how the program operates, promote consistent application of controls, and provide evidence of compliance during examinations and audits.
- What is the primary purpose of a suspicious activity report (SAR)?
- To close the customer's account automatically
- To notify the customer of suspicion
- To alert authorities to potentially illicit activity for further investigation
- To recover the institution's costs
Correct answer: To alert authorities to potentially illicit activity for further investigation
A SAR (or suspicious transaction report) informs the financial intelligence unit or relevant authority of activity that may involve money laundering or other crimes, supporting investigation.
- Tipping off refers to:
- Conducting enhanced due diligence
- Filing a SAR with the regulator
- Reporting to the board of directors
- Improperly disclosing to a customer that a SAR has been or may be filed
Correct answer: Improperly disclosing to a customer that a SAR has been or may be filed
Tipping off is the prohibited act of disclosing to a customer or third party that a suspicious activity report has been or will be filed, which could prejudice an investigation.
- Once a SAR is filed in most jurisdictions, the institution generally must:
- Refund the customer's fees
- Keep the filing confidential and not disclose it to the subject
- Publish the SAR publicly
- Inform the customer immediately
Correct answer: Keep the filing confidential and not disclose it to the subject
SAR confidentiality rules generally prohibit disclosing the existence or content of a SAR to the subject, protecting the integrity of investigations.
- What is the first step when an alert is generated by a monitoring system?
- Immediately file a SAR
- Notify the customer
- Close the customer account
- Review the alert and gather relevant information to determine if it warrants escalation
Correct answer: Review the alert and gather relevant information to determine if it warrants escalation
Analysts first review the alert and gather context (account history, transaction details, customer profile) to decide whether it is a false positive or requires escalation and investigation.
- A SAR should be filed when:
- There is a reasonable basis to suspect the activity may involve illicit funds or have no lawful purpose
- Only after a court conviction
- The customer requests it
- Whenever any large transaction occurs
Correct answer: There is a reasonable basis to suspect the activity may involve illicit funds or have no lawful purpose
A SAR is warranted when, after investigation, there is a reasonable suspicion that funds derive from illegal activity or the transaction lacks an apparent lawful purpose; proof of crime is not required.
- What is the value of maintaining a clear audit trail during an investigation?
- It documents the analysis, decisions, and rationale for regulators and law enforcement
- It increases the institution's marketing reach
- It allows the customer to contest the SAR
- It is unnecessary if no SAR is filed
Correct answer: It documents the analysis, decisions, and rationale for regulators and law enforcement
A documented audit trail records the steps, evidence, and reasoning behind investigation decisions, supporting defensibility during examinations and any law enforcement follow-up.
- When responding to a law enforcement request such as a subpoena, an institution should:
- Notify the subject customer of the request
- Destroy the requested records
- Comply through proper legal channels while protecting confidentiality where required
- Ignore the request
Correct answer: Comply through proper legal channels while protecting confidentiality where required
Institutions must respond to lawful requests through appropriate legal and compliance channels, preserve records, and maintain confidentiality where laws (such as SAR confidentiality) apply.
- What is a 'continuing activity' SAR?
- A SAR filed by the customer
- A follow-up SAR filed when suspicious activity persists after an initial filing
- A SAR that cancels a prior filing
- A SAR filed for a one-time transaction
Correct answer: A follow-up SAR filed when suspicious activity persists after an initial filing
When suspicious activity continues after an initial SAR, institutions typically file continuing-activity SARs at defined intervals to keep authorities informed of ongoing conduct.
- What is the purpose of a 314(b) information-sharing arrangement (U.S.)?
- To allow financial institutions to share information with each other to identify ML/TF
- To replace SAR filing
- To share information publicly
- To notify customers of investigations
Correct answer: To allow financial institutions to share information with each other to identify ML/TF
Section 314(b) of the USA PATRIOT Act provides a safe harbor for financial institutions to voluntarily share information with one another to better identify and report potential money laundering or terrorist financing.
- During an internal investigation, why is preserving relevant records important?
- Records may be needed as evidence and to support regulatory or law enforcement inquiries
- Preservation lets the institution avoid filing a SAR
- Records are irrelevant once an alert closes
- Records should be discarded to save space
Correct answer: Records may be needed as evidence and to support regulatory or law enforcement inquiries
Preserving documents, transaction data, and communications ensures evidence is available for any regulatory examination, SAR support, or law enforcement action.
- Which best describes the role of open-source intelligence in an AML investigation?
- Disclosing the investigation to the public
- Using publicly available information to corroborate or expand on findings about a subject
- Notifying the subject of the investigation
- Replacing internal transaction data
Correct answer: Using publicly available information to corroborate or expand on findings about a subject
Open-source intelligence, such as news, corporate registries, and adverse media, helps investigators corroborate identities, uncover relationships, and assess risk during an investigation.
- What is 'adverse media' screening?
- Monitoring social media for marketing
- Checking news and public sources for negative information about a customer
- Reviewing the institution's advertising
- Screening only sanctions lists
Correct answer: Checking news and public sources for negative information about a customer
Adverse media (negative news) screening searches public sources for derogatory information, such as criminal allegations or regulatory actions, that may elevate a customer's risk.
- Why should investigators avoid confirmation bias?
- It can cause them to overlook evidence that contradicts an initial assumption
- It is required by regulators
- It improves the accuracy of conclusions
- It speeds up investigations appropriately
Correct answer: It can cause them to overlook evidence that contradicts an initial assumption
Confirmation bias leads investigators to favor information confirming their preconceptions and ignore contradictory evidence, undermining objective and accurate conclusions.
- When deciding whether to file a SAR, the standard generally applied is:
- Reasonable suspicion, not proof beyond a reasonable doubt
- Customer consent
- A court order
- Certainty of a crime
Correct answer: Reasonable suspicion, not proof beyond a reasonable doubt
SAR filing is based on a reasonable suspicion or reasonable basis to suspect illicit activity; institutions are not required to prove that a crime occurred.
- What is the purpose of a 'look-back' review?
- To re-examine historical transactions, often after a control weakness or regulatory finding
- To onboard new customers faster
- To set new product pricing
- To forecast future transactions
Correct answer: To re-examine historical transactions, often after a control weakness or regulatory finding
A look-back review re-examines past activity over a defined period, frequently following a discovered control gap or regulatory directive, to identify previously missed suspicious activity.
- Why is maintaining objectivity important when interviewing employees during an internal AML investigation?
- To ensure the employee is found guilty
- To gather accurate facts without leading or intimidating the interviewee
- To accelerate account closures
- To avoid documenting findings
Correct answer: To gather accurate facts without leading or intimidating the interviewee
Objective, fact-focused interviewing avoids leading questions and intimidation, producing reliable information and protecting the integrity and fairness of the investigation.
- A subpoena received by an institution typically indicates:
- Approval to release SAR contents to the customer
- A requirement to close all accounts
- Authorization to ignore confidentiality rules
- A legal demand for documents or testimony in connection with an investigation
Correct answer: A legal demand for documents or testimony in connection with an investigation
A subpoena is a legal demand for documents or testimony; institutions must respond appropriately, often through legal counsel, while observing applicable confidentiality requirements.
- What is the benefit of a structured investigation methodology?
- It guarantees every alert becomes a SAR
- It ensures consistency, completeness, and defensibility of conclusions
- It allows skipping evidence review
- It removes the need for documentation
Correct answer: It ensures consistency, completeness, and defensibility of conclusions
A structured methodology promotes consistent, thorough, and well-documented investigations, making conclusions defensible to regulators and supporting effective reporting decisions.
- Why is the timeliness of SAR filing important?
- There are no deadlines for SARs
- Delays improve report quality
- Regulations set deadlines, and prompt reporting maximizes the intelligence's usefulness
- Late filing avoids regulatory scrutiny
Correct answer: Regulations set deadlines, and prompt reporting maximizes the intelligence's usefulness
Most jurisdictions set deadlines for filing SARs after a determination of suspicion, and timely reporting helps authorities act on the intelligence while it remains relevant.
- What should an investigator do if evidence suggests internal employee involvement in suspicious activity?
- Escalate through appropriate channels while preserving evidence and maintaining confidentiality
- Notify the customer involved
- Ignore it to avoid conflict
- Confront the employee publicly
Correct answer: Escalate through appropriate channels while preserving evidence and maintaining confidentiality
Suspected internal involvement should be escalated to appropriate senior or independent functions, with evidence preserved and confidentiality maintained to protect the investigation.
- A currency transaction report (CTR) differs from a SAR in that a CTR is:
- A report of sanctioned parties
- Filed based on a transaction exceeding a set cash threshold, regardless of suspicion
- Confidential from the customer in all respects
- Filed only when suspicion exists
Correct answer: Filed based on a transaction exceeding a set cash threshold, regardless of suspicion
A CTR is filed for cash transactions above a defined threshold as a matter of routine reporting, whereas a SAR is filed based on suspicion of illicit activity.
- What is the purpose of writing a clear SAR narrative?
- To market the institution
- To minimize the information provided
- To explain who, what, when, where, why, and how so investigators can understand the activity
- To inform the customer
Correct answer: To explain who, what, when, where, why, and how so investigators can understand the activity
A well-written SAR narrative concisely describes the who, what, when, where, why, and how of the suspicious activity so that law enforcement can quickly understand and act on it.
- Why might an institution decide NOT to file a SAR after investigating an alert?
- Filing is always optional regardless of findings
- The investigation found a reasonable, legitimate explanation for the activity
- The customer objected to filing
- The transaction was large
Correct answer: The investigation found a reasonable, legitimate explanation for the activity
If investigation reveals a legitimate explanation that dispels suspicion, no SAR is filed; the decision and rationale should still be documented.
- What role does law enforcement feedback play in improving AML programs?
- It helps institutions refine monitoring and reporting based on what is useful to investigators
- It replaces the need for internal investigations
- It must be shared with customers
- It is irrelevant to the institution
Correct answer: It helps institutions refine monitoring and reporting based on what is useful to investigators
Feedback from law enforcement and FIUs on the usefulness of reports helps institutions tune their detection scenarios and improve the quality and relevance of their SARs.
- Why is escalation to senior management sometimes necessary during an investigation?
- Significant risks or decisions, such as relationship termination, may require senior authority
- Senior management files all alerts
- It is required for every false positive
- It eliminates the need for documentation
Correct answer: Significant risks or decisions, such as relationship termination, may require senior authority
Investigations that uncover significant risk or require major decisions, such as exiting a relationship or notifying authorities, may need senior management awareness and approval.
- When a transaction is blocked due to a sanctions match, the institution typically must:
- Notify the sanctioned party
- Return the funds to the customer immediately
- Process the transaction after a delay
- Freeze the funds and report the action to the relevant authority
Correct answer: Freeze the funds and report the action to the relevant authority
A confirmed sanctions match generally requires blocking or freezing the funds and reporting to the relevant authority (such as OFAC), rather than releasing or processing them.
- What is the purpose of de-confliction in investigations involving multiple agencies?
- To assign all cases to one institution
- To coordinate efforts so investigations do not interfere with one another
- To notify the subject of overlapping inquiries
- To eliminate all investigations
Correct answer: To coordinate efforts so investigations do not interfere with one another
De-confliction coordinates among agencies or units so that simultaneous investigations into the same subject do not compromise or duplicate each other's efforts.
- Why should investigators consider linked accounts and related parties?
- Related parties are always unrelated to risk
- Investigators must focus on a single account only
- Illicit schemes often span multiple accounts and entities controlled by the same actors
- Linked accounts reduce suspicion automatically
Correct answer: Illicit schemes often span multiple accounts and entities controlled by the same actors
Money laundering frequently uses networks of accounts and related entities, so examining linkages helps investigators uncover the full scope of suspicious activity.
- What is a primary reason institutions document the rationale for closing an investigation?
- To inform the customer of the outcome
- To guarantee the alert never recurs
- To demonstrate a reasoned, defensible decision to regulators and auditors
- To avoid keeping any records
Correct answer: To demonstrate a reasoned, defensible decision to regulators and auditors
Documenting why an investigation was closed (whether a SAR was filed or not) provides a defensible record showing the decision was reasoned and based on the evidence reviewed.
- Which is an appropriate response when a customer's activity is determined to be suspicious but the institution wishes to continue gathering intelligence?
- Delete the account history
- Stop all monitoring
- File a SAR while continuing to monitor, if consistent with law and law enforcement guidance
- Immediately tip off the customer
Correct answer: File a SAR while continuing to monitor, if consistent with law and law enforcement guidance
An institution may file a SAR and continue monitoring the relationship to gather further intelligence, provided this is consistent with legal requirements and any law enforcement coordination.
- Why is consistency between the SAR narrative and supporting documentation important?
- Supporting documentation is unnecessary
- Discrepancies can undermine the report's credibility and the investigation's defensibility
- Narratives should contradict the evidence
- Inconsistencies improve the report
Correct answer: Discrepancies can undermine the report's credibility and the investigation's defensibility
The SAR narrative should accurately reflect the underlying evidence; inconsistencies can weaken the report's credibility and the defensibility of the institution's decisions.
- In structuring detection, what pattern would most likely trigger an alert?
- A one-time mortgage payment
- A single large wire with full documentation
- Multiple cash deposits just under the reporting threshold within a short period
- Regular payroll deposits
Correct answer: Multiple cash deposits just under the reporting threshold within a short period
Repeated cash deposits placed just below the reporting threshold over a short period are a classic structuring pattern that monitoring systems and investigators look for.
- What is the role of escalation criteria in alert handling?
- To set product pricing
- To eliminate documentation requirements
- To define which alerts require deeper investigation versus closure
- To approve marketing campaigns
Correct answer: To define which alerts require deeper investigation versus closure
Clear escalation criteria help analysts consistently determine which alerts warrant full investigation and which can be appropriately closed, improving efficiency and defensibility.
- In its simplest terms, how is money laundering best defined for a compliance officer?
- The failure of a bank to file required regulatory reports on time
- The process of disguising the illicit origin of criminal proceeds so they appear legitimate
- The use of cash rather than electronic payments to settle a transaction
- Any cross-border movement of cash exceeding a reporting threshold
Correct answer: The process of disguising the illicit origin of criminal proceeds so they appear legitimate
Money laundering is the process of disguising the illicit origin of criminal proceeds so the funds appear to come from a legitimate source. The act centers on concealing the true source, ownership, or control of proceeds of crime, not merely moving cash or missing a filing deadline. Cross-border cash movement and using cash are at most red flags, not the definition itself.
- A compliance officer is asked to summarize the standard model criminals use to launder funds. Which sequence correctly orders the three classic stages?
- Layering, placement, integration
- Placement, integration, layering
- Integration, layering, placement
- Placement, layering, integration
Correct answer: Placement, layering, integration
The three stages of money laundering occur in the order placement, layering, then integration. Illicit funds are first placed into the financial system, then layered through transactions to obscure the trail, and finally integrated back into the economy as apparently legitimate wealth. Any other ordering misstates the recognized FATF model.
- A courier deposits bulk cash from drug sales into several bank accounts and also buys money orders with it. Within the money laundering model, this activity falls into which stage?
- The integration stage
- The structuring exemption stage
- The layering stage
- The placement stage
Correct answer: The placement stage
This is the placement stage, the point at which illicit cash first enters the financial system through deposits, money order purchases, or similar conversions. Placement is generally the riskiest stage for the launderer because raw criminal cash is most exposed to detection here. Layering and integration come afterward, and there is no recognized 'structuring exemption stage.'
- After illicit cash has entered the banking system, a launderer wires it through accounts in three countries, converts part to securities, and routes the rest through a shell company. Which stage does this describe?
- Layering
- Placement
- Predication
- Integration
Correct answer: Layering
This is the layering stage, which uses multiple transfers, conversions, and intermediaries to distance the funds from their criminal origin and frustrate the audit trail. The defining feature of layering is complexity created specifically to obscure source and ownership. Placement is the initial entry, and integration is the final return of clean-looking funds.
- Which scenario is the clearest example of the layering stage in practice?
- A launderer buys a luxury home that appears to be financed by legitimate business income
- A customer refuses to disclose the source of a large deposit
- A criminal deposits cash from a robbery into an ATM
- Funds are moved rapidly between numerous accounts and converted across currencies and instruments to break the audit trail
Correct answer: Funds are moved rapidly between numerous accounts and converted across currencies and instruments to break the audit trail
Moving funds rapidly among many accounts and converting them across currencies and instruments to break the audit trail is a textbook example of layering. The goal of layering is to create distance between the money and its illicit source through transactional complexity. Depositing robbery cash is placement, buying the home is integration, and refusing to disclose source is a behavioral red flag rather than a stage.
- A launderer uses previously layered funds to purchase a hotel that then generates apparently legitimate revenue. Which stage of money laundering is this?
- Smurfing
- Layering
- Integration
- Placement
Correct answer: Integration
This is the integration stage, in which laundered funds re-enter the legitimate economy as seemingly lawful assets or income, such as a business that produces ongoing revenue. At integration the money has been sufficiently distanced from its origin that it can be spent or invested openly. Placement and layering precede it, and smurfing is a placement technique, not a stage.
- At which stage are laundered proceeds finally made to appear as legitimate wealth that the criminal can use without raising suspicion?
- Layering
- Predicate identification
- Integration
- Placement
Correct answer: Integration
Integration is the stage at which funds re-enter the legitimate economy and appear as lawful wealth the criminal can use freely. By this point the connection to the underlying crime has been obscured by the earlier placement and layering steps. The other choices either precede integration or are not stages at all.
- A predicate offense in the money laundering context is best described as which of the following?
- A regulatory reporting violation that triggers a fine
- A sanctions designation imposed by a national authority
- The first transaction in the placement stage
- The underlying criminal activity that generates the proceeds being laundered
Correct answer: The underlying criminal activity that generates the proceeds being laundered
A predicate offense is the underlying crime that generates the illicit proceeds that are then laundered, such as drug trafficking, fraud, corruption, or human trafficking. Without proceeds from a predicate offense there is nothing to launder. A reporting violation, a sanctions listing, and a placement transaction are not predicate offenses.
- Under the FATF standards, how should the range of predicate offenses for money laundering be defined by a country?
- Confined to offenses carrying the death penalty
- Restricted only to crimes that occur within that country's borders
- Limited strictly to drug trafficking offenses
- Applied to the widest possible range of serious offenses
Correct answer: Applied to the widest possible range of serious offenses
FATF recommends that countries apply money laundering offenses to the widest possible range of predicate offenses, typically defined by a threshold of seriousness or a designated category list. This broad approach prevents criminals from sheltering proceeds of crimes that fall outside a narrow list. Limiting predicates to drug crimes reflects the older 1988 framework that has since been expanded.
- What is the most important distinction between money laundering and terrorist financing?
- Terrorist financing always involves larger sums than money laundering
- Terrorist financing only uses cryptocurrency, while money laundering uses cash
- Money laundering disguises the source of illicit funds, while terrorist financing may disguise the destination and can use legitimately sourced funds
- Money laundering is legal in some jurisdictions, while terrorist financing is universally illegal
Correct answer: Money laundering disguises the source of illicit funds, while terrorist financing may disguise the destination and can use legitimately sourced funds
The key distinction is that money laundering focuses on hiding the illicit source of funds, whereas terrorist financing focuses on concealing the destination and intended use, and the funds may come from entirely legitimate sources such as salaries or donations. This makes terrorist financing harder to detect through source-based controls. Terrorist financing often involves small amounts, not necessarily large sums, and is not limited to any single payment channel.
- Which statement most accurately describes terrorist financing?
- The failure to report a large cash transaction
- The provision or collection of funds intended to support terrorist acts or organizations, regardless of whether the source is legal or illegal
- The laundering of drug proceeds through offshore banks
- The evasion of trade sanctions by mislabeling goods
Correct answer: The provision or collection of funds intended to support terrorist acts or organizations, regardless of whether the source is legal or illegal
Terrorist financing is the provision or collection of funds intended to be used to carry out terrorist acts or to support terrorist organizations, and the source can be either legitimate or illicit. The defining feature is the intended terrorist purpose rather than the criminal origin of the money. The other choices describe money laundering, sanctions evasion, and a reporting failure respectively.
- Which of the following is a recognized money laundering typology rather than a compliance control?
- Periodic customer risk reviews
- Trade-based value transfer through mis-invoicing
- Independent testing of the AML program
- Sanctions list screening
Correct answer: Trade-based value transfer through mis-invoicing
Trade-based value transfer through mis-invoicing is a money laundering typology, meaning a recognized method criminals use to move and disguise illicit value. Typologies describe how laundering is carried out, which helps institutions design detection scenarios. Independent testing, customer reviews, and sanctions screening are compliance controls, not laundering methods.
- A compliance analyst reviews a guide describing how criminals exploit shell companies, trade mis-invoicing, and cash-intensive businesses. These descriptions are best categorized as what?
- Sanctions designations
- Predicate offenses
- Money laundering typologies
- Regulatory examination findings
Correct answer: Money laundering typologies
These are money laundering typologies, which are documented patterns and methods criminals use to launder funds, published by bodies such as FATF to inform risk-based controls. Understanding typologies lets institutions build relevant monitoring scenarios and red-flag indicators. Sanctions designations, predicate offenses, and exam findings are distinct concepts.
- What does structuring (also called smurfing) involve?
- Surrendering an insurance policy early to obtain a refund check
- Deliberately breaking a large transaction into smaller amounts to stay below reporting or recordkeeping thresholds
- Mislabeling the value of goods on a customs invoice
- Moving funds through informal brokers based on trust
Correct answer: Deliberately breaking a large transaction into smaller amounts to stay below reporting or recordkeeping thresholds
Structuring, also known as smurfing, is the deliberate breaking up of a large transaction into multiple smaller amounts to evade reporting or recordkeeping thresholds. The intent to avoid triggering a report is what makes the conduct illegal, even if the individual deposits seem ordinary. The other options describe insurance laundering, trade-based laundering, and hawala.
- How does smurfing differ from a single act of structuring by one person?
- Smurfing is always legal, while structuring is not
- Smurfing typically uses multiple individuals to conduct many sub-threshold transactions, distributing the activity to avoid detection
- Smurfing applies only to terrorist financing, not money laundering
- Smurfing involves only wire transfers, never cash
Correct answer: Smurfing typically uses multiple individuals to conduct many sub-threshold transactions, distributing the activity to avoid detection
Smurfing typically recruits multiple people, called smurfs, to conduct numerous sub-threshold transactions, spreading activity across people and locations to avoid detection. Both smurfing and individual structuring aim to defeat reporting thresholds, but smurfing scales the effort across many actors. Both are illegal, can involve cash or wires, and apply to laundering generally.
- A small accountancy practice suddenly shows daily cash deposits of 9,500 dollars across three nearby branches, just under the 10,000 dollar reporting threshold. Which red flag is most directly indicated?
- Structuring to evade currency transaction reporting
- Trade-based money laundering
- Proliferation financing
- Sanctions evasion through nesting
Correct answer: Structuring to evade currency transaction reporting
Repeated deposits engineered to stay just below the 10,000 dollar currency transaction report threshold, spread across branches, is a classic indicator of structuring to evade reporting. The pattern of amounts deliberately set under the threshold is the defining clue. Trade-based laundering, proliferation financing, and nested correspondent activity present different fact patterns.
- Which set of indicators would most appropriately be described as AML red flags during account monitoring?
- Routine payroll deposits consistent with the customer's employment
- Transactions with no apparent economic purpose, reluctance to provide information, and rapid movement of funds to high-risk jurisdictions
- A documented and verified source of wealth for a large deposit
- A long-standing customer whose activity matches their stated business
Correct answer: Transactions with no apparent economic purpose, reluctance to provide information, and rapid movement of funds to high-risk jurisdictions
Transactions lacking apparent economic purpose, customer reluctance to provide information, and rapid movement of funds to high-risk jurisdictions are widely recognized AML red flags that warrant further review. Red flags are indicators of potential illicit activity, not proof of it. Activity consistent with a known profile, routine payroll, and a verified source of wealth are reassuring rather than suspicious.
- During an account review, which pattern is the strongest money laundering red flag?
- A customer who promptly provides requested identification documents
- A customer whose monthly volume is consistent with their stated income
- A business that deposits its daily card receipts each evening
- Funds that arrive and are withdrawn almost immediately, leaving little or no balance, with no clear business rationale
Correct answer: Funds that arrive and are withdrawn almost immediately, leaving little or no balance, with no clear business rationale
Funds that flow in and are withdrawn almost immediately with no clear business rationale, leaving little balance, are a strong money laundering red flag because the account appears to be used only as a conduit. Pass-through behavior of this kind is characteristic of layering and funnel activity. Cooperative identification, income-consistent volume, and routine card-receipt deposits are not inherently suspicious.
- What is a shell company in the money laundering context?
- A nonprofit organization that solicits charitable donations
- A legal entity with no significant assets or active operations, often used to obscure ownership or the source of funds
- A bank that has no physical presence in any country
- A company that manufactures goods solely for export
Correct answer: A legal entity with no significant assets or active operations, often used to obscure ownership or the source of funds
A shell company is a legal entity that has no significant assets or genuine operations and is frequently used to disguise beneficial ownership or the source of illicit funds. Shell companies are not inherently illegal but become high risk when used to hide who truly controls funds. A bank with no physical presence is a shell bank, and a charity is a different type of entity.
- A respondent bank routes payments for a customer that proves to be a shell company layered behind two other entities, none of which conduct real business. The primary concern is that the shell company is being used to:
- Comply with beneficial ownership transparency rules
- Conceal beneficial ownership and frustrate the tracing of illicit funds
- Reduce the need for transaction monitoring
- Increase the bank's deposit base legitimately
Correct answer: Conceal beneficial ownership and frustrate the tracing of illicit funds
The core concern is that the shell company is being used to conceal beneficial ownership and frustrate the tracing of illicit funds. Stacking entities with no real operations is designed to break the link between the money and its true owner. Such structures undermine, rather than support, transparency and monitoring.
- What is trade-based money laundering?
- Using a charity to move funds to terrorist groups
- Disguising the proceeds of crime by misrepresenting the price, quantity, or quality of goods in trade transactions
- Depositing small amounts of cash to avoid reporting thresholds
- Laundering funds exclusively through cryptocurrency exchanges
Correct answer: Disguising the proceeds of crime by misrepresenting the price, quantity, or quality of goods in trade transactions
Trade-based money laundering disguises criminal proceeds by misrepresenting the price, quantity, or quality of goods in international trade, transferring value while creating documentation that appears legitimate. Over- and under-invoicing, multiple invoicing, and phantom shipments are common techniques. The other choices describe crypto layering, structuring, and charity abuse for terrorist financing.
- An importer consistently pays far more for commodity shipments than prevailing market prices, with the excess flowing to an overseas supplier controlled by the same group. This pattern most strongly suggests:
- Proper transfer pricing for tax purposes
- Trade-based money laundering through over-invoicing
- Legitimate hedging against price volatility
- A standard letter-of-credit arrangement
Correct answer: Trade-based money laundering through over-invoicing
Paying well above market price so that excess value flows to a related overseas party is a hallmark of trade-based money laundering through over-invoicing. The mispriced trade moves value across borders under the cover of seemingly normal commerce. Genuine hedging and transfer pricing do not depend on systematic overpayment to a controlled affiliate.
- Why are bearer instruments such as bearer bonds or bearer share certificates a money laundering concern?
- They require full customer identification at each transfer
- They cannot be transported across borders
- They are always issued by central banks and carry no risk
- Ownership transfers simply by physical possession, leaving no record of the true owner
Correct answer: Ownership transfers simply by physical possession, leaving no record of the true owner
Bearer instruments pose a laundering risk because ownership passes by physical possession alone, so there is no registry identifying the true owner. This anonymity makes them useful for transferring value and concealing beneficial ownership. Because of this risk, many jurisdictions have restricted or immobilized bearer shares rather than relying on routine identification at transfer.
- A compliance officer reviews a customer presenting a stack of bearer negotiable instruments for deposit with no documentation of origin. The principal AML concern is that:
- Bearer instruments are exempt from all recordkeeping requirements
- The instruments allow value and ownership to move anonymously, obscuring the source of funds
- Bearer instruments cannot be deposited under any circumstances
- The instruments guarantee the funds are clean
Correct answer: The instruments allow value and ownership to move anonymously, obscuring the source of funds
The principal concern is that bearer instruments allow value and ownership to move anonymously, which obscures the source of the funds being deposited. Because possession equals ownership, they can carry illicit value without a paper trail. Such instruments can be deposited but warrant heightened scrutiny and source-of-funds inquiry rather than being presumed clean or exempt.
- In the AML context, how are corruption and bribery most relevant to money laundering?
- They are predicate offenses that generate illicit proceeds frequently laundered, especially by politically exposed persons
- They are unrelated to laundering because they involve only public officials
- They only matter for terrorist financing, not laundering
- They are detected exclusively through sanctions screening
Correct answer: They are predicate offenses that generate illicit proceeds frequently laundered, especially by politically exposed persons
Corruption and bribery are predicate offenses that generate substantial illicit proceeds, which are then laundered, often by politically exposed persons seeking to disguise stolen public funds. This is why PEPs and their associates attract enhanced due diligence. Corruption is highly relevant to laundering and is detected through a range of controls, not only sanctions screening.
- A foreign government minister wires funds far exceeding his official salary into a private account, then routes them through companies he secretly controls. From an AML perspective, the underlying crime being laundered is most likely:
- Trade sanctions evasion
- Identity theft
- Securities fraud
- Corruption or bribery (grand corruption)
Correct answer: Corruption or bribery (grand corruption)
Funds far exceeding an official's lawful income, moved through secretly controlled entities, most likely represent the proceeds of corruption or bribery being laundered. Grand corruption by public officials is a leading source of laundered illicit wealth and a key reason PEPs receive enhanced due diligence. The fact pattern does not point to securities fraud, sanctions evasion, or identity theft.
- Why is human trafficking treated as a significant financial crime concern within AML programs?
- Trafficking generates no traceable financial activity
- It is relevant only to sanctions compliance
- It can only be detected by law enforcement, never by financial institutions
- It is a profitable predicate offense whose proceeds are laundered, often showing detectable financial red flags
Correct answer: It is a profitable predicate offense whose proceeds are laundered, often showing detectable financial red flags
Human trafficking is a highly profitable predicate offense whose proceeds are laundered, and it often leaves detectable financial red flags such as multiple wages paid to one account, controlled victim accounts, and spending at locations linked to exploitation. Financial institutions play a frontline role in spotting these patterns. The crime is far from invisible in transaction data.
- Which transactional pattern is a recognized red flag for human trafficking financial activity?
- Wages for multiple workers funneled into one account controlled by a third party, with frequent cash withdrawals near transport hubs or motels
- A single employer's payroll deposited to each employee's own verified account
- Routine mortgage payments from a long-term homeowner
- A retiree drawing a consistent monthly pension
Correct answer: Wages for multiple workers funneled into one account controlled by a third party, with frequent cash withdrawals near transport hubs or motels
Wages for multiple workers funneled into one third-party-controlled account, paired with frequent cash withdrawals near transport hubs or motels, is a recognized red flag for human trafficking. The pattern reflects a controller capturing victims' earnings. Individually owned payroll accounts, ordinary mortgage payments, and a steady pension are not indicative of trafficking.
- How do criminals most commonly use front companies, as distinct from pure shell companies, to launder money?
- By publicly registering all beneficial owners to ensure transparency
- By holding no assets and conducting no transactions at all
- By refusing to open any bank accounts
- By operating a genuine cash-generating business that commingles illicit proceeds with legitimate revenue
Correct answer: By operating a genuine cash-generating business that commingles illicit proceeds with legitimate revenue
Front companies operate a genuine cash-generating business and commingle illicit proceeds with legitimate revenue, making the dirty money hard to separate from real income. This active-business cover distinguishes them from shell companies, which typically have no real operations. Cash-intensive businesses such as restaurants and car washes are commonly exploited this way.
- A money services business sees one sender remit funds to dozens of unrelated recipients across multiple countries within days, all just below identification thresholds. This pattern is most consistent with which method?
- A routine bill-payment service
- Legitimate family remittances
- Structuring combined with layering through an MSB
- Proliferation financing of weapons programs
Correct answer: Structuring combined with layering through an MSB
One sender remitting to many unrelated recipients in several countries, with amounts kept under identification thresholds, is most consistent with structuring combined with layering through the MSB. The sub-threshold sizing points to threshold evasion, and the dispersal to unrelated parties points to layering. Genuine family remittances and bill payment do not show this dispersed, threshold-hugging pattern.
- What does sanctions evasion typically involve in a financial crime context?
- Deliberately concealing the involvement of a sanctioned person, entity, or jurisdiction in a transaction to defeat screening controls
- Filing suspicious activity reports on sanctioned parties
- Voluntarily blocking and reporting prohibited transactions
- Applying enhanced due diligence to high-risk customers
Correct answer: Deliberately concealing the involvement of a sanctioned person, entity, or jurisdiction in a transaction to defeat screening controls
Sanctions evasion involves deliberately concealing the involvement of a sanctioned party or jurisdiction in a transaction so that it slips past screening controls, for example by stripping identifying payment data or using front entities. The aim is to defeat the controls designed to block prohibited dealings. Filing reports, blocking transactions, and applying enhanced due diligence are compliance actions, not evasion.
- A correspondent bank notices that payment messages from a respondent have had originator and beneficiary details stripped or altered before reaching the screening filter. This is a red flag for:
- Sanctions evasion through wire stripping
- Routine message formatting
- Proper data minimization for privacy
- Standard correspondent reconciliation
Correct answer: Sanctions evasion through wire stripping
Stripping or altering originator and beneficiary details so payments evade screening is the technique known as wire stripping, a classic form of sanctions evasion. Removing the data that filters rely on is designed to let prohibited parties transact undetected. It is neither normal formatting nor a privacy measure, and legitimate reconciliation does not require deleting party information.
- Why does the casino and gaming sector present an inherent money laundering vulnerability beyond simple chip purchases?
- Players can move value between accounts, use ticket-in/ticket-out vouchers, and request payouts that appear to be gambling winnings
- Casinos never issue checks or wires
- Casinos are prohibited from handling cash entirely
- Gaming activity always carries full source-of-funds documentation
Correct answer: Players can move value between accounts, use ticket-in/ticket-out vouchers, and request payouts that appear to be gambling winnings
Beyond buying chips, casinos let players move value between patron accounts, use ticket-in/ticket-out vouchers, and request payouts that look like gambling winnings, all of which can disguise illicit funds. The variety of cash-equivalent instruments and account features creates layering opportunities. Casinos do handle cash, do issue checks and wires, and gaming activity often lacks robust source-of-funds documentation.
- How can virtual asset mixers or tumblers facilitate the layering stage of laundering?
- By permanently recording each user's real-world identity on the blockchain
- By converting crypto into central bank currency at face value with full KYC
- By preventing any transfer of value across wallets
- By pooling and redistributing crypto from many users to break the link between source and destination addresses
Correct answer: By pooling and redistributing crypto from many users to break the link between source and destination addresses
Mixers and tumblers pool crypto from many users and redistribute it, breaking the on-chain link between the source and destination addresses, which serves the layering objective of obscuring the trail. This deliberate obfuscation is why mixing services attract heightened AML scrutiny and sometimes designation. They are designed to reduce traceability, not to enforce identity or full KYC.
- Which scenario best illustrates the integration of laundered proceeds through a legitimate-looking investment?
- A criminal deposits a duffel bag of cash into multiple ATMs
- Previously layered funds are used to buy a commercial property that then earns rental income reported as lawful business revenue
- A sender splits a payment to stay under the reporting threshold
- A customer wires money between five shell accounts in one day
Correct answer: Previously layered funds are used to buy a commercial property that then earns rental income reported as lawful business revenue
Using already-layered funds to buy a commercial property that generates rental income reported as lawful revenue is integration, where the money re-enters the economy as apparently legitimate wealth. The asset produces clean-looking returns that can be spent openly. The ATM deposits illustrate placement, the rapid shell transfers illustrate layering, and the split payment illustrates structuring.
- Which of the following is the most accurate consequence for a financial institution that fails to detect and prevent money laundering effectively?
- It faces no consequences as long as customers were profitable
- It is guaranteed immunity from regulatory action if it filed any reports
- It may face regulatory penalties, criminal liability, and severe reputational and financial harm
- It is only exposed to civil suits from competitors
Correct answer: It may face regulatory penalties, criminal liability, and severe reputational and financial harm
An institution that fails to prevent money laundering may face regulatory penalties, potential criminal liability, and serious reputational and financial harm, including loss of correspondent relationships and licenses. These consequences are why AML risk is treated as an enterprise-level threat. Filing some reports does not confer immunity, and the exposure goes well beyond competitor lawsuits.
- A relationship manager observes a customer who insists on conducting transactions just below identification thresholds, asks detailed questions about reporting triggers, and becomes evasive when asked about source of funds. Collectively, these behaviors are best characterized as:
- Behavioral red flags warranting enhanced scrutiny and possible escalation
- Conclusive proof of money laundering requiring immediate account seizure
- Normal privacy preferences requiring no action
- Indicators that the customer should receive a higher credit limit
Correct answer: Behavioral red flags warranting enhanced scrutiny and possible escalation
Insisting on sub-threshold transactions, probing about reporting triggers, and evasiveness about source of funds are behavioral red flags that warrant enhanced scrutiny and possible escalation. Red flags justify further review, not a presumption of guilt or unilateral seizure. They are clearly not a basis for extending more credit, and dismissing them as privacy is inappropriate.
- What distinguishes proliferation financing from ordinary terrorist financing as a financial crime category?
- Proliferation financing never involves sanctioned parties
- Proliferation financing is legal under FATF standards
- Proliferation financing supports the development or movement of weapons of mass destruction, rather than conventional terrorist acts
- Proliferation financing only uses cash, while terrorist financing only uses wires
Correct answer: Proliferation financing supports the development or movement of weapons of mass destruction, rather than conventional terrorist acts
Proliferation financing supports the development, acquisition, or movement of weapons of mass destruction and their delivery systems, which sets it apart from terrorist financing aimed at conventional terrorist acts. It frequently intersects with targeted sanctions and dual-use goods controls. It is not legal under FATF standards, is not channel-specific, and very often involves sanctioned parties.
- A launderer purchases high-value diamonds with illicit cash, transports them abroad, and resells them for clean funds. This method exploits which property of precious stones?
- Their inability to be resold once purchased
- Their high value, portability, and ability to store and move wealth with limited traceability
- Their requirement for central registration of every owner
- Their mandatory reporting at every border crossing
Correct answer: Their high value, portability, and ability to store and move wealth with limited traceability
Diamonds and other precious stones are attractive to launderers because they pack high value into a portable form and can store and move wealth with limited traceability. Converting cash to stones and back to clean funds enables value transfer across borders. They are not subject to universal owner registration or guaranteed border reporting, and they retain a resale market.
- Which activity is the clearest example of the placement stage using a cash-intensive business?
- Stripping originator details from a payment message
- A criminal-controlled car wash reporting inflated daily cash sales that include illicit cash
- Buying a yacht with funds already laundered through several entities
- Wiring funds between five offshore accounts in different names
Correct answer: A criminal-controlled car wash reporting inflated daily cash sales that include illicit cash
A criminal-controlled car wash reporting inflated cash sales that fold in illicit cash is a placement technique, because it introduces dirty cash into the financial system disguised as business revenue. Cash-intensive businesses are ideal for this because real and illicit cash are hard to distinguish. Wiring between offshore accounts is layering, the yacht purchase is integration, and wire stripping is sanctions evasion.
- Why is identifying the predicate offense often important when assessing a suspected money laundering case?
- Because identifying it removes the need to file any report
- Because money laundering cannot exist without proceeds derived from an underlying crime
- Because predicate offenses are always tax crimes
- Because the predicate offense determines the institution's stock valuation
Correct answer: Because money laundering cannot exist without proceeds derived from an underlying crime
Identifying the predicate offense matters because money laundering by definition requires proceeds derived from an underlying crime, so understanding the likely predicate helps frame the suspicion and the typology. Predicate offenses span a broad range of serious crimes, not only tax offenses. Recognizing the predicate informs, rather than eliminates, the institution's reporting obligations.
- A charity reports modest local activity but receives large international donations that are quickly forwarded to recipients in a conflict zone with weak documentation. The primary financial crime concern is:
- Terrorist financing through abuse of a nonprofit
- Routine grant disbursement
- Trade-based money laundering
- Securities fraud
Correct answer: Terrorist financing through abuse of a nonprofit
Large international donations rapidly forwarded to a conflict zone with weak documentation, inconsistent with the charity's modest local footprint, is a primary indicator of terrorist financing through abuse of a nonprofit. Charities can be exploited because donations may come from legitimate sources, masking the terrorist destination. The pattern does not fit securities fraud, trade-based laundering, or normal grant-making.
- Which statement best captures why terrorist financing can be harder to detect than money laundering through traditional source-based monitoring?
- The funds may be legitimately sourced and moved in small amounts, so source-focused controls may not flag them
- Terrorist financing always involves very large, conspicuous transactions
- Terrorist financing never passes through regulated institutions
- Terrorist financing only occurs in cash and is therefore always reported
Correct answer: The funds may be legitimately sourced and moved in small amounts, so source-focused controls may not flag them
Terrorist financing can be harder to detect because the funds may be legitimately sourced and moved in small amounts, so controls focused on illicit source may not flag them. Detection often depends on destination, behavioral, and network indicators rather than source alone. Terrorist financing is frequently low-value, does pass through regulated channels, and is not limited to cash.
- An informal value transfer system such as hawala can facilitate both laundering and terrorist financing primarily because it:
- Is operated exclusively by licensed banks
- Settles obligations between brokers based on trust, often without moving funds through the formal banking system
- Requires full sanctions screening on every transaction
- Generates a detailed, centrally held electronic record of every transfer
Correct answer: Settles obligations between brokers based on trust, often without moving funds through the formal banking system
Hawala and similar informal value transfer systems settle obligations between brokers based on trust, frequently without routing funds through the formal banking system, which limits the audit trail available to investigators. This opacity is what makes them attractive for both laundering and terrorist financing. They are not centrally recorded, do not inherently apply sanctions screening, and operate outside licensed banking.
- A compliance officer must explain to new staff why the placement stage is generally considered the point of greatest detection risk for the launderer. The best explanation is that:
- Placement involves only electronic transfers that leave no records
- Placement is when raw illicit cash physically enters the financial system, where it is most exposed to identification, reporting, and scrutiny
- Placement occurs after layering has obscured the audit trail
- Placement is when funds have already been fully integrated into the economy
Correct answer: Placement is when raw illicit cash physically enters the financial system, where it is most exposed to identification, reporting, and scrutiny
Placement carries the greatest detection risk because it is the point at which raw illicit cash physically enters the financial system, where deposit limits, currency transaction reporting, and staff scrutiny are most likely to expose it. Once funds are placed and then layered, the trail becomes harder to follow. Placement precedes layering and integration, not the reverse, and it characteristically involves cash rather than recordless electronic transfers.
- A compliance officer reviews a trade-finance file and finds documentation for a shipment of machinery supported by a bill of lading and customs entry, but the shipping line has no record of the vessel ever carrying the cargo and no goods physically moved. Which trade-based money laundering technique does this most clearly illustrate?
- Over-invoicing of legitimately shipped goods
- Misclassification of higher-value goods as lower-value goods
- Black market peso exchange settlement
- Phantom shipping using fictitious trade documents with no underlying goods
Correct answer: Phantom shipping using fictitious trade documents with no underlying goods
Phantom shipping is the technique shown here: criminals create fraudulent trade documents such as invoices, bills of lading, and customs entries to justify a payment when no goods actually move. It differs from over-invoicing, which involves real goods billed above their value, and from misclassification, which involves real goods described inaccurately. The defining feature flagged by FATF is the absence of any genuine underlying shipment behind the paperwork.
- An analyst is asked to explain how a front company differs from a shell company when assessing money laundering risk. Which statement is the most accurate distinction?
- A front company is always offshore, while a shell company is always domestic
- A front company is registered with a regulator, while a shell company is never legally incorporated
- A front company has no operations or assets, while a shell company always conducts real trade
- A front company is a fully operating business used as a facade to disguise illicit funds, while a shell company has little or no genuine operations
Correct answer: A front company is a fully operating business used as a facade to disguise illicit funds, while a shell company has little or no genuine operations
A front company is a genuinely operating business with offices, employees, and real goods or services that is used as a facade to commingle and disguise criminal proceeds, whereas a shell company is an incorporated entity with little or no independent operations, assets, or staff. The risk of a shell company stems from obscured beneficial ownership; the risk of a front company stems from the cover that real activity provides for mixing illicit funds with legitimate revenue. Both are legally incorporated, so legality does not distinguish them.
- A cash-intensive car wash deposits daily receipts that consistently exceed what its visible customer traffic and equipment capacity could plausibly generate. A compliance officer suspects the excess cash is criminal proceeds being mixed with real sales. Which money laundering stage is being carried out through this business?
- Structuring, because each deposit is kept below the reporting threshold
- Layering, by routing funds through multiple offshore accounts
- Integration, because the funds have already re-entered the economy as investment income
- Placement, by introducing illicit cash into the banking system disguised as legitimate revenue
Correct answer: Placement, by introducing illicit cash into the banking system disguised as legitimate revenue
This is placement: the launderer is introducing illicit cash into the financial system by commingling it with the genuine receipts of a cash-intensive business so the deposits appear to be ordinary sales. Layering would involve moving already-deposited funds through complex transfers to obscure the trail, and integration would mean the cleaned funds are being used to acquire assets or income. The deposits here are not described as deliberately kept under a threshold, so structuring does not fit.
- A new analyst asks why detecting terrorist financing can be harder than detecting money laundering even when transaction amounts look ordinary. Which explanation is the most accurate?
- Terrorist financing is exempt from suspicious transaction reporting requirements
- Terrorist financing always uses cryptocurrency, which no monitoring system can trace
- Terrorist financing only ever involves cross-border cash couriers and never the banking system
- Terrorist financing may draw on funds from legitimate sources and move small amounts, so it lacks the obvious illicit-origin signals of laundering
Correct answer: Terrorist financing may draw on funds from legitimate sources and move small amounts, so it lacks the obvious illicit-origin signals of laundering
The key difficulty is that terrorist financing can originate from entirely legitimate sources such as salaries, donations, or business income and often involves small amounts, so it lacks the criminal-proceeds signature that monitoring systems use to flag laundering. Money laundering, by contrast, starts with funds derived from a predicate crime. Terrorist financing is not exempt from reporting, is not confined to crypto or cash couriers, and frequently does pass through the formal banking system.
- A compliance officer is briefing new staff on what FATF actually is. Which statement most accurately describes the Financial Action Task Force?
- A United Nations agency that prosecutes money launderers across member states
- An intergovernmental standard-setting body with no power to make binding law in any country
- A treaty organization whose recommendations automatically become law in member states
- A global bank-owned consortium that operates a shared sanctions screening platform
Correct answer: An intergovernmental standard-setting body with no power to make binding law in any country
FATF is an intergovernmental standard-setting body, not a lawmaker, prosecutor, or bank consortium. It develops the international AML/CFT/CPF standards and assesses jurisdictions through mutual evaluations, but it cannot enact or enforce law directly; member countries must implement its Recommendations through their own domestic legislation.
- What is the function of a FATF-Style Regional Body (FSRB) such as APG, MONEYVAL, or GAFILAT?
- It promotes implementation of the FATF standards and conducts mutual evaluations within its region
- It replaces FATF membership for countries that cannot join FATF directly
- It issues a separate, competing set of regional AML recommendations
- It administers economic sanctions for the United Nations within its region
Correct answer: It promotes implementation of the FATF standards and conducts mutual evaluations within its region
An FSRB promotes adoption and implementation of the FATF Recommendations and conducts mutual evaluations of its member jurisdictions, extending FATF's reach regionally. FSRBs do not create a competing standard or administer sanctions; they apply the same FATF standards regionally and many of their members are not direct FATF members.
- The FATF standards are commonly referred to as the '40 Recommendations.' What is the most accurate scope of these Recommendations today?
- They address only money laundering arising from drug trafficking
- They are 40 separate binding treaties each ratified individually
- They address money laundering, terrorist financing, and proliferation financing
- They address only terrorist financing and sanctions evasion
Correct answer: They address money laundering, terrorist financing, and proliferation financing
The 40 Recommendations now cover money laundering, terrorist financing, and the financing of proliferation of weapons of mass destruction (CPF). Earlier FATF work began with drug-related laundering and a separate set of terrorist-financing 'Special Recommendations,' but those were consolidated into a single, expanded set of 40 covering all three threats.
- FATF Recommendation 1, the foundation of the entire framework, requires that countries and obliged entities primarily adopt which overarching approach?
- A rules-based approach applying identical controls to every customer
- A volume-based approach focused only on the largest transactions
- A risk-based approach allocating measures proportionate to identified ML/TF/PF risk
- A zero-tolerance approach that prohibits onboarding any higher-risk customer
Correct answer: A risk-based approach allocating measures proportionate to identified ML/TF/PF risk
Recommendation 1 establishes the risk-based approach as the cornerstone of the FATF standards, requiring countries and institutions to identify, assess, and apply measures proportionate to their ML/TF/PF risks. A uniform rules-based or prohibition-based model contradicts R.1, which (as updated in 2025) also expressly requires simplified measures in assessed lower-risk situations and encourages proportionate rather than blanket responses.
- FATF's 2025 update to the standards added explicit emphasis on financial inclusion. For a compliance officer applying the risk-based approach, what does this update most directly support?
- Requiring enhanced due diligence on every new customer regardless of risk
- Mandating that banks accept all customers without screening
- Applying simplified due diligence measures in proven lower-risk scenarios to avoid undue exclusion
- Eliminating customer due diligence for all retail accounts
Correct answer: Applying simplified due diligence measures in proven lower-risk scenarios to avoid undue exclusion
The February 2025 update to Recommendation 1 strengthened the requirement to allow and encourage simplified measures in assessed lower-risk situations, replacing weaker permissive language and the prior 'proven low risk' standard with a directive that countries 'should allow and encourage' simplified measures in 'assessed' lower-risk scenarios. The intent is to prevent AML controls from needlessly excluding legitimate customers, without eliminating CDD or screening.
- Under FATF Recommendation 16 as applied to virtual assets (the 'Travel Rule'), what must an ordering virtual asset service provider (VASP) do for qualifying transfers?
- Obtain, hold, and transmit required originator and beneficiary information to the beneficiary VASP
- Report every transfer directly to FATF headquarters
- Block all transfers to other VASPs regardless of amount
- Convert all virtual assets to fiat before any transfer
Correct answer: Obtain, hold, and transmit required originator and beneficiary information to the beneficiary VASP
The Travel Rule requires the originating VASP to obtain and hold required originator information and required beneficiary information and to transmit it to the beneficiary VASP (or financial institution), typically for transfers at or above the USD/EUR 1,000 threshold. It does not require blocking transfers, reporting to FATF, or converting assets to fiat.
- A bank executive asks the AML officer to explain 'what FinCEN is.' Which description is correct?
- The U.S. agency that administers economic and trade sanctions programs
- An international body that conducts mutual evaluations of countries
- A private network of banks that sets correspondent banking standards
- The U.S. financial intelligence unit and administrator of the Bank Secrecy Act
Correct answer: The U.S. financial intelligence unit and administrator of the Bank Secrecy Act
FinCEN, the Financial Crimes Enforcement Network, is the U.S. financial intelligence unit and the bureau of the Treasury that administers the Bank Secrecy Act, receives BSA reports such as SARs and CTRs, and disseminates financial intelligence. Sanctions administration is OFAC's role, mutual evaluations are FATF's, and correspondent-banking standards are associated with the Wolfsberg Group.
- What is the role of the Office of Foreign Assets Control (OFAC) within the U.S. Treasury?
- Receiving and analyzing suspicious activity reports as the U.S. FIU
- Administering and enforcing U.S. economic and trade sanctions based on foreign policy and national security goals
- Chartering and supervising national banks
- Setting the FATF Recommendations for the United States
Correct answer: Administering and enforcing U.S. economic and trade sanctions based on foreign policy and national security goals
OFAC administers and enforces U.S. economic and trade sanctions, including maintaining lists of designated parties and authorizing or prohibiting transactions in line with U.S. foreign policy and national security objectives. The U.S. FIU function belongs to FinCEN, FATF sets international standards, and bank chartering is handled by banking regulators.
- An institution wants to engage in a transaction that would otherwise be prohibited by an OFAC sanctions program. What is the appropriate mechanism?
- Route the transaction through a correspondent bank to avoid the prohibition
- Apply to OFAC for a specific license, or rely on an applicable general license
- Obtain written permission from FATF
- Proceed because intent to violate is required for liability
Correct answer: Apply to OFAC for a specific license, or rely on an applicable general license
OFAC may authorize otherwise prohibited transactions through general licenses (broad authorizations in the regulations) or specific licenses (case-by-case authorizations granted on application). Many OFAC violations carry strict civil liability, so intent is not required to be liable, and deliberately routing around a prohibition can compound the violation rather than cure it.
- A compliance trainee asks for a plain definition of the U.S. Bank Secrecy Act (BSA). Which is the best answer?
- An EU directive transposed into U.S. law
- The primary U.S. AML law requiring recordkeeping and reporting to help detect and prevent financial crime
- A law that guarantees the secrecy of customer bank balances from the government
- A sanctions statute administered by OFAC
Correct answer: The primary U.S. AML law requiring recordkeeping and reporting to help detect and prevent financial crime
Despite its name, the Bank Secrecy Act is the foundational U.S. AML statute requiring financial institutions to keep records and file reports (such as CTRs and SARs) that are useful to authorities investigating financial crime. It is not about protecting account secrecy, is not an OFAC sanctions law, and is U.S. legislation rather than a transposed EU directive.
- Which of the following best summarizes what the USA PATRIOT Act did for U.S. AML obligations?
- It applied only to securities firms and exempted banks
- It created OFAC and the SDN list
- It repealed the Bank Secrecy Act and replaced it with voluntary guidance
- It amended and strengthened the BSA, adding customer identification, correspondent and private banking due diligence, and a ban on accounts for foreign shell banks
Correct answer: It amended and strengthened the BSA, adding customer identification, correspondent and private banking due diligence, and a ban on accounts for foreign shell banks
The USA PATRIOT Act (2001) amended and expanded the BSA, introducing customer identification program requirements, enhanced due diligence for correspondent and private banking, information-sharing provisions, and a prohibition on maintaining correspondent accounts for foreign shell banks. It did not repeal the BSA, did not create OFAC, and applied broadly across financial institutions.
- The EU's current AML reform package introduced a directly applicable 'single rulebook.' Which instrument is that single rulebook?
- The Third Money Laundering Directive
- The Sixth AML Directive (AMLD6), Directive (EU) 2024/1640
- The FATF 40 Recommendations
- The Anti-Money Laundering Regulation (AMLR), Regulation (EU) 2024/1624
Correct answer: The Anti-Money Laundering Regulation (AMLR), Regulation (EU) 2024/1624
The AML Regulation (AMLR), Regulation (EU) 2024/1624, is the directly applicable 'single rulebook' that harmonizes substantive AML obligations across the EU without requiring national transposition (applying from 10 July 2027). AMLD6 is a directive that member states must transpose, the Third Directive is a superseded earlier framework, and the FATF Recommendations are international standards, not EU law.
- A key difference between an EU Regulation and an EU Directive in the AML package is that:
- Both must be transposed identically by every member state
- A Directive applies directly without national legislation, while a Regulation must be transposed
- A Regulation applies directly across member states, while a Directive must be transposed into national law
- Neither has any legal effect until ratified by FATF
Correct answer: A Regulation applies directly across member states, while a Directive must be transposed into national law
An EU Regulation (such as the AMLR) is directly applicable and binding in all member states without national transposition, whereas a Directive (such as AMLD6) sets results that member states must achieve by transposing it into their own laws. This is why the AMLR creates a harmonized single rulebook while AMLD6 still leaves room for national implementation.
- What is the newly established EU Authority for Anti-Money Laundering and Countering the Financing of Terrorism (AMLA), and where is it headquartered?
- An EU-level AML supervisor and FIU-coordination authority headquartered in Frankfurt
- A sanctions enforcement agency headquartered in Brussels
- A private banking association headquartered in Basel
- A FATF regional body headquartered in Paris
Correct answer: An EU-level AML supervisor and FIU-coordination authority headquartered in Frankfurt
AMLA is the new EU-level authority headquartered in Frankfurt that will directly supervise certain high-risk cross-border financial institutions, coordinate national supervisors, and support cooperation among financial intelligence units. It is an EU agency, not an FSRB, a sanctions enforcer, or a private association, and its direct supervision of selected entities begins in January 2028.
- What was the principal contribution of the Third EU Money Laundering Directive (2005/60/EC)?
- It introduced a risk-based approach and extended AML obligations to a wider range of entities, including certain DNFBPs
- It established the European Central Bank
- It abolished customer due diligence requirements across the EU
- It created the EU sanctions list
Correct answer: It introduced a risk-based approach and extended AML obligations to a wider range of entities, including certain DNFBPs
The Third Money Laundering Directive embedded the risk-based approach into EU AML law and broadened coverage to additional sectors, including designated non-financial businesses and professions such as certain lawyers, accountants, and trust and company service providers. It did not abolish CDD, create a sanctions list, or establish the ECB.
- The Fourth EU Money Laundering Directive (Directive (EU) 2015/849) is best remembered for which advance?
- Eliminating suspicious transaction reporting
- Replacing FATF as the global standard setter
- Permitting anonymous bearer accounts
- Requiring member states to set up central registers of beneficial ownership of corporate entities
Correct answer: Requiring member states to set up central registers of beneficial ownership of corporate entities
The Fourth Directive required member states to establish central beneficial ownership registers for companies and other legal entities and reinforced the risk-based approach. It strengthened, rather than eliminated, suspicious transaction reporting, did not displace FATF, and tightened (not permitted) transparency by targeting anonymity.
- A trainee asks what the Basel Committee on Banking Supervision is. Which description is accurate?
- A standard-setting committee for prudential banking supervision that also issues guidance on sound management of ML/TF risks
- The financial intelligence unit of Switzerland
- An EU agency that supervises cross-border banks
- A sanctions list maintained by the Bank for International Settlements
Correct answer: A standard-setting committee for prudential banking supervision that also issues guidance on sound management of ML/TF risks
The Basel Committee on Banking Supervision is the primary global standard setter for the prudential regulation of banks, and it issues supervisory guidance including on sound management of risks related to money laundering and terrorist financing (such as customer due diligence expectations). It is not an FIU, a sanctions list, or an EU supervisory agency.
- A compliance officer references 'the Egmont Group' in a cross-border information request. What is the Egmont Group?
- A United Nations sanctions committee
- A global network of financial intelligence units that facilitates secure information exchange
- A consortium of banks that issues AML guidance
- The body that administers FATF mutual evaluations
Correct answer: A global network of financial intelligence units that facilitates secure information exchange
The Egmont Group is the global network of financial intelligence units that provides a secure platform for FIUs to exchange information and cooperate against money laundering and terrorist financing. It is not a bank consortium, the FATF evaluation body, or a UN sanctions committee.
- The Wolfsberg Group is frequently cited in correspondent banking compliance. What is it, and what does it produce?
- A FATF-style regional body for Europe
- A government regulator that licenses correspondent banks
- A United Nations body that designates sanctioned entities
- An association of global banks that publishes industry guidance and standards, such as the Correspondent Banking Due Diligence Questionnaire
Correct answer: An association of global banks that publishes industry guidance and standards, such as the Correspondent Banking Due Diligence Questionnaire
The Wolfsberg Group is an association of major global banks that develops financial-crime risk-management guidance and tools, including the widely used Correspondent Banking Due Diligence Questionnaire. It is an industry association rather than a regulator, an FSRB, or a UN designating body, so its outputs are guidance and standards, not law.
- A relationship manager asks for the 'PEP meaning' in AML. Which best defines a politically exposed person?
- Any customer who holds a foreign passport
- An individual entrusted with a prominent public function, posing higher risk of involvement in bribery or corruption
- A customer who has previously had a SAR filed on them
- Any government employee at any level
Correct answer: An individual entrusted with a prominent public function, posing higher risk of involvement in bribery or corruption
A politically exposed person is an individual who is or has been entrusted with a prominent public function (and, by extension, certain family members and close associates), which creates a heightened risk that their position could be misused for bribery, corruption, or laundering of related proceeds. PEP status triggers enhanced due diligence; it is not based on nationality, prior SARs, or low-level employment, and it does not imply guilt.
- When determining whether a customer is a politically exposed person, the FATF standards expect institutions to also consider which related individuals?
- All customers in the same country as the PEP
- Family members and known close associates of the PEP
- Only employees of the institution
- Only the PEP and no one else
Correct answer: Family members and known close associates of the PEP
FATF expects PEP measures to extend to family members and known close associates of the politically exposed person, because corruption proceeds are frequently moved through relatives or trusted intermediaries. Limiting screening to the individual alone, or sweeping in an entire country's customers, misapplies the standard.
- A jurisdiction has been placed on the FATF 'grey list.' What does this designation mean in practice?
- All financial institutions worldwide must cease dealings with the jurisdiction immediately
- The jurisdiction is under increased monitoring while it works through an agreed action plan to address strategic deficiencies
- The jurisdiction has been expelled from the United Nations
- The jurisdiction is fully compliant and poses no AML/CFT concern
Correct answer: The jurisdiction is under increased monitoring while it works through an agreed action plan to address strategic deficiencies
The grey list, formally 'Jurisdictions under Increased Monitoring,' identifies countries that have strategic AML/CFT deficiencies but have committed to an action plan and are actively working with FATF. It does not require ceasing all dealings (that is closer to the black-list 'call for action') and certainly does not signal full compliance.
- A U.S. bank's branch overseas processes a transaction for a non-U.S. company that involves a U.S.-origin good and U.S. dollar clearing. The compliance officer flags this under the concept of extraterritorial reach of AML and sanctions laws. What does that concept mean?
- Only the United Nations can regulate cross-border transactions
- AML and sanctions laws can apply to conduct, persons, or transactions beyond the issuing country's borders
- AML laws apply only within the physical territory where the institution is chartered
- Foreign branches are exempt from all home-country AML requirements
Correct answer: AML and sanctions laws can apply to conduct, persons, or transactions beyond the issuing country's borders
Extraterritorial reach means that a country's AML and sanctions laws can apply to conduct or parties outside its borders, for example through U.S.-dollar clearing, U.S.-origin goods, secondary sanctions, or jurisdiction over foreign branches and subsidiaries. It is precisely why a non-U.S. party can become subject to U.S. requirements, contrary to the idea that such laws stop at the national border.
- United Nations Security Council Resolutions establishing targeted financial sanctions are significant for AML compliance because they:
- Apply only to the country that proposed the resolution
- Create binding obligations on member states to implement asset freezes and prohibitions, often without delay
- Are merely advisory and create no obligations
- Replace national sanctions programs entirely
Correct answer: Create binding obligations on member states to implement asset freezes and prohibitions, often without delay
UN Security Council sanctions resolutions are binding on UN member states, which must implement measures such as targeted asset freezes (frequently 'without delay'), and they underpin FATF's targeted-financial-sanctions recommendations for terrorism and proliferation. They are not advisory, not limited to the proposing state, and they coexist with (rather than replace) national programs such as OFAC's.
- When a foreign authority seeks formal access to records or evidence held in another country for a money laundering case, which mechanism is typically used?
- A mutual legal assistance treaty (MLAT) or equivalent request
- A Wolfsberg questionnaire
- An OFAC general license
- A FATF mutual evaluation
Correct answer: A mutual legal assistance treaty (MLAT) or equivalent request
Mutual legal assistance treaties (MLATs) and equivalent arrangements are the formal channels through which jurisdictions request and provide evidence, records, and other legal assistance across borders in criminal matters, including money laundering. A mutual evaluation assesses a country's framework, an OFAC license authorizes transactions, and a Wolfsberg questionnaire gathers correspondent-bank due diligence information.
- A U.S. bank's branch teller processes a single cash deposit of 12,000 dollars from a long-standing customer with no indicators of suspicion. Which reporting obligation is triggered by this transaction alone?
- A currency transaction report, because the cash transaction exceeds 10,000 dollars
- No report, because the customer is well known to the institution
- A suspicious activity report, because the amount exceeds 10,000 dollars
- Both a currency transaction report and a suspicious activity report
Correct answer: A currency transaction report, because the cash transaction exceeds 10,000 dollars
A currency transaction report is the correct filing because a CTR is required for any cash (currency) transaction exceeding 10,000 dollars in a single business day, regardless of whether the activity is suspicious. A SAR is not triggered by amount alone; it requires a reasonable basis to suspect illicit activity, which is absent here.
- A compliance analyst reviews a cash deposit and asks what fundamentally distinguishes a currency transaction report (CTR) from a suspicious activity report (SAR). Which statement is accurate?
- Both are filed only when a customer is on a sanctions list
- A CTR is filed for any cash transaction above a set threshold, while a SAR is filed when there is reasonable suspicion of illicit activity
- A SAR replaces the need for a CTR when both could apply
- A CTR is filed based on suspicion, while a SAR is filed based on a fixed dollar threshold
Correct answer: A CTR is filed for any cash transaction above a set threshold, while a SAR is filed when there is reasonable suspicion of illicit activity
The defining difference is that a CTR is a routine, threshold-based filing for cash transactions over 10,000 dollars, whereas a SAR is judgment-based and filed when the institution has a reasonable basis to suspect money laundering or other illicit activity. The two serve different purposes and can both apply to the same activity.
- Under U.S. BSA rules, by when must a financial institution generally file a suspicious activity report after the date it initially detects facts that may constitute a basis for filing?
- No later than 30 calendar days
- Within 90 calendar days in all cases
- No deadline applies as long as it is eventually filed
- Within 5 calendar days
Correct answer: No later than 30 calendar days
The standard deadline is no later than 30 calendar days after initial detection of facts that may form a basis for filing. If no suspect can be identified within that window, the institution may take up to an additional 30 days (60 total) to identify a suspect, but never longer.
- A BSA officer is drafting record-retention guidance. Under U.S. BSA requirements, how long must a financial institution generally retain a copy of a filed suspicious activity report and its supporting documentation?
- Indefinitely, with no defined minimum
- 3 years from the filing date
- 5 years from the filing date
- 1 year from the filing date
Correct answer: 5 years from the filing date
Five years from the filing date is the required retention period for a SAR copy and the supporting documentation underlying it. This aligns with the broader BSA recordkeeping standard so that records remain available to authorities for investigations.
- Which set of records is a financial institution generally required to retain for at least five years under BSA recordkeeping rules?
- Only marketing and advertising materials
- Customer identification, account, and transaction records
- Only records relating to closed branches
- Only records of transactions under 1,000 dollars
Correct answer: Customer identification, account, and transaction records
Customer identification, account, and transaction records must be retained for at least five years under BSA recordkeeping requirements. Retaining these records ensures that identity and activity information is available to support investigations, examinations, and law enforcement requests.
- The traditional 'four pillars' of a BSA/AML compliance program consist of internal controls, a designated BSA compliance officer, independent testing, and which fourth element?
- Ongoing, risk-based training for appropriate personnel
- Public disclosure of all filed SARs
- Guaranteed elimination of false positives
- Mandatory customer account closures
Correct answer: Ongoing, risk-based training for appropriate personnel
Ongoing training of appropriate personnel is the fourth pillar, joining internal controls, a designated compliance officer, and independent testing. These four longstanding requirements form the backbone of a BSA/AML program.
- After the U.S. Customer Due Diligence rule took effect, many practitioners refer to a 'fifth pillar' of AML compliance. What does this fifth pillar add to the traditional four?
- A requirement to hire an external auditor as compliance officer
- Risk-based customer due diligence, including identifying beneficial owners of legal entity customers
- A prohibition on filing currency transaction reports
- A requirement to publish an annual financial statement
Correct answer: Risk-based customer due diligence, including identifying beneficial owners of legal entity customers
The fifth pillar is risk-based customer due diligence, including identifying and verifying the beneficial owners of legal entity customers. It was added by the FinCEN CDD rule to the original four pillars of internal controls, a compliance officer, independent testing, and training.
- A money services business is designating the individual responsible for coordinating and monitoring day-to-day BSA compliance. Who is this person?
- The chief executive officer in every case
- The BSA compliance officer
- An outside law enforcement liaison
- The institution's external auditor
Correct answer: The BSA compliance officer
The BSA compliance officer is the designated individual responsible for coordinating and monitoring day-to-day BSA/AML compliance. This person must have sufficient authority, resources, and independence, and is one of the program pillars.
- In jurisdictions following FATF and EU terminology, what is the title typically given to the senior individual responsible for overseeing an institution's AML program and the reporting of suspicious activity?
- The relationship manager
- The chief marketing officer
- The external model validator
- The money laundering reporting officer (MLRO)
Correct answer: The money laundering reporting officer (MLRO)
The money laundering reporting officer (MLRO) is the senior person responsible for overseeing the AML program and for receiving internal suspicion reports and filing external suspicious transaction reports with the financial intelligence unit. The role parallels the U.S. BSA compliance officer.
- A compliance officer must explain the core idea of a risk-based approach to AML to new hires. Which statement best captures it?
- Resources and controls are allocated in proportion to identified ML/TF risks
- Only customers in foreign countries are monitored
- Every customer receives the exact same level of due diligence
- The institution avoids all higher-risk customers entirely
Correct answer: Resources and controls are allocated in proportion to identified ML/TF risks
A risk-based approach means identifying, assessing, and mitigating ML/TF risks and allocating controls and resources in proportion to those risks. Higher-risk relationships receive more intensive measures while lower-risk ones may receive simplified measures, rather than a uniform approach.
- What is the fundamental purpose of Know Your Customer (KYC) procedures at account opening?
- To guarantee that every account will be profitable
- To maximize the number of accounts opened each quarter
- To verify a customer's identity and understand the expected nature of their activity
- To avoid having to file any reports later
Correct answer: To verify a customer's identity and understand the expected nature of their activity
KYC verifies a customer's identity and establishes an understanding of the expected nature and purpose of their activity. This baseline lets the institution later detect transactions that deviate from the customer's profile and may signal suspicious activity.
- Which best describes customer due diligence (CDD) as applied at onboarding?
- Performing checks only after a transaction is flagged
- Recording only the customer's name and nothing else
- Relying solely on the customer's verbal assurances
- Collecting and verifying customer identity, understanding the relationship's purpose, and identifying beneficial owners where applicable
Correct answer: Collecting and verifying customer identity, understanding the relationship's purpose, and identifying beneficial owners where applicable
Customer due diligence involves identifying and verifying the customer, understanding the purpose and intended nature of the relationship, and identifying beneficial owners for legal entity customers. It establishes the risk understanding that drives ongoing monitoring.
- A compliance team is comparing standard customer due diligence (CDD) with enhanced due diligence (EDD). Which statement correctly describes the difference?
- CDD is only performed after a SAR is filed
- EDD applies to all customers equally, while CDD applies only to PEPs
- EDD requires less information than CDD
- CDD is the baseline applied to all customers, while EDD adds deeper measures for higher-risk customers
Correct answer: CDD is the baseline applied to all customers, while EDD adds deeper measures for higher-risk customers
Standard CDD is the baseline applied to all customers, while enhanced due diligence layers on deeper measures, such as establishing source of wealth and obtaining senior management approval, for higher-risk customers like PEPs or those in high-risk jurisdictions. EDD is triggered by elevated risk, not applied uniformly.
- Which scenario most clearly calls for enhanced due diligence (EDD) rather than standard measures?
- A foreign senior government official opening a private banking relationship with large, unexplained deposits
- A salaried domestic customer opening a basic savings account
- A small local retailer depositing daily card settlements
- A retiree making routine pension deposits
Correct answer: A foreign senior government official opening a private banking relationship with large, unexplained deposits
A foreign senior government official (a politically exposed person) opening a private banking relationship with large, unexplained deposits warrants enhanced due diligence. EDD here includes establishing source of wealth and funds, senior management approval, and enhanced ongoing monitoring because of the elevated corruption and laundering risk.
- What is the goal of ongoing monitoring within an AML program?
- To increase fees on dormant accounts
- To scrutinize transactions over time to ensure they remain consistent with the customer's profile and risk rating
- To guarantee zero false-positive alerts
- To replace the need for onboarding due diligence
Correct answer: To scrutinize transactions over time to ensure they remain consistent with the customer's profile and risk rating
Ongoing monitoring scrutinizes account activity over the life of the relationship to ensure transactions remain consistent with the customer's known profile, expected behavior, and risk rating. Deviations may indicate suspicious activity and prompt investigation and CDD updates.
- An entity-customer is owned through several intermediary companies. Under AML rules, who is the 'beneficial owner' the institution must identify?
- The largest creditor of the entity
- The natural person(s) who ultimately own or control the legal entity
- The institution's relationship manager
- The entity's external accountant
Correct answer: The natural person(s) who ultimately own or control the legal entity
The beneficial owner is the natural person or persons who ultimately own or control a legal entity, even when ownership runs through intermediary companies. Identifying them prevents criminals from hiding behind opaque corporate structures.
- A bank assigns each new customer a risk rating. Which combination of factors is most appropriate for a customer risk-rating methodology?
- Only the customer's current account balance
- Customer type, geography, products and services used, and delivery channels
- The customer's number of social media followers
- The relationship manager's personal impression alone
Correct answer: Customer type, geography, products and services used, and delivery channels
A sound customer risk rating combines factors such as customer type, geography, products and services used, and delivery channels. Aggregating these factors produces a risk level that determines the appropriate intensity of due diligence and monitoring.
- A correspondent bank is evaluating risk in a cross-border banking relationship. Which feature most increases correspondent banking risk?
- The respondent bank allows undisclosed nested (downstream) relationships for other institutions
- The respondent bank provides regular settlement and activity reporting
- The respondent bank maintains current beneficial ownership records
- The respondent bank undergoes periodic relationship reviews
Correct answer: The respondent bank allows undisclosed nested (downstream) relationships for other institutions
Undisclosed nested or downstream relationships, where a respondent bank quietly provides correspondent services to other institutions, most increase risk because the correspondent loses visibility into the ultimate originators of transactions. This obscures who is actually using the account and is a core correspondent banking concern.
- A regulator asks an institution how it ensures its monitoring system and overall AML program are working effectively, separate from the team that runs them. Which program element addresses this?
- Marketing review
- Independent testing of the AML program
- Customer onboarding scripts
- Daily transaction posting
Correct answer: Independent testing of the AML program
Independent testing is the pillar that provides an objective assessment of the AML program's adequacy and effectiveness. It must be conducted by qualified parties independent of the AML function being tested, such as internal audit or a qualified external firm, and reported to the board or a committee.
- How frequently should an institution generally conduct independent testing of its BSA/AML program, and who should perform it?
- Never, as long as a compliance officer is appointed
- Monthly, by the front-line sales team
- On a risk-based schedule, by parties independent of the AML function, with a commonly cited cadence of every 12 to 18 months
- Only after a SAR is filed, by the customer
Correct answer: On a risk-based schedule, by parties independent of the AML function, with a commonly cited cadence of every 12 to 18 months
Independent testing should occur on a risk-based schedule (a 12-to-18-month cadence is commonly cited) and be carried out by qualified parties independent of the day-to-day AML function. Independence is what makes the testing a credible, objective check on the program.
- What is a primary requirement for AML training under a BSA/AML program?
- Training is optional for front-line staff
- Training is provided on an ongoing, risk-based basis and tailored to employees' roles and responsibilities
- Training is identical for every employee regardless of function
- Training is given only once to the board of directors
Correct answer: Training is provided on an ongoing, risk-based basis and tailored to employees' roles and responsibilities
AML training must be ongoing and risk-based, tailored to the specific roles and responsibilities of different employees so that front-line staff, compliance personnel, and management each receive content relevant to the risks they face. One-time or one-size-fits-all training does not satisfy the pillar.
- A compliance officer drafting a suspicious activity report is told the narrative is the most important part. What is the purpose of a SAR narrative?
- To minimize the detail provided to authorities
- To advertise the institution's services to law enforcement
- To notify the customer that a report has been filed
- To clearly describe the who, what, when, where, why, and how of the suspicious activity so investigators can act on it
Correct answer: To clearly describe the who, what, when, where, why, and how of the suspicious activity so investigators can act on it
The SAR narrative explains the who, what, when, where, why, and how of the suspicious activity in clear, concise terms so that law enforcement can quickly understand and act on the report. A weak narrative reduces the report's usefulness even when the structured fields are complete.
- A new compliance analyst asks what a suspicious activity report (SAR) actually is. Which description is correct?
- A report filed with the financial intelligence unit alerting authorities to activity suspected of involving illicit funds or having no apparent lawful purpose
- A document the customer must sign before transacting
- A routine report of every cash deposit above a threshold
- A public notice posted on the institution's website
Correct answer: A report filed with the financial intelligence unit alerting authorities to activity suspected of involving illicit funds or having no apparent lawful purpose
A suspicious activity report is a confidential filing to the financial intelligence unit (FinCEN in the U.S.) that alerts authorities to activity reasonably suspected of involving illicit funds or lacking an apparent lawful purpose. It is judgment-based, unlike a routine threshold report such as a CTR.
- A compliance team receives a list of names from FinCEN and must search its records for any matches. This describes which process?
- A FinCEN Section 314(b) voluntary information-sharing arrangement between two banks
- An OFAC general license application
- A FinCEN Section 314(a) request from law enforcement
- A routine currency transaction report
Correct answer: A FinCEN Section 314(a) request from law enforcement
A FinCEN Section 314(a) request is the process by which FinCEN, on behalf of law enforcement, sends names of subjects to financial institutions, which must search their records and report any matches. It is distinct from Section 314(b), which is voluntary information sharing between financial institutions.
- Which statement best describes a currency transaction report (CTR)?
- A mandatory report of cash transactions exceeding 10,000 dollars in a single business day
- A confidential report of suspected money laundering
- A voluntary disclosure made only when a customer consents
- A list of sanctioned individuals maintained by OFAC
Correct answer: A mandatory report of cash transactions exceeding 10,000 dollars in a single business day
A currency transaction report is a mandatory filing for cash (currency) transactions that exceed 10,000 dollars in a single business day by or on behalf of one person. Unlike a SAR, it is filed based purely on the amount, not on suspicion.
- A bank applies simplified due diligence to a category of demonstrably low-risk customers. Which approach is consistent with a proper risk-based program?
- Applying simplified measures to all PEPs
- Eliminating all due diligence and monitoring for those customers
- Treating those customers as the highest risk to be safe
- Reducing the extent and timing of measures while still verifying identity and conducting some monitoring
Correct answer: Reducing the extent and timing of measures while still verifying identity and conducting some monitoring
Simplified due diligence reduces the extent or timing of measures for demonstrably lower-risk customers but never eliminates due diligence entirely; identity is still verified and some monitoring continues. Applying simplified measures to PEPs would be improper, since PEPs are inherently higher risk and require enhanced due diligence.
- What is the core function of an AML transaction monitoring system?
- To calculate the interest accrued on customer deposit accounts
- To verify a customer's identity documents at account opening
- To set the institution's enterprise-wide ML/TF risk appetite
- To analyze transactional activity against expected behavior and rules to surface potentially suspicious patterns
Correct answer: To analyze transactional activity against expected behavior and rules to surface potentially suspicious patterns
An AML transaction monitoring system analyzes transactional activity against expected behavior and detection rules to surface potentially suspicious patterns for analyst review. Identity verification belongs to onboarding/CIP, not monitoring, and risk-appetite setting is a governance function rather than a monitoring system's job.
- In AML compliance, what is transaction monitoring?
- The ongoing review of customer transactions to detect activity inconsistent with the customer's profile or known typologies
- The manual reconciliation of the general ledger at period close
- The process of marketing new products to existing customers
- The one-time screening of a customer against sanctions lists at onboarding
Correct answer: The ongoing review of customer transactions to detect activity inconsistent with the customer's profile or known typologies
Transaction monitoring is the ongoing review of customer transactions to detect activity inconsistent with the customer's profile or known money laundering typologies. It is continuous rather than a single onboarding check, which distinguishes it from sanctions screening at account opening.
- A compliance officer is evaluating two transaction monitoring approaches. Which characteristic distinguishes a rules-based monitoring system from a machine-learning-based one?
- Rules-based systems learn new patterns automatically from labeled outcomes without human configuration
- Rules-based systems are prohibited by FATF, while machine-learning systems are mandated
- Rules-based systems apply predefined thresholds and logic set by the institution, while machine-learning systems infer patterns from data
- Rules-based systems never generate alerts, while machine-learning systems always do
Correct answer: Rules-based systems apply predefined thresholds and logic set by the institution, while machine-learning systems infer patterns from data
Rules-based systems apply predefined thresholds and logic configured by the institution, whereas machine-learning systems infer patterns from data and can adapt to new behaviors. Rules-based monitoring does not learn automatically, which is precisely the limitation that ML approaches aim to address.
- An institution's monitoring system generates thousands of alerts daily, the vast majority of which analysts clear as legitimate. What is the most appropriate way to address this high false-positive rate?
- File a SAR on every alert to clear the backlog quickly
- Tune and calibrate the detection thresholds and scenarios so genuine risk is still captured while reducing noise
- Stop investigating any alert that has previously produced false positives
- Disable monitoring rules entirely to reduce the alert volume
Correct answer: Tune and calibrate the detection thresholds and scenarios so genuine risk is still captured while reducing noise
Tuning and calibrating detection thresholds and scenarios reduces noise while preserving the ability to capture genuine risk. Disabling rules or refusing to investigate creates dangerous false negatives, and filing SARs on every alert undermines the value of reporting and is not based on reasonable suspicion.
- What is watchlist screening in an AML program?
- Auditing the institution's marketing campaign performance
- Monitoring the stock-market watchlist for trading opportunities
- Comparing customers, counterparties, and transactions against lists such as sanctions, PEPs, and adverse-media records
- Reviewing the institution's internal employee attendance records
Correct answer: Comparing customers, counterparties, and transactions against lists such as sanctions, PEPs, and adverse-media records
Watchlist screening compares customers, counterparties, and transactions against lists such as sanctions designations, politically exposed persons, and adverse-media records. It is a screening control, distinct from internal HR or investment-watchlist functions that share the word.
- What is name screening in AML?
- Matching customer and counterparty names against sanctions, PEP, and watchlist records to detect risky parties
- Verifying that a customer's signature matches their account record
- Choosing a brand name for a new financial product
- Generating randomized account numbers for new customers
Correct answer: Matching customer and counterparty names against sanctions, PEP, and watchlist records to detect risky parties
Name screening matches customer and counterparty names against sanctions, PEP, and watchlist records to detect parties that present sanctions or financial-crime risk. It relies on matching techniques rather than signature verification or product branding.
- What is sanctions screening designed to accomplish?
- To rank customers by their expected lifetime profitability
- To identify customers, counterparties, or transactions involving sanctioned parties so prohibited dealings can be stopped before processing
- To replace the institution's customer due diligence obligations
- To set the institution's daily foreign-exchange rates
Correct answer: To identify customers, counterparties, or transactions involving sanctioned parties so prohibited dealings can be stopped before processing
Sanctions screening identifies customers, counterparties, or transactions involving sanctioned parties so prohibited dealings can be stopped before processing. It complements rather than replaces customer due diligence, and it has nothing to do with profitability ranking or FX pricing.
- A screening system flags a customer named 'Jon Smyth' as a possible match to a sanctioned 'John Smith.' Which screening technique most directly enables this match despite the differences in spelling?
- Record retention of the customer's prior addresses
- Exact-match logic requiring identical strings
- Threshold tuning of cash-transaction amounts
- Fuzzy matching that scores approximate similarity between names
Correct answer: Fuzzy matching that scores approximate similarity between names
Fuzzy matching scores the approximate similarity between names, allowing 'Jon Smyth' to be flagged against 'John Smith' despite spelling differences. Exact-match logic would miss this because the strings are not identical, which is why fuzzy and phonetic techniques are used in screening.
- Why do screening systems use phonetic and transliteration matching in addition to exact matching?
- To reduce the number of sanctions lists an institution must use
- To guarantee that no false positives are ever generated
- To eliminate the need for any analyst review of alerts
- To catch name variations arising from spelling differences, alphabets, and transliteration that exact matching would miss
Correct answer: To catch name variations arising from spelling differences, alphabets, and transliteration that exact matching would miss
Phonetic and transliteration matching catch name variations arising from spelling differences, different alphabets, and transliteration that exact matching would miss, such as names rendered from non-Latin scripts. These techniques broaden detection but do not eliminate analyst review or guarantee zero false positives.
- What is link analysis in the AML context?
- Linking a customer's mobile number to their email address for marketing
- Verifying that hyperlinks on the institution's website are functioning
- Connecting the institution's branches to a shared phone system
- Visualizing and analyzing relationships among entities, accounts, and transactions to reveal hidden networks
Correct answer: Visualizing and analyzing relationships among entities, accounts, and transactions to reveal hidden networks
Link analysis visualizes and analyzes relationships among entities, accounts, and transactions to reveal hidden networks that single-account review would miss. It is an investigative analytics technique, not a website or telephony function.
- An analyst suspects that several seemingly unrelated accounts are controlled by a single criminal network. Which technology would most directly help reveal these connections?
- An automated email-marketing platform
- Link analysis software that maps relationships across accounts, devices, addresses, and counterparties
- A static sanctions list loaded once per year
- A currency transaction report generator
Correct answer: Link analysis software that maps relationships across accounts, devices, addresses, and counterparties
Link analysis software maps relationships across accounts, devices, addresses, and counterparties, helping reveal a single network behind seemingly unrelated accounts. A CTR generator only produces threshold reports and would not surface relationship structures.
- How does artificial intelligence improve AML transaction monitoring compared with traditional rules alone?
- It can detect complex and emerging behavioral patterns and help prioritize alerts that static rules may miss or over-flag
- It eliminates the institution's obligation to file suspicious activity reports
- It removes the need for any human investigator or governance over the system
- It guarantees the detection of every illicit transaction with no errors
Correct answer: It can detect complex and emerging behavioral patterns and help prioritize alerts that static rules may miss or over-flag
Artificial intelligence can detect complex and emerging behavioral patterns and help prioritize alerts that static rules may miss or over-flag, improving both detection and efficiency. It does not remove human oversight, guarantee perfect detection, or eliminate reporting obligations.
- What role does machine learning typically play in modern AML monitoring?
- It only encrypts customer data and performs no analytical function
- It replaces the compliance officer and the board's oversight responsibilities
- It is prohibited by FATF and all major regulators
- It learns patterns from historical data to score risk, segment behavior, and reduce false positives
Correct answer: It learns patterns from historical data to score risk, segment behavior, and reduce false positives
Machine learning learns patterns from historical data to score risk, segment customer behavior, and reduce false positives, often as a layer on top of or alongside rules. Regulators including FinCEN have encouraged responsible AI/ML use rather than prohibiting it, provided model risk is managed.
- Why is explainability increasingly emphasized when institutions deploy AI or machine learning models in AML?
- Because it lets the institution disclose alerts directly to the customer
- Because regulators and auditors need to understand why a model produced a given alert or decision
- Because explainable models are exempt from model validation requirements
- Because explainability allows institutions to skip documenting their decisions
Correct answer: Because regulators and auditors need to understand why a model produced a given alert or decision
Explainability matters because regulators and auditors need to understand why a model produced a given alert or decision, supporting defensibility and model risk management. Explainable models are still validated and documented, and explainability does not permit tipping off the customer.
- What does RegTech refer to in the anti-financial-crime field?
- Technology solutions that help institutions meet regulatory and compliance obligations more efficiently
- A government agency that registers financial institutions
- A mandatory accounting standard for banks
- A category of sanctioned entities maintained by OFAC
Correct answer: Technology solutions that help institutions meet regulatory and compliance obligations more efficiently
RegTech refers to technology solutions, such as automation, data analytics, AI, and machine learning, that help institutions meet regulatory and compliance obligations more efficiently. It supports functions like CDD, monitoring, screening, and reporting rather than being an agency or a sanctions list.
- An institution wants to verify that its transaction monitoring model performs as intended and is properly calibrated. What process addresses this?
- Adverse media screening
- Sectoral sanctions analysis
- Model validation, which independently tests the model's logic, data inputs, thresholds, and outputs
- Customer identification program review
Correct answer: Model validation, which independently tests the model's logic, data inputs, thresholds, and outputs
Model validation independently tests the model's logic, data inputs, thresholds, and outputs to confirm it works as intended and is properly calibrated. This is a core part of model risk management for monitoring and screening systems, separate from media screening or CIP.
- What is the primary purpose of a case management system in an AML technology stack?
- To centralize alerts, evidence, analyst notes, and decisions so investigations are consistent and auditable
- To market new products to flagged customers
- To set the bank's lending interest rates
- To replace the need for any transaction monitoring
Correct answer: To centralize alerts, evidence, analyst notes, and decisions so investigations are consistent and auditable
A case management system centralizes alerts, evidence, analyst notes, and decisions so investigations are consistent, efficient, and auditable. It supports the investigation workflow rather than performing detection itself or handling unrelated functions like lending or marketing.
- How does entity resolution support more accurate screening and monitoring?
- By converting all transactions into a single currency for reporting
- By consolidating data referring to the same real-world person or organization to reduce duplicate or missed matches
- By deleting customer records that generate alerts
- By randomly assigning customers to risk tiers
Correct answer: By consolidating data referring to the same real-world person or organization to reduce duplicate or missed matches
Entity resolution consolidates data referring to the same real-world person or organization, reducing duplicate alerts and missed matches and improving the precision of screening and monitoring. It clarifies who is who across systems rather than deleting records or converting currencies.
- Blockchain analytics tools are used in AML programs primarily to:
- Trace virtual-asset transactions across public ledgers and attribute flows to wallets, services, or risk categories
- Encrypt customer passwords at login
- Guarantee that virtual-asset transactions are fully anonymous
- Mine new cryptocurrency for the institution's treasury
Correct answer: Trace virtual-asset transactions across public ledgers and attribute flows to wallets, services, or risk categories
Blockchain analytics tools trace virtual-asset transactions across public ledgers and attribute flows to wallets, services, or risk categories such as mixers or sanctioned addresses. They exploit the traceability of many public ledgers rather than making transactions anonymous.
- A virtual-asset service provider needs to comply with the FATF 'travel rule.' Which technology capability is most relevant?
- A tool that anonymizes wallet addresses before transfer
- A marketing analytics dashboard for customer acquisition
- A static annual sanctions list
- A system that transmits required originator and beneficiary information alongside virtual-asset transfers
Correct answer: A system that transmits required originator and beneficiary information alongside virtual-asset transfers
A system that transmits required originator and beneficiary information alongside virtual-asset transfers supports the FATF travel rule, which requires VASPs to share counterparty information. Anonymizing addresses would defeat the rule rather than satisfy it.
- What is perpetual KYC (pKYC) as enabled by RegTech?
- A requirement to close accounts after a fixed number of years
- A method of permanently deleting customer records
- An approach that continuously refreshes customer due diligence using event-driven and ongoing data updates rather than fixed periodic reviews
- A one-time identity check performed only at account opening
Correct answer: An approach that continuously refreshes customer due diligence using event-driven and ongoing data updates rather than fixed periodic reviews
Perpetual KYC continuously refreshes customer due diligence using event-driven and ongoing data updates rather than relying solely on fixed periodic review cycles. It contrasts with traditional one-time or scheduled reviews and is enabled by automation and data integration.
- Robotic process automation (RPA) is most appropriately applied in an AML program to:
- Independently set the institution's risk appetite
- Automate repetitive, rules-based tasks such as data gathering and alert enrichment to free analysts for judgment work
- Make final SAR-filing decisions without human review
- Replace the institution's board of directors
Correct answer: Automate repetitive, rules-based tasks such as data gathering and alert enrichment to free analysts for judgment work
RPA automates repetitive, rules-based tasks such as data gathering and alert enrichment, freeing analysts for the judgment-based work of investigation and decision-making. Final reporting decisions and governance functions still require human and senior oversight.
- When integrating a new vendor screening tool, why must an institution understand the data sources and lists the tool uses?
- Because using a vendor removes all regulatory responsibility from the institution
- Because list coverage, update frequency, and quality directly affect screening effectiveness and gaps
- Because vendors are exempt from any data-quality expectations
- Because the institution can then stop maintaining its own records
Correct answer: Because list coverage, update frequency, and quality directly affect screening effectiveness and gaps
Understanding the data sources and lists a screening tool uses matters because list coverage, update frequency, and quality directly affect screening effectiveness and the risk of gaps. Outsourcing to a vendor does not transfer the institution's regulatory responsibility for effective controls.
- Data quality is foundational to effective monitoring and screening because:
- Poor or incomplete data leads to missed alerts and excess false positives, undermining detection
- Systems can fully compensate for bad data without any impact
- Data quality only affects the institution's marketing function
- Regulators do not consider data quality in examinations
Correct answer: Poor or incomplete data leads to missed alerts and excess false positives, undermining detection
Poor or incomplete data leads to missed alerts (false negatives) and excess false positives, undermining the effectiveness of monitoring and screening. Even sophisticated systems cannot fully compensate for bad input data, and regulators do scrutinize data quality.
- What is the purpose of a 'tuning' or 'below-the-line' testing exercise for a transaction monitoring system?
- To confirm that thresholds are not set so high that genuinely suspicious activity escapes detection
- To delete historical alerts to save storage
- To market the monitoring system to other institutions
- To increase customer fees on flagged accounts
Correct answer: To confirm that thresholds are not set so high that genuinely suspicious activity escapes detection
Below-the-line testing checks activity that fell just under alerting thresholds to confirm that genuinely suspicious activity is not escaping detection because thresholds are set too high. It is a calibration safeguard against false negatives, not a fee or storage exercise.
- An AML team observes that two customers with identical names but different dates of birth and nationalities both alerted against one sanctioned individual. Which capability best reduces such unnecessary alerts while keeping true risk visible?
- Removing the sanctioned individual from the watchlist
- Secondary identifiers and entity resolution that incorporate date of birth, nationality, and other attributes into match scoring
- Filing a SAR on both customers immediately
- Disabling name screening for all customers
Correct answer: Secondary identifiers and entity resolution that incorporate date of birth, nationality, and other attributes into match scoring
Using secondary identifiers and entity resolution, which incorporate date of birth, nationality, and other attributes into match scoring, reduces unnecessary alerts while keeping true matches visible. Disabling screening or removing list entries would create dangerous gaps, and SARs require reasonable suspicion, not a name-only coincidence.
- How can an institution best demonstrate to examiners that its automated monitoring system is effective?
- By proving it has never generated a single alert
- By showing the system was purchased from a well-known vendor
- Through documented model validation, tuning, scenario coverage, and governance over the system
- By keeping the system's logic entirely undocumented
Correct answer: Through documented model validation, tuning, scenario coverage, and governance over the system
Documented model validation, tuning, scenario coverage, and governance over the system demonstrate effectiveness to examiners. The vendor's reputation alone is insufficient, a system that never alerts signals a problem, and undocumented logic undermines defensibility.
- What distinguishes a false negative from a false positive in AML detection?
- A false negative is a legitimate transaction wrongly alerted; a false positive is genuinely suspicious activity that was missed
- A false negative is genuinely suspicious activity that the system failed to detect; a false positive is an alert that turns out not to be suspicious
- There is no difference between the two terms
- A false negative is a SAR that was filed late; a false positive is a SAR filed early
Correct answer: A false negative is genuinely suspicious activity that the system failed to detect; a false positive is an alert that turns out not to be suspicious
A false negative is genuinely suspicious activity that the system failed to detect, while a false positive is an alert that, on review, turns out not to be suspicious. False negatives are the more dangerous error because real risk goes unreported.
- Behavior-based (behavioral analytics) transaction monitoring differs from simple threshold rules in that it:
- Only triggers on cash transactions over a fixed dollar amount
- Models a customer's or peer group's typical behavior and alerts on deviations from that baseline
- Replaces the need for any sanctions screening
- Ignores customer history entirely
Correct answer: Models a customer's or peer group's typical behavior and alerts on deviations from that baseline
Behavior-based monitoring models a customer's or peer group's typical behavior and alerts on deviations from that baseline, catching anomalies that fixed thresholds miss. It uses history rather than ignoring it and is distinct from sanctions screening.
- A compliance officer is asked how AI helps prioritize the alert backlog. Which describes alert scoring (risk scoring) by AI?
- Automatically filing SARs on the lowest-scoring alerts
- Assigning every alert the same priority regardless of risk
- Ranking alerts by estimated risk so analysts can focus first on those most likely to be genuinely suspicious
- Deleting all alerts below a certain score without review
Correct answer: Ranking alerts by estimated risk so analysts can focus first on those most likely to be genuinely suspicious
AI-based alert scoring ranks alerts by estimated risk so analysts can focus first on those most likely to be genuinely suspicious, improving efficiency. It does not auto-file SARs or silently discard alerts; institutions retain documented review and disposition processes.
- Why is human-in-the-loop oversight important when AI or machine learning is used in AML decisions?
- Because regulators require that material decisions, such as filing a SAR, involve human judgment and accountability
- Because AI models are always wrong and should be ignored
- Because human review eliminates the need to validate the model
- Because it allows the institution to disclose alerts to customers
Correct answer: Because regulators require that material decisions, such as filing a SAR, involve human judgment and accountability
Human-in-the-loop oversight matters because regulators expect material decisions, such as filing a SAR, to involve human judgment and accountability rather than fully automated outcomes. It complements, rather than replaces, model validation and never permits tipping off.
- An institution deploys a supervised machine-learning model trained on past alert dispositions. What is a key risk it must manage with this approach?
- The model will automatically update the sanctions lists
- Biased or incomplete training labels can cause the model to perpetuate past errors or miss novel typologies
- Supervised learning is illegal under all AML regimes
- The model cannot process any numerical data
Correct answer: Biased or incomplete training labels can cause the model to perpetuate past errors or miss novel typologies
Biased or incomplete training labels can cause a supervised model to perpetuate past errors or miss novel typologies it was never trained on, which is why training data quality and ongoing validation are critical. Supervised learning is permitted under responsible model risk frameworks.
- What is the role of network or graph analytics in detecting complex laundering schemes?
- To replace the institution's data-retention policy
- To compute the institution's daily net interest margin
- To identify clusters and indirect relationships among many entities and transactions that single-transaction rules cannot see
- To generate currency transaction reports automatically
Correct answer: To identify clusters and indirect relationships among many entities and transactions that single-transaction rules cannot see
Network or graph analytics identifies clusters and indirect relationships among many entities and transactions that single-transaction rules cannot see, exposing layering and mule networks. It is an analytical detection technique, not a reporting or accounting function.
- When evaluating an AML technology solution, why should an institution assess data privacy and data governance implications?
- Because moving and analyzing customer data must comply with privacy laws and protect data integrity and security
- Because data privacy has no relevance to compliance technology
- Because data governance only matters for marketing systems
- Because privacy laws exempt AML systems entirely
Correct answer: Because moving and analyzing customer data must comply with privacy laws and protect data integrity and security
Assessing data privacy and governance matters because moving and analyzing customer data, especially across borders or with third-party vendors, must comply with privacy laws and protect data integrity and security. AML systems are not exempt from these obligations.
- A real-time payment system requires sanctions screening to occur before funds are released. Which screening mode is required?
- Screening performed only after a customer complaint
- Marketing-list screening for cross-sell opportunities
- Real-time (interdiction) screening that checks transactions before settlement
- Annual batch screening performed once per year
Correct answer: Real-time (interdiction) screening that checks transactions before settlement
Real-time interdiction screening checks transactions against sanctions lists before settlement, which is required when funds must not be released to a prohibited party. Annual batch or post-event screening would allow a prohibited payment to complete before detection.
- How does link analysis help reduce false positives in alert handling?
- By grouping related alerts into a single network-level case so analysts review connected activity together rather than in isolation
- By deleting alerts that share a common counterparty
- By automatically closing every alert it touches
- By preventing the system from generating any alerts at all
Correct answer: By grouping related alerts into a single network-level case so analysts review connected activity together rather than in isolation
Link analysis groups related alerts into a single network-level case, letting analysts review connected activity together rather than chasing the same network through many isolated alerts. This improves efficiency and context without silently closing or deleting alerts.
- What is a key limitation an institution must remember about even advanced AI-driven AML tools?
- They remove the institution's obligation to file reports
- They eliminate the need for a risk-based approach
- No tool can guarantee detection of all illicit activity, so human judgment, governance, and continuous improvement remain essential
- They make sanctions lists unnecessary
Correct answer: No tool can guarantee detection of all illicit activity, so human judgment, governance, and continuous improvement remain essential
Even advanced AI-driven tools cannot guarantee detection of all illicit activity, so human judgment, governance, and continuous improvement remain essential. Technology supports the risk-based approach and reporting obligations rather than eliminating them.
- An analyst conducting an AML investigation needs to corroborate a subject's identity and uncover hidden connections using technology. Which combination is most directly suited to this?
- A loan-origination platform and a marketing CRM
- Adverse-media and watchlist screening tools together with link analysis to map relationships
- A static sanctions list reviewed manually once a decade
- Currency exchange-rate feeds and a payroll system
Correct answer: Adverse-media and watchlist screening tools together with link analysis to map relationships
Adverse-media and watchlist screening tools together with link analysis let an investigator corroborate identity, surface negative information, and map hidden relationships. Payroll, loan-origination, and marketing systems are not investigative tools, and a decade-old static list would be unreliable.
- When conducting an AML investigation, why do investigators increasingly rely on integrated data analytics platforms rather than reviewing isolated transaction reports?
- Because isolated reports are prohibited by FATF
- Because integrated platforms automatically notify the subject of the investigation
- Because analytics platforms remove the need to document the investigation
- Because analytics platforms can aggregate customer, transaction, screening, and external data to reveal patterns and relationships a single report cannot show
Correct answer: Because analytics platforms can aggregate customer, transaction, screening, and external data to reveal patterns and relationships a single report cannot show
Integrated data analytics platforms aggregate customer, transaction, screening, and external data to reveal patterns and relationships a single transaction report cannot show, making investigations faster and more complete. They still require documentation and never permit tipping off the subject.