CAMS Certified Anti-Money Laundering Specialist (CAMS7 the 7th edition) Questions and Answers

Before opening for business, a bank must have independent compliance testing to ensure controls are functioning, qualified staff who understand AML/CFT requirements, and documented policies and procedures to guide day-to-day compliance. These are foundational elements of an effective AML/CFT framework.

Countries that are members of the Egmont Group can securely exchange information between their Financial Intelligence Units (FIUs) to support money laundering and terrorist financing investigations, even when the activity involves multiple jurisdictions.

Terms of Reference (ToR) are a fundamental governance document that define how a committee operates, makes decisions, and fulfills its responsibilities. Regulatory guidance and corporate governance best practices emphasize clarity and accountability in committee mandates.

The extent of power and decision-making authority must be clearly defined to ensure members understand what decisions they are authorized to make and where escalation is required. This prevents overlaps or governance gaps.

The composition and structure of the committee, including membership criteria and roles, ensures appropriate expertise and representation. This is essential for effective oversight, particularly in AML/CFT and risk committees.

Delegation of authority outlines how responsibilities may be assigned or escalated, supporting efficient decision-making while maintaining accountability.

Organization charts and company culture statements are not typically core components of a ToR, as they do not define operational authority or governance mechanics.

Under FinCEN Section 314(b), financial institutions are permitted to share information with other financial institutions about suspected money laundering or terrorist financing activities. This collaboration helps identify and report suspicious transactions while complying with legal safeguards and privacy requirements.

This scenario describes the risk assessment element of an anti-financial crime (AFC) compliance program. FATF standards require organizations to regularly assess and reassess their money laundering and terrorist financing risks, particularly when there are material changes to business models, geographic exposure, or regulatory environments.

The MLRO’s review of the company’s expansion into high-risk jurisdictions and identification of vulnerabilities reflects a dynamic and forward-looking risk assessment process. Updating the compliance framework to address identified risks ensures that controls remain proportionate and effective.

Risk assessments form the foundation of the risk-based approach and directly inform decisions on enhanced due diligence, monitoring, governance, and resource allocation. This process is distinct from transaction monitoring, governance arrangements, or training activities, although those elements may be updated as a result of the risk assessment.

B: When a subpoena is received, the institution should first consult with legal counsel to ensure the validity and scope of the subpoena. Compliance with law enforcement requests is mandatory and subject to strict legal obligations. All documentation and responses should be properly recorded.

“A subpoena requires a legal response; consult legal counsel to validate the request and respond as required by law.”

FinCEN 314(b) information-sharing requests are voluntary and can proceed only after fulfilling required legal steps, such as verifying membership in the program and ensuring information-sharing agreements are in place.

CAMS 6th Edition clarifies that “under no circumstances should a customer be notified of a law enforcement inquiry or subpoena.”

Effective oversight of transaction monitoring includes:

Periodic review of client profiles to ensure up-to-date information for high-risk clients (B):“Reviewing and updating customer profiles is essential to ensure that monitoring scenarios are based on current risk data.”(CAMS 6th Edition, Transaction Monitoring and Customer Due Diligence)

Periodic review of transaction monitoring scenarios and productivity to ensure appropriate AML typologies are reflected (D):“Firms should periodically review the parameters and output of transaction monitoring systems to ensure they continue to identify relevant ML/TF risks and typologies.”(CAMS 6th Edition, Monitoring and Surveillance)

Incorrect Options:

A: Cooperation with the legal team is important, but not a core strategy for monitoring governance.

C: SARs filed with FinCEN should not be withdrawn unless new evidence requires it; review should focus on process, not withdrawal.

A (Enhanced due diligence): EDD is a key control at onboarding for high-risk customers, involving deeper scrutiny, additional documentation, and approval layers to address increased ML/TF risk.

“High-risk customers must be subject to enhanced due diligence during onboarding to ensure a thorough understanding of potential ML/TF risks.”(CAMS 6th Edition, CDD/EDD for High-Risk Customers)

The United Nations Security Council (UNSC) is the only body with the legal authority under international law to impose binding sanctions on countries, entities, or individuals.

“The Security Council’s primary function in imposing sanctions is to maintain or restore international peace and security. These sanctions are legally binding on all UN member states.”

(CAMS 6th Edition, Chapter: International Sanctions and Proliferation Financing; United Nations Charter, Article 41)

Incorrect Options:

B: Sanctions may address AML/CFT failings, but the core mandate is international peace/security.

C: The UNSC does not primarily conduct research or impact analysis.

D: The purpose is international peace/security, not only domestic financial stability.

The suspicion increases when the beneficiary is a foreign company whose shareholders and director are other companies, as this can indicate the use of layered corporate structures to obscure the ultimate beneficial owner and conceal illicit fund flows.

For multinational financial institutions, regulatory expectations are clear: institutions must comply with all applicable laws and regulations in each jurisdiction where they operate or where a transaction has regulatory touchpoints.

In this case, the transaction is subject to both U.S. and EU AML/CFT frameworks, including BSA reporting obligations, OFAC sanctions screening, 6AMLD requirements, and EBA supervisory expectations. Selecting only one regulatory regime would expose the institution to compliance failures and enforcement risk.

A dual-compliance approach ensures that reporting, sanctions screening, customer due diligence, and record-keeping obligations are met in both jurisdictions. This approach aligns with FATF principles on cross-border compliance and consolidated supervision.

Deferring to the “most stringent” regime is not sufficient, as different rules may apply to different aspects of the transaction. Therefore, simultaneous compliance is required.

Trust and company service providers (TCSPs) are recognized by FATF as higher-risk gatekeepers due to the nature of services they provide, which can be misused to facilitate money laundering.

The use of nominee directors can obscure beneficial ownership, allowing criminals to hide their involvement behind third parties. This lack of transparency is a significant AML risk.

The sale of ready-made or shelf companies, particularly through offshore intermediaries, enables rapid creation of legal entities with no operating history, which are frequently used in layering schemes.

Additionally, minimal face-to-face interaction—especially in offshore service models—reduces the ability to verify customer identity and intent, increasing impersonation and misuse risks.

TCSPs do not market themselves to criminals and are subject to AML obligations in most jurisdictions, making those options incorrect.

The First Line of Defense (1LoD) consists of customer-facing business units (e.g., relationship managers, front-office staff, and operational teams). Their primary responsibility in financial crime risk management is to implement AML/CFT controls as part of daily operations. This includes Collecting complete customer information.

The First Line of Defense is responsible for conducting Know Your Customer (KYC) and Customer Due Diligence (CDD) during onboarding and throughout the customer relationship. Ensuring that all relevant customer details (e.g., identity, business purpose, ownership structure) are accurately collected and documented is crucial for mitigating financial crime risks.

AML/CFT frameworks worldwide require firms to apply a risk-based approach (RBA) to customer due diligence. Under FATF standards, the risk profile of the customer is the primary factor that determines how frequently CDD information should be refreshed.

Higher-risk customers—such as politically exposed persons (PEPs), customers operating in high-risk jurisdictions, or those with complex ownership structures—require more frequent reviews and updates to ensure information remains accurate and risks are appropriately mitigated. Lower-risk customers may be subject to less frequent refresh cycles.

Operational burden, cost, or automation capabilities are not valid drivers for determining CDD refresh frequency. Regulators expect firms to design processes that align with risk, even if this requires additional resources or system enhancements.

Therefore, customer risk profile is the foremost and decisive consideration when setting periodic CDD refresh timelines.

A core requirement of applying a risk-based approach (RBA) in customer due diligence for legal entity clients is the identification and verification of beneficial ownership. FATF standards require financial institutions to take reasonable measures to identify and verify the identity of the natural persons who ultimately own or control a legal entity.

Understanding beneficial ownership is critical because complex corporate structures can be misused to conceal illicit ownership, launder money, or evade sanctions. The depth of verification required depends on the assessed risk level of the customer, with higher-risk entities requiring enhanced due diligence.

Information such as market competition or profitability is not relevant to AML/CFT risk assessment. While open-source information may support due diligence, relying solely on internet or social media sources is insufficient and inconsistent with regulatory expectations.

Therefore, verifying beneficial ownership is the most essential and regulator-mandated CDD measure under a risk-based approach.

OFAC sanctions are a key element of the U.S. AML/CFT framework. According to the CAMS 6th Edition and OFAC regulations:

Blocked funds must be placed into an interest-bearing account on a financial institution's books (B):“Blocked property must be held in a separate interest-bearing account on the books of the U.S. financial institution.”(CAMS 6th Edition, Sanctions Compliance; OFAC FAQs)

Sanctions can be either comprehensive or selective using the blocking of assets and trade restrictions (C):“OFAC administers both comprehensive and targeted (selective) sanctions programs to fulfill U.S. foreign policy and national security goals.”(CAMS 6th Edition, Sanctions Compliance)

Incorrect Options:

A: OFAC can sanction entities, vessels, and organizations—not just individuals or those in foreign countries.

D: There is no automatic expiration of OFAC sanctions after five years.

Tax evasion is the deliberate and illegal act of not paying taxes that are legally owed. It is a criminal offense that can have serious consequences, including penalties, fines, and imprisonment.

A robust transaction monitoring system is a core component of an effective Anti-Money Laundering (AML) and Counter-Financial Crime (AFC) program. Regulatory guidance from FATF and national supervisors emphasizes that the primary purpose of transaction monitoring systems is to detect unusual or suspicious activity by analyzing customer transactions and identifying anomalies or patterns that may indicate money laundering, terrorist financing, or other financial crimes.

These systems use predefined rules, thresholds, and increasingly advanced analytics to monitor transactions in real time or retrospectively. Alerts generated by the system are reviewed by compliance professionals, who determine whether further investigation or reporting is required.

While transaction monitoring systems may support the preparation of regulatory reports, such as SARs or CTRs, the actual filing of these reports typically requires human review and approval and is not the defining capability of the monitoring system itself. Features such as automatic document translation or integration of social media profiles are not considered core or necessary functions under AML regulatory expectations.

Therefore, the essential capability of a robust transaction monitoring system is its ability to monitor transactions and detect anomalies indicative of suspicious activity.

The second line of defense is responsible for compliance functions, including interpreting new AML regulations and updating policies, procedures, and training programs. This ensures that client-facing staff, such as relationship managers, remain informed and aligned with regulatory expectations.

Regulatory reports—such as those published by FATF, FIUs, and supervisory authorities—provide valuable insights into emerging money laundering and terrorist financing risks.

A crucial step is systematically integrating identified risks into the institution’s internal risk assessment. This ensures that the organization’s understanding of threats remains current and aligned with regulatory expectations.

Another key action is building or enhancing transaction monitoring scenarios based on the typologies and red flags described in regulatory reports. This directly improves detection effectiveness and responsiveness to evolving threats.

While internal benchmarking and peer comparison may be useful, they are not substitutes for directly updating risk assessments and monitoring logic based on regulatory intelligence.

In situations involving significant AML concerns, especially with high-risk clients, thecompliance officer must follow proper escalation procedureswithin the institution. The appropriate course of action is toescalate the matter to a senior governance body, such as ahigh-risk client committee, which is typically tasked with balancing AML risk against business considerations.

Unilateral offboarding (Option B)may violate internal protocols.

Persuading the relationship manager (Option C)bypasses formal governance.

Delaying action (Option D)risks further exposure to regulatory or reputational damage.

This escalation ensuresdocumented risk-based decision-makingand demonstrates to regulators that the institution appliesstructured and objective AML governance.

Conducting a periodic enterprise-wide risk assessment (EWRA) is the most effective approach to identifying, assessing, and mitigating financial crime risks. It ensures all inherent risks across areas like AML, CFT, sanctions, fraud, ABC, and tax evasion are evaluated, existing controls are assessed, and residual risks are identified. This comprehensive view enables a cohesive and proactive risk management strategy aligned with regulatory expectations.

Criminals may target accountants because they have the capability to create and structure companies, falsify accounts, and manipulate financial statements, which can be exploited to disguise illicit funds and facilitate money laundering.

A Financial Intelligence Unit (FIU) functions as the central hub for receiving and analyzing suspicious activity reports and can obtain additional information from reporting entities to support law enforcement in investigating and combating financial crimes.

Money laundering typically occurs in three stages: placement, layering, and integration. The placement stage involves introducing illicit funds into the financial system.

In the real estate sector, using cash to purchase property is a classic placement method. Cash payments allow criminals to inject large amounts of illicit proceeds directly into high-value assets, often bypassing traditional banking scrutiny.

Using trusts to transfer ownership and rapidly reselling property are more commonly associated with layering or integration, where ownership and transaction complexity is used to disguise the origin of funds. Paying routine invoices via online banking is consistent with legitimate business activity and does not represent placement.

Therefore, cash purchases of property most directly align with the placement stage of money laundering.

Beneficial ownership registers maintained by the country of incorporation are the most reliable external source for verifying beneficial ownership during onboarding, as they are official records mandated by law and typically subject to regulatory oversight.

A: FIs should ensure they have a general understanding of virtual assets and VASP operations to assess risks accurately.

C: Enhanced KYC measures are recommended for VASPs due to their higher ML/TF risk profile.

“FIs must understand the business model and risk of VASPs and apply enhanced due diligence as required by FATF and regulatory guidance.”(CAMS 6th Edition, Virtual Assets and VASPs; FATF Guidance)

Incorrect:

B: While monitoring transactions is important, it’s not a primary initial consideration for onboarding.

D: The FI’s own holdings are not relevant to due diligence on VASPs.

The most effective way to reduce irrelevant results in AI/ML-driven adverse media screening is to fine-tune the models to prioritize high-risk keywords and reliable sources. This improves precision by filtering out noise and directing focus toward content that is more likely to indicate financial crime risk.

One of the central pillars of the EU AML Package adopted in June 2024 is theEU AML Regulation. This regulation introduces directly applicable AML/CFT rules across all EU member states, replacing the previous approach where AML directives were transposed into national laws. This shift addresses regulatory fragmentation and strengthens enforcement across borders.

The complete AML Package includes the following four pillars:

EU AML Regulation (directly applicable rulebook)

6th AML Directive (not the 7th)

Establishment of a new EU Anti-Money Laundering Authority (AMLA)

Revised Transfer of Funds Regulation, especially concerning crypto-asset service providers

The EU AML Regulation aims to unify and streamline the application of AML/CFT measures across the EU, ensuring a consistent and effective framework.

Modern KYC solutions help reduce identity theft, provide reliable customer authentication to build trust, and shorten authentication times, enhancing both security and efficiency in customer onboarding and ongoing due diligence processes.

As part of a risk-based approach, the bank should apply tailored due diligence measures based on the assessed risk level of each customer. This ensures resources are focused where they are most needed, rather than applying uniform enhanced measures to all customers, which can be inefficient and unnecessary.

Once a risk appetite and Risk Appetite Statement (RAS) are established, organizations must ensure they are understood, embedded, and actively monitored. Regulatory guidance emphasizes that a risk appetite is effective only if it influences daily decision-making.

Providing training to staff ensures employees understand risk boundaries and how their actions align with the organization’s risk tolerance. Embedding risk appetite into processes and governance, such as approvals, escalation thresholds, and performance management, ensures it is operationalized rather than theoretical.

Finally, integrating breaches or misalignment with risk appetite into internal reporting allows senior management to monitor adherence and take corrective action when necessary.

Training managers on “good” risk-taking may be useful culturally but is not a core regulatory expectation. Merely describing controls does not ensure awareness or behavioral alignment.

Virtual Asset Service Providers (VASPs) are considered higher-risk customers due to their exposure to anonymity, speed, and cross-border transactions. FATF guidance highlights several red flags indicative of potential money laundering activity.

The use of shell companies to move funds into and out of a VASP is a strong indicator of attempts to conceal beneficial ownership and obscure transaction flows. Similarly, frequent use of mixers and tumblers is a well-recognized technique used to break transaction trails and hinder blockchain tracing.

Receiving funds from jurisdictions with weak AML frameworks significantly increases geographic risk, particularly when combined with other red flags.

By contrast, peer-to-peer infrastructure use and market volatility are inherent features of the virtual asset ecosystem and do not, on their own, indicate money laundering.

Artificial intelligence and machine learning technologies support the risk-based approach (RBA) to AML compliance by enhancing an institution’s ability to identify, assess, and prioritize financial crime risks. Regulatory guidance emphasizes that these technologies should augment—not replace—human judgment.

One key benefit is advanced customer risk assessment. AI and ML can synthesize large volumes of customer data, including background information, transaction behavior, and external risk indicators, allowing institutions to develop more accurate and dynamic risk profiles.

AI and ML also enable the identification of complex networks among seemingly unrelated clients. Through network analytics and pattern recognition, these tools can uncover hidden relationships used in layering and structuring activities.

Additionally, AI-driven systems excel at detecting complex money laundering patterns within transaction data that may not trigger traditional rule-based alerts, improving effectiveness and efficiency.

Automatically generating SARs or adapting thresholds without human oversight is inconsistent with regulatory expectations. Human review and governance remain essential components of AML compliance.

Money laundering corrodes financial-system integrity, eroding investor confidence and impeding sustainable economic growth.

Illicit funds entering legitimate economies can finance terrorism and organized crime, skew resource allocation, and stifle development.

In a mutual evaluation, a country must demonstrate to the FATF that it has an effective framework to protect its financial system from abuse. This process assesses both technical compliance with FATF Recommendations and the effectiveness of the country's AML/CFT measures.

Cryptocurrencies and convertible virtual currencies present several well-documented money laundering and terrorist financing risks, as identified in FATF guidance and national AML frameworks. These risks largely stem from the pseudonymous nature, speed, and borderless design of virtual asset transactions.

One key risk is the ability to obscure the source of illicit funds. Criminals can move value through wallets and exchanges in ways that make tracing the origin of funds more difficult, particularly when using privacy-enhancing technologies or poorly regulated platforms.

Another significant risk is the facilitation of payments for illicit goods and activities, including drugs, cybercrime services, ransomware, and sanctions evasion. Virtual currencies can be used to settle transactions outside the traditional financial system.

Additionally, criminals frequently engage in layering transactions, rapidly transferring funds across multiple wallets, platforms, or blockchains to hide the origin of illicit proceeds.

Difficulty converting into physical currency is not a recognized AML risk, as most convertible virtual currencies can be exchanged through regulated platforms. Theft of funds is a cybersecurity concern but is not itself a core AML risk indicator.

The vulnerability of insurance products to money laundering is typically assessed based on purpose and intended use, liquidity (how easily funds can be accessed or moved), and customer anonymity or use of third-party transactions, as these factors can be exploited to disguise illicit funds.

Accounting can help detect irregular financial patterns, technology solutions and IT security provide systems for monitoring and data protection, and fraud risk management identifies and mitigates suspicious activities - all of which are essential to supporting AML and sanctions compliance programs.

The combination of frequent address changes and a recent change in the ultimate beneficial owner raises potential red flags that warrant immediate investigation. To mitigate risk, the insurance company should investigate these changes and temporarily decline any payment or withdrawal instructions until the review is complete and appropriate steps are agreed upon. This ensures both regulatory compliance and protection against potential misuse of the policy.

When setting a fuzzy matching threshold for sanctions screening, it is crucial to consider the reliability and accuracy of the data being screened. High-quality, verified data supports more effective matching and reduces both false positives and the risk of missing true matches.

Customer onboarding is a critical AML/CFT process that must balance regulatory compliance with customer experience. Excessive friction can lead to customer dissatisfaction and abandonment.

Implementing internal or external tools—such as digital onboarding platforms, document collection tools, and workflow automation—can significantly streamline information gathering and reduce delays while maintaining compliance standards.

Additionally, consistent training of all employees involved in onboarding ensures that information requests are clear, consistent, and proportionate. Well-trained staff reduce rework, confusion, and unnecessary follow-ups, improving customer trust and efficiency.

Restricting decision-making to managers can slow processes, and delaying updates to processes reduces adaptability to evolving risks and regulatory expectations.

AML/CFT guidance from FATF emphasizes that overly complex ownership structures are a key red flag when they appear unnecessary for legitimate business purposes and may be designed to obscure beneficial ownership.

A privately held company owned by two individuals whose interests are held through multiple layers of trusts and foundations represents an unnecessarily complex structure. Trusts and foundations are frequently identified in AML typologies as vehicles that can be misused to conceal the true beneficial owners, especially when layered without clear commercial rationale. This complexity increases the risk of money laundering and necessitates enhanced due diligence.

By contrast, a trust with two co-trustees, including the grantor and a professional service provider, is common and not inherently complex. Similarly, family-owned businesses with many shareholders may be complex but are not automatically deemed “overly complex” if ownership is transparent. Multinational banks with layered ownership tied to a publicly traded holding company are also common and subject to regulatory oversight.

Therefore, the use of multiple trusts and foundations without clear justification is the clearest indicator of an overly complex ownership structure.

Trust and company service providers (TCSPs) are classified as higher-risk entities under FATF guidance due to their role in forming and managing legal structures. As a result, TCSPs must implement robust AML controls to mitigate misuse for money laundering.

A key requirement is gathering and recording detailed client information, including the purpose of the legal entity and the identity of managers and ultimate beneficial owners (UBOs). This supports effective customer due diligence and transparency.

TCSPs must also apply additional safeguards when relying on instructions from another TCSP, particularly one located in a different jurisdiction. Reliance on intermediaries increases risk and requires enhanced scrutiny.

Additionally, TCSPs should document the basis on which they act as a registered officer and retain records of their involvement. This ensures accountability and traceability in line with record-keeping obligations.

Requiring clients to submit AML self-assessments to an FIU and conducting onsite evaluations are not standard or required practices under AML frameworks.

Understanding the source and origin of assets (C):According to the CAMS 6th Edition (Chapter: Customer Due Diligence and Enhanced Due Diligence) and the EU 4th & 5th AML Directives, regulated entities are required to take adequate measures to understand the source of funds and the origin of assets of their customers, especially when there are higher risk factors such as large transactions or PEPs.“Firms must identify the source and origin of assets to ensure they are not the proceeds of crime or corruption, particularly for higher-risk customers.”(CAMS 6th Edition, CDD/EDD Requirements; EU Directive 2015/849, Article 20)

Performing negative news checks of prospective customers (D):Adverse media screening is an essential part of the onboarding process for identifying potential risks related to money laundering, terrorist financing, or reputational harm.“Negative news or adverse media checks form a vital component of the due diligence process, helping organizations detect links to criminal or suspicious activities.”(CAMS 6th Edition, CDD/EDD Requirements)

Incorrect Options:

A: Onboarding interviews may be part of EDD, but are not a standard or required AML control.

B: PEPs are not to be automatically rejected; instead, enhanced due diligence should be applied.

E: Producing financial stability reports is not an AML control, but may be relevant for credit or investment assessment.

AI-powered dashboards summarizing flagged transactions are the most effective feature for improving investigator efficiency, as they consolidate and present relevant data from multiple sources in a structured, actionable format - reducing time spent on manual data gathering and enabling quicker decision-making.

Key challenges in adopting new AML/CFT technologies are:

A: Data privacy—new tech often requires processing more personal data, raising privacy/regulatory concerns.

C: The Travel Rule—meeting global standards for information sharing in payments is a technology challenge.

D: Data quality—effective systems rely on accurate, comprehensive, timely data.

E: Complexity—integrating and managing new technology can increase operational complexity.(CAMS 6th Edition, Technology in AML/CFT; FATF Guidance on Digital ID and Fintech)

The Office of Foreign Assets Control (OFAC), part of the U.S. Department of the Treasury, is responsible for theadministration and enforcement of economic and trade sanctions. These sanctions are based on U.S. foreign policy and national security objectives and target:

Foreign countries and regimes

Terrorist organizations

Narcotics traffickers

Individuals and entities engaged in activities related to the proliferation of weapons of mass destruction

OFAC acts under various authorities, including national emergency powers granted by the President and specific legislation. One of its primary tools is theSpecially Designated Nationals(SDN) List, which identifies individuals and entities whose assets are blocked and with whom U.S. persons are generally prohibited from dealing.

It is important to note that OFAC is not responsible for designating jurisdictions as primary money laundering concerns (a task handled by FinCEN under Section 311 of the USA PATRIOT Act), nor does it manage trade agreements.

The risk-based approach (RBA) is a foundational principle of FATF standards. It requires countries, regulators, and financial institutions to identify, assess, and understand their money laundering and terrorist financing risks.

Once risks are understood, entities must apply proportionate mitigation measures. Higher risks require stronger controls, while lower risks may justify simplified measures. However, no risk is ignored or exempted from mitigation.

Regulators do not expect all residual risks to be reduced to low; rather, risks must be managed within an acceptable risk appetite. Resource allocation under an RBA prioritizes AML/CFT activities, not unrelated tasks.

Therefore, the correct definition of an RBA focuses on understanding and managing risk proportionately.

A risk-based approach is central to AML/CFT programs and includes:

A: Creating detailed risk profiles for customers based on their behaviors and connections.

C: Applying controls that are tailored to the actual risk (not a one-size-fits-all approach).

D: Performing a thorough risk assessment, considering customer, transaction, and geographic factors.

“A risk-based approach involves risk profiling, tailored controls, and comprehensive risk assessment across key risk factors.”

(CAMS 6th Edition, Risk-Based Approach and Risk Assessment)

Incorrect:

B: Monitoring only flagged customers is not sufficient.

E: Equal allocation of resources ignores differing risk levels.

When reviewing business operations of a Money Services Business (MSB), it is critical to identify behaviors that indicate potential money laundering activity. TheCAMS Study Guide – 6th Editionoutlines severalred flagscommonly associated with MSBs.

Option Ais correct:

A customer beinghesitant to provide beneficiary information, such as the name or address, is a red flag. It may indicate attempts to hide the true purpose or recipient of the funds and could suggeststructuring or layering activity.

Option Dis correct:

A customer usingmultiple accounts under different namesto conduct transactions is a strong red flag. This could indicate efforts toobscure ownership, avoid detection, or conductsuspicious structuringbehavior to stay below reporting thresholds.

Option Bis incorrect:

While large cash deposits from cash-intensive businesses may require further review, they are not inherently suspicious unlessinconsistent with the nature of the business or transaction volume.

Option Cis incorrect:

Currency exchanges under the reporting threshold, even from high-risk jurisdictions, are not in themselves red flags unless they show a pattern ofstructuringor are part oflarger suspicious behavior.

Option Eis incorrect:

Frequent small-dollar transfers to a native country may benormal remittance behaviorand only become suspicious if tied to additional indicators such asstructuring or third-party involvement.

Effective sanctions screening depends heavily on strong list management governance, as emphasized in sanctions compliance guidance from regulators such as OFAC and FATF.

First, restricting list modification to authorized individuals is critical. This ensures proper governance, auditability, and control over updates, reducing the risk of errors, unauthorized changes, or manipulation of screening outcomes.

Second, sanctions and watchlists may be sourced internally or from reputable third-party vendors. Many financial institutions supplement regulatory lists with internal watchlists, law enforcement requests, or commercially curated databases to enhance detection capabilities. This flexibility supports a risk-based approach.

Using only regulatory lists may be insufficient for identifying broader sanctions evasion risks, while applying all lists in all jurisdictions may lead to legal conflicts and over-screening. Institutions must tailor list usage based on jurisdictional applicability and legal requirements.

Together, controlled access and flexible list sourcing form the foundation of effective sanctions list management.

Conceptual soundness validation is a foundational element of AML model governance and is emphasized in regulatory guidance on model risk management. It focuses on whether the design, logic, assumptions, and methodology of a model are appropriate for its intended purpose.

Validating conceptual soundness ensures that the model’s underlying framework makes sense for identifying money laundering and terrorist financing risks. This includes evaluating scenario logic, risk factors, thresholds, segmentation, and assumptions used in detection.

Statistical validation and performance testing are separate steps that assess outcomes and predictive power, while technology compatibility relates to system implementation rather than conceptual design. Alignment with regulatory guidance is important, but it is not the core objective of conceptual soundness testing.

Regulators expect institutions to demonstrate that their AML models are fit for purpose before relying on them operationally.

A National Risk Assessment (NRA) provides valuable guidance on which customers, products, services, and transactions pose the highest risk for money laundering and terrorist financing, enabling financial institutions to tailor their risk-based approach and allocate resources more effectively.

Among insurance products, group insurance products are generally considered the lowest risk for money laundering, according to FATF and insurance-sector AML guidance.

Group insurance policies are typically employer-sponsored, cover a large number of individuals, and involve limited individual control over premium payments, beneficiaries, or payouts. These characteristics significantly reduce the opportunity for misuse as a money laundering vehicle.

By contrast, permanent life insurance policies and annuities often include investment components, cash surrender values, or flexible premium structures, which increase their attractiveness for laundering illicit funds. Cash-secured products may also present placement or layering risks depending on structure and liquidity.

Therefore, group insurance products pose the lowest inherent AML risk.

Accountants are classified as designated non-financial businesses and professions (DNFBPs) under FATF standards and must apply a risk-based approach to AML/CFT compliance.

A customer acceptance policy is a key tool that helps accountants define which clients or engagements fall outside their risk appetite. This supports consistent onboarding decisions and ensures high-risk clients are either subject to enhanced due diligence or declined.

Additionally, due to the nature of accounting services—such as advisory, tax preparation, and financial reporting—traditional automated transaction monitoring systems used by banks are often not appropriate. Instead, accountants rely more heavily on engagement-based risk assessments, client profiling, and professional judgment.

Accountants are subject to record-keeping requirements longer than two years in most jurisdictions, and geographic risk is always relevant when assessing AML/CFT exposure. Risk assessments must be comprehensive and proportionate, not artificially limited.

D: NGOs play an important role in raising awareness about money laundering, lobbying for strong AML/CFT laws, and educating the public and stakeholders about the risks and consequences.

“NGOs help combat money laundering primarily through advocacy, education, and raising public and industry awareness.”(CAMS 6th Edition, Role of NGOs in AML/CFT)

The United Nations Security Council (UNSC) has evolved its sanctions framework to minimize unintended humanitarian consequences. In line with international best practice, the UNSC increasingly relies on targeted sanctions, also known as “smart sanctions,” rather than broad-based measures.

Targeted sanctions are designed to focus specifically on individuals, entities, or activities responsible for threats to international peace and security. These measures may include asset freezes, travel bans, and arms embargoes directed at specific actors. By narrowing the scope, targeted sanctions aim to reduce the negative impact on innocent civilian populations and legitimate economic activity.

In contrast, comprehensive sanctions apply to entire countries or sectors and often result in significant humanitarian and economic harm. The term “comprehensive targeted sanctions” is not a recognized sanctions category.

Therefore, targeted sanctions are the preferred UNSC tool when the objective is to minimize adverse effects on civilians while maintaining pressure on responsible parties.

An adequate organizational policy must be up to date with all relevant regulatory developments to remain compliant, and it must be clearly communicated and understood by staff to ensure proper implementation and adherence.

FATF standards require organizations to adopt a risk-based approach (RBA) that is informed by both internal risk factors and national and sectoral risk assessments. These assessments provide critical insight into prevalent money laundering and terrorist financing threats within specific jurisdictions and industries.

Organizations should integrate relevant findings from these assessments into their internal risk assessments to ensure that policies, controls, and monitoring systems are aligned with identified risks. This enables institutions to tailor enhanced due diligence (EDD) measures and allocate compliance resources effectively.

Ignoring national or sectoral assessments would weaken the organization’s ability to respond to known threats and would be inconsistent with regulatory expectations. These assessments are not limited to worst-case scenarios nor intended solely for regulators; they are a foundational input for private-sector AML programs.

Financial Intelligence Units (FIUs) play a central role in national and international AML/CFT frameworks. According to FATF standards, FIUs are responsible for the receipt, analysis, and dissemination of financial intelligence related to suspected money laundering, terrorist financing, and predicate offenses.

One core function of an FIU is receiving and analyzing SARs submitted by financial institutions and other obliged entities. Through analysis of reported information, FIUs identify suspicious patterns, trends, and networks that may indicate financial crime.

Another key function is disseminating intelligence and typologies to competent authorities and, where appropriate, to the private sector. This includes sharing insights on emerging risks, new money laundering methods, and evolving threat trends, which enhances system-wide financial integrity.

FIUs do not design financial products for institutions, nor do they supervise AML programs—that responsibility lies with AML supervisory authorities. Their role is intelligence-focused rather than regulatory or commercial.

Weak KYC policies and procedures represent a broader and more systemic risk specific to casinos and gambling. Without strong KYC, it becomes easier for individuals to engage in money laundering by exploiting anonymity and lack of oversight, regardless of transaction size or method.

A primary objective of public sector groups in combating money laundering is to establish and enforce legal and regulatory frameworks that enable the detection, prevention, and punishment of money laundering and related financial crimes, ensuring the integrity of the financial system.

D: “Cooperation and coordination between regulatory authorities, law enforcement agencies, and FIUs are essential for effective AML investigations, especially in cross-border cases. This is often accomplished through formal agreements, MOUs, and information-sharing mechanisms.”(CAMS 6th Edition, International Cooperation in AML/CFT; FATF Recommendations 36-40)

Predicate offenses are crimes that generate proceeds which may subsequently be laundered. FATF standards and national AML laws define a wide range of serious crimes as predicate offenses.

Bribery and corruption are among the most common predicate offenses, often involving large illicit payments that require laundering to disguise their origin. Fraud, including financial, consumer, and corporate fraud, is another primary source of illicit proceeds and is universally recognized as a predicate offense.

Organized crime and racketeering encompass coordinated criminal activities designed to generate ongoing illegal income, making them central predicate offenses under AML frameworks.

While arson may be considered a serious crime in some jurisdictions, and assault is generally not associated with financial gain, AML regimes focus primarily on crimes that generate substantial proceeds. Therefore, bribery, fraud, and organized crime are the most consistently recognized predicate offenses across jurisdictions.

Independent testing is critical for the third line of defense to provide unbiased and effective oversight, ensuring that reviews and audits are objective and free from influence by the first or second lines of defense.

Specialized AML training must be relevant to the specific risks the corporate banking team faces, including legal/regulatory expectations and the ML/TF typologies applicable to their products and customer base.

Applicable AML laws and regulations (B):“Staff must be aware of the applicable AML/CFT laws and regulatory requirements relevant to their business area.”(CAMS 6th Edition, Chapter: AML Training and Awareness)

Money laundering typologies applicable to corporate loans (D):“Training should include typologies and red flags that are most relevant to the risks present in the specific business line, such as corporate lending.”(CAMS 6th Edition, AML Training for High-Risk Departments)

Incorrect Options:

A: Monetary instrument reporting is more relevant to retail/branch banking.

C: Regulatory exam best practices are for compliance teams, not business-line relationship managers.

Explainable artificial intelligence (AI) and machine learning (ML) technologies are increasingly adopted within AML/CFT compliance to enhance effectiveness while maintaining regulatory transparency. Regulators emphasize that explainability and human oversight are essential when using advanced analytics.

One key benefit is the ability to process and analyze large volumes of data quickly and accurately. AML programs must review massive transaction datasets, customer profiles, and behavioral patterns. AI and ML models improve detection capabilities by identifying complex patterns and anomalies that may not be evident through traditional rule-based systems.

Another critical benefit of explainable AI is improved auditability, accountability, and governance. Explainable models allow compliance teams, auditors, and regulators to understand how decisions are made, why alerts are generated, and how risks are assessed. This transparency supports regulatory compliance and model governance requirements.

AI systems are not intended to replace human involvement or eliminate compliance staff. Human judgment remains essential for investigations, decision-making, and regulatory reporting.

A risk appetite statement clearly defines the level and type of financial crime risk a financial institution is willing to accept in pursuit of its objectives. It guides decision-making and ensures consistency in risk-taking across the organization.

The CAMS 6th Edition specifically lists environmental crime as a predicate offense for money laundering. Environmental crimes include activities such as illegal logging, illegal mining, and illegal trade in wildlife.

“Environmental crime, including illegal logging and mining, is recognized as a predicate offense to money laundering. Such crimes often involve complex corporate structures to hide the illicit origin of the proceeds.”

(CAMS 6th Edition, Chapter: Risks and Methods of Money Laundering and Terrorist Financing; FATF Recommendations, Predicate Offenses)

Incorrect Options:

A: Trade-based ML refers to manipulating trade transactions, not the underlying crime.

B: Corruption may be involved, but the primary crime is environmental.

C: Illicit resource trade describes the act, but the official predicate crime category is environmental crime.

Trade finance red flags include account activity inconsistent with the account's stated purpose, unnecessarily complex transaction structures, poorly worded or foreign-language trade documents that may obscure details, and invoices with prices significantly above market value, which can indicate trade-based money laundering or fraud.

The Basel Committee on Banking Supervision (BCBS) requires that the board of directors establish and oversee the compliance function and approve the bank's AML/CTF compliance policies and procedures, including processes for identifying, assessing, monitoring, and reporting compliance risks.

“The board of directors should establish a compliance function and approve compliance policies and processes for identifying, assessing, monitoring, and reporting compliance risks throughout the organization.”

(CAMS 6th Edition, Corporate Governance and Oversight; BCBS, Corporate Governance Principles for Banks, Principle 6)

Public-private partnerships help develop a culture of compliance across sectors and improve the quality and quantity of data through information sharing, enhancing the collective ability to detect and prevent financial crime.

Effective AML programs promote aculture of compliance, which includes an environment where staff are empowered to raise concerns, challenge decisions, and continuously improve through cross-functional learning.Providing effective challengeis a supervisory expectation and best practice in institutions that value AML governance integrity.

While AML officer authority (option B) supports oversight, it is not as impactful on daily operational effectiveness as fostering a challenging and adaptive compliance culture.

In anEnterprise-Wide Risk Assessment (EWRA),residual riskis the level of risk that remains after applying mitigating controls to theinherent risk(the risk present before controls are applied).

In this scenario, theinherent risk is highdue to the nature of private banking—high net worth clients,cross-border transactions,complex ownership structures, andhigh-value financial products. However, the institution has implementedrobust CDD and EDD, as well asadvanced transaction monitoring systems.

According to the CAMS Study Guide – 6th Edition, wheneffective and properly implemented controlsare in place, they cansignificantly reducethe residual risk—even in high-risk business areas like private banking. However, no control framework caneliminate all riskentirely.

Option Ais correct: Controls can significantly reduce the residual risk when strong, effective systems and procedures are in place.

Option Bis partially true but suggests inadequacy, which is not indicated here.

Option Cincorrectly assumes residual risk cannot be lowered even with controls.

Option Dis incorrect because residual riskcannot be eliminated entirely.

Law firms are classified as gatekeepers under FATF standards when they provide services such as company formation, trust creation, or management of client funds. These services can be misused to facilitate money laundering if proper due diligence is not conducted.

In this scenario, the law firm is establishing complex offshore structures with minimal documentation of source of funds and without questioning suspicious activity. This behavior directly enables the concealment of beneficial ownership and the layering of illicit proceeds, both core money laundering techniques.

Failing to apply scrutiny or report suspicious activity allows criminals to exploit legal services to move and disguise illicit funds under the appearance of legitimacy. This is a recognized vulnerability across multiple FATF typologies.

The behavior described is not merely aggressive tax planning or routine legal work; rather, it represents facilitation of illicit financial flows through professional services.

Correspondent banking relationships are recognized as higher risk under FATF guidance primarily because transactions are cross-border and conducted on behalf of third-party customers.

In correspondent banking, a respondent bank may process transactions for customers that the correspondent bank does not have a direct relationship with. This reduces transparency and limits the correspondent’s ability to fully assess customer identity, beneficial ownership, and transaction purpose.

While correspondent transactions may involve high-risk jurisdictions, this is not always the case. They are not anonymous by design, and payment messaging standards often require significant information. However, the indirect customer relationship and cross-border nature introduce complexity, jurisdictional risk, and reliance on the respondent bank’s controls.

Therefore, third-party and cross-border exposure is the key driver of heightened risk.