CAMS Sample Questions Answers

Customer loyalty program tracking

Product usage analysis

Customer satisfaction surveys

Customer support ticket tracking

Credit risk assessment

The Financial Action Task Force (FATF)

The AUSTRAC Fintel Alliance

The Egmont Group

The Wolfsberg Group

Inquiring about the source of wealth and source of funds

Asking to provide a list of immediate family members

Verifying the financial crime awareness of the client

Collecting necessary documents to verify the veracity of information

Ensure the jurisdiction risks and other relevant factors have been taken into consideration in the EWRA and the residual risks are within the corporation's risk appetite

Partnering with established local businesses to leverage their knowledge and connections while sharing risks

Ensuring the company has strong ties with local government officials to influence policy and avoid negative scrutiny

Committing to open communication, ethical practices, and community engagement to build trust with stakeholders

Minimizing the company's direct presence in the country to reduce exposure to potential risks

Statistical data regarding SARs filed during the reported period

All possible details of SARs filed during the reported period

Copies of all SARs filed during the reported period

Names of all customers subject to SARs filed during the reported period

Allows the appropriate federal banking agency to require a financial organization to produce, within 120 hours, records or information related to the organization's AML compliance or related to a customer of the organization or any account opened, maintained, administered, or managed in the U.S. by the financial organization.

Provides the U.S. Department of Treasury with the authority to apply graduated, proportionate measures against a foreign jurisdiction, foreign financial organization, type of international transaction, or type of account.

Permits the U.S. Government to seize funds from a correspondent bank account in the U.S. that has been opened and maintained for a foreign bank in the same amount as has been deposited with the foreign bank.

Requires due diligence, and in certain situations enhanced due diligence (EDD), for foreign correspondent accounts, which includes virtually all account relationships that organizations can have with a foreign financial organization and private banking for non-citizens of the U.S.

Raise transaction monitoring thresholds for PEP accounts in automated systems to account for higher transaction values and complex legal vehicles and financial structures

Require approval from the prudential regulator for entering into or continuing the business relationship

Subscribe to commercial databases to assist in the detection of PEPs

Establish processes to understand the PEP's source of wealth and the source of funds, and to refresh that understanding on a regular basis

Sanctions can only be placed on certain individuals in foreign countries as designated by OFAC

Blocked funds must be placed into an interest-bearing account on a financial institution's books

Sanctions can be either comprehensive or selective using the blocking of assets and trade restrictions to accomplish foreign policy and national security goals

OFAC sanctions automatically expire after five years unless renewed by Congress

Conduct AML audits no less often than every 12 months for consistency in annual reporting.

Remain independent from expressing opinions on the sufficiency of remediation or action plans to address findings and recommendations.

Be involved in the day-to-day operations of the AML program to immediately prevent control failures.

Report to the audit committee of the board of directors to maintain independence.

Consistency of approach

Periodic training of the function

Qualification of the team

Independent testing

Regulation (EU) 2024/1624 of the European Parliament

Collaborative Sharing of Money Laundering/Terrorism Financing (ML/TF) Information & Cases (COSMIC)

USA Patriot Act Section 314(a)

USA Patriot Act Section 314(b)

Inviting prospective customers for an onboarding interview

Rejecting any politically exposed persons (PEPs) as customers

Understanding the source and origin of assets

Performing negative news checks of prospective customers

Producing financial stability reports on interesting customers

buy in-game items with virtual in-game currencies.

exchange in-game items with other players.

trade in-game items with other players that can be exchanged for fiat currency

obtain in-game materials by performing in-game activities.

evaluate and monitor compliance with the FATF standards and provide recommendations for improvement.

assist countries in implementing EU, UN, and regional sanctions regimes.

develop and promote international standards to prevent money laundering and terrorist financing.

conduct investigations on countries legislations and laws to prevent them from being used for money laundering and terrorist financing.

ensure that countries follow its laws to maintain financial stability.

A client frequently submits financial statements much earlier than required appearing overly eager

A client insists on using a personal bank account for business transactions despite being advised otherwise

A new client shows a preference for minimal direct interaction and relies primarily on indirect communication methods, citing convenience or time constraints

The client is a publicly listed company but very diversified

The ultimate beneficial ownership is unclear

The head office of a foreign legal entity which has a branch in the US does not need to comply with OFAC rules.

A foreign individual visiting the US for a short vacation is obligated to follow OFAC rules.

Nationals of the US must comply with OFAC rules, regardless of where they are located in the world.

Any foreign corporation is also penalized if it conducts transactions with sanctioned countries under OFAC rules.

A subsidiary of a legal entity of the US, which is formally registered in a foreign country, is exempt from OFAC rules.

increased reputation risk.

inclusion on the UN Consolidated List.

civil and criminal penalties

delisting of public filing status.

The foreign bank must always request approval by its national anti-financial crime authority to share any information cross-border.

The bank should report this to the Financial Crimes Enforcement Network (FinCEN) and receive formal guidance before sharing the information.

The bank should consider jurisdictional privacy requirements and its own policies and procedures to determine what information to share.

The information should only be shared on a need-to-know basis.

Utilizing a flexible communication style that adapts to different customer situations during the termination process

Implementing a standardized procedure for customer termination that includes risk assessments and necessary documentation

Performing a final review of a customer's transaction history and records to address any unresolved issues prior to termination

Keeping records of the termination process, including the justification for the decision and any correspondence with the customer

Notifying the customer of the termination decision only after completing the termination process to prevent possible disputes

Permanent US resident aliens regardless of location

Merchants that offer US-origin goods for sale regardless of location

Non-US financial institutions that offer accounts in USD regardless of location

US citizens regardless of location

US incorporated entities and their foreign branches

Partial automation of data collection and analysis

Cost-effective access to a wide range of data

Real-time monitoring of selected transactions and data sources

Ability to conduct investigations with minimal human oversight

Enhanced ability to identity connections across various data sets

helping to identify high-risk sectors that require enhanced due diligence (EDO),

eliminating the need for sectoral risk assessments within the organization

guiding the allocation of resources for mitigating financial crime risks

requiring all organizations to apply standardized measures

automatically reducing the organization's responsibility for conducting its own risk assessment

Private bankers should receive training on AML procedures.

All employees should receive refresher AML training.

The board should review and approve a revised AML policy to change customer due diligence requirements in private banking.

The legal department should conduct a review to assess potential legal consequences.

Make copies of the customer's documents and submit the originals to the enforcement agency

Notify the customer being investigated before submitting documents

Keep the customer's accounts open at the enforcement agency's verbal request

Have the institution's assigned legal counsel review the subpoena

Use of wire transfers

Loitering

Instructions or involvement from third parties

Amended letters of credit without reasonable justification

Non-standard settlement arrangements

The residual risk would be eliminated entirely because the controls are sufficient to mitigate all potential risks

The residual risk would be significantly reduced due to the effectiveness of the controls in place

The residual risk would remain high due to the inherent nature of the private banking business

The residual risk would be moderately reduced, but further controls may be necessary to achieve an acceptable level

Understanding why a customer has selected a particular financial institution for banking

Verifying the identity of a customer with reputable online source documentation

Limiting the online activities of a new customer during the first two months

Understanding the nature and purpose behind a new business opening an account at the bank

Money laundering typologies applicable to monetary instrument reporting

Applicable AML laws and regulations

Regulatory exam best practices

Money laundering typologies applicable to corporate loans

maintain compliance with the AFC and sanctions requirements of all countries where the F1 operates or has business relationships and to avoid penalties for violations in foreign jurisdictions.

ensure that sanctions regimes are applied selectively based on the regulatory standards of the countries where business activities occur, focusing primarily on aligned jurisdictions

compensate for the limited applicability of AFC and sanctions regulations on cross-border transactions and their reduced relevance for domestic operations in other jurisdictions.

ensure the F1 can manage business relationships in jurisdictions with stricter or more lenient regulations than their home country, allowing for operational flexibility

Be consistent with the head office audits

Be tailored to the higher of standards between the jurisdictions.

Conform to the foreign jurisdiction policies to align with the head office policies.

Provide all foreign jurisdiction reports to the head office for approval.

The family members and close associates of PEPs may be involved in illicit activities.

PEPs are granted unlimited credit and financial immunity under international banking regulations.

PEPs may exploit embassy activities to conceal bribery and corruption transactions.

PEPs can have illegitimate fund sources but are legally protected from having their accounts closed for activities outside a bank's risk appetite.

Eliminating spontaneous information sharing between FIUs to reduce the burden of excess investigative work

FIU cooperation should always be channeled through designated intermediaries

Information exchange should take place informally, without too many formal prerequisites

Formal Egmont Group membership requirements ensure a high commitment of the eligible FIUs

It is within an FIU's authority to sign Memorandums of Understanding independently

A court order requests the bank to disclose the SAR subject to obtaining agreement from the legal team

A customer asks about potential reporting to the local Financial Intelligence Unit (Fill)

An external consultant inquires about the details of the SAR

A third-country police directly inquires about the customer.

Cash access from a pre-paid card increases the potential that the card will be used for money laundering purposes.

Transaction monitoring examines the relationship between due diligence information and account closings.

Account and transactional activity are monitored after the proper identification and verification of customers.

Numbered or alternate name accounts will only be accepted if the bank has established the identity of the client and beneficial owner.

An RAS defines the amount and type of risk an organization is willing to take to achieve its objectives and should be communicated clearly to all stakeholders with corresponding controls implemented

An RAS is a detailed plan for managing operational risks and does not cover strategic or financial risks

An RAS is a formal document meant for regulatory compliance that does not influence day-to-day risk management practices within the organization

An RAS is used to outline the risk tolerance limits to external stakeholders and does not need to be communicated within the organization

A lack of professional body oversight or required use of accounting and auditing standards in the country of incorporation of the entity

Criminals posing as individuals seeking financial advice to place assets out of reach to avoid future liabilities

Incomplete records being provided during bookkeeping, making them difficult to audit

Accountants being used as intermediaries to introduce criminals to financial institutions

Allowing clients lo transact anonymity-enhanced tokens

Onboardlng of clients who are residents abroad. Including those with politically exposed person (PEP) status

Enabling transfer of tokens from one blockchain to another

Offering services to VASPs established in jurisdictions that are not FATF compliant

Operating a network of crypto ATMs charging high fees

Lack of adequate IP address tracking capabilities

An external audit highlights several deficiencies

The company is merging with or acquiring another entity

Extensive AML legislation is proposed by a legislative body in the company's jurisdiction

A high-profile money laundering case involving another industry is publicized

allows Financial Intelligence Units (FlUs) to enact sanctions against perpetrators of financial crime

promotes financial transparency and protects the integrity of the financial systems

needs to be approved by the Financial Intelligence Unit (FIU) before sharing between financial institutions

helps financial institutions to be more effective in fighting crime with data analysis

A customer deposits a large number of consecutively numbered money orders.

A customer requests loans made to local companies or secured by obligations of local banks.

A customer has regular deposits and withdrawals primarily in wire transfers.

A customer receives wire transfers from different unknown accounts which are immediately wired onwards to a third party.

A customer withdraws cash in amounts just under the reporting threshold.

Mandatory participation in all regulatory inspections

Mandatory attendance and review of alt financial crime trainings

Setting clear criteria for escalations to senior management

Setting tone from the top

Adversary governments using sophisticated attacks to threaten critical infrastructure and sectors, including finance, health care and energy

Networks of individuals and entities exploiting financial systems to move funds that will be used to acquire weapons of mass destruction or their components

Transnational criminal organizations expanding their engagement into more varied types of illicit activities, including human trafficking and corruption

Networks of individuals and entities raising funds to further proliferate their ideological goals wholly or in part through unlawful acts of force or violence

Escalate the matter to the institution's high-risk client committee, presenting the investigation findings and recommending offboarding while also acknowledging the relationship manager's concerns

Proceed with offboarding the customer unilaterally based on their investigation findings and anti-money laundering (AML) concerns

Attempt to persuade the relationship manager to agree with the offboarding recommendation by highlighting the potential reputational and regulatory risks associated with maintaining the relationship

Delay the offboarding decision and continue monitoring the customer's activities, waiting for further evidence to solidify the case for termination

public administration.

legal assessment.

law enforcement.

legal activity.

Appointing individuals to serve in official capacities of the company

Annual maintenance services

Provision of a local business address

Company incorporation services

The vendor provides services to end users located in an area subject to economic sanctions

The vendor's sales representative was a refugee from a sanctioned jurisdiction as a child

The vendor is organized as a privately held company

The vendor has no individuals that own or control more than 10% of the company

The European Commission and the High Representative issue a joint proposal for an import ban on refined oil products.

The European Commission and the High Representative issue a joint proposal for an import ban on oil extraction equipment

The Council of the European Union adopts a new export control regime for electronic equipment

The Council of the European Union adopts a new import restriction regime for goods coming from countries that do not respect human rights

Submit a referral to file a suspicious activity report (SAR)

Evaluate the KYC review process to understand why the review did not occur as required and take corrective action as necessary

Contact the customer's relationship manager to suspend account access until the periodic KYC review is completed

Remove the customer from the bank's high-risk list

Policies are broad guidelines. Procedures are detailed instructions for specific processes. Only procedures are mandatory for knowledge and adherence.

Policies define the principles of an organization and influence the drafting of procedures. Procedures are detailed instructions for specific processes.

Policies are detailed instructions for specific processes. Procedures are an overarching framework. Neither policies nor procedures are mandatory for knowledge and adherence.

Policies are detailed instructions for specific processes. Procedures are an overarching framework. Both policies and procedures are mandatory for knowledge and adherence.

Helping Financial Intelligence Units (FIUs) to analyze the suspicious activity reports (SARs)

Directly prosecuting money launderers in court

Providing financial assistance to governments to strengthen their anti-money laundering efforts

Raising awareness about the issue of money laundering and its consequences

List-based

Secondary

Country-based

Sectoral

The bank's designated AML compliance officer is likely to face criminal prosecution because the bank received a regulatory order

The bank's designated AML compliance officer and senior management can face civil prosecution but not criminal prosecution for violation of AML laws

The bank's designated AML compliance officer and senior management may face personal liability if they failed to take actions while aware of AML violations at the bank

The bank's designated AML compliance officer is the only individual in the company's senior management team that can face personal liability for violation of AML laws

Reputational risk

Operational risk

Sanctions risk

Compliance risk

Lending risk

collecting complete customer information.

ongoing screening of customers.

suspicious activity and sanctions reporting.

evaluating the effectiveness of compliance controls.

Low thresholds for transactions

Frequent use of cash

Cross-border transactions

Weak KYC policies and procedures

A check returning a mortgage overpayment made in error

A payment made to a mixer platform

A regular standing order to a high-interest savings account

A bill payment made to a friend after splitting a dinner bill

Establishing risk controls

Assessing risk controls

Ongoing risk monitoring

Conducting a risk assessment

Attempts to circumvent or evade sanctions imposed by the UNSC can constitute a criminal offense if designated under local laws and regulations

The UN can impose arms embargoes but cannot prohibit direct or indirect exports of other goods to specific countries

Member countries of the United Nations are expected to implement and enforce sanctions imposed by the UNSC

Direct breaches of sanctions imposed by the UNSC constitute a criminal offense in all member countries

Investment advisor

Relationship manager

Operations manager

Compliance officer

Disseminate analysis of suspicious transaction and suspicious activity reports to foreign judicial systems to enhance their anti-money laundering and terrorist financing investigations and prosecutions

Receive reports of suspicious transactions and suspicious activities from reporting institutions or obliged institutions

Disseminate the analysis of suspicious transaction and suspicious activity reports to local law enforcement agencies and foreign FIUs to combat money laundering

Investigate and where appropriate prosecute all suspicious transaction and suspicious activity reports received from reporting institutions or obliged institutions

Analyze all suspicious transaction and suspicious activity reports received from reporting institutions or obliged institutions

Engage in the PPP without strict data sharing protocols, allowing for open and unrestricted flow of information between the bank, FIUs, and other financial institutions

Rely solely on the intelligence provided by government agencies through the PPP because they have the most comprehensive data on suspicious activities

Establish a clear framework within the PPP that outlines data privacy protections and ensures that information sharing complies with legal and regulatory requirements in all jurisdictions involved

Prioritize the bank’s internal data sources over external intelligence from PPPs, as internal data is easier to control and does not present data privacy challenges

Adaptable to new AFC typologies through continuous model training

Completely unbiased and without error through continuous model training

More consistent and reliable detection outcomes

Transparent and easy to explain algorithms for regulator and compliance purposes

The account activity includes deposit activity into both savings and checking accounts

The account activity includes incoming funds transfers at irregular intervals from small businesses located in New York

The account activity includes deposits made in multiple branches around New York City into the same account.

The account activity includes frequent purchases of tickets to industry conferences and other events.

Exchange operational information between public authorities and obliged entities

Exchange strategic information between FIUs and obliged entities

Exchange strategic information between financial institutions

Create a common database of key information and share analysis of suspicious activities with FATF

a deliberate attempt not to pay the tax which is due or obliged.

bending the rules to pay less tax than required.

not an important crime as it does not impact society.

a sophisticated process which always means the same as tax avoidance.

Information provided by a prospective customer

Photocopy of a copy of a government-issued identity document

Information obtained from an open-source database

Information obtained directly from a government-managed registry

Whether the vendor has documented appropriate internal controls for designing system and data integration schema

Whether the permissions and user access settings for reviewing, investigating, and reporting details of alerts generated by the system are commensurate with those in use at other banks

Whether the monitoring system is adequate with respect to the bank's size, activities, complexity, and risks

Whether the monitoring system can be configured to enable the bank to execute trend analysis of transaction activity and to identify unusual business relationships and transactions

wire transfers in different currencies between accounts held at different banks for the same client.

an incoming third-party wire transfer followed by the purchase of real estate in the client's name.

an incoming wire transfer followed by the loan payment to a third party that is a business associate of the client.

multiple wire transfers sent to counterparties associated with the client as per KYC documentation.

cross-border purchases

purchases in the name of a natural person

paying true market price for a property

non-financed purchases

KYC analyst

Senior management

Relationship manager

Enhanced due diligence compliance officer

Receiving electronic transfers for US$10,000 amounts from other financial institutions

Using cash to buy multiple cashier's checks over a period of time

Performing operations with real estate investment companies

Using cashier's checks in the transactions with the real estate investment company's account

In-person training sessions

Comprehensive curriculum delivered by senior management

Comprehensive content with engaging delivery methods

Generalized content designed to apply to a broad audience

Ensuring the tools are compatible and integration with current systems is possible

Assessing whether internal staff members can provide training on the tools

Assessing the cost of implementation and cost of maintaining the tools

Basing business requirements on the features offered by the vendor's tools

Involvement in community development and humanitarian aid projects

Large and unaccounted cash donations from anonymous sources

Operating in high-risk jurisdictions with limited oversight

Frequent changes in leadership and mission statements

Extensive transparency in financial reporting and governance practices

certain contractors may receive preferential treatment, allowing them opportunities to inflate margins during the tender process

unsuccessful bidders are informed of decisions and provided detailed justifications for awarding the contracts

procurement and contracting processes involve the management of the tender process, which may lack sufficient oversight

bids are solicited and disseminated to a wide audience through advertising and other channels.

fraudulent identities involving stolen or manufactured identification.

suspicious behavior involving a transaction that occurs at an unusual time of day.

hidden beneficial owners.

transaction patterns involving transactions that exceed a certain dollar amount.

anomalies involving a transaction that occurs in a location far away from the customer's usual spending patterns.

Establishing BSA/AML compliance staff reporting to the management of the business line in the first line of defense

Ensuring BSA/AML compliance staff is primarily outsourced

Providing BSA/AML compliance staff a reporting line to compliance or other second line of defense internal control function

Providing BSA/AML compliance staff with a reporting line to the chief financial officer

Memorandum of Agreement.

Declaration of Understanding.

Memorandum of Understanding.

Mutual Legal Assistance Treaty.

Request for Urgent Information.

Ensure that the second line reviews, monitors, and escalates risk-related issues as needed to senior management while maintaining independent oversight from the third line

Have senior management handle risk-related issues directly when possible because they are ultimately responsible for the organisation's overall risk management strategy

Delegate some risk-related issues to the first line to avoid overwhelming the second line and to ensure operational efficiency

Assign risk-related oversight duties to the third line to provide an independent review and address issues more effectively by avoiding conflicts of interest in the first and second lines

impose sanctions lo maintain of restore international peace and security

impose sanctions on countries that lack AML/CFT controls.

conduct research on and analyze the impacts of sanctions to improve the effectiveness of sanctions regimes.

impose sanctions on economic targets to maintain or restore financial stability within a country.

A relationship manager advocates for overriding the results of the company's client risk rating model that resulted in a client's high-risk rating.

An If employee shares information about a firm's risk management framework with employees of other firms at an industry convention.

An investigator does not complete the automated transaction monitoring system alerts assigned to them before the time required by company procedures.

A relationship manager makes an exception to company policy and proceeds with onboarding a customer without documenting a passport for customer identification

Money services business (MSB)

Multinational corporations

Individual foreign customers

Non-profit organizations with international operations

difficulty in tracking the originator, recipient, and source of transactions.

remote verification of identity by third-party program managers.

heavy usage by senior political figures.

informal networks used for cross-border transactions outside of the formal banking system.

heightened risks of returned transactions.

Criminal history searches

Personal resume

Internet and public media searches

Past employment records

Personal references from close associates

Customer privacy regulations should guide the development of due diligence and other money laundering and terrorist financing preventive measures.

Nations should work towards implementing targeted financial sanctions in alignment with the UN Security Council.

Nations should take measures to ensure there is transparency to the beneficial ownership of legal persons.

Nations should establish frameworks that take a risk-based approach to prevent and mitigate money laundering and terrorist financing.

Governments must work toward developing identical administrative and operational frameworks for investigating and prosecuting crime.

Regulators should direct Financial Institutions to establish appropriate frameworks to avoid banking higher risk customers.

ensure that all adverse media sources are comprehensively analyzed without the need for human review.

significantly reduce human errors arising from repetitive tasks by delivering consistent and highly accurate analysis.

instantly identify intent behind media articles, allowing for more effective risk scoring.

automate the process of identifying new information and distinguishing it from previously encountered data.

cover multiple languages and scripts, surpassing the limitations of human linguistics.

Drafting detailed action plans for the audit team to execute to close the findings

Reperforming the testing for the controls mentioned in the findings to confirm the results of the audit

Defining remedial actions based on the findings' root cause analysis

Assigning responsibility for reviewing the action plan to the board of directors

Ensuring sanctions coy on international bodies like the UN because there is no requirement to adhere to local laws.

Ensuring group policies and procedures prioritize adherence to US regulations because they are the most influential worldwide.

Applying global AFC and sanctions policies to ensure consistency without the need to adapt to local regulations.

Ensuring group policies cater to compliance with each country's specific AML and sanctions regulations.

Section 314(a)

Section 314(b)

Section 319(b)

Section 319(a)

A customer being hesitant to provide beneficiary name or address information when sending international wire transfers

Cash-intensive businesses, such as convenience stores or restaurants, making large cash deposits

A customer exchanging foreign currency from a higher-risk jurisdiction for domestic currency under the reporting threshold

A customer using multiple accounts under different names to conduct transactions

A customer completing frequent small-dollar international money transfers to their native country