ACAMS CAMS Certified Anti-Money Laundering Specialist (the 6th edition) Exam Dumps and Practice Test Questions Set 7 Q 121- 140

Visit here for our full ACAMS CAMS exam dumps and practice test questions.

Question 121

A customer operating a small export business begins routing payments through third-party shell companies in different jurisdictions before the funds reach their account. The third-party companies have little apparent business activity. What is the correct first action by the financial institution?

A) Accept these intermediary payments because they are from legal companies
B) Conduct enhanced due diligence on the third-party companies, their ownership and economic purpose
C) Immediately block all funds from these third-party companies
D) Assume the customer is restructuring its business and update expected payment flows accordingly

Answer: B

Explanation

A) Accepting these intermediary payments without question is risky and does not align with effective anti–money-laundering (AML) practice. Even if the contracted third-party companies are legally registered, their use to funnel payments may indicate layering — the process of creating complexity in financial flows to obscure the origin of funds. A bank cannot rely solely on corporate legitimacy; it must verify who ultimately controls the companies and why they are involved in the customer’s business transactions. Ignoring the risk undermines the bank’s ability to detect illicit financial flows and may expose it to regulatory, reputational, and legal dangers.

B) The proper first step is to perform enhanced due diligence (EDD) on those third-party shell companies, including identifying their beneficial owners, business operations, and economic rationale for involvement in the customer’s payments. This inquiry should include reviewing publicly available corporate registries, financial statements (if available), ownership disclosure documents, and any business contracts showing a legitimate trade purpose. It should also include understanding the geographic risk of the jurisdictions in which these entities are located. The bank must assess whether these companies are acting as normal trade intermediaries or whether they are being used to layer funds in a money-laundering scheme. Through this deeper analysis, the bank can determine whether legitimate business reasons justify the structure, or whether suspicious patterns require escalation to the compliance department for possible reporting. Documentation of the investigation and any explanations from the customer are critical so the bank’s decision-making is transparent and defensible.

C) Automatically blocking all funds from the third-party companies without first investigating is premature. Although this may be considered later, blocking funds immediately without due inquiry ignores the customer’s right to conduct legitimate business and may lead to operational risk or reputational harm if done without evidence. Blocking should follow a preliminary risk evaluation and attempts to obtain clarifying information.

D) Assuming this is just a business restructuring carries risk without verification. The bank cannot simply reclassify expected payment flows without first confirming the legitimacy of the new structure. Updating expected cash flows based on unverified third-party entities could blind the bank to potential layering or illicit fund movements. Proper process demands that the bank investigate and document the change, not accept it at face value.

The correct action recognizes that use of shell companies to route payment can be a significant red flag. By conducting enhanced due diligence, the bank actively seeks to understand who controls these entities, why they exist, and whether they truly serve a legitimate trade purpose. This aligns with risk-based AML practices, regulatory expectations, and helps the institution make an informed decision about escalation or reporting.

Question 122

A high-net-worth individual (HNWI) customer who is not a PEP suddenly opens multiple new accounts, each held in different currencies, and transfers large sums into them. What should the financial institution do?

A) Treat the transfers as part of normal asset diversification for a wealthy client
B) Review the source of funds, account purpose, and conduct ongoing monitoring for layering or structuring
C) Close the new accounts because the client did not disclose a business reason
D) Adjust internal limits to allow for large cross-currency transfers without escalation

Answer: B

Explanation

A) While asset diversification is a normal activity for HNWIs, it is not sufficient to assume this behavior is innocuous when the pattern is aggressive and rapid. Wealthy clients may indeed diversify their holdings across currencies, but the sudden opening of multiple accounts in different currencies combined with large inbound transfers raises red flags. Without understanding the source, justification, and ultimate use, the bank cannot assume the activity is benign.

B) The correct approach is to review the source of funds, clarify the purpose for each new account, and engage in enhanced ongoing monitoring. The bank must conduct due diligence on where the funds originate — whether they stem from business revenues, investments, or potentially opaque or high-risk sources. It should document explanations from the customer about why multiple foreign-currency accounts were needed and how these funds will be used. The bank should also monitor transaction activity in each account, examining transfers, currency conversion behavior, and whether account balances remain high or rapidly rotate. This analysis helps determine whether there is layering (moving funds through multiple jurisdictions) or other laundering risks. Escalation to the compliance team for deeper risk assessment or possible reporting may be warranted if the patterns remain suspicious or unexplained.

C) Closing the accounts simply because the customer did not initially disclose a business reason is premature and potentially harmful. The bank should first ask for clarification and attempt to understand the customer’s rationale. Closure without due inquiry risks customer relationship damage, business loss, and possibly regulatory issues if it is done without justification.

D) Adjusting internal transaction limits to accommodate large cross-currency transfers without escalation effectively bypasses the risk controls that need to be exercised when suspicious activity is present. This undermines AML defenses and may lead to regulatory non-compliance. Such adjustments should only be made after thorough risk assessment, not as a convenient workaround.

The correct path focuses on transparency, risk-based review, and documentation. For HNWIs, multiple foreign currency accounts and large fund movements can be legitimate, but they can also disguise complex layering schemes. By investigating, verifying, and monitoring, the bank ensures that wealthy clients are not inadvertently facilitating money laundering.

Question 123

An institution identifies a pattern where funds are deposited into a customer account and then quickly moved to another affiliated account held at the same bank. The transferred amounts frequently return within a short time. What is potentially indicated by this pattern, and what is the proper response?

A) The pattern indicates legitimate cash management and no further action is required
B) The pattern suggests internal layering, and the institution should review and potentially escalate to compliance
C) The institution should limit the number of transfers between affiliated accounts
D) The institution should block the transfers permanently

Answer: B

Explanation

A) Interpreting the pattern as purely cash management may underestimate the risk. While businesses sometimes shuffle funds among affiliated accounts for liquidity management, rapid back-and-forth movement (circular flow) that returns to almost the same balance is often characteristic of layering in a money-laundering scheme. Without analysis, assuming it’s benign cash management ignores a potential red flag.

B) The more appropriate interpretation is that this may be indicative of internal layering: the customer is using accounts within the same institution to move funds in a way that obscures origin or ownership. Funds enter an account, are quickly transferred to another, and then return, suggesting an intent to create complexity. The bank should conduct enhanced monitoring of these accounts: analyze the volume and frequency of transfers, review the business purpose for each move, examine whether the customer’s cash flow and documented business model justify such movements, and validate documentation for both source and destination accounts. If the review raises suspicion, the case should be escalated to the compliance or AML team, and potentially a suspicious activity report (SAR) should be filed. This ensures oversight and proper investigation.

C) Simply limiting the number of transfers does not address the root risk. While putting controls on internal flows might reduce volume, it does not allow the institution to understand why the pattern is happening and whether it is being used to obfuscate illicit funds. Controls without investigation leave the risk unmitigated.

D) Blocking the transfers permanently without investigation may disrupt legitimate operations and damage the customer relationship. It may also violate account agreement terms or internal policy if done without just cause. A more measured, investigative response is required first.

The correct answer highlights the risk that internal rapid circular transfers can indicate layering or obfuscation. The bank must investigate, document, and escalate as needed. Proper procedure protects the institution’s integrity while enabling a compliance-driven response to possible money-laundering schemes.

Question 124

A customer applies for an extremely large life insurance policy, claiming inheritance as the source of wealth. However, the customer declines to provide documentation of the inheritance, citing privacy concerns. What should the financial institution do?

A) Accept the explanation and issue the policy
B) Refuse to issue the policy unless documentation of the inheritance is provided
C) Issue the policy but escalate the file to compliance for enhanced due diligence
D) Provide a smaller policy instead, assuming the full amount is not justified

Answer: C

Explanation

A) Accepting the customer’s explanation and issuing the policy without documentation is not acceptable. For very large life insurance policies, the source of wealth is critical to risk assessment. The institution must verify that funds originate from legal and transparent means. Without legitimate proof, the risk of money laundering, tax evasion, or hidden beneficial ownership increases.

B) Flatly refusing may be premature. While requiring documentation is necessary, an immediate refusal without giving the customer a chance to comply may not be appropriate, as there may be legitimate inheritance that the customer is reluctant to disclose immediately. However, privacy concerns do not override regulatory and compliance obligations.

C) The correct response is to issue the policy conditionally (or with caution) combined with escalation to compliance for enhanced due diligence. The bank should ask for credible alternative documentation if formal inheritance paperwork is unavailable (e.g., probate court records, trust documents, tax returns, legal representation). Simultaneously, the compliance team should assess the applicant’s overall risk: evaluate other sources of wealth, check for potential politically exposed person (PEP) status, review beneficial ownership if a trust is involved, and monitor premium payment patterns closely. The institution might apply stricter controls, including anti–money-laundering monitoring, policy surrender penalties, and regular reviews. This route balances customer service with risk management and regulatory obligations.

D) Offering a smaller policy does not resolve the underlying risk. It merely reduces exposure but fails to address the compliance deficiency of undocumented source of wealth. The institution must still verify the origin of funds for whatever policy size is applied. Providing a lower-coverage policy without clarity continues to leave a risk gap.

The correct answer recognizes that life insurance is often misused for money laundering: large policies can serve as vehicles for layering and integration. When the claimed source of funds (inheritance) is not documented, compliance escalation and enhanced due diligence are mandatory. This ensures that the institution meets both regulatory obligations and protects itself from risk.

Question 125

A financial institution’s transaction monitoring system flags multiple customers who are structuring deposits just under the currency reporting threshold, and the depositors are mostly unrelated individuals. What should the financial institution do with this pattern?

A) Review and analyze the pattern as a potentially coordinated structuring scheme
B) Disable the alert rule because so many customers are triggering it
C) Allow it because none of the transactions individually exceed the reporting threshold
D) Ask each customer to provide an explanation and then ignore the responses

Answer: A

Explanation

A) The detection of multiple unrelated individuals depositing amounts just below the regulatory reporting threshold is a strong indicator of a coordinated structuring (smurfing) operation. Structuring is a deliberate attempt to avoid triggering mandatory cash transaction reports or Currency Transaction Reports (CTRs). The institution must analyze the depositors’ behavior in aggregate: evaluate whether they share common geographic locations, the timing of deposits, account relationships, or any other linkages. The compliance team should deepen its review, identifying whether there is an orchestrated effort to funnel funds through multiple accounts, potentially on behalf of a common third party. Investigators should obtain source-of-funds documentation, review the accounts’ history, escalate for suspicious activity evaluation, and, if warranted, file SARs. Detailed and collective analysis enables the institution to identify patterns that may not be visible when examining individuals in isolation, and addressing it ensures robust compliance with AML regulations.

B) Disabling the alert rule undermines the bank’s monitoring infrastructure and eliminates detection capability. If many customers trigger the same rule, it may reflect either a legitimate systemic issue or a real laundering scheme. Disabling alerts because they produce many hits prevents the bank from deciding whether pattern indicates risk, and opens the institution to regulatory risk.

C) Allowing the behavior because transactions do not individually breach reporting thresholds ignores the fundamental risk: structuring itself is suspicious. Regulations often require that financial institutions monitor for, investigate, and escalate such behavior even when individual transactions fall just below a threshold. The cumulative effect matters more than individual dollar signs.

D) Requesting an explanation is reasonable, but ignoring the answers defeats the purpose of escalation. The institution should document responses, assess their credibility, and decide whether that satisfies due diligence or whether further investigation is necessary. Simply asking and then discarding responses is not sufficient for compliance or risk management.

The correct response recognizes that repeated patterns of structuring across unrelated clients could reflect deliberate and coordinated laundering efforts. By reviewing collectively, the institution can detect broader risk trends, link accounts if necessary, and file reports. This approach ensures regulatory obligations are met, risk is mitigated, and the institution’s monitoring system remains effective and meaningful.

Question 126

A customer who operates a luxury car dealership begins purchasing high-end vehicles using large amounts of cash deposited by multiple individuals who are not connected to the business. The customer explains that these individuals are “friends helping with liquidity.” What should the financial institution do?

A) Accept the explanation because the business deals with high-value goods
B) Conduct enhanced due diligence, review the source of funds, and assess possible third-party laundering
C) Allow the transactions as long as all cash deposits stay below reporting thresholds
D) Block all deposits from anyone other than the business owner

Answer: B

Explanation  

Luxury car dealerships are frequently targeted by money launderers because high-value, portable assets like vehicles convert cash into goods that can be resold or moved across borders. In this scenario, the bank must scrutinize not only the business operations but also the source of funds used for vehicle purchases. The presence of multiple unrelated individuals depositing cash into the dealership’s account is a major red flag. The business owner’s explanation — that “friends are helping with liquidity” — is vague, unverifiable, and inconsistent with legitimate commercial practice. Businesses with high sales volumes typically rely on customers, financing partners, and institutional lenders for liquidity, not private cash donors.

A) Accepting the explanation simply because the business deals in luxury goods ignores core AML responsibilities. High-value dealerships attract criminal exploitation because they allow conversion of illicit cash into automobiles that can quickly be resold locally or exported. Criminal groups often use dealerships to launder proceeds, particularly drug money or organized-crime proceeds. Accepting a weak explanation would expose the bank to significant regulatory and reputational risk.

B) Conducting enhanced due diligence is the correct response.The bank should consider whether these third-party individuals are acting as “cash smugglers” (smurfs) depositing illicit funds on behalf of organized crime. A common laundering method is placing illicit cash through legitimate businesses, especially ones that can justify large cash inflows. If enhanced due diligence raises unresolved concerns — such as unverifiable depositor identities or business inconsistencies — the institution must escalate the case to AML compliance for possible suspicious activity reporting.

C) Allowing transactions as long as deposits stay below reporting thresholds is precisely what money launderers exploit. Criminal groups intentionally structure deposits to avoid CTRs. A bank must evaluate suspicious behavior regardless of dollar amount. Deposits under thresholds do not reduce AML obligations and, in fact, increase suspicion when repeated by unrelated individuals.

D) Blocking deposits from anyone except the business owner is premature and could disrupt legitimate customer payments. However, legitimate car buyers make payments, not random associates making large “liquidity deposits.” Blocking without investigation may harm an innocent business, but doing nothing is equally irresponsible. Investigation must come first.

Enhanced due diligence balances customer fairness with regulatory obligations. Luxury-goods businesses require careful scrutiny, especially when unusual third-party cash patterns appear. The correct answer ensures the bank investigates source-of-funds risks, mitigates exposure, and fulfills its AML duties.

Question 127

A long-time customer who operates a restaurant begins depositing significantly higher amounts of cash than in previous years. When questioned, the customer states that “business has been booming,” but financial statements do not show a proportional increase in sales. What should the institution conclude?

A) The customer is likely experiencing organic growth
B) The discrepancy suggests possible laundering of third-party cash and requires escalation
C) The institution should ignore the inconsistency because the customer has a long history
D) The institution should close the account immediately

Answer: B

Explanation  

Cash-intensive businesses such as restaurants, bars, convenience stores, and salons often attract money launderers who seek to place illicit cash into the financial system under the guise of business revenue. When a restaurant suddenly begins depositing substantially more cash than in previous years, but sales records do not support the increased revenue, the financial institution must treat the pattern as a significant red flag.

A) Assuming organic growth is insufficient. If none of these indicators match the cash increase, the activity becomes suspicious.

B) The correct conclusion is that the discrepancy may suggest laundering of third-party cash. Restaurants are commonly used as “front businesses” due to their ability to blend illicit cash with legitimate sales, especially when oversight is weak. The customer’s vague answer — “business has been booming” — is insufficient without documentation.If financial statements do not support the increased deposits, placement of illicit cash becomes a plausible concern. Criminal groups may use restaurants to absorb proceeds from illegal gambling, narcotics, or other illicit activity. Restaurants also allow launderers to deposit illicit cash as “nightly revenue,” making the funds appear legitimate.Escalation to AML compliance is required. The institution may need to file a SAR depending on the outcome of enhanced due diligence.

C) Ignoring the inconsistency because the customer has long tenure is dangerous. Long-standing customers can still be exploited or corrupted over time. Criminal groups often target established businesses because they have preexisting banking credibility.

D) Closing the account immediately is too aggressive without first conducting enhanced due diligence. Account closure is appropriate only if risk is confirmed and the customer cannot justify activity.

The correct answer prioritizes analysis, documentation, escalation, and compliance review.

Question 128

A new customer opens an account and immediately begins receiving international wire transfers from unrelated companies in high-risk jurisdictions. The customer states they are doing “consulting work,” but cannot provide contracts, invoices, or a business website. What should the institution do?

A) Accept the explanation because consulting businesses often have flexible structures
B) Investigate the legitimacy of the customer’s business activity through enhanced due diligence
C) Allow the transfers to continue as long as AML filters do not detect sanctioned parties
D) Close the account automatically

Answer: B

Explanation  

International wires from high-risk jurisdictions combined with vague business descriptions and lack of documentation constitute a classic AML red-flag scenario. Thus, consulting companies with vague operations require rigorous due diligence.

A) Accepting the explanation because consulting is flexible is insufficient. The absence of all documentation significantly increases suspicion.

B) Investigating the business through EDD is the correct step.The institution must assess whether the payments resemble trade-based money laundering, invoice fraud, or professional-service laundering schemes. If the customer cannot substantiate the legitimacy of funds, the bank must escalate for SAR consideration.

C) Allowing transfers simply because screening systems do not flag sanctions misses the point. Money laundering often does not involve sanctioned parties. Sanctions screening is separate from AML risk detection.

D) Closing the account immediately is premature but may be appropriate if the customer cannot provide any legitimate business documentation after reasonable requests.Enhanced due diligence is the essential first step.

Question 129

A customer sends frequent outgoing international wires to multiple individuals in a sanctioned-adjacent region. The amounts are small and appear to be personal, but the frequency is unusually high. The customer claims they are “helping family and friends.” What should the bank do?

A) Accept the explanation because the transfers are small
B) Assess sanctions-evasion and value-transfer risk through enhanced monitoring and possible escalation
C) Allow all transfers because they are personal
D) Block the customer’s account immediately

Answer: B

Explanation 

Frequent personal wire transfers to individuals in regions adjacent to sanctioned countries present a unique risk. Although the transfers are small, AML and sanctions-evasion risks do not correlate solely with transaction size.

A) Accepting the explanation because transfers are small is naïve. Criminals and state actors may attempt to bypass formal sanctions detection by distributing payments across multiple individuals.

B) The correct action is to assess the risk more deeply. If concerns persist, the institution must escalate to compliance for potential SAR filing and, if applicable, sanctions-risk evaluation.

C) Allowing all transfers because they are personal is not appropriate. Personal transactions can absolutely be used for sanctions evasion, value movement, terrorism financing, or illicit cross-border settlements.

D) Blocking the account is too aggressive without full investigation.The correct approach includes enhanced monitoring, documentation requests, and possible compliance escalation.

Question 130

A corporate customer suddenly changes its beneficial ownership structure, adding a new shareholder who resides in a high-risk jurisdiction and has no observable business background. The customer provides minimal explanation. What should the institution do?

A) Accept the ownership change as internal business restructuring
B) Conduct enhanced due diligence on the new beneficial owner and assess risk implications
C) Ignore the change unless transactions increase
D) Close the customer’s account immediately

Answer: B

Explanation  

A) Accepting the change as routine restructuring is dangerous. When none of these are provided, suspicion increases.

B) Enhanced due diligence is essential.Adding a shareholder with no discernible background is a major red flag for shell-company abuse, corporate-layering schemes, or placement of illicit proceeds through corporate equity.If gaps remain or the new owner appears suspicious, the institution must escalate the matter for compliance review, enhanced monitoring, or SAR consideration.

C) Ignoring the change until transactions increase misses the key risk: beneficial ownership itself is a risk driver, independent of transaction volume.

D) Closing the account immediately is excessive without a thorough investigation.Enhanced due diligence protects the bank and satisfies regulatory expectations.

Question 131

A financial institution notices that a customer who owns a small import–export business begins receiving large incoming transfers from multiple unrelated shell companies located in different high-risk jurisdictions. The customer claims these entities are “international partners,” but cannot provide contracts or shipping documentation. What is the most appropriate action for the institution?

A) Accept the explanation because global businesses often work with many partners
B) Conduct enhanced due diligence to verify business legitimacy and review trade documentation
C) Allow the transfers as long as the amounts match the customer’s declared expected activity
D) Automatically close the account because shell companies are involved

Answer: B

Explanation

When a financial institution observes unusual incoming transfers, especially from multiple unrelated entities based in high-risk jurisdictions, the activity requires immediate review. Import–export businesses are commonly exploited for money laundering because cross-border movement of goods and funds can obscure illicit activity. When incoming transfers originate from shell companies, the risk increases significantly, especially when the customer cannot provide legitimate documentation supporting real international trade operations.

A) It is not appropriate to accept the claim that these entities are “international partners” simply because global businesses often work with many partners. While some international companies may indeed have a broad network of suppliers, distributors, or intermediaries, legitimate trade relationships are always accompanied by formal documentation. These may include contracts, invoices, shipping records, customs filings, bills of lading, or service agreements. Without documentation, it becomes impossible for the institution to verify whether the funds are tied to genuine commercial activity or instead represent disguised proceeds of illicit conduct. The lack of transparency and inability to substantiate the partnership claims signal elevated risk.

B) Conducting enhanced due diligence is the correct action because the situation presents high-risk typologies associated with trade-based money laundering, shell-company abuse, and layering of illicit proceeds. Enhanced due diligence involves requesting additional records that substantiate the legitimacy of the business relationships and the transactions. This may include reviewing corporate registration documents of the entities sending funds, verifying their existence and business purpose, obtaining detailed descriptions of the nature of each trade transaction, reviewing invoices, examining transport records, comparing commercial invoices with payment amounts, and validating whether the goods described are plausible for the customer’s business. Enhanced due diligence also involves assessing whether the jurisdictions involved are known for secrecy laws, weak AML controls, or high levels of corruption. If discrepancies remain, or documents cannot be produced, or the documentation is suspicious in format or content, the institution must consider escalating the matter to its AML compliance department and potentially filing a suspicious activity report.

C) Allowing the transfers merely because the amounts match previously stated expected activity is insufficient. Expected activity is only meaningful when it is based on legitimate, documented business operations. If the customer earlier declared anticipated volumes but still cannot produce trade documentation, the stated activity expectation may itself be misleading or fabricated. Criminals may attempt to pre-justify their laundering activities by falsely declaring high expected activity volumes during onboarding. The absence of supporting trade evidence undermines the credibility of any previously stated expectations.

D) Automatically closing the account is premature. While the involvement of shell companies in high-risk jurisdictions is a serious warning sign, immediate closure without enhanced due diligence may violate fair-treatment expectations or internal escalation processes. Institutions must take reasonable steps to gather information, investigate discrepancies, and assess whether the activity can be legitimately explained. Only if the customer fails to provide documentation or if the institution concludes the activity is suspicious and poses unacceptable risk would account termination be appropriate. Proper compliance protocol generally requires investigation first, not immediate closure.

For these reasons, the best and most consistent action aligned with AML standards is to conduct enhanced due diligence to validate legitimacy of transactions, making B the correct answer.

Question 132

A customer who operates a jewelry business deposits a series of large cash amounts over several weeks. The deposits are inconsistent with the business’s historical pattern and the customer claims they were from “successful bulk sales,” but no invoices or sales receipts are produced. What is the most appropriate next step?

A) Accept the explanation because jewelry is a cash-intensive industry
B) Request documentation such as invoices and conduct enhanced review
C) Ignore the deposits because they fall under local exemption rules
D) Immediately close the account

Answer: B

Explanation

Jewelry businesses are considered high-risk because they deal in easily transportable, high-value items that are often used by criminals as a means of converting illicit cash into assets. When cash deposits increase suddenly and unexpectedly, and the customer cannot provide documentation such as receipts, invoices, or sales logs, the financial institution must investigate the activity thoroughly.

A) Accepting the explanation simply on the grounds that jewelry is a cash-intensive industry is insufficient. While it is true that jewelry dealers may deal with cash, especially when selling items like gold, diamonds, or pre-owned pieces, legitimate businesses maintain sales records, receipts, transaction logs, inventory documentation, and clear reporting trails. Cash-intensive industries are precisely the ones that criminals target for laundering, making increased scrutiny necessary whenever patterns deviate from historical norms. Without documentation, the explanation lacks credibility and does not support a legitimate business reason for the activity.

B) Requesting documentation and conducting an enhanced review is the correct next step. Enhanced review means requesting supporting materials that verify the customer’s claim of “successful bulk sales.” These would typically include sales invoices, customer receipts, wholesale purchase documentation, proof of inventory movement, and any relevant contracts or supplier agreements. The institution should also compare the new activity against prior deposit patterns, annual revenue, customer base, and local market conditions. A legitimate surge in sales should be traceable through proper business records. Enhanced due diligence may also involve site visits, reviewing the business’s inventory control systems, analyzing whether declared inventory aligns with claimed sales volumes, and checking for potential tax inconsistencies. If the customer cannot provide reasonable documentation, or if the records appear fabricated or incomplete, the institution may need to escalate the matter for further review or file a suspicious activity report.

C) Ignoring the deposits because they fall under local exemption rules is inappropriate. Even when regulatory exemptions exist for certain businesses, institutions are still required to monitor patterns, detect anomalies, and assess the plausibility of customer explanations. Exemptions only affect reporting thresholds, not monitoring obligations. A sudden surge in cash activity without documentation is always a cause for concern in a high-risk sector like jewelry.

D) Immediately closing the account is not appropriate without further investigation. Account closure is considered a last resort and typically follows an internal review, escalation, and documented attempts to clarify irregularities. Immediate closure without investigation may violate internal procedures and regulatory expectations.

Thus, requesting documentation and conducting further review is the correct and measured response, making B the correct answer.

Question 133

A customer begins using cryptocurrency exchanges frequently, transferring funds to multiple platforms with no clear pattern. The customer claims they are “testing investment opportunities,” but the amounts are large relative to their income. What should the institution do?

A) Accept the explanation because cryptocurrency investments are common
B) Perform enhanced due diligence on the customer’s source of funds and cryptocurrency activity
C) Ignore the activity because it involves personal investments
D) Block all cryptocurrency-related transfers immediately

Answer: B

Explanation

Cryptocurrency transactions present heightened AML risks due to their anonymity features, global accessibility, and rapid movement potential. When a customer engages in frequent cryptocurrency transfers that are inconsistent with their financial profile, the institution must take additional steps to understand the source of funds and nature of activity.

A) Accepting the explanation because cryptocurrency is popular is not sufficient. While many individuals invest in digital assets, legitimate investors typically exhibit patterns consistent with their risk tolerance, income level, and investment objectives. When activity exceeds the customer’s financial capacity, or when transactions lack coherence, the activity becomes suspicious. Criminals frequently use cryptocurrency platforms to layer illicit funds, obscure transaction origins, or convert proceeds into decentralized forms. Thus, reliance solely on a generic explanation exposes the institution to risk.

B) The correct response is to conduct enhanced due diligence. This involves reviewing the customer’s source of funds and asking for clarification regarding the nature of cryptocurrency activities. The institution should verify the customer’s income, employment, and financial capacity to support high-value investments. Enhanced due diligence may include gathering investment statements, transaction screenshots from exchanges, and reviewing whether the platforms used are reputable and compliant. The institution should assess whether the activity aligns with risk indicators such as frequent transfers to new or little-known exchanges, movement of funds through multiple platforms in short intervals, or apparent lack of an investment strategy. Cryptocurrency movements must be evaluated in relation to known typologies of money laundering involving rapid layering, mixing services, peer-to-peer transfers, and transfers to offshore exchanges that lack AML controls. If concerns remain unresolved, the institution should escalate to compliance for potential SAR filing.

C) Ignoring the activity because it involves personal investments is inappropriate. Personal transactions can still involve illicit funds. The institution must evaluate all activity against the customer’s profile and expected behavior. High-value investments by a customer with modest income raise source-of-funds concerns that cannot be dismissed.

D) Blocking all cryptocurrency-related transfers is overly broad and may violate customer rights. Restrictions must be based on specific investigative findings, not general assumptions about cryptocurrency risks.

The best course of action is enhanced due diligence, making B the correct answer.

Question 134

A customer with no prior history of remittances begins sending frequent money transfers to several individuals in a region known for terrorist-financing activity. The customer claims they are “making charitable donations.” What should the financial institution do?

A) Accept the explanation because charitable donations are common
B) Conduct enhanced monitoring and investigate the legitimacy of the recipients
C) Ignore the activity because the amounts are small
D) Immediately close the account and report the customer

Answer: B

Explanation

Regions associated with terrorist-financing risks require heightened scrutiny, particularly when a customer suddenly begins sending money transfers to multiple individuals with no prior history of such activity. The institution must evaluate both the purpose and the recipients of the funds to determine whether the transfers are legitimate or potentially linked to illicit activities.

A) Accepting the explanation at face value is not appropriate. Charitable donations are indeed common, but legitimate charitable giving typically involves known nonprofit organizations, registered charity entities, or formal aid institutions. Donations to multiple individuals in a high-risk region without documented affiliation to charities raise concerns. Criminals sometimes disguise illicit transfers as humanitarian aid or personal donations to bypass AML controls. Thus, the explanation requires verification.

B) Conducting enhanced monitoring and investigating recipient legitimacy is the correct approach. Enhanced monitoring includes reviewing transaction patterns, assessing whether the beneficiaries are connected to known charity groups, verifying whether any of the recipients appear on watch lists, and evaluating whether the customer’s financial capacity aligns with the frequency and amounts of transfers. The institution may ask the customer for documentation showing that these transfers are part of an organized charitable effort. If the recipients are private individuals rather than registered organizations, risk increases substantially because such transfers may constitute informal value-transfer systems or covert support to extremist organizations. The institution must document all investigative steps and escalate the case to compliance for further review. If red flags remain, a suspicious activity report may be required.

C) Ignoring the activity because the amounts are small is unsafe. Terrorist financing often involves small sums sent frequently to avoid detection. Small-value remittances are a known typology used by individuals supporting extremist activities, logistical planning, or recruitment funding. AML programs are designed to capture suspicious patterns regardless of amount.

D) Immediately closing the account without investigation is premature. Account termination is generally used only after investigative steps show unacceptable or unmanageable risk. Institutions must first attempt to clarify the activity, verify the legitimacy of the transfers, and document findings before taking extreme measures.

Thus, the proper response is enhanced monitoring and further investigation, making B the correct answer.

Question 135

A corporate customer begins transferring large sums to a newly opened subsidiary located in an offshore secrecy jurisdiction. The customer claims the transfers are for “strategic expansion,” but no business plan or documentation is provided. What should the institution do?

A) Accept the explanation because multinational companies often expand quickly
B) Request detailed documentation and conduct enhanced due diligence on the subsidiary
C) Ignore the transfers because the funds move within the same corporate group
D) Automatically decline all transfers to offshore jurisdictions

Answer: B

Explanation

Offshore secrecy jurisdictions present elevated money-laundering risks due to limited transparency, strong privacy protections, and weak regulatory frameworks. When a corporate customer initiates large transfers to a newly created offshore subsidiary without supporting documentation, the financial institution must perform thorough checks to understand the legitimacy of the activity.

A) Accepting the explanation because multinational companies often expand is inappropriate. While expansion can occur rapidly, legitimate corporate expansion is typically accompanied by strategic planning documents, financial forecasts, incorporation paperwork, tax planning records, or board resolutions. The absence of documentation makes the explanation insufficient. Offshore subsidiaries are common in global corporate structures but are also widely used to hide beneficial ownership or obscure the origin and destination of funds.

B) Requesting detailed documentation and performing enhanced due diligence is the correct approach. Enhanced due diligence includes reviewing incorporation records for the offshore subsidiary, verifying beneficial ownership, examining the purpose of the subsidiary, reviewing board resolutions authorizing funding transfers, assessing the business rationale for choosing an offshore jurisdiction, and determining whether the jurisdiction is associated with secrecy laws, tax evasion risks, or weak AML oversight. The institution should request business plans, financial models, or operational justifications supporting the claim of “strategic expansion.” It should also evaluate whether the transfer amounts match the company’s financial ability and whether similar expansion patterns exist in other parts of the company’s history. If documented information cannot be provided or appears inconsistent, the bank must escalate the case for compliance review.

C) Ignoring the transactions because they occur within the same corporate group is inappropriate. Intragroup transfers can still involve illicit activity, particularly when offshore subsidiaries are newly formed or when ownership structures lack transparency. Criminal enterprises sometimes use complex group structures to disguise movement of illicit funds.

D) Automatically declining all offshore transfers is overly restrictive. Offshore jurisdictions include both legitimate financial centers and high-risk secrecy hubs. Many companies lawfully use offshore structures for tax planning, global operations, or investor arrangements. Declining all such transfers without review may violate customer rights and internal procedures.

Therefore, the correct action is to conduct enhanced due diligence and obtain supporting documentation, making B the correct answer.

Question 136

Which situation would most likely require a financial institution to file an immediate suspicious activity report rather than wait for the normal reporting cycle?

A) A client deposits multiple small checks from different regions every month
B) A customer suddenly sends a large international wire with incomplete beneficiary details
C) A client threatens an employee when questioned about the source of funds
D) A dormant account becomes active with regular ATM withdrawals

Answer: C

Explanation

A) A scenario where a person routinely deposits small checks from many regions can certainly indicate an effort to obscure the source of funds. It may hint at a pattern involving structuring, or it could point toward an attempt to move illicit money into the financial system in seemingly harmless increments. Still, although this might trigger heightened monitoring or an internal review, it does not automatically demand urgent escalation. The pattern is concerning, but it usually develops over time and does not require immediate reporting. The institution may gather more evidence through continued monitoring before concluding whether the event meets the threshold for immediate reporting. While it is relevant and suspicious, it typically does not create imminent risk that would require an instant notification to authorities outside standard submission timeframes.

B) A situation where an individual performs an unexpected large international wire with poor information about the final recipient does raise concerns. This can potentially signal an attempt to hide beneficiary identities, avoid sanctions screening, or rapidly move funds to high-risk jurisdictions. Nevertheless, unless the context includes signs of imminent danger, criminal activity in motion, or threats, it remains classified as a suspicious transaction requiring timely but not instantaneous reporting. The institution would begin an investigation promptly, verify missing details, assess the customer’s pattern of activity, and evaluate whether the transfer fits legitimate business purposes. It does not embody the type of emergency or coercion that demands immediate filing.

C) A circumstance in which an individual threatens an employee when asked ordinary compliance questions indicates an immediate risk that goes beyond monetary irregularities. Threatening behavior may demonstrate that the person is attempting to prevent disclosure of criminal activity, exert pressure on the institution, obstruct regulatory obligations, or intimidate staff into violating required reporting duties. This type of confrontation creates an urgent situation because it involves safety concerns, potential criminal coercion, and possible retaliation. When threats arise, institutions must prioritize employee safety while also recognizing that the aggressive attempt to prevent due diligence strongly implies ongoing criminal behavior. Authorities may need to be notified immediately to prevent harm or obstruction of justice. Therefore, this is the clearest and most direct example where immediate reporting is necessary because the risk is not only financial but also physical and operational.

D) An inactive account suddenly becoming active through consistent ATM withdrawals may signal misuse, identity compromise, or exploitation by money mules. These patterns require a rapid compliance response, updated customer risk assessment, and possibly a suspicious activity filing. However, it does not typically represent a scenario requiring immediate, accelerated reporting unless additional aggravating factors arise. Though suspicious, the institution normally has time to evaluate transaction patterns, verify with the customer, and gather evidence before submitting any report. The activity alone does not indicate imminent threat or coercion.

Given the comparisons, the most urgent and dangerous situation involves threatening behavior, making the selection that includes intimidation the circumstance that compels immediate reporting. It introduces a risk involving more than financial crime—it suggests potential violence, obstruction, and pressure to stop compliance efforts. Institutions must respond to such scenarios with swift and decisive action.

Question 137

What is the primary objective of an AML governance committee within a financial institution?

A) To approve all high-value transactions over a set monetary limit
B) To oversee enterprise-wide compliance strategy and risk alignment
C) To conduct background checks on all new hires
D) To manage the institution’s cybersecurity framework

Answer: B

Explanation

A) A group devoted solely to approving transactions based on monetary thresholds does not align with the essential purpose of a governance body for anti-money laundering oversight. Although certain institutions maintain committees that review elevated-risk transactions or provide approvals for unusual activities, that type of review group operates on a narrow procedural basis. It does not represent a governance structure with enterprise-wide oversight. Governance in an AML context must guide policy, ensure compliance readiness, and coordinate the system of controls rather than act as a transaction-approval unit. Therefore, limiting the role to approving large transactions does not meet the broader organizational objective associated with governance.

B) The central aim of a governance committee related to anti-money laundering obligations is to maintain strategic alignment across the organization. This includes assessing institutional risk, reviewing policies, ensuring that compliance goals match regulatory expectations, evaluating program gaps, and coordinating communication between board-level oversight and operational teams. This type of committee guarantees that policies are not only written but effectively implemented, reviewed, and updated. It brings together decision-makers across multiple departments so that AML responsibilities are supported throughout the organization. By maintaining oversight of the entire compliance framework, the committee ensures that the institution’s risk appetite, regulatory obligations, and operational controls stay consistent with industry standards.

C) Performing background checks on incoming employees is an important function of human resources and sometimes compliance, but it does not reflect the strategic nature of governance. While AML programs may require screening of employees to ensure integrity and reliability, that responsibility is too narrow and too operational to be considered the main objective of an AML governance committee. Governance focuses on aligning the program, assessing risk, ensuring adequate staffing levels, confirming effective training, reviewing high-level issues, and making sure appropriate resources are allocated—not screening individuals one by one.

D) Managing cybersecurity is a separate domain, often handled by specialized information security teams, technology departments, and executive leaders responsible for digital risk. Although cybersecurity and AML share certain risk considerations—such as fraud, identity compromise, and data integrity—they remain distinct operational areas. An AML governance group oversees financial crime compliance rather than technical systems security. The goals, functions, and required expertise are different, so combining them would dilute both security and compliance effectiveness.

Given these distinctions, the governance group’s main function is to maintain enterprise-wide oversight, ensuring alignment, accountability, coordination, and strategic direction across all compliance activities. This makes the selection focused on organization-wide strategy the correct one.

Question 138

A correspondent bank requests extensive AML documentation from a smaller respondent institution before renewing their relationship. What is the most likely reason for this request?

A) The correspondent bank wants to negotiate lower service fees
B) The correspondent bank must ensure the respondent follows adequate AML controls
C) The correspondent bank is preparing to exit the relationship entirely
D) The correspondent bank wants to promote joint marketing opportunities

Answer: B

Explanation

A) A request for enhanced AML documentation is unrelated to fee negotiations. Financial institutions negotiate pricing based on business volume, long-term value, and operational cost. AML documentation does not play a role in determining service charges and therefore is not a sign of any intention to renegotiate pricing. Complex compliance assessments are not part of the financial negotiation process, and institutions do not require verification of anti-money laundering frameworks solely for commercial advantage. Therefore, this motive lacks validity and does not match industry practice.

B) A correspondent bank must conduct robust due diligence on a respondent institution, especially when the relationship involves cross-border services, access to the correspondent’s financial system, or higher-risk jurisdictions. Regulatory expectations—including global standards, guidance from FATF, and national supervisory rules—require correspondents to understand whether a respondent maintains adequate compliance controls. Without proper documentation, the correspondent could be exposed to illicit activity facilitated through the respondent. Gathering extensive AML information ensures that the respondent’s controls, compliance policies, customer onboarding procedures, and monitoring systems align with the correspondent’s risk expectations. This process represents a fundamental part of correspondent banking oversight and is designed to protect both institutions from regulatory and reputational risk.

C) While institutions sometimes exit relationships based on risk, requesting detailed AML documents is not in itself proof that such an exit is imminent. If the correspondent intended to end the relationship with certainty, it would typically notify the respondent or reduce services rather than require lengthy documentation reviews. Exhaustive due diligence suggests that the institution is still evaluating the respondent and has not reached a final conclusion. Therefore, assuming that the request signals discontinuation is premature and inaccurate.

D) Collaborative marketing initiatives have nothing to do with AML assessments. Joint marketing is a commercial endeavor involving brand promotion, customer outreach, or community programs. AML documentation requests are strictly compliance-oriented and mandated by regulatory responsibilities. Marketing objectives do not require the respondent to provide details such as risk assessments, training materials, compliance frameworks, or audit reports.

The correct explanation is that the correspondent must protect itself from financial crime risk and regulatory consequences. Ensuring the adequacy of controls within the respondent institution is essential for maintaining a safe relationship.

Question 139

Which type of customer activity would most strongly indicate potential use of funnel accounts?

A) Numerous cash deposits made in different states but withdrawn in a single region
B) Multiple credit card payments made from unrelated online merchants
C) A customer repeatedly invests in low-risk government bonds
D) A series of late-night ATM withdrawals in the same neighborhood

Answer: A

Explanation

A) Activity where cash is deposited across diverse geographic locations and later withdrawn in one concentrated area aligns with the hallmark pattern of funnel accounts. These accounts are typically used in schemes where individuals in different regions deposit cash into the same account, after which the funds are quickly withdrawn or transferred to a single location. Criminals use this method to disguise the source and origin of funds, take advantage of fast-moving transactions, and exploit the banking system across multiple states. The activity appears legitimate because each individual deposit may seem routine, but when combined, the pattern reveals an organized structure moving illicit proceeds across jurisdictions. This type of movement is highly consistent with known indicators used by money laundering organizations, especially drug trafficking groups.

B) Credit card payments from various online merchants do not resemble the structure used in funnel accounts. Funnel activity is usually cash-based, involves multiple depositors, and focuses on geographical dispersion in deposits with centralized withdrawals. Online merchant payments through credit systems form a distinct pattern with different risks — such as fraud, chargebacks, or card testing — but they do not mimic the primary components of funnel account misuse.

C) Repeated investment in government bonds reflects low-risk financial activity. Government securities are transparent, stable, and typically purchased through legitimate channels such as brokerage accounts. They are not consistent with funnel account behavior, which requires rapid transactional movement, cross-regional deposits, and structured cash activity. A customer choosing conservative investments does not fit any model used in funnel schemes.

D) Frequent ATM withdrawals in one area can indicate problems like card theft, fraud, or misuse. However, they do not suggest the pattern of wide-area deposits across the country. Funnel accounts depend on multistate or multicity deposits followed by consolidated withdrawals. Restricted ATM behavior in one location lacks the essential cross-geographical nature of funnel misuse.

When comparing all scenarios, only the dispersed deposit and centralized withdrawal pattern mirrors the operational blueprint of funnel accounts.

Question 140

What is the primary reason financial institutions must maintain ongoing transaction monitoring even after completing initial customer due diligence?

A) Customer risk ratings must remain unchanged at all times
B) Customer behavior and external risks can evolve over time
C) Institutions are required to terminate accounts with minimal activity
D) Ongoing monitoring eliminates the need for future regulatory audits

Answer: B

Explanation

A) The concept that risk ratings should remain unchanged contradicts the purpose of ongoing monitoring. Risk assessments must be dynamic and flexible, adapting to customer behavior and new information. Freezing a customer’s risk score would undermine the institution’s ability to detect emerging patterns, identify suspicious behavior, or adjust controls. Therefore, ongoing monitoring exists precisely because customers do not remain static, and their risk categorization may need revision throughout the relationship.

B) Customer activity can change dramatically over time in response to new business relationships, shifts in financial needs, personal circumstances, geographic relocations, or illicit intentions. External risks — such as geopolitical instability, new sanctions, evolving criminal techniques, and market changes — also influence how a customer interacts with the financial system. Initial due diligence is only a snapshot taken at a single point in time. Without ongoing monitoring, institutions would fail to detect changes that reveal emerging red flags, new typologies, or deviations from expected patterns. Monitoring ensures that the institution remains aware of suspicious developments, updates risk ratings appropriately, and files reports when necessary. This is the foundation of a risk-based AML framework.

C) There is no regulatory requirement to terminate accounts simply because activity is low. Dormant or low-usage accounts may present some risk, but they do not require closure unless they show problematic or suspicious characteristics. Ongoing monitoring helps ensure that changes in activity are noticed, but it does not dictate mandatory termination. Maintaining monitoring is about understanding customers, not forcing account discontinuation without purpose.

D) Ongoing monitoring does not remove the need for regulatory audits. Supervisory entities still evaluate program quality, examine monitoring systems, and review reporting practices, regardless of how often an institution monitors transactions. Audits remain integral to regulatory oversight and cannot be eliminated through internal monitoring activities. Ongoing monitoring focuses on detecting suspicious activity, not on eliminating regulator involvement.

The only explanation capturing the true purpose of continuing surveillance is the recognition that risk evolves and customer behavior changes. Institutions must therefore maintain active oversight beyond onboarding.