CFT MONITOR Actual CERTIFICATION EXAM
2026-2027 – Professional Compliance
Certification Assessment
DOMAIN 1: REGULATORY FRAMEWORK & REQUIREMENTS (Questions 1-20)
Q1: According to the USA PATRIOT Act Section 326, financial institutions must
implement a Customer Identification Program (CIP) that includes which of the following
minimum requirements?
A. Verify customer identity using documentary methods only
B. Maintain records of information used to verify identity for seven years after account
closing
C. Provide customers with notice that information is being collected to verify their
identity
D. All of the above
Correct Answer: C
REGULATORY BASIS:
• Primary Regulation: USA PATRIOT Act Section 326; 31 CFR §1020.220
• Regulatory Guidance: FFIEC BSA/AML Examination Manual - CIP Requirements (2026
Update)
• Enforcement Precedent: 2024 FinCEN consent order citing CIP notice deficiencies
PROFESSIONAL ANALYSIS:
, 1. Risk Assessment: CIP is foundational for understanding customer risk profile;
notice requirement ensures transparency
2. Monitoring Logic: Proper identification enables effective transaction monitoring
and alert triage
3. Investigation Requirements: CIP information crucial for investigations;
inadequate CIP impedes SAR filing capabilities
4. Reporting Obligations: Inadequate CIP can lead to SAR filing deficiencies and
regulatory criticism
COMMON COMPLIANCE ERRORS:
• Error Pattern 1: Choosing B - CIP records must be maintained for five years after
account closing, not seven (seven years applies to SARs)
• Error Pattern 2: Choosing A - CIP mandates risk-based verification allowing both
documentary and non-documentary methods; permitting documentary-only creates
compliance gaps for higher-risk customers
CERTIFICATION COMPETENCY DEMONSTRATED:
• Precise regulatory knowledge exceeding general awareness
• Distinguishing between record retention periods across different BSA provisions
Q2: Under FinCEN's 2026 Final Rule on Access to Beneficial Ownership Information,
which parties have access to the beneficial ownership registry for AML compliance
purposes?
A. All financial institutions for all customer due diligence
B. Federal law enforcement agencies and certain financial institutions with customer
consent
C. State and local law enforcement with a court order only
D. No financial institution access is permitted under the rule
Correct Answer: B
,REGULATORY BASIS:
• Primary Regulation: 31 CFR §1010.380 (Beneficial Ownership Reporting); Corporate
Transparency Act §5336; 2026 Final Rule on Access
• Regulatory Guidance: FinCEN Guidance FIN-2026-G001 "Access to Beneficial
Ownership Information"
• Enforcement Precedent: N/A - Rule effective January 2026; no enforcement precedent
yet established
PROFESSIONAL ANALYSIS:
1. Risk Assessment: Beneficial ownership transparency critical for understanding
legal entity risks and shell company detection
2. Monitoring Logic: Access to registry enhances due diligence efficiency and
accuracy for high-risk entity verification
3. Investigation Requirements: Registry data supplements traditional investigation
methods when ownership documentation is suspect
4. Reporting Obligations: May affect SAR narratives when ownership discrepancies
identified between customer-provided data and registry
COMMON COMPLIANCE ERRORS:
• Error Pattern 1: Choosing A - Overestimating access; requires customer consent and
specific qualified applicant status; not available for routine account opening without
specific protocol adherence
• Error Pattern 2: Choosing D - Underestimating 2026 rule changes expanding limited
access to financial institutions under specific qualifying circumstances
CERTIFICATION COMPETENCY DEMONSTRATED:
• Knowledge of recent regulatory developments and Corporate Transparency Act
implementation phases
• Understanding of privacy-protected access frameworks balancing transparency and
data security
Q3: According to 31 CFR §1010.311 (FinCEN's Recordkeeping Rule), financial
institutions must retain records of funds transfers of $3,000 or more for a period of:
A. Three years from the date of the transfer
, B. Five years from the date of the transfer
C. Seven years from the date of the transfer
D. The duration of the account relationship plus two years
Correct Answer: B
REGULATORY BASIS:
• Primary Regulation: 31 CFR §1010.311 (Previously 31 CFR 103.33); BSA
Recordkeeping Requirements
• Regulatory Guidance: FinCEN Guidance on Funds Transfer Recordkeeping; FFIEC
Examination Manual - Funds Transfers
• Enforcement Precedent: 2024 OCC enforcement action against national bank for
record retention deficiencies
PROFESSIONAL ANALYSIS:
1. Risk Assessment: Five-year retention aligns with statute of limitations for BSA
violations and enables historical pattern analysis
2. Monitoring Logic: Records essential for retroactive look-backs when new
typologies emerge
3. Investigation Requirements: Law enforcement frequently requests 3-5 year
transactional histories during investigations
4. Reporting Obligations: Adequate records support SAR filing accuracy and
completeness requirements
COMMON COMPLIANCE ERRORS:
• Error Pattern 1: Choosing A - Confusing with general business record retention or state
law requirements rather than federal BSA mandate
• Error Pattern 2: Choosing C - Applying SAR record retention (five years) but confusing
with SEC or other seven-year retention requirements
CERTIFICATION COMPETENCY DEMONSTRATED:
• Precise knowledge of specific record retention timelines across BSA provisions
• Understanding of interagency consistency in five-year BSA retention standards
2026-2027 – Professional Compliance
Certification Assessment
DOMAIN 1: REGULATORY FRAMEWORK & REQUIREMENTS (Questions 1-20)
Q1: According to the USA PATRIOT Act Section 326, financial institutions must
implement a Customer Identification Program (CIP) that includes which of the following
minimum requirements?
A. Verify customer identity using documentary methods only
B. Maintain records of information used to verify identity for seven years after account
closing
C. Provide customers with notice that information is being collected to verify their
identity
D. All of the above
Correct Answer: C
REGULATORY BASIS:
• Primary Regulation: USA PATRIOT Act Section 326; 31 CFR §1020.220
• Regulatory Guidance: FFIEC BSA/AML Examination Manual - CIP Requirements (2026
Update)
• Enforcement Precedent: 2024 FinCEN consent order citing CIP notice deficiencies
PROFESSIONAL ANALYSIS:
, 1. Risk Assessment: CIP is foundational for understanding customer risk profile;
notice requirement ensures transparency
2. Monitoring Logic: Proper identification enables effective transaction monitoring
and alert triage
3. Investigation Requirements: CIP information crucial for investigations;
inadequate CIP impedes SAR filing capabilities
4. Reporting Obligations: Inadequate CIP can lead to SAR filing deficiencies and
regulatory criticism
COMMON COMPLIANCE ERRORS:
• Error Pattern 1: Choosing B - CIP records must be maintained for five years after
account closing, not seven (seven years applies to SARs)
• Error Pattern 2: Choosing A - CIP mandates risk-based verification allowing both
documentary and non-documentary methods; permitting documentary-only creates
compliance gaps for higher-risk customers
CERTIFICATION COMPETENCY DEMONSTRATED:
• Precise regulatory knowledge exceeding general awareness
• Distinguishing between record retention periods across different BSA provisions
Q2: Under FinCEN's 2026 Final Rule on Access to Beneficial Ownership Information,
which parties have access to the beneficial ownership registry for AML compliance
purposes?
A. All financial institutions for all customer due diligence
B. Federal law enforcement agencies and certain financial institutions with customer
consent
C. State and local law enforcement with a court order only
D. No financial institution access is permitted under the rule
Correct Answer: B
,REGULATORY BASIS:
• Primary Regulation: 31 CFR §1010.380 (Beneficial Ownership Reporting); Corporate
Transparency Act §5336; 2026 Final Rule on Access
• Regulatory Guidance: FinCEN Guidance FIN-2026-G001 "Access to Beneficial
Ownership Information"
• Enforcement Precedent: N/A - Rule effective January 2026; no enforcement precedent
yet established
PROFESSIONAL ANALYSIS:
1. Risk Assessment: Beneficial ownership transparency critical for understanding
legal entity risks and shell company detection
2. Monitoring Logic: Access to registry enhances due diligence efficiency and
accuracy for high-risk entity verification
3. Investigation Requirements: Registry data supplements traditional investigation
methods when ownership documentation is suspect
4. Reporting Obligations: May affect SAR narratives when ownership discrepancies
identified between customer-provided data and registry
COMMON COMPLIANCE ERRORS:
• Error Pattern 1: Choosing A - Overestimating access; requires customer consent and
specific qualified applicant status; not available for routine account opening without
specific protocol adherence
• Error Pattern 2: Choosing D - Underestimating 2026 rule changes expanding limited
access to financial institutions under specific qualifying circumstances
CERTIFICATION COMPETENCY DEMONSTRATED:
• Knowledge of recent regulatory developments and Corporate Transparency Act
implementation phases
• Understanding of privacy-protected access frameworks balancing transparency and
data security
Q3: According to 31 CFR §1010.311 (FinCEN's Recordkeeping Rule), financial
institutions must retain records of funds transfers of $3,000 or more for a period of:
A. Three years from the date of the transfer
, B. Five years from the date of the transfer
C. Seven years from the date of the transfer
D. The duration of the account relationship plus two years
Correct Answer: B
REGULATORY BASIS:
• Primary Regulation: 31 CFR §1010.311 (Previously 31 CFR 103.33); BSA
Recordkeeping Requirements
• Regulatory Guidance: FinCEN Guidance on Funds Transfer Recordkeeping; FFIEC
Examination Manual - Funds Transfers
• Enforcement Precedent: 2024 OCC enforcement action against national bank for
record retention deficiencies
PROFESSIONAL ANALYSIS:
1. Risk Assessment: Five-year retention aligns with statute of limitations for BSA
violations and enables historical pattern analysis
2. Monitoring Logic: Records essential for retroactive look-backs when new
typologies emerge
3. Investigation Requirements: Law enforcement frequently requests 3-5 year
transactional histories during investigations
4. Reporting Obligations: Adequate records support SAR filing accuracy and
completeness requirements
COMMON COMPLIANCE ERRORS:
• Error Pattern 1: Choosing A - Confusing with general business record retention or state
law requirements rather than federal BSA mandate
• Error Pattern 2: Choosing C - Applying SAR record retention (five years) but confusing
with SEC or other seven-year retention requirements
CERTIFICATION COMPETENCY DEMONSTRATED:
• Precise knowledge of specific record retention timelines across BSA provisions
• Understanding of interagency consistency in five-year BSA retention standards
