ACAMS EXAM QUESTIONS AND
CORRECT ANSWERS ALREADY
PASSED
What does FATF recommend considering when assessing risk? - Answer-When
assessing risk, FATF recommends considering: • Customer risk factors such as non-
resident customers, cash-intensive businesses, complex ownership structure of a
company, and companies with bearer shares. • Country or geographic risks such as
countries with inadequate AML/CFT systems, countries subject to sanctions or
embargos, countries involved with funding or supporting of terrorist activities, or those
with significant levels of corruption. • Product, service, transaction or delivery channel
risk factors such as private banking, anonymous transactions, and payments received
from unknown third parties.)
What are some factors an institution should consider when assessing the dynamic risk
of its customers? - Answer-As every financial institution develops transaction history
with customers, it should consider modifying the risk rating of the customer, based on: •
Unusual activity, such as alerts, cases and suspicious transaction report (STR) filings. •
Receipt of law enforcement inquiries, such as subpoenas. • Transactions that violate
economic sanctions programs. • Other considerations, such as significant volumes of
activity where it would not be expected, such as a domestic charity engaging in large
international transactions or businesses engaged in large volumes of cash where this
would not normally be expected.
What are some sources of identifying countries that pose heightened geographic risk? -
Answer-• The US State Department issues an annual "International Narcotics Control
Strategy Report" rating more than 100 countries on their money laundering controls. •
Transparency International publishes a yearly "Corruption Perceptions Index," which
rates more than 100 countries on perceived corruption. • FATF identifies jurisdictions
with weak AML/CFT regimes and issues country-specific Mutual Evaluation Reports. •
In the United States certain domestic jurisdictions are evaluated based on whether they
fall within government-identified higher-risk geographic locations such as High Intensity
Drug Trafficking Areas (HIDTA) or High Intensity Financial Crime Areas (HIFCA).
What factors should be considered when determining the sophistication of a compliance
function within an institution? - Answer-The sophistication of the compliance function
should be based upon the institution's nature, size, complexity, regulatory environment,
and the specific risk associated with the products, services, and clientele. No two
,institutions will have exactly the same compliance structure because the risk facing
each institution is going to be different, as identified in their respective risk
assessments.
What are some examples of internal controls, outside of policies and procedures? -
Answer-While policies and procedures provide important guidance, the AML/CFT
program also relies on a variety of internal controls, including management reports and
other built-in safeguards that keep the program working. These internal controls should
enable the compliance organization to recognize deviations from standard procedures
and safety protocols. A matter as simple as requiring a corporate officer's approval or
two signatures for transactions that exceed a prescribed amount could be a critical
internal control element that if ignored seriously weakens an institution's AML/CFT
program and attracts unwanted attention from supervisory authorities.
What controls should a Compliance Officer consider over an AML duty that has been
delegated? - Answer-The compliance function may establish risk-based quality
assurance reviews and monitoring and testing activities to ensure the functions are
being performed appropriately. This may include a review of the CDD collected to
ensure completeness, monitoring reports of CDD completeness or defects to ensure the
systems are working as expected, and performing testing to assess whether the
monitoring and the business performance are satisfactorily measuring and ensuring
compliance.
Why is it critical that the Compliance Officer have good communications skills? -
Answer-The compliance officer must also have the means to communicate at all levels
of the organization — from front-line associates all the way up to the CEO and Board of
Directors. It is critical for a compliance officer to be capable of articulating matters of
importance to senior and executive management, particularly significant changes that
may present risk to the organization, such as a sudden or substantial increase in STRs
or currency transaction reports (CTRs). Other items of concern that need to be
escalated to management may include changes to laws or regulations that may require
immediate action. A compliance officer must have the skills necessary to be able to
analyze and interpret these ongoing changes, determine what effect they may have on
the institution, and suggest an action plan when appropriate.
What are some of the target audiences for training? - Answer-• Customer-facing staff •
Operations personnel • AML/CFT compliance staff • Senior management and board of
directors • Independent testing staff
When should an institution conduct training? - Answer-An institution's training should be
ongoing and on a regular schedule.
According to FATF, when should an institution conduct CDD? - Answer-FATF
recommends that financial institutions should be required to undertake CDD measures
when: • Establishing business relationships. • Carrying out occasional transactions
under certain circumstances. • There is a suspicion of money laundering or terrorist
, financing. • The financial institution has doubts about the veracity or adequacy of
previously obtained customer identification data
According to FATF, when should an institution conduct enhanced due diligence on a
customer? - Answer-FATF indicates that when there are circumstances where the risk
of money laundering or terrorist financing is higher, enhanced CDD measures should be
taken.
What are some examples of enhanced due diligence for higher risk customers? -
Answer-A financial institution should consider obtaining additional information from high-
risk customers such as: • Source of funds and wealth. • Identifying information on
individuals with control over the ccount, such as signatories or guarantors. • Occupation
or type of business. • Financial statements. • Banking references. • Domicile. • Proximity
of the customer's residence, place of employment, or place of usiness to the bank. •
Description of the customer's primary trade area and whether international ransactions
are expected to be routine. • Description of the business operations, the anticipated
olume of currency and total sales, and a list of major customers and suppliers. •
Explanations for hanges in account activity.
According to FATF, when should the identity of a customer be verified? - Answer-A
bank should not establish a banking relationship, or carry out any transactions, until the
identity of the customer has been satisfactorily established and verified in accordance
with FATF Recommendation 10.
How should a global financial institution address the performance of CDD across its
various operations? - Answer-Financial institutions should aim to apply their customer
acceptance policy, procedures for customer identification, process for monitoring higher
risk accounts and risk management framework on a global basis to all of their offices,
branches and subsidiaries. The firm should clearly communicate these policies and
procedures through ongoing training and regular communications, as well as conduct
monitoring and testing to ensure compliance with the policies and procedures.
What are the three primary categories of economic sanctions? - Answer-Sanctions can
generally fall into one of the following categories: • Targeted Sanctions - aimed at
specifically named individuals, such as key leaders in a country or territory, named
terrorists, significant narcotics traffickers and proliferators of weapons of mass
destruction. These sanctions often include the freezing of assets and travel bans where
possible. • Sectoral Sanctions - aimed at key sectors of an economy to prohibit a very
specific subset of financial dealings within those sectors to impede future growth. •
Comprehensive Sanctions - generally prohibit all direct or indirect import/export, trade
brokering, financing or facilitating against most goods, technology and services. These
are often aimed at regimes responsible for gross human rights violations, and nuclear
proliferation.
What is the Office of Foreign Assets Control's (OFAC) list of sanctions persons known
as? - Answer-The Specially Designated Nationals and Blocked Persons (SDN) list.
CORRECT ANSWERS ALREADY
PASSED
What does FATF recommend considering when assessing risk? - Answer-When
assessing risk, FATF recommends considering: • Customer risk factors such as non-
resident customers, cash-intensive businesses, complex ownership structure of a
company, and companies with bearer shares. • Country or geographic risks such as
countries with inadequate AML/CFT systems, countries subject to sanctions or
embargos, countries involved with funding or supporting of terrorist activities, or those
with significant levels of corruption. • Product, service, transaction or delivery channel
risk factors such as private banking, anonymous transactions, and payments received
from unknown third parties.)
What are some factors an institution should consider when assessing the dynamic risk
of its customers? - Answer-As every financial institution develops transaction history
with customers, it should consider modifying the risk rating of the customer, based on: •
Unusual activity, such as alerts, cases and suspicious transaction report (STR) filings. •
Receipt of law enforcement inquiries, such as subpoenas. • Transactions that violate
economic sanctions programs. • Other considerations, such as significant volumes of
activity where it would not be expected, such as a domestic charity engaging in large
international transactions or businesses engaged in large volumes of cash where this
would not normally be expected.
What are some sources of identifying countries that pose heightened geographic risk? -
Answer-• The US State Department issues an annual "International Narcotics Control
Strategy Report" rating more than 100 countries on their money laundering controls. •
Transparency International publishes a yearly "Corruption Perceptions Index," which
rates more than 100 countries on perceived corruption. • FATF identifies jurisdictions
with weak AML/CFT regimes and issues country-specific Mutual Evaluation Reports. •
In the United States certain domestic jurisdictions are evaluated based on whether they
fall within government-identified higher-risk geographic locations such as High Intensity
Drug Trafficking Areas (HIDTA) or High Intensity Financial Crime Areas (HIFCA).
What factors should be considered when determining the sophistication of a compliance
function within an institution? - Answer-The sophistication of the compliance function
should be based upon the institution's nature, size, complexity, regulatory environment,
and the specific risk associated with the products, services, and clientele. No two
,institutions will have exactly the same compliance structure because the risk facing
each institution is going to be different, as identified in their respective risk
assessments.
What are some examples of internal controls, outside of policies and procedures? -
Answer-While policies and procedures provide important guidance, the AML/CFT
program also relies on a variety of internal controls, including management reports and
other built-in safeguards that keep the program working. These internal controls should
enable the compliance organization to recognize deviations from standard procedures
and safety protocols. A matter as simple as requiring a corporate officer's approval or
two signatures for transactions that exceed a prescribed amount could be a critical
internal control element that if ignored seriously weakens an institution's AML/CFT
program and attracts unwanted attention from supervisory authorities.
What controls should a Compliance Officer consider over an AML duty that has been
delegated? - Answer-The compliance function may establish risk-based quality
assurance reviews and monitoring and testing activities to ensure the functions are
being performed appropriately. This may include a review of the CDD collected to
ensure completeness, monitoring reports of CDD completeness or defects to ensure the
systems are working as expected, and performing testing to assess whether the
monitoring and the business performance are satisfactorily measuring and ensuring
compliance.
Why is it critical that the Compliance Officer have good communications skills? -
Answer-The compliance officer must also have the means to communicate at all levels
of the organization — from front-line associates all the way up to the CEO and Board of
Directors. It is critical for a compliance officer to be capable of articulating matters of
importance to senior and executive management, particularly significant changes that
may present risk to the organization, such as a sudden or substantial increase in STRs
or currency transaction reports (CTRs). Other items of concern that need to be
escalated to management may include changes to laws or regulations that may require
immediate action. A compliance officer must have the skills necessary to be able to
analyze and interpret these ongoing changes, determine what effect they may have on
the institution, and suggest an action plan when appropriate.
What are some of the target audiences for training? - Answer-• Customer-facing staff •
Operations personnel • AML/CFT compliance staff • Senior management and board of
directors • Independent testing staff
When should an institution conduct training? - Answer-An institution's training should be
ongoing and on a regular schedule.
According to FATF, when should an institution conduct CDD? - Answer-FATF
recommends that financial institutions should be required to undertake CDD measures
when: • Establishing business relationships. • Carrying out occasional transactions
under certain circumstances. • There is a suspicion of money laundering or terrorist
, financing. • The financial institution has doubts about the veracity or adequacy of
previously obtained customer identification data
According to FATF, when should an institution conduct enhanced due diligence on a
customer? - Answer-FATF indicates that when there are circumstances where the risk
of money laundering or terrorist financing is higher, enhanced CDD measures should be
taken.
What are some examples of enhanced due diligence for higher risk customers? -
Answer-A financial institution should consider obtaining additional information from high-
risk customers such as: • Source of funds and wealth. • Identifying information on
individuals with control over the ccount, such as signatories or guarantors. • Occupation
or type of business. • Financial statements. • Banking references. • Domicile. • Proximity
of the customer's residence, place of employment, or place of usiness to the bank. •
Description of the customer's primary trade area and whether international ransactions
are expected to be routine. • Description of the business operations, the anticipated
olume of currency and total sales, and a list of major customers and suppliers. •
Explanations for hanges in account activity.
According to FATF, when should the identity of a customer be verified? - Answer-A
bank should not establish a banking relationship, or carry out any transactions, until the
identity of the customer has been satisfactorily established and verified in accordance
with FATF Recommendation 10.
How should a global financial institution address the performance of CDD across its
various operations? - Answer-Financial institutions should aim to apply their customer
acceptance policy, procedures for customer identification, process for monitoring higher
risk accounts and risk management framework on a global basis to all of their offices,
branches and subsidiaries. The firm should clearly communicate these policies and
procedures through ongoing training and regular communications, as well as conduct
monitoring and testing to ensure compliance with the policies and procedures.
What are the three primary categories of economic sanctions? - Answer-Sanctions can
generally fall into one of the following categories: • Targeted Sanctions - aimed at
specifically named individuals, such as key leaders in a country or territory, named
terrorists, significant narcotics traffickers and proliferators of weapons of mass
destruction. These sanctions often include the freezing of assets and travel bans where
possible. • Sectoral Sanctions - aimed at key sectors of an economy to prohibit a very
specific subset of financial dealings within those sectors to impede future growth. •
Comprehensive Sanctions - generally prohibit all direct or indirect import/export, trade
brokering, financing or facilitating against most goods, technology and services. These
are often aimed at regimes responsible for gross human rights violations, and nuclear
proliferation.
What is the Office of Foreign Assets Control's (OFAC) list of sanctions persons known
as? - Answer-The Specially Designated Nationals and Blocked Persons (SDN) list.
