Which of the following is an important factor to consider when setting up an anti-financial crimes (AFC) compliance program governance structure?
Answer : D
One of the core components of a strong AFC (Anti-Financial Crimes) compliance program is establishingclear roles, responsibilities, and lines of accountability, especially forescalating and addressing AFC risks and compliance issues. This governance clarity ensures effective implementation, transparency in decision-making, and timely resolution of compliance concerns.
While external audits (option A) and internal controls (option B) are important,defining governance structure and escalation responsibilities (option D)is a foundational element. Additionally, the board of directors (option C) provides oversight---not day-to-day compliance monitoring.
To ensure that an institution's anti-money laundering program is current, which step should be taken?
Answer : D
According to the Anti-Money Laundering Specialist (the 6th edition) by ACAMS, an institution's anti-money laundering program should be reassessed at least annually to ensure that it is current, effective, and compliant with the applicable laws and regulations. The reassessment should include a review of the institution's risk assessment, policies and procedures, internal controls, training, and independent testing.The reassessment should also consider any changes in the institution's products, services, customers, geographic locations, or business environment that may affect its exposure to money laundering and terrorist financing risks1.
The other options are not consistent with the best practices of maintaining an up-to-date anti-money laundering program. For example:
The program should be evaluated and updated at least every six months by the Board of Directors. While the Board of Directors has the ultimate responsibility for overseeing the institution's anti-money laundering program, it is not required to evaluate and update the program every six months. This may be too frequent and impractical, especially for large and complex institutions.The Board of Directors should, however, approve the program and any significant changes, and ensure that senior management implements and enforces the program effectively1.
The program should be reviewed by a federal law enforcement officer for gaps in controls. While federal law enforcement agencies may conduct investigations or examinations of the institution's anti-money laundering program, they are not responsible for reviewing the program for gaps in controls.This is the role of the institution's internal audit function or an external independent party, who should conduct periodic testing of the program's adequacy and effectiveness1.
The program should be sent to the institution's government regulator on a periodic basis. While the institution's government regulator may request or review the institution's anti-money laundering program as part of its supervisory or enforcement activities, the institution is not obligated to send the program to the regulator on a periodic basis.The institution should, however, report any suspicious or unusual transactions or activities to the relevant authorities, such as the Financial Crimes Enforcement Network (FinCEN) or the Office of Foreign Assets Control (OFAC)1.
Anti-Money Laundering Specialist (the 6th edition) by ACAMS
Which of the following are common indicators of possible money laundering within the securities industry? (Select Two.)
Answer : C, D
A commission rogatory would be used in which gateway to obtain information from another country?
Answer : B
A commission rogatory, also known as a letter rogatory or a letter of request, is a formal request from a court in one country to a court in another country for some type of judicial assistance, such as service of process, taking of evidence, or enforcement of judgments1.A commission rogatory would be used in the context of a mutual legal assistance treaty (MLAT) request, which is a bilateral or multilateral agreement that enables countries to cooperate and provide legal assistance to each other in criminal matters2.MLATs are one of the main gateways for obtaining information from another country, especially when the information is not available through other means, such as financial intelligence units (FIUs), supervisory authorities, or international organizations3. FIUs are national agencies that collect, analyze, and disseminate financial information related to money laundering and terrorist financing, and they can exchange information with their counterparts in other countries under the Egmont principles. Supervisory authorities are regulators that oversee the compliance of financial institutions and other entities with anti-money laundering and counter-terrorism financing (AML/CFT) obligations, and they can share information with their peers in other jurisdictions through supervisory channels, such as the Basel Committee on Banking Supervision. The Financial Action Task Force (FATF) is an inter-governmental body that sets standards and monitors the implementation of AML/CFT measures, and it can provide information and guidance to its members and other jurisdictions, but it does not have the authority to request or compel information from them.
1: Letters rogatory - Wikipedia
2: Mutual Legal Assistance Treaties and Letters Rogatory: A Guide for Judges | Federal Judicial Center
3: How US Authorities Obtain Foreign Evidence in Cross-Border Investigations | Global Investigations Review
What is an FIU? | Egmont Group of Financial Intelligence Units
Basel Committee on Banking Supervision | Bank for International Settlements
What is the FATF? | FATF
Which of the following statements best describes the financial crime risk associated with gatekeepers?
Answer : A
Whichmeasures help limit the collection and use of personal datawhen performing AML-related controls?
Answer : B, C
AML compliancemust balance financial crime prevention with data privacy regulationssuch asGDPR (EU) and CCPA (U.S.).
Option B (Correct):Data minimization ensures that only essential data is collected and processed, reducing privacy risks.
Option C (Correct):Regularly updating policies helps organizations align with evolving privacy laws and AML requirements.
Why Other Options Are Incorrect:
Option A (Incorrect):Unrestricted access to customer data increases the risk of data breaches and privacy violations.
Option D (Incorrect):Repurposing data beyond AML purposescan violatedata protection laws (e.g., GDPR's purpose limitation principle).
Key Data Privacy Considerations for AML Compliance:
Data minimization:Only collect data necessary for risk assessment.
Access controls:Limit employee access to customer data based on job role.
Transparency:Inform customers about how their data is used for AML compliance.
FATF Recommendation 10 (Customer Due Diligence)
General Data Protection Regulation (GDPR), Article 5
Wolfsberg Group Data Privacy in AML Guidelines
Before providing suspicious activity report documentation to an authorized requestor, the institution should first:
Answer : D
According to the guidance issued by FinCEN and the Federal banking agencies, when a financial institution receives a request for SAR supporting documentation from FinCEN or an appropriate law enforcement or supervisory agency, it must first verify that the requestor is, in fact, a representative of such an agency. This is to ensure the confidentiality and security of the SAR information and to prevent unauthorized disclosures. A financial institution should have procedures for such verification in its BSA/AML compliance program, which may include, for example, independent employment verification with the requestor's field office or face-to-face review of the requestor's credentials.
1: This web page explains the BSA requirement that financial institutions provide SAR supporting documentation in response to requests by FinCEN and appropriate law enforcement or supervisory agencies, and the need to verify the requestor's identity.
2: This document provides answers to frequently asked questions regarding SARs and other AML considerations, including the question of how to handle ''keep open'' requests from law enforcement.