The Travel Rule, part of FATF Recommendation 16, requires VASPs to share sender and recipient information for virtual asset transfers above USD/EUR 1,000. The aim is to enable tracing and detection of illicit funds.
Question 2
Which is the first action a virtual asset service provider (VASP) should take when it finds out that its customers are engaging in virtual asset (VA) transfers related to unhosted wallets and peer-to-peer (P2P) transactions?
Answer : C
Upon identifying customer engagement with unhosted wallets or P2P transfers, the first step a VASP should take is to collect and assess data on such transactions. This assessment helps determine if these activities fall within the firm's risk appetite and what enhanced controls or actions may be needed.
Immediate account freezing (B) is not the first step without assessment; neither is allowing transfers (A) without risk consideration. Enhancing risk frameworks (D) is important but follows from an initial data-driven risk assessment.
Relevant guidance:
FATF Recommendations and DFSA AML Module require VASPs to maintain a risk-based approach that begins with data collection and risk assessment on unhosted wallet transactions.
The DFSA's 2023 Dear MLRO letters and thematic reviews stress proportionality and evidence-based responses rather than immediate punitive measures.
Enhanced due diligence (EDD) and risk mitigation measures, including potentially freezing accounts, come after assessment of the risk levelAML/VER25/05-24: Sections 4.1, 6.4, 13; 20230406Dear_MLRO_Letter_re_IEMS.pdf.
Hence, C is the appropriate first action.
Question 3
A suspicious activity report was filed in the EU for a local company account that held funds generated by the sale of product coupons. A review of the account highlighted a login from an unconnected IP address. Despite repeated requests, the customer failed to provide information on the origins of the funds. Which is the main red flag here?
Answer : C
The main red flag is the customer's failure to cooperate with requests to provide information on the origin of funds, which undermines transparency and raises suspicion regarding the legitimacy of the funds.
While an unconnected IP address (D) is suspicious, non-cooperation (C) is a stronger indicator of potential money laundering.
Question 4
What Is the purpose of applying learning (ML) or artificial Intelligence (Al) within a compliance framework? (Select two.)
Answer : B, D
Machine learning (ML) and artificial intelligence (AI) are applied within compliance frameworks to enhance the efficiency of monitoring and detection processes and to allow skilled compliance resources to focus on higher-value activities such as complex investigations and strategic decision-making. ML/AI tools can process vast amounts of transaction data to identify suspicious patterns faster than manual processes.
They do not reduce the fundamental requirement for risk assessment (A) nor are they intended primarily to reduce headcount (C), but rather to optimize resource allocation.
AML and DFSA guidance emphasize leveraging technology to improve the effectiveness and efficiency of AML controls while maintaining robust risk management.
Question 5
Which is the discipline of risk management related to the risk of algorithms, machine learning, and artificial intelligence within the transaction monitoring and screening software that a virtual asset service provider acquires from a vendor?
Answer : D
Model risk management is the discipline focused on managing risks arising from the use of models, including those based on algorithms, machine learning, and AI in transaction monitoring and screening software.
DFSA and global AML frameworks highlight the need for strong model risk governance to ensure accurate detection and compliance.
Question 6
In sanctions screening, a ''fuzzy match'' occurs when:
Answer : B
Fuzzy matches require further review to confirm whether the match is a true hit or a false positive, ensuring compliance accuracy.
Question 7
Which scenario most likely indicates active involvement of a customer in scam activities?
Answer : C
Directly sending to a scam cluster is a strong indicator of active participation rather than passive exposure, triggering SAR obligations.
All Official Question Types