Acams CCAS Exam Questions Instant Access - No Installation Required

Question 1

Which statement regarding cryptocurrencies, digital assets, and blockchain is correct?

ACryptocurrencies use encryption techniques operating independently from a central bank.

BCryptocurrencies and blockchain are the same and are terms used interchangeably.

CDigital assets can only operate on a blockchain.

DCryptocurrencies, blockchain, and digital assets can all be used as a means of payment.

Answer : A

Cryptocurrencies are digital currencies secured by cryptography, operating independently from any central bank or government. Blockchain is the underlying distributed ledger technology supporting cryptocurrencies and other digital assets.

Cryptocurrencies and blockchain are not the same (B). Digital assets can exist off-blockchain (C), such as tokenized assets on centralized databases. While cryptocurrencies can be used as payment, blockchain itself is a technology, not a payment method (D).

Question 2

Which is the first action a virtual asset service provider (VASP) should take when it finds out that its customers are engaging in virtual asset (VA) transfers related to unhosted wallets and peer-to-peer (P2P) transactions?

AAllow VA transfers related P2P or unhosted wallets below 1,000 USD or the equivalent amount in local currency, or per defined thresholds in local regulations.

BFreeze accounts with records of transactions related to P2P transactions or unhosted wallets.

CCollect and assess the data on transactions related to P2P or unhosted wallets to determine if it is within its risk appetite.

DEnhance existing risk-based control framework to account for specific risks posed by transactions related to P2P or unhosted wallets.

Answer : C

Upon identifying customer engagement with unhosted wallets or P2P transfers, the first step a VASP should take is to collect and assess data on such transactions. This assessment helps determine if these activities fall within the firm's risk appetite and what enhanced controls or actions may be needed.

Immediate account freezing (B) is not the first step without assessment; neither is allowing transfers (A) without risk consideration. Enhancing risk frameworks (D) is important but follows from an initial data-driven risk assessment.

Relevant guidance:

FATF Recommendations and DFSA AML Module require VASPs to maintain a risk-based approach that begins with data collection and risk assessment on unhosted wallet transactions.

The DFSA's 2023 Dear MLRO letters and thematic reviews stress proportionality and evidence-based responses rather than immediate punitive measures.

Enhanced due diligence (EDD) and risk mitigation measures, including potentially freezing accounts, come after assessment of the risk levelAML/VER25/05-24: Sections 4.1, 6.4, 13; 20230406Dear_MLRO_Letter_re_IEMS.pdf.

Hence, C is the appropriate first action.

Question 3

A client at a virtual asset service provider (VASP) opened a wallet four weeks earlier with 201,000 USD. The client received a Bitcoin transfer for a total of 565,400 USD. Which is the strongest indication of an illicit source of funds for the client?

ATwo days after opening the wallet, the client transfers 199,000 USD to a third party.

BThe client declared a total wealth of 600,000 USD at account opening.

CIt was not possible to trace the client's IP address.

DIncoming funds moved through five intermediary wallets before being transferred from a foreign VASP.

Answer : D

Funds moving through multiple intermediary wallets before arriving at the client's wallet indicate layering techniques used to obscure the source of funds, a classic money laundering tactic.

Transferring funds quickly (A) or declaring wealth (B) are less definitive indicators. An untraceable IP (C) raises concerns but is less conclusive than complex transactional layering.

Question 4

Which operational risk mitigation practice by virtual asset service providers (VASPs) is most effective when considering their relationships with other VASPs?

AHaving no requirement to establish a correspondent relationship and build a risk assessment framework among other cryptoasset exchanges prior to transferring for or on behalf of another person

BDeveloping cross-border correspondent relationships with cryptoasset exchanges in jurisdictions that have weak or non-existent anti-money laundering (AML) regulation or supervision

CAssigning all such relationships as high risk and conducting enhanced due diligence on all of them

DGathering sufficient information on the counterpart VASP to determine the quality of the supervision it receives for transactional activities

Answer : D

Effective risk mitigation requires VASPs to obtain sufficient information about counterpart VASPs to assess the quality of their regulatory supervision and controls. This helps determine the risk of transactions and build a risk-based framework for correspondent relationships.

Having no requirements (A) or engaging with poorly regulated jurisdictions (B) increases risk. Blanket high-risk classification (C) without proper assessment is inefficient.

FATF Recommendation 15 and DFSA guidance emphasize due diligence on counterparties as a critical control.

Question 5

Which cryptoasset type is most associated with anonymity risk?

APrivacy coin

BStablecoin

CGovernance token

DSecurity token

Answer : A

Privacy coins like Monero use cryptographic features to obscure transaction details, increasing AML risk and regulatory scrutiny.

Question 6

Which type of cryptoasset is explicitly designed to maintain a stable value?

AUtility token

BStablecoin

CGovernance token

DPrivacy coin

Answer : B

Stablecoins aim to maintain value stability by pegging to assets like fiat currency or commodities. Regulators stress monitoring stablecoin reserve transparency to prevent misuse for layering illicit funds.

Question 7

A compliance officer is conducting a customer risk review. Which statements represent the highest level of customer risk? (Select Two.)

AA customer who uses a virtual private network (VPN) connection to access the customer's account

BA student customer depositing 15,000 USD over a period of a month, using the funds to purchase cryptoassets that are sent to another virtual asset service provider

CA business customer opting to pay suppliers in cryptoassets

DA customer receiving cryptoassets daily from another virtual asset service provider located in a foreign jurisdiction which are then sent to a private wallet

EA customer located in a foreign country donating 10,000 USD worth of cryptoassets to a charity for veterans in the US

Answer : B, D

When determining highest-risk customers under a risk-based approach, firms must consider transaction patterns, jurisdictions, counterparties, and destinations:

B: Large deposits by a student, rapidly converting to crypto and sending to another VASP, suggest potential layering and third-party funding risk.

D: Daily inbound transfers from a foreign VASP to a private (unhosted) wallet indicate consistent high-risk exposure --- especially cross-border transactions involving unregulated or weakly regulated jurisdictions.

While VPN use (A) can be a red flag, on its own it is lower risk than significant suspicious fund flows. Paying suppliers in crypto (C) can be legitimate for businesses. A large donation to a charity (E) could be flagged depending on jurisdiction and cause, but is generally less inherently suspicious than B and D unless linked to high-risk entities.

FATF, DFSA, and FSRA AML rules stress that ongoing monitoring should identify these high-frequency, high-value, cross-border crypto flows as priority for Enhanced Due Diligence (EDD) and possible Suspicious Transaction Reports (STRs).

Acams Certified Cryptoasset Anti-Financial Crime Specialist Examination CCAS Exam Questions