Acams CCAS Exam Practice Test Instant Access

Question 1

Under DIFC AML rules, which governance body must approve the firm's business-wide risk assessment?

ACompliance department

BBoard of Directors

CChief Technology Officer

DInternal audit team

Answer : B

DFSA AML Module requires the Board to approve and oversee the firm's business-wide risk assessment, ensuring accountability at the highest governance level.

Question 2

A compliance officer is conducting a customer risk review. Which statements represent the highest level of customer risk? (Select Two.)

AA customer who uses a virtual private network (VPN) connection to access the customer's account

BA student customer depositing 15,000 USD over a period of a month, using the funds to purchase cryptoassets that are sent to another virtual asset service provider

CA business customer opting to pay suppliers in cryptoassets

DA customer receiving cryptoassets daily from another virtual asset service provider located in a foreign jurisdiction which are then sent to a private wallet

EA customer located in a foreign country donating 10,000 USD worth of cryptoassets to a charity for veterans in the US

Answer : B, D

When determining highest-risk customers under a risk-based approach, firms must consider transaction patterns, jurisdictions, counterparties, and destinations:

B: Large deposits by a student, rapidly converting to crypto and sending to another VASP, suggest potential layering and third-party funding risk.

D: Daily inbound transfers from a foreign VASP to a private (unhosted) wallet indicate consistent high-risk exposure --- especially cross-border transactions involving unregulated or weakly regulated jurisdictions.

While VPN use (A) can be a red flag, on its own it is lower risk than significant suspicious fund flows. Paying suppliers in crypto (C) can be legitimate for businesses. A large donation to a charity (E) could be flagged depending on jurisdiction and cause, but is generally less inherently suspicious than B and D unless linked to high-risk entities.

FATF, DFSA, and FSRA AML rules stress that ongoing monitoring should identify these high-frequency, high-value, cross-border crypto flows as priority for Enhanced Due Diligence (EDD) and possible Suspicious Transaction Reports (STRs).

Question 3

A compliance officer is conducting an AML risk assessment of two different operating models: a centralized cryptoasset exchange and a decentralized cryptoasset exchange. Which key difference causes the compliance officer to risk-rate the decentralized exchange higher than the centralized exchange?

AThe cost of each transaction

BThe number of validator nodes

CThe lack of a central counterparty

DThe supported asset types

Answer : C

Decentralized exchanges lack a central counterparty responsible for AML compliance, making it difficult to enforce KYC/CDD, monitor transactions, or implement controls. This structural characteristic increases inherent AML risk compared to centralized exchanges, which have accountable operators.

Transaction cost (A), validator nodes (B), or asset types (D) are less impactful in the compliance risk rating.

Question 4

Which scenario most likely indicates potential active involvement of a customer in virtual asset related scam activities?

AIndirect receiving from a scam cluster

BIndirect sending to a scam cluster

CDirect sending to a scam cluster

DDirect receiving from a scam cluster

Answer : C

Direct sending to a scam cluster indicates active involvement by the customer in potentially transferring funds associated with fraudulent activities. Sending funds directly to known scam addresses is a strong indicator of complicity or direct engagement.

Indirect flows (A and B) could be less conclusive, and direct receiving (D) may indicate victimhood rather than active involvement.

AML typologies and DFSA guidance identify direct outgoing transactions to scam clusters as significant red flags.

Question 5

A client at a virtual asset service provider (VASP) opened a wallet four weeks earlier with 201,000 USD. The client received a Bitcoin transfer for a total of 565,400 USD. Which is the strongest indication of an illicit source of funds for the client?

ATwo days after opening the wallet, the client transfers 199,000 USD to a third party.

BThe client declared a total wealth of 600,000 USD at account opening.

CIt was not possible to trace the client's IP address.

DIncoming funds moved through five intermediary wallets before being transferred from a foreign VASP.

Answer : D

Funds moving through multiple intermediary wallets before arriving at the client's wallet indicate layering techniques used to obscure the source of funds, a classic money laundering tactic.

Transferring funds quickly (A) or declaring wealth (B) are less definitive indicators. An untraceable IP (C) raises concerns but is less conclusive than complex transactional layering.

Question 6

A suspicious activity report was filed in the EU for a local company account that held funds generated by the sale of product coupons. A review of the account highlighted a login from an unconnected IP address. Despite repeated requests, the customer failed to provide information on the origins of the funds. Which is the main red flag here?

AVirtual asset service providers outside of the EU are being relied upon.

BFunds are generated by the sale of coupons which are connected to a physical product.

CThere is a failure to cooperate with the source of funds requests.

DAn IP address is being used that is not previously connected to that customer.

Answer : C

The main red flag is the customer's failure to cooperate with requests to provide information on the origin of funds, which undermines transparency and raises suspicion regarding the legitimacy of the funds.

While an unconnected IP address (D) is suspicious, non-cooperation (C) is a stronger indicator of potential money laundering.

Question 7

According to the Financial Crimes Enforcement Network's Guidance 2019-G0001 pertaining to convertible virtual currencies, a money transmitter includes companies that:

AExchange digital tokens.

BProvide the delivery, communication, or network access services to only support money transmission services.

COperate a clearance and settlement system or otherwise act as intermediaries solely between Bank Secrecy Act-regulated institutions.

DAct as payment processors to facilitate the purchase of, or payment of a bill for, a good or service through a clearance and settlement system.

Answer : A

The FinCEN 2019 guidance clarifies that money transmitters include entities that exchange digital tokens or convertible virtual currencies as part of their business activities. This includes exchanges and platforms that transfer virtual currencies.

Providing infrastructure services (B), operating clearance systems solely among regulated institutions (C), or acting as payment processors for goods/services (D) without handling value transfer do not fall under the money transmitter definition per this guidance.

Acams Certified Cryptoasset Anti-Financial Crime Specialist Examination CCAS Exam Practice Test