The investigative department of a financial institution (Fl) receives an internal escalation notice from the remittance department for a SWIFT message requesting a refund due to potential fraud. The notice indicates that a total of three international incoming remittances were transferred to a corporate customer from Country A, in the amount of approximately 5 million EUR for each. The first two incoming remittances had been exchanged into currency B and transferred out to Country B a few days ago. The third incoming remittance has been held by the remittance department.
As noted from the KYC profile, the corporate customer is working in the wood industry. with the last account review completed 3 months ago. Since the account’s opening. there has been no history of a large amount of funds flowing through the account. The investigator conducts an Internet search and finds that the remitter is a food beverage company.
The same morning, the investigator receives a call from a financial intelligence unit (FIU) inquiring about the same incident. The FIU states that it will issue a warrant to freeze the account on the same day.
After further review, the decision is made that transactions appear suspicious.
Which are the next steps the investigator should take? (Select Two.)
- A . Close the customer’s accounts since the FIU is issuing a warrant to freeze the funds.
- B . Contact local LE and advise them of the investigation details to help speed up the investigation and prosecution.
- C . Provide additional information to the LE upon receiving a formal request.
- D . Close the investigation as the FIU is already on this matter, and they will inform LE if needed.
- E . Gather all the information that would be useful for law enforcement (LE) and recommend filing a
SAR/STR
C, E
Explanation:
The correct answer is C and E. The investigator should provide additional information to the LE upon receiving a formal request, and gather all the information that would be useful for LE and recommend filing a SAR/STR. These steps are consistent with the best practices of conducting financial crime investigations and reporting suspicious activity. The investigator should not close the customer’s accounts or the investigation, as this may interfere with the ongoing LE inquiry and violate the FI’s policies and procedures. The investigator should also not contact local LE directly, as this may compromise the confidentiality of the investigation and the FIU’s authority.
Reference: Advanced CAMS-FCI Study Guide, Chapter 4: Reporting Suspicious Activity, pages 40-411 Advanced CAMS-FCI Study Guide, Chapter 5: Governance of an AFC Investigations Unit, pages 48-491 Advanced CAMS-FCI Certification | ACAMS
The investigative department of a financial institution (Fl) receives an internal escalation notice from the remittance department for a SWIFT message requesting a refund due to potential fraud. The notice indicates that a total of three international incoming remittances were transferred to a corporate customer from Country A, in the amount of approximately 5 million EUR for each. The first two incoming remittances had been exchanged into currency B and transferred out to Country B a few days ago. The third incoming remittance has been held by the remittance department.
As noted from the KYC profile, the corporate customer is working in the wood industry. with the last account review completed 3 months ago. Since the account’s opening. there has been no history of a large amount of funds flowing through the account. The investigator conducts an Internet search and finds that the remitter is a food beverage company.
The same morning, the investigator receives a call from a financial intelligence unit (FIU) inquiring about the same incident. The FIU states that it will issue a warrant to freeze the account on the same day.
Which steps for documenting the final investigation decision are appropriate for the investigator in this scenario?
- A . Exclude any open-source information from record-keeping since it is publicly available.
- B . Add all of the information the Fl has about the subject, their account(s) activity, research results. KYC information, etc. to the SAR/STR.
- C . Document the investigation process and retain all relevant documents in the case management system.
- D . Do not document the investigation process if a SAR/STR is not filed.
C
Explanation:
The investigator should document the investigation process and retain all relevant documents in the case management system. This is because documenting the investigation process is a good practice to ensure the quality and consistency of the investigation, as well as to facilitate the review and audit of the investigation. Retaining all relevant documents is also important to support the evidence and findings of the investigation, as well as to comply with the record-keeping requirements of the relevant authorities. The other options are incorrect because:
Refer to the exhibit.
In a review of the account activity associated with Nadine Kien, an investigator observes a large number of small- to medium-size deposits from numerous individuals from several different global regions. The money is then transferred to a numbered company.
Which is the next best course of action for the investigator?
- A . Complete the monthly review and note the activity for next month’s review.
- B . File a SAR/STR on the account activity in relation to a potential funnel account.
- C . Recommend the account for exit due to frequent global transactions.
- D . No further action is required as the customer is already rated at high-risk and the monthly spending is within expectations.
B
Explanation:
The next best course of action for the investigator is to file a SAR/STR on the account activity in relation to a potential funnel account. This is because a funnel account is a type of money laundering scheme that involves depositing funds from multiple sources into a single account, and then transferring them to another account, often in a different jurisdiction. A funnel account can be used to conceal the origin, ownership, and destination of illicit funds, and to evade currency transaction reporting requirements. The investigator should report the suspicious activity to the relevant authorities and document the findings and actions taken.
The other options are incorrect because:
Refer to the exhibit.
During a review of the accounts related to Richard Aston, an investigator notices a high number of incoming payments from various individuals. They also notice that these incoming payments typically occur during large sporting events or conferences.
As a result of the account review, of which illegal activity does the investigator have reasonable grounds to suspect Richard Aston?
- A . Embezzling from the hotel
- B . Aftermarket sales of entertainment admission tickets
- C . Human trafficking
- D . Sports betting
B
Explanation:
The illegal activity that the investigator has reasonable grounds to suspect Richard Aston of is aftermarket sales of entertainment admission tickets. This is because aftermarket sales of entertainment admission tickets involve reselling tickets for events, concerts, festivals, etc. at a higher price than their face value, often through online platforms or scalpers. This practice can be illegal or unethical, depending on the jurisdiction and the terms and conditions of the original ticket seller. The investigator should look for indicators of aftermarket sales of entertainment admission tickets, such as high volume or frequency of incoming payments from various individuals, correlation between incoming payments and major events or conferences, and discrepancy between the customer’s profile and the nature of the transactions.
The other options are incorrect because:
An investigator is reviewing an alert for unusual activity. System scanning detected a text string within a company customer’s account transactions that indicates the account may have been used for a drug or drug paraphernalia purchase Based on the KYC profile, the investigator determines the customer’s company name and business type are marketed as a gardening supplies company. The investigator reviews the account activity and notes an online purchase transaction that leads the investigator to a website that sells various strains of marijuana. Additional account review detects cash deposits into the account at the branch teller lines, so the investigator reaches out to the teller staff regarding the transactions. The teller staff member reports that the business customers have frequently deposited cash in lower amounts. The teller, without prompting, adds that one of the transactors would occasionally smell of a distinct scent of marijuana smoke.
Which are the best next steps for the investigator to take? (Select Three.)
- A . Review the customer’s transaction history.
- B . Request information from the internet service provider who hosts the website.
- C . Check internal KYC information.
- D . Research other customer accounts for transactions to the same website.
- E . Conduct adverse media and open-source searches on the customer’s background.
- F . Identify if the customer has opened accounts in an urban city area.
A, C, E
Explanation:
The best next steps for the investigator to take are:
An investigator is reviewing an alert for unusual activity. System scanning detected a text string within a company customer’s account transactions that indicates the account may have been used for a drug or drug paraphernalia purchase. Based on the KYC profile, the investigator determines the customer’s company name and business type are marketed as a gardening supplies company. The investigator reviews the account activity and notes an online purchase transaction that leads the investigator to a website that sells various strains of marijuan
a. Additional account review detects cash deposits into the account at the branch teller lines, so the investigator reaches out to the teller staff regarding the transactions. The teller staff member reports that the business customers have frequently deposited cash in lower amounts. The teller, without prompting, adds that one of the transactors would occasionally smell of a distinct scent of marijuana smoke.
Which information should be included in the SAR/STR?
- A . The customer information, including KYC background
- B . A transaction that is commensurate with the customer’s background
- C . The fact that one of the transactors occasionally smelled of marijuana smoke
- D . Details of the transactor’s social media accounts
C
Explanation:
The SAR/STR should include any information that is relevant to the suspicious activity, such as the customer information, the transaction details, and any other indicators of potential money laundering or criminal activity. The fact that one of the transactors occasionally smelled of marijuana smoke is an indicator that the customer may be involved in the illicit drug trade, which is a predicate offense for money laundering. Therefore, this information should be included in the SAR/STR.
Reference: Advanced CAMS-FCI Study Guide, page 25.
A financial institution (Fl) banks a money transmitter business (MTB) located in Miami. The MTB regularly initiates wire transfers with the ultimate beneficiary in Cuba and legally sells travel packages to Cuba. The wire transfers for money remittances comply with the country’s economic sanctions policies. A Fl investigator on the sanctions team reviews each wire transfer to ensure compliance with sanctions and to monitor transfer details.
An airline located in Cuba, unrelated to the business, legally sells airline tickets in Cuba to Cuban citizens wanting to travel outside of Cuba. The airline tickets are purchased using Cuban currency (CUC).
The MTB wants 100,000 USD worth of CUC. Purchasing CUC from a Cuban bank includes a 4% fee. The MTB contacts the airline to ask if the airline will trade its CUC for USD at a lower exchange fee than the Cuban bank. The airline agrees to a 1% fee. The MTB initiates a wire transfer to the airline which appears as normal activity in the monitoring system because of the business’ travel package sales.
Which investigative actions should the investigator take concerning the 100.000 USD wire transfer? (Select Three.)
- A . Review the wire transfer protocols for this customer.
- B . Gather all account activity for Fl clients that purchased packages from the airline.
- C . Review a sampling of wire transfers initiated by travel companies with Cuba travel packages.
- D . Recommend a plan for the Fl’s management to restrict the account relationship.
- E . Review regulations applicable to foreign currency trading transactions.
- F . Locate and review licenses, registrations, and account operating agreements associated with the MTB account.
A, E, F
Explanation:
The investigator should take the following investigative actions concerning the 100,000 USD wire transfer:
Review the wire transfer protocols for this customer. This will help the investigator to determine if the wire transfer is consistent with the customer’s normal business activity and risk profile, or if it deviates from the established patterns or thresholds.
Review regulations applicable to foreign currency trading transactions. This will help the investigator to assess if the wire transfer violates any laws or regulations related to currency exchange, such as reporting requirements, licensing requirements, or sanctions compliance.
Locate and review licenses, registrations, and account operating agreements associated with the MTB account. This will help the investigator to verify if the MTB has the necessary authorization and documentation to conduct currency exchange transactions and if it has disclosed this activity to the FI.
Reference: Advanced CAMS-FCI Study Guide, pages 32-33.
A financial institution (Fl) banks a money transmitter business (MTB) located in Miami. The MTB regularly initiates wire transfers with the ultimate beneficiary in Cuba and legally sells travel packages to Cuba. The wire transfers for money remittances comply with the country’s economic sanctions policies. A Fl investigator on the sanctions team reviews each wire transfer to ensure compliance with sanctions and to monitor transfer details.
An airline located in Cuba, unrelated to the business, legally sells airline tickets in Cuba to Cuban citizens wanting to travel outside of Cuba. The airline tickets are purchased using Cuban currency (CUC).
The MTB wants 100,000 USD worth of CUC. Purchasing CUC from a Cuban bank includes a 4% fee. The MTB contacts the airline to ask if the airline will trade its CUC for USD at a lower exchange fee than the Cuban bank. The airline agrees to a 1% fee. The MTB initiates a wire transfer to the airline which appears as normal activity in the monitoring system because of the business’ travel package sales.
The investigator recommends that a SAR/STR be filed.
What documentation should be referenced in the SAR/STR filing? (Select Three.)
- A . All documents related to the agreement between the airline and the MTB
- B . Cumulative dollar amount of the wire transfer activity
- C . Airline’s ticket sales and passenger list
- D . Cumulative dollar amount for transactions listing for all the MTB account’s wire activity regarding travel packages
- E . Licensing information regarding the travel agency providing tourist sales to Cuba
- F . Account documentation on all related accounts maintained by the MTB
B
Explanation:
The most likely reason for conducting a reverse transaction is to conceal or launder illicit funds. A reverse transaction is a transaction that reverses a previous transaction, such as a refund, a chargeback, or a cancellation. Reverse transactions can be used by money launderers to obscure the source, ownership, or destination of funds, or to create false records or invoices. For example, a money launderer may initiate a wire transfer from a high-risk jurisdiction to a low-risk jurisdiction, and then reverse the transaction after receiving confirmation of the funds. This way, the money launderer can create a paper trail that shows legitimate funds coming from a low-risk jurisdiction, while hiding the true origin of the funds.
Reference: Advanced CAMS-FCI Study Guide, page 40-41.
An investigator at a corporate bank is conducting transaction monitoring alerts clearance.
KYC profile background: An entity customer, doing business offshore in Hong Kong, established a banking business relationship with the bank in 2017 for deposit and loan purposes. It acts as an offshore investment holding company. The customer declared that the ongoing source of funds to this account comes from group-related companies.
• X is the UBO. and owns 97% shares of this entity customer;
• Y is the authorized signatory of this entity customer.
This entity customer was previously the subject of a SAR/STR.
KYC PROFILE
Customer Name: AAA International Company. Ltd
Customer ID: 123456
Account Opened: June 2017
Last KYC review date: 15 Nov 2020
Country and Year of Incorporation: The British Virgin Islands, May 2017
AML risk level: High
Account opening and purpose: Deposits, Loans and Trade Finance
Anticipated account activities: 1 to 5 transactions per year and around 1 million per transaction amount
During the investigation, the investigator reviewed remittance transactions activities for the period from Jul 2019 to Sep 2021 and noted the following transactions pattern:
TRANSACTION JOURNAL
Review dates: from July 2019 to Sept 2021 For Hong Kong Dollars (HKD) currency:
Incoming transactions: 2 inward remittances of around 1.88 million HKD in total from different third parties
Outgoing transactions: 24 outward remittances of around 9 4 million HKD in total to different third parties
For United States Dollars (USD) currency:
Incoming transactions: 13 inward remittances of around 3.3 million USD in total from different third parties
Outgoing transactions: 10 outward remittances of around 9.4 million USD in total to different third parties.
RFI Information and Supporting documents:
According to the RFI reply received on 26 May 2021, the customer provided the bank with the information below:
1) All incoming funds received in HKD & USD currencies were monies lent from non-customers of the bank. Copies of loan agreements had been provided as supporting documents. All of the loan agreements were in the same format and all the lenders are engaged in trading business.
2) Some loan agreements were signed among four parties, including among lenders. borrower (the bank’s customer), guarantor, and guardian with supplemental agreements, which stated that the customer, as a borrower, who failed to repay the loan
Based on the KYC profile and the transaction journal, the pattern of activity shows a deviation in:
- A . expected vs. actual activity.
- B . customer risk rating
- C . product risk rating.
- D . U.S. currency incoming vs. outgoing transaction rales.
A
Explanation:
The correct answer is A because the expected account activities were 1 to 5 transactions per year and around 1 million per transaction amount, but the actual activity showed much more frequent and varied transactions in different currencies and amounts. This indicates a deviation from the customer’s profile and risk level.
Reference: Advanced CAMS-FCI Study Guide, page 16
An investigator at a corporate bank is conducting transaction monitoring alerts clearance.
KYC profile background: An entity customer, doing business offshore in Hong Kong, established a banking business relationship with the bank since 2017 for deposit and loan purposes. It acts as an offshore investment holding company. The customer declared that the ongoing source of funds to this account comes from group-related companies.
• X is the UBO. and owns 97% shares of this entity customer;
• Y is is the authorized signatory of this entity customer.
This entity customer was previously the subject of a SAR/STR.
KYC PROFILE
Customer Name: AAA International Company. Ltd
Customer ID: 123456
Account Opened: June 2017
Last KYC review date: 15 Nov 2020
Country and Year of Incorporation: The British Virgin Islands, May 2017
AML risk level: High
Account opening and purpose: Deposits, Loans, and Trade Finance
Anticipated account activities: 1 to 5 transactions per year and around 1 million per transaction amount
During the investigation, the investigator reviewed remittance transactions activities for the period from Jul 2019 to Sep 2021 and noted the following transactions pattern:
TRANSACTION JOURNAL
Review dates: from July 2019 to Sept 2021 For Hong Kong Dollars (HKD) currency:
Incoming transactions: 2 inward remittances of around 1.88 million HKD in total from different third parties
Outgoing transactions: 24 outward remittances of around 9 4 million HKD in total to different third parties
For United States Dollars (USD) currency:
Incoming transactions: 13 inward remittances of around 3.3 million USD in total from different third parties
Outgoing transactions: 10 outward remittances of around 9.4 million USD in total to different third parties.
RFI Information and Supporting documents:
According to the RFI reply received on 26 May 2021, the customer provided the bank with the information below:
1J All incoming funds received in HKD & USD currencies were monies lent from non-customers of the bank. Copies of loan agreements had been provided as supporting documents. All of the loan agreements were in the same format and all the lenders are engaged in trading business.
2) Some loan agreements were signed among four parties, including among lenders. borrower (the bank’s customer), guarantor, and guardian with supplemental agreements, which stated that the customer, as a borrower, who failed to repay a loan
Which suspicious activity should the investigator identify during the review of the loan agreements?
- A . AAA International Company Ltd.’s account has transactions in HKD and USD.
- B . Y is the authorized signatory on the beneficial ownership form.
- C . Online information found that X is the chairman of a business group of companies.
- D . Y signed on behalf of the lenders.
D
Explanation:
The correct answer is D because it is a suspicious activity that Y, who is the authorized signatory of the customer, also signed on behalf of the lenders. This indicates a possible conflict of interest, collusion, or fraud. The other options are not suspicious activities based on the information given.
Reference: [Advanced CAMS-FCI Study Guide], page 17-18
An investigator at a corporate bank is conducting transaction monitoring alerts clearance.
KYC profile background: An entity customer, doing business offshore in Hong Kong, established a banking business relationship with the bank in 2017 for deposit and loan purposes. It acts as an offshore investment holding company.
The customer declared that the ongoing source of funds to this account comes from group-related companies.
• X is the UBO. and owns 97% shares of this entity customer;
• Y is the authorized signatory of this entity customer.
This entity customer was previously the subject of a SAR/STR.
KYC PROFILE
Customer Name: AAA International Company. Ltd
Customer ID: 123456
Account Opened: June 2017
Last KYC review date: 15 Nov 2020
Country and Year of Incorporation: The British Virgin Islands, May 2017
AML risk level: High
Account opening and purpose: Deposits, Loans, and Trade Finance
Anticipated account activities: 1 to 5 transactions per year and around 1 million per transaction amount
During the investigation, the investigator reviewed remittance transactions activities for the period from Jul 2019 to Sep 2021 and noted the following transactions pattern:
TRANSACTION JOURNAL
Review dates: from July 2019 to Sept 2021 For Hong Kong Dollars (HKD) currency:
Incoming transactions: 2 inward remittances of around 1.88 million HKD in total from different third parties
Outgoing transactions: 24 outward remittances of around 9 4 million HKD in total to different third parties
For United States Dollars (USD) currency:
Incoming transactions: 13 inward remittances of around 3.3 million USD in total from different third parties
Outgoing transactions: 10 outward remittances of around 9.4 million USD in total to different third parties.
RFI Information and Supporting documents:
According to the RFI reply received on 26 May 2021, the customer provided the bank with the information below:
1) All incoming funds received in HKD & USD currencies were monies lent from non-customers of the bank. Copies of loan agreements had been provided as supporting documents. All of the loan agreements were in the same format and all the lenders are engaged in trading business.
2) Some loan agreements were signed among four parties, including among lenders. borrower (the bank’s customer), guarantor, and guardian with supplemental agreements, which stated that the customer, as a borrower, who failed to repay the loan
Which additional information would support escalating this account for closure?
- A . The bank files SARs/STRs indicating that Y opened accounts for small companies located in close proximity to the bank.
- B . A follow-up request reveals that the account receives funds from loans, collects payments from group-related companies, and sends the payments to the lenders.
- C . A review of outward remittances reveals the same pattern of several simple steps for each transaction,
- D . A review of X’s personal bank account shows that X received wire transfers that aggregate the amounts transferred to the group-related companies.
C
Explanation:
A review of outward remittances reveals the same pattern of several simple steps for each transaction, which could indicate a layering scheme to obscure the origin and destination of the funds. This would support escalating this account for closure, as it is inconsistent with the customer’s declared purpose and anticipated activities. The other options are not relevant or sufficient to warrant account closure.
Reference: Advanced CAMS-FCI Certification | ACAMS
An investigator at a corporate bank is conducting transaction monitoring alerts clearance.
KYC profile background: An entity customer, doing business offshore in Hong Kong, established a banking business relationship with the bank since 2017 for deposit and loan purposes. It acts as an offshore investment holding company. The customer declared that the ongoing source of funds to this account comes from group-related companies.
• X is the UBO. and owns 97% shares of this entity customer;
• Y is is the authorized signatory of this entity customer.
This entity customer was previously the subject of a SAR/STR.
KYC PROFILE
Customer Name: AAA International Company. Ltd
Customer ID: 123456
Account Opened: June 2017
Last KYC review date: 15 Nov 2020
Country and Year of Incorporation: The British Virgin Islands, May 2017
AML risk level: High
Account opening and purpose: Deposits, Loans and Trade Finance
Anticipated account activities: 1 to 5 transactions per year and around 1 million per transaction amount
During the investigation, the investigator reviewed remittance transactions activities for the period from Jul 2019 to Sep 2021 and noted the following transactions pattern:
TRANSACTION JOURNAL
Review dates: from July 2019 to Sept 2021 For Hong Kong Dollars (HKD) currency:
Incoming transactions: 2 inward remittances of around 1.88 million HKD in total from different third parties
Outgoing transactions: 24 outward remittances of around 9 4 million HKD in total to different third parties
For United States Dollars (USD) currency:
Incoming transactions: 13 inward remittances of around 3.3 million USD in total from different third parties
Outgoing transactions: 10 outward remittances of around 9.4 million USD in total to different third parties.
RFI Information and Supporting documents:
According to the RFI reply received on 26 May 2021, the customer provided the bank with the information below:
1) All incoming funds received in HKD & USD currencies were monies lent from non-customers of the bank. Copies of loan agreements had been provided as supporting documents. All of the loan agreements were in the same format and all the lenders are engaged in trading business.
2) Some loan agreements were signed among four parties, including among lenders. borrower (the bank’s customer), guarantor, and guardian with supplemental agreements, which stated that the customer, as a borrower, who failed to repay the loan
After reviewing the transaction journal, request for information response, and supporting documentation, the investigator determines that additional information is needed.
Which additional information should the investigator request?
- A . Previously filed SARVSTR unrelated to the customer, but similar in content
- B . Formation document/description of the group-related companies
- C . Source of the incoming funds to the group-related companies
- D . Adverse news screening on all names listed in the formation documents
C
Explanation:
The additional information that the investigator should request is the source of the incoming funds to the group-related companies. This is because the customer declared that the ongoing source of funds to this account comes from group-related companies, but the transaction journal shows that the customer received funds from different third parties, not from group-related companies. Therefore, the investigator should verify the relationship and legitimacy of these third parties and their funds with the customer and the group-related companies. The other options are not relevant or necessary for this investigation.
Reference: Advanced CAMS-FCI Certification | ACAMS
CLIENT INFORMATION FORM Client Name: ABC Tech Corp Client ID. Number: 08125 Name: ABC Tech Corp Registered Address: Mumbai, India Work Address: Mumbai, India Cell Phone: "*•"’" Alt Phone: "*""* Email: …….."
Client Profile Information:
Sector: Financial
Engaged in business from (date): 02 Jan 2020 Sub-sector: Software-Cryptocurrency Exchange Expected Annual Transaction Amount: 125,000 USD Payment Nature: Transfer received from clients’ fund
Received from: Clients
Received for: Sale of digital assets
The client identified itself as Xryptocurrency Exchange." The client has submitted the limited liability partnership deed. However, the bank’s auditing team is unable to identify the client’s exact business profile as the cryptocurrency exchange specified by the client as their major business awaits clearance from the country’s regulator. The client has submitted documents/communications exchanged with the regulator and has cited the lack of governing laws in the country of their operation as the reason for the delay.
During the financial crime investigation, the investigator discovers that some of the customer due diligence (CDD) documents submitted by the client were fraudulent. The investigator also finds that some of the information in the financial institution’s information depository is false.
What should the financial crime investigator do next?
- A . Report collusion between the cryptocurrency exchange and internal staff in the internal hotline or whistle-blowing channel.
- B . Request that the relationship manager conduct a CDD refresh as it is a material trigger.
- C . Escalate to the compliance officer/money laundering reporting officer to file a SAR/STR.
- D . Contact the client directly and obtain the relevant notarized documents and information.
C
Explanation:
The correct answer is C. Escalate to the compliance officer/money laundering reporting officer to file a SAR/STR. This is because the financial crime investigator has found evidence of fraudulent documents and false information, which indicate a high risk of money laundering or other financial crimes. The investigator should not contact the client directly, as this may tip them off or compromise the investigation. The investigator should also not report collusion between the cryptocurrency exchange and internal staff, as this is an assumption that has not been verified. The investigator should not request a CDD refresh, as this is not sufficient to address the serious issues identified.
Reference: Advanced CAMS-FCI Study Guide, page 291
Advanced CAMS-FCI Study Guide, page 311
Advanced CAMS-FCI Study Guide, page 331
1: https://www.acams.org/en/certifications/advanced-cams/advanced-financial-crimes-investigations
CLIENT INFORMATION FORM Client Name: ABC Tech Corp Client I.D. Number: 08125 Name: ABC
Tech Corp Registered Address: Mumbai, India Work Address: Mumbai. India Cell Phone: *■*•"― Alt
Phone: Email: *•*•*«•*•
Client Profile Information:
Sector: Financial
Engaged in business from (date): 02 Jan 2020
Sub-sector: Software-Cryptocurrency Exchange
Expected Annual Transaction Amount: 125.000 USD
Payment Nature: Transfer received from client’s fund
Received from: Clients
Received for: Sale of digital assets
The client identified themselves as "Cryptocurrency Exchange" Client has submitted the limited liability partnership deed. However, the bank’s auditing team is unable to identify the client’s exact business profile as the cryptocurrency exchange specified by the client as their major business awaits clearance from the country’s regulator. The client has submitted documents/communications exchanged with the regulator and has cited the lack of governing laws in the country of their operation as the reason for the delay.
Investigators determine the ultimate beneficial owner of ABC Tech Corp is a high-net-worth client. The client owns a real estate agency left to her when her spouse died. The spouse provided seed capital for ABC Tech Corp through a direct 1,000.000 Great British Pound (GBP) deposit.
What additional information would trigger filing a SAR/STR?
- A . The client’s spouse’s source of wealth was a salary of 250,000 GBP per annum for the past 4 years and rental of properties of 150,000 GBP per annum for the past 6 years.
- B . The client’s current net asset value is 8 million GBP, of which 7.5 million GBP was derived from the inheritance.
- C . An open-source search revealed that the client’s spouse was a PEP.
- D . The funds for the seed capital were in the form of 50 cashier’s checks of 10,000 GBP each and 50 money orders of 10,000 GBP.
D
Explanation:
The additional information that would trigger filing a SAR/STR is the fact that the funds for the seed capital were in the form of 50 cashier’s checks of 10,000 GBP each and 50 money orders of 10,000 GBP. This is because this indicates a possible attempt to avoid the reporting threshold of 10,000 GBP for cash transactions, which is a common money laundering technique known as structuring or
smurfing12. The other options are not necessarily suspicious, as they do not involve cash transactions or indicate any illicit source of funds. The fact that the client’s spouse was a PEP does not automatically make the transaction suspicious unless there are other red flags or risk factors associated with the PEP34
Reference: 1: Money Laundering Techniques 2: Structuring 3: Politically exposed person 4: PEP Definition & Meaning – Merriam-Webster
During transaction monitoring. Bank A learns that one of their customers. Med Supplies 123. is attempting to make a payment via wire totaling 382,500 USD to PPE Business LLC located in Mexico to purchase a large order of personal protective equipment. specifically surgical masks and face shields. Upon further verification. Bank A decides to escalate and refers the case to investigators. Bank A notes that, days prior to the above transaction, the same customer went to a Bank A location to wire 1,215,280 USD to Breath Well LTD located in Singapore. Breath Well was acting as an intermediary to purchase both 3-ply surgical masks and face shields from China. Bank A decided not to complete the transaction due to concerns with the involved supplier in China. Moreover, the customer is attempting to send a third wire in the amount of 350,000 USD for the purchase of these items, this time using a different vendor in China. The investigator must determine next steps in the investigation and what actions, if any. should be taken against relevant parties.
During the investigation, Bank A receives a USA PATRIOT Act Section 314(a) request related to Med Supplies 123.
Which steps should the investigator take when fulfilling the request? (Select Three.)
- A . Exit the relationship with the business since it appears that customer is under investigation.
- B . Do not respond to Financial Crimes Enforcement Network (FinCEN) if the requested information is not present in the financial institution’s system of records.
- C . Review the account(s) activity and proactively file a SAR/STR using the 314(a) request as the basis for the filing.
- D . Report to Financial Crimes Enforcement Network (FinCEN) that a match was found without revealing any other details.
- E . Report back to the Financial Crimes Enforcement Network (FinCEN) within 15 days of receipt of the request via a secure internet website.
- F . Search its records expeditiously to determine whether it maintains(ed) any accounts for the subject(s) listed in the request.
D, E, F
Explanation:
According to the FinCEN’s 314(a) Fact Sheet1, the steps that the investigator should take when fulfilling the request are:
Search its records expeditiously to determine whether it maintains(ed) any accounts for the subject(s) listed in the request.
This is option F.
Report back to the Financial Crimes Enforcement Network (FinCEN) within 15 days of receipt of the request via a secure internet website.
This is option E.
Report to Financial Crimes Enforcement Network (FinCEN) that a match was found without revealing any other details.
This is option D.
The other options are incorrect because:
Exiting the relationship with the business since it appears that customer is under investigation is not required by the 314(a) program and may interfere with law enforcement’s investigation. This is option A.
Not responding to Financial Crimes Enforcement Network (FinCEN) if the requested information is not present in the financial institution’s system of records is contrary to the 314(a) program, which requires financial institutions to respond whether or not they have a match. This is option B.
Reviewing the account(s) activity and proactively filing a SAR/STR using the 314(a) request as the basis for the filing is not appropriate, as the 314(a) request itself is not a sufficient reason to file a SAR/STR. The financial institution should only file a SAR/STR if it has its own independent suspicion of money laundering or terrorist financing.
This is option C.
Reference: 1: FinCEN’s 314(a) Fact Sheet
During transaction monitoring. Bank A learns that one of their customers. Med Supplies 123, is attempting to make a payment via wire totaling 382,500 USD to PPE Business LLC located in Mexico to purchase a large order of personal protective equipment. specifically surgical masks and face shields. Upon further verification. Bank A decides to escalate and refers the case to investigators. Bank A notes that, days prior to the above transaction, the same customer went to a Bank A location to wire 1,215,280 USD to Breath Well LTD located in Singapore. Breath Well was acting as an intermediary to purchase both 3-ply surgical masks and face shields from China. Bank A decided not to complete the transaction due to concerns with the involved supplier in China. Moreover, the customer is attempting to send a third wire in the amount of 350,000 USD for the purchase of these items, this time using a different vendor in China. The investigator must determine next steps in the investigation and what actions, if any. should be taken against relevant parties.
Upon further investigation. Bank As investigator learns that both the Mexico- and Singapore-based companies are linked to the alleged suppliers in China.
Which additional indicators would the investigator need to identify to determine if this fits a fentanyl (drug) trafficking typology? (Select Two.)
- A . Review of the invoices and transportation documents, provided by the customer, reveal significant discrepancies between the description of goods.
Internet research reveals that suppliers are newly established companies with no history of sales of medical equipment. - B . Review of the account activity reveals that wires were mainly funded by multiple cash deposits, conducted in amounts of 10.000 USD or below.
- C . Review of the Food and Drug Administration (FDA) product certifications provided by the customer reveals that documents were falsified.
- D . Review of the account activity reveals that account is inconsistent with the expected business activity as it shows multiple charges at various hotels, transportation tickets for unrelated 3rd parties, etc.
A, C
Explanation:
During transaction monitoring. Bank A learns that one of its customers. Med Supplies 123, is attempting to make a payment via wire totaling 382.500 USD to PPE Business LLC located in Mexico to purchase a large order of personal protective equipment. specifically surgical masks and face shields. Upon further verification. Bank A decides to escalate and refers the case to investigators. Bank A notes that days prior to the above transaction, the same customer went to a Bank A location to wire 1,215,280 USD to Breath Well LTD located in Singapore. Breath Well was acting as an intermediary to purchase both 3-ply surgical masks and face shields from China. Bank A decided not to complete the transaction due to concerns with the involved supplier in China. Moreover, the customer is attempting to send a third wire in the amount of 350,000 USD for the purchase of these items, this time using a different vendor in China. The investigator must determine the next steps in the investigation and what actions, if any. should be taken against relevant parties.
The investigator is gathering more information to determine if a SAR/STR filing is needed.
Which steps are the correct ways of collecting the additional information? (Select Two.)
- A . Reach out to the relationship manager asking if more up-to-date customer due diligence information can be collected on the customer.
- B . Use available documentation received from law enforcement (e.g.. grand jury subpoena) as red flags in SAR/STR filing.
- C . Reach out to the customer and ask for supporting documentation for the conducted wires to avoid SAR/STR filing.
- D . Conduct open-source research to determine if the customer and involved counterparties are in the same business field.
- E . Issue a USA PATRIOT ACT Section 314(b) request to participating financial institutions advising that information is needed to decide if the activity is suspicious.
A, D
Explanation:
The correct answer is A and C because these indicators suggest that the customer is using fraudulent documents and misrepresenting the goods to conceal the illicit nature of the transactions. Fentanyl traffickers often use front companies and falsified invoices to disguise their shipments as legitimate products, such as medical supplies or chemicals. Reviewing the invoices and transportation documents, as well as the FDA product certifications, can help to identify discrepancies or anomalies that indicate fraud or deception.
Reference: Fentanyl and Fentanyl Analogues: Federal Trends and Trafficking Patterns, page 18; Fentanyl Trafficking Offenses, page 2.
A client with many personal and business deposits with the financial institution (Fl) seeks a business loan. The client wants to guarantee the loan with a trust for which they are the beneficiary.
An investigator examines the trust. The trust has many layers, including shell companies in known tax havens. The client’s ultimate beneficial ownership claim cannot be validated, and the loan is denied. Two months later, the Fl receives a law enforcement (LE) request on one of the client’s business accounts. While reviewing the business account, the Fl receives another LE request on the same account from another agency. The requested information is shared.
Three months later, a branch manager receives a request to open a business deposit account related to a complex trust. The manager forwarded the request because of the complexity. The trust was the same as the previously examined trust, but the request came from a different client. The second client also has many accounts with the Fl. Further inspection finds links between the second client and the Paradise Papers. The Papers state the client led illegal activities and committed tax evasion.
What steps should the investigator take to review the accounts held by the second client who is listed in the Paradise Papers? (Select Two.)
- A . Recommend a SAR/STR be filed regarding the second client’s use of a questionable trust to open an account.
- B . Review all accounts being reviewed by AML investigators over the past year that have opened trust accounts.
- C . Inform Fl management of deficiencies in their AML program because the second client’s activities were not detected.
- D . Monitor all accounts and entities related to the second client
- E . Inform Fl management of the start of a serious risk-based investigation that could result in losses and reputation risk.
A, D
Explanation:
The investigator should recommend a SAR/STR be filed regarding the second client’s use of a questionable trust to open an account, as this could indicate an attempt to conceal the source and ownership of funds, and to evade taxes and sanctions. The investigator should also monitor all accounts and entities related to the second client, as they may be involved in illegal activities or pose a high risk to the FI. The investigator should not review all accounts that have opened trust accounts, as this would be too broad and inefficient. The investigator should not inform FI management of deficiencies in their AML program, as this is not their role or responsibility. The investigator should not inform FI management of the start of a serious risk-based investigation, as this may compromise the confidentiality and integrity of the investigation.
A client with many personal and business deposits with the financial institution (Fl) seeks a business loan. The client wants to guarantee the loan with a trust for which they are the beneficiary.
An investigator examines the trust. The trust has many layers, including shell companies in known tax havens. The client’s ultimate beneficial ownership claim cannot be validated, and the loan is denied. Two months later, the Fl receives a law enforcement (LE) request on one of the client’s business accounts. While reviewing the business account, the Fl receives another LE request on the same account from another agency. The requested information is shared.
Three months later, a branch manager receives a request to open a business deposit account related to a complex trust. The manager forwarded the request because of the complexity. The trust was the same as the previously examined trust, but the request came from a different client. The second client also has many accounts with the Fl. Further inspection finds links between the second client and the Paradise Papers. The Papers state the client led illegal activities and committed tax evasion.
What steps should the investigator perform in reference to the first client’s existing accounts? (Select
Three.)
- A . Review all client-signed documents relating to all accounts.
- B . File SARs/STRs for all accounts at the beginning of the discovery phase and amend later as necessary.
- C . Inform Fl management of all processes used to investigate the client due to LE inquiry.
- D . Perform secondary scans of the client’s other owners/authorized signers
- E . Review Fl approved policies regarding the existing accounts to ensure regulatory requirements were followed.
- F . Prepare a relationship flow chart of all existing accounts to better understand the client’s activities.
A, D, F
Explanation:
The investigator should review all client-signed documents relating to all accounts (A) to check for any discrepancies or red flags. The investigator should also perform secondary scans of the client’s other owners/authorized signers (D) to identify any possible connections or associations with the second client or the Paradise Papers. Additionally, the investigator should prepare a relationship flow chart of all existing accounts (F) to better understand the client’s activities and patterns. These steps are consistent with the ACAMS Advanced Financial Crimes Investigations Certification Study Guide1, which states that investigators should “review all relevant documentation, including account opening documents, transaction records, and customer correspondence” (p. 23), “conduct enhanced due diligence on all parties involved in the investigation” (p. 24), and “use data visualization tools to map out complex relationships and transactions” (p. 25).
Reference: 1: ACAMS Advanced Financial Crimes Investigations Certification Study Guide, available at ACAMS
Law enforcement (LE) suspects human trafficking to occur during a major sporting event LE officers asked several financial institutions (FIs) to monitor financial transactions occurring before, during, and after the event.
An investigator identified a pattern linked to a business. The business’ account received multiple even dollar deposits between midnight and 4:00 AM. They occurred each day for several days prior to the date of the sporting event. Also, large cash deposits, typically between 2,000 USD and 3,000 USD. made by a person to the business’ account occurred in many branches in the days after the sports event.
There was little information about the company. The company did not have any history of employee payroll expenses or paying taxes. Expenses from the business account included air travel and hotel expenses. Searches about the person making cash deposits showed little. An online social media platform webpage with the individual’s name showed ads for dates1′ and "companionship."
The Fl wants to create an automated alert for human trafficking money laundering after this investigation.
Which activity type should they target?
- A . Payments made to multiple hotels in the same city
- B . Multiple deposits between midnight and 4:00 AM
- C . Deposits made within days of major sporting events
- D . Payments made for virtual currency
B
Explanation:
The activity type that the FI should target for creating an automated alert for human trafficking money laundering is multiple deposits between midnight and 4:00 AM (B). This is because this pattern is consistent with the indicators of human trafficking identified by the Financial Action Task Force (FATF) and the Egmont Group1, which include:
Frequent cash deposits, often in round amounts, outside of normal business hours
Deposits made at different branches or ATMs in various locations
Lack of information about the nature and purpose of the business
Involvement in online platforms that advertise sexual services
Expenses related to travel and accommodation
The other options are not as relevant or specific as option B. Payments made to multiple hotels in the same city (A) could be a legitimate business expense or a sign of other types of money laundering, such as tax evasion or fraud. Deposits made within days of major sporting events © could also be explained by other factors, such as increased tourism or gambling. Payments made for virtual currency (D) are not directly related to human trafficking, although they could be used to facilitate money laundering in general.
Reference: 1: FATF and Egmont Group, Financial Flows from Human Trafficking, July 2018, available at FATF
Law enforcement (LE) suspects human trafficking to occur during a major sporting event. LE officers asked several financial institutions (FIs) to monitor financial transactions occurring before, during, and after the event.
An investigator identified a pattern linked to a business. The business’ account received multiple even dollar deposits between midnight and 4:00 AM. They occurred each day for several days prior to the date of the sporting event. Also, large cash deposits, typically between 2,000 USD and 3,000 USD. made by a person to the business’ account occurred in many branches in the days after the sports event.
There was little information about the company. The company did not have any history of employee payroll expenses or paying taxes. Expenses from the business account included air travel and hotel expenses. Searches about the person making cash deposits showed little. An online social media platform webpage with the individual’s name showed ads for dates" and "companionship."
The Fl receives a keep open’ letter from LE for the identified account and agrees to keep the account open.
What is the Fl required to do?
- A . Contact the client for information relating to the account.
- B . Stop filing SAR/STR reports on the account and/or customer.
- C . Ensure that the request includes an end date.
- D . Notify LE immediately after new transactions.
C
Explanation:
The FI is required to ensure that the request includes an end date © when it receives a keep open letter from LE for the identified account. This is because the FI has to balance its legal obligations to cooperate with LE and to protect its customers’ privacy and rights. According to the ACAMS Advanced Financial Crimes Investigations Certification Study Guide1, “the FI should request a written confirmation from LE that includes a specific end date for the request, as well as a point of contact for any questions or concerns” (p. 35). The FI should also document the request and its compliance with it, and continue to monitor the account for any suspicious activity.
The other options are not correct. The FI should not contact the client for information relating to the account (A), as this could compromise the LE investigation or alert the client of the suspicion. The FI should not stop filing SAR/STR reports on the account and/or customer (B), as this could violate its regulatory obligations and expose it to legal risks. The FI should not notify LE immediately after new transactions (D), as this could also interfere with the LE investigation or tip off the client. The FI should follow the instructions of LE regarding when and how to share information.
Law enforcement (LE) suspects human trafficking to occur during a major spotting event. LE officers asked several financial institutions (FIs) to monitor financial transactions occurring before, during, and after the event.
An investigator identified a pattern linked to a business. The business* account received multiple even dollar deposits between midnight and 4:00 AM. They occurred each day for several days prior to the date of the sporting event. Also, large cash deposits, typically between 2,000 USD and 3.000 USD. made by a person to the business’ account occurred in many branches in the days after the sports event
There was little information about the company. The company did not have any history of employee payroll expenses or paying taxes. Expenses from the business account included air travel and hotel expenses. Searches about the person making cash deposits showed little. An online social media platform webpage with the individual’s name showed ads for dates" and "companionship."
If the investigator uncovers evidence that foreign nationals are involved in this activity, they should also note the possible presence of:
- A . tax fraud.
- B . black market peso exchange.
- C . trade-based laundering.
- D . human smuggling.
D
Explanation:
If the investigator uncovers evidence that foreign nationals are involved in this activity, they should also note the possible presence of human smuggling (D). This is because human smuggling is the illegal movement of people across borders, often facilitated by criminal networks that exploit vulnerable migrants. According to the FATF and Egmont Group report on Financial Flows from Human Trafficking2, “human smuggling can be closely linked to human trafficking, as smuggled migrants may become victims of trafficking along their journey or at their destination” (p. 9).
The report also states that some indicators of human smuggling are similar to those of human trafficking, such as:
Frequent cash deposits or withdrawals in different locations
Use of false or fraudulent identification documents
Expenses related to travel and accommodation
Involvement in online platforms that advertise sexual services
The other options are not as relevant or specific as option D. Tax fraud (A) is the evasion of taxes by individuals or businesses, which may or may not be related to human trafficking or smuggling. Black market peso exchange (B) is a money laundering scheme that involves exchanging illicit proceeds in one currency for another currency at a discounted rate, which is more commonly associated with drug trafficking or trade-based laundering. Trade-based laundering © is the manipulation of trade transactions to disguise the origin and ownership of illicit funds, which is also more likely to be linked to drug trafficking or other types of fraud.
Reference: 1: ACAMS Advanced Financial Crimes Investigations Certification Study Guide, available at ACAMS 2: FATF and Egmont Group, Financial Flows from Human Trafficking, July 2018, available at FATF
Law enforcement (LE) suspects human trafficking to occur during a major spotting event. LE officers asked several financial institutions (FIs) to monitor financial transactions occurring before, during, and after the event.
An investigator identified a pattern linked to a business. The business* account received multiple even dollar deposits between midnight and 4:00 AM. They occurred each day for several days prior to the date of the sporting event. Also, large cash deposits, typically between 2,000 USD and 3.000 USD. made by a person to the business’ account occurred in many branches in the days alter the sports event.
There was little information about the company. The company did not have any history of employee payroll expenses or paying taxes. Expenses from the business account included air travel and hotel expenses. Searches about the person making cash deposits showed little. An online social media platform webpage with the individual’s name showed ads for dates" and "companionship."
Which fact should not be included in (he SAR/STR narrative?
- A . The air travel and hotel expenses
- B . The time of the cash deposits
- C . The sporting event
- D . The request by law enforcement
B
Explanation:
The fact that should not be included in the SAR/STR narrative is the request by law enforcement (D). This is because the request by law enforcement is confidential and should not be disclosed to the customer or anyone else who is not authorized to know it. According to the ACAMS Advanced Financial Crimes Investigations Certification Study Guide1, “the FI should not include any reference to the LE request in the SAR/STR narrative, as this could compromise the LE investigation or alert the customer of the suspicion” (p. 35). The FI should also not inform the customer of the LE request or delay filing the SAR/STR because of it.
The other facts should be included in the SAR/STR narrative, as they are relevant and indicative of human trafficking money laundering. The air travel and hotel expenses (A) show that the customer is involved in moving people across different locations, which could be a sign of human smuggling or trafficking. The time of the cash deposits (B) shows that the customer is receiving cash payments during unusual hours, which could be a sign of illicit activities or services. The sporting event © shows that the customer is exploiting a high-demand situation for their business, which could be a sign of opportunistic or organized crime.
Each month the automated transaction monitoring system generates alerts based on predetermined scenarios. An alert was generated in relation to the account activity of ABC Foundation.
Below is the transaction history for ABC Foundation (dates are in DD/MM/YYYY format).
The relationship manager for ABC Foundation contacts the client to request more information on the beneficiary of the transfer in Turkey. ABC Foundation advises that this is a not-for-profit charity group called ‘Forever Free."
Which is the best next step in the investigation?
- A . Contact the financial institution in Turkey that has a relationship with Forever Free and advise them of the investigation.
- B . Update the customer profile to include Forever Free as the recipient of the funds.
- C . Check the junsdiction’s list of known chanties with connections to terrorist activity.
- D . File a SAR/STR with the new information learned about the beneficiary.
C
Explanation:
The best next step in the investigation is to check the jurisdiction’s list of known charities with connections to terrorist activity ©. This is because the FI has a responsibility to verify the legitimacy and reputation of the beneficiary of the funds, especially if it is a charity or non-profit organization that operates in a high-risk jurisdiction or sector. According to the ACAMS Advanced Financial Crimes Investigations Certification Study Guide1, “the FI should conduct enhanced due diligence on all parties involved in the investigation, including checking various sources of information, such as watch lists, sanctions lists, negative news, and official registries” (p. 24). The FI should also check if the beneficiary is consistent with the customer’s profile and expected activity.
The other options are not as appropriate or effective as option C. Contacting the financial institution in Turkey that has a relationship with Forever Free and advising them of the investigation (A) could violate confidentiality or data protection laws, as well as compromise the investigation or alert the customer or beneficiary of the suspicion. Updating the customer profile to include Forever Free as the recipient of the funds (B) could be premature or inaccurate, as it does not verify the nature and purpose of the transfer or the identity and legitimacy of the beneficiary. Filing a SAR/STR with the new information learned about the beneficiary (D) could also be premature or incomplete, as it does not confirm if there is any suspicious or criminal activity involved in the transfer or if there are any other red flags or indicators.
An analyst reviews an alert for high volume Automated Clearing House (ACH) activity in an account. The analyst’s initial research finds the account is for a commercial daycare account that receives high volumes of large government-funded ACH transactions to support the programs. The account activity consists of checks (cheques) made payable to individual names in varying dollar amounts. One check indicates rent to another business.
An Internet search finds that the daycare company owner has previous government-issued violations for safety and classroom size needs, such as not having enough chairs and tables per enrollee. These violations were issued to a different daycare name.
Simultaneous to this investigation, another analyst sends an email about negative news articles referencing local child/adult daycare companies misusing governmental grants. This prompts the financial institution (Fl) to search all businesses for names containing daycare’ or care*. Text searches return a number of facilities as customers at the Fl and detects that three of these businesses have a similar transaction flow of high volume government ACH funding with little to no daycare expenses. The analyst determines that site visits should be conducted for the three daycare businesses.
Which observations at the on-site visits would justify writing a SAR/STR? (Select Three.)
- A . Signs of severe wear and poor maintenance at the site
- B . A site located in a commercial building
- C . Lights turned off at the site during operational hours
- D . Visible attendance with children being dropped off by parents
- E . Visible signage indicating the purpose of the building
- F . A full parking lot of cars with no staff at the site
A, C, F
Explanation:
The observations at the on-site visits that would justify writing a SAR/STR are signs of severe wear and poor maintenance at the site (A), lights turned off at the site during operational hours ©, and a full parking lot of cars with no staff at the site (F). These observations suggest that the daycare businesses are not operating legitimately or providing adequate services to their customers, and that they may be misusing governmental grants or laundering money through their accounts.
These observations are consistent with some of the red flags for fraud identified by ACAMS2, such as:
Inadequate facilities or equipment for the type of business
Lack of visible activity or customers at the business location
Discrepancy between reported income and expenses
Unusual volume or frequency of transactions
The other observations are not as relevant or indicative of fraud as options A, C, and F. A site located in a commercial building (B) could be a normal or legitimate choice for a daycare business, depending on its size, location, and availability. Visible attendance with children being dropped off by parents (D) could show that the daycare business is providing genuine services to its customers, although it does not rule out possible fraud or money laundering. Visible signage indicating the purpose of building (E) could also show that the daycare business is transparent and legitimate, although it does not guarantee its quality or compliance.
Reference: 1: ACAMS Advanced Financial Crimes Investigations Certification Study Guide, available at ACAMS 2: ACAMS Fraud Prevention eLearning Course Module 3: Fraud Detection Techniques
An analyst reviews an alert for high volume Automated Clearing House (ACH) activity in an account. The analyst’s initial research finds the account is for a commercial daycare account that receives high volumes of large government-funded ACH transactions to support the programs. The account activity consists of checks (cheques) made payable to individual names in varying dollar amounts. One check indicates rent to another business.
An Internet search finds that the daycare company owner has previous government-issued violations for safety and classroom size needs, such as not having enough chairs and tables per enrollee. These violations were issued to a different daycare name.
Simultaneous to this investigation, another analyst sends an email about negative news articles referencing local child/adult daycare companies misusing governmental grants. This prompts the financial institution (Fl) to search all businesses for names containing ‘daycare’ or •care’. Text searches return a number of facilities as customers at the Fl and detects that three of these businesses have a similar transaction flow of high volume government ACH funding with little to no daycare expenses.
Which red flags would be an indicator that activity is connected to a corruption/bribery typology? (Select Two.)
- A . Large checks issued to various individuals with the memos noting "gift", "thank you", "favor"
- B . Negative news found on the customer related to government-issued violations for safety
- C . Checks issued to an unrelated entity referencing "rent" and "utilities" in the memos
- D . Multiple daycare locations with no active business operations or related account activity
- E . The same beneficial owner owning several daycare centers in different locations
A, B
Explanation:
The red flags that would be an indicator that activity is connected to a corruption/bribery typology are large checks issued to various individuals with the memos noting “gift”, “thank you”, “favor” (A) and negative news found on the customer related to government-issued violations for safety (B).
These red flags suggest that the customer is involved in paying or receiving bribes or kickbacks to or from government officials or other parties in exchange for favorable treatment or contracts. These red flags are consistent with some of the indicators of corruption/bribery identified by ACAMS1, such as:
Payments made to or from third parties that are not directly related to the business Payments made to or from high-risk jurisdictions or sectors
Payments made with vague or incomplete descriptions or justifications Negative news or reputation of the customer or its associates
The other options are not as relevant or indicative of corruption/bribery as options A and B. Checks issued to an unrelated entity referencing “rent” and “utilities” in the memos © could be a legitimate business expense or a sign of other types of fraud or money laundering, such as tax evasion or shell company schemes. Multiple daycare locations with no active business operations or related account activity (D) could also be a sign of other types of fraud or money laundering, such as embezzlement or front company schemes. The same beneficial owner owning several daycare centers in different locations (E) could be a normal or legitimate business practice, depending on the size, location, and profitability of the centers.
An analyst reviews an alert for high volume Automated Clearing House (ACH) activity in an account. The analyst’s initial research finds the account is for a commercial daycare account that receives high volumes of large government-funded ACH transactions to support the programs. The account activity consists of checks (cheques) made payable to individual names in varying dollar amounts. One check indicates rent to another business.
An Internet search finds that the daycare company owner has previous government-issued violations for safety and classroom size needs, such as not having enough chairs and tables per enrollee. These violations were issued to a different daycare name.
Simultaneous to this investigation, another analyst sends an email about negative news articles referencing local child/adult daycare companies misusing governmental grants. This prompts the financial institution (Fl) to search all businesses for names containing daycare’ or ‘care1. Text searches return a number of facilities as customers at the Fl and detects that three of these businesses have a similar transaction flow of high volume government ACH funding with little to no daycare expenses. During the investigation, it was determined that some of the checks were issued to a mother-in-law of a PEP and deposited into her account with the Fl. This customer was not found on the Fl’s PEP list.
How should the investigator proceed in this situation"? (Select Two.)
- A . Conduct the investigation as usual, since the activity in question is not directly connected to the PEP.
- B . Reter the newly identified customers account for closure due to the high risk associated with the potential PEP.
- C . Use this case as an example to train employees to recognize potential PEPs during their investigation process.
- D . Send a referral to Sanctions/List Screening, or similar department/responsible individual, to ensure that the customer due diligence information is up to date.
- E . File a SAR/STR due to the potential involvement of a PEP.
A, D
Explanation:
The investigator should proceed in this situation by conducting the investigation as usual, since the activity in question is not directly connected to the PEP (A) and sending a referral to Sanctions/List Screening, or similar department/responsible individual, to ensure that the customer due diligence information is up to date (D). These actions are appropriate and prudent, as they allow the investigator to continue their analysis of the suspicious activity without being biased by the potential PEP status of the customer’s relative, and they ensure that the FI has accurate and current information about its customers and their associates. According to the ACAMS Advanced Financial Crimes Investigations Certification Study Guide1, “the FI should conduct enhanced due diligence on all parties involved in the investigation, including checking various sources of information, such as watch lists, sanctions lists, negative news, and official registries” (p. 24). The FI should also “update the customer profile with any new information obtained during the investigation” (p. 25).
The other options are not correct. The investigator should not refer the newly identified customer’s account for closure due to the high risk associated with the potential PEP (B), as this could be premature or disproportionate, as well as potentially discriminatory or illegal. The investigator should not file a SAR/STR due to the potential involvement of a PEP (E), as this could also be premature or unnecessary, as well as potentially misleading or inaccurate. The investigator should not use this case as an example to train employees to recognize potential PEPs during their investigation process ©, as this could violate confidentiality or data protection laws, as well as compromise the investigation or alert the customer or their relative of the suspicion.
Reference: 1: ACAMS Advanced Financial Crimes Investigations Certification Study Guide, available at ACAMS
An analyst reviews an alert for high volume Automated Clearing House (ACH) activity in an account. The analyst’s initial research finds the account is for a commercial daycare account that receives high volumes of large government-funded ACH transactions to support the programs. The account activity
consists of checks (cheques) made payable to individual names in varying dollar amounts. One check indicates rent to another business.
An Internet search finds that the daycare company owner has previous government-issued violations for safety and classroom size needs, such as not having enough chairs and tables per enrollee. These violations were issued to a different daycare name.
Simultaneous to this investigation, another analyst sends an email about negative news articles referencing local child/adult daycare companies misusing governmental grants. This prompts the financial institution (Fl) to search all businesses for names containing daycare’ or "care*. Text searches return a number of facilities as customers at the Fl and detects that three of these businesses have a similar transaction flow of high volume government ACH funding with little to no daycare expenses.
During the investigation, new suspicious patterns and trends related to check cashing are observed. The Fl decides to conduct a training to ensure that 1) the AML program is robust and 2) the training program is relevant and appropriate.
Which parties should be trained on emerging trends and red flags? (Select Two.)
- A . Financial crimes investigation unit
- B . Loan department
- C . Branch personnel
- D . Senior management
- E . The board of directors
A, C
Explanation:
The parties that should be trained on emerging trends and red flags are the financial crimes investigation unit (A) and the branch personnel ©. These parties are directly involved in detecting, investigating, and reporting suspicious activity related to check cashing or other types of fraud or money laundering. According to the ACAMS Advanced Financial Crimes Investigations Certification Study Guide1, “the FI should provide regular and relevant training to its staff on the AML program, policies, procedures, and systems, as well as on the latest typologies, indicators, and best practices for financial crimes investigations” (p. 36). The FI should also “ensure that the training is tailored to the specific roles and responsibilities of the staff, and that it is updated and evaluated periodically” (p. 36).
The other parties are not as relevant or appropriate as options A and C. The loan department (B) is not directly related to check cashing or other types of fraud or money laundering, although it may have some exposure to credit or identity fraud. The senior management (D) is responsible for overseeing and supporting the AML program, but not for conducting or supervising financial crimes investigations. The board of directors (E) is responsible for approving and reviewing the AML program, but not for implementing or monitoring it.
Reference: 1: ACAMS Advanced Financial Crimes Investigations Certification Study Guide, available at ACAMS
A KYC specialist from the first line of defense at a bank initiates an internal escalation based on a
letter of credit received by the bank.
MEMO To: Jane Doe. Compliance Manager, Bank B From: Jack Brown, KYC Specialist, Bank B RE: Concerning letter of credit A letter of credit (LC) was received from a correspondent bank. Bank A. in Country A. in Asia with strict capital controls, providing guarantee of payment to Bank B’s client for the export of 10 luxury cars located in Country B. located in Europe. Bank A’s customer is a general in the army where Bank A is headquartered.
The information contained in the LC is as follows:
• Advising amount per unit 30.000.00 EU •10 units of BMW
• Model IX3
• Year of registration: 2020
Upon checks on Bank B’s client, the exporter mentioned that the transactions were particularly important, and a fast process would be much appreciated in order to avoid reputational damage to the firm and the banks involved in the trade finance process. The exporter has a longstanding relationship with Bank B and was clearly a good income generator. The exporter indicated that, as a general, the importer was trustworthy.
The relationship manager <RM) was contacted to conduct a full review of the exporter and to conduct a site visit.
Feedback from the RM:
The RM contacted the exporter for a client courtesy visit, but it was rearranged four times as the exporter kept cancelling the appointments. When the exporter was finally pinned down for an interview, employees were reluctant to provide clear answers about the basis of the transaction. The employees were evasive when asked about the wider business and trade activity in the country.
Findings from the investigation from various internal and external sources of information:
• There were no negative news or sanctions hits on the exporter company, directors, and shareholders.
• The registered address of the exporting business was a residential address.
• The price of the cats was checked and confirmed to be significantly below the market price of approximately 70,000 EU, based on manufacturer’s new price guide.
• The key controllers behind the exporting company, that is the directors and During the investigation, the investigator determines that a nephew of the general (Bank A’s customer) is a customer at Bank B.
Which step should the investigator take next?
- A . File a SAR/STR in relation to corruption involving the nephew and the general.
- B . Determine whether there is a business relationship between the nephew and the general.
- C . Seek senior management approval to continue the relationship with the nephew.
- D . Flag the nephew as a PEP by association.
D
Explanation:
The step that the investigator should take next is to flag the nephew as a PEP by association (D). This is because the nephew is related to a general who is a senior military official and a customer of Bank A, which is a high-risk jurisdiction with strict capital controls. According to the ACAMS Advanced Financial Crimes Investigations Certification Study Guide1, “the FI should identify and flag any customers who are PEPs or have close associations with PEPs, such as family members or business partners” (p. 24). The FI should also conduct enhanced due diligence on these customers and monitor their transactions for any suspicious or unusual activity.
The other options are not correct. The investigator should not file a SAR/STR in relation to corruption involving the nephew and the general (A), as this could be premature or unnecessary, as there is no evidence of corruption or criminal activity between them. The investigator should not determine whether there is a business relationship between the nephew and the general (B), as this is not relevant or material to the investigation, as the nephew and the general are customers of different banks and are not involved in the same transaction. The investigator should not seek senior management approval to continue the relationship with the nephew ©, as this could be premature or disproportionate, as there is no indication that the nephew poses a high risk or requires termination.
Reference: 1: ACAMS Advanced Financial Crimes Investigations Certification Study Guide, available at ACAMS
A KYC specialist from the first line of defense at a bank initiates an internal escalation based on a
letter of credit received by the bank.
MEMO
To: Jane Doe. Compliance Manager, Bank B From: Jack Brown, KYC Specialist, Bank B RE: Concerning letter of credit A letter of credit (LC) was received from a correspondent bank. Bank A. in Country A. in Asia with strict capital controls, providing guarantee of payment to Bank B’s client for the export of 10 luxury cars located in Country B. located in Europe. Bank A’s customer is a general in the army where Bank A is headquartered.
The information contained in the LC is as follows:
• Advising amount per unit 30.000.00 EU
•10 units of BMW
• Model IX3
• Year of registration: 2020
Upon checks on Bank B’s client, the exporter mentioned that the transactions were particularly important, and a fast process would be much appreciated in order to avoid reputational damage to the firm and the banks involved in the trade finance process. The exporter has a longstanding relationship with Bank B and was clearly a good income generator. The exporter indicated that, as a general, the importer was trustworthy.
The relationship manager <RM) was contacted to conduct a full review of the exporter and to conduct a site visit.
Feedback from the RM:
The RM contacted the exporter for a client courtesy visit, but it was rearranged four times as the exporter kept cancelling the appointments. When the exporter was finally pinned down for an interview, employees were reluctant to provide clear answers about the basis of the transaction. The employees were evasive when asked about the wider business and trade activity in the country.
Findings from the investigation from various internal and external sources of information:
• There were no negative news or sanctions hits on the exporter company, directors, and shareholders.
• The registered address of the exporting business was a residential address.
• The price of the cats was checked and confirmed to be significantly below the market price of approximately 70,000 EU, based on manufacturer’s new price guide.
• The key controllers behind the exporting company, that is the directors and
During the investigation, the investigator determines that a nephew of the general…..
- A . should be treated well to avoid reputational damage to the bank
- B . is a high-net-worth individual
- C . should be flagged as a senior PEP.
- D . is a trustworthy source.
C
Explanation:
The investigator should determine that a nephew of the general (Bank A’s customer) should be flagged as a senior PEP ©. This is because the nephew is related to a senior military official who is a customer of Bank A, which is a high-risk jurisdiction with strict capital controls. According to the ACAMS Advanced Financial Crimes Investigations Certification Study Guide1, “the FI should identify and flag any customers who are PEPs or have close associations with PEPs, such as family members or business partners” (p. 24). The FI should also conduct enhanced due diligence on these customers and monitor their transactions for any suspicious or unusual activity.
The other options are not correct. The investigator should not determine that a nephew of the general should be treated well to avoid reputational damage to the bank (A), as this could compromise the integrity and objectivity of the investigation, as well as expose the bank to legal or regulatory risks. The investigator should not determine that a nephew of the general is a high-net-worth individual (B), as this is not relevant or material to the investigation, as the nephew’s wealth does not affect his potential PEP status or risk level. The investigator should not determine that a nephew of the general is a trustworthy source (D), as this could be biased or inaccurate, as the nephew’s trustworthiness does not depend on his relation to the general or his involvement in the transaction.
Reference: 1: ACAMS Advanced Financial Crimes Investigations Certification Study Guide, available at ACAMS
An investigator is reviewing a case generated from the transaction monitoring system, with two large amounts of incoming remittance (IR) to an individual customer. Based on the KYC profile, the customer is a plant manager of a famous multi-national electronics manufacturing firm. As the customer has no similarly large transaction patterns for the past 2 years, the investigator sends an inquiry to the relationship manager (RM) about the nature of the transaction. The RM replies that the transaction is a consultancy fee provided from two different electronics companies with a debit note provided However, there is no detail of service provided on the debit note, and the remitters are two individuals.
Which actions should the investigator recommend to mitigate risk? (Select Two.)
- A . Exit the relationship with the customer.
- B . Document and maintain a file with the investigative findings.
- C . Discuss the investigation findings with the customer.
- D . Conduct enhanced due diligence.
- E . Re-evaluate the customer risk profile.
D, E
Explanation:
The actions that the investigator should recommend to mitigate risk are conducting enhanced due diligence (D) and re-evaluating the customer risk profile (E). These actions are appropriate and prudent, as they allow the investigator to obtain more information and evidence about the nature and purpose of the transactions, the source and destination of the funds, and the identity and legitimacy of the parties involved. According to the ACAMS Advanced Financial Crimes Investigations Certification Study Guide1, “the FI should conduct enhanced due diligence on all parties involved in the investigation, including checking various sources of information, such as watch lists, sanctions lists, negative news, and official registries” (p. 24). The FI should also “re-assess the customer risk profile based on any new information obtained during the investigation, and adjust the customer due diligence and monitoring requirements accordingly” (p. 25).
The other options are not as appropriate or effective as options D and E. The investigator should not recommend exiting the relationship with the customer (A), as this could be premature or disproportionate, as well as potentially discriminatory or illegal. The investigator should not recommend documenting and maintaining a file with the investigative findings (B), as this is not an action to mitigate risk, but rather a standard procedure for any investigation. The investigator should not recommend discussing the investigation findings with the customer ©, as this could compromise the integrity and objectivity of the investigation, as well as expose the FI to legal or regulatory risks.
Reference: 1: ACAMS Advanced Financial Crimes Investigations Certification Study Guide
Which statement most accurately characterizes the methods used by transnational criminal organizations?
- A . They are unlikely to associate with known terrorist organizations due to the reputational risks.
- B . They are likely to specialize in one particular method and continue to refine that method to escape detection.
- C . They routinely engage in many different types of criminal activities as long as they think it will benefit them.
- D . They see each other as competitors and rarely cooperate.
C
Explanation:
The statement that most accurately characterizes the methods used by transnational criminal organizations is that they routinely engage in many different types of criminal activities as long as they think it will benefit them ©. This is because transnational criminal organizations are flexible and adaptable, and they exploit opportunities and vulnerabilities in different markets and jurisdictions. According to ACAMS2, “Transnational criminal organizations are involved in a wide range of illicit activities, such as drug trafficking, human trafficking, arms trafficking, money laundering, cybercrime, environmental crime, fraud, corruption, and terrorism” (p. 3). They also “operate across borders and regions, using complex networks and structures to evade detection and prosecution” (p. 3).
The other statements are not as accurate or comprehensive as option
C. Transnational criminal organizations are unlikely to associate with known terrorist organizations due to the reputational risks (A) is false, as transnational criminal organizations may collaborate or cooperate with terrorist organizations for mutual benefit or convenience, such as sharing resources, routes, or contacts. Transnational criminal organizations are likely to specialize in one particular method and continue to refine that method to escape detection (B) is false, as transnational criminal organizations may diversify or change their methods depending on the circumstances or opportunities, such as shifting products, markets, or modus operandi. Transnational criminal organizations see each other as competitors and rarely cooperate (D) is false, as transnational criminal organizations may form alliances or partnerships with other criminal groups for strategic or tactical reasons, such as sharing information, expertise, or influence.
Reference: ACAMS Transnational Organized Crime eLearning Course Module 1: Introduction to Transnational Organized Crime
Law enforcement agents arrive at a broker-dealer’s premises with a search warrant.
In addition to cooperation with the warrant, which instructions should the person in charge of the broker-dealer provide to their employees?
- A . Take notes on the questions and comments made by the agents.
- B . Sign consent forms permitting the agents to search employees’ offices.
- C . Provide agents with unlimited access to customers’ personal data.
- D . Volunteer information not requested by the agents that the employees think may be useful.
A
Explanation:
The instruction that the person in charge of the broker-dealer should provide to their employees is to take notes on the questions and comments made by the agents (A). This is because taking notes can help the employees to recall and document what happened during the search warrant execution, which can be useful for legal or regulatory purposes. According to ACAMS3, “the FI should instruct its staff to cooperate with LE agents during a search warrant execution, but also to take notes of what is being searched, seized, or asked by the agents” (p. 35). The FI should also “keep copies of any documents or records that are taken by LE agents” (p. 35).
The other instructions are not correct. The person in charge of the broker-dealer should not instruct their employees to sign consent forms permitting the agents to search employees’ offices (B), as this is unnecessary and potentially risky, as the agents already have a valid search warrant that authorizes them to search the premises. The person in charge of the broker-dealer should not instruct their employees to provide agents with unlimited access to customers’ personal data ©, as this could violate privacy or data protection laws, as well as compromise customer trust and confidentiality. The person in charge of the broker-dealer should not instruct their employees to volunteer information not requested by the agents that they think may be useful (D), as this could interfere with the LE investigation or expose them to legal or regulatory risks.
Reference: Introduction to Transnational Organized Crime
ACAMS Law Enforcement and Financial Crimes Investigations eLearning Course Module Law Enforcement Requests and Actions
Due to an ever-diversifying business model and multi-jurisdictional footprint, a casino has decided to outsource the source of funds and wealth checks to a third-party provider.
Why is it important for the casino to maintain control of the output from the provider?
- A . Clients of the casino prefer to know that the casino is keeping their information secure when being held by a third-party.
- B . As with all third-party relationships, proper control must be maintained to ensure profitability.
- C . The casino maintains ultimate responsibility for this activity and should maintain control to avoid non-compliance.
- D . Other casinos are frequently looking to reduce costs and share ideas, so if this relationship is successful, the model can be used by other businesses.
C
Explanation:
The reason why it is important for the casino to maintain control of the output from the provider is that the casino maintains ultimate responsibility for this activity and should maintain control to avoid non-compliance ©. This is because the casino is accountable for its own AML/CFT obligations and cannot delegate or outsource them to a third-party provider. According to the ACAMS Advanced Financial Crimes Investigations Certification Study Guide1, “the FI should ensure that it has adequate oversight and control over any third-party providers that it engages for AML/CFT purposes, such as conducting due diligence, verifying information, or monitoring transactions” (p. 25). The FI should also “review and evaluate the performance and quality of the third-party providers on a regular basis, and address any issues or gaps that may arise” (p. 25).
The other options are not as relevant or accurate as option
C. The clients of the casino prefer to know that the casino is keeping their information secure when being held by a third-party (A) is not a reason why the casino should maintain control of the output from the provider, but rather a customer expectation or preference. As with all third-party relationships, proper control must be maintained to ensure profitability (B) is not a reason why the casino should maintain control of the output from the provider, but rather a general business principle or objective. Other casinos are frequently looking to reduce costs and share ideas, so if this relationship is successful, the model can be used by other businesses (D) is not a reason why the casino should maintain control of the output from the provider, but rather a potential benefit or outcome.
The intended benefits of section 314(b) of the USA PATRIOT Act include: (Select Three.)
- A . sharing the existence and content of SARs/STRs with other participating FIs.
- B . participating FIs sharing information about suspicious activity by customers that may have otherwise gone unnoticed.
- C . providing mandatory results to law enforcement agencies so that they can more easily obtain useful information.
- D . expediting the filing of SARs/STRs due to the information sharing facilitated by 314(b).
- E . detecting money laundering and TF approaches and schemes across multiple financial institutions (FIs).
- F . obtaining additional information on customers or transactions regarding potential money laundering or terrorist financing (TF).
B, E, F
Explanation:
Section 314(b) of the USA PATRIOT Act allows financial institutions to share information with each other, under a safe harbor that offers protection from liability, in order to better identify and report potential money laundering or terrorist financing activities.
The intended benefits of this information sharing include:
Participating financial institutions sharing information about suspicious activity by customers that may have otherwise gone unnoticed. For example, if a customer is conducting transactions with multiple financial institutions that individually do not appear suspicious, but collectively indicate a pattern of money laundering or terrorist financing, the financial institutions can share this information and report it to the authorities.
Detecting money laundering and terrorist financing approaches and schemes across multiple financial institutions. For example, if a financial institution identifies a new typology or modus operandi of money laundering or terrorist financing, it can share this information with other financial institutions to help them prevent or detect similar activities by their customers.
Obtaining additional information on customers or transactions regarding potential money laundering or terrorist financing. For example, if a financial institution has incomplete or insufficient information on a customer or a transaction that raises suspicion, it can request more information from another financial institution that may have dealt with the same customer or transaction.
Reference: Section 314(b) | FinCEN.gov
Section 314(b) Fact Sheet – FinCEN.gov