CCAS Certified Cryptoasset Anti-Financial Crime Specialist Certification
Which situation indicates a high risk of tax evasion using cryptoassets? Someone attempts to open accounts at several domestic exchanges and is unwilling to answer questions about their activity. A business receives payment for goods and services in cryptoassets, but their balance sheet does not reference cryptoassets. A corporate entity has accounts at multiple exchanges with cryptoasset trading consistent with its stated business activities. A customer claims to have cryptoassets as a result of a divorce settlement or inheritance and is late in providing documentary evidence of the event.
A business receives payment for goods and services in cryptoassets, but their balance sheet does not reference cryptoassets.
Which business model would be considered a virtual asset service provider (VASP) under FATF's definition? A company that develops smart contracts which can be used to offer financial products and services A corporation that offers the safekeeping of cryptoassets as its main product A group of developers who write code for a decentralized, distributed software An e-commerce company that stores its own cryptoassets
A corporation that offers the safekeeping of cryptoassets as its main product. According to FATF's definition, the safekeeping of cryptoassets on behalf of others with the intention of making a profit would cause a corporation to be categorized as a VASP.
AML Foundations for Cryptoasset and Blockchain Which activity indicates potential smurfing? A customer uses false identity documents to undertake transactions and pass know your customer processes where it is required. A customer makes withdrawals from multiple cryptoasset ATMs in different locations over a short period of time. Several elderly customers with no prior experience working with cryptocurrency suddenly open accounts. A customer makes multiple fiat deposits at a cryptoasset ATM each day up to the standard deposit limit or at frequent intervals.
A customer makes multiple fiat deposits at a cryptoasset ATM each day up to the standard deposit limit or at frequent intervals. The activity that indicates potential smurfing is "a customer makes multiple fiat deposits at a cryptoasset ATM each day up to the standard deposit limit or at frequent intervals". Smurfing is a money-laundering technique that involves breaking up large transactions into smaller ones to evade regulatory scrutiny. Criminals use small, cumulative transactions to remain below financial reporting requirements and avoid detection1. Smurfing is a form of structuring, and it is illegal1. Multiple small transactions made by a customer at a cryptoasset ATM each day or at frequent intervals can be an indicator of smurfing
Practice Exam Questions Cryptoasset and Blockchain What triggered the creation of Bitcoin? A loss of trust in the banking sector following the 2008 economic crisis The realization that online banking systems needed to be developed A desire to replace cash as a means of payment The hope of establishing a global central bank
A loss of trust in the banking sector following the 2008 economic crisis. The creation of Bitcoin was triggered by a loss of trust in the banking sector following the 2008 economic crisis. Bitcoin was created in 2009 by an unknown person or group of people using the pseudonym Satoshi Nakamoto. The text embedded in the coinbase of the genesis block gives a clear indication of Satoshi Nakamoto's motive to create a new currency. The message is a headline from an article in the January 3, 2009 edition of The [London] Times. The article detailed the British government's failure to stimulate the economy following the 2008 financial crisis. Bitcoin was created as an alternative to traditional banking after its collapse in the 2008 financial crisis. It was designed to remove the third-party intermediaries that are traditionally required to conduct digital monetary transfers. Therefore, the statement "A loss of trust in the banking sector following the 2008 economic crisis" best describes what triggered the creation of Bitcoin.
AML Foundations for Cryptoasset and Blockchain A customer was convinced by a fraudster to accept US$25,000 through wire transfer. Then, the customer forwarded a significant portion to an unknown beneficiary. This scheme is best described as: A money mule Trade-based money laundering An alternative remittance system Smurfing
A money mule The scheme described is best described as "money muling." A money mule is someone who receives and moves money that came from victims of fraud. Criminals recruit money mules to help them transfer funds without detection by law enforcement. Money mules are often unaware that they are assisting with criminal activity, but some know that they have been recruited to assist in illegal activities. In this case, the customer was convinced by a fraudster to accept US$25,000 through wire transfer and then forwarded a significant portion to an unknown beneficiary, which is a typical money mule scenario. Knowingly moving money for illegal activities can lead to serious consequences, including criminal charges
What does the first transaction in a new block show? A payment to the miner for validating transactions A payment from one person to another A payment to a node for relaying transactions A payment by the node to the miner
A payment to the miner for validating transactions The first transaction in a new block shows a payment to the miner for validating transactions. This transaction is known as the coinbase transaction, and it is the first transaction in a new block that creates new bitcoins and rewards the miner for their work in validating transactions and adding them to the blockchain. The coinbase transaction is unique because it does not have any inputs and is created by the miner. The miner includes a newly minted amount of cryptocurrency as a reward for their work in mining the new block. Therefore, the statement "A payment to the miner for validating transactions" accurately describes what the first transaction in a new block shows.
AML Foundations for Cryptoasset and Blockchain According to the Financial Action Task Force, which red flag is most indicative of an attempt to conceal the source of funds from AML investigators at a cryptocurrency exchange? Multiple small cryptoasset deposits from several distinct accounts to the customer's account at the exchange in a short period of time Multiple cryptoasset deposits from unhosted wallets to the customer's account at the exchange A single transfer of cryptoassets from a coin mixing service to the customer's account at the exchange A single large cryptoasset deposit to the customer's account at the exchange from an address acting as the end-point of a successive series of rapid transfers
A single transfer of cryptoassets from a coin mixing service to the customer's account at the exchange.
Practice Exam Questions Cryptoasset and Blockchain Which statement is true about network vulnerabilities in terms of technology attacks on a blockchain? A network with a high percentage of honest nodes is relatively safer from attack than a network with a low percentage of honest nodes. No one entity or collaborative group processes more than 50% of the public blockchain network at any time due to its decentralized nature. It takes only one honest node to choose a valid chain and to deter attackers from overcoming the hash rate of the entire network. A smaller network is easier to attack successfully than a larger one if additional countermeasures are not built into the system.
A smaller network is easier to attack successfully than a larger one if additional countermeasures are not built into the system.
Practice Exam Questions Cryptoasset and Blockchain The technique of using blockchain analytics to determine whether a Bitcoin address is part of a larger wallet is called: Address clustering Address hashing Interaction monitoring Wallet searching
Address clustering The technique of using blockchain analytics to determine whether a Bitcoin address is part of a larger wallet is called address clustering. Address clustering involves analyzing the transaction graph and identifying clusters of addresses that are likely to be controlled by the same entity. This technique is used to gain insights into the behavior of entities that use cryptocurrencies, such as identifying money laundering or terrorist financing activities. By clustering addresses, it is possible to identify patterns of behavior that may be indicative of illicit activity. Address clustering can also be used to improve the accuracy of anti-money laundering (AML) risk scoring by identifying commonly used addresses. Therefore, the statement "Address clustering" is the technique of using blockchain analytics to determine whether a Bitcoin address is part of a larger wallet.
Practice Exam Questions Cryptoasset and Blockchain What is the goal of address clustering? Grouping together addresses with small unspent amounts of cryptocurrency post-transaction. Detecting commonly used addresses for the purpose of AML risk scoring. Aggregating addresses into groups that include addresses connected to one entity. Analyzing a purchase of multiple virtual assets from the same IP address
Aggregating addresses into groups that include addresses connected to one entity. The goal of address clustering is to aggregate addresses into groups that include addresses connected to one entity. Address clustering involves analyzing the transaction graph and identifying clusters of addresses that are likely to be controlled by the same entity. The purpose of address clustering is to gain insights into the behavior of entities that use cryptocurrencies, such as identifying money laundering or terrorist financing activities. By clustering addresses, it is possible to identify patterns of behavior that may be indicative of illicit activity. Address clustering can also be used to improve the accuracy of anti-money laundering (AML) risk scoring by identifying commonly used addresses. Therefore, the statement "Aggregating addresses into groups that include addresses connected to one entity" is the goal of address clustering.
Practice Exam Questions Cryptoasset and Blockchain In blockchain technology, consensus mechanisms are best described as: A validation method for transactions between two wallets. Computers that participate in the competition to solve puzzles. Nodes in a blockchain network that delegate holdings another node. Algorithms that help blockchains synchronize data and remain secure.
Algorithms that help blockchains synchronize data and remain secure. Consensus mechanisms in blockchain technology are best described as algorithms that help blockchains synchronize data and remain secure12345. Consensus mechanisms are used to achieve distributed agreement about the state of the blockchain ledger. They are implemented in a network with many processes and users, and they help ensure that all nodes in the network have the same copy of the ledger. Consensus mechanisms are used to validate transactions, prevent double-spending, and maintain the security and integrity of the blockchain. There are several types of consensus mechanisms, including proof-of-work, proof-of-stake, and delegated proof-of-stake. Each mechanism has its own advantages and disadvantages, and the choice of mechanism depends on the specific needs of the blockchain network. Therefore, the statement "Algorithms that help blockchains synchronize data and remain secure" best describes consensus mechanisms in blockchain technology.
Practice Exam Questions Cryptoasset and Blockchain Which is true about a transaction by a decentralized Bitcoin cryptocurrency mixer? All transactions are manually mixed. All transactions are transmitted privately by default. All transactions are conducted jointly between the participants. All transaction participants are considered to be trusted.
All transactions are conducted jointly between the participants. It is true that all transactions by a decentralized Bitcoin cryptocurrency mixer are conducted jointly between the participants. Decentralized mixers employ protocols such as CoinJoin to fully obscure transactions via either a coordinated or peer-to-peer method. Basically, a decentralized mixer is a place of meeting for bitcoin users, instead of taking bitcoins for mixing. Users arrange mixing by themselves. This model solves the problem of stealing. In a decentralized mixer, all transaction participants are considered to be trusted, as they are all working together to mix their coins and achieve greater privacy. However, it is not true that all transactions by a decentralized Bitcoin cryptocurrency mixer are manually mixed or transmitted privately by default. Decentralized mixers use protocols to mix transactions, and the level of privacy achieved depends on the specific protocol used. Therefore, the statement "All transactions are conducted jointly between the participants" is true about a transaction by a decentralized Bitcoin cryptocurrency mixer.
A bank with a moderate risk appetite wants to launch a high-risk product that allows businesses to accept cryptocurrency as payment. Which statement best represents a risk-based approach for this bank? Do not allow the product to be launched because the financial crime risk is too high. Allow the product to be launched globally and rely on transaction monitoring to mitigate risk. Allow the product to be launched but only for low-risk countries and customers. Allow the product to be launched but not for high-risk countries and customers.
Allow the product to be launched but not for high-risk countries and customers. A risk-based approach for the bank, considering its moderate risk appetite, would be to allow the product to be launched but not for high-risk countries and customers. A risk-based approach involves identifying, assessing, and understanding the money laundering and terrorist financing risks to which the bank is exposed and taking appropriate mitigation measures in accordance with the level of risk. By launching the high-risk product only for low-risk countries and customers, the bank can manage and mitigate the potential risks associated with accepting cryptocurrency as payment. This approach aligns with the bank's risk appetite and allows for a more targeted and controlled implementation of the product, reducing the overall exposure to higher-risk jurisdictions and customers. It demonstrates a proactive approach to risk management while still enabling the bank to explore new business opportunities.
Which cryptoasset exchange poses the greatest risk of money laundering? A cryptoasset exchange with publicly traded shares An individual peer-to-peer exchanger who accepts cash for cryptoassets A centralized cryptoasset exchange, registered as a money service business A cryptoasset automated teller machine (ATM) that requires KYC
An individual peer-to-peer exchanger who accepts cash for cryptoassets Among the options provided, the cryptoasset exchange that poses the greatest risk of money laundering is an individual peer-to-peer exchanger who accepts cash for cryptoassets. Peer-to-peer exchanges that operate outside of regulated platforms and accept cash payments can be more susceptible to money laundering activities due to the lack of proper Know Your Customer (KYC) and Anti-Money Laundering (AML) procedures. These exchanges may not have the necessary controls in place to verify the source of funds or conduct proper due diligence on their customers, making it easier for illicit actors to convert their cash into cryptoassets without detection. Additionally, the anonymity and decentralized nature of peer-to-peer exchanges can further facilitate money laundering activities. It is important to note that while other types of cryptoasset exchanges, such as centralized exchanges registered as money service businesses, may also pose money laundering risks, the individual peer-to-peer exchanger accepting cash is considered to have a higher risk profile in this context.
What is an altcoin? Any cryptocurrency that is not Bitcoin Currency that has been digitized Any virtual asset used an alternative payment method Any cryptocurrency that is not backed by real-world value
Any cryptocurrency that is not Bitcoin
Practice Exam Questions Cryptoasset and Blockchain Which is true of Bitcoin (BTC) transactions? BTCs cannot be spent without possessing the private key. BTCs cannot be reversed, canceled, or charged back. BTCs cannot be validated through blockchains. BTCs cannot be divided into much smaller units.
BTCs cannot be reversed, canceled, or charged back. It is true that BTCs cannot be reversed, canceled, or charged back. Once a Bitcoin transaction is confirmed and added to the blockchain, it cannot be reversed or canceled. This is because the blockchain is a decentralized and distributed ledger that is maintained by a network of nodes. Each node in the network maintains a copy of the blockchain, and any attempt to modify the blockchain would require the consensus of the majority of nodes. Therefore, it is virtually impossible to reverse or cancel a Bitcoin transaction once it has been confirmed and added to the blockchain. It is also true that BTCs cannot be spent without possessing the private key, and that BTCs can be divided into much smaller units, with the smallest unit being equal to 0.000000001 BTC, also known as a satoshi. However, it is not true that BTCs cannot be validated through blockchains, as Bitcoin transactions are cryptographically confirmed by network nodes and registered in a decentralized distributed ledger known as a blockchain. Therefore, the statement "BTCs cannot be reversed, canceled, or charged back" is true of Bitcoin transactions.
If financial institutions continue to become more involved in cryptoasset markets, which two aspects of the business are most likely to be affected in unexpected ways? Net interest income and earnings Mergers and acquisitions Balance sheets and liquidity Short- and long-term investment strategies
Balance sheets and liquidity If financial institutions continue to become more involved in cryptoasset markets, the two aspects of the business that are most likely to be affected in unexpected ways are balance sheets and liquidity. As financial institutions become more involved in cryptoasset markets, they may face increased risks associated with the lack of transparency and traceability of virtual assets. The prevalence of more complex investment strategies, including through derivatives and other leveraged products that reference crypto assets, has also increased. This could affect their balance sheets and liquidity in unexpected ways, as cryptoasset markets are highly volatile and prone to sudden price swings. The risks associated with cryptoassets can also increase the potential for liquidity mismatches, credit and operational risks, and concentration risk of trading platforms. Financial institutions must be aware of these risks and implement effective risk management strategies to mitigate them
Why is the Bitcoin network and its native cryptocurrency, Bitcoin, significant in the history of cryptoassets? Bitcoin is considered to be the first decentralized cryptocurrency. The Bitcoin network was the first approved blockchain. Bitcoin was the first form of electronic money. Regulators prefer Bitcoin to other assets.
Bitcoin is considered to be the first decentralized cryptocurrency. The reason why the Bitcoin network and its native cryptocurrency, Bitcoin, are significant in the history of cryptoassets is that Bitcoin is considered to be the first decentralized cryptocurrency. Bitcoin was created in 2009 by an unknown person or group of people using the pseudonym Satoshi Nakamoto. It was the first cryptocurrency to use a decentralized blockchain network, which allows users to transact directly with each other without intermediaries. Bitcoin's decentralized nature makes it resistant to censorship and government control, and it has become a popular alternative to traditional fiat currencies. Bitcoin's success has also paved the way for the development of other cryptocurrencies and blockchain-based applications. Therefore, the statement "Bitcoin is considered to be the first decentralized cryptocurrency" best describes why the Bitcoin network and its native cryptocurrency, Bitcoin, are significant in the history of cryptoassets.
Which is a de-anonymizing technology that can help lower money laundering risk? The Onion Router (Tor) Decentralized finance protocols Mixing-enabled wallets Blockchain analytical tools
Blockchain analytical tools A de-anonymizing technology that can help lower money laundering risk is blockchain analytical tools. Blockchain analytical tools are designed to analyze and trace transactions on the blockchain, providing insights into the flow of funds and identifying suspicious or illicit activities. These tools can analyze the blockchain's transparent nature to track the movement of cryptocurrencies and identify patterns or connections that may indicate money laundering or other financial crimes. By using blockchain analytical tools, authorities and compliance professionals can gain visibility into the blockchain and enhance their ability to detect and prevent money laundering activities. These tools play a crucial role in improving the transparency and accountability of cryptocurrency transactions, reducing the risk of money laundering and illicit activities in the crypto space.
Which activity is unique to investigators at cryptoasset firms in comparison to investigators at non-cryptoasset firms? Cross-border investigations Blockchain forensics Multi-source data synthesis Digital transaction analysis
Blockchain forensics
How are central bank digital currencies (CBDCs) different from stablecoins? CBDCs use blockchain technology. CBDCs hold legal tender status. Stablecoins use more modern technology. Stablecoins are issued by the central monetary authority.
CBDCs hold legal tender status. CBDCs hold legal tender status, while stablecoins are tied to some other value.
Practice Exam Questions Cryptoasset and Blockchain Which financial institution or organization would bear the liability of offering sovereign cryptocurrencies to the public? Commercial bank Decentralized autonomous organization Cryptoasset exchange Central bank
Central bank The financial institution or organization that would bear the liability of offering sovereign cryptocurrencies to the public is the central bank12345. Sovereign cryptocurrencies are digital currencies issued by a government or central bank and are backed by the full faith and credit of the issuing authority. As such, the central bank would be responsible for ensuring the stability and security of the sovereign cryptocurrency, as well as managing its supply and demand. Commercial banks, decentralized autonomous organizations, and cryptoasset exchanges may play a role in the distribution and exchange of sovereign cryptocurrencies, but the central bank would ultimately bear the liability for the currency. Therefore, the statement "Central bank" is the financial institution or organization that would bear the liability of offering sovereign cryptocurrencies to the public.
What is the most crucial step mixers and tumblers perform to hide the origin of funds? Add cryptocurrencies from various blockchains together. Allow users to choose which other users can use the same mixer. Change the amounts of the tumbled funds from the initial amount that was sent. Send funds from a new address not easily linked to the original address.
Change the amounts of the tumbled funds from the initial amount that was sent. The most crucial step mixers and tumblers perform to hide the origin of funds is to change the amounts of the tumbled funds from the initial amount that was sent. Mixers and tumblers are services that mix potentially identifiable or "tainted" cryptocurrency funds with others to obscure the transaction trail and make it difficult to trace the origin of the funds. By changing the amounts of the tumbled funds from the initial amount that was sent, mixers and tumblers make it difficult to link the original transaction to the final destination. This step is crucial in ensuring that the funds are not traceable and that the privacy of the users is protected. Therefore, the statement "Change the amounts of the tumbled funds from the initial amount that was sent" best describes the most crucial step mixers and tumblers perform to hide the origin of funds.
Practice Exam Questions Cryptoasset and Blockchain What heuristic should be used to cluster the input addresses in a Bitcoin transaction with many input addresses and one recipient address? Change Common spend Merkle tree Input/output
Common spend The heuristic that should be used to cluster the input addresses in a Bitcoin transaction with many input addresses and one recipient address is based on the multiple input addresses of transactions. This heuristic involves linking together all the input addresses of one transaction to identify which addresses are controlled by the same entity. By analyzing the transaction graph, it is possible to identify clusters of addresses that are likely to be controlled by the same entity. This heuristic is widely used because it is relatively simple and effective. Other heuristics that have been proposed include change clustering, common spend clustering, and Merkle tree clustering. Change clustering involves identifying change addresses that are used to return unspent funds to the sender. Common spend clustering involves identifying addresses that are used in the same transaction as the input addresses. Merkle tree clustering involves analyzing the Merkle tree structure of the transaction to identify clusters of addresses.
Which factor is most impactful to a virtual asset service provider's risk appetite? Age of business Employee count Company policy Corporate branding
Company policy
Which factor is most impactful to a virtual asset service provider's risk appetite? Age of business Employee count Company policy Corporate branding
Company policy Based on the available search results, the factor that is most impactful to a virtual asset service provider's risk appetite is company policy. A virtual asset service provider's risk appetite is determined by its internal policies and guidelines regarding risk management and compliance. These policies outline the level of risk the company is willing to accept and the measures it will take to mitigate those risks. Company policies play a crucial role in shaping the risk culture and approach of the virtual asset service provider, including its risk tolerance, risk assessment methodologies, and risk mitigation strategies. The policies guide the decision-making process and help establish a framework for managing risks associated with virtual assets and virtual asset service provision. Therefore, company policy is the most influential factor in determining a virtual asset service provider's risk appetite.
Practice Exam Questions Cryptoasset and Blockchain Which is a disadvantage of using an unspent transaction output ledger model as the basis of a virtual asset? Complexity of computation Privacy of transactions Length of computation Automaticity of swaps
Complexity of computation A disadvantage of using an unspent transaction output (UTXO) ledger model as the basis of a virtual asset is the complexity of computation. The UTXO model is a data structure used by Bitcoin and other cryptocurrencies to keep track of unspent transaction outputs. Each UTXO represents a specific amount of cryptocurrency that can be spent by the owner of the private key associated with the UTXO. The UTXO model is considered to be more secure and requires less storage compared to the account/balance model used by traditional financial systems. However, the UTXO model is more complex to compute because it requires the verification of all previous transactions that have contributed to the UTXO. This can make it more difficult to scale the system and can result in longer transaction times. Additionally, the UTXO model can make it more difficult to maintain privacy of transactions because each UTXO is associated with a specific address and can be traced back to the original transaction. Therefore, the statement "Complexity of computation" is a disadvantage of using an unspent transaction output ledger model as the basis of a virtual asset.
Practice Exam Questions Cryptoasset and Blockchain Which are the most critical risk factors relating to a decentralized finance project or smart contract? (Select Three.) Concentration of governance tokens Inexperience in licensing Insufficient capital Existence of admin keys Located in multiple jurisdictions Pseudonymity
Concentration of governance tokens Existence of admin keys Pseudonymity The most critical risk factors relating to a decentralized finance project or smart contract are concentration of governance tokens, existence of admin keys, and smart contract failures12345. Decentralized finance (DeFi) projects and smart contracts are designed to operate without intermediaries, which can introduce new risks and vulnerabilities. Concentration of governance tokens can lead to centralization of control and decision-making power, which can be exploited by bad actors. The existence of admin keys can also pose a risk, as they can be used to modify or delete smart contracts, potentially leading to the loss of funds. Smart contract failures can also be a critical risk factor, as they can result in the loss of funds or other unintended consequences. Other risk factors that should be considered include insufficient capital, inexperience in licensing, and pseudonymity. Therefore, the statements "Concentration of governance tokens", "Existence of admin keys", and "Smart contract failures" are the most critical risk factors relating to a decentralized finance project or smart contract.
Which of the following is an example of tax avoidance? Using illegal practices to avoid paying a tax liability Not declaring taxable income on your tax return Hiding taxable assets from the authorities Contributing to a retirement account with pre-tax salary
Contributing to a retirement account with pre-tax salary The best response is "Contributing to a retirement account with pre-tax salary." A modern day, common example of tax avoidance is contributing to a retirement account with pre-tax salary. Tax "evasion" is the use of illegal practices to avoid paying a tax liability. This could include not declaring taxable income or hiding taxable assets from the authorities. Tax evasion is illegal and those caught are generally subject to criminal charges and substantial penalties.
Which is a known financial crime risk factor associated with cryptoassets? Stability Convertibility Credibility Traceability
Convertibility
Which factors are red flags for a known crypto-related typology? (Select Two.) Crypto used is cashed out at an exchange providing access to privacy coins. The customer involved is a corporate trading in crypto. Traded Bitcoin is associated with ransomware. Trade involves fiat currency above US$10,000. The customer was onboarded within the last 24 months.
Crypto used is cashed out at an exchange providing access to privacy coins. Traded Bitcoin is associated with ransomware.
Privacy-centered cryptoassets are best described as: Cryptoassets that delete information about a transaction after 24 hours Cryptoassets that show no information about the sender, receiver, or amounts Cryptoasset transactions that do not show the sender's name Cryptoassets that use letters and numbers for addresses, but can still be tracked
Cryptoassets that show no information about the sender, receiver, or amounts. Privacy-centered cryptoassets are best described as cryptoassets that show no information about the sender, receiver, or amounts. These cryptoassets are designed to provide a high level of privacy and anonymity to users, making it difficult to trace transactions back to specific individuals. Privacy-centered cryptoassets use various techniques such as encryption, coin mixing, and zero-knowledge proofs to hide transaction details and protect user privacy. However, it is important to note that not all cryptoassets provide the same level of privacy, and some may have different privacy features. Therefore, the statement "Cryptoassets that show no information about the sender, receiver, or amounts" best describes privacy-centered cryptoassets.
A bank was fined just under US $1.2 billion in 2012 for willfully failing to maintain an effective AML program. One consequence has been negative media coverage, including articles and documentaries. Regarding this negative media coverage specifically, which is the most significant reputational risk outcome? Staffing the bank could be difficult, as professionals may not want to join a troubled institution. Customers and investors may leave the bank, and new customers and investors might be wary of involving themselves with the bank. The bank could permanently lose its charter and ability to operate in certain jurisdictions. The bank could become insolvent and need to declare bankruptcy.
Customers and investors may leave the bank, and new customers and investors might be wary of involving themselves with the bank.
What do decentralized applications (dApps) and decentralized autonomous organizations (DAOs) have in common? Designed to run autonomously Exclusive to the Ethereum network Fully anonymous Built-in treasury
Designed to run autonomously. Both dApps and DAOs are developed using smart contracts designed to allow them to run autonomously.
Practice Exam Questions Cryptoasset and Blockchain Which functions fall under the current definition of a virtual asset service provider? (Select Two.) Creating virtual currency or securities tokens Issuing non-fungible tokens Using central bank digital currencies Facilitating transactions via a business between virtual asset and fiat currencies Conducting exchanges between one or more forms of virtual asset
Facilitating transactions via a business between virtual asset and fiat currencies. Conducting exchanges between one or more forms of virtual asset. The two functions that fall under the current definition of a virtual asset service provider are facilitating transactions via a business between virtual asset and fiat currencies and conducting exchanges between one or more forms of virtual asset. Virtual asset service providers (VASPs) are organizations or individuals that conduct activities related to the exchange, transfer, or administration of virtual assets. The Financial Action Task Force (FATF) has defined VASPs as entities that provide the following services: (1) exchanging virtual assets for fiat currencies, (2) exchanging one form of virtual asset for another, (3) transferring virtual assets, and (4) safekeeping or administering virtual assets or instruments that enable control over virtual assets. Therefore, the statement "Facilitating transactions via a business between virtual asset and fiat currencies" and "Conducting exchanges between one or more forms of virtual asset" are the two functions that fall under the current definition of a virtual asset service provider.
What are the three lines of defense for managing AML risk for virtual asset service providers? (Select Three.) Customer unit Supervisory authority Compliance unit Board of directors Internal audit Front line unit
Front line unit Compliance unit Internal audit
An initial coin offering (ICO) of utility tokens provides which incentive to investors? Voting rights in the project Fixed investment terms, meaning no loss of funds Future redemption for products or services A guaranteed profit
Future redemption for products or services Utility tokens allow speculators to redeem the token for the company's products or services in the future.
Practice Exam Questions Cryptoasset and Blockchain An analyst is reviewing an Ethereum (ETH) address and observes an approval transaction. Which activity did the user of the ETH address most likely complete? Swapped one ETH token for another Minted a non-fungible token Transferred an amount of ETH to a counterparty Gave permission for a contract to access the balance
Gave permission for a contract to access the balance. If an analyst is reviewing an Ethereum (ETH) address and observes an approval transaction, the user of the ETH address most likely gave permission for a contract to access the balance. Approval transactions are used to give permission for a smart contract to access and spend a user's tokens. This is necessary because smart contracts cannot access a user's tokens without explicit permission. When a user approves a smart contract, they are giving the contract permission to spend a specific amount of tokens from their balance. This is a common activity in decentralized finance (DeFi) applications, where smart contracts are used to automate financial transactions. Therefore, the statement "Gave permission for a contract to access the balance" is the activity that the user of the ETH address most likely completed.
Risks relevant to the originator of a transaction and the beneficiary of funds that are linked to a high-risk jurisdiction are known as: Anonymity risks Geographical risks Transactional risks Source of funds risks
Geographical risks Risks relevant to the originator of a transaction and the beneficiary of funds that are linked to a high-risk jurisdiction are known as geographical risks. Geographical risks are a type of money laundering and terrorist financing risk that arise from the location of the parties involved in a transaction. Transactions involving high-risk jurisdictions, such as those with weak AML/CFT controls or a high incidence of financial crime, are more likely to be associated with money laundering and terrorist financing activities. Geographical risks can be mitigated through enhanced due diligence measures, such as identifying the source of funds and verifying the identity of the parties involved in the transaction. Failure to manage geographical risks can result in regulatory and reputational consequences for financial institutions, including fines, sanctions, and loss of business.
Practice Exam Questions Cryptoasset and Blockchain Which type of virtual asset storage is considered most secure? Paper wallet Hardware wallet Hot wallet Mobile wallet
Hardware wallet Hardware wallets are considered the most secure type of virtual asset storage. Hardware wallets are physical devices that store a user's private keys and allow them to interact with the blockchain. They are designed to be resistant to hacking and malware attacks, and they are typically not connected to the internet, which makes them less vulnerable to online threats. Hardware wallets are considered to be the most secure type of virtual asset storage because they provide an additional layer of security beyond software-based wallets, such as mobile wallets and hot wallets. Paper wallets are also considered secure, but they are more prone to user error and are less user-friendly than hardware wallets. Therefore, the statement "Hardware wallet" is the type of virtual asset storage that is considered most secure.
A pseudonymous cryptocurrency has which characteristic? Individuals and entities can be tracked. Identities of users cannot be revealed. Blockchain patterns are hidden. Transactions remain untraceable.
Identities of users cannot be revealed. A pseudonymous cryptocurrency has the characteristic that the identities of users cannot be revealed. Pseudonymity is a form of anonymity where users are identified by a pseudonym or username instead of their real name. In a pseudonymous cryptocurrency, users can transact without revealing their real identity, but their transactions can still be traced on the blockchain. While the blockchain patterns are not hidden, the identities of the users remain anonymous. However, it is important to note that pseudonymity does not guarantee complete anonymity, as blockchain analysis techniques can be used to link transactions to specific users. Therefore, the statement "Identities of users cannot be revealed" best describes the characteristic of a pseudonymous cryptocurrency.
Practice Exam Questions Cryptoasset and Blockchain When would using a send as opposed to a transfer function in a smart contract create vulnerability? If the external address is a smart contract Using a transfer function could create a vulnerability, but not using send If a fallback function in the destination smart contract is not triggered When sending Ethereum-based cryptocurrencies between wallets
If the external address is a smart contract Use Transfer function if the External address is a smart contract. It is safer. Using a transfer function in a smart contract instead of a send function could create vulnerability if the external address is a smart contract and the fallback function in the destination smart contract is not triggered. The transfer function is a built-in function in Solidity, the programming language used to write smart contracts on the Ethereum blockchain. It is used to transfer Ether or other Ethereum-based cryptocurrencies between wallets or smart contracts. The transfer function is considered to be safer than the send function because it limits the amount of gas that can be used in the transaction and reverts the transaction if it fails. However, if the external address is a smart contract and the fallback function in the destination smart contract is not triggered, using the transfer function could create a vulnerability known as a reentrancy attack. This vulnerability allows an attacker to repeatedly call a function in the smart contract before the previous call has completed, potentially allowing them to drain the contract's funds.
What is the main benefit of joining a mining pool? Increased likelihood of earning a reward Reduced electricity consumption Increased reward profit Knowledge gained from other members
Increased likelihood of earning a reward The main benefit of joining a mining pool is the increased likelihood of earning a reward. Mining pools are groups of individual miners who work together to mine cryptocurrency and share the rewards. By joining a mining pool, miners can combine their computing power and increase their chances of solving the complex mathematical problems required to mine cryptocurrency and earn a reward. Mining pools also provide a more stable income stream for miners, as they can earn a portion of the reward even if they do not solve the problem themselves. Additionally, mining pools can offer other benefits such as reduced electricity consumption and increased reward profit. Therefore, the statement "Increased likelihood of earning a reward" is the main benefit of joining a mining pool.
What key benefit does cryptoasset tracing provide to investigators? Cases can always be solved using tracing methods. Tracing reveals the identity of bad actors through the blockchain memo field. Tracing is a way to avoid cross-border law enforcement cooperation. Investigators can use tracing to follow and identify patterns in the flow of funds.
Investigators can use tracing to follow and identify patterns in the flow of funds. The key benefit that cryptoasset tracing provides to investigators is the ability to follow and identify patterns in the flow of funds12345. Cryptoasset tracing involves analyzing the blockchain to track the movement of funds and identify the parties involved in a transaction. Investigators can use tracing to identify the source and destination of funds, as well as the parties involved in the transaction. This information can be used to identify patterns in the flow of funds and to track down bad actors involved in criminal activities such as money laundering, fraud, and other financial crimes. Therefore, the statement "Investigators can use tracing to follow and identify patterns in the flow of funds" best describes the key benefit that cryptoasset tracing provides to investigators.
Practice Exam Questions Cryptoasset and Blockchain To mitigate the risk associated with a protocol designed to automatically execute specific actions, such as a virtual asset transfer between participants, a financial institution: Is prohibited from delegating the implementation of AML obligations to another legal person involved in the platform Is permitted to delegate the implementation of AML obligations to another legal person involved in the platform Is required to document all AML risks associated with smart contract implementation Is permitted to ignore the risk because risk mitigation is not required as it is only a best practice as identified in the Federal Financial Institutions Examination Council (FFIEC) examination manual
Is permitted to delegate the implementation of AML obligations to another legal person involved in the platform.
Which statement accurately describes a hosted wallet? It allows users to transact pseudonymously because there is no KYC. There is no need for a third party to validate transactions. Users control the private keys and therefore the assets. It is controlled by the user and a virtual asset service provider (VASP).
It is controlled by the user and a virtual asset service provider (VASP). A hosted wallet is controlled by the user and a virtual asset service provider (VASP)1234. Hosted wallets are also known as custodial wallets, and they are provided by VASPs that hold their users' private keys for them. In a hosted wallet, the VASP is responsible for securing the user's assets and validating transactions on their behalf. Hosted wallets are different from non-hosted wallets, where users control their private keys and have full control over their assets. Hosted wallets are often used by beginners or users who prefer to have a third party manage their assets. Therefore, the statement "It is controlled by the user and a virtual asset service provider (VASP)" accurately describes a hosted wallet.
Which statement about coin tracing is correct? It is possible to trace cryptocurrency transactions past exchanges using paid blockchain software analytic tools. It is possible to track all transaction history of any cryptocurrency transaction. It is impossible to track cryptocurrency transactions. It is possible to track cryptocurrency transactions until the funds enter the first centralized entity.
It is possible to trace cryptocurrency transactions past exchanges using paid blockchain software analytic tools. The statement about coin tracing that is correct is that it is possible to trace cryptocurrency transactions past exchanges using paid blockchain software analytic tools. Cryptocurrency transactions are recorded on a public ledger called the blockchain, which allows anyone to view the transaction history of a particular cryptocurrency address. While cryptocurrency transactions are not completely anonymous, they can be difficult to trace without the use of specialized tools. Paid blockchain software analytic tools can be used to trace cryptocurrency transactions past exchanges and identify the parties involved in a transaction. However, it is important to note that not all cryptocurrency transactions can be traced, as some cryptocurrencies are designed to be more private and anonymous than others. Therefore, the statement "It is possible to trace cryptocurrency transactions past exchanges using paid blockchain software analytic tools" is the correct statement about coin tracing. Section Title Post-assessment Current Score: Score required to pass 80.00% 80% Section Weight 100% Congratulations! You passed the assessment. You must move to the next page to record your score.
Which feature is true of cryptoasset trading? It operates 24 hours a day, 7 days a week. It offers sufficient protection to market participants from insider trading. Traders need to understand the local legislation very well before they trade. Fluctuation in cryptoasset value is usually very mild.
It operates 24 hours a day, 7 days a week. The feature that is true of cryptoasset trading is that it operates 24 hours a day, 7 days a week. Cryptoasset trading is not limited by geographical boundaries or time zones, and it can be done at any time of the day or night. This is because the cryptocurrency market is decentralized and operates on a global scale. However, traders need to understand the local legislation very well before they trade, as different countries have different regulations regarding cryptoasset trading. Fluctuation in cryptoasset value is usually very mild, and it can be highly volatile, with prices fluctuating rapidly in response to market conditions. Therefore, the statement "It operates 24 hours a day, 7 days a week" accurately describes the feature that is true of cryptoasset trading.
How does the Lightning Network operate? It uses privacy features for larger transactions to be conducted between pairs of users on the blockchain. It uses smart contracts to establish off-blockchain payment channels between pairs of users. Once these payment channels are established, funds can be transferred between them almost instantly. It is a two-party transaction channel for making or receiving payments from multiple recipients. Layer 2 enhances the decentralized security paradigm of the blockchain mainnet (layer 1). It is designed to make Bitcoin transactions faster and more accurate. It is part of a newer class of crypto technologies known as "triple-layered" blockchains with slightly higher fees.
It uses smart contracts to establish off-blockchain payment channels between pairs of users. Once these payment channels are established, funds can be transferred between them almost instantly. The Lightning Network operates by using smart contracts to establish off-blockchain payment channels between pairs of users. The Lightning Network is a layer 2 solution built on top of the Bitcoin blockchain (layer 1) that is designed to make Bitcoin transactions faster and more accurate. It is a network of bidirectional payment channels between two nodes that combined create smart contracts. Normal use of the Lightning Network consists of opening a payment channel by committing a funding transaction to the relevant base blockchain (layer 1), followed by making any number of Lightning Network transactions that update the tentative distribution of the channel's funds without broadcasting to the blockchain. Once these payment channels are established, funds can be transferred between them almost instantly. The Lightning Network is a two-party transaction channel for making or receiving payments from each other. It is a technological solution intended to solve the problem of transaction speed on the Bitcoin blockchain. The Lightning Network is not designed to use privacy features for larger transactions to be conducted between pairs of users on the blockchain, nor is it part of a newer class of crypto technologies known as "triple-layered" blockchains with slightly higher fees. Therefore, the statement "It uses smart contracts to establish off-blockchain payment channels between pairs of users" is how the Lightning Network operates.
Which is a limitation of a smart contract? Cost savings Transparency Security Legal enforcement
Legal enforcement A limitation of a smart contract is its adaptability. Smart contracts are self-executing contracts with the terms of the agreement between buyer and seller being directly written into lines of code. They are designed to be transparent, secure, and tamper-proof. However, smart contracts are not adaptable to changing circumstances, and any changes to the contract require the mutual consent of the parties involved. This lack of adaptability can be a significant limitation in situations where the terms of the contract need to be changed due to unforeseen circumstances or changing market conditions. Smart contracts are also limited in their ability to work in imaginary cases, and they have to undergo radical upgrades. Any code should not contain ambiguous language, and it should be clear and concise. Therefore, the statement "Adaptability" is a limitation of a smart contract.
Practice Exam Questions Cryptoasset and Blockchain Data privacy, regulatory, jurisdiction, and dispute resolution risks associated with blockchain are known as: Legal risks. General risks. Security risks. Development risks.
Legal risks. Data privacy, regulatory, jurisdiction, and dispute resolution risks associated with blockchain are known as legal risks. Blockchain technology has introduced new legal risks that need to be addressed by businesses and regulators. These risks include compliance with data protection laws, jurisdictional challenges, privacy and data protection, double spending, and distributed denial-of-service (DDoS) attacks. Blockchain technology is still in its early stages, and there is a lack of clarity around how existing legal frameworks apply to blockchain-based systems. This has led to uncertainty around issues such as dispute resolution, liability, and regulatory compliance. Therefore, the statement "Legal risks" is the term used to describe data privacy, regulatory, jurisdiction, and dispute resolution risks associated with blockchain.
Which description applies to a centralized lending platform? Lower yields for lenders Automatic interest payments to lenders via smart contracts Noncustodial status and no governing entity Loss of lender control of assets
Loss of lender control of assets. Lenders lose control of their assets when they deposit tokens into a custodial wallet at a centralized lending platform.
Practice Exam Questions Cryptoasset and Blockchain Which method is most commonly used to add new stablecoins into circulation? Minting through fiat currency Proof-of-stake validation Proof-of-work validation Quantitative easing
Minting through fiat currency The most commonly used method to add new stablecoins into circulation is minting through fiat currency. Stablecoins are cryptocurrencies that are designed to maintain a stable value relative to other assets, such as fiat currencies or commodities. To achieve this stability, stablecoins are often pegged to a real-world asset, such as the US dollar or gold. When new stablecoins are added to circulation, they are typically minted by the issuer in exchange for fiat currency. This means that the issuer receives fiat currency in exchange for the stablecoins, which are then added to circulation. The fiat currency is held in reserve to ensure that the stablecoins can be redeemed for their pegged value. Therefore, the statement "Minting through fiat currency" is the most commonly used method to add new stablecoins into circulation.
An analyst investigating a transaction monitoring alert notices several larger-than-normal virtual asset deposits into the customer's account with an unknown source of funds, followed by conversion to fiat currency. Which illicit activity does this most likely indicate? Regulatory arbitrage Ransomware payment Kickback payments Money laundering
Money laundering
An analyst investigating a transaction monitoring alert notices several larger-than-normal virtual asset deposits into the customer's account with an unknown source of funds, followed by conversion to fiat currency. Which illicit activity does this most likely indicate? Regulatory arbitrage Ransomware payment Kickback payments Money laundering
Money laundering The illicit activity that is most likely indicated by several larger-than-normal virtual asset deposits into the customer's account with an unknown source of funds, followed by conversion to fiat currency is money laundering. According to the Financial Action Task Force (FATF), transactions involving virtual assets with an unknown source of funds, followed by a conversion to fiat currency, may indicate money laundering activities. The lack of transparency and traceability associated with virtual assets can make them attractive to criminals seeking to launder illicit funds. The conversion of virtual assets into fiat currency can further obscure the origin of the funds and make it more challenging to trace the proceeds of crime. The suspicious activity identified in the transaction monitoring alert highlights the importance of implementing effective anti-money laundering (AML) measures, including customer due diligence, transaction monitoring, and suspicious activity reporting, to detect and prevent money laundering activities in the virtual asset space.
What does the term "non-fungible" mean in regard to non-fungible tokens (NFTs)? NFTs cannot be attributed to an owner, developer, or artist. NFTs have a set value and can be bought or sold for any other digital or real-world asset. NFTs are unique and cannot be exchanged for one another. NFTs cannot be bought or sold without registration on a government-backed blockchain
NFTs are unique and cannot be exchanged for one another. The term "non-fungible" in regard to non-fungible tokens (NFTs) means that they are unique and cannot be exchanged for one another12345. Non-fungible tokens are digital assets that are assigned unique identification codes and metadata that distinguish them from other tokens. Unlike fungible tokens, such as cryptocurrencies, which are interchangeable and have the same value, non-fungible tokens are unique and cannot be replaced with something else. Each NFT is one-of-a-kind and has its own value, which is determined by the market demand for that specific asset. Therefore, the statement "NFTs are unique and cannot be exchanged for one another" best describes the term "non-fungible" in regard to non-fungible tokens (NFTs).
How could non-fungible tokens (NFTs) be vulnerable to financial crime? NFTs can be transferred more easily than physical artwork. Financial Crimes Enforcement Network recordkeeping authorities have a responsibility to collect information on NFT ownership for enhanced due diligence. NFTs purchased using tainted funds can be sold and repurchased by criminals to create seemingly legitimate sales records on the blockchain. NFTs can be created anonymously, by anyone, in any jurisdiction.
NFTs purchased using tainted funds can be sold and repurchased by criminals to create seemingly legitimate sales records on the blockchain.
Practice Exam Questions Cryptoasset and Blockchain Which is a key characteristic of a decentralized application? Download and play No anonymous logins Active censorship No owners
No owners A key characteristic of a decentralized application is that it has no owners. Decentralized applications (dApps) are software programs that run on a peer-to-peer network, such as a blockchain, using smart contracts. They are like normal apps and offer similar functions, but the key difference is that they are not owned or controlled by a single entity. Instead, they are run by a network of users who participate in the validation and verification of transactions. This means that dApps are not subject to the control or censorship of any single entity, and they are often designed to be open-source and transparent. Other key characteristics of dApps include running on a blockchain, having open-source code, and operating autonomously through smart contracts. Therefore, the statement "No owners" is a key characteristic of a decentralized application.
What does the immutability feature of blockchain mean? No person can change the information or remove the data. Users can always change the data and alter information. Businesses can automatically enforce contracts and agreements. The data and information are decentralized.
No person can change the information or remove the data. The statement that is true of the immutability feature of blockchain is that no person can change the information or remove the data. Immutability is a key feature of blockchain technology that ensures that once data is recorded on the blockchain, it cannot be altered or deleted. This is because the blockchain is a decentralized and distributed ledger that is maintained by a network of computers, and each block in the chain contains a cryptographic hash of the previous block, making it impossible to change the data without changing the entire chain. The immutability feature of blockchain provides a high level of security and transparency, making it ideal for applications that require trust and accountability. Therefore, the statement "No person can change the information or remove the data" is the true statement of the immutability feature of blockchain.
Which of the following factors about a cryptocurrency investment firm is considered a red flag? No registration with regulator or financial intelligence unit Claims of high returns on investments Complicated web domain registration details Multiple product whitepapers
No registration with regulator or financial intelligence unit A company that is not registered with a national financial intelligence unit or regulator is a red flag.
What are trusted third-party providers of off-chain data to smart contracts called? Resource compilers Consensus algorithms Data pools Oracles
Oracles Trusted third-party providers of off-chain data to smart contracts are called Oracles. Oracles are third-party services that provide smart contracts with external information. They serve as bridges between blockchains and the outside world. Smart contracts cannot access off-chain data (data that is outside of the network) directly. Oracles provide a way for the decentralized Web3 ecosystem to access existing data sources, legacy systems, and advanced computations. Decentralized oracle networks (DONs) enable the creation of hybrid smart contracts, where on-chain code and off-chain infrastructure are combined to support advanced smart contract ecosystems through this multi-layered decentralization approach, ensuring smart contracts can safely rely on data inputs during their execution. Oracles come in many shapes and sizes, and they require various mechanisms for delivery and different levels of security. Generally, each type of oracle involves some combination of fetching, validating, computing upon, and delivering data to a destination. Therefore, the statement "Oracles" is the answer to the question.
Which internationally recognized guidelines have improved international transparency of cryptoassets through information exchange on offshore assets held with financial institutions? Organization for Economic Co-operation and Development Common Reporting Standards Financial Crimes Enforcement Network currency and monetary instrument reporting Wolfsberg Group payment transparency standards Financial Action Task Force Recommendations
Organization for Economic Co-operation and Development Common Reporting Standards
What is the main difference between asset-backed stablecoins and algorithmic stablecoins? Pegging mechanism Global supply Issuer Volatility
Pegging mechanish Asset-backed stablecoins are pegged to the value of collateral, while algorithmic stablecoins are pegged to an algorithm.
You receive a legitimate-appearing email that says your login credentials were hacked and you need to enter your account username and password to protect your account. Once you enter your information, your account is compromised. Which type of cyber crime is this? Phishing Account takeover (ATO) Investment scam Distributed denial-of-service (DDOS) attack
Phishing Phishing is when cyber criminals send fraudulent emails that appear to come from reputable entities. The emails direct victims to access fraudulent websites and provide information, such as account numbers and passwords. This information is captured by the criminals and sold or used to for ATO.
Practice Exam Questions Cryptoasset and Blockchain Which function is provided by a blockchain oracle? Displaying transactions from Ethereum Showing confirmation times of Ethereum transactions Posting real-time USD/ETH prices Aggregating the number of Ethereum wallets
Posting real-time USD/ETH prices A function provided by a blockchain oracle is posting real-time USD/ETH prices. Blockchain oracles are third-party services that provide smart contracts with external information. They serve as bridges between blockchains and external systems, allowing smart contracts to execute based on real-world inputs and outputs. Oracles give the Web 3.0 ecosystem a method to connect to existing legacy systems, data sources, and advanced calculations. One of the most common use cases for blockchain oracles is to provide real-time price data for cryptocurrencies, such as USD/ETH prices. This allows smart contracts to execute based on the current market price of a cryptocurrency, which can be useful for applications such as decentralized exchanges, prediction markets, and insurance contracts. Therefore, the statement "Posting real-time USD/ETH prices" is a function provided by a blockchain oracle.
Which statement is true about crypto ATMs? Potential user benefits include transaction ease, speed, and privacy. Fraud risks are lower for crypto ATMs. A bank account is required to buy cryptocurrencies from a crypto ATM. Crypto ATMs are required to collect identifying information from customers.
Potential user benefits include transaction ease, speed, and privacy. The promise of crypto ATMs includes easy, fast, and potentially anonymous transactions.
Practice Exam Questions Cryptoasset and Blockchain Which type of wallet is known for allowing reduced transparency as well as the emergence of other virtual asset business models or activities, such as initial coin offerings? Cold Privacy Multisig Hardware
Privacy The type of wallet that is known for allowing reduced transparency as well as the emergence of other virtual asset business models or activities, such as initial coin offerings, is a software wallet. Software wallets are digital wallets that store a user's private keys and allow them to interact with the blockchain. They can be further classified as hot or cold wallets, depending on whether they are connected to the internet or not. Software wallets are known for allowing reduced transparency because they can be used to conduct transactions anonymously. This anonymity can make it difficult to trace the flow of funds and identify the parties involved in a transaction. Additionally, software wallets are often used to participate in initial coin offerings (ICOs) and other virtual asset business models or activities. Therefore, the statement "Software" (Privacy) is the type of wallet that is known for allowing reduced transparency as well as the emergence of other virtual asset business models or activities, such as initial coin offerings.
Which of the following statements is true of the types of blockchains? Private blockchains have lower transaction-per-second rates. Bitcoin is an example of a private blockchain. Public blockchains are permissionless and non-restrictive. Hybrid blockchain is another name for a private blockchain
Public blockchains are permissionless and non-restrictive. The statement that is true of the types of blockchains is that public blockchains are permissionless and non-restrictive. Public blockchains are open to anyone who wants to participate and do not require permission to join. They are decentralized and operate on a global scale, allowing anyone to transact with anyone else without intermediaries. Public blockchains are often used for cryptocurrencies and other applications that require transparency and security. Private blockchains, on the other hand, are permissioned and restrict the people who can participate in the network. They are often used by businesses and organizations that require more control over their data and transactions. Hybrid blockchains are a combination of public and private blockchains and can have varying degrees of permission and restriction. Therefore, the statement "Public blockchains are permissionless and non-restrictive" is the true statement of the types of blockchains.
Which one of the following is an advantage of a decentralized exchange (DEX)? User-friendly and less demanding for technical expertise Ability to hold users' private keys Reduced risk of targeted theft and cybersecurity attacks More sophisticated trading options
Reduced risk of targeted theft and cybersecurity attacks. The decentralized nature of DEXs reduces the risk of targeted theft and cybersecurity attacks.
Which type of risk can result in the loss of a company's standing within the industry or with customers, employees, and the general public when the company's failures within their AML compliance program become public? Regulatory risk Legal risk Operational risk Reputational risk
Reputational risk The type of risk that can result in the loss of a company's standing within the industry or with customers, employees, and the general public when the company's failures within their AML compliance program become public is reputational risk. AML violations and failures can lead to a loss of trust among customers, investors, and the public, damaging a company's reputation and eroding its brand value. Reputational risk can result in a loss of business, revenue, and market share, as customers and investors may choose to take their business elsewhere or avoid the company altogether. Reputational risk is a significant concern for companies, as it can have long-term consequences for their financial performance and stability. It is important for companies to prioritize AML compliance and implement effective AML programs to mitigate reputational risk and maintain the trust of their stakeholders.
A supervisory authority is analyzing a virtual asset service provider's (VASP) AML policies. The VASP engages in transfers to and from unhosted wallets, and its volume of transactions has grown beyond peers' recently, including a spike in suspicious activity reports. Based on Financial Action Task Force guidelines, which would be the expected improvement from the authority? Not verifying customer and beneficiary information unless there is a money laundering suspicion under the reporting threshold. Use an infrastructure standards compliance certificate for procedures related to compliance with travel rule. Allow transfers to or from unhosted wallets if they are among the VASP's blacklisted wallet addresses. Screen by the VASP of its customer's and counterparty's wallet addresses against blacklisted wallet addresses.
Screen by the VASP of its customer's and counterparty's wallet addresses against blacklisted wallet addresses. When analyzing a virtual asset service provider's (VASP) AML policies, the supervisory authority should consider the inherent risks associated with the VASP's activities, including transfers to and from unhosted wallets, and the volume of transactions that have grown beyond peers, including a spike in suspicious activity reports. Based on Financial Action Task Force (FATF) guidelines, the expected improvement from the authority would be to screen by the VASP of its customer's and counterparty's wallet addresses against blacklisted wallet addresses. The lack of transparency and traceability associated with virtual assets can make them attractive to criminals seeking to launder illicit funds. The screening of wallet addresses against blacklisted wallet addresses can help identify and prevent transactions involving illicit funds and reduce the risk of money laundering and terrorist financing activities. The use of infrastructure standards compliance certificates for procedures related to compliance with the travel rule can also be helpful in mitigating AML risks associated with virtual assets.
Which type of transaction is most secure? Lightning Network Split transaction across multiple blockchains Standardized Bitcoin transfer Smart contract
Smart contract
Cybercriminals seek to exploit targets for cryptocurrency crimes by misrepresenting the purpose and performance of: Virtual asset service provider controls Decentralized exchanges Blockchain-based databases Smart contracts
Smart contracts
Practice Exam Questions Cryptoasset and Blockchain How is it possible that vulnerabilities exist in smart contract software? (Choose two) The verification of individuals accessing the platform is not always consistent with global KYC/AML standards. The contract may be edited even after both parties have entered into the smart contract. The initial state of variables inside the contract's code may be alterable. Smart contracts are purposefully constructed with minor flaws.
Smart contracts are purposefully constructed with minor flaws. The initial state of variables inside the contract's code may be alterable.
Which of the following statements is true of the characteristics of cryptoassets? Some use private and public keys, making them resistant to hacking. They make it impossible to trace goods and services back to an individual. They are resistant to government restrictions. They are vulnerable to censorship and government-imposed regulations.
Some use private and public keys, making them resistant to hacking. The statement that is true of the characteristics of cryptoassets is that some use private and public keys, making them resistant to hacking. Private and public keys are a common feature of many cryptocurrencies and are used to secure transactions and protect users' funds. Private keys are used to sign transactions and prove ownership of cryptocurrency addresses, while public keys are used to receive funds. The use of private and public keys makes it difficult for hackers to steal cryptocurrency, as they would need to gain access to the private key to do so. However, it is important to note that not all cryptoassets use private and public keys, and some may have different security features. Therefore, the statement "Some use private and public keys, making them resistant to hacking" is the true statement of the characteristics of cryptoassets.
Which of the following is a sanctions evasion technique that involves removing key identifying information from payment messages? Stripping Concealment Structuring Screening
Stripping Stripping is a sanctions evasion technique that involves removing key identifying information from payment messages.
Which non-governmental body, comprised of global banks, published guidance for building a coherent and competent risk management framework? The Wolfsberg Group The Egmont Group Financial Action Task Force Global Risk Task Force
The Wolfsberg Group The non-governmental body that published guidance for building a coherent and competent risk management framework is The Wolfsberg Group. The Wolfsberg Group is an association of 13 global banks that aims to develop frameworks and guidance for the management of financial crime risks. The group provides guidance on various areas, including Anti-Money Laundering (AML), Anti-Bribery and Corruption (ABC), Counter-Financing of Terrorism, and Know-Your-Customer (KYC). The Wolfsberg Group's guidance is not binding, but it is influential, and other financial institutions and counterparties to major banks are wise to take heed of the updates and adapt their compliance programs accordingly. The Wolfsberg Group also publishes Correspondent Banking Due Diligence Questionnaires (Wolfsberg DDQ) to create a reference for international banking due diligence, which has become an industry standard and serves as a key document to share when onboarding another financial institution for financial services
Practice Exam Questions Cryptoasset and Blockchain A compliance officer is undertaking a risk review of a bank's smart contracts in the lending division. Which circumstances should the compliance officer consider as part of the review? (Select Two.) The margin on the loan agreement is too low. The contracts have no code audit. The contracts were previously managed by the bank's legal department. The contracts are more than six months old. The lending protocol was launched by a publicly known group.
The contracts have no code audit. The lending protocol was launched by a publicly known group. The compliance officer should consider the following two circumstances as part of the risk review of a bank's smart contracts in the lending division: the contracts have no code audit and the lending protocol was launched by a publicly known group. Smart contracts are self-executing contracts with the terms of the agreement between buyer and seller being directly written into lines of code. They are used to automate the execution of contracts and to reduce the need for intermediaries. However, smart contracts can be vulnerable to coding errors, security breaches, and other risks. Therefore, the compliance officer should consider whether the smart contracts have undergone a code audit to ensure that they are secure and free from errors. Additionally, the compliance officer should consider the reputation of the group that launched the lending protocol, as a publicly known group may be more trustworthy and less likely to engage in fraudulent activities. Therefore, the statements "The contracts have no code audit" and "The lending protocol was launched by a publicly known group" are the two circumstances that the compliance officer should consider as part of the risk review of a bank's smart contracts in the lending division.
A medium risk customer registers for an account stating EUR 20,000 yearly net income, EUR 115,000 in total assets, and an average deposit size of EUR 4,000. The customer deposits EUR 5,000 via instant payments, buys virtual assets, and transfers them to an unregulated virtual asset service provider (VASP) within 24 hours. Which red flags are most relevant? (Select Two). The customer recently registered, deposited via an instant payment transfer, and immediately transferred the virtual assets out. The customer's net asset declaration is inconsistent with the yearly net income. The assets have been transferred to a VASP that represents increased risk. The customer immediately bought virtual assets after a deposit of funds. The customer's deposit deviates largely from the customer's profile and initial onboarding statements.
The customer recently registered, deposited via an instant payment transfer, and immediately transferred the virtual assets out. The assets have been transferred to a VASP that represents increased risk.
AML Foundations for Cryptoasset and Blockchain A virtual asset service provider (VASP) receives an alert generated by a customer who runs a shoe store in a rural town. The customer received a wire transfer of US$100,000 and used it to purchase cryptoassets. Which red flags would lead the VASP to file a suspicious activity report? (Select Two.) The majority of the funds were converted and traded in cryptocurrency within 24 hours of the deposit. The deposit amounts are not aligned to the business activity. The reviewed bank statement of the customer shows only deposits for the first three months. The beneficial owner of the shoe store is a foreign national. The location of the business is in a rural area.
The majority of the funds were converted and traded in cryptocurrency within 24 hours of the deposit. The deposit amounts are not aligned to the business activity. The red flags that would lead the VASP to file a suspicious activity report are: "The majority of the funds were converted and traded in cryptocurrency within 24 hours of the deposit" and "The deposit amounts are not aligned to the business activity." The conduct of criminal activity through virtual assets can be detected by reviewing the size and frequency of transactions1. Perpetrators can conceal such activity by using multiple accounts or transactions below reporting thresholds1. The reviewed bank statement of the customer shows only deposits for the first three months, which is another red flag3. The beneficial owner of the shoe store being a foreign national and the location of the business being in a rural area are not necessarily red flags for filing a suspicious activity report1
Which of the following is a feature of terrorist financing? The money raised is strictly used for the terrorist act The money is not necessarily derived from illicit proceeds The ultimate purpose is to disguise the source of money The individuals responsible for raising the funds are always the direct beneficiaries of the laundered funds
The money is not necessarily derived from illicit proceeds. Terrorist financing uses funds for an illegal political purpose, but the money is not necessarily derived from the proceeds of illegal activity. Still, terrorist organizations must launder the funds to conceal the link between the terrorist group and its legitimate funding sources.
An investigator reviews a case of artificial price pumping of artistic non-fungible tokens (NFTs) through wash sales between multiple cryptocurrency addresses and NFT marketplaces. The investigation reveals a single cryptocurrency address common to all sales and credited with exactly 5% of the value of every sale. This common address is most likely: The original NFT artist receiving a royalty payment. A professional services fee for laundering. A transaction fee paid to the blockchain. Automatic sales tax withholding enforced by the NFT marketplace.
The original NFT artist receiving a royalty payment.
Who stores the encrypted private keys with a cloud wallet? The blockchain The service provider The browser service The user
The service provider With a cloud wallet, the service provider stores the encrypted private keys. A cloud wallet is a type of hosted wallet where the user's private keys are stored on a remote server operated by a third-party service provider. The service provider is responsible for securing the user's private keys and validating transactions on their behalf. Cloud wallets are often used by beginners or users who prefer to have a third party manage their assets. However, storing private keys in the cloud can be risky, as it makes them vulnerable to hacking and theft. Therefore, the statement "The service provider" accurately describes who stores the encrypted private keys with a cloud wallet.
Practice Exam Questions Cryptoasset and Blockchain An investigator suspects an individual is selling narcotics on the dark web and receiving payments in cryptoassets via a real-world shell company. Which hypothetical situation would best support the investigator's suspicions? Several other suspects are willing to testify that they saw the suspect purchase cryptocurrency online. The suspect pays down the business's credit card in full every month. The suspect's business account history shows incoming wire transfers from overseas locations known for producing fentanyl. The suspect's business account history shows frequent incoming transfers from cryptoasset exchanges but no evidence of cryptoasset purchases.
The suspect's business account history shows frequent incoming transfers from cryptoasset exchanges but no evidence of cryptoasset purchases. Correct Answer per text. If an investigator suspects an individual is selling narcotics on the dark web and receiving payments in cryptoassets via a real-world shell company, the hypothetical situation that would best support the investigator's suspicions is that the suspect's business account history shows incoming wire transfers from overseas locations known for producing fentanyl. The incoming wire transfers from overseas locations known for producing fentanyl suggest that the suspect is receiving payments from drug sales. The use of cryptoassets and a real-world shell company may be an attempt to conceal the illicit activity. The other hypothetical situations are not directly related to the sale of narcotics on the dark web. Therefore, the statement "The suspect's business account history shows incoming wire transfers from overseas locations known for producing fentanyl" is the hypothetical situation that would best support the investigator's suspicions.
Why might regulators focus on virtual asset service providers (VASPs) rather than decentralized finance (DeFi)? DeFi is lower risk. There are too many intermediaries in DeFi. DeFi is becoming obsolete. There is no central legal entity in DeFi.
There is no central legal entity in DeFi. DeFi typically has no central legal entity to regulate.
Why do criminals divide their total profits into smaller parts? To allow them to withdraw cash from different banks later To avoid the generation of an alert To avoid KYC verification To match the cash-reporting threshold
To avoid the generation of an alert. Criminals divide their profits so their deposits are below the threshold that would trigger an alert.
Which of the following is the primary purpose of money laundering? To make criminally derived property or funds appear to be legitimate To purchase criminal goods or services To safely collect the proceeds of criminal activities To transfer the proceeds from a bank account to a holding company
To make criminally derived property or funds appear to be legitimate. The objective of money laundering is to clean or conceal proceeds originating from criminal activity in order to use them in the legitimate economy.
What is the primary goal of using smart contracts on a blockchain? To increase the security associated with traditional business methods, without compromising on authenticity and credibility To simplify business and trade between both anonymous and identified parties, sometimes without the need for a middleman To improve business between parties using a blockchain, where anonymity is key To allow for last-minute changes to a business contract
To simplify business and trade between both anonymous and identified parties, sometimes without the need for a middleman. The primary goal of using smart contracts on a blockchain is to simplify business and trade between both anonymous and identified parties, sometimes without the need for a middleman. Smart contracts are self-executing contracts with the terms of the agreement between buyer and seller being directly written into lines of code. They are designed to be transparent, secure, and tamper-proof. Smart contracts automate the actions specific to a contract between two parties, removing the need for intermediaries and reducing the time and cost associated with traditional business methods. Smart contracts can be used for many different purposes, such as ensuring transactions between two parties occur, such as the purchase and delivery of goods. They can also be used to automate complex business processes, such as supply chain management, insurance claims processing, and real estate transactions. Therefore, the statement "To simplify business and trade between both anonymous and identified parties, sometimes without the need for a middleman" is the primary goal of using smart contracts on a blockchain.
What is the primary difference between a native cryptocurrency and a token? Tokens cannot be exchanged for real-world currency, whereas native cryptocurrency can. Tokens are built on an existing blockchain, whereas cryptocurrency is native to the blockchain. One is backed by real-world value, whereas the other is not. Tokens cannot be used for investment purposes, whereas cryptocurrency can.
Tokens are built on an existing blockchain, whereas cryptocurrency is native to the blockchain. The primary difference between a native cryptocurrency and a token is that cryptocurrencies are the native asset of a blockchain, whereas tokens are created as part of a platform that is built on an existing blockchain. Cryptocurrencies are designed to be used as a medium of exchange, store of value, or unit of account within their respective blockchain networks. They are native to the blockchain and have their own unique codebase, consensus mechanism, and network. Tokens, on the other hand, are created on top of an existing blockchain and are used to represent assets or utility within a specific platform or ecosystem. They are not native to the blockchain and rely on the underlying blockchain for security and consensus. Therefore, the statement "Cryptocurrencies are the native asset of a blockchain, whereas tokens are created as part of a platform that is built on an existing blockchain" best describes the primary difference between a native cryptocurrency and a token.
Which method of sanctions evasion uses the technique of transshipment? Ownership Trade Travel Payments
Trade Common techniques of trade-related sanctions evasion include the use of shell companies, switching cargo on the open sea (also known as transshipment), and using neutral or non-transparent jurisdictions for transit.
True or False: Some industries are at higher risk for bribery than others, especially those in which commercial success is driven by getting approval, authority, or contracts from government entities. True False
True The statement is "True." Third parties engaged by an organization to assist with contract negotiations, licensing applications, or legal matters also pose a risk that the organization might, unknowingly, be a party to bribery. The only defense to an accusation in this respect is to be able to show that adequate procedures were in place to prevent bribery. When conducting "Know Your Vendor" due diligence, make sure that your organization's anti-bribery policies have been acknowledged.
Per the Financial Action Task Force's Recommendation 10, what is the threshold for occasional transactions for virtual asset service providers? US$3,000 US$1,000 US$5,000 US$10,000
US$1,000
What should you do if you forget your login credentials on an online self-hosted wallet? Use your recovery phrase to recover your wallet. Call the number provided by the service provider. Use your other wallets to recover the lost one. Send an email to the service provider.
Use your recovery phrase to recover your wallet. If you forget your login credentials on an online self-hosted wallet, you should use your recovery phrase to recover your wallet. A recovery phrase, also known as a seed phrase, is a set of words that can be used to recover your wallet in case you forget your login credentials. The recovery phrase is usually provided to you when you create your wallet, and it is important to keep it safe and secure. To recover your wallet, you can enter your recovery phrase into the wallet software or website and follow the instructions to reset your login credentials. It is important to note that if you lose your recovery phrase, you may not be able to recover your wallet and access your funds. Therefore, the statement "Use your recovery phrase to recover your wallet" accurately describes what you should do if you forget your login credentials on an online self-hosted wallet.
Which of the following statements best describes a miner's role in the blockchain operation? Building the reward mechanism for the blockchain they operate on Collecting newly minted coins from a sender Earning block rewards to create new blockchains Validating transactions between senders and receivers
Validating transactions between senders and receivers The statement that best describes a miner's role in the blockchain operation is validating transactions between senders and receivers. Miners are responsible for verifying and validating transactions on the blockchain network. They use their computing power to solve complex mathematical problems that are required to validate transactions and add them to the blockchain. Once a transaction is validated, it is added to the blockchain and becomes a permanent part of the ledger. Miners are incentivized to validate transactions through block rewards, which are newly minted coins that are given to the miner who successfully validates a block of transactions. Therefore, the statement "Validating transactions between senders and receivers" best describes a miner's role in the blockchain operation.
AML Foundations for Cryptoasset and Blockchain Which statement reflects a characteristic of a virtual asset red flag? Virtual asset red flags are typically more readily observable during transaction-specific reviews. Virtual asset red flags do not share traits with red flags involving fiat currency. Virtual asset red flags stem from factual characteristics, behaviors, patterns, and contextual factors. Virtual asset red flags are always considered high risk.
Virtual asset red flags stem from factual characteristics, behaviors, patterns, and contextual factors. The statement that reflects a characteristic of a virtual asset red flag is "Virtual asset red flags stem from factual characteristics, behaviors, patterns, and contextual factors." Virtual asset red flags are warning signs that suggest potential problems or threats, indicating that illegal activity may be taking place. The conduct of criminal activity through virtual assets can be detected by reviewing the size and frequency of transactions. Perpetrators can conceal such activity by using multiple accounts or transactions below reporting thresholds1. Virtual asset red flags are not always considered high risk, but they should be taken seriously and investigated further1245. Virtual asset red flags are typically more readily observable during transaction-specific reviews, and they share some traits with red flags involving fiat currency.
What is the best description of clustering? When funds are sent from one cryptocurrency address to multiple destination addresses, those destination addresses are grouped into a single wallet. Clustering is grouping similar Bitcoin addresses together into one wallet to make analysis easier. Clustering is ignoring the small outputs of transactions to make the big picture analysis more understandable. When more than one cryptocurrency address is used in a transaction input and can reliably and with high probability be grouped into a single owner's wallet.
When more than one cryptocurrency address is used in a transaction input and can reliably and with high probability be grouped into a single owner's wallet. The best description of clustering is when more than one cryptocurrency address is used in a transaction input and can reliably and with high probability be grouped into a single owner's wallet12345. Clustering is a technique used to group together multiple cryptocurrency addresses that are likely to belong to the same owner. This is done by analyzing the transaction inputs and outputs and looking for patterns that suggest that the addresses are controlled by the same entity. Clustering is an important tool for blockchain analysis, as it can help to identify the owners of cryptocurrency addresses and track the flow of funds between them. Therefore, the statement "When more than one cryptocurrency address is used in a transaction input and can reliably and with high probability be grouped into a single owner's wallet" best describes the best description of clustering.
What is the best description of block halving? When new cryptocurrency coin issuance is reduced by half. When block size is reduced by half, and only half as many transactions can be processed in each block. When the price of cryptocurrency is reduced by half. When blockchain is forked into two separate blockchains with different features.
When new cryptocurrency coin issuance is reduced by half. The best description of block halving is when the new cryptocurrency coin issuance is reduced by half12345. Block halving is a built-in feature of some cryptocurrencies, such as Bitcoin, where the reward for mining new blocks is reduced by half after a certain number of blocks have been mined. This means that the number of new coins issued per block is reduced by half, making the cryptocurrency more scarce and valuable over time. Block halving is designed to control the inflation rate of the cryptocurrency and to ensure that the supply of new coins is limited. Therefore, the statement "When new cryptocurrency coin issuance is reduced by half" best describes the best description of block halving.
A bank's AML risk officer is attempting to determine the inherent risk of a decentralized autonomous organization's (DAO) governance token. Which is the most important thing to consider for ongoing AML and sanctions risk management? Total number of tokens in circulation Whether the token is built on an anonymous or pseudonymous blockchain DAO voting rights attached to each token Proportion of tokens held by founders and the development team
Whether the token is built on an anonymous or pseudonymous blockchain When determining the inherent risk of a decentralized autonomous organization's (DAO) governance token for ongoing AML and sanctions risk management, the most important thing to consider is whether the token is built on an anonymous or pseudonymous blockchain. The level of anonymity or pseudonymity associated with the blockchain on which the token operates can significantly impact the AML and sanctions risk. Tokens built on anonymous or pseudonymous blockchains make it more challenging to identify the individuals or entities involved in transactions, increasing the risk of money laundering and sanctions violations. The lack of transparency and traceability associated with anonymous or pseudonymous blockchains can facilitate illicit activities and hinder the ability to enforce AML and sanctions regulations. Considering the blockchain's anonymity or pseudonymity is crucial for assessing the inherent risk associated with a DAO's governance token. It helps determine the level of scrutiny and due diligence required to mitigate potential AML and sanctions risks effectively.
Which factor is important to understand the nature of, and to assess the risks posed by, cryptoassets? - Short-term price volatility - Rights of the developers - Control of the ledger - Unintended uses of the crypto asset
- Control of the ledger
An analyst identifies a suspicious transfer of Bitcoin (BTC) and requires the transaction's timestamp and receiving address in order to file a suspicious activity report. How can the analyst best locate this additional information? Select One. - Reach out directly to the customer who initiated the BTC transfer. - Input the transaction hash into a BTC blockchain explorer. - Review the customer's BTC transactions made around the same time. - Compare other customers' BTC transactions of the same value.
- Input the transaction hash into a BTC blockchain explorer. The best way for an analyst to locate the timestamp and receiving address of a suspicious Bitcoin transaction is to input the transaction hash into a Bitcoin blockchain explorer. A transaction hash is a unique identifier for a transaction on the Bitcoin blockchain. By inputting the transaction hash into a blockchain explorer, the analyst can view the complete list of Bitcoin transactions linked to that address, including the timestamp and receiving address of the suspicious transaction. It is not recommended for the analyst to reach out directly to the customer who initiated the BTC transfer, as this could potentially compromise the investigation and alert the customer of the suspicious activity report. Reviewing the customer's BTC transactions made around the same time could potentially provide some insight, but it may not necessarily lead to the specific transaction in question. Comparing other customers' BTC transactions of the same value is also unlikely to be helpful, as the value of a Bitcoin transaction can vary widely and is not necessarily indicative of suspicious activity.
What was the name of the International Consortium of Investigative Journalists' publication from 2016 that contained 214,000 off-shore companies and the identities of ultimate beneficial owners including politically exposed persons of governments of over 40 countries? - Honduras Papers - Nicaragua Papers - Panama Papers - Venezuela Papers
- Panama Papers The name of the International Consortium of Investigative Journalists' publication from 2016 that contained 214,000 offshore companies and the identities of ultimate beneficial owners including politically exposed persons of governments of over 40 countries is the "Panama Papers." The Panama Papers were based on 11.5 million documents from Mossack Fonseca, a Panama-based law firm, and were obtained by two journalists at Süddeutsche Zeitung, Bastian Obermayer and Frederik Obermaier, who shared them with ICIJ. The investigation involved more than 350 reporters from 80 countries and resulted in the resignation of the prime minister of Iceland and a minister in Spain, as well as police raids in Panama and Switzerland.
A compliance officer is integrating an artificial intelligence tool into the firm's transaction monitoring system. Which key item should be incorporated into the accompanying written procedures? The number of daily transactions the artificial intelligence tool will monitor Where the artificial intelligence tool is located The date on which the regulator approved the artificial intelligence tool A description of the models used by the artificial intelligence tool
A description of the models used by the artificial intelligence tool.
An analyst is using a blockchain analytics tool to review the indirect exposure between a customer and an illicit service to determine whether further investigation is required. Which type of activity most likely caused the analyst to make such a determination? Lack of address activity A peel chain Funds received from a regulated exchange Participation in a mining pool
A peel chain
Which entity offers a solution that is decentralized, democratized, and authority-free? A public blockchain A cryptographic signature A private blockchain A decentralized finance
A public blockchain
How do privacy coin transactions primarily remain anonymous within a blockchain, despite having listed public addresses? Privacy coins act as individual mixers. A stealth address is created alongside the public address. The public addresses are only visible on designated blockchains. Specialized privacy coin hardware wallets use masking software.
A stealth address is created alongside the public address.
Which situation presents the highest level of suspicion? An individual receives five large wire transfers, totaling US$3 million, from a virtual asset exchanger which offers tumbling services. The amount received is not consistent with information collected during the KYC process. An individual receives a US$2 million transfer from a virtual asset service provider following a real estate sale to a foreigner who paid in stablecoins, which appears consistent with information collected during KYC. A large company receives 10 wire transfers from clients running businesses in the same sector. One of the senders is in a high-risk jurisdiction, but there is no negative information about it. An individual receives 102 wire transfers in small amounts, totaling US$100,000, from different senders. The funds are transferred to a charity organization in the same jurisdiction and are subject to external auditor review.
An individual receives 102 wire transfers in small amounts, totaling US$100,000, from different senders. The funds are transferred to a charity organization in the same jurisdiction and are subject to external auditor review.
Which situation presents the highest level of suspicion? An individual receives five large wire transfers, totaling US$3 million, from a virtual asset exchanger which offers tumbling services. The amount received is not consistent with information collected during the KYC process. An individual receives a US$2 million transfer from a virtual asset service provider following a real estate sale to a foreigner who paid in stablecoins, which appears consistent with information collected during KYC. A large company receives 10 wire transfers from clients running businesses in the same sector. One of the senders is in a high-risk jurisdiction, but there is no negative information about it. An individual receives 102 wire transfers in small amounts, totaling US$100,000, from different senders. The funds are transferred to a charity organization in the same jurisdiction and are subject to external auditor review.
An individual receives five large wire transfers, totaling US$3 million, from a virtual asset exchanger which offers tumbling services. The amount received is not consistent with information collected during the KYC process.
Which is an example of an obfuscation pattern involving cryptoassets? Select One Compromising login credentials through identity theft Opening multiple cryptoasset accounts at the same exchange Combining illicit transactions with legitimate transactions Purchasing cryptoassets using dollar cost averaging
Combining illicit transactions with legitimate transactions
A bank is offering customers a service to send and receive cryptoassets to and from multiple entities. To remain compliant with regulator expectations and the Financial Action Task Force recommendations, the bank is required to send transaction originator and beneficiary identifying information to which types of counter parties? (Select Two) Cryptocurrency exchanges Off-chain cold wallet address storage companies Unhosted wallet address holders DeFi applications Other banks
Cryptocurrency exchanges Other banks
Which types of information from a customer's risk profile addresses whether a company should consider terminating a business relationship? (Select Two.) Peer groups addressing the similarities of virtual assets held by the customer Jurisdiction focusing on the global distribution of the customer's assets Customer characteristics based on the nature and volume of trading activity Cluster levels focusing on clients conducting similar types of virtual assets transactions Virtual assets channels evaluating the source of the customer's VAs
Customer characteristics based on the nature and volume of trading activity Cluster levels focusing on clients conducting similar types of virtual assets transactions
Which criteria are important for a financial institution to follow when escalating a client investigation as a result of repeat SAR filings? (Select Two.) Choosing when to disclose the SAR to the client Determining when to close the account Analyzing the relationship with the client Resolving the timeline as to when to return cash to the client Determining when the Bank Secrecy Act officer should meet with the client
Determining when to close the account Analyzing the relationship with the client
Which would indicate a high-risk customer? (Select Two.) Direct sending or receiving exposure to mixers An individual opening a new account funded by many small deposits Direct sending exposure to a known scam address An individual bulking payments together to send in one transaction An individual using a virtual private network (VPN) or proxy
Direct sending or receiving exposure to mixers. An individual using a virtual private network (VPN) or proxy.
Per the Financial Action Task Force guidance, technological solutions should support which main action that enables virtual asset service providers (VASPs) to comply with the travel rule? Enable a customer to securely transmit data to protect the integrity and availability of the required information to facilitate record keeping. Enable the submission of required and accurate originator and required beneficiary information immediately when a virtual asset transfer is conducted on a digital ledger technology platform. Enable law enforcement to submit a reasonably large volume of transactions to multiple destinations in an effectively stable manner. Enable a VASP to locate counter party VASPs for high-dollar-transfers.
Enable the submission of required and accurate originator and required beneficiary information immediately when a virtual asset transfer is conducted on a digital ledger technology platform. Per the Financial Action Task Force (FATF) guidance, technological solutions should support the main action of enabling the submission of required and accurate originator and required beneficiary information immediately when a virtual asset transfer is conducted on a digital ledger technology platform. This is known as the Travel Rule, which mandates that Virtual Asset Service Providers (VASPs) obtain, hold, and exchange information about the originators and beneficiaries of virtual asset transfers to combat money laundering and terrorism financing. Therefore, technological solutions should enable VASPs to acquire and exchange precise and reliable details of the originator and beneficiary of the transaction with their counter-parties before or during the transfer.
Which functions are third-party blockchain analytics tools capable of performing? (Select Two.) Identifying the specific owners of crypto wallets Identifying and risk-rating wallets on the blockchain Determine the transaction activity between customers within a crypto asset exchange Determining the overall trading volume and market cap of held cryptoassets Tracing the final destination of stolen cryptoassets
Identifying and risk-rating wallets on the blockchain Tracing the final destination of stolen cryptoassets
Which information should be collected when performing due diligence on a virtual asset service provider (VASP)? (Select Two.) Copies of the VASP's AML training to assess whether the VASP's staff has been properly trained in performing due diligence The latest external audit report of the VASP to assess that the risk of internal fraud is acceptable Evidence of the sufficiency of the VASP's AML compliance framework (e.g., whether it performs KYC checks and has an AML policy) Evidence that the VASP does not work with suppliers from any high-risk countries Adverse media, including whether the VASP has been subject to any regulatory action
Evidence of the sufficiency of the VASP's AML compliance framework (e.g., whether it performs KYC checks and has an AML policy) Adverse media, including whether the VASP has been subject to any regulatory action When performing due diligence on a virtual asset service provider (VASP), the two pieces of information that should be collected are:Evidence of the sufficiency of the VASP's AML compliance framework: This includes assessing whether the VASP performs know your customer (KYC) checks and has an AML policy in place1. It is important to evaluate the adequacy and effectiveness of the VASP's AML/CFT (anti-money laundering/combating the financing of terrorism) compliance framework to ensure that proper measures are in place to mitigate the risk of illicit activities.Adverse media and regulatory actions: It is crucial to gather information on adverse media coverage and whether the VASP has been subject to any regulatory actions. Adverse media refers to negative news or information about the VASP, such as involvement in financial crimes or regulatory violations1. Regulatory actions can include penalties, fines, or sanctions imposed on the VASP by regulatory authorities. Assessing adverse media and regulatory actions helps in evaluating the reputation and compliance track record of the VASP. These two pieces of information provide insights into the VASP's compliance with AML regulations, its risk management practices, and its overall reputation and integrity. By collecting this information, financial institutions can make informed decisions regarding their engagement with the VASP and assess the associated risks.
Which is an advantage of machine learning compared to rule-based systems in a cryptocurrency AML transaction monitoring program? Fewer false-positive results and a higher detection rate Combined application programming interfaces allowing automatic blockchain analytic capabilities Meeting the Financial Action Task Force's recommendations related to machine learning Ability to detect money laundering without labeling
Fewer false-positive results and a higher detection rate. According to the search results, one advantage of machine learning compared to rule-based systems in a cryptocurrency AML transaction monitoring program is fewer false-positive results and a higher detection rate. Rule-based systems are known to have high false positive rates and low detection rates, which means they are prone to bias. In contrast, machine learning models recognize patterns and trends in historic data, and provide a probabilistic output based on matching transactions with transaction patterns of known bad-actors Machine learning models can also study the behaviors of customers and build this information into their transaction monitoring system, which can lead to a higher detection rate and fewer false positives. Additionally, machine learning models can detect money laundering without labeling.
Addresses connected to the internet to facilitate customers' deposits and withdrawals in cryptocurrency exchanges are called: Custody wallet Hot wallets Paper wallets Cold wallets
Hot wallets Addresses connected to the internet to facilitate customers' deposits and withdrawals in cryptocurrency exchanges are called hot wallets Hot wallets are connected to the internet and are used for regular transactions, making them more convenient but less secure than cold wallets. Cold wallets, on the other hand, keep your crypto keys offline for security. Examples of hot wallets include Coinbase Wallet, MetaMask, Trust Wallet, Exodus Wallet, Robinhood, and Edge
A bank purchases a new artificial intelligence-driven negative media search tool that uses natural language processing and wildcard searches to find negative media about customers. If regulators ask if the system is operating effectively, the strongest response is: Independent consultants completed model validation and confirmed the system is operating effectively. The bank completed the tool's training and scheduled a targeted six-month audit of KYC processes. The bank will provide regulators with a live walk-through of the system. The bank conducted pre- and post-implementation validation of the tool's data feed.
Independent consultants completed model validation and confirmed the system is operating effectively.
An analyst identifies a suspicious transfer of Bitcoin (BTC) and requires the transaction's timestamp and receiving address in order to file a suspicious activity report. How can the analyst best locate this additional information? Reach out directly to the customer who initiated the BTC transfer. Input the transaction hash into a BTC blockchain explorer. Review the customer's BTC transactions made around the same time. Compare other customers' BTC transactions of the same value.
Input the transaction hash into a BTC blockchain explorer.
Which issue represents the greatest obstacle to effective global adoption of the Financial Action Task Force travel rule? ISO20022 messaging standards Non-fungible tokens Person-to-person transactions Interoperability of technical solutions
Interoperability of technical solutions The interoperability of technical solutions represents the greatest obstacle to effective global adoption of the Financial Action Task Force (FATF) travel rule. The FATF travel rule is highly complex and demands the use of technology to monitor transactions that, until recently, was unavailable. Compliance with the travel rule can be costly and time-consuming for virtual asset service providers (VASPs), particularly for smaller companies, as it may require significant investments in technology and personnel. The implementation of the travel rule can be challenging for VASPs, and the lack of regulation in the travel rule and information sharing in several countries can also be an obstacle. However, the main challenge is the lack of interoperability of technical solutions, which hinders the effective implementation of the travel rule
In most jurisdictions, what document is required to release supporting documentation for a SAR to a Financial Intelligence Unit (FIU)? A subpoena for private financial information. A legal interrogatory. No specific documents are required. A seizure warrant for financial instruments.
No specific documents are required.
An investigator is attempting to trace transactions that are linked to stolen funds. The transactions progress from an exchange, through two services, and finally settle in a second exchange. Why might the accurate tracing of these funds be difficult? Funds entering services are not legally required to be placed on the public ledger due to increased security measures. It is not always possible to connect exact funds entering services to exact funds leaving services. General Data Protection Regulation prevents crypto exchanges from being able to collect personal data of users. Crypto tracing is not possible through a transparent ledger.
It is not always possible to connect exact funds entering services to exact funds leaving services.
Which virtual asset related transaction is a red flag indicator in terms of the size and frequency of a transaction? Attempting to open accounts frequently within the same virtual asset service provider using a common IP address Moving a virtual asset to a centralized exchange and then immediately trading it for a privacy coin Making multiple high-value transactions within a short period Making use of mixing and tumbling services to obscure the flow of funds
Making multiple high-value transactions within a short period.
What was the name of the International Consortium of Investigative Journalists' publication from 2016 that contained 214,000 off-shore companies and the identities of ultimate beneficial owners including politically exposed persons of governments of over 40 countries? Honduras Papers Nicaragua Papers Panama Papers Venezuela Papers
Panama Papers
Which type of cryptocurrency poses a higher money laundering risk? Utility tokens Stablecoins Security tokens Privacy coins
Privacy coins
Which customer(s) require enhanced due diligence? Educational associations Domestic savings institution Publicly listed companies Private banking clients
Private banking clients
Which type of open source intelligence would alert the chief compliance officer to enhance customer research, due diligence, and investigation processes? (Select Two.) Private cryptoasset keys Public cryptoasset keys Amount of USD in bank accounts Customer name and address Office of Foreign Asset Control lists
Public cryptoasset keys Office of Foreign Asset Control lists
A deposit of 0.5 Bitcoin (BTC) by a low-risk customer generates an indirect dark net alert. 0.001 of the deposited BTC are connected to the dark net 15 wallets removed. Records from the customer show that the BTC were bought on a peer-to-peer platform. Which is the next best step for the analyst to take? Immediately file a SAR for money laundering due to an indirect dark net connection. Record the outcome of the investigation as a tainted coin, but increase the risk rating of the customer for closer monitoring. Inform the customer that further coins from the source cannot be deposited, otherwise a SAR will be filed. Escalate the transaction to leadership and immediately freeze the customer's assets to begin the exit process.
Record the outcome of the investigation as a tainted coin, but increase the risk rating of the customer for closer monitoring.
Which type of risk is appropriate to include in a company's risk appetite? Regulatory Business attrition Market competition Customer satisfaction
Regulatory The type of risk that is appropriate to include in a company's risk appetite is regulatory risk. Regulatory risk refers to the potential impact of changes in laws, regulations, or compliance requirements on the company's operations and ability to meet its objectives. It involves assessing the risk of non-compliance with anti-money laundering (AML) regulations, data protection laws, consumer protection regulations, and other relevant regulatory frameworks. Understanding and managing regulatory risk is crucial for companies to ensure compliance, avoid penalties, and maintain their reputation and integrity. The other options mentioned, such as business attrition, market competition, and customer satisfaction, are important considerations for a company's overall risk management strategy, but they may not specifically fall under the category of risk appetite. Risk appetite typically focuses on the level of risk a company is willing to accept in pursuit of its objectives, and regulatory risk is a key aspect of that consideration.
Which is a benefit of blockchain analytics? Both on-chain and off-chain transactions can be tracked. Transactions cannot be traced across one or more blockchains. Risks associated with virtual asset service providers can be understood. There is instant attribution of cryptocurrency transactions.
Risks associated with virtual asset service providers can be understood.
Which transaction threshold rules should a compliance officer focus on when setting up a transaction monitoring system for a virtual asset service provider? (Select Two.) Beneficial ownership Statistical analysis Customer segmentation Individual customers' risk ratings Customer onboarding
Statistical analysis Customer segmentation
A transaction monitoring analyst at a virtual asset service provider has identified potential suspicious transactions. To whom should the case be escalated? The General Counsel The relationship manager The AML officer The board of directors
The AML officer. When a transaction monitoring analyst at a virtual asset service provider identifies potential suspicious transactions, the case should be escalated to the personnel or department responsible for evaluating unusual activity, as per the policies, procedures, and processes established by the management1. In general, after thorough research and analysis has been completed, findings are typically forwarded to a final decision maker (individual or committee). The AML officer is typically responsible for reviewing and investigating suspicious activity reports (SARs). Therefore, the case should be escalated to the AML officer for further investigation.
An analyst at a cryptoasset exchange is filing a SAR on a customer whose account sees regular, low-value deposits of cryptoassets from known criminal addresses, among other transactions. In addition to the customer's cryptoasset wallet address, which information will be most important to include in the SAR? The public key of the customer's wallet The private key of the criminal cryptoasset address The QR code of the customer's address The hashes of the questionable transactions
The hashes of the questionable transactions.
Which statement pertaining to CDD is true? Due to the transparent nature of transactions on the blockchain, the intended use of the account by the customer can be inferred, so no further CDD is required. The non-face-to-face nature of the relationship should contribute to the risk level of the customer. Only Financial Action Task Force Recommendation 10 should be applied by all virtual asset service providers. Customer transactions exceeding EUR15,000 should trigger CDD.
The non-face-to-face nature of the relationship should contribute to the risk level of the customer.
When considering doing business with a virtual asset service provider (VASP), which risk should a financial institution consider? The VASP provides open source code to developers for use. The VASP does not participate in the Bitcoin Lightning Network. The number and types of cryptoassets the VASP provides its customers. Proof-of-work and proof-of-stake cryptoassets are offered by the VASP.
The number and types of cryptoassets the VASP provides its customers.
Which are examples of a virtual asset service provider complying with the requirement of the travel rule? (Select Two.) The recipient entity obtains information on the originator. Beneficiary information is submitted in a virtual asset transfer. National identifier numbers of both originator and beneficiary are submitted. Recipient information is screened for a virtual asset transfer against sanctions lists. All virtual asset transfers are monitored to determine when a suspicious activity report should be submitted.
The recipient entity obtains information on the originator. Beneficiary information is submitted in a virtual asset transfer.
Quantifying the financial crime risk of transactions is an essential part of any anti-money laundering program. Which factor increases the money laundering risk of a transaction? The transaction is made to a common and popular retailer. The transaction is the first time the customer has made a payment to this company. The transaction is a payment to tax authorities. The transaction is made to an account in the original account owner's name.
The transaction is the first time the customer has made a payment to this company.
Which type of open source intelligence would alert the chief compliance officer to enhance customer research, due diligence, and investigation processes? (Select Two.) - Private cryptoasset keys - Public cryptoasset keys - Amount of USD in bank accounts - Customer name and address - Office of Foreign Asset Control lists
The two types of open source intelligence that would alert the chief compliance officer to enhance customer research, due diligence, and investigation processes are: Customer name and address Office of Foreign Asset Control lists Customer name and address can be used to identify potential customers and their location, which can help in conducting due diligence and investigation processes. This information can be obtained from publicly available sources such as social media, news feeds, and discussion forums. The Office of Foreign Asset Control (OFAC) maintains a list of individuals and entities that are subject to economic sanctions and other restrictions. Checking customer names against the OFAC list can help in identifying potential risks and avoiding doing business with sanctioned individuals or entities.
Which internal policy meets AML best practices for low-risk customers? Their CDD files are reviewed every two years. Their CDD files do not require review. They are exited immediately when a suspicious transaction occurs. Their CDD files are only reviewed if a trigger event occurs.
Their CDD files are reviewed every two years.
Which statement is true regarding the application of the Financial Crimes Enforcement Network's travel rule to convertible virtual currencies (CVC)? Transactions involving CVC qualify as transmittals of funds. A transmittal of funds of US$2,000 (or its equivalent in CVC) may trigger certain requirements. A virtual asset service provider may not provide information different from the transmittal order itself. A money transmitter must provide the required regulatory information before the time of the transmittal of value.
Transactions involving CVC qualify as transmittals of funds.
According to the Financial Crimes Enforcement Network, what is the amount of fiat currency, or its convertible virtual currency equivalent, that may trigger requirements of the travel rule? US$1,500 Greater than US$10,000 US$5,000 US$3,000
US$3,000
Which common red flags help organizations risk rate a cryptocurrency transfer from a bank to a cryptocurrency exchange? (Select Three.) Unknown funding source Abnormal transaction patterns Unusual username Questionable customer profile New banking relationship Inconsistent cryptographic primitive
Unknown funding source Abnormal transaction patterns Questionable customer profile Based on the search results, the three common red flags that help organizations risk rate a cryptocurrency transfer from a bank to a cryptocurrency exchange are: Unusual transaction patterns: This includes frequent large-value transfers from multiple accounts into a single account, immediate withdrawal of deposits without any transaction history, converting crypto deposits into numerous currencies with a high amount of incurred fees, and converting substantial sums of fiat currency into crypto without a reasonable business premise26. Geographical risks: This includes customers making substantial cryptocurrency purchases beyond their normal spending patterns, sending virtual assets to jurisdictions with weak anti-money laundering (AML) regulations, and using cryptocurrency providers in countries that the customer is not from23. Suspicious user profiles: This includes unfamiliar senders with no prior history of cryptocurrency transactions, elderly or financially vulnerable customers engaging in high-volume cryptocurrency transactions, and customers receiving or sending cryptocurrency to darknet marketplaces, mixing services, questionable gambling sites, fraudulent exchanges, and platforms with lax AML standards
Which is a common red flag associated with the source of funds and the misuse of cryptoassets for criminal activities? Moving a cryptoasset from a public blockchain to a centralized exchange for trading Attempting to trade the entire balance of cryptoassets by a new user Using multiple payment methods linked to a cryptoasset wallet Sending cryptoassets to a service provider operating in overseas jurisdictions
Using multiple payment methods linked to a cryptoasset wallet.
Which of the following is an indicator of fraud? You receive a gift card from a friend. You win a prize at a local event in your city. Your bank alerts you to unusual activity in your bank account. You are asked to provide financial information on the phone.
You are asked to provide financial information on the phone. One indicator of fraud is a stranger requesting personal and financial information via the phone.
Which services are provided by virtual asset service providers as defined by the Financial Action Task Force? (Select Two.) Decentralized finance applications Virtual asset exchange Protocol development Virtual asset administration Publishing of new virtual asset networks
Virtual asset exchange Virtual asset administration
To comply with the travel rule, what do virtual asset service providers (VASPs) need to identify when processing a payment? Whether they are transacting with another VASP versus a private wallet Whether the counterparty was involved in suspicious activity Whether the private wallet is registered by a jurisdiction Whether due diligence was conducted on the counterparty
Whether they are transacting with another VASP versus a private wallet.