Questions for the ADVANCED CAMS AUDIT were updated on : Dec 01 ,2025
During the auditing process the auditor finds that the entity never updates the customers risk
assessment. Which remediation actions should the auditor suggest? (Select Two.)
A. Compliance regularly updates the lists of high- and medium-risk countries to ensure updated
customer risk profiles.
B. Audit designates an audit manager to review customer profiles annually.
C. Delete non-active customer profiles to reduce the workload of ongoing surveillance.
D. Management engages an independent third party to update all the customer risk profiles.
E. The business updates the customer risk profiles periodically in accordance with the customer risk
level.
A, E
Regularly updating lists of high- and medium-risk countries ensures that customer risk profiles
align with the most current geopolitical and economic risks.
Periodic updates to customer risk profiles, based on their assigned risk level, are critical for
maintaining an accurate and dynamic risk assessment system.
During the ongoing due diligence process the company becomes aware that the customer is holding
personal assets for a politically exposed person (PEP). What should the auditor recommend to
enhance the control environment for this customer relationship? (Select Three.)
A. File a suspicious activity report as the previous risk rating was not correct.
B. Deploy automated monitoring toots to efficiently peruse the customer's KYC information and
assure that the customer's KYC risk rating is correct.
C. Designate the account as a PEP-account.
D. Conduct enhanced due diligence and enhanced ongoing monitoring of the customer relationship.
E. Review and document the details of the customer s asset-holding arrangement.
F. Review the customer risk profile every two years as with any other customers.
C, D, E
Designating the account as a PEP-account triggers additional monitoring and controls as PEPs
inherently pose higher risks.
Enhanced due diligence (EDD) and ongoing monitoring are essential for PEPs to track their
financial activities closely and address any anomalies.
Documenting the details of the asset-holding arrangement provides clarity on the customer's
profile and any associated risks.
When assessing the KYC process which should an auditor observe from the customer risk
assessment? (Select Two)
A. Self-declaration or Beneficial ownership should not be accepted as it is not adequate.
B. Overseas shareholders not involved in the customer's dally operations are not beneficial owners.
C. The purpose and intended nature of the business relationship were not reviewed m the
assessment.
D. The ultimate beneficial owners of the customer need to be Identified and verified.
E. If this was a face-to-face customer, the overall customer risk rating should be changed to low.
C, D
The purpose and intended nature of the business relationship are fundamental elements of
customer due diligence (CDD) and should be reviewed in the risk assessment process to understand
the rationale behind the customer's activities and their alignment with expected patterns.
Identifying and verifying the ultimate beneficial owners (UBOs) is a core principle of the KYC
process to ensure transparency and mitigate risks related to hidden ownership or illicit activities.
in addition to this investigation report, what Information should the auditor expect to find in the
investigative file? (Select Two.)
A. Board approval for the suspicious activity report filing by the compliance department.
B. Independent review by the compliance officer's line manager.
C. Adverse news search results against the customers and its controlling persons.
D. Policies and procedures relating to AML investigations and suspicious activity report filing.
E. Historical transaction data of the customer s account.
C, E
Adverse news provides context on potential risks associated with the customer, while historical
transaction data is critical for understanding patterns that may indicate suspicious activity.
As an auditor reviewing this investigation report, which indicates an effective process?
A. The compliance officer concluded the investigation approximately 3 months later and filed a
suspicious activity report.
B. The compliance officer concluded from the report that there are reasonable grounds for suspicion
and filed a suspicious activity report.
C. The compliance officer filed a suspicious activity report and omitted details regarding the reason it
was filed.
D. The compliance officer decided not to cease the Business relationship hut kept the account under
rigorous monitoring process.
B
Filing an SAR based on reasonable grounds for suspicion ensures compliance with AML obligations
and demonstrates the effectiveness of the investigative process.
Which products/services increase the risk level for money laundering for XYZ Bank?
A. Payable through accounts
B. International fund transfers
C. Letters of credit
D. Foreign exchange services
AB
Payable through accounts allow foreign banks' customers direct access to the correspondent account,
which can increase the risk of money laundering due to less direct oversight.
Considering recent changes in the bank's correspondent banking business. Which is the most
important risk indicator for the internal auditor to review?
A. The management and ownership of the respondent bank.
B. The purpose of the services provided to the respondent bank.
C. The jurisdiction in which the respondent bank is located.
D. The major business activities of the respondent bank.
C
Jurisdictional risk is critical in correspondent banking due to potential exposure to countries with
weaker AML/CFT controls, high corruption levels, or sanctions.
Which key risk indicator should the internal auditor consider when reviewing correspondent banking
activities?
A. Volume of transaction activity referred by the respondent bank.
B. Size and stature of a respondent bank's operations in its home country.
C. Number of respondent banks located in higher risk jurisdictions.
D. Number of correspondent banking relations terminated.
C
Correspondent banking relationships with banks in high-risk jurisdictions are a key risk indicator, as
these relationships often pose greater AML/CFT risks due to regulatory or operational deficiencies in
those jurisdictions.
Which are objectives of the issue confirmation step in the audit issue management process? (Select
Two.)
A. Findings ate explained and assigned to the accountable owners.
B. Additional remediation is identified and planned.
C. Findings ate clearly written and facts are accurate
D. Communication, follow-up. and documentation are tracked on scheduled sustainability
validations.
E. Compliance Identifies and schedules pre-exam validation as appropriate.
A, C
Findings need to be clearly articulated and assigned to ensure accountability and actionable
remediation.
Accurate documentation ensures that facts are not disputed and remediation can proceed efficiently.
Additional remediation is a later step in the issue resolution process.
Tracking and pre-exam validation relate to follow-up stages, not the initial confirmation
step.
Which scenarios should be used to monitor for potential elder abuse? (Select Two.)
D, E
Explanation: Scenarios 7 and 8 align with elder abuse detection by focusing on unusual account
behaviors, like abrupt large withdrawals or transactions inconsistent with the elder's profile. Patterns
like these often indicate exploitation.
A retail banking small and medium-sized enterprise (SME) customer launches a charity and requests
a Corporate-SME account to receive donations and make disbursements. Which scenarios would
most likely identify activity related to a charity account? (Select Two.)
A. Scenario 1
B. Scenario 4
C. Scenario 5
D. Scenario 6
E. Scenario 7
A, E
Evaluates unusual activity, such as large, unexplained deposits or withdrawals, which are
red flags in charity-related accounts .
Exads to detect inconsistencies with the stated purpose, ensuring adherence to AML
standards for NPOs .
Which action would an auditor take to evaluate design effectiveness?
A
Explanation: Evaluating design effectiveness involves determining whether policies and procedures
align with regulatory standards, which sets the foundation for a compliant AML/CFT program. This is
a design-level assessment rather than testing implementation or outcomes, which would pertain to
operational effectiveness.
When evaluating an AML training program tor CFT functions the auditor should verify that:
A. interns and third parties are not included.
B. attendees have completed post-course surveys.
C. ethics training has been delivered to senior management.
D. tailored training has been provided to AML and CFT staff.
D
These answers are aligned with best practices and principles outlined in FATF recommendations and
the context of AML/CFT risk management and training standards. If further detailed references are
required, feel free to ask!
Which statements demonstrate an effective use of risk appetite in an organization? (Select Two.)
BE
When testing the operational effectiveness of an institution's customer risk rating model an auditor
finds that the risk rating is not in accordance with the model specification in some cases. After
interviewing developers and officers, the auditor learns the specification document is inaccurate and
has not been updated in a timely manner. Which are appropriate corrective action plans'? (Select
Two.)
A. Alert the person in charge of releasing the model that me release must comply with the
specifications.
B. Check periodically if released rules are operating as per the specifications.
C. Set up a checkpoint before release to make sure that the release is in accordance with the
specifications.
D. Tram KYC personnel to recognize errors in the customer risk rating model.
E. Report this matter to the board of directors.
BC
Regular monitoring ensures that implemented rules align with updated
specifications and are functioning as intended, reducing the risk of deviation from compliance
Establishing validation checkpoints ensures that all releases comply
with documented specifications, mitigating risks of errors in the risk rating model