AML Practice Questions: Test Your Anti-Money Laundering Knowledge

Q: When does a CTR become mandatory, and what does “aggregation” really mean?

A CTR obligation is driven by total currency activity that exceeds the reporting threshold in one business day when your institution has knowledge the transactions are by or on behalf of the same person. Aggregation is not optional “best practice”—it is how the requirement is applied in real operations, including multiple branches or channels when the institution can link the activity to the same customer.

Q: Can a transaction require both a CTR and a SAR?

Yes. A CTR is a currency reporting requirement based on amount and aggregation rules; a SAR is a suspicion-based report driven by the facts and indicators of potential money laundering, structuring, fraud, or other illicit activity. Filing one does not “cover” the other—your analysis should independently document the CTR decision and the SAR decision.

Q: What starts the SAR clock: alert date, investigation date, or case-closure date?

Regulators focus on initial detection of facts that may constitute a basis for filing, not when the investigator clicks “close.” A defensible program defines detection in policy (for example, escalation from monitoring to investigation) and uses case timestamps, escalation notes, and manager approvals to show the timeline was controlled.

13 – 43 Questions 11 min

This quiz targets core BSA/AML decisions under FinCEN regulations (31 CFR Chapter X): when CTR aggregation is mandatory, when SARs are required and how to write defensible narratives, and how CDD/OFAC controls support monitoring. Reinforcing these rules is mandatory training for workplace incident prevention; non-compliance can trigger consent orders, civil money penalties, and individual liability.

Start

Choose quiz length

1Which item is one of the core elements (pillars) of a bank AML program?

2A CTR is generally required when a customer conducts more than $10,000 in cash transactions in one business day, including aggregated transactions across branches.

True / False

3Which situation most clearly triggers Enhanced Due Diligence (EDD) at onboarding?

4What is the main purpose of tuning and testing automated sanctions/transaction monitoring filters?

5A customer makes two cash deposits on the same business day: $6,500 at 9:00 AM and $4,200 at 2:00 PM at different branches. What is the correct BSA action?

6It is permissible to tell a customer that a SAR has been filed about their account if they ask directly.

True / False

7If a sanctions screening alert is a potential match, the transaction should generally be held from processing until the match is resolved.

True / False

8A business customer reports that its majority owner sold their stake six months ago, and the new 60% owner has not been verified. What is the most appropriate next step?

9An alert review finds a $4,800 wire that appears structured to avoid a $5,000 internal SAR review threshold. No suspect can be identified. Under typical bank SAR thresholds, what is the best answer?

10A wire transfer screens as a 92% name match to an OFAC SDN entry, but the country of origin differs. What should you do first?

11Under the CDD framework, collecting customer information at onboarding is sufficient; periodic updates are not needed unless the customer requests changes.

True / False

12A teller reports a customer deposited $9,800 in cash and asked, “How do I keep this from being reported?” What is the best immediate action?

13After investigation, a payment is confirmed as a true match to an SDN listing and must be blocked. What is the next compliance step?

14A customer has repeated suspicious cash deposits and is the subject of an initial SAR. The activity continues for three more months. What is the best practice?

15Independent testing of the AML program can be performed by internal audit or a qualified external party, as long as it is objective and documented.

True / False

16A high-risk MSB customer’s activity shifts from domestic money orders to frequent international wires to unrelated beneficiaries with no profile update. What is the best program response?

17An investigation identifies a likely suspect for suspicious transfers totaling $6,200. When does the SAR filing clock typically start?

18A PEP applicant wants to open an investment account urgently and refuses to provide source-of-wealth information. What is the most appropriate response?

19A customer withdraws $7,000 cash in the morning and deposits $5,000 cash in the afternoon on the same day. How should CTR aggregation be evaluated?

20By when is a bank generally required to file a CTR for a reportable cash transaction?

21Which SAR narrative best meets FinCEN’s expectations?

Disclaimer

This quiz is for educational purposes only. It does not replace official safety training, certification, or regulatory compliance programs.

Most-Flagged BSA/AML Errors: CTRs, SARs, CDD, and OFAC Controls

1) Treating CTR rules as “per transaction” instead of “per customer, per business day”

The CTR threshold is triggered by aggregate cash activity when the institution has knowledge the transactions are by or on behalf of the same person. The common failure is missing same-day cash-in/cash-out totals across teller lines, branches, or related accounts. Avoid this by training front-line staff on what constitutes “knowledge,” standardizing customer identifiers, and requiring same-day aggregation reviews for repeat cash customers.

2) Confusing “structuring” with “just under $10,000”

Structuring is about intent to evade reporting, not a single magic number. Staff often clear alerts because each cash transaction is under the CTR threshold, even when the pattern indicates avoidance (repeated sub-threshold deposits, multiple locations, questions about reporting limits). Your control should document the basis for the decision: why it is or is not evasion.

3) Filing SARs late or anchoring the timeline to the wrong date

Many programs start the SAR clock at “case closure” rather than initial detection. Set a clear internal definition of detection (e.g., when an alert is escalated to investigation) and track decision points so the 30/60-day rule is operationally enforceable.

4) Writing SAR narratives that cannot be investigated

Examiners and law enforcement need a narrative that answers who, what, when, where, why, and how, ties facts to suspicion, and identifies accounts, instruments, counterparties, and locations. Boilerplate language (“suspicious wire activity”) is a frequent exam criticism—especially when it omits the customer’s expected activity versus observed activity.

5) Treating CDD as an onboarding checklist

Risk profiles must be updated when facts change (ownership/control changes, new geographies, volume spikes, new products like remote deposit capture). The avoidable mistake is failing to connect monitoring outputs back into CDD refresh and EDD triggers.

6) Over-relying on screening automation without tuning, testing, and escalation documentation

OFAC and transaction monitoring systems fail quietly when filters are too strict (misses) or too loose (alert fatigue). Build periodic testing using known-risk names/typologies, and ensure every false positive/true match decision has a documented rationale and approval trail.

Investigation-Style Drills: CTR Aggregation, SAR Decisions, and CDD/OFAC Escalation

How to use these drills

For each scenario, identify: (1) the obligation triggered (CTR, SAR, CDD refresh, OFAC escalation, or no filing), (2) the action (file, investigate, block/reject per policy, document rationale), (3) the deadline, and (4) the records to retain (alerts, case notes, transaction detail, customer profile, approvals).

Same-day split deposits across branches: A business customer deposits $6,500 cash in the morning at Branch A and $4,200 cash mid-afternoon at Branch B.
- Decide whether aggregation applies and whether a CTR is required.
- List what “knowledge” the institution has and how it is established.
Customer asks about reporting limits: A retail customer makes three $9,900 cash deposits over four days and asks a teller, “What amount gets reported to the government?”
- Identify structuring red flags and the correct internal escalation path.
- Decide whether a SAR is warranted even if no CTR is filed.
Wires inconsistent with stated business purpose: A newly onboarded import/export LLC sends multiple international wires to unrelated third parties in a high-risk corridor, far exceeding expected volume.
- Specify what CDD updates/EDD questions are required before concluding.
- Draft the key facts that must appear in a defensible SAR narrative.
High-risk cash business with commingling: A convenience store account shows frequent cash deposits plus rapid outbound ACH payments to a personal account at another institution.
- Identify typologies (possible funneling/commingling) and what documentation supports suspicion.
Potential OFAC hit: Name screening returns a close match to an SDN for an incoming international wire beneficiary; date of birth is unknown and the address is partial.
- Describe the immediate controls (hold/block/reject per sanctions policy) and required internal approvals.
- List what additional data you need to clear or confirm the match.
Repeat SAR vs continuing activity: Alerts show the same customer repeating the same suspicious pattern after a prior SAR was filed.
- Explain how to document “continuing activity” and how to avoid duplicate, low-value narratives.
Beneficial ownership and control questions: A legal entity opens a new account; ownership is layered through another LLC, and the signer refuses to provide ownership details “because it’s private.”
- Identify the onboarding requirement, when to decline/restrict account opening, and what to document.

Authoritative BSA/AML References (FinCEN, FFIEC, and OFAC)

FFIEC BSA/AML Examination Manual — Examination expectations, risk management concepts, and procedures used by U.S. federal banking regulators. ([bsaaml.ffiec.gov](https://bsaaml.ffiec.gov/manual?utm_source=openai))
FinCEN CTR FAQs — Practical guidance on CTR completion, aggregation, and common reporting issues. ([fincen.gov](https://www.fincen.gov/frequently-asked-questions-regarding-fincen-currency-transaction-report-ctr?utm_source=openai))
FinCEN BSA E-Filing System: Filing Information — Official user guides and filing instructions for BSA forms submitted through BSA E-Filing. ([bsaefiling-iam.fincen.gov](https://bsaefiling-iam.fincen.gov/FilingInformation.html?utm_source=openai))
FinCEN SAR Electronic Filing Requirements (PDF) — Form structure and submission requirements for SARs filed via the BSA E-Filing system. ([bsaefiling.fincen.treas.gov](https://bsaefiling.fincen.treas.gov/docs/FinCENSARElectronicFilingRequirements.pdf?utm_source=openai))
OFAC Sanctions List Service — Official SDN and non-SDN list resources and search tools for sanctions screening programs. ([ofac.treasury.gov](https://ofac.treasury.gov/ofac-sanctions-lists?utm_source=openai))

AML Practice Questions FAQ: CTR vs SAR, Deadlines, Narratives, and Sanctions Screening

When does a CTR become mandatory, and what does “aggregation” really mean?

A CTR obligation is driven by total currency activity that exceeds the reporting threshold in one business day when your institution has knowledge the transactions are by or on behalf of the same person. Aggregation is not optional “best practice”—it is how the requirement is applied in real operations, including multiple branches or channels when the institution can link the activity to the same customer.

Can a transaction require both a CTR and a SAR?

Yes. A CTR is a currency reporting requirement based on amount and aggregation rules; a SAR is a suspicion-based report driven by the facts and indicators of potential money laundering, structuring, fraud, or other illicit activity. Filing one does not “cover” the other—your analysis should independently document the CTR decision and the SAR decision.

What starts the SAR clock: alert date, investigation date, or case-closure date?

Regulators focus on initial detection of facts that may constitute a basis for filing, not when the investigator clicks “close.” A defensible program defines detection in policy (for example, escalation from monitoring to investigation) and uses case timestamps, escalation notes, and manager approvals to show the timeline was controlled.

What makes a SAR narrative “high quality” in an examination?

A strong narrative is specific, chronological, and actionable: it identifies parties, accounts, instruments, amounts, locations, and counterparties; explains why the activity is inconsistent with the customer’s known profile; and clearly states the suspected typology (for example, structuring, funneling, trade-based laundering indicators). Avoid boilerplate conclusions without facts.

How should CDD connect to transaction monitoring?

CDD is not “done” at onboarding. Monitoring outcomes should trigger profile refresh and potentially EDD: changes in ownership/control, new geographies, sudden volume shifts, or new product usage should be reflected in the customer’s expected activity. If your team is also benchmarking global controls, the AML/CFT Compliance Quiz - FATF Standards Practice Questions is a useful companion.

What should staff do when OFAC screening produces a potential match?

Treat it as an operational incident: follow your sanctions escalation procedure, restrict processing as required by policy, and gather additional identifiers (date of birth, address, passport/ID, entity registration data) to resolve the alert. Document the comparison steps and approvals so the decision is reproducible in an exam or audit.

How do AML controls differ for money laundering vs terrorist financing concerns?

The core framework (risk-based monitoring, escalation, SAR decisioning) is shared, but terrorist financing often involves smaller values, different counterparties, and different behavioral signals (for example, rapid movement of funds to conflict-adjacent areas or networks). For focused pattern recognition practice, see Terrorist Financing Red Flags Quiz - Free CFT Compliance Practice.

BSA/AML Decision Rules to Internalize Before Your Next Exam

Aggregate cash by customer and business day whenever the institution has knowledge transactions are “by or on behalf of” the same person; don’t rely on a single branch view.
Separate reporting logic from suspicion logic: CTR decisions are threshold-and-knowledge based, while SAR decisions must be grounded in articulated facts and typology indicators.
Anchor SAR timing to initial detection using a policy definition and audit-ready timestamps (alert escalation, investigation start, decision approval), not informal “case closure.”
Write SAR narratives for an investigator, not an examiner: include identifiers, timeline, expected vs observed activity, and the reason the activity appears designed to evade or conceal.
Close the loop between monitoring and CDD/OFAC: when alerts reveal new risk, update the customer profile, apply EDD where warranted, and retain documentation showing the control worked.

AML Quiz Glossary: Operational Definitions Used in CTR/SAR Decisioning

CTR (Currency Transaction Report): A required report for qualifying currency transactions exceeding the reporting threshold under BSA rules, including same-day aggregation when applicable. Example: Two same-day cash deposits at different branches total over the threshold, triggering a CTR decision and documentation.
Aggregation: The process of combining multiple currency transactions for the same person (or on behalf of the same person) within one business day when the institution has knowledge they are linked. Example: A teller and a branch manager use customer identifiers to link two deposits and treat them as one reportable event.
SAR (Suspicious Activity Report): A report filed when facts suggest potential money laundering, structuring, fraud, or other suspicious activity, regardless of whether amounts are above or below CTR thresholds. Example: Repeated sub-threshold cash deposits paired with questions about “reporting limits” can support a SAR narrative.
Initial detection: The point when the institution first becomes aware of facts that may constitute a basis for a SAR, used to govern internal timeliness controls. Example: The date an alert is escalated to investigation under policy—not the date the case is closed—drives deadline tracking.
Structuring: Breaking up transactions to evade BSA reporting requirements; the key is evasive intent indicated by patterns and behavior, not just a number. Example: A customer rotates locations and keeps deposits just under the threshold after asking staff what gets “reported.”
CDD (Customer Due Diligence): Risk-based procedures to understand the customer and the nature/purpose of the relationship, and to support ongoing monitoring. Example: If actual wire volume exceeds stated business activity, the customer profile and expected activity must be updated and re-approved.
EDD (Enhanced Due Diligence): Additional, documented due diligence for higher-risk customers or activity, beyond baseline CDD. Example: For a complex ownership structure with high-risk geographies, the institution requests source-of-funds information and performs deeper ownership/control verification steps.
OFAC screening: Sanctions compliance control to identify potential matches to restricted parties and take required action under policy and regulation. Example: A close name match to a sanctioned party triggers escalation, additional identifier collection, and a documented clearance or confirmed match decision.