Business & Finance

AML Practice Questions: Test Your Anti-Money Laundering Knowledge

25 Questions 13 min
This quiz covers BSA/AML compliance obligations enforced by FinCEN and federal banking regulators. Between 2020 and 2024, FinCEN assessed over $3 billion in enforcement penalties for BSA violations, including historic actions against institutions that failed to maintain adequate transaction monitoring, SAR filing programs, and customer due diligence controls. Penalties for willful BSA violations can reach $1 million per violation per day.
Start Quiz
Anti-money laundering compliance - magnifying glass examining currency
Choose quiz length
1Under the Bank Secrecy Act, a Currency Transaction Report (CTR) must be filed for cash transactions exceeding $10,000.

True / False

2Which federal agency receives Suspicious Activity Reports (SARs) filed by U.S. financial institutions?
3Know Your Customer (KYC) procedures require a financial institution to verify the identity of each customer before opening an account.

True / False

4What does OFAC stand for in the context of U.S. financial compliance?
5A customer makes three cash deposits of $3,500 each at different branches on the same day to avoid a CTR filing. This practice is called:
6Under the Corporate Transparency Act, certain companies must report their beneficial owners to FinCEN.

True / False

7A Politically Exposed Person (PEP) is automatically prohibited from opening a bank account in the United States.

True / False

8Which law originally established the requirement for U.S. financial institutions to file currency transaction reports?
9Which of the following is the minimum information a Customer Identification Program (CIP) must collect from an individual customer?
10A financial institution may inform the customer that a Suspicious Activity Report has been filed about their transactions.

True / False

11Arrange the following BSA record retention periods from shortest to longest.

Put in order

1SAR filing deadline with known suspect (30 calendar days)
2CTR filing deadline (15 calendar days)
3BSA record retention requirement (5 years)
4SAR filing deadline without known suspect (60 calendar days)
12How soon after a reportable cash transaction must a financial institution file a CTR with FinCEN?
13What is the general deadline for filing a SAR after initial detection of suspicious activity when the suspect has been identified?
14A SAR must be filed for any transaction involving exactly $5,000 or more if the institution suspects the funds are derived from illegal activity and a suspect can be identified.

True / False

15Under the 2016 CDD Rule, which of the following is NOT one of the four core elements of customer due diligence?
16Enhanced Due Diligence (EDD) is most likely required for which type of account?
17Which of the following is a common red flag for structuring?
18What must a financial institution do when an OFAC screening reveals a confirmed match with a Specially Designated National (SDN)?
19OFAC compliance is voluntary for U.S. financial institutions and only becomes mandatory when specifically directed by a regulator.

True / False

20Which of the following individuals would most likely be classified as a Politically Exposed Person (PEP)?
21Under the CDD Rule, what ownership threshold generally triggers the requirement to identify and verify a beneficial owner of a legal entity customer?
22A financial institution must identify the beneficial owners of a publicly traded company listed on a major U.S. stock exchange when opening an account.

True / False

23Structuring is only illegal if the underlying funds being deposited were obtained through criminal activity.

True / False

24Which of the following should a compliance officer include in the narrative section of a SAR?
25A bank may exempt certain eligible customers, such as listed public companies, from CTR filing requirements through a CTR exemption process.

True / False

AML/BSA Compliance Mistakes That Trigger FinCEN Enforcement Actions

AML program failures often compound quietly until a regulatory examination or law enforcement inquiry exposes systemic gaps. These are the patterns that most frequently appear in FinCEN consent orders and federal banking agency enforcement actions.

1) Treating CTR thresholds as optional guidance rather than hard requirements

Failing to aggregate same-day cash transactions across branches for the same customer is one of the most common CTR violations. Tellers who are not trained on aggregation rules may process multiple sub-threshold transactions without triggering a report.

2) Filing SARs with empty or boilerplate narratives

A SAR that says "suspicious wire activity" without the who, what, when, where, why, and how provides almost no value to law enforcement. FinCEN has publicly stated that narrative quality is the most important part of a SAR. Weak narratives can lead to examination findings and refiling requirements.

3) Conducting CDD at onboarding only and never updating

The 2016 CDD Rule requires ongoing monitoring and periodic updates to customer profiles. A one-and-done approach misses changes in ownership, business activity, or risk indicators that should trigger enhanced review.

4) Over-relying on automated screening without tuning or testing

OFAC and transaction monitoring filters need regular calibration. Exact-name-only matching misses transliterations, aliases, and spelling variations. Failing to test screening systems with known SDN names creates a false sense of security.

5) Ignoring structuring red flags raised by front-line staff

  • Teller observations dismissed: when a teller reports a customer asking about reporting limits and management takes no action.
  • No escalation path: front-line staff lack a clear, simple process for alerting the BSA officer.
  • Documentation gaps: verbal escalations without written records make it impossible to demonstrate compliance during examinations.

Prevention: treat every CTR aggregation failure, SAR narrative deficiency, and unresolved teller referral as a program weakness that needs documented correction.

AML Decision Drills: BSA Compliance Judgment Scenarios

Use these scenarios to practice the same types of decisions tested in the quiz. For each one, identify: (1) the BSA obligation triggered, (2) the correct filing or action, (3) the deadline, and (4) what documentation to retain.

  1. CTR aggregation (cash-in): A customer deposits $6,500 in cash at 9 AM and $4,200 at 2 PM at different branches. Does this trigger a CTR? What if the customer uses a different teller each time?

  2. SAR decision (threshold analysis): A wire transfer of $4,800 appears to be structured to avoid the $5,000 SAR reporting threshold. No suspect is identified. Does this require a SAR? What changes if you identify the suspect?

  3. PEP onboarding: A prospective customer discloses that they are the finance minister of a mid-risk country. They want to open a personal investment account. What EDD steps must be completed before account opening?

  4. OFAC screening hit: A wire transfer flags a 92% name match with an SDN list entry, but the country of origin differs. Do you release the wire, block it, or take a third action?

  5. Beneficial ownership change: A business customer informs you that its majority owner sold their stake six months ago. The new owner has not been verified. What CDD obligations apply?

  6. Structuring referral: A teller reports that a customer deposited $9,800 in cash and said, "I don't want any government forms." The customer returns the next day with another cash deposit. What should the BSA officer do?

Self-check: the strongest answers cite specific BSA thresholds, filing deadlines, and documentation requirements rather than relying on general "report it" advice.

Authoritative AML/BSA Compliance Resources (FinCEN, Treasury, FATF)

AML/BSA Compliance FAQ: CTRs, SARs, KYC, and Sanctions

What is the difference between a CTR and a SAR?

A Currency Transaction Report (CTR) is an objective, mandatory filing for cash transactions over $10,000 -- it does not require any suspicion. A Suspicious Activity Report (SAR) is a judgment-based filing required when the institution detects activity that appears suspicious, regardless of the transaction type. CTRs are filed within 15 calendar days; SARs within 30 days (known suspect) or 60 days (unknown suspect).

Can a customer be told that a SAR has been filed?

No. SAR confidentiality is mandated by federal law (31 U.S.C. 5318(g)(2)). Disclosing the existence of a SAR to the subject -- known as "tipping off" -- is a violation. This prohibition applies to all employees, officers, and directors of the institution.

What triggers Enhanced Due Diligence (EDD)?

EDD is triggered by higher-risk factors such as PEP status, foreign correspondent banking relationships, customers in high-risk jurisdictions, cash-intensive businesses, and unusual or complex account structures. The specific triggers should be documented in the institution's risk-based BSA/AML policies.

How does the 25% beneficial ownership threshold work?

Under the CDD Rule, institutions must identify and verify each individual who directly or indirectly owns 25% or more of a legal entity customer (the "ownership prong"). Additionally, at least one individual with significant managerial control must be identified regardless of ownership percentage (the "control prong"). The Corporate Transparency Act introduced separate federal reporting to FinCEN.

What happens if our OFAC screening system misses a sanctioned party?

Processing a transaction involving a sanctioned party is a potential OFAC violation carrying civil penalties that can reach hundreds of thousands of dollars per violation. OFAC evaluates whether the institution had an adequate compliance program, whether the violation was voluntarily self-disclosed, and whether it was willful. Voluntary self-disclosure can reduce penalties by up to 50%.

Where can I practice related compliance topics beyond AML?

For broader regulatory compliance practice, the Banking Compliance and Risk Management Quiz covers adjacent topics including fair lending, consumer protection, and operational risk that complement BSA/AML knowledge.