AML/CFT Compliance Quiz

10 – 43 Questions 11 min

This AML/CFT Compliance Quiz focuses on risk-based CDD triggers, monitoring decisions, SAR timing, CTR aggregation, and OFAC hits. It helps you practice how to document detection dates, escalation paths, and dispositions the way examiners expect. Use it to identify reasoning gaps in your current AML/CFT control decisions.

Start Quiz Explore related quizzes

Part 1 — Questions

Answer each question on paper. Do not turn the page until you are ready to check your work.

Ongoing monitoring that reveals new high risk products, geographies, or ownership changes should be able to trigger updates to a customer's CDD profile, even if the scheduled review date has not arrived.

True
False

In a bank's AML program, which point should be treated as the "initial detection date" for starting the SAR filing clock?

The date the automated monitoring alert was generated
The date compliance approves the SAR narrative
The date the analyst first concludes the activity may warrant a SAR
The date the suspicious transaction posted

Which situation most clearly requires a risk-based CDD refresh outside the regular review cycle?

The customer logs in less frequently to online banking
The customer's periodic review date is still six months away
The customer's address formatting is corrected in the system
The customer adds a high risk foreign jurisdiction to its trading partners

From an examiner's perspective, strong AML documentation should demonstrate a clear link between which elements in a SAR or alert investigation file?

Customer income and credit score
Branch staffing levels and daily volumes
Observed activity, applicable policy requirements, review steps, and final decision
Marketing budget and new account openings

A customer makes three cash deposits of 4,500, 3,800, and 2,200 into the same business account at different branches on the same business day. Your systems show all three transactions before end of day. How should you apply CTR aggregation?

File no CTR because two of the deposits are under 5,000
Do not file a CTR, because each branch's activity is below the threshold
File three separate CTRs, one for each cash deposit
File one CTR for 10,500 in cash in for that business day

Your screening system flags a strong potential OFAC match on the beneficiary of an outgoing wire transfer. The originator is your customer and screened cleanly. What is the most appropriate next step?

Release the payment immediately because only the originator is your customer
Lower screening thresholds until the match disappears
Escalate the payment to the sanctions team with supporting data for a match review
Reject and block the payment automatically with no further review

An analyst closes a structuring alert after reviewing six months of deposits, KYC files, and tax returns, and concludes the cash activity is consistent with a documented cash-intensive business. What is the most critical element to capture in the case notes?

A screenshot of the alert title without transaction details
A copy of the customer's marketing brochure
The analyst's personal opinion that the customer is trustworthy
A concise rationale tying the reviewed facts to the decision to close the alert

During an investigation, you identify potentially suspicious activity but cannot reasonably identify a suspect after extensive review. Under standard regulatory guidance, when is the latest you may file the SAR?

Sixty days from the initial detection date if no suspect can be identified
Thirty days from the alert date plus ten business days
Thirty days from the transaction date, regardless of whether a suspect is identified
Sixty days from the date the account was opened

A mid-risk corporate customer adds a new 40 percent beneficial owner that is based in a higher risk jurisdiction and begins sending larger international wires. What is the most appropriate CDD response?

Immediately exit the customer relationship due to higher risk
Initiate an out-of-cycle CDD review, update the risk profile, and adjust monitoring as needed
Wait until the next scheduled periodic review to update the file
Take no action as long as the payments continue to clear

10.

A quality assurance review finds alert case notes that list transactions analyzed and conclude "no suspicious activity," but do not reference policy criteria. Which key element is missing for strong governance?

The names of all coworkers present in the office
The customer's mailing address
A clear link between the analysis performed and the policy criteria for suspicious activity
The analyst's job title

11.

An individual deposits 7,000 in cash into a personal checking account and 4,000 in cash into a sole proprietorship account they own, both at your institution on the same business day. Your systems link the individual to both accounts. How should you treat these cash transactions for CTR purposes?

Do not file a CTR because each account is under 10,000
File one CTR only for the 7,000 deposit, because it is the larger amount
File two separate CTRs, one for each account
File one CTR with 11,000 as total cash in and list both accounts

12.

For an international wire transfer passing through your institution, which parties should be included in OFAC screening as part of a sound sanctions compliance program?

Only the accountholder at your institution
Originator, beneficiary, and any relevant intermediary banks
Only originators for incoming wires and only beneficiaries for outgoing wires
Only parties from countries where your bank has branches

13.

Your institution files a SAR on a trading company but decides to keep the relationship open with tighter monitoring. From an audit perspective, what is the most important element to document in the final disposition?

That the relationship manager has a positive personal relationship with the customer
That the relationship may be reviewed again at some unspecified future time
The specific risk factors considered and why continuation of the relationship was justified
Only that a SAR was filed, with no mention of the risk decision

14.

An alert is generated on an account with unusual wire activity. The analyst begins review three days later and, after gathering additional information, documents that the activity meets internal SAR criteria. When should the institution treat the "initial detection date" for SAR timing purposes?

The date the SAR approver signed off on the final filing
The date the alert was generated, even though no meaningful review had started
The date of the earliest suspicious transaction
The date the analyst documented that the activity met internal SAR criteria

15.

In a single business day, a customer deposits 9,000 in cash into a checking account at Branch A, withdraws 3,000 in cash from the same account later that day, and deposits another 4,000 in cash at Branch B. The institution has visibility to all activity. How should the CTR be completed?

File one CTR with 13,000 as total cash in and 3,000 as total cash out
Do not file a CTR, because net cash in is only 10,000 after the withdrawal
File separate CTRs, one covering all cash in and one covering all cash out
File one CTR reporting only the 9,000 deposit, since the other cash transactions offset it

Part 2 — Answer key

Compare your answers after you have finished Part 1.

Ongoing monitoring that reveals new high risk products, geographies, or ownership changes should be able to trigger updates to a customer's CDD profile, even if the scheduled review date has not arrived.
True
In a bank's AML program, which point should be treated as the "initial detection date" for starting the SAR filing clock?
The date the analyst first concludes the activity may warrant a SAR
Which situation most clearly requires a risk-based CDD refresh outside the regular review cycle?
The customer adds a high risk foreign jurisdiction to its trading partners
From an examiner's perspective, strong AML documentation should demonstrate a clear link between which elements in a SAR or alert investigation file?
Observed activity, applicable policy requirements, review steps, and final decision
A customer makes three cash deposits of 4,500, 3,800, and 2,200 into the same business account at different branches on the same business day. Your systems show all three transactions before end of day. How should you apply CTR aggregation?
File one CTR for 10,500 in cash in for that business day
Your screening system flags a strong potential OFAC match on the beneficiary of an outgoing wire transfer. The originator is your customer and screened cleanly. What is the most appropriate next step?
Escalate the payment to the sanctions team with supporting data for a match review
An analyst closes a structuring alert after reviewing six months of deposits, KYC files, and tax returns, and concludes the cash activity is consistent with a documented cash-intensive business. What is the most critical element to capture in the case notes?
A concise rationale tying the reviewed facts to the decision to close the alert
During an investigation, you identify potentially suspicious activity but cannot reasonably identify a suspect after extensive review. Under standard regulatory guidance, when is the latest you may file the SAR?
Sixty days from the initial detection date if no suspect can be identified
A mid-risk corporate customer adds a new 40 percent beneficial owner that is based in a higher risk jurisdiction and begins sending larger international wires. What is the most appropriate CDD response?
Initiate an out-of-cycle CDD review, update the risk profile, and adjust monitoring as needed
A quality assurance review finds alert case notes that list transactions analyzed and conclude "no suspicious activity," but do not reference policy criteria. Which key element is missing for strong governance?
A clear link between the analysis performed and the policy criteria for suspicious activity
An individual deposits 7,000 in cash into a personal checking account and 4,000 in cash into a sole proprietorship account they own, both at your institution on the same business day. Your systems link the individual to both accounts. How should you treat these cash transactions for CTR purposes?
File one CTR with 11,000 as total cash in and list both accounts
For an international wire transfer passing through your institution, which parties should be included in OFAC screening as part of a sound sanctions compliance program?
Originator, beneficiary, and any relevant intermediary banks
Your institution files a SAR on a trading company but decides to keep the relationship open with tighter monitoring. From an audit perspective, what is the most important element to document in the final disposition?
The specific risk factors considered and why continuation of the relationship was justified
An alert is generated on an account with unusual wire activity. The analyst begins review three days later and, after gathering additional information, documents that the activity meets internal SAR criteria. When should the institution treat the "initial detection date" for SAR timing purposes?
The date the analyst documented that the activity met internal SAR criteria
In a single business day, a customer deposits 9,000 in cash into a checking account at Branch A, withdraws 3,000 in cash from the same account later that day, and deposits another 4,000 in cash at Branch B. The institution has visibility to all activity. How should the CTR be completed?
File one CTR with 13,000 as total cash in and 3,000 as total cash out

1Ongoing monitoring that reveals new high risk products, geographies, or ownership changes should be able to trigger updates to a customer's CDD profile, even if the scheduled review date has not arrived.

True / False

2In a bank's AML program, which point should be treated as the "initial detection date" for starting the SAR filing clock?

3Which situation most clearly requires a risk-based CDD refresh outside the regular review cycle?

4From an examiner's perspective, strong AML documentation should demonstrate a clear link between which elements in a SAR or alert investigation file?

5A customer makes three cash deposits of 4,500, 3,800, and 2,200 into the same business account at different branches on the same business day. Your systems show all three transactions before end of day. How should you apply CTR aggregation?

6Your screening system flags a strong potential OFAC match on the beneficiary of an outgoing wire transfer. The originator is your customer and screened cleanly. What is the most appropriate next step?

7An analyst closes a structuring alert after reviewing six months of deposits, KYC files, and tax returns, and concludes the cash activity is consistent with a documented cash-intensive business. What is the most critical element to capture in the case notes?

8During an investigation, you identify potentially suspicious activity but cannot reasonably identify a suspect after extensive review. Under standard regulatory guidance, when is the latest you may file the SAR?

9A mid-risk corporate customer adds a new 40 percent beneficial owner that is based in a higher risk jurisdiction and begins sending larger international wires. What is the most appropriate CDD response?

10A quality assurance review finds alert case notes that list transactions analyzed and conclude "no suspicious activity," but do not reference policy criteria. Which key element is missing for strong governance?

11An individual deposits 7,000 in cash into a personal checking account and 4,000 in cash into a sole proprietorship account they own, both at your institution on the same business day. Your systems link the individual to both accounts. How should you treat these cash transactions for CTR purposes?

12For an international wire transfer passing through your institution, which parties should be included in OFAC screening as part of a sound sanctions compliance program?

13Your institution files a SAR on a trading company but decides to keep the relationship open with tighter monitoring. From an audit perspective, what is the most important element to document in the final disposition?

14An alert is generated on an account with unusual wire activity. The analyst begins review three days later and, after gathering additional information, documents that the activity meets internal SAR criteria. When should the institution treat the "initial detection date" for SAR timing purposes?

15In a single business day, a customer deposits 9,000 in cash into a checking account at Branch A, withdraws 3,000 in cash from the same account later that day, and deposits another 4,000 in cash at Branch B. The institution has visibility to all activity. How should the CTR be completed?

Disclaimer

This quiz is for educational purposes only. It does not constitute professional advice. Consult a qualified professional for specific guidance.

High-Impact AML/CFT Compliance Errors Under Examiner Scrutiny

Misaligned CDD Refresh and Risk Profiling

Practitioners often wait for formal review cycles instead of triggering CDD refresh when risk changes. New products, high-risk geographies, ownership changes, or adverse media then sit undocumented. Define concrete refresh triggers, record the date new information was learned, and update the risk rating, monitoring rules, and EDD scope.

Wrong Date Driving SAR Timelines

A frequent misconception starts the SAR clock at the transaction date or alert generation date. This can lead to premature or late filings. Track and label key dates explicitly: alert creation, start of substantive review, initial detection of potentially SAR-worthy facts, decision date, and filing date. Base the 30 or 60 day deadline on the initial detection date captured in your case notes.

CTR Aggregation Miscalculations

Staff may fail to aggregate same-day cash across branches or accounts where the institution has knowledge, or they offset cash-in with cash-out. Train teams to aggregate cash-in with cash-in and cash-out with cash-out across all channels covered by your systems. Document how institutional knowledge was established and which reports or tools supported aggregation.

OFAC Checks with Partial Party Coverage

Screening engines sometimes only cover the primary customer name. Originators, beneficiaries, intermediaries, and beneficial owners in payments may never be screened. Map every party type that should be checked, validate data quality feeds, and document match thresholds and escalation criteria so auditors can follow each sanctions decision.

Weak Documentation of Final Disposition

Many cases close as "no SAR" or "CTR filed" without explaining how the facts were assessed. Require a short narrative linking observed activity, policy references, review steps, consultation points, and the final decision. This creates an audit-ready decision trail and improves consistency across analysts.

Authoritative AML/CFT and Sanctions Compliance References

Core Guidance for AML/CFT Compliance Professionals

Use these primary sources to validate your answers from the AML/CFT Compliance Quiz and to refine your institution’s control design, documentation standards, and escalation workflows.

FinCEN Suspicious Activity Reports (SARs): Central landing page for SAR forms, e-filing resources, and related FAQs on U.S. suspicious activity reporting obligations.
FinCEN Answers to Frequently Asked BSA Questions: Clarifies practical questions on SAR timing, thresholds, and documentation expectations for BSA filings.
FFIEC BSA/AML Examination Manual: Examiner-focused expectations for risk assessment, CDD, transaction monitoring, SAR and CTR processes, and OFAC controls across financial institutions.
OFAC Framework for Compliance Commitments: Outlines core components of an effective sanctions compliance program, including governance, risk assessment, internal controls, testing, and training.
FATF Risk-Based Approach Guidance for the Banking Sector: International standard-setter guidance on applying risk-based AML/CFT controls across products, customers, and geographies.

AML/CFT Compliance Quiz Usage and Learning FAQ

How This AML/CFT Compliance Quiz Supports Real-World Work

What specific skills does the AML/CFT Compliance Quiz focus on?

The quiz targets scenario-based reasoning around CDD and EDD triggers, transaction monitoring alert triage, SAR timing anchored to initial detection, CTR aggregation logic, and OFAC match handling. Questions push you to choose defensible dispositions and articulate the detection dates, ownership of escalation, and documentation steps that examiners will later review.

Who should use this quiz, and at what experience level?

The quiz suits analysts, investigators, AML officers, sanctions specialists, and internal audit staff who already know basic terminology. It helps new staff convert foundational knowledge into consistent decisions, and it gives experienced practitioners a way to test whether their habits align with current regulatory expectations and institutional policy.

How should I handle conflicts between quiz answers and my institution’s policy?

If a model answer differs from your policy, treat it as a prompt to compare rationales. Ask whether your internal standard still reflects current regulatory guidance and risk appetite. Use discrepancies to flag potential policy updates or training needs, rather than copying the quiz answer without local context.

How can I extend my practice beyond this AML/CFT Compliance Quiz?

After working through these questions, you can use Practice Applied AML Compliance Scenarios Now to see additional AML situations. You can also strengthen adjacent controls, such as privacy and security handling of customer data, with resources like Test Practical Data Privacy Compliance Skills.

What is the best way to review my results for real improvement?

Group incorrect or uncertain responses by theme, such as CDD refresh triggers or SAR timeline interpretation. For each cluster, write a short summary of the governing rule, the key decision dates or thresholds, and one example from your own institution. Turn those summaries into quick desk references for future investigations.