A typical red flag regarding potential money laundering in connection with an art purchase occurs when a customer:
buys a painting as an anonymous bidder and provides the source of wealth.
asks to pay in installments and pays from two differently named accounts.
asks to pay a large amount in cash without a comprehensible reason.
pays more at an auction for a painting than the estimated maximum price.
Paying a large amount in cash for an art purchase is a typical red flag of potential money laundering, as it may indicate an attempt to avoid traceability and reporting requirements. Cash transactions are often used by criminals to launder illicit funds, as they are difficult to track and verify. According to the FATF guidance on money laundering and terrorist financing risks in the art trade, cash payments above a certain threshold should be subject to enhanced due diligence and reporting obligations by art market participants (AMPs). AMPs should also be wary of customers who provide insufficient or inconsistent information about the source of funds, the purpose of the transaction, or the identity of the beneficial owner.
Which activities could be considered a potential spear phishing scam? (Select Three.)
An employee receives a phone call requesting that money be sent to assist someone in trouble.
A courier delivers a duplicate invoice to a business that contains updated payment details of an existing supplier.
Payroll receives an external email from an employee looking to update their bank account information.
A business sends its employees an email warning that email passwords must be changed to prevent cyber-fraud.
An employee receives an email that asks to download an attachment, but the attachment is a malware.
Members of a religious organization receive a donation request by email claiming to be from their leader.
The activities that could be considered a potential spear phishing scam are:
A courier delivers a duplicate invoice to a business that contains updated payment details of an existing supplier. This could be a way of diverting funds to a fraudulent account by impersonating a legitimate vendor and exploiting the trust relationship between the business and the supplier1.
Payroll receives an external email from an employee looking to update their bank account information. This could be a way of stealing money from the employee or the employer by pretending to be the employee and requesting a change in the payment method or destination2.
An employee receives an email that asks to download an attachment, but the attachment is a malware. This could be a way of infecting the employee’s computer or network with malicious software that could compromise sensitive data, disrupt operations, or demand ransom3.
The other options are not necessarily spear phishing scams, although they may be other types of fraud or deception. For example:
An employee receives a phone call requesting that money be sent to assist someone in trouble. This could be a vishing scam, which is a form of voice phishing that uses phone calls to solicit personal or financial information or to request money transfers4.
A business sends its employees an email warning that email passwords must be changed to prevent cyber-fraud. This could be a legitimate security measure, or it could be a phishing scam, which is a form of email phishing that targets a broad audience and tries to trick them into revealing their credentials or clicking on malicious links.
Members of a religious organization receive a donation request by email claiming to be from their leader. This could be a genuine appeal, or it could be a social engineering scam, which is a form of manipulation that exploits the human factor and relies on the victim’s emotions, trust, or sympathy.
Which statement regardingdata privacyis the most accurate in the context ofAML investigations?
FIUs should document purposes for which personal data included on Suspicious Activity Reports (SARs) may be shared with other agencies.
Any customer that is the subject of asuspicious report filinghas the right to request redaction of their personal data.
Data privacy laws prohibit information sharing between financial institutions for the purposes of AML investigations in all jurisdictions.
Organizations are required to demonstrate that customers have opted into information sharing before submitting SARs to relevant Financial Intelligence Units (FIUs).
AML compliancemust balancedata privacy lawswithfinancial crime prevention.
Option A (Correct):FIUsmust document the purpose of SAR-related data sharingunderFATF Recommendation 29andGDPR compliance standards.
Option B (Incorrect):Customers do not have the rightto request redaction of personal data in SARs, as this wouldcompromise AML enforcement.
Option C (Incorrect):Many jurisdictions permit information sharingfor AML purposes underformal agreements (e.g., 314(b) USA PATRIOT Act, GDPR exemptions).
Option D (Incorrect):AML reporting requirementsoverride opt-in privacy preferencesdue to thelegal obligation to report suspicious activity.
AnAML compliance officerreceives anindependent audit reportwith a number offindings.
Anappropriate responseto thereportwould include:
Reperforming the testing for the controls mentioned in the findings to confirm the results of the audit.
Assigning responsibility for reviewing the action plan to the board of directors.
Drafting detailed action plans for the audit team to execute to close the findings.
Defining remedial actions based on the findings' root cause analysis.
AML audit findings must beanalyzed and addressed through remedial actions based on root cause analysis.
Option D (Correct):Root cause analysis helps develop effective corrective measures to prevent recurring AML deficiencies.
Option A (Incorrect):Retesting controls may be useful, but addressing deficiencies is more critical.
Option B (Incorrect):While the board oversees compliance, the responsibility for implementing fixes lies with AML teams.
Option C (Incorrect):Audit teams provide findings but do not execute corrective actions.
Best Practices for Addressing AML Audit Findings:
Identify the root cause of AML control failures.
Develop risk-based remediation plans.
Implement and monitor corrective actions.
Copyright © 2021-2025 CertsTopics. All Rights Reserved