CCAS Certified Cryptoasset Anti-Financial Crime Specialist Examination Question and Answers

PEPs require enhanced scrutiny under FATF Recommendation 12, including senior management approval and source of funds verification.

Misconfigured or poorly designed smart contracts can enable rug pull scams, where developers create fraudulent decentralized finance (DeFi) projects or tokens and then withdraw liquidity or funds abruptly, leaving investors with worthless assets.

Phishing (A) and SIM attacks (B) relate to social engineering and telecom fraud, respectively, and ransomware (D) is malware demanding payment. Rug pulls specifically exploit smart contract vulnerabilities.

The DFSA and AML thematic reviews on crypto highlight rug pull scams as a key operational and financial crime risk linked to smart contract vulnerabilities.

To effectively mitigate money laundering risks in the virtual asset sector, countries must ensure that Virtual Asset Service Providers (VASPs) are subject to AML regulations (B), which provide the legal framework for risk-based customer due diligence and reporting suspicious activities. Additionally, VASPs must maintain effective monitoring systems (C) that enable the detection and reporting of suspicious transactions.

While connection to regulated financial institutions (A) and beneficial ownership evaluation (E) are important components of AML frameworks, the foundational requirements per FATF and DFSA guidance focus on regulatory oversight and operational controls.

Jurisdictional regulatory expectations (D) influence enforcement but do not replace the need for direct AML regulatory application on VASPs.

Attribution data involves linking blockchain addresses to real-world entities, which is derived from a combination of public sources (blockchain explorers, public databases) and non-public sources (law enforcement databases, commercial analytics, exchange records).

Relying solely on blockchain data (C) or darknet sources (D) is insufficient. Business records (A) are part of non-public sources.

DFSA and FATF AML guidance underscore the multi-source approach for effective forensic attribution.

SARs should include detailed transactional information to support investigations, including all types and aggregate amounts of cryptocurrencies purchased, along with fiat currency equivalents. This information provides a clear picture of the subject’s activity and financial scale.

Owner names of destination wallets (B) may not be available; onboarding info (D) is supplementary, and fiat aggregate totals (C) alone are insufficient.

FATF and DFSA guidance recommend comprehensive transactional data inclusion in SARs to facilitate law enforcement.

Upon identifying customer engagement with unhosted wallets or P2P transfers, the first step a VASP should take is tocollect and assess dataon such transactions. This assessment helps determine if these activities fall within the firm's risk appetite and what enhanced controls or actions may be needed.

Immediate account freezing (B) is not the first step without assessment; neither is allowing transfers (A) without risk consideration. Enhancing risk frameworks (D) is important but follows from an initial data-driven risk assessment.

Relevant guidance:

FATF Recommendations and DFSA AML Module require VASPs to maintain a risk-based approach that begins with data collection and risk assessment on unhosted wallet transactions.

The DFSA’s 2023 Dear MLRO letters and thematic reviews stress proportionality and evidence-based responses rather than immediate punitive measures.

Enhanced due diligence (EDD) and risk mitigation measures, including potentially freezing accounts, come after assessment of the risk level【AML/VER25/05-24: Sections 4.1, 6.4, 13; 20230406Dear_MLRO_Letter_re_IEMS.pdf】.

Hence,Cis the appropriate first action.

Fuzzy matches require further review to confirm whether the match is a true hit or a false positive, ensuring compliance accuracy.

The most critical information enabling FIUs to address anonymity risks is data linking a virtual address to the real-world identity of its owner. Without this association, blockchain addresses remain pseudonymous, hindering effective AML efforts.

While transaction timing (A), identity of receiver (B), and transaction-to-address mapping (C) are useful, ownership linkage (D) is essential to break anonymity.

FATF and DFSA guidance prioritize obtaining ownership information through KYC and intelligence sharing.

CDD includes verifying the customer’s identity using reliable, independent documentation before or during onboarding.

Funds moving through multiple intermediary wallets before arriving at the client’s wallet indicate layering techniques used to obscure the source of funds, a classic money laundering tactic.

Transferring funds quickly (A) or declaring wealth (B) are less definitive indicators. An untraceable IP (C) raises concerns but is less conclusive than complex transactional layering.

Ring signatures, used in Monero, blend a sender’s transaction with others to obscure sender identity, increasing AML risk.

The main red flag is the customer’s failure to cooperate with requests to provide information on the origin of funds, which undermines transparency and raises suspicion regarding the legitimacy of the funds.

While an unconnected IP address (D) is suspicious, non-cooperation (C) is a stronger indicator of potential money laundering.

Public blockchain data is pseudonymous, meaning wallet addresses alone do not reveal the owner’s identity. To identify the natural person controlling the wallet, the VASP must acquire additional information, typically through customer due diligence (CDD) processes or data obtained from exchanges and counterparties, linking the wallet address to an individual.

Periodic review (A), transaction screening (C), and obtaining transactional data (D) support ongoing monitoring but do not alone establish identity.

AML and FATF guidance emphasize that ownership linkage requires collecting identifying information beyond blockchain data to comply with AML regulations.

The Lightning Network is a second-layer payment protocol that enables off-chain transactions, allowing users to conduct fast, low-fee Bitcoin payments without recording every transaction directly on the Bitcoin blockchain. This improves scalability and reduces congestion.

It does not inherently facilitate large payments to decentralized exchanges (A), bridging assets across blockchains (B), or guarantee zero transaction fees (C), though fees are significantly lower than on-chain transactions.

The DFSA and FATF crypto guidance discuss such layer-2 solutions in the context of emerging technological risks and monitoring challenges.

This process is layering, designed to hide the source of funds through multiple new wallets before integration into the financial system.

Mixing and tumbling services are used to obscure the origin of funds by blending multiple transactions, resulting in unknown or disguised sources of funds. This is a classic money laundering technique.

Rapid trades (B), IP address obfuscation (C), and transactions to high-risk jurisdictions (D) are separate or related risks but not direct indicators of mixing/tumbling.

Suspicious Activity Reports (SARs) are a critical tool for law enforcement agencies. They are primarily used to develop intelligence on potential new criminal targets and to confirm or expand information about existing investigations. SARs do not serve as direct evidence of money laundering in court but provide leads and context that enable law enforcement to build cases.

The DFSA’s thematic reviews and AML guidance clarify that SARs assist in identifying emerging crime patterns and help intelligence units track suspicious transactions over time. They also allow law enforcement to corroborate data from other sources.

SARs help:

Develop intelligence on new targets (C) by revealing previously unknown suspicious behavior.

Confirm or develop information on existing targets (D) by adding transactional data and context.

Identifying regulatory failings (A) is primarily a supervisory function, and SARs themselves are not evidence for prosecution (B) but intelligence inputs.

Therefore, optionsCandDare correct.

Proof of Work (PoW) consensus achieves network consensus by requiring participants (miners) to solve complex cryptographic puzzles, which verifies transactions and secures the blockchain. This computational work makes it difficult and costly to alter the blockchain.

Dependency on electricity (A) is a criticism rather than an advantage. PoW promotes decentralization rather than centralization (B). It provides strong security for large networks rather than small ones (D).

This principle is fundamental in Bitcoin and many other cryptocurrencies and is frequently referenced in AML/CFT guidance to understand the transaction validation process and network security.

The risk-based approach requires tailoring AML/CFT controls to the level of assessed risk, enhancing due diligence for higher-risk customers.

Arestricted blockchainis one where participation—either in transaction validation, data access, or both—is limited to selected entities rather than being open to the public.

Consortium blockchain (D)is a common type of restricted blockchain in which multiple pre-approved organizations collectively manage the network. It offers partial decentralization but with controlled membership, making it suitable for regulated environments such as financial services, supply chain tracking, and interbank settlements.

Other options explained:

Hybrid (A):Combines elements of public and private chains, but not necessarily “restricted” in the strict governance sense.

Public (B):Open to anyone to join, read, and write data; not restricted.

Private (C):While private blockchains are also restricted, in AML/CFT guidance, “restricted blockchain” generally refers to consortium arrangements involving multiple vetted participants, rather than a single organization’s closed chain.

Regulatory and technical literature in DIFC/ADGM contexts note thatconsortium blockchainsallow for compliance controls, participant vetting, and transaction monitoring—making them particularly suitable for financial ecosystems where controlled access is essential.

In risk-based AML/CFT programs — including those applied to Virtual Asset Service Providers (VASPs) — risk assessment determines the remaining exposure after applying mitigating measures.

Inherent Risk:The natural level of risk before applying any controls, based on factors like customer profile, transaction patterns, and jurisdiction.

Control Effectiveness:The degree to which implemented controls (e.g., CDD, EDD, sanctions screening, blockchain analytics) reduce risk.

Residual Risk:The risk that remains after controls are applied and is the level an organization must either accept, reduce further, or avoid.

The standard formula is:

Inherent Risk – Control Effectiveness = Residual Risk

This equation is emphasized in FATF’s risk-based approach guidance and reinforced in DIFC (DFSA) and ADGM (FSRA) AML rules to ensure ongoing monitoring and governance oversight of remaining risks.

FATF Recommendation 20 mandates that STRs be filed whenever there is suspicion or reasonable grounds to suspect criminal proceeds, regardless of the transaction value. This is mirrored in DFSA and FSRA AML regulations, ensuring that the reporting obligation is triggered by suspicion, not just thresholds.

Ongoing monitoring is the continuous analysis of customer activity to detect unusual or suspicious patterns over time.

Code uniqueness is critical because reuse or replication of vulnerable code exposes protocols to known exploits. Unique, well-audited, and secure code minimizes compromise risk in decentralized finance (DeFi) and smart contracts.

Security standards (A), authentication (B), and regulation (C) are important but secondary to the fundamental security of the code itself.

Enhanced international cooperation in VA crime investigations is most effective when jurisdictions designate and empower Financial Intelligence Units (FIUs) that can share intelligence, coordinate cross-border investigations, and liaise with counterparts internationally.

While FATF membership (A) facilitates cooperation, the operational hub for investigations is the FIU. Establishing new agencies (B) or smart contracts for sharing (C) are not established or effective methods.

DFSA guidance and FATF recommendations stress the central role of FIUs in enhancing cooperation and intelligence sharing for AML/CFT, including virtual assets.

The FinCEN 2019 guidance clarifies that money transmitters include entities that exchange digital tokens or convertible virtual currencies as part of their business activities. This includes exchanges and platforms that transfer virtual currencies.

Providing infrastructure services (B), operating clearance systems solely among regulated institutions (C), or acting as payment processors for goods/services (D) without handling value transfer do not fall under the money transmitter definition per this guidance.

Art dealers present a high money laundering risk due to the subjective valuation of art, ease of transferring assets, and the potential for using art as a vehicle to conceal illicit funds.

Registered hedge funds (A) and law firms (C) have AML obligations but are generally more regulated. Pharmaceutical companies (B) are less associated with high ML risk.

The DFSA AML and FATF typology papers specifically identify art dealing as a sector with heightened ML risk.