CCAS Certified Cryptoasset Anti-Financial Crime Specialist Examination Questions and Answers

To effectively mitigate money laundering risks in the virtual asset sector, countries must ensure that Virtual Asset Service Providers (VASPs) are subject to AML regulations (B), which provide the legal framework for risk-based customer due diligence and reporting suspicious activities. Additionally, VASPs must maintain effective monitoring systems (C) that enable the detection and reporting of suspicious transactions.

While connection to regulated financial institutions (A) and beneficial ownership evaluation (E) are important components of AML frameworks, the foundational requirements per FATF and DFSA guidance focus on regulatory oversight and operational controls.

Jurisdictional regulatory expectations (D) influence enforcement but do not replace the need for direct AML regulatory application on VASPs.

Standard due diligence typically involves reviewing negative news and verifying beneficial ownership to understand the customer’s background and potential risk factors.

Dark web forums (B) and blockchain exposure (D) are more advanced or enhanced due diligence techniques, used when higher risk is identified.

Smart contracts execute predetermined conditions automatically on blockchain, enabling decentralized applications and services.

FATF guidance sets the threshold for Customer Due Diligence (CDD) on occasional transactions at USD/EUR 10,000 or equivalent. This means that when a cryptoasset exchange processes a one-off transaction exceeding this amount, it must apply appropriate CDD measures.

This aligns with FATF Recommendation 10 and is adopted by DFSA and FSRA frameworks governing virtual asset service providers, ensuring transactions over this limit are subject to identity verification and risk assessment.

Extracts from AML and COB modules emphasize this threshold as the trigger for CDD on occasional transactions to prevent laundering through high-value single transfers.

Bitcoin and Ethereum have fundamental differences important to investigators:

Variety of applications, assets, and networks (B): Ethereum supports diverse decentralized applications (dApps), multiple tokens (ERC-20, ERC-721), and various networks, complicating transaction tracing compared to Bitcoin’s primary use as a cryptocurrency.

Ledger model (D): Ethereum uses an account-based ledger model, while Bitcoin uses a UTXO (unspent transaction output) model, affecting how transactions are recorded and analyzed.

Transaction cost (A) and address length (C) differ but are less relevant for fund flow investigations.

Upon identifying customer engagement with unhosted wallets or P2P transfers, the first step a VASP should take is tocollect and assess dataon such transactions. This assessment helps determine if these activities fall within the firm's risk appetite and what enhanced controls or actions may be needed.

Immediate account freezing (B) is not the first step without assessment; neither is allowing transfers (A) without risk consideration. Enhancing risk frameworks (D) is important but follows from an initial data-driven risk assessment.

Relevant guidance:

FATF Recommendations and DFSA AML Module require VASPs to maintain a risk-based approach that begins with data collection and risk assessment on unhosted wallet transactions.

The DFSA’s 2023 Dear MLRO letters and thematic reviews stress proportionality and evidence-based responses rather than immediate punitive measures.

Enhanced due diligence (EDD) and risk mitigation measures, including potentially freezing accounts, come after assessment of the risk level【AML/VER25/05-24: Sections 4.1, 6.4, 13; 20230406Dear_MLRO_Letter_re_IEMS.pdf】.

Hence,Cis the appropriate first action.

Effective risk mitigation requires VASPs to obtain sufficient information about counterpart VASPs to assess the quality of their regulatory supervision and controls. This helps determine the risk of transactions and build a risk-based framework for correspondent relationships.

Having no requirements (A) or engaging with poorly regulated jurisdictions (B) increases risk. Blanket high-risk classification (C) without proper assessment is inefficient.

FATF Recommendation 15 and DFSA guidance emphasize due diligence on counterparties as a critical control.

FATF Recommendation 20 mandates that STRs be filed whenever there is suspicion or reasonable grounds to suspect criminal proceeds, regardless of the transaction value. This is mirrored in DFSA and FSRA AML regulations, ensuring that the reporting obligation is triggered by suspicion, not just thresholds.

The risk-based approach requires tailoring AML/CFT controls to the level of assessed risk, enhancing due diligence for higher-risk customers.

Red flags related to anonymity include transactions where virtual assets are cashed out at exchanges from peer-to-peer hosted wallets with no clear business rationale. Such behavior indicates attempts to obscure the origin or destination of funds, characteristic of laundering activities.

Executing high-value transactions after inactivity (A) or frequent transfers to known VASPs (C) may be suspicious but are less directly linked to anonymity. Exchanging at a loss (D) is a different type of red flag.

FATF’s red flag indicators list (2021) highlights (B) as a key sign of anonymity-related risk.

Unhosted wallets allow direct user control without third-party oversight, making them harder to monitor and more vulnerable to misuse.

Mixing and tumbling services are used to obscure the origin of funds by blending multiple transactions, resulting in unknown or disguised sources of funds. This is a classic money laundering technique.

Rapid trades (B), IP address obfuscation (C), and transactions to high-risk jurisdictions (D) are separate or related risks but not direct indicators of mixing/tumbling.

Hash rate measures computational power in Proof-of-Work blockchains; higher hash rates mean more secure networks against 51% attacks.

National risk assessments conducted across various jurisdictions consistently report that money laundering risks related to cryptoasset activities are rising. The growing adoption, complexity, and use of cryptoassets for illicit purposes contribute to elevated risk levels.

While geography (B), awareness (C), and digital banking adoption (D) can influence risk factors, the overarching trend is an increase in ML risks tied to cryptoassets.

This conclusion is supported by FATF’s global guidance and numerous national risk assessment reports reviewed by the DFSA and related authorities

An effective AML CDD program must include:

Staff training on gathering CDD (A)

Maintaining complete information to support risk profiling (B)

Procedures to address situations where the customer's true identity is unclear or questionable (F)

Annual client reviews (D) and IP address monitoring (E) may be part of broader AML controls but are not fundamental CDD requirements. Maintaining a list of high-risk virtual assets (C) is important but relates more to product risk management than direct CDD.

Model risk management is the discipline focused on managing risks arising from the use of models, including those based on algorithms, machine learning, and AI in transaction monitoring and screening software.

Vendor risk management (A) covers third-party risks but not specifically model risks. IT security risk management (B) focuses on cybersecurity. Operational risk management (C) covers process and people risks but model risk management specifically addresses model validity, reliability, and performance.

DFSA and global AML frameworks highlight the need for strong model risk governance to ensure accurate detection and compliance.

Hash immutability means that altering any transaction would require changing all subsequent blocks and achieving majority consensus. This security property underpins blockchain integrity and forensic traceability, crucial in AML investigations.

SARs should include detailed transactional information to support investigations, including all types and aggregate amounts of cryptocurrencies purchased, along with fiat currency equivalents. This information provides a clear picture of the subject’s activity and financial scale.

Owner names of destination wallets (B) may not be available; onboarding info (D) is supplementary, and fiat aggregate totals (C) alone are insufficient.

FATF and DFSA guidance recommend comprehensive transactional data inclusion in SARs to facilitate law enforcement.

Blockchain’s immutability ensures that all transactions remain permanently recorded and tamper-proof, enabling blockchain analytics to trace illicit funds. This property is leveraged in crypto forensic investigations and AML monitoring.

Sanctions breaches require immediate reporting to competent authorities and freezing of assets where legally mandated.

Arestricted blockchainis one where participation—either in transaction validation, data access, or both—is limited to selected entities rather than being open to the public.

Consortium blockchain (D)is a common type of restricted blockchain in which multiple pre-approved organizations collectively manage the network. It offers partial decentralization but with controlled membership, making it suitable for regulated environments such as financial services, supply chain tracking, and interbank settlements.

Other options explained:

Hybrid (A):Combines elements of public and private chains, but not necessarily “restricted” in the strict governance sense.

Public (B):Open to anyone to join, read, and write data; not restricted.

Private (C):While private blockchains are also restricted, in AML/CFT guidance, “restricted blockchain” generally refers to consortium arrangements involving multiple vetted participants, rather than a single organization’s closed chain.

Regulatory and technical literature in DIFC/ADGM contexts note thatconsortium blockchainsallow for compliance controls, participant vetting, and transaction monitoring—making them particularly suitable for financial ecosystems where controlled access is essential.

Structuring (smurfing) involves breaking transactions into smaller amounts to evade AML reporting thresholds, a classic ML tactic.

Direct sending to a scam cluster indicates active involvement by the customer in potentially transferring funds associated with fraudulent activities. Sending funds directly to known scam addresses is a strong indicator of complicity or direct engagement.

Indirect flows (A and B) could be less conclusive, and direct receiving (D) may indicate victimhood rather than active involvement.

AML typologies and DFSA guidance identify direct outgoing transactions to scam clusters as significant red flags.

Privacy coins like Monero use cryptographic features to obscure transaction details, increasing AML risk and regulatory scrutiny.

Ransomware schemes are categorized as cyber-enabled financial crimes. AML/CFT frameworks require that such risks be assessed and mitigated through blockchain analytics, sanctions screening, and transaction monitoring for known ransomware wallet addresses.

The Board holds ultimate responsibility for policy approval under DFSA and FSRA AML rules, ensuring senior-level oversight.

Machine learning (ML) and artificial intelligence (AI) are applied within compliance frameworks to enhance the efficiency of monitoring and detection processes and to allow skilled compliance resources to focus on higher-value activities such as complex investigations and strategic decision-making. ML/AI tools can process vast amounts of transaction data to identify suspicious patterns faster than manual processes.

They do not reduce the fundamental requirement for risk assessment (A) nor are they intended primarily to reduce headcount (C), but rather to optimize resource allocation.

AML and DFSA guidance emphasize leveraging technology to improve the effectiveness and efficiency of AML controls while maintaining robust risk management.