CCAS Certified Cryptoasset Anti-Financial Crime Specialist Examination Questions and Answers

Bitcoin and Ethereum have fundamental differences important to investigators:

Variety of applications, assets, and networks (B): Ethereum supports diverse decentralized applications (dApps), multiple tokens (ERC-20, ERC-721), and various networks, complicating transaction tracing compared to Bitcoin’s primary use as a cryptocurrency.

Ledger model (D): Ethereum uses an account-based ledger model, while Bitcoin uses a UTXO (unspent transaction output) model, affecting how transactions are recorded and analyzed.

Transaction cost (A) and address length (C) differ but are less relevant for fund flow investigations.

Standard due diligence typically involves reviewing negative news and verifying beneficial ownership to understand the customer’s background and potential risk factors.

Dark web forums (B) and blockchain exposure (D) are more advanced or enhanced due diligence techniques, used when higher risk is identified.

Consortium blockchains are semi-private networks where governance is shared among authorized participants, offering a balance between decentralization and access control.

A token burn is the deliberate removal of tokens from circulation by sending them to an unspendable address. While sometimes legitimate, burns can also be misused for market manipulation.

The risk-based approach requires tailoring AML/CFT controls to the level of assessed risk, enhancing due diligence for higher-risk customers.

Staff must report any suspicious activity immediately to the designated Money Laundering Reporting Officer (MLRO) or equivalent within their organization. The MLRO is responsible for assessing the suspicion and deciding on escalation to the relevant authorities.

Informing customers (A) could compromise investigations. Reporting directly to financial investigation units (B) is not the staff member’s role. Monitoring transactions without reporting (D) delays required action and risks regulatory non-compliance.

DFSA AML Module and FATF Recommendations emphasize timely internal reporting to designated officers as the first step in managing suspicious activity.

Monero is a privacy-focused blockchain designed with built-in features like ring signatures, stealth addresses, and confidential transactions to obfuscate sender, receiver, and transaction amounts, making tracing difficult.

Cardano, Polygon, and Ethereum are not designed primarily with these privacy features and have publicly traceable ledgers, although privacy solutions may be layered on.

Integration is the final stage of money laundering, where illicit funds re-enter the economy appearing legitimate — e.g., converting crypto into fiat via exchanges or buying assets.

Anonymity red flags in crypto include the use of:

Decentralized or hardware wallets (A): These wallets are often unhosted and can facilitate anonymous transfers across borders, complicating AML controls.

Mixing services (B): These obscure transaction trails by blending multiple users’ funds, enhancing anonymity and increasing ML risk.

Privacy-oriented email services (C), fraudulent scheme-linked assets (D), and unusual sign-on activity (E) are also risk indicators but not specifically tied to anonymity in cryptoasset transactions.

AML guidance and thematic reviews emphasize A and B as key anonymity-related red flags.

Model risk management is the discipline focused on managing risks arising from the use of models, including those based on algorithms, machine learning, and AI in transaction monitoring and screening software.

Vendor risk management (A) covers third-party risks but not specifically model risks. IT security risk management (B) focuses on cybersecurity. Operational risk management (C) covers process and people risks but model risk management specifically addresses model validity, reliability, and performance.

DFSA and global AML frameworks highlight the need for strong model risk governance to ensure accurate detection and compliance.

The primary purpose of a security audit for smart contracts is to protect investors’ funds by identifying vulnerabilities, coding errors, and weaknesses in the smart contract or underlying protocol that could be exploited. This proactive approach helps prevent hacks, exploits, and financial loss.

While performance issues (B) may be noted, the critical concern is security. Identifying bad actors (C) is not within the scope of a code audit but is a broader operational issue. Copyright concerns (A) are unrelated.

AML and crypto governance frameworks underline the importance of security audits to mitigate operational risks in DeFi and other smart contract-based applications.

FATF Recommendation 20 mandates that STRs be filed whenever there is suspicion or reasonable grounds to suspect criminal proceeds, regardless of the transaction value. This is mirrored in DFSA and FSRA AML regulations, ensuring that the reporting obligation is triggered by suspicion, not just thresholds.

Ethereum uses an account-based ledger model where balances are maintained per account, similar to bank accounts, and transactions update balances directly. This differs from Bitcoin, Litecoin, and Monero, which use the UTXO (Unspent Transaction Output) model.

Understanding ledger models is important for AML transaction monitoring and blockchain analytics, as account-based systems enable different tracking and risk assessment approaches.

EDD and internal review determine whether the activity is suspicious before regulatory reporting or freezing actions.

Privacy coins like Monero use cryptographic features to obscure transaction details, increasing AML risk and regulatory scrutiny.

Proof-of-Stake (PoS) replaces the energy-intensive mining process of Proof-of-Work by allowing validators to secure the network based on the amount of cryptocurrency they “stake” as collateral. Validators are rewarded for correctly validating transactions and risk losing their stake if they act dishonestly. Regulatory AML/CFT programs must consider validator concentration risks and the jurisdictional exposure of validators in PoS systems.

Ring signatures, used in Monero, blend a sender’s transaction with others to obscure sender identity, increasing AML risk.

The Financial Action Task Force (FATF) guidance on Virtual Assets and Virtual Asset Service Providers (VASPs) explicitly highlights that transactions involving unhosted wallets (wallets not held or controlled by a regulated entity) pose a high inherent risk for money laundering and terrorist financing. This is because unhosted wallets are more difficult to monitor and control, lack identifiable customer information, and are often exploited for illicit activities.

The DFSA AML Module, aligned with FATF recommendations, mandates that Relevant Persons incorporate this risk into their business-wide risk assessments. The increased volume of transactions to and from unhosted wallets should therefore be assigned ahigh inherent risk ratingto trigger enhanced controls such as enhanced due diligence (EDD) and transaction monitoring.

Supporting extracts include:

FATF Guidance on Virtual Assets (October 2021) states: "Unhosted wallets or transactions with them represent a high risk of ML/TF due to limited or no access to identifying information."

DFSA AML Module (AML/VER25/05-24) Section 4.1 & 6.1 on Risk-Based Approach: mandates firms to assess and rate risks posed by customers and products, explicitly including virtual assets and unhosted wallets as high risk.

COB Module also requires heightened controls and disclosures when dealing with transactions involving unhosted wallets【AML/VER25/05-24: Sections 4.1, 6.1, COB/VER45/05-24: Sections 6.13, 15.6】.

Thus, optionD (High)is the correct risk rating.

Ongoing monitoring is the continuous analysis of customer activity to detect unusual or suspicious patterns over time.

Art dealers present a high money laundering risk due to the subjective valuation of art, ease of transferring assets, and the potential for using art as a vehicle to conceal illicit funds.

Registered hedge funds (A) and law firms (C) have AML obligations but are generally more regulated. Pharmaceutical companies (B) are less associated with high ML risk.

The DFSA AML and FATF typology papers specifically identify art dealing as a sector with heightened ML risk.

Mining generates new cryptoassets (A) by rewarding miners for solving complex cryptographic puzzles. It also validates transactions on the blockchain (D) by confirming and recording them in blocks, ensuring the integrity of the ledger.

While mining indirectly contributes to network security, the core security mechanisms involve consensus protocols beyond mining alone (B). Optimizing network functionality (C) is usually a development task rather than a mining function.

Red flags related to anonymity include transactions where virtual assets are cashed out at exchanges from peer-to-peer hosted wallets with no clear business rationale. Such behavior indicates attempts to obscure the origin or destination of funds, characteristic of laundering activities.

Executing high-value transactions after inactivity (A) or frequent transfers to known VASPs (C) may be suspicious but are less directly linked to anonymity. Exchanging at a loss (D) is a different type of red flag.

FATF’s red flag indicators list (2021) highlights (B) as a key sign of anonymity-related risk.

DAOs are decentralized organizational structures where protocol governance and operational decisions are made collectively by token holders or participants rather than centralized management. This group voting and consensus determine how the protocol functions.

DAOs do not rely on traditional contracts (D) nor necessarily require ongoing human managerial control (A). They are not simply funds with boards voting (C) but represent decentralized governance mechanisms.

Public blockchain data is pseudonymous, meaning wallet addresses alone do not reveal the owner’s identity. To identify the natural person controlling the wallet, the VASP must acquire additional information, typically through customer due diligence (CDD) processes or data obtained from exchanges and counterparties, linking the wallet address to an individual.

Periodic review (A), transaction screening (C), and obtaining transactional data (D) support ongoing monitoring but do not alone establish identity.

AML and FATF guidance emphasize that ownership linkage requires collecting identifying information beyond blockchain data to comply with AML regulations.

National risk assessments conducted across various jurisdictions consistently report that money laundering risks related to cryptoasset activities are rising. The growing adoption, complexity, and use of cryptoassets for illicit purposes contribute to elevated risk levels.

While geography (B), awareness (C), and digital banking adoption (D) can influence risk factors, the overarching trend is an increase in ML risks tied to cryptoassets.

This conclusion is supported by FATF’s global guidance and numerous national risk assessment reports reviewed by the DFSA and related authorities

FATF guidance sets the threshold for Customer Due Diligence (CDD) on occasional transactions at USD/EUR 10,000 or equivalent. This means that when a cryptoasset exchange processes a one-off transaction exceeding this amount, it must apply appropriate CDD measures.

This aligns with FATF Recommendation 10 and is adopted by DFSA and FSRA frameworks governing virtual asset service providers, ensuring transactions over this limit are subject to identity verification and risk assessment.

Extracts from AML and COB modules emphasize this threshold as the trigger for CDD on occasional transactions to prevent laundering through high-value single transfers.

FATF Recommendation 15 requires countries to regulate VASPs for AML/CFT purposes, applying the same preventive measures as financial institutions.