CCAS Certified Cryptoasset Anti-Financial Crime Specialist Examination Questions and Answers

Unhosted wallets allow direct user control without third-party oversight, making them harder to monitor and more vulnerable to misuse.

Layering involves creating complex transaction chains to disguise the illicit origin of funds. In crypto, this may involve multiple wallet hops, cross-chain swaps, and the use of privacy-enhancing technologies.

CDD includes verifying the customer’s identity using reliable, independent documentation before or during onboarding.

Ring signatures, used in Monero, blend a sender’s transaction with others to obscure sender identity, increasing AML risk.

Hash immutability means that altering any transaction would require changing all subsequent blocks and achieving majority consensus. This security property underpins blockchain integrity and forensic traceability, crucial in AML investigations.

Unhosted wallets are self-custody wallets controlled directly by the user without third-party oversight, posing higher anonymity and AML risks.

Blockchain’s immutability ensures that all transactions remain permanently recorded and tamper-proof, enabling blockchain analytics to trace illicit funds. This property is leveraged in crypto forensic investigations and AML monitoring.

Criminals often move cryptoassets through multiple intermediary wallets (many “hops”) rapidly to obfuscate the transaction trail and avoid clustering, which blockchain analytics use to link related addresses.

Simply receiving large amounts (A), holding assets (B), or splitting movements (D) are less effective at preventing clustering.

Effective risk mitigation requires VASPs to obtain sufficient information about counterpart VASPs to assess the quality of their regulatory supervision and controls. This helps determine the risk of transactions and build a risk-based framework for correspondent relationships.

Having no requirements (A) or engaging with poorly regulated jurisdictions (B) increases risk. Blanket high-risk classification (C) without proper assessment is inefficient.

FATF Recommendation 15 and DFSA guidance emphasize due diligence on counterparties as a critical control.

The FinCEN 2019 guidance clarifies that money transmitters include entities that exchange digital tokens or convertible virtual currencies as part of their business activities. This includes exchanges and platforms that transfer virtual currencies.

Providing infrastructure services (B), operating clearance systems solely among regulated institutions (C), or acting as payment processors for goods/services (D) without handling value transfer do not fall under the money transmitter definition per this guidance.

The ultimate responsibility for risk oversight lies with the Board of Directors. Senior management and the board have the fiduciary and governance duty to ensure that an effective risk management framework, including AML/CFT controls and cryptoasset-specific risks, is in place and functioning properly.

The DFSA GEN Module and AML Module explicitly allocate the highest accountability for compliance and risk oversight to the Board of Directors, while first and second lines support implementation and oversight respectively. The Chief Risk Officer (CRO) supports risk management but the board maintains ultimate accountability.

Key extracts:

GEN Module, Chapter 5: “Responsibility for compliance lies with every member of senior management, with ultimate oversight by the Board.”

AML Module Section 1.2 & 4.1: “Senior management and Board must ensure appropriate systems and controls for AML/CFT risk management.”

FATF Recommendation 2 underscores that senior management and boards are accountable for effective AML governance【GEN/VER64/05-24: Chapter 5; AML/VER25/05-24: Sections 1.2, 4.1】.

Thus,Dis the correct answer.

Management must consider a comprehensive set of features when evaluating virtual asset products and services, including:

Ability for other VASPs to utilize the service (A):This increases risk exposure as services may be used indirectly by unknown parties.

Ability to mingle funds within wider pools (B):Mixing services or pooled wallets increase anonymity and laundering risk.

Regulatory expectations (C):Management must ensure compliance with all applicable laws and guidelines.

Transaction volumes (D):High transaction volumes can increase operational risk and require enhanced monitoring.

The DFSA AML and COB Modules, as well as FATF guidance, stress that a risk-based approach requires consideration of all these features in product/service risk assessments.

Anonymity-enhanced cryptoassets employ specific technical features to obfuscate the details of transactions and the identities of users to reduce traceability and increase privacy. These include:

Automatic mixing (B):This refers to mechanisms such as coin mixers or tumblers that combine multiple transactions from different users into one batch and redistribute them, breaking the direct transaction link and obscuring the audit trail.

Cryptographic enhancements (D):Techniques such as zero-knowledge proofs, ring signatures, stealth addresses, and confidential transactions are cryptographic protocols that conceal sender, receiver, and transaction amount information, making the blockchain ledger less transparent.

Other options explained:

Proof-of-stake mining (A)is a consensus mechanism and not related to anonymity features.

Secure hashing algorithm 256 (C)is a cryptographic hash function standard but does not directly enhance anonymity.

MetaMask wallet (E)is a non-custodial wallet used mainly for Ethereum and tokens but is not an anonymity tool.

References from official crypto AML guidance and typology papers:

DFSA AML Module and thematic reviews highlight these anonymity techniques as high-risk indicators requiring enhanced due diligence (EDD).

UAE typology papers and FATF virtual asset guidance emphasize the risk posed by anonymity-enhanced cryptoassets using automatic mixing and cryptographic enhancements to circumvent AML controls【AML/VER25/05-24: Sections 6.4, 7.3; 31.92._TFS_Typology_Paper_Eng__4.pdf】.

Bitcoin and Ethereum have fundamental differences important to investigators:

Variety of applications, assets, and networks (B): Ethereum supports diverse decentralized applications (dApps), multiple tokens (ERC-20, ERC-721), and various networks, complicating transaction tracing compared to Bitcoin’s primary use as a cryptocurrency.

Ledger model (D): Ethereum uses an account-based ledger model, while Bitcoin uses a UTXO (unspent transaction output) model, affecting how transactions are recorded and analyzed.

Transaction cost (A) and address length (C) differ but are less relevant for fund flow investigations.

The EU’s Markets in Crypto-Assets Regulation (MICA) applies specifically to:

Electronic Money Tokens (B): Tokens that fulfill the definition of electronic money under the E-Money Directive.

Cryptoassets (D): Broad category including digital representations of value that are not covered by existing financial services legislation.

Asset-Referenced Tokens (E): Tokens that purport to maintain a stable value by referencing one or several assets.

Meme coins (A) and privacy coins (C) are not separately classified under MICA but may fall under broader cryptoasset categories subject to other regulations.

Anonymity red flags in crypto include the use of:

Decentralized or hardware wallets (A): These wallets are often unhosted and can facilitate anonymous transfers across borders, complicating AML controls.

Mixing services (B): These obscure transaction trails by blending multiple users’ funds, enhancing anonymity and increasing ML risk.

Privacy-oriented email services (C), fraudulent scheme-linked assets (D), and unusual sign-on activity (E) are also risk indicators but not specifically tied to anonymity in cryptoasset transactions.

AML guidance and thematic reviews emphasize A and B as key anonymity-related red flags.

Money laundering risk increases if the business operates in or near high-risk jurisdictions (D) or regions associated with narcotics production (C), as these are common sources of illicit funds.

An increase in volume and users (A) or supporting various cryptoassets (B) alone does not necessarily increase ML risk. Recent licensing (E) may indicate regulatory compliance, potentially lowering risk.

The main red flag is the customer’s failure to cooperate with requests to provide information on the origin of funds, which undermines transparency and raises suspicion regarding the legitimacy of the funds.

While an unconnected IP address (D) is suspicious, non-cooperation (C) is a stronger indicator of potential money laundering.