CCAS Certified Cryptoasset Anti-Financial Crime Specialist Examination Questions and Answers

Enhanced international cooperation in VA crime investigations is most effective when jurisdictions designate and empower Financial Intelligence Units (FIUs) that can share intelligence, coordinate cross-border investigations, and liaise with counterparts internationally.

While FATF membership (A) facilitates cooperation, the operational hub for investigations is the FIU. Establishing new agencies (B) or smart contracts for sharing (C) are not established or effective methods.

DFSA guidance and FATF recommendations stress the central role of FIUs in enhancing cooperation and intelligence sharing for AML/CFT, including virtual assets.

The FinCEN 2019 guidance clarifies that money transmitters include entities that exchange digital tokens or convertible virtual currencies as part of their business activities. This includes exchanges and platforms that transfer virtual currencies.

Providing infrastructure services (B), operating clearance systems solely among regulated institutions (C), or acting as payment processors for goods/services (D) without handling value transfer do not fall under the money transmitter definition per this guidance.

Dusting involves sending tiny amounts of crypto to many addresses to later analyze transaction patterns, potentially deanonymizing users — a privacy and AML concern.

Misconfigured or poorly designed smart contracts can enable rug pull scams, where developers create fraudulent decentralized finance (DeFi) projects or tokens and then withdraw liquidity or funds abruptly, leaving investors with worthless assets.

Phishing (A) and SIM attacks (B) relate to social engineering and telecom fraud, respectively, and ransomware (D) is malware demanding payment. Rug pulls specifically exploit smart contract vulnerabilities.

The DFSA and AML thematic reviews on crypto highlight rug pull scams as a key operational and financial crime risk linked to smart contract vulnerabilities.

DAOs are decentralized organizational structures where protocol governance and operational decisions are made collectively by token holders or participants rather than centralized management. This group voting and consensus determine how the protocol functions.

DAOs do not rely on traditional contracts (D) nor necessarily require ongoing human managerial control (A). They are not simply funds with boards voting (C) but represent decentralized governance mechanisms.

Funds moving through multiple intermediary wallets before arriving at the client’s wallet indicate layering techniques used to obscure the source of funds, a classic money laundering tactic.

Transferring funds quickly (A) or declaring wealth (B) are less definitive indicators. An untraceable IP (C) raises concerns but is less conclusive than complex transactional layering.

The ultimate responsibility for risk oversight lies with the Board of Directors. Senior management and the board have the fiduciary and governance duty to ensure that an effective risk management framework, including AML/CFT controls and cryptoasset-specific risks, is in place and functioning properly.

The DFSA GEN Module and AML Module explicitly allocate the highest accountability for compliance and risk oversight to the Board of Directors, while first and second lines support implementation and oversight respectively. The Chief Risk Officer (CRO) supports risk management but the board maintains ultimate accountability.

Key extracts:

GEN Module, Chapter 5: “Responsibility for compliance lies with every member of senior management, with ultimate oversight by the Board.”

AML Module Section 1.2 & 4.1: “Senior management and Board must ensure appropriate systems and controls for AML/CFT risk management.”

FATF Recommendation 2 underscores that senior management and boards are accountable for effective AML governance【GEN/VER64/05-24: Chapter 5; AML/VER25/05-24: Sections 1.2, 4.1】.

Thus,Dis the correct answer.

FATF guidance sets the threshold for Customer Due Diligence (CDD) on occasional transactions at USD/EUR 10,000 or equivalent. This means that when a cryptoasset exchange processes a one-off transaction exceeding this amount, it must apply appropriate CDD measures.

This aligns with FATF Recommendation 10 and is adopted by DFSA and FSRA frameworks governing virtual asset service providers, ensuring transactions over this limit are subject to identity verification and risk assessment.

Extracts from AML and COB modules emphasize this threshold as the trigger for CDD on occasional transactions to prevent laundering through high-value single transfers.

FATF defines VASPs as entities that conduct certain specified activities involving virtual assets. Licensing or registration as a VASP is required primarily for entities engaged in activities such as safekeeping and/or administration of virtual assets or conducting exchanges between one or more forms of virtual assets.

Cryptocurrency mining operations (A) and operating blockchain nodes (C) are generally excluded from the VASP definition because they do not involve handling customer funds or providing financial services. Virtual money service businesses (D) is a broader term that may include VASPs but not all such businesses fall under VASP regulations unless they meet the activity criteria.

This aligns with the DFSA AML Module and FATF Recommendation 15, which regulate entities providing virtual asset custody or exchange services to customers and require them to be licensed or registered.

Stablecoins aim to maintain value stability by pegging to assets like fiat currency or commodities. Regulators stress monitoring stablecoin reserve transparency to prevent misuse for layering illicit funds.

Unhosted wallets are self-custody wallets controlled directly by the user without third-party oversight, posing higher anonymity and AML risks.

Direct sending to a scam cluster indicates active involvement by the customer in potentially transferring funds associated with fraudulent activities. Sending funds directly to known scam addresses is a strong indicator of complicity or direct engagement.

Indirect flows (A and B) could be less conclusive, and direct receiving (D) may indicate victimhood rather than active involvement.

AML typologies and DFSA guidance identify direct outgoing transactions to scam clusters as significant red flags.

EDD is required when dealing with customers or transactions from jurisdictions identified as high-risk for ML/TF. This aligns with FATF Recommendation 19 and local UAE regulations.

Red flags include private sharing of NFTs without public trading (A), indicating potential lack of transparency, and new coins with untested protocols controlled by few wallets (C), signaling possible manipulation or fraud.

Tokens endorsed by celebrities with price increases (D) or active social media presence (E) are less directly indicative of fraud but require monitoring. Low social media presence with wide ownership and original whitepapers (B) is typically less suspicious.

Hash immutability means that altering any transaction would require changing all subsequent blocks and achieving majority consensus. This security property underpins blockchain integrity and forensic traceability, crucial in AML investigations.

Fuzzy matches require further review to confirm whether the match is a true hit or a false positive, ensuring compliance accuracy.

Structuring (smurfing) involves breaking transactions into smaller amounts to evade AML reporting thresholds, a classic ML tactic.

In risk-based AML/CFT programs — including those applied to Virtual Asset Service Providers (VASPs) — risk assessment determines the remaining exposure after applying mitigating measures.

Inherent Risk:The natural level of risk before applying any controls, based on factors like customer profile, transaction patterns, and jurisdiction.

Control Effectiveness:The degree to which implemented controls (e.g., CDD, EDD, sanctions screening, blockchain analytics) reduce risk.

Residual Risk:The risk that remains after controls are applied and is the level an organization must either accept, reduce further, or avoid.

The standard formula is:

Inherent Risk – Control Effectiveness = Residual Risk

This equation is emphasized in FATF’s risk-based approach guidance and reinforced in DIFC (DFSA) and ADGM (FSRA) AML rules to ensure ongoing monitoring and governance oversight of remaining risks.

Anonymity red flags in crypto include the use of:

Decentralized or hardware wallets (A): These wallets are often unhosted and can facilitate anonymous transfers across borders, complicating AML controls.

Mixing services (B): These obscure transaction trails by blending multiple users’ funds, enhancing anonymity and increasing ML risk.

Privacy-oriented email services (C), fraudulent scheme-linked assets (D), and unusual sign-on activity (E) are also risk indicators but not specifically tied to anonymity in cryptoasset transactions.

AML guidance and thematic reviews emphasize A and B as key anonymity-related red flags.

DFSA AML Module requires the Board to approve and oversee the firm’s business-wide risk assessment, ensuring accountability at the highest governance level.

Layering involves creating complex transaction chains to disguise the illicit origin of funds. In crypto, this may involve multiple wallet hops, cross-chain swaps, and the use of privacy-enhancing technologies.

FATF Recommendation 20 mandates that STRs be filed whenever there is suspicion or reasonable grounds to suspect criminal proceeds, regardless of the transaction value. This is mirrored in DFSA and FSRA AML regulations, ensuring that the reporting obligation is triggered by suspicion, not just thresholds.

Cryptocurrencies are digital currencies secured by cryptography, operating independently from any central bank or government. Blockchain is the underlying distributed ledger technology supporting cryptocurrencies and other digital assets.

Cryptocurrencies and blockchain are not the same (B). Digital assets can exist off-blockchain (C), such as tokenized assets on centralized databases. While cryptocurrencies can be used as payment, blockchain itself is a technology, not a payment method (D).

FATF defines VASPs as entities that conduct one or more of the following activities:

Exchanging one or more forms of virtual assets (B),

Providing financial services related to initial coin offerings (ICOs) (C),

Exchanging virtual assets for fiat currencies or vice versa (D).

Mining operations (A) and software creation (E) are excluded from the VASP definition as they do not involve financial intermediation. Initial public offerings (IPOs) (F) pertain to traditional securities and are outside the scope of VASP activities.

This definition aligns with FATF Recommendation 15 and DFSA regulatory frameworks.

Red flags related to anonymity include transactions where virtual assets are cashed out at exchanges from peer-to-peer hosted wallets with no clear business rationale. Such behavior indicates attempts to obscure the origin or destination of funds, characteristic of laundering activities.

Executing high-value transactions after inactivity (A) or frequent transfers to known VASPs (C) may be suspicious but are less directly linked to anonymity. Exchanging at a loss (D) is a different type of red flag.

FATF’s red flag indicators list (2021) highlights (B) as a key sign of anonymity-related risk.

Proof of Work (PoW) consensus achieves network consensus by requiring participants (miners) to solve complex cryptographic puzzles, which verifies transactions and secures the blockchain. This computational work makes it difficult and costly to alter the blockchain.

Dependency on electricity (A) is a criticism rather than an advantage. PoW promotes decentralization rather than centralization (B). It provides strong security for large networks rather than small ones (D).

This principle is fundamental in Bitcoin and many other cryptocurrencies and is frequently referenced in AML/CFT guidance to understand the transaction validation process and network security.

Private blockchains are controlled by a single organization with full access restrictions. This model is often used for internal record-keeping but lacks the decentralized trust of public chains.