Sample CAFP Exam Questions

The following questions are representative of the types of questions you will find on the CAFP (Certified AML and Fraud Professional) exam.

1. Marketing has a new campaign idea to imbed links within an email to encourage existing customers to expand their relationship with the Bank. While going through the approval process, which of the following should be performed to ensure the initiative is successful long-term from a fraud management perspective?

A. Verification steps need to be deployed to validate all emails.
B. Outbound calls need to take place to prospective customers to verify any resulting activities.
C. A Fraud Risk Assessment needs to be performed to weigh risks and controls.
D. Closely monitor new fraudulent phishing activities targeting bank customers.

2. What process should a fraud strategy team have in place to prevent system errors and losses?

A. Employee vacation reviews
B. Monetary instrument log reviews
C. Monthly fraud loss MIS
D. Rule change controls to prevent inadvertent modifications

3. Which of the following five components represent the cycle of suspicious activity reporting?

A. Data mapping; testing; alert generation; SAR reporting; customer risk rating
B. Number of dedicated BSA/AML employees; alert generation; SAR reporting; customer segmentation; data mapping
C. Identification of unusual activity; managing alerts; SAR decision-making; SAR filing and monitoring; SAR filing on continuing activity
D. SAR filing; customer segmentation; risk rating; managing alerts; data mapping

4. During a routine independent audit, a bank is cited for significant deficiencies in its BSA Program. The ultimate responsibility for ensuring that these deficiencies are appropriately addressed resides with the:

A. Independent auditors.
B. Board or a designated committee.
C. BSA Officer.
D. Bank President.

5. While performing an IT audit of a bank, it is noted that the last internet banking authentication risk assessment was completed five years ago. How should management be advised?

A. Perform periodic risk assessments and adjust the bank's authentication controls as necessary in response to changing internal and external threats.
B. Continue to rely on the current risk assessment since the FFIEC Guidance on Authentication of Customers only requires a one-time risk assessment.
C. Continue to rely on the existing risk assessment since it was completed within the last seven years.
D. Ask examiners during the next IT exam to review the risk assessment and advise if any changes are needed.

Answer Key

1. C
2. D
3. C
4. B
5. A