Cisco
CompTIA
ISC
EC-Council
EXIN
Fortinet
ITIL
Juniper
Microsoft
VMware
Avaya
SAP
Google
NVIDIA
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk
ServiceNow
All Vendors
  2. Home
  3. Exams
  4. ACAMS
  5. CCAS

ACAMS CCAS Exam
Certified Cryptoasset Anti-Financial Crime Specialistination (Page 3 )

Updated On: 7-Feb-2026
Page 3 of 21
PDF with 100 Questions

Which is the first action a virtual asset service provider (VASP) should take when it finds out that its customers are engaging in virtual asset (VA) transfers related to unhosted wallets and peer-to-peer (P2P) transactions?

  1. Allow VA transfers related P2P or unhosted wallets below 1,000 USD or the equivalent amount in local currency, or per defined thresholds in local regulations.
  2. Freeze accounts with records of transactions related to P2P transactions or unhosted wallets.
  3. Collect and assess the data on transactions related to P2P or unhosted wallets to determine if it is within its risk appetite.
  4. Enhance existing risk-based control framework to account for specific risks posed by transactions related to P2P or unhosted wallets.

Answer(s): C

Explanation:

Upon identifying customer engagement with unhosted wallets or P2P transfers, the first step a VASP should take is to collect and assess data on such transactions. This assessment helps determine if these activities fall within the firm's risk appetite and what enhanced controls or actions may be needed.

Immediate account freezing (B) is not the first step without assessment; neither is allowing transfers (A) without risk consideration. Enhancing risk frameworks (D) is important but follows from an initial data-driven risk assessment.

Relevant guidance:

FATF Recommendations and DFSA AML Module require VASPs to maintain a risk-based approach that begins with data collection and risk assessment on unhosted wallet transactions.

The DFSA's 2023 Dear MLRO letters and thematic reviews stress proportionality and evidence-based responses rather than immediate punitive measures.

Enhanced due diligence (EDD) and risk mitigation measures, including potentially freezing accounts, come after assessment of the risk levelAML/VER25/05-24: Sections 4.1, 6.4, 13; 20230406Dear_MLRO_Letter_re_IEMS.pdf.

Hence, C is the appropriate first action.



In a blockchain 51% attack, what does 51% refer to?

  1. Governance tokens
  2. Wallets
  3. Computational power required for mining
  4. Exchanges

Answer(s): C

Explanation:

A 51% attack refers to a situation where a single miner or group controls more than 50% of the blockchain network's computational (hashing) power. This majority control allows them to manipulate the blockchain ledger by double-spending or blocking transactions.

This term is widely recognized in blockchain security contexts and is referenced in typology papers on crypto financial crime risks, including those issued by UAE authorities and FATF.

Supporting extracts:

DFSA AML thematic reviews mention the risk of manipulation and double spending in blockchains susceptible to 51% attacks.

Typology reports on cryptoasset risks highlight computational power concentration as a core vulnerability.

"51% refers to the percentage of total mining power or computational power in the network" is the standard definition across crypto AML/CFT frameworks31.92._TFS_Typology_Paper_Eng__4.pdf; AMLCFT_Guidance_for_FIs.pdf.

Thus, C is correct.



How does law enforcement use Suspicious Activity Reports (SARs)? (Select Two.)

  1. To identify regulatory failings
  2. To produce evidence of money laundering that can be used in court
  3. To develop intelligence on new targets
  4. To confirm or develop information on existing targets

Answer(s): C,D

Explanation:

Suspicious Activity Reports (SARs) are a critical tool for law enforcement agencies. They are primarily used to develop intelligence on potential new criminal targets and to confirm or expand information about existing investigations. SARs do not serve as direct evidence of money laundering in court but provide leads and context that enable law enforcement to build cases.

The DFSA's thematic reviews and AML guidance clarify that SARs assist in identifying emerging crime patterns and help intelligence units track suspicious transactions over time. They also allow law enforcement to corroborate data from other sources.

SARs help:

Develop intelligence on new targets (C) by revealing previously unknown suspicious behavior.

Confirm or develop information on existing targets (D) by adding transactional data and context.

Identifying regulatory failings (A) is primarily a supervisory function, and SARs themselves are not evidence for prosecution (B) but intelligence inputs.

Therefore, options C and D are correct.



Based on Financial Action Task Force guidance, when a cryptoasset exchange carries out an occasional transaction, the exchange is required to conduct CDD when the transaction is above:

  1. USD/EUR 1000.
  2. USD/EUR 5000.
  3. USD/EUR 10000.
  4. USD/EUR 15000.

Answer(s): C

Explanation:

FATF guidance sets the threshold for Customer Due Diligence (CDD) on occasional transactions at USD/EUR 10,000 or equivalent. This means that when a cryptoasset exchange processes a one-off transaction exceeding this amount, it must apply appropriate CDD measures.

This aligns with FATF Recommendation 10 and is adopted by DFSA and FSRA frameworks governing virtual asset service providers, ensuring transactions over this limit are subject to identity verification and risk assessment.

Extracts from AML and COB modules emphasize this threshold as the trigger for CDD on occasional transactions to prevent laundering through high-value single transfers.



In considering particular virtual asset products, services, or activities, which features should be considered by management?

  1. Ability for other virtual asset service providers (VASPs) to utilize the service to provide services to their own customers.
  2. Ability to mingle funds within wider pools.
  3. Regulatory expectations.
  4. Transaction volumes.

Answer(s): A,B,C,D

Explanation:

Management must consider a comprehensive set of features when evaluating virtual asset products and services, including:

Ability for other VASPs to utilize the service (A): This increases risk exposure as services may be used indirectly by unknown parties.

Ability to mingle funds within wider pools (B): Mixing services or pooled wallets increase anonymity and laundering risk.

Regulatory expectations (C): Management must ensure compliance with all applicable laws and guidelines.

Transaction volumes (D): High transaction volumes can increase operational risk and require enhanced monitoring.

The DFSA AML and COB Modules, as well as FATF guidance, stress that a risk-based approach requires consideration of all these features in product/service risk assessments.






Post your Comments and Discuss ACAMS CCAS exam prep with other Community members:

Join the CCAS Discussion