A.  

recall the audit report assess the error and resubmit the correct one.

B.  

report the error to the local AML regulator.

C.  

reevaluate the item(s) and resubmit findings for discussion on factualaccuracy.

D.  

tell those who received the communication of the error and corrections.

A.  

Staff attendance is complete because the training is mandatory for staff in the business, operations compliance and senior management whose duties involve knowledge of AML controls and processes.

B.  

Staff attendance is complete because all staff in the institution are required to attend the AML training as part of the staff onboarding process.

C.  

Staff attendance is incomplete because the board of directors is not part of the staff required to attend the periodic trainings, and there is no other specially designed AML training for the board.

D.  

Staff attendance is incomplete because the compliance officer or the delegates are not part of the staff facilitating the 3-hour periodic AML training.

A.  

Finding 1

B.  

Finding 3

C.  

Finding 4

D.  

Finding 5

E.  

Finding 6

F.  

Finding 8

A.  

The approach outlined by the Dank is deficient, as the service providers are not pan of the Dank s AML training during its staff onboarding.

B.  

The approach outlined by the Dank is appropriate as the Dank can rely on a professional service provider to deliver the AML training program for the Dank s staff.

C.  

The approach outlined by the Dank is deficient, as it does not provide controls for the Dank to verify training delivered by outsourced providers to the bank's staff is appropriate.

D.  

The approach outlined by the bank Is appropriate as it considers practical issues such as time zone differences and availability of both classroom and online sessions.

A.  

Risk-based

B.  

Judgmental

C.  

Statistical

D.  

Proportional

A.  

The management and ownership of the respondent bank.

B.  

The purpose of the services provided to the respondent bank.

C.  

The jurisdiction in which the respondent bank is located.

D.  

The major business activities of the respondent bank.

A.  

Horizontal

B.  

Full scope

C.  

Vertical

D.  

Risk-based

A.  

Perform quality assurance testing of transaction monitoring.

B.  

Monitor the risks of noncompliance with applicable laws and regulations.

C.  

Periodically evaluate the effectiveness of processes and controls.

D.  

Execute the corrective action plan.

A.  

Management took appropriate and timely action to address any violations and other deficiencies.

B.  

Senior management agreed that the findings were legitimate.

C.  

Management discussed an action plan to address any violations and other deficiencies.

D.  

The business attested to remediating the control gaps.

A.  

Payable through accounts

B.  

International fund transfers

C.  

Letters of credit

D.  

Foreign exchange services

A.  

Judgmental

B.  

Proportional

C.  

Statistical

D.  

Risk-based

A.  

Assign to continuous monitoring.

B.  

Include the lack of metrics as a deficiency in the reporting.

C.  

Escalate the finding regarding the lack of metrics to the board of directors.

D.  

Review within the IT audit.

A.  

US entities having branches outside the US

B.  

Non-US entities having branches outside the US

C.  

US citizens residing outside the

D.  

Non-US citizens residing in the US

A.  

Findings ate explained and assigned to the accountable owners.

B.  

Additional remediation is identified and planned.

C.  

Findings ate clearly written and facts are accurate

D.  

Communication, follow-up. and documentation are tracked on scheduled sustainability validations.

E.  

Compliance Identifies and schedules pre-exam validation as appropriate.

A.  

The efficiency of the sanction screening tool is not properly tuned due to the wrong sanctions lists.

B.  

The finding is on a different audit topic than the KYC related findings.

C.  

The tool might miss potential sanction violations given the long intervals before the sanctions lists are updated.

D.  

The organization might have reported a sanction breach that is not a current sanction violation.

A.  

interns and third parties are not included.

B.  

attendees have completed post-course surveys.

C.  

ethics training has been delivered to senior management.

D.  

tailored training has been provided to AML and CFT staff.

A.  

Transaction reporting procedures used to report suspicious transactions to the regulator

B.  

Transaction monitoring procedures that specify the information that will be retained in each transaction

C.  

Account opening procedures that specify the information that will be obtained from each customer

D.  

Customer enhanced due diligence procedures used to identify unusual transactions

A.  

Procedures

B.  

Controls

C.  

Reporting

D.  

Risks

A.  

A copy of the FI's AML risk assessment

B.  

Comparison against past suspicious activity reported

C.  

Above-the-line and below-the-line testing

D.  

Length of time the FI has deployed the software program

E.  

Proof of validation from the TM software provider

A.  

Age (Years)

B.  

Risk factors (Y/N. if Y please specify)

C.  

Type of customer (Trust. Company Individual)

D.  

Annual premium (S)

E.  

Residence (Country)

F.  

Photo ID taken (Passport Driver’s License. Other)

A.  

Implementing controls and other safeguards

B.  

Determining appropriate risk appetite of the entity

C.  

Evaluating the management of risk

D.  

Acting as a catalyst for improvement

E.  

Mitigating the risks facing the organization

A.  

be updated more often given the risk of the entity.

B.  

include an assessment of jurisdiction where the customer currently resides as this may have changed.

C.  

allow for sales oy third patties other than advisors since most of the customers are local residents.

D.  

include a qualitative overlay that 95% of the products offered are subject to regulatory exemptions.

A.  

Validate the accuracy of content of the independent external review report by recommending an audit and assess if the findings of both the independent review and audit are similar.

B.  

Review the independent external review report to determine the extent to which reliance can be placed on it and identify matters requiring further review by internal audit.

C.  

Rely upon the independent external review report as the base to formulate conclusions of the current onsite visit by internal audit.

D.  

Advise the group board that the group should set aside the external review reports as the use of the third party independent reviewer was not authorized at group board level.

A.  

Attending internal meetings where key risk indicators are discussed

B.  

Donating funds to a local chanty which relates to the organization being audited

C.  

Working with staff to design and implement key controls

D.  

Presenting at a local audit industry event where best practices are discussed

A.  

Scenario 1

B.  

Scenario 4

C.  

Scenario 5

D.  

Scenario 6

E.  

Scenario 7

A.  

Documentation requirements of test results supporting the conclusion

B.  

Sampling method applied to select an appropriate sample size

C.  

Planned expansion or changes in the business profile of the organization

D.  

Test objectives and population selection criteria to mitigate the inherent risk in the operational unit

E.  

Elements contributing to the inherent risk of the organization

F.  

Relevant testing techniques subject to the nature and size of the test population

A.  

Query the completeness of the customer data to be provided.

B.  

Discuss the client risk scoring process with the head of AML.

C.  

Review the financial institution's AML risk assessment to understand the institution's client base.

D.  

Review a list of high-risk customers provided by compliance.