CAFCA is for FinTech financial-crime judgment, not generic AML memorization
The ACAMS Certified AML FinTech Compliance Associate credential is aimed at professionals working where financial crime risk meets fast digital products: challenger banks, payment processors, BNPL lenders, digital wallets, embedded finance, Banking-as-a-Service, and crypto VASPs. The official credential page is the first source to verify current packages, scheduling, and maintenance expectations: ACAMS CAFCA Certification. Because ACAMS credentials can update pricing, testing windows, package details, and continuing-education language, verify the official page before you budget or schedule.
CAFCA is narrower than CAMS but not easier in a casual way. CAMS tests broad AML program knowledge. CAFCA asks whether you can apply AML, sanctions, fraud, model-risk, and governance concepts to FinTech products that move quickly, onboard remotely, use third-party stacks, and often touch multiple jurisdictions. A candidate who knows textbook CDD can still miss CAFCA questions if they do not understand embedded-finance disclosures, partner-bank oversight, eKYC controls, crypto counterparty risk, or real-time screening trade-offs.
2026 CAFCA exam snapshot
| Item | CAFCA detail |
|---|---|
| Credential | Certified AML FinTech Compliance Associate |
| Issuer | ACAMS |
| Delivery | Pearson VUE in the local metadata |
| Questions | About 100 multiple-choice and scenario-based questions |
| Time limit | About 3 hours |
| Passing score | Scaled cut score set by ACAMS |
| Cost | About $1,200-$1,500 with member discount in the local metadata |
| Experience | FinTech compliance experience recommended |
| Typical study time | 80-120 hours over about 8-12 weeks |
| Maintenance | ACAMS continuing education requirements |
The local OpenExamPrep CAFCA bank has 100 questions across eight categories: FinTech business models and AFC risk, FinTech customer risk, crypto and VASP compliance, sanctions screening, transaction monitoring at scale, regulatory landscape, emerging risks, and ACAMS ethics. The heaviest practice category is crypto/VASP, followed by FinTech customer risk and regulatory landscape. That weighting is useful because it reflects where candidates often need more than generic AML knowledge.
Domain-by-domain strategy
FinTech Business Models and AFC Risk is weighted 15%. Study challenger banks, payment processors, BNPL, embedded finance, BaaS, digital wallets, merchant acquiring, program managers, sponsor banks, processors, and partner chains. The core trap is responsibility confusion. In a BaaS model, the partner bank does not outsource away its BSA/AML responsibility just because a FinTech owns the customer interface. Questions often reward governance, third-party oversight, CDD over end customers, clear disclosures, and risk-based controls that match the product.
FinTech-Specific Customer Risk is weighted 15%. This is digital onboarding territory: eKYC, CIP, document checks, NFC reads, biometrics, liveness, behavioral and device signals, synthetic identity, beneficial ownership, CDD, and step-up verification. The trap is relying on one control. A selfie check alone is not a program. A document scan alone is not enough. Strong answers use layered controls and risk scoring, then escalate when patterns suggest synthetic identity, mule activity, account takeover, or document manipulation.
Crypto and VASP Compliance is weighted 20%, the largest domain in the local outline. Study VASP and CASP classification, FinCEN money-transmitter logic, FATF Recommendation 15 on virtual assets, FATF Recommendation 16 on the Travel Rule, wallet screening, counterparty VASP due diligence, mixers, DeFi control questions, blockchain analytics, NY DFS BitLicense concepts, and MiCA CASP obligations. The trap is treating crypto as either fully anonymous or fully solved by analytics. The right mindset is layered: customer KYC, wallet risk, counterparty exposure, sanctions, typology monitoring, and documented escalation.
Sanctions Screening in FinTech is weighted 15%. Know OFAC SDN screening, the 50% Rule, sectoral sanctions, real-time versus batch screening, fuzzy matching, phonetic algorithms, PEPs, false-positive governance, vendor reconciliation, whitelisting controls, and alert documentation. FinTech velocity matters. A platform opening accounts in seconds or moving payments in real time needs controls that fit speed without silently weakening sanctions obligations.
Transaction Monitoring at Scale is weighted 15%. Study rules versus AI/ML hybrid models, mule typologies, look-backs, champion/challenger testing, alert productivity, SAR conversion, model-risk governance, SR 11-7 principles, and human review of AI-assisted work. The trap is believing automation can replace accountability. Strong programs use AI to augment analysts, document governance, validate models, monitor drift, and keep human sign-off for sensitive decisions.
Regulatory Landscape is weighted 10%. Cover FinCEN/BSA, AMLA 2020, CTA context, FinCEN 314(a) and 314(b), FATF, EU AML package, AMLA, MiCA, UK FCA, MAS, HK AMLO, GTOs, and international risk-based expectations. You do not need to become a lawyer in every jurisdiction, but you must know which regime controls which issue and when to escalate for legal review.
Emerging Risks and ACAMS Ethics are smaller by weight but high leverage. Deepfake onboarding, BIN attacks, account takeover, SIM swap, mule networks, pig-butchering proceeds, generative AI misuse, board reporting, BSA Officer independence, anti-tipping-off, whistleblower issues, and continuing learning are scenario-friendly topics. They test whether your compliance instinct remains sound when the product or fraud method is new.
Official sources to keep beside your study plan
Use the ACAMS CAFCA page for credential details. Use FATF for international AML standards and virtual-asset recommendations: FATF Recommendations. Use FinCEN for BSA statutes, regulations, MSB guidance, CDD, SAR/CTR, Travel Rule, and information-sharing context: FinCEN BSA resources. Use OFAC for sanctions programs and list-based expectations: OFAC sanctions programs. Use ESMA's MiCA overview for EU crypto-asset regulatory context: ESMA MiCA overview.
Do not rely on a single blog post for live sanctions, enforcement, or crypto regulatory status. These areas change quickly. Your study notes should separate stable principles from current facts. The stable principle might be OFAC aggregation under the 50% Rule. The current fact might be a specific sanctions program, enforcement action, or litigation status.
A realistic 10-week CAFCA study plan
Week 1 should map FinTech business models. Draw the money movement and responsibility chain for a challenger bank, payment processor, BNPL product, digital wallet, embedded-finance product, and BaaS arrangement. Label the customer, sponsor bank, program manager, processor, merchant, counterparty, and regulator touchpoints. Many CAFCA questions become easier when you can see where control ownership sits.
Weeks 3 and 4 should cover crypto and VASP compliance. Study FinCEN MSB treatment of convertible virtual currency, FATF R.15 and R.16, Travel Rule thresholds, counterparty VASP due diligence, wallet screening, mixers, DeFi, blockchain analytics, MiCA CASP vocabulary, and sanctions exposure. Practice explaining the difference between customer-level screening and wallet-level screening.
Week 5 should cover sanctions screening. Build a checklist for SDN, 50% Rule, sectoral programs, real-time screening, batch rescreening, false-positive governance, fuzzy matching, whitelisting, and vendor reconciliation. The best answers tend to be auditable and risk-based, not shortcuts that bypass screening for important customers.
Week 6 should cover transaction monitoring. Learn rules debt, typologies, alert quality, SAR conversion, look-back reviews, model validation, champion/challenger testing, AI assistant governance, and human-in-the-loop review. For every AI or ML question, ask what governance evidence would satisfy an examiner.
Week 7 should cover regulatory landscape. Focus on FinCEN/BSA, AMLA 2020, CTA context, 314(a), 314(b), GTOs, FATF, EU AML package, AMLA, MiCA, UK FCA, MAS, and HK AMLO at a practical compliance level. Know when a question is asking for a US rule, FATF principle, EU crypto rule, or general risk-based approach.
Week 8 should cover emerging risks and ethics. Review deepfake onboarding, mule networks, pig-butchering, account takeover, SIM swap, BIN attacks, board reporting, anti-tipping-off, independence, escalation, and documentation. These questions often ask for the best first governance response, not a technical deep dive.
Exam-specific traps
Trap one is answer choices that outsource accountability. Vendor tools, sponsor banks, program managers, and AI systems can support compliance, but they do not erase the regulated institution's responsibility. If an answer says the vendor handles everything with no oversight, it is usually weak.
Trap two is false precision on the passing score. ACAMS uses a scaled cut score for CAFCA; do not plan around a public raw percentage unless ACAMS publishes one for your window. Build a performance buffer instead.
Trap three is mixing thresholds. FATF's virtual-asset Travel Rule discussion and US BSA Travel Rule thresholds are not the same thing in every context. OFAC's 50% Rule is not FinCEN's CDD 25% ownership prong. These numbers appear in practice because candidates confuse them.
Trap four is treating crypto as one domain only. Crypto can appear in customer risk, sanctions, TM, regulatory landscape, and emerging risks. A mixer question may be about obfuscation, but it may also be about sanctions exposure, wallet screening, SAR narrative quality, or counterparty controls.
Trap five is ignoring board and audit language. CAFCA is an associate credential, but it still expects professional compliance judgment: documentation, escalation, independent testing, model validation, risk assessment, and board reporting.
Readiness checklist
You are ready when you can describe the risk profile of a BaaS program, explain eKYC layers, classify a VASP issue, distinguish customer screening from wallet screening, apply OFAC's 50% Rule conceptually, explain FATF R.15 and R.16 at a high level, describe good whitelisting governance, identify rules debt in transaction monitoring, and choose ethical escalation over concealment.
Use OpenExamPrep as a routing system, not a substitute for official sources. Start with free mixed practice, repair weak domains with the study guide, then return to scenario questions. Keep the ACAMS, FATF, FinCEN, OFAC, and MiCA source links available so your notes stay anchored. CAFCA rewards candidates who can connect fast product design to slow compliance obligations. Study that connection directly and the exam becomes much more predictable.