100+ Free CAFCA Practice Questions

Pass your ACAMS Certified AML FinTech Compliance Associate exam on the first try — instant access, no signup required.

✓ No registration✓ No credit card✓ No hidden fees✓ Start practicing immediately

Not publicly disclosed Pass Rate

100+ Questions

100% Free

1 / 100

Question 1

Score: 0/0

A challenger bank like Chime, Revolut, or N26 typically operates without a physical branch network. Which AFC risk is MOST elevated by this digital-only model?

Cash-intensive structuring at teller windows

Speed of digital onboarding outpacing rigorous CDD

Physical robbery of branch vault assets

Inability to accept domestic ACH payments

to track

Same family resources

More ACAMS Financial Crime Certifications Prep

Continue through related practice pages, study guides, comparisons, and articles from the same exam family.

Practice Pages

CAMS Practice200 questions CGSS Certified Global Sanctions Specialist Practice200 questions ACAMS Advanced CAMS — Audit Practice100 questions ACAMS Advanced CAMS — Financial Crimes Investigations Practice100 questions ACAMS Certified AFC Risk Manager (formerly Advanced CAMS-RM) Practice100 questions ACAMS Certified Anti-Fraud Specialist (CAFS) Practice100 questions

CAMS Exam Guide 2026: FREE ACAMS Study Plan + Practice28 min read

2026 Statistics

Key Facts: CAFCA Exam

100

Practice Questions

OpenExamPrep CAFCA

3 hours

Exam Time

Pearson VUE

Scaled

Cut Score

Set by ACAMS

~$1,200-1,500

Exam Fee

ACAMS member discount

8 domains

Content Areas

FinTech AFC to ACAMS Ethics

80-120 hrs

Recommended Study

8-12 weeks

CAFCA is ACAMS's FinTech-focused AML credential, delivered as a 100-question Pearson VUE exam over approximately 3 hours, with a scaled cut score set by ACAMS and a typical fee of about $1,200-$1,500 (ACAMS member discount). The credential is built for compliance staff at neo-banks, payment processors, BNPL lenders, digital wallets, embedded-finance/BaaS programs, and crypto VASPs. Coverage includes BaaS supervisory expectations, eKYC and biometric onboarding, FATF Recommendations 15-16 for virtual assets, OFAC's 50% Rule, MiCA, AMLA 2020 and the EU AML package, and emerging mule, deepfake, and generative-AI threats.

Sample CAFCA Practice Questions

Try these sample questions to test your CAFCA exam readiness. Each question includes a detailed explanation. Start the interactive quiz above for the full 100+ question experience with AI tutoring.

1A challenger bank like Chime, Revolut, or N26 typically operates without a physical branch network. Which AFC risk is MOST elevated by this digital-only model?

A.Cash-intensive structuring at teller windows

B.Speed of digital onboarding outpacing rigorous CDD

C.Physical robbery of branch vault assets

D.Inability to accept domestic ACH payments

Explanation: Neo-banks compete on near-instant onboarding (often under 10 minutes), which creates pressure to compress identification, verification, and risk-scoring steps. This 'speed vs. CDD' tension is the signature FinTech AFC risk.

2Under the Banking-as-a-Service (BaaS) model, who holds ultimate BSA/AML responsibility for monitoring transactions of a FinTech's end customers?

A.The FinTech program manager

B.The card network (Visa or Mastercard)

C.The chartered partner bank

D.Whichever entity collected the customer's PII

Explanation: In a BaaS arrangement, the chartered (sponsor) partner bank remains the regulated financial institution and bears ultimate BSA/AML responsibility, including SAR filing and CDD adequacy — even when day-to-day onboarding is performed by the FinTech.

3In 2024 the FDIC issued a consent order against a small partner bank (e.g., Lineage Bank, Choice Bank) for AML/BSA failures tied to its FinTech program. What was the PRIMARY supervisory finding?

A.The bank failed to monitor proprietary trading activity

B.The bank did not perform adequate oversight or CDD on FinTech partners' end customers

C.The bank charged FinTech partners excessive fees

D.The bank's website lacked TLS encryption

Explanation: FDIC and OCC enforcement against BaaS sponsor banks (Lineage, Cross River, Choice, Blue Ridge) has consistently focused on inadequate third-party risk management and missed CDD on the FinTech partners' end customers — failures rolled up to the chartered bank.

4A Buy Now Pay Later (BNPL) provider such as Klarna, Afterpay, or Affirm offers split-pay installments at point of sale. Which AFC risk is MOST distinctive to the BNPL model versus traditional credit cards?

A.Cash-back rewards programs

B.Synthetic identity fraud paired with quick-merchant cash-out abuse

C.Foreign-exchange conversion fees

D.Mortgage default risk

Explanation: BNPL onboarding is fast and lightweight, making it attractive for synthetic identity fraud and merchant-collusion abuse where stolen or fabricated identities take the goods or refunds before the lender catches up. Mule and synthetic ID risks are top BNPL AFC concerns.

5A payment processor (e.g., Stripe, Adyen, Square) acquires merchants and routes card transactions. Under FinCEN guidance, when does a payment processor itself become a Money Services Business (MSB)?

A.Whenever it accepts credit-card payments for merchants

B.When it accepts and transmits funds for persons other than its bank-affiliated merchants outside narrow exemptions

C.Only if it accepts cryptocurrency

D.Only when it operates internationally

Explanation: FinCEN's payment-processor exemption is narrow: a processor is generally not an MSB if it operates under bank-clearance arrangements, processes through clearing/settlement systems, only serves bona fide merchants, and uses formal agreements. Stepping outside those bounds (e.g., person-to-person transfers) makes it an MSB money transmitter.

6Embedded finance lets a non-financial brand (e.g., a ride-share app) offer banking through a BaaS partner. Which CDD risk is MOST elevated when the end-user opens an account inside a non-financial app?

A.The user may not realize they are opening a bank account, weakening informed consent and intent signals

B.The user automatically becomes a PEP

C.The user gains exemption from OFAC screening

D.The user's funds are not FDIC-insured at the partner bank

Explanation: In embedded-finance flows, the customer experience is branded by the non-financial app, so users frequently do not realize a bank account is being opened. This weakens KYC intent signals and complicates Reg E disclosures and CDD purpose-of-account assessments.

7Which is the BEST description of a digital wallet (e.g., Cash App, Venmo, Apple Cash)?

A.A virtual currency exchange

B.A stored-value or money-transmitter service holding funds and enabling P2P transfers

C.A securities broker-dealer

D.A correspondent bank

Explanation: Digital wallets like Cash App and Venmo function as stored-value / money-transmitter services. They are typically registered as MSBs with FinCEN and are state-licensed money transmitters; some have added crypto and stock features under separate registrations.

8A peer-to-peer lending FinTech (LendingClub, Prosper) connects retail investors and borrowers. Which AFC concern is MOST acute in this model?

A.Use of investor funds to launder borrower-supplied illicit money via early-payoff schemes

B.Excessive interest rate caps

C.Inability to file SARs

D.Mandatory cryptocurrency settlement

Explanation: P2P lending platforms can be abused via 'borrower as launderer' schemes — illicit funds are used to repay loans early, converting illicit cash into clean lender repayments. Detection requires monitoring early payoff patterns, source-of-funds anomalies, and circular flows.

9Which statement BEST captures why FinTech partner-bank ownership chains (the FinTech, its program manager, multiple BIN sponsors, and processors) raise AFC risk?

A.Multiple parties create regulatory ambiguity and gaps in CDD ownership

B.The chains improve KYC accuracy through redundancy

C.FinCEN exempts complex chains from BSA

D.Customers automatically become higher risk

Explanation: Layered FinTech-bank chains create ambiguity over who performs and owns CDD, monitoring, and SAR-filing — the very gaps regulators have been citing in BaaS enforcement. Each handoff is a potential control failure.

10A neo-bank advertises 'open an account in 90 seconds.' From an AFC perspective, what is the MOST important compensating control for such speed?

A.Eliminate CDD entirely

B.Layered, automated risk scoring and post-onboarding monitoring with rapid step-up review

C.Charge a higher monthly fee

D.Require customers to mail in paper documents

Explanation: Where onboarding is intentionally fast, the compliant approach is layered automated risk scoring (device, behavioral, document, sanctions, PEP, adverse media) plus aggressive post-onboarding monitoring and a rapid step-up to manual review when signals fire.

About the CAFCA Exam

The ACAMS Certified AML FinTech Compliance Associate (CAFCA) is a specialty credential designed for AML and financial-crime compliance professionals working in fast-paced FinTech environments — challenger banks, payment processors, BNPL providers, digital wallets, embedded finance, Banking-as-a-Service (BaaS), and crypto / VASPs. It validates practical knowledge of FinTech business models and their distinctive AFC risks, digital onboarding and eKYC, crypto and VASP compliance (FATF Travel Rule, mixers, DeFi), real-time sanctions screening, transaction monitoring at FinTech scale (rules vs. AI/ML, model risk), the global regulatory landscape, emerging risks (BIN attacks, account takeover, mule networks, deepfakes), and the ACAMS Code of Ethics.

Questions

100 scored questions

Time Limit

3 hours (Pearson VUE)

Passing Score

Scaled cut score by ACAMS

Exam Fee

~$1,200-1,500 (ACAMS member discount) (ACAMS)

CAFCA Exam Content Outline

15%

FinTech Business Models & AFC Risk

Challenger / neo-banks (Chime, Revolut, N26, Monzo), payment processors (Stripe, Adyen, Square), BNPL (Klarna, Afterpay, Affirm), embedded finance / Banking-as-a-Service (BaaS), digital wallets (Cash App, Venmo), P2P lending (LendingClub, Prosper), and the FDIC/OCC enforcement pattern against BaaS sponsor banks (Lineage, Cross River, Choice) for inadequate CDD on FinTech partners' end customers

15%

FinTech-Specific Customer Risk

Digital onboarding, eKYC, biometric face match and liveness detection, NFC chip read of e-passports, OCR and hologram detection, behavioral biometrics, device fingerprinting, geolocation/IP intelligence, synthetic identity fraud, FinCEN CDD Rule 25% beneficial ownership and control prong, PATRIOT Act §326 CIP elements, vendor management of identity providers

20%

Crypto & VASP Compliance

VASP classification as MSB money transmitters under FinCEN, FATF Recommendations 15 and 16 (Travel Rule with $1,000/EUR 1,000 de minimis), OFAC actions on Tornado Cash (2022 designation and 2024-2025 reissue/litigation), mixers, DeFi and 'sufficient control,' counterparty (sunrise) due diligence, NY DFS BitLicense, MiCA crypto-asset service providers (CASPs), stablecoins, blockchain analytics

15%

Sanctions Screening in FinTech

OFAC SDN List, OFAC 50% Rule for aggregate ownership, sectoral and comprehensive programs (Iran ITSR, Russia RuHSR), real-time vs. batch screening trade-offs, fuzzy matching (Levenshtein, Jaro-Winkler), phonetic algorithms (Soundex, Metaphone), PEP screening (FATF definition: prominent public functions plus immediate family and close associates), governed whitelists and effectiveness metrics

15%

Transaction Monitoring at Scale

Rules-based vs. AI/ML hybrid detection at FinTech velocity, alert quality and SAR-conversion KPIs, look-back reviews, champion/challenger model testing, model risk management under Federal Reserve / OCC SR 11-7, mule pass-through patterns on P2P apps, AI assistants for analyst augmentation under human-in-the-loop governance

10%

Regulatory Landscape

FinCEN as Treasury bureau, BSA, AMLA 2020 (Division F of NDAA FY2021), Corporate Transparency Act and the 2025 interim final rule narrowing BOI reporting, EU AMLD6 plus the AML package (AMLR, AMLAR establishing Frankfurt-based AMLA), UK FCA authorization of EMIs and payment institutions under PSD2-derived rules, Singapore MAS Notice 626, Hong Kong AMLO, FinCEN 314(a)/(b), Geographic Targeting Orders

Emerging Risks

BIN attacks (low-value authorization probing across sequential card numbers), account takeover via SIM swap and credential stuffing, mule networks recruited via social media and gaming platforms, deepfake / face-swap attacks against onboarding selfie + liveness, generative AI for synthetic identity creation and voice-clone fraud, pig-butchering crypto investment scams, kill-switch and incident-response patterns

ACAMS Ethics & Continuous Learning

ACAMS Code of Ethics — integrity, objectivity, professional competence, confidentiality, conflict-of-interest disclosure — BSA Officer independence and AMLA 2020 whistleblower protections, anti-tipping-off (31 USC §5318(g)), board reporting on outcomes and emerging risks, continuing education for recertification

How to Pass the CAFCA Exam

What You Need to Know

Passing score: Scaled cut score by ACAMS
Exam length: 100 questions
Time limit: 3 hours (Pearson VUE)
Exam fee: ~$1,200-1,500 (ACAMS member discount)

Keys to Passing

Complete 500+ practice questions
Score 80%+ consistently before scheduling
Focus on highest-weighted sections
Use our AI tutor for tough concepts

CAFCA Study Tips from Top Performers

1Memorize the FinCEN CDD Rule four pillars and the 25% ownership-prong plus one control-prong individual — and contrast it with OFAC's 50% Rule for aggregate ownership blocking

2Know FATF Recommendation 16 (the Travel Rule for VAs) at the FATF $1,000 / EUR 1,000 de minimis — and that the US BSA Travel Rule for traditional wires uses a $3,000 threshold

3Learn the BaaS supervisory pattern — FDIC/OCC consent orders against partner banks (Lineage, Cross River, Choice) for inadequate oversight and CDD on FinTech partners' end customers

4Study real-time vs. batch sanctions screening trade-offs at FinTech velocity, plus the role of fuzzy matching (Levenshtein) and phonetic algorithms (Soundex, Metaphone) in tuning false-positive rates

5Know SR 11-7 model risk management expectations and how they apply to AI/ML transaction-monitoring models — independent validation, ongoing monitoring, champion/challenger testing

Frequently Asked Questions

What is the CAFCA credential?

CAFCA — Certified AML FinTech Compliance Associate — is an ACAMS specialty credential for AML / financial-crime compliance professionals working at challenger banks, payment processors, BNPL lenders, digital wallets, embedded-finance / BaaS programs, and crypto VASPs. It complements the broader CAMS credential and the related CTMA, CCAS, and CKYCA specialty exams.

How is the CAFCA exam structured?

The CAFCA exam is delivered at Pearson VUE test centers with approximately 100 multiple-choice questions over about 3 hours. ACAMS sets a scaled cut score rather than publishing a fixed percentage. A practice exam and study materials are included in the standard ACAMS package.

How much does the CAFCA exam cost?

Typical CAFCA pricing is approximately $1,200-$1,500 with the ACAMS member discount; non-member pricing is higher. Fees may include study materials and a practice exam depending on the package selected. Many FinTech employers reimburse the cost for compliance staff.

Who should take the CAFCA exam?

CAFCA is well-suited to AML and financial-crime compliance staff at neo-banks (Chime, Revolut, N26), payment processors (Stripe, Adyen, Square), BNPL lenders (Klarna, Afterpay, Affirm), digital wallets (Cash App, Venmo), embedded-finance and BaaS programs, and crypto exchanges and custodians (VASPs/CASPs). It is also useful for product, risk, audit, and engineering partners working closely with compliance.

How is CAFCA different from CAMS, CTMA, and CCAS?

CAMS is ACAMS's senior, broad AML credential. CTMA focuses on transaction-monitoring practitioners. CCAS focuses on crypto-asset financial crime. CAFCA is the FinTech-business-model focused credential — covering BaaS supervisory expectations, eKYC and biometrics, crypto and VASP fundamentals, real-time sanctions and TM at FinTech scale, and emerging risks like deepfake and mule networks. Many compliance officers stack CAMS plus one or more specialty credentials.

How should I prepare for the CAFCA exam?

Plan for approximately 80-120 hours over 8-12 weeks. Study the FinCEN BSA framework (CIP, CDD Rule, SARs, CTRs, Travel Rule), the FATF Recommendations especially R.10/15/16/22-23, OFAC sanctions including the 50% Rule, AMLA 2020 and the Corporate Transparency Act, the EU AML package and MiCA, UK FCA / Singapore MAS / Hong Kong AMLO basics, and SR 11-7 model risk management. Use this 100-question free practice set to drill weak areas, then complete ACAMS practice exams before sitting.