Chapter 7 Quiz

AML Transaction Monitoring: Rules-Based vs. AI-Driven Approaches

20 questions — mix of conceptual and applied. Answers follow.

1. Which stage of money laundering involves moving funds through a series of complex transactions to obscure their criminal origin?

A) Placement B) Layering C) Integration D) Structuring

2. The central obligation created by FATF Recommendation 20 is:

A) To conduct enhanced due diligence on all high-risk customers B) To file a suspicious activity report when funds are suspected to be proceeds of crime C) To maintain a minimum ratio of AML analysts to transaction volume D) To conduct real-time screening of all wire transfers against sanctions lists

3. In a rule-based AML monitoring scenario, a financial institution sets a threshold of $50,000 for inbound wire activity that triggers an alert. The institution increases this threshold to $75,000. What is the primary trade-off?

A) Higher false positive rate; lower recall B) Lower false positive rate; lower recall C) Higher recall; lower false positive rate D) No change in detection performance

4. Which of the following is NOT a characteristic advantage of rules-based transaction monitoring over ML-based monitoring?

A) Transparency and explainability B) Direct link to known regulatory typologies C) Ability to detect novel, previously unseen suspicious patterns D) Auditability of decision logic

5. The "rapid in-and-out" scenario typically flags accounts where:

A) Multiple cash withdrawals occur below the CTR threshold in a single day B) Significant inbound funds are followed rapidly by outbound transfers, leaving near-zero balances C) Round-dollar international wire transfers are sent to enhanced-scrutiny jurisdictions D) A customer's transaction volume increases by more than 200% in a 30-day period

6. Rafael's analysis at Meridian Capital showed approximately what false positive rate in the pre-ML alert queue?

A) 50% B) 75% C) 96% D) 99%

7. In AML transaction monitoring, "recall" measures:

A) The percentage of generated alerts that represent genuine suspicious activity B) The percentage of actual suspicious accounts that were flagged by the monitoring system C) The average number of alerts reviewed per analyst per day D) The time elapsed between alert generation and analyst review

8. A hybrid AML monitoring architecture typically uses rules-based scenarios for which primary purpose, while using ML for which primary purpose?

A) Rules for novel pattern detection; ML for regulatory typologies B) Rules for known typologies and regulatory requirements; ML for novel patterns and risk scoring C) Rules for high-risk customers; ML for low-risk customers D) Rules for real-time screening; ML for batch processing

9. Which of the following is an example of the "population mismatch" cause of false positives in transaction monitoring?

A) A scenario calibrated in 2020 flagging different patterns in 2024 due to customer base growth B) A large cash scenario generating alerts for a restaurant whose legitimate business involves high cash volumes C) A rule flagging round-dollar wire transfers when the threshold has not been updated D) An analyst spending too little time reviewing each alert due to queue backlog

10. What is the primary output of an AML transaction monitoring program from a regulatory compliance perspective?

A) Monthly risk reports submitted to the FIU B) Suspicious Activity Reports (SARs) filed with the relevant financial intelligence unit C) Customer risk ratings updated based on transaction behavior D) Enhanced due diligence files maintained for high-risk customers

11. An ML-based transaction monitoring system assigns a risk score of 0.87 to a transaction. What does this represent?

A) The transaction amount as a percentage of the account's average monthly activity B) A model-estimated probability that the transaction is suspicious C) The number of rule-based scenarios that flagged this transaction D) The percentile rank of the transaction within the customer's history

12. The key challenge of training an ML model for AML transaction monitoring is:

A) The volume of transaction data, which exceeds most computing infrastructure capacity B) Class imbalance — the rarity of genuine suspicious activity in the training data C) The inability of ML models to process time-series transaction data D) Regulatory prohibitions on ML use in AML programs

13. Customer segmentation as a false positive reduction strategy works by:

A) Reducing the number of customers subject to transaction monitoring B) Applying different scenario configurations for different customer types to avoid flagging normal behavior for specific segments C) Assigning different analysts to review alerts by customer risk tier D) Increasing monitoring thresholds across all customer segments equally

14. What does the "queue age" metric measure in AML alert workflow management?

A) The average age of customers in the monitored population B) The age of the monitoring rules relative to their last calibration C) The time elapsed since the oldest unreviewed alert was generated D) The average time an analyst has been in their current role

15. Which of the following best describes the "documentation requirement" for AML alert reviews?

A) Every transaction over $10,000 must be manually documented regardless of whether it triggered an alert B) Only alerts escalated to SAR filing require formal documentation C) Every alert review must be documented with sufficient detail to reconstruct the analyst's analysis and decision D) Documentation is required for rejected alerts but not for cases closed as no suspicious activity

16. A financial institution reduces its AML scenario library from 47 scenarios to 28 scenarios. Which of the following best describes the appropriate basis for this decision?

A) Reducing scenarios always reduces regulatory compliance obligations B) Eliminating scenarios with historically near-zero true positive rates while maintaining coverage of key typologies C) Reducing scenarios to bring analyst workload to a manageable level D) Scenarios should never be reduced; additional scenarios should always be added

17. The SHAP (SHapley Additive exPlanations) technique is relevant to ML-based AML monitoring because it:

A) Improves the speed of transaction data processing in large-scale systems B) Provides feature-level explanations for individual model predictions, supporting analyst review and regulatory examination C) Generates synthetic suspicious transaction data for model training D) Automatically calibrates decision thresholds to minimize false positive rates

18. Which of the following alert workflow metrics is most directly indicative of whether genuine suspicious activity is being prioritized?

A) Alerts reviewed per analyst per day B) Average time to review per alert C) SAR filing rate as a percentage of alerts reviewed D) Queue age (oldest unreviewed alert)

19. A "negative news pre-filtering" strategy for false positive reduction would:

A) Remove all adverse media alerts from the monitoring queue B) Reduce alerts from customers with no adverse media, no sanctions matches, and stable account histories — where genuine suspicion base rates are low C) Automatically close alerts from customers who have passed EDD review within the past 12 months D) Apply a minimum transaction amount threshold below which no adverse media checks are conducted

20. Rafael's implementation results at Meridian Capital showed which of the following post-implementation outcomes?

A) Alert volume eliminated entirely; all monitoring moved to automated disposition B) Alert volume reduced from 340 to 190 per week; SAR filing rate per analyst hour increased 35% C) False positive rate reduced to below 50%; true positive detection rate increased by 50% D) Full replacement of rule-based scenarios with ML model; no hybrid approach retained

Answer Key