CTMA Exam Prep Free practice test →

Free CTMA Practice Questions

10 free, exam-style Certified Transaction Monitoring Associate (CTMA) practice questions with answers and explanations. No signup required. Work through them below, then take the full free CTMA practice test to study every exam domain.

These 10 free CTMA questions are organized by exam domain, so you can see how each part of the Certified Transaction Monitoring Associate blueprint is tested. Reveal the answer and explanation under each question.

Domain 1: ROLE OF TRANSACTION MONITORING IN FINANCIAL CRIME PREVENTION 20% of exam

Question 1

A TM analyst reviews an alert for a retail banking customer who has made six cash deposits totalling $28,000 over the past two weeks. The customer's KYC file documents their occupation as a self-employed painter with an expected annual income of $35,000. The analyst finds no prior alerts and no adverse media. At this stage of the review, this activity is BEST described as:

  1. Suspicious activity, because the deposits are consistent with a structuring pattern
  2. Unusual activity, because the deposits deviate from the customer's expected income profile and require investigation
  3. Suspicious activity, because cash transactions from self-employed individuals always require a SAR
  4. High-risk activity that should be immediately escalated without further investigation
Show answer & explanation

Correct answer: B - Unusual activity, because the deposits deviate from the customer's expected income profile and require investigation

Question 2

A TM system has generated an alert for the same corporate customer for the ninth consecutive month. Each month, the alert fires because the customer sends a $75,000 wire transfer to the same overseas supplier - an activity that is fully documented in the customer's KYC file as their primary recurring payment for raw materials. Each time, the analyst investigates and closes the alert with the same rationale. These alerts are MOST accurately classified as:

  1. Valid alerts, because each one requires independent review before closure
  2. False positives, because each individual alert has a documented lawful explanation
  3. Non-productive alerts, because the scenario is systematically flagging known expected activity and the pattern indicates a calibration problem
  4. Escalation candidates, because recurring alerts on the same customer require senior review
Show answer & explanation

Correct answer: C - Non-productive alerts, because the scenario is systematically flagging known expected activity and the pattern indicates a calibration problem

Domain 2: TRANSACTION MONITORING ALERT GENERATION 15% of exam

Question 3

A TM analyst has noticed that a particular wire transfer scenario has generated 200 alerts over the past three months, of which 195 were closed as false positives. The alerts consistently fire for transactions between $48,000 and $52,000 sent to counterparties in Western Europe - a corridor and amount range that is well-documented in the affected customers' KYC files as routine intercompany payments. What is the MOST appropriate course of action?

  1. Lower the scenario threshold immediately to eliminate the false positives
  2. Document the false positive pattern, escalate through the model governance process, obtain approval, and validate any threshold change before deployment
  3. Continue closing the alerts as false positives and flag them for review at the next annual model assessment
  4. Escalate the pattern to senior management and take no further action until instructed
Show answer & explanation

Correct answer: B - Document the false positive pattern, escalate through the model governance process, obtain approval, and validate any threshold change before deployment

Question 4

A rules-based TM scenario is configured to alert on cash deposits exceeding $9,000 in a single transaction. A customer who owns a restaurant begins gradually increasing their weekly cash deposits from $3,000 to $8,500 over six months, never triggering the threshold. Which type of TM approach would be MOST likely to detect this pattern?

  1. The existing rules-based scenario, because the cumulative monthly total would eventually exceed the threshold
  2. A behavior-based model, because it would establish a baseline for this customer and alert when their deposit activity deviates significantly upward from that baseline
  3. A sanctions screening system, because frequent cash deposits may indicate a sanctions exposure
  4. An enhanced due diligence review, because cash-intensive businesses are automatically subject to heightened monitoring
Show answer & explanation

Correct answer: B - A behavior-based model, because it would establish a baseline for this customer and alert when their deposit activity deviates significantly upward from that baseline

Domain 3: ALERT INVESTIGATION 40% of exam

Question 5

A TM analyst is reviewing alerts for a retail customer, a small importer of textiles, who has recently received multiple cash deposits from several individuals the customer does not appear to know. Separately, the analyst discovers that the customer's overseas textile supplier has been paid in full despite the customer claiming they have not yet made the payment. The customer appears unaware of how the supplier was paid. There is no evidence the customer is involved in any wrongdoing. This activity is MOST consistent with:

  1. Structuring, because multiple individuals are making deposits on behalf of one account
  2. Trade-based money laundering, because a cross-border trade transaction is involved
  3. Cuckoo smurfing, because a legitimate customer's account has been used - without their knowledge - to settle a drug debt owed to their overseas supplier
  4. A funnel account scheme, because funds from multiple sources are being consolidated before transfer
Show answer & explanation

Correct answer: C - Cuckoo smurfing, because a legitimate customer's account has been used - without their knowledge - to settle a drug debt owed to their overseas supplier

Question 6

A TM analyst is investigating a customer who is a mid-level government employee earning $60,000 per year. Over the past four months, the customer has made 12 transfers totalling $14,000 to an overseas religious organization in a jurisdiction flagged for terrorist activity. The customer's salary deposits are consistent and fully documented. There is no indication that the customer has any other income source or that any funds in the account are from criminal activity. This activity is MOST consistent with which financial crime typology?

  1. Money laundering, because the funds are being transferred overseas to obscure their origin
  2. Terrorist financing, because the funds - though from a legitimate source - are being directed toward an entity in a jurisdiction associated with terrorist activity
  3. Tax evasion, because a government employee is moving funds offshore without apparent business purpose
  4. Bribery and corruption, because a government official is making payments to a foreign organization
Show answer & explanation

Correct answer: B - Terrorist financing, because the funds - though from a legitimate source - are being directed toward an entity in a jurisdiction associated with terrorist activity

Question 7

A financial institution files a SAR on a business customer after a TM analyst completes a thorough investigation. Three days later, the relationship manager requests that the customer's account be closed because the bank no longer wants the relationship. The compliance officer approves the immediate account closure. Which concern does this sequence of events MOST directly raise?

  1. Indirect tipping off, because closing the account immediately after SAR filing may signal to the customer that they are under suspicion
  2. No concern, because closing a customer account is a standard risk management decision that is separate from the SAR filing process
  3. A breach of internal policy, because the relationship manager should not have been informed that a SAR was filed
  4. A procedural violation, because account closures following SAR filings must be delayed by at least 90 days
Show answer & explanation

Correct answer: A - Indirect tipping off, because closing the account immediately after SAR filing may signal to the customer that they are under suspicion

Question 8

A TM analyst is reviewing an alert for a freight forwarding company. The alert was triggered by a series of international wire transfers averaging $95,000 each. The customer's KYC file documents the business as a freight forwarder that sends regular overseas payments for logistics services, with expected transfers of $40,000-$50,000. The KYC file was last updated four years ago. The analyst notes the transaction type matches the KYC description and prepares to close the alert. What is the MOST significant error the analyst is at risk of making?

  1. No error - the activity type matches the KYC file, which is sufficient basis for closure
  2. Relying on stale KYC data, because the four-year-old file may not reflect the customer's current risk profile, and the transaction amounts are now double the documented expected range
  3. Failing to file a SAR, because the transaction amounts exceed the amounts documented in the KYC file
  4. Failing to contact the customer before closing the alert, which is required when transaction amounts exceed documented expectations
Show answer & explanation

Correct answer: B - Relying on stale KYC data, because the four-year-old file may not reflect the customer's current risk profile, and the transaction amounts are now double the documented expected range

Domain 4: OUTCOMES OF TRANSACTION MONITORING INVESTIGATIONS 25% of exam

Question 9

A TM analyst completes a thorough investigation of a complex series of transactions and concludes that the activity has no plausible legal explanation. The analyst documents their findings and recommends that a Suspicious Activity Report be filed. Who has the legal authority and responsibility to make the final decision on whether to file the SAR?

  1. The TM analyst, because they conducted the investigation and formed the reasonable suspicion
  2. The Money Laundering Reporting Officer (MLRO) or designated BSA Officer, as the individual authorised to make SAR filing decisions on behalf of the institution
  3. The compliance team collectively, through a majority vote on cases above a certain value threshold
  4. The senior TM analyst or team lead, because supervisory review is required before any SAR recommendation is acted upon
Show answer & explanation

Correct answer: B - The Money Laundering Reporting Officer (MLRO) or designated BSA Officer, as the individual authorised to make SAR filing decisions on behalf of the institution

Question 10

A financial institution filed a SAR on a customer six months ago based on a pattern of suspicious outbound wire transfers. The customer's account remains open and the same suspicious pattern has continued uninterrupted every month since the original SAR was filed. No law enforcement contact has been received. What is the institution's MOST appropriate course of action?

  1. No further SAR filings are required, because the original SAR already disclosed the suspicious activity to the relevant authority
  2. File continuing activity SARs to report the ongoing suspicious conduct, typically on a 90-day cycle, for as long as the activity persists
  3. Contact the relevant law enforcement agency directly to report the continued suspicious activity instead of filing additional SARs
  4. Close the customer's account immediately to terminate the institution's exposure and reporting obligations
Show answer & explanation

Correct answer: B - File continuing activity SARs to report the ongoing suspicious conduct, typically on a 90-day cycle, for as long as the activity persists

Ready for the real thing?

Practice hundreds more CTMA questions with instant scoring, weak-area drills, and full exam simulations.

Start the free practice test See pricing