ABA · CAFP
The ABA CAFP certifies financial professionals in anti-money laundering and fraud prevention within U.S. banking institutions. It validates expertise across assessment, investigation, reporting, and remediation of financial crimes.
Questions
750
Duration
180 minutes
Passing Score
500/800
Difficulty
ProfessionalLast Updated
Mar 2026
Use this CAFP practice exam to prepare for Certified AML and Fraud Professional (CAFP) with realistic questions, detailed explanations, and focused study modes. The practice bank includes 750 questions for ABA CAFP, so you can review the exam steadily instead of relying on one long cram session.
As you practice, pay extra attention to recurring topics such as BSA/AML Compliance, Fraud Detection and Prevention, Financial Crimes Assessment, Investigations, and Regulatory Reporting. Start with short sessions to identify weak areas, then move into timed quizzes once your accuracy is consistent.
The explanations are especially useful when you want to connect exam wording to the responsibilities and scenarios described in the official certification guidance. Use the free preview first, then unlock the full question bank when you are ready to build a complete study routine.
The ABA Certified AML and Fraud Professional (CAFP) is an advanced-level credential issued by the American Bankers Association (ABA) that validates a financial professional's expertise in anti-money laundering (AML) and fraud prevention within U.S. banking institutions. The certification tests competency across the full lifecycle of financial crimes response: assessing risk and identifying suspicious activity, conducting thorough investigations, fulfilling regulatory reporting obligations, and executing remediation strategies. It is grounded in U.S. laws and regulations, including the Bank Secrecy Act (BSA), the USA PATRIOT Act, and federal fraud statutes.
The CAFP was developed by an advisory board of financial crimes practitioners to reflect real-world job tasks performed by competent professionals in the field. It covers traditional AML and fraud disciplines as well as emerging threats such as cyber-enabled financial crimes. The credential signals to employers that a professional possesses both the theoretical knowledge and practical application skills required to protect banking institutions from money laundering, fraud, terrorist financing, and related financial crimes.
The CAFP is designed for experienced financial crimes professionals employed within U.S. banking institutions. Suitable candidates include BSA/AML compliance officers, fraud investigators, financial crimes analysts, risk managers, internal auditors, compliance consultants, and state or federal bank examiners and law enforcement personnel working with financial institutions. The certification is also relevant for professionals in legal, operations, and cyber units who deal with financial crimes detection or response.
Candidates are expected to have hands-on, U.S.-based banking experience in BSA/AML compliance, fraud detection, or cyber-enabled financial crimes. Because the exam is grounded in U.S. laws and regulations, it is specifically suited to professionals operating within the U.S. banking regulatory environment, rather than general financial services or international practitioners.
ABA requires candidates to meet one of three eligibility pathways before sitting for the CAFP exam. The first pathway requires a minimum of two years of qualifying U.S. banking financial crimes experience plus completion of at least one approved BSA/AML or fraud training program. The second pathway requires a minimum of two years of qualifying experience plus current holding of at least one approved professional certification (such as CAMS, CFE, CRCM, CIA, or CBAP). The third pathway is available to candidates with five or more years of qualifying financial crimes experience, with no additional training or certification requirement.
All candidates must have direct experience in BSA/AML compliance, fraud detection, and/or cyber-enabled financial crimes within a U.S. banking context. Non-U.S. experience does not satisfy the eligibility criteria. Candidates must also agree to the ABA Professional Certifications Code of Ethics upon application. ABA reviews applications and notifies candidates of approval or denial within approximately two weeks of submission.
The CAFP exam consists of 150 multiple-choice questions to be completed within 180 minutes (3 hours). The exam is scored on a scale with a passing score of 500 out of 800. Calculators are provided at testing sites. Exams are administered through Meazure Learning either at physical U.S. test sites or via live remote proctoring (LRP) through the ProctorU platform, which allows candidates to test from a private location with a live remote proctor, provided they meet the technical requirements.
The exam is offered during a defined testing window (for example, July 1–31 of a given year), and candidates must apply by the published application deadline. For most computer-based exams taken at test sites, candidates receive an instant Pass/Fail result upon completion. Official score reports are delivered via email within six weeks after the close of the exam window. The exam fee is $575 USD, and a non-refundable $100 application fee is retained if an application is denied.
Earning the CAFP positions professionals for advancement into senior financial crimes roles such as BSA Officer, AML Program Manager, Fraud Director, Chief Compliance Officer, or Financial Crimes Consultant. The designation demonstrates a validated, practitioner-level competency in a specialized and increasingly regulated domain, differentiating holders from peers who rely solely on general compliance or audit credentials. Employers in the U.S. banking sector — including commercial banks, credit unions, and federal regulatory agencies — actively seek professionals who can demonstrate this level of expertise as financial crimes compliance obligations intensify.
The credential is issued by the American Bankers Association, the principal trade association for U.S. banks, lending it strong industry recognition among domestic banking employers and regulators. Holding the CAFP alongside or in place of related credentials such as CAMS (ACAMS) or CFE (ACFE) can broaden a professional's appeal, as CAFP is uniquely focused on the intersection of both AML and fraud within the U.S. banking regulatory framework. Continuing education requirements for renewal ensure that certified professionals maintain current knowledge, reinforcing the credential's long-term value to employers.
5 sample questions with answers and explanations. Start a practice session to test yourself across all 750 questions.
Preview — answers shown1. Fabrikam Metro Bank's compliance team is reviewing the bank's whistleblower program to ensure it complies with both Sarbanes-Oxley (SOX) and Dodd-Frank requirements. The team needs to understand the key differences between the two frameworks. Which statement correctly distinguishes the SOX and Dodd-Frank whistleblower protections? (Select one!)
Explanation
SOX and Dodd-Frank provide complementary but distinct whistleblower frameworks. SOX Section 806 prohibits retaliation against employees who report suspected securities fraud internally, with a 180-day statute of limitations requiring filing with OSHA. Dodd-Frank expands protections by offering financial incentives of 10-30% of monetary sanctions exceeding $1 million collected by the SEC, with a longer 6-year statute of limitations and the ability to file directly in federal court. The first option reverses the frameworks' incentive structures. The two laws have significantly different requirements and protections beyond just the statute of limitations. Both laws apply broadly across financial institutions, not limited by institution type.
2. Adatum Metro Bank's fraud team is investigating potential synthetic identity fraud across its consumer lending portfolio. The team needs to identify the most reliable red flags. Which combination of indicators most strongly suggests synthetic identity fraud? (Select two!)
Multiple correct answersExplanation
Synthetic identity fraud — the fastest-growing financial crime in the U.S. with $20 billion in losses in 2020 — involves combining a real Social Security Number (often from children, elderly, homeless, or deceased individuals) with fabricated personal information. The two strongest indicators are: multiple identities sharing the same SSN but with different biographical information (indicating the SSN is being used to build multiple synthetic identities), and an SSN-age mismatch combined with a thin credit file showing sudden activity (indicating the SSN belongs to someone whose age doesn't match the applicant's claimed age, such as a child's SSN being used by an adult). Long credit history customers requesting limit increases represents normal banking behavior. International wire transfers to high-risk jurisdictions suggest money laundering rather than synthetic identity fraud. Consistent 10-year account activity is the opposite of synthetic identity patterns.
3. Northwind Community Bank's compliance team is training new analysts on the Travel Rule requirements. A customer requests a funds transfer of $4,500 to a beneficiary at another domestic bank. Under the Travel Rule (31 CFR 1010.410(f)), which information must the transmitting bank include with this transfer? (Select two!)
Multiple correct answersExplanation
The Travel Rule (31 CFR 1010.410(f)) applies to funds transfers of $3,000 or more. Since this transfer is $4,500, it exceeds the threshold. The transmitting institution must include and send with the transfer: the transmittor's name, address, and account number; the amount of the transfer; the execution date; the identity of the recipient's financial institution; and as many of the following as are received: the name and address of the recipient. The transmittor's complete transaction history is not required under the Travel Rule. Social Security numbers and dates of birth are CIP data elements, not Travel Rule requirements. Beneficial ownership information and source of funds documentation are CDD and EDD elements, not Travel Rule transmittal requirements. Records must be retained for 5 years under the Travel Rule.
4. Litware National Bank's fraud analytics team is deploying a new supervised machine learning model to improve SAR conversion rates in its transaction monitoring system. During testing, the model reduces false positives by 55% compared to the existing rule-based system. However, the model struggles to explain individual alert decisions in terms readily understandable to compliance analysts. Which approach BEST addresses this challenge while maintaining regulatory compliance? (Select one!)
Explanation
SR 11-7 model risk management guidance requires that models be documented sufficiently for parties unfamiliar with the model to understand its operation, including how decisions are made. SHAP (SHapley Additive exPlanations) and LIME (Local Interpretable Model-agnostic Explanations) are industry-standard frameworks specifically designed to provide interpretable explanations for individual predictions from complex machine learning models. These tools can generate feature-importance scores showing which transaction attributes most influenced each alert decision, satisfying regulatory documentation requirements while preserving the model's performance benefits. Reverting to rule-based systems sacrifices the 55% false positive reduction, which represents significant efficiency gains that allow analysts to focus on truly suspicious activity. Accepting reduced transparency without mitigation violates SR 11-7's documentation and explainability requirements. Limiting the model to low-risk segments artificially restricts its value and does not address the fundamental explainability requirement, which applies regardless of customer risk level.
5. Fabrikam Savings Bank's BSA officer is explaining the three lines of defense model to the bank's board of directors during an annual compliance briefing. A board member asks who should report the results of independent BSA/AML testing. Which statement correctly describes the reporting structure for the third line of defense? (Select one!)
Explanation
Under the three lines of defense model, the third line — internal audit — maintains independence by reporting directly to the board of directors or its designated audit committee. This independence is critical because it ensures the board receives unfiltered information about the effectiveness of both the first line (business units) and second line (compliance and risk management). Reporting through the BSA officer, chief operating officer, or the compliance team would compromise this independence and create conflicts of interest, as these parties are part of the first or second line being evaluated. Regulatory guidance consistently emphasizes that audit findings must reach the board without being filtered through management.
Certified Financial Marketing Professional (CFMP)
CFMP · 750 questions
Certified Enterprise Risk Professional (CERP)
CERP · 749 questions
Certified IRA Services Professional (CISP)
CISP · 700 questions
Certified Regulatory Compliance Manager (CRCM)
CRCM · 700 questions
Certified Trust and Fiduciary Advisor (CTFA)
CTFA · 699 questions
$17.99
One-time access to this exam