Home › Career Guides › AML Interview Questions and Answers (2025)

Top 50 AML Interview Questions and Answers (2025 Guide)

This guide provides 50 AML interview questions and answers to help you prepare for roles such as AML Analyst, KYC Analyst, Financial Crime Investigator, Transaction Monitoring Analyst, and Crypto Compliance Officer.

The first 25 questions cover core AML concepts, KYC, CDD/EDD, sanctions and SAR/STR. The remaining 25 go deeper into transaction monitoring, crypto AML and advanced risk-based scenarios.

Core AML Interview Questions (1–25)

1. What is AML and why is it important?

Anti-Money Laundering (AML) refers to the laws, controls, and procedures designed to prevent criminals from disguising illegal funds as legitimate income. It is important because it:

• Protects financial systems from being used for crime and terrorism.
• Reduces regulatory, legal and reputational risk for institutions.
• Maintains trust in the banking, fintech and crypto ecosystem.

2. What are the three stages of money laundering?

The classic three stages are:

• Placement: Introducing illicit funds into the financial system (e.g., cash deposits, buying crypto).
• Layering: Moving funds through multiple transactions to obscure the origin (e.g., wires, shell companies, mixers).
• Integration: Re-introducing "cleaned" funds into the economy as apparently legitimate assets.

3. What is the difference between AML and KYC?

KYC (Know Your Customer) focuses on identifying and verifying the customer. AML is the broader framework that includes KYC, transaction monitoring, sanctions screening, SAR/STR reporting, and an overall risk-based approach. In short: KYC is one part of AML.

4. What is Customer Due Diligence (CDD)?

CDD is the standard level of due diligence performed on most customers. It includes:

• Identifying the customer and collecting KYC data.
• Verifying identity and address using reliable documents or data.
• Understanding occupation, products used and expected activity.
• Assigning an initial risk rating (e.g., low/medium/high).

5. What is Enhanced Due Diligence (EDD)?

EDD is a deeper level of due diligence applied to high-risk customers. It normally involves:

• Collecting additional documentation (e.g., source of wealth, contracts, financial statements).
• More detailed background checks and adverse media searches.
• Senior compliance or MLRO review and approval.
• More frequent ongoing monitoring and periodic reviews.

6. Who is a PEP and why are PEPs considered high-risk?

A PEP (Politically Exposed Person) is an individual who holds a prominent public function, or has held one in the recent past. PEPs, their family members, and close associates are considered higher risk because they:

• Have increased exposure to bribery and corruption.
• May influence public contracts, budgets and state assets.
• Can be targeted or used to move illicit funds.

7. What is sanctions screening?

Sanctions screening is the process of checking customers, entities, and in some cases transactions or wallets against official sanctions lists (e.g., OFAC, UN, EU, UK). The goal is to avoid doing business with sanctioned individuals, companies, countries, vessels or crypto wallets.

8. What is the difference between screening and monitoring?

Screening usually happens at onboarding or when data changes (names, entities, wallets) and focuses on identifiers like names, DOB, and sanctions/PEP status. Monitoring is the ongoing review of customer transactions and behaviour over time to identify suspicious activity.

9. What is a risk-based approach (RBA) in AML?

A risk-based approach means institutions apply stronger controls where risk is higher, and simpler controls where risk is lower. Instead of treating every customer the same, you:

• Assess the inherent risk (customer type, geography, products, delivery channels).
• Apply CDD for standard risk and EDD for high risk.
• Adjust monitoring rules and thresholds based on risk segment.

10. What is a SAR/STR and when do you file one?

A Suspicious Activity Report (SAR) or Suspicious Transaction Report (STR) is filed with the Financial Intelligence Unit (FIU) when there are reasonable grounds to suspect money laundering, terrorist financing or other financial crime.

You file a SAR/STR when:

• There is unusual or unexplained transaction behaviour.
• The customer refuses to provide required information.
• Funds appear linked to high-risk jurisdictions or illicit typologies.
• Internal investigation concludes there is a basis for suspicion.

11. What is the difference between source of funds (SOF) and source of wealth (SOW)?

Source of Funds (SOF) refers to the origin of the specific money used in a transaction or relationship (salary payment, business revenue, loan proceeds). Source of Wealth (SOW) refers to how the customer built their overall wealth over time (career history, ownership of businesses, investments, inheritance).

EDD typically requires both SOF and SOW to be reasonably understood and documented.

12. What is UBO (Ultimate Beneficial Owner) and why is it important?

A Ultimate Beneficial Owner (UBO) is the individual who ultimately owns or controls a customer entity, even if they do not appear directly on registration documents. Identifying UBOs is critical because:

• Ownership can be hidden behind layers of companies and nominees.
• UBOs may be PEPs, sanctioned or linked to criminal activity.
• Regulators expect institutions to "look through" structures to find real controllers.

13. What is structuring or smurfing?

Structuring (smurfing) is the deliberate breaking up of large transactions into smaller ones to avoid reporting thresholds or detection. Examples include:

• Multiple cash deposits just below the reporting threshold.
• Using several accounts or cards to move funds in small amounts.
• In crypto, sending many smaller on-chain transfers instead of one large transfer.

14. What is adverse media screening and why is it useful?

Adverse media screening checks for negative news about a customer, beneficial owner or related party. It helps identify:

• Links to fraud, corruption, tax evasion or organized crime.
• Previous regulatory actions, fines or investigations.
• Reputational issues that may not yet appear in official lists.

15. What is ongoing monitoring?

Ongoing monitoring is the continuous review of customer activity and risk after onboarding. It includes:

• Transaction monitoring (rules and models).
• Periodic KYC file reviews.
• Re-screening against sanctions/PEP lists.
• Updating risk ratings when behaviour or information changes.

16. What is "de-risking" in AML?

De-risking occurs when a bank, fintech or VASP terminates or restricts relationships with certain customers, sectors or regions because the perceived AML risk is too high compared to the institution's risk appetite or control capabilities.

17. What is a false positive in name screening? How do you handle it?

A false positive occurs when a screening system flags a name as a potential match to a sanctions or PEP record, but the alert is actually for a different person/entity with a similar name.

To resolve it, analysts compare:

• Date of birth and place of birth.
• Address and nationality.
• Occupation and other identifiers.
• Context from the underlying record.

18. What is KYT (Know Your Transaction)?

Know Your Transaction (KYT) focuses on understanding and assessing the risk of individual transactions or flows, not just the customer profile. KYT involves:

• Checking if transactions match the customer's expected activity.
• Reviewing counterparties, channels and geographies involved.
• In crypto, analysing on-chain paths and wallet risk scores.

19. How do AML risks differ in crypto compared to traditional banking?

Crypto introduces additional risks due to:

• Pseudonymity: Wallets are not tied to names by default.
• Speed and global reach: Funds move 24/7 across borders.
• DeFi and NFTs: New ways to move and hide value.
• Mixers and privacy tools: Used to obscure transaction trails.

20. What is transaction monitoring in AML?

Transaction monitoring is the process of analysing customer transactions over time to identify suspicious patterns. It uses rules, scenarios and sometimes machine learning to flag:

• Unusual spikes in activity.
• Structuring patterns.
• High-risk counterparties or jurisdictions.
• Crypto typologies in VASPs and exchanges.

21. What are typical AML red flags you look for?

Examples of red flags include:

• Transactions inconsistent with known profile or business model.
• Frequent cash deposits or crypto deposits followed by immediate withdrawals.
• Use of third parties without clear economic purpose.
• Multiple accounts controlled by the same individual.
• Links to high-risk or sanctioned countries.
• Exposure to wallets tagged as scams, darknet or ransomware (in crypto).

22. What tools are commonly used for AML and crypto AML?

Common tools include:

• Screening tools: For sanctions, PEPs and adverse media.
• Transaction monitoring systems: Rules and scenarios across customer accounts.
• Blockchain analytics tools: Chainalysis, TRM Labs, Elliptic, CipherTrace, etc.
• Case management systems: For investigations, documentation and SAR workflows.

23. What is perpetual KYC or continuous KYC?

Perpetual KYC means that customer data and risk profiles are updated continuously rather than only during scheduled periodic reviews. It relies on:

• Real-time data feeds.
• Automatic triggers (e.g., major transaction changes, new adverse media).
• Dynamic risk scoring that updates as new information arrives.

24. How would you prioritise AML alerts if you receive many at once?

A structured approach could be:

• Prioritise alerts involving sanctions hits, PEPs or high-risk countries.
• Next, focus on large value or high-velocity transactions.
• Consider customer risk rating and previous history.
• Use system risk scores or severity levels where available.
• Document the triage logic clearly in the case notes.

25. What are the main responsibilities of an AML Analyst?

Typical responsibilities include:

• Reviewing alerts generated by monitoring systems.
• Investigating suspicious activity using internal and external data.
• Escalating high-risk cases to senior compliance or MLRO.
• Supporting SAR/STR preparation and filing.
• Participating in KYC/CDD/EDD reviews.
• In crypto environments, using blockchain analytics tools to analyse wallets and flows.

Advanced AML & Crypto AML Interview Questions (26–50)

26. How does AML differ in banks, fintechs and crypto exchanges?

The AML principles are the same (KYC, monitoring, SARs), but the risk profile and technology differ:

• Banks: Mature processes, heavy regulation, large volumes across multiple products (loans, deposits, trade finance).
• Fintechs: Faster onboarding, more automation, often focused on payments/cards; risk around speed, scale and partner banks.
• Crypto exchanges/VASPs: Pseudonymous wallets, on-chain movement, DeFi/NFT exposure, Travel Rule and blockchain analytics.

In interviews, highlight that in crypto you must combine traditional AML skills with on-chain analytics and VASP regulations.

27. How would you investigate a high-value transaction to a sanctioned or high-risk country?

A structured answer should include:

• Review customer KYC, risk rating and business profile.
• Check the purpose of the payment and supporting documents (invoices, contracts).
• Verify whether the counterparty or bank/wallet is explicitly sanctioned.
• Check previous history with the same counterparty or country.
• Consult sanctions/compliance team if the jurisdiction has complex restrictions.
• Document reasoning and, if suspicion remains, consider SAR/STR filing and potential blocking/freezing where required by law.

28. What steps do you follow when working an AML alert from start to finish?

A clean workflow:

1. Open the alert: Understand the rule/scenario that triggered it.
2. Review customer profile: KYC, risk rating, occupation, products.
3. Analyse transactions: Time period, amounts, patterns, counterparties.
4. Compare with expected behaviour: Based on KYC and previous activity.
5. Check external data: Adverse media, sanctions, on-chain analytics (for crypto).
6. Document analysis: Facts, reasoning, and conclusion.
7. Disposition: Close as false positive, escalate, or recommend SAR/STR.

29. How do you explain the KYC / CDD lifecycle?

The lifecycle typically includes:

1. Onboarding: Collect KYC, perform CDD, risk-rating and decision to onboard or reject.
2. Ongoing monitoring: Watch transactions and behaviour against expected profile.
3. Periodic reviews: Refresh KYC at defined intervals, more frequent for high-risk customers.
4. Event-driven reviews: Triggered by major changes (ownership, large spikes, new products, adverse media).
5. Exit / offboarding: Where risk is too high or customer is non-cooperative.

30. What is a transaction monitoring scenario? Give an example.

A scenario is a rule or model that describes a pattern of behaviour associated with potential ML/TF risk.

Example: "Structuring cash deposits" – multiple cash deposits just below the reporting threshold over a short period, followed by outward transfers.

In crypto, an example is "rapid in-and-out to mixers" – multiple incoming deposits followed by quick transfers to mixing services or high-risk wallets.

31. How would you reduce false positives in AML monitoring?

Ways to reduce false positives without weakening controls:

• Fine-tune thresholds based on realistic behaviour for each segment.
• Segment customers (retail, corporate, high-net-worth, crypto traders, etc.).
• Use better data quality (correct customer risk ratings, updated KYC).
• Incorporate risk scoring and combine multiple factors rather than single triggers.
• Use feedback from investigations to adjust rules over time.

32. Give an example of a money laundering typology you've studied.

One example: Trade-Based Money Laundering (TBML).

Criminals over- or under-invoice goods, falsify shipping documents or move low-value goods with high declared values to move funds across borders under the cover of legitimate trade.

In a crypto context, a similar typology is using OTC trades and P2P platforms to move large amounts under the radar of traditional controls.

33. How would you assess a high-risk corporate customer?

For a high-risk corporate, you would:

• Understand the business model and revenue flows.
• Identify and verify UBOs and controllers.
• Check jurisdictions of incorporation, operation and key counterparties.
• Review financial statements where available.
• Perform adverse media and litigation checks.
• Assess expected transaction volumes and patterns.
• Apply EDD and higher frequency of reviews and monitoring.

34. What is FATF and what is its role in AML?

The Financial Action Task Force (FATF) is an inter-governmental body that sets global standards for AML/CFT. It issues:

• 40 Recommendations for AML/CFT frameworks.
• Guidance papers on emerging risks (e.g., virtual assets, beneficial ownership).
• Mutual evaluation reports on how countries implement AML/CFT.

35. What is the Travel Rule and how does it apply to crypto?

The Travel Rule requires that certain customer information (originator and beneficiary) "travels" along with the transfer when funds move between institutions. For crypto:

• It applies to transfers between VASPs over a certain threshold.
• VASPs must exchange and store required KYC data.
• Implementation involves Travel Rule messaging protocols and screening of counterpart VASPs.

36. How would you handle customer exposure to mixers or privacy coins in crypto?

A strong answer:

• Use blockchain analytics to quantify the exposure (amount, frequency, counterparties).
• Check rationale: is there any legitimate explanation or business need?
• Escalate to compliance for risk assessment and potential EDD.
• Consider enhanced monitoring, restrictions or offboarding if risk is too high.
• Document the case thoroughly in case of regulatory review.

37. What would you do if a high-risk customer refuses to provide EDD documents?

Non-cooperation is itself a red flag. You should:

• Explain clearly why the documents are required under regulation and policy.
• Set a reasonable deadline for response.
• If the customer still refuses, escalate to senior compliance or MLRO.
• Consider declining the relationship or exiting it where permitted.
• If suspicious activity is involved, evaluate the need to file a SAR/STR.

38. What key documents do you review in EDD for a corporate client?

Typical items include:

• Incorporation documents and company registry extracts.
• Shareholder and UBO structure charts.
• Financial statements or management accounts.
• Contracts or invoices supporting major transactions.
• Board resolutions and signatory lists.
• Adverse media searches and any regulatory actions.

39. How would you prioritise multiple EDD reviews with tight deadlines?

A practical answer:

• Prioritise by risk level (jurisdiction, sector, transaction size).
• Check regulatory or internal SLA deadlines first.
• Flag any potential licensing or regulator-sensitive accounts to the manager.
• Split work into clear steps (KYC review, structure mapping, documents, media).
• Communicate early if resources are insufficient so timelines can be adjusted.

40. How do you stay updated on AML and crypto AML regulations?

A good candidate mentions:

• Following FATF, FIU and regulator updates.
• Reading industry reports, typology updates and enforcement actions.
• Attending webinars, courses or certifications related to AML and crypto.
• Using internal training and policy updates from the employer.

41. Describe the end-to-end SAR process in your own words.

A solid answer:

1. Suspicious behaviour is detected (via alerts, referrals or manual observation).
2. An analyst investigates and documents facts, patterns and rationale.
3. The case is escalated to MLRO or SAR committee if suspicion remains.
4. The SAR/STR is drafted with a clear narrative and submitted to the FIU.
5. The institution maintains confidentiality and avoids "tipping off" the customer.
6. Post-filing, the relationship is re-assessed for ongoing risk or exit.

42. What would you do if your manager disagrees with your suspicion on a case?

You should:

• Present the facts and explain your reasoning calmly and clearly.
• Be open to feedback and additional context you may have missed.
• Request guidance on how similar cases were treated in the past.
• Document the final decision and rationale in the case file.
• Ultimately respect the escalation and governance structure in place.

43. What KPIs can be used to measure AML effectiveness?

Example KPIs:

• Alert volumes vs. SAR filing rates.
• % of alerts closed as true positive vs. false positive.
• Average time to investigate and close alerts.
• Completion rate of periodic reviews on time.
• Number of regulatory findings versus previous cycles.
• Quality metrics on SAR narratives.

44. How do you balance AML compliance with data privacy requirements?

Key points:

• Process customer data under lawful AML obligations and legitimate interest.
• Limit access to "need-to-know" staff only.
• Retain data only for the legally required period.
• Apply strong security controls for SAR and investigation files.
• Align with internal privacy policies and applicable regulations (e.g., GDPR-style principles).

45. What is FCC (Financial Crime Compliance) and how is it broader than AML?

Financial Crime Compliance (FCC) covers AML, CTF, sanctions, anti-fraud, anti-bribery and corruption, tax evasion and sometimes market abuse. AML is one component within FCC. In senior roles, interviewers expect you to think in terms of the wider financial crime risk framework, not only AML.

46. How would you explain a complex AML concept to a non-compliance stakeholder?

Good answers show communication skills. Example:

• Avoid jargon and use simple language.
• Use a short real-world example instead of pure theory.
• Explain why the control matters for their role (e.g., sales, product, technology).
• Focus on risk and consequences: regulatory fines, licence impact, reputational damage.

47. How do you document your analysis in an AML case file?

Strong documentation includes:

• Clear timeline of events and transactions.
• Summary of customer background and risk.
• What you reviewed (systems, tools, documents).
• Key findings and why they are or are not suspicious.
• Final decision, approvals and next steps.

48. What skills make a strong AML or crypto AML analyst?

Interviewers usually look for a mix of:

• Analytical skills: Pattern recognition, logical reasoning.
• Attention to detail: Errors in names, dates, amounts can change a case.
• Regulatory understanding: Basics of AML rules and expectations.
• Communication: Writing clear case summaries and SAR narratives.
• Technology comfort: Using AML systems, blockchain analytics and data tools.
• Integrity: Handling sensitive data and difficult decisions.

49. How would you answer: "Why do you want to work in AML / financial crime?"

A strong and honest answer might include:

• Interest in investigative work and problem-solving.
• Motivation to help stop fraud, corruption, human trafficking or sanctions evasion.
• Desire to build a long-term career in compliance, where skills are in global demand.
• Specific interest in crypto and new technologies if the role is in that area.

50. Where do you see AML and crypto compliance heading in the next 3–5 years?

A forward-looking answer:

• More AI-driven monitoring and fewer manual alerts.
• Closer alignment between banking and crypto regulation.
• Stronger focus on cross-border enforcement and information sharing.
• Increased expectations for skills in both AML and technology (data, blockchain, analytics).
• Growing importance of certified, globally recognized credentials to prove expertise.