Sharing of the same IP address by multiple customers during onboarding can indicate potential

fraud, identity manipulation, or collusion, and should be flagged for further investigation. This can be

a sign of synthetic identities or multiple accounts controlled by the same person.

Receipt of law enforcement requests (A) usually occurs post-onboarding, while the location (B) or use

of foreign IDs (C) is not inherently suspicious.

When determining highest-risk customers under a risk-based approach, firms must consider

transaction patterns, jurisdictions, counterparties, and destinations:

B: Large deposits by a student, rapidly converting to crypto and sending to another VASP, suggest

potential layering and third-party funding risk.

D: Daily inbound transfers from a foreign VASP to a private (unhosted) wallet indicate consistent

high-risk exposure — especially cross-border transactions involving unregulated or weakly regulated

jurisdictions.

While VPN use (A) can be a red flag, on its own it is lower risk than significant suspicious fund flows.

Paying suppliers in crypto (C) can be legitimate for businesses. A large donation to a charity (E) could

be flagged depending on jurisdiction and cause, but is generally less inherently suspicious than B and

D unless linked to high-risk entities.

FATF, DFSA, and FSRA AML rules stress that ongoing monitoring should identify these high-frequency,

high-value, cross-border crypto flows as priority for Enhanced Due Diligence (EDD) and possible

Suspicious Transaction Reports (STRs).

A 51% attack refers to a situation where a single miner or group controls more than 50% of the

blockchain network’s computational (hashing) power. This majority control allows them to

manipulate the blockchain ledger by double-spending or blocking transactions.

This term is widely recognized in blockchain security contexts and is referenced in typology papers on

crypto financial crime risks, including those issued by UAE authorities and FATF.

Supporting extracts:

DFSA AML thematic reviews mention the risk of manipulation and double spending in blockchains

susceptible to 51% attacks.

Typology reports on cryptoasset risks highlight computational power concentration as a core

vulnerability.

“51% refers to the percentage of total mining power or computational power in the network” is the

standard definition across crypto AML/CFT frameworks【31.92._TFS_Typology_Paper_Eng__4.pdf;

AMLCFT_Guidance_for_FIs.pdf】.

Thus, C is correct.

FATF defines VASPs as entities that conduct one or more of the following activities:

Exchanging one or more forms of virtual assets (B),

Providing financial services related to initial coin offerings (ICOs) (C),

Exchanging virtual assets for fiat currencies or vice versa (D).

Mining operations (A) and software creation (E) are excluded from the VASP definition as they do not

involve financial intermediation. Initial public offerings (IPOs) (F) pertain to traditional securities and

are outside the scope of VASP activities.

This definition aligns with FATF Recommendation 15 and DFSA regulatory frameworks.

A risk-based approach to customer due diligence requires considering all relevant risk factors

including customer profile, the nature and purpose of the account or relationship, geographic risks,

transaction patterns, and other relevant factors. This ensures that CDD intensity is commensurate

with assessed risk.

Assessing only location (A) or transaction thresholds (B) is insufficient alone. Applying uniform CDD

measures (C) contradicts the risk-based approach advocated by FATF and DFSA regulations.

DFSA AML guidance explicitly requires comprehensive risk assessment considering multiple variables

to determine appropriate due diligence levels.

Suspicious Activity Reports (SARs) are a critical tool for law enforcement agencies. They are primarily

used to develop intelligence on potential new criminal targets and to confirm or expand information

about existing investigations. SARs do not serve as direct evidence of money laundering in court but

provide leads and context that enable law enforcement to build cases.

The DFSA’s thematic reviews and AML guidance clarify that SARs assist in identifying emerging crime

patterns and help intelligence units track suspicious transactions over time. They also allow law

enforcement to corroborate data from other sources.

SARs help:

Develop intelligence on new targets (C) by revealing previously unknown suspicious behavior.

Confirm or develop information on existing targets (D) by adding transactional data and context.

Identifying regulatory failings (A) is primarily a supervisory function, and SARs themselves are not

evidence for prosecution (B) but intelligence inputs.

Therefore, options C and D are correct.

The primary purpose of a security audit for smart contracts is to protect investors’ funds by

identifying vulnerabilities, coding errors, and weaknesses in the smart contract or underlying

protocol that could be exploited. This proactive approach helps prevent hacks, exploits, and financial

loss.

While performance issues (B) may be noted, the critical concern is security. Identifying bad actors (C)

is not within the scope of a code audit but is a broader operational issue. Copyright concerns (A) are

unrelated.

AML and crypto governance frameworks underline the importance of security audits to mitigate

operational risks in DeFi and other smart contract-based applications.

The risks posed by different payment methods fall under the products and services risk category

because payment methods are specific services and products offered by financial institutions or

businesses. This category assesses inherent risks linked to how products are designed and used.

Geographical (A) relates to location risks; customers (B) relates to the nature of customers; new

technologies (C) covers emerging tools but payment methods are classified under products/services.

DAOs are decentralized organizational structures where protocol governance and operational

decisions are made collectively by token holders or participants rather than centralized

management. This group voting and consensus determine how the protocol functions.

DAOs do not rely on traditional contracts (D) nor necessarily require ongoing human managerial

control (A). They are not simply funds with boards voting (C) but represent decentralized governance

mechanisms.

FATF defines VASPs as entities that conduct certain specified activities involving virtual assets.

Licensing or registration as a VASP is required primarily for entities engaged in activities such as

safekeeping and/or administration of virtual assets or conducting exchanges between one or more

forms of virtual assets.

Cryptocurrency mining operations (A) and operating blockchain nodes (C) are generally excluded

from the VASP definition because they do not involve handling customer funds or providing financial

services. Virtual money service businesses (D) is a broader term that may include VASPs but not all

such businesses fall under VASP regulations unless they meet the activity criteria.

This aligns with the DFSA AML Module and FATF Recommendation 15, which regulate entities

providing virtual asset custody or exchange services to customers and require them to be licensed or

registered.