Learn how Series 26 tests AML escalation, OFAC checks, CIP, CTR/SAR logic, and suspicious-activity documentation.
AML questions test whether the principal can recognize risk signals quickly and route them through the firm’s required controls. Series 26 expects knowledge of red flags, escalation obligations, CIP, OFAC checks, CTR and SAR concepts, and the broader AML framework under the Bank Secrecy Act and USA PATRIOT Act. The principal is not expected to act like law enforcement, but is expected to know when the firm must investigate, retain records, restrict activity, and report.
The exam often uses this section to test judgment under ambiguity. A fact pattern may not state that money laundering is definitely occurring. Instead, it will describe unusual activity, inconsistent account behavior, or missing identification details. The better answer is usually the one that escalates and documents the concern rather than rationalizing it away.
Series 26 also ties AML to ordinary account processes. If CIP is weak, if account designation is unclear, or if record retention is poor, the firm loses visibility into suspicious behavior. That is why AML is tested as part of compliance operations, not as a standalone criminal-law topic.
| If the fact pattern mentions… | Ask first… | Better principal instinct |
|---|---|---|
| missing or weak CIP | Does the firm actually know who the customer is? | Fix identity-control gaps before trusting the account profile. |
| unusual transaction pattern | Does the behavior fit the customer’s known purpose and profile? | Escalate unusual activity rather than inventing a benign explanation. |
| OFAC or sanctions issue | Has required screening and internal escalation occurred? | Treat sanctions screening as an immediate control issue. |
| SAR/CTR concepts | Does the scenario call for internal escalation and record support rather than rep-level discretion? | Focus on firm process and documentation, not on personal judgment alone. |
flowchart TD
A["Account activity or onboarding fact raises concern"] --> B["Review CIP, OFAC, account profile, and transaction pattern"]
B --> C{"Is the activity inconsistent, suspicious, or unsupported?"}
C -- "No" --> D["Retain records and continue monitoring"]
C -- "Yes" --> E["Escalate internally, document the concern, and follow AML reporting workflow"]
E --> F["Apply any account restrictions or next-step review required by policy"]
D --> F
Series 26 is testing whether the principal will use the AML process correctly under uncertainty. The stronger answer usually protects the firm through escalation and documentation before anyone decides the activity is harmless.
A customer’s activity becomes inconsistent with the account profile, and identification records were weak at account opening. What is the best Series 26 response?
A. Ignore the pattern unless a regulator asks about it
B. Let the representative decide informally whether the activity seems suspicious
C. Escalate through the firm’s AML process because both the behavior and the weak identification controls create risk
D. Focus only on whether the customer is profitable for the firm
Correct answer: C. Series 26 expects principals to recognize that suspicious activity and weak identity controls reinforce each other and should trigger AML escalation.