The USA PATRIOT Act is a comprehensive legislation that was enacted in 2001 to enhance the powers and tools of the US authorities to combat money laundering, terrorist financing, and other threats to the national security and the integrity of the financial system. The USA PATRIOT Act contains several provisions that affect the relationship between US banks and foreign banks that maintain correspondent accounts in the US.
One of these provisions is Section 319, which allows the US authorities to seize the funds of a foreign bank held with a US bank, if the foreign bank refuses to comply with a subpoena or a request for records related to the correspondent account. This provision is intended to prevent foreign banks from using their correspondent accounts in the US to facilitate transactions involving tainted funds, such as proceeds of crime, funds intended to support terrorism, or funds subject to sanctions or asset freezing orders. Section 319 also requires US banks to maintain records of the owners and agents of foreign banks that have correspondent accounts with them, and to terminate such accounts if requested by the US authorities.
Therefore, if a foreign bank maintains a correspondent account in the US, and the US authorities find out that the account has been used to facilitate a transaction involving tainted funds, the US authorities can seize the funds of the foreign bank held with the US bank, under the authority of the USA PATRIOT Act.
CAMS Study Guide - 6th Edition, Chapter 1, Section 1.2, page 10
USA PATRIOT Act, Section 319, page 55-57
The USA PATRIOT Act: A Legal Analysis, Section III, page 9-10
[The USA PATRI
Reference: https://www.fincen.gov/fact-sheet-section-312-usa-patriot-act-final-regulation-and-notice- proposed-rulemaking

The activities that could be considered a potential spear phishing scam are:
A courier delivers a duplicate invoice to a business that contains updated payment details of an existing supplier. This could be a way of diverting funds to a fraudulent account by impersonating a legitimate vendor and exploiting the trust relationship between the business and the supplier1.
Payroll receives an external email from an employee looking to update their bank account information. This could be a way of stealing money from the employee or the employer by pretending to be the employee and requesting a change in the payment method or destination2.
An employee receives an email that asks to download an attachment, but the attachment is a malware. This could be a way of infecting the employee's computer or network with malicious software that could compromise sensitive data, disrupt operations, or demand ransom3.
The other options are not necessarily spear phishing scams, although they may be other types of fraud or deception. For example:
An employee receives a phone call requesting that money be sent to assist someone in trouble. This could be a vishing scam, which is a form of voice phishing that uses phone calls to solicit personal or financial information or to request money transfers4.
A business sends its employees an email warning that email passwords must be changed to prevent cyber- fraud. This could be a legitimate security measure, or it could be a phishing scam, which is a form of email phishing that targets a broad audience and tries to trick them into revealing their credentials or clicking on malicious links.
Members of a religious organization receive a donation request by email claiming to be from their leader. This could be a genuine appeal, or it could be a social engineering scam, which is aform of manipulation that exploits the human factor and relies on the victim's emotions, trust, or sympathy.
References:
ACAMS CAMS Certification Video Training Course - Exam-Labs3
Exam CAMS: Certified Anti-Money Laundering Specialist (the 6th edition)4 ACAMS Study Guide for the Certification Examination, 6th Edition, Chapter 3, page 53: https://www.acams.
org/wp-content/uploads/2019/08/ACAMS-Study-Guide-6th-Edition-Chapter-3.pdf ACAMS Study Guide for the Certification Examination, 6th Edition, Chapter 3, page 54: https://www.acams.
org/wp-content/uploads/2019/08/ACAMS-Study-Guide-6th-Edition-Chapter-3.pdf ACAMS Study Guide for the Certification Examination, 6th Edition, Chapter 3, page 55: https://www.acams.
org/wp-content/uploads/2019/08/ACAMS-Study-Guide-6th-Edition-Chapter-3.pdf ACAMS Study Guide for the Certification Examination, 6th Edition, Chapter 3, page 56: https://www.acams.
org/wp-content/uploads/2019/08/ACAMS-Study-Guide-6th-Edition-Chapter-3.pdf

Q Law enforcement may be given access to a financial institution customer's financial records if they serve a legal summons or subpoena, or if they have circumstantial evidence to suspect money laundering. These are two of the exceptions to the general rule that financial institutions must protect the privacy of their customers' financial information under the Right to Financial Privacy Act (RFPA) of 19781. The RFPA alsoallows access to customer records in other situations, such as with the customer's consent, in response to judicial orders, or for certain intelligence or counterintelligence purposes1.
Option A is incorrect because a suspicious transaction report (STR) does not automatically grant law enforcement access to the customer's financial records. The STR is a confidential document that is filed by the financial institution to the Financial Intelligence Unit (FIU) of the country, and the FIU may decide to share the information with law enforcement if it deems appropriate2. However, law enforcement still needs to follow the RFPA procedures to obtain the customer's records from the financial institution.
Option C is incorrect because the investigation of a customer being made public in the media does not give law enforcement the right to access the customer's financial records. The media exposure may raise the public interest or the urgency of the investigation, but it does not override the RFPA requirements. Law enforcement still needs to obtain a legal summons, subpoena, or other valid authorization to access the customer's records from the financial institution.
References:
1: Right to Financial Privacy Act of 1978, 12 U.S.C. §§ 3401-3422
2: ACAMS Study Guide for the CAMS Certification Examination, 6th Edition, Chapter
3: Compliance Standards for Anti-Money Laundering (AML) and Combating the Financing of Terrorism (CFT), p. 47

FIUs act as central hubs for financial crime intelligence, receiving and analyzingSuspicious Activity Reports (SARs)and other data to support law enforcement.
Option A (Correct):FIUscollect, analyze, and disseminate financial intelligencerelated tomoney laundering and terrorist financing.
Option B (Incorrect):FIUsdo not prosecute cases-they refer cases tolaw enforcement agenciesfor prosecution.
Option C (Incorrect):FIUs analyze financial crime data butdo not develop surveillance technology.
Option D (Incorrect):FIUs share intelligencewith law enforcement and regulatory bodies, not directly with private companies.
Types of FIUs and Their Roles:
A screenshot of a web page Description automatically generated

Key FIU Responsibilities:
Collect Suspicious Activity Reports (SARs)from financial institutions.
Analyze financial transactionsto identify money laundering patterns.
Disseminate intelligence to law enforcement and regulatory authorities.
Reference:
FATF Recommendation 29 (FIUs and Financial Intelligence Sharing)
Egmont Group Guidelines on FIU Information Sharing
EU Directive on the Role of FIUs in AML/CFT

Institutions that violate anti-money laundering laws may face various risks and consequences, such as legal, regulatory, reputational, and operational risks. As demonstrated by the 2012 HSBC settlement with United States authorities, two of the most significant risks are:
Forfeiture of assets. This means that the institution may have to surrender some or all of its assets that are related to the money laundering activities or violations. For example, HSBC agreed to forfeit $1.256 billion as part of its deferred prosecution agreement with the US Department of Justice1.
Civil money penalties. This means that the institution may have to pay fines or penalties to the government or other regulatory agencies for violating the anti-money laundering laws or regulations. For example, HSBC agreed to pay $665 million in civil money penalties to various US regulators, including the Office of Foreign Assets Control, the Federal Reserve Board, and the Office of the Comptroller of the Currency1.
The other two options, C and D, are not as common or relevant to the 2012 HSBC settlement. Loss of bank charter/license may occur in extreme cases where the institution is deemed unfit to operate or poses a serious threat to the financial system. Imprisonment of bank employees may occur if the employees are found guilty of criminal charges, such as fraud, conspiracy, or wilful violation of anti-money laundering laws. However, these outcomes are usually reserved for individuals, not institutions, and depend on the specific facts and circumstances of each case.
1: HSBC announces settlements with authorities, 2012, https://www.hsbc.com/-/files/hsbc/investors/stock- exchange-announcements/2012/december/2012-12-11-hsbc-announces-settlements-with-authorities.pdf
2: Settlement Agreement between the U.S. Department of the Treasury's Office of Foreign Assets Control and HSBC Holdings plc, 2012, https://ofac.treasury.gov/recent-actions/20121211_33
3: HSBC settles on record US fee, 2012, https://www.dw.com/en/hsbc-settles-in-us-money-laundering-probe
/a-16443391
4: HSBC pays record $1.9bn fine to settle US money-laundering accusations, 2012, https://www.theguardian.
com/business/2012/dec/11/hsbc-bank-us-money-laundering
5: HSBC to pay $1.9bn in US money laundering penalties, 2012, https://www.bbc.com/news/business-
20673466