- The CCAS exam is divided across three domains weighted at 30%, 35%, and 35% respectively.
- Domain 2 (AML Foundations) and Domain 3 (Risk Management Programs) together account for 70% of your score.
- No passing score percentage is publicly disclosed; results are reported as pass or fail with scaled scoring.
- Candidates must demonstrate applied judgment across blockchain forensics, AML typologies, and VASP compliance frameworks.
What Is the CCAS Passing Score?
The CCAS Exam Score Requirements and Passing Criteria 2026 are among the most frequently searched topics by candidates preparing for the Certified Cryptoasset Anti-Financial Crime Specialist designation. That curiosity is understandable - when you are investing serious time and money into an advanced credential, knowing exactly how you will be evaluated shapes every study decision you make.
The CCAS exam uses a scaled scoring model, which is standard practice for professional certification examinations. Under this model, the raw number of correct answers is converted into a scaled score to account for slight variation in question difficulty across different exam forms. The certifying body does not publish a fixed percentage threshold like "you need 75% to pass." Instead, results are communicated as a straightforward pass or fail determination.
What this means practically is that there is no magic number to chase. Your preparation strategy should focus on genuine mastery of each domain rather than trying to reverse-engineer a cutoff score. Candidates who study for understanding - rather than for a specific percentage - tend to perform far more consistently on exam day.
How the Exam Is Structured
The CCAS is a professional-level examination designed for practitioners working at the intersection of cryptoassets and financial crime compliance. The questions are not straightforward recall items. They are scenario-based, requiring candidates to apply knowledge to realistic situations involving virtual asset service providers (VASPs), blockchain transactions, and compliance program design.
Expect questions that present a fact pattern - a suspicious transaction, a new client onboarding situation at a crypto exchange, or a policy gap in a VASP's AML program - and then ask you to identify the most appropriate course of action, the regulatory implication, or the red flag that should trigger escalation. This format rewards candidates who understand why AML rules exist in the crypto context, not just what those rules say.
Practicing with realistic CCAS practice questions before the exam is one of the most effective ways to calibrate your judgment on these scenario formats before you encounter them under timed conditions.
Domain Breakdown and Scoring Weight
The CCAS examination content is organized into three official domains, each carrying a defined percentage of the total exam score. Understanding this weighting is the single most important structural insight for your study planning.
| Domain | Full Name | Exam Weight | Strategic Priority |
|---|---|---|---|
| Domain 1 | Cryptoasset and Blockchain | 30% | Foundation - enables interpretation of all other domains |
| Domain 2 | AML Foundations for Cryptoasset and Blockchain | 35% | Highest priority - largest single contributor to your score |
| Domain 3 | Risk Management Programs for Cryptoasset and Blockchain | 35% | Highest priority - tied with Domain 2 for exam weight |
Domains 2 and 3 together represent 70% of your total score. A candidate who masters both of those domains and achieves only moderate competence in Domain 1 is in a much stronger position than a candidate who inverts that ratio. That said, Domain 1 is not a throwaway - its concepts are prerequisites for understanding Domains 2 and 3 at the depth the exam requires.
What the Exam Actually Tests
Each domain covers a distinct but interconnected slice of the cryptoasset compliance landscape. Here is what candidates must genuinely understand - not just recognize - within each domain.
Domain 1: Cryptoasset and Blockchain (30%)
This domain establishes the technical and conceptual vocabulary that makes the rest of the exam coherent. Without it, you cannot understand why certain transactions raise AML red flags or how on-chain analytics tools produce the outputs compliance teams rely on.
- How distributed ledger technology works and how different consensus mechanisms affect traceability
- Categories of cryptoassets: Bitcoin, Ethereum, stablecoins, privacy coins, tokens, NFTs
- How wallets, keys, and addresses function - and how ownership is inferred rather than proven
- DeFi protocols, smart contracts, and the compliance challenges they introduce
- Mixing services, chain-hopping, and other obfuscation techniques used by bad actors
- The role of exchanges, peer-to-peer platforms, and OTC desks in the cryptoasset ecosystem
Domain 2: AML Foundations for Cryptoasset and Blockchain (35%)
This is the exam's regulatory and investigative core. It demands fluency in how global and domestic AML frameworks have been adapted - or are still being adapted - to the unique properties of blockchain-based assets.
- FATF guidance on virtual assets and VASPs, including Recommendations 15 and 16
- The Travel Rule: how it applies to crypto transfers, which jurisdictions have implemented it, and what constitutes a VASP under different regimes
- Customer due diligence (CDD) and enhanced due diligence (EDD) in the crypto context
- Transaction monitoring approaches specific to on-chain activity
- Crypto-specific money laundering typologies: ransomware proceeds, darknet market activity, exchange hacks, and more
- SAR/STR filing considerations when blockchain analytics informs the investigation
- Key regulatory bodies and frameworks: FinCEN, EU's MiCA, the UK FCA, and others
Domain 3: Risk Management Programs for Cryptoasset and Blockchain (35%)
This domain focuses on program design and governance - the compliance infrastructure that VASPs and financial institutions must build and maintain. Exam questions here often involve evaluating the adequacy of a hypothetical compliance program or recommending improvements.
- Risk-based approach (RBA) methodology applied to cryptoasset businesses
- Building and assessing a VASP's AML/CFT program: policies, procedures, controls, and testing
- Blockchain analytics tools: what they do, how to interpret risk scores, and their limitations
- Sanctions screening in the cryptoasset context, including OFAC SDN considerations
- Third-party risk and correspondent relationships for crypto businesses
- Internal audit, independent testing, and the role of the compliance officer at a VASP
- Emerging risks: DeFi governance token holders as potential obligated parties, NFT-related ML risks
Preparing Domain by Domain
Given the domain weights, the optimal preparation sequence is clear: build your foundation in Domain 1 first, then dedicate the majority of your study time to Domains 2 and 3. The reason for this sequence is not just weighting - it is conceptual dependency. You cannot deeply understand how the Travel Rule creates compliance challenges without first understanding how crypto transactions and wallet addresses work.
Within Domain 2, candidates consistently find the FATF virtual asset guidance and the Travel Rule's jurisdictional patchwork to be the most demanding topics. These require not just reading the guidance but understanding how it plays out operationally - what a compliance officer at a centralized exchange actually has to do when a counterparty VASP is unregulated or located in a non-compliant jurisdiction.
Within Domain 3, the most commonly underestimated topic is blockchain analytics tool interpretation. Many candidates understand conceptually that these tools produce risk scores, but the exam asks you to reason about what those scores mean and what your response should be. A high-risk score from a blockchain analytics provider does not automatically mean file a SAR - but it might mean enhanced review, EDD, or transaction blocking depending on context.
Key Takeaway
Do not treat blockchain analytics tools as a checkbox in Domain 3. The CCAS exam tests your ability to interpret tool outputs and make defensible compliance decisions - a skill that only develops through applied practice scenarios, not passive reading.
Scheduling Your Study Time
For a detailed approach to building your calendar, see the CCAS Study Schedule: How to Plan Your Exam Prep 2026. What follows is a domain-aligned structure that respects the exam's actual weighting.
Domain 1 - Cryptoasset and Blockchain Foundation
- Study blockchain mechanics, consensus models, and asset categories
- Learn how wallets, keys, and transaction traceability work
- Survey DeFi, stablecoins, NFTs, and privacy coin obfuscation techniques
- Complete Domain 1 practice questions on the CCAS practice platform to identify gaps
Domain 2 - AML Foundations Deep Dive
- Work through FATF Recommendations 15 and 16 in full, with crypto-specific guidance documents
- Map the Travel Rule across major jurisdictions: where is it in force, what are the gaps
- Study money laundering typologies documented in FATF virtual asset reports
- Practice scenario-based SAR analysis questions
Domain 3 - Risk Management Program Design
- Study the risk-based approach framework and how it adapts for VASPs
- Practice interpreting blockchain analytics tool outputs in scenario questions
- Review sanctions screening obligations and OFAC designations in the crypto context
- Assess sample compliance program structures for gaps and weaknesses
Full Exam Simulation and Weak Area Targeting
- Complete timed full-length practice exams
- Review every incorrect answer - focus on the reasoning, not just the right answer
- Revisit the domain or subtopic behind any question cluster where accuracy is below your overall average
- Schedule your exam date if not already confirmed
The Pomodoro technique and spaced repetition are genuinely useful during Weeks 3 through 5, when Domain 2 material is heaviest. FATF guidance documents and regulatory frameworks are ideal for spaced repetition because the terminology and structural logic repeat across multiple questions - seeing it across multiple study sessions accelerates retention far better than a single long reading session.
Mistakes That Sink Candidates
Across cryptoasset compliance credentials, several preparation mistakes consistently correlate with poor outcomes. These are especially relevant for the CCAS given its applied, scenario-heavy format.
- Over-indexing on Domain 1 because it feels familiar. Many candidates come from financial crime backgrounds and treat blockchain technology as the "hard" part. They spend disproportionate time on Domain 1 technical content and arrive at exam day underprepared for the AML and risk management scenarios that make up 70% of the score.
- Reading guidance documents passively. FATF virtual asset guidance is dense. Reading it like a textbook without stopping to ask "what would this require of an actual VASP compliance officer?" leaves the material abstract. It needs to be internalized operationally.
- Skipping the analytics tool interpretation topic. Blockchain analytics is treated as a niche technical topic by many candidates. The CCAS exam treats it as core professional competency. If you cannot reason about what a high-risk wallet cluster score means for your CDD obligations, you are leaving points on the table in Domain 3.
- Underestimating the jurisdictional complexity of Domain 2. The CCAS is an international credential. Questions may involve FATF guidance, EU MiCA provisions, FinCEN rules, and FCA requirements - sometimes in the same scenario. Candidates who study only one jurisdiction's framework are often caught off guard.
- Not using practice tests until the final week. Practice questions are diagnostic tools. Using them throughout your study period - not just at the end - tells you where your understanding is shallow while you still have time to fix it. The CCAS practice test platform is designed for this iterative use.
Frequently Asked Questions
No specific passing percentage is publicly disclosed by the certifying body. The CCAS uses scaled scoring, and results are reported as pass or fail. This is consistent with how most professional financial crime credentials handle scoring, and it means candidates should focus on comprehensive domain mastery rather than targeting a specific score threshold.
Begin with Domain 1 (Cryptoasset and Blockchain) because it provides the technical vocabulary you need to make sense of Domains 2 and 3. However, do not spend the majority of your study time there - Domains 2 and 3 together account for 70% of the exam score and require the most applied preparation.
The CCAS is considered an advanced, specialist-level credential. It is positioned for practitioners who already have foundational AML knowledge and are adding cryptoasset-specific expertise. Candidates without prior exposure to blockchain technology or FATF virtual asset guidance typically require more preparation time than those with hands-on experience in crypto compliance roles.
The CCAS is sought by compliance professionals working at cryptocurrency exchanges, blockchain analytics firms, fintech companies with crypto products, traditional financial institutions building out their digital asset compliance capabilities, and regulatory agencies developing supervisory frameworks for virtual assets. It signals that the holder can operate at the intersection of blockchain technology and financial crime risk.
Use practice tests throughout your study period - not only in the final days before the exam. After each session, review every incorrect answer carefully and identify which domain and subtopic it relates to. This diagnostic approach lets you redirect study time to genuine weak areas. The CCAS Study Schedule guide provides a week-by-week framework for integrating practice testing with content review across all three domains.