Focus on anti-money laundering: tackling the issue of 'money mules'

February 12, 2025

Earlier this month, the Financial Conduct Authority (FCA) published the results of its comprehensive review on how firms are managing the detection and disruption of money mules within their account portfolios.¹ In this article, we set out what a "money mule" is, and look at the expectations the FCA has for firms in respect of this specific AML issue. In particular, we set out what payment services firms should be focusing on to reduce the impact of money mules cross-industry.

What is a money mule?

Money muling is the process by which an individual transfers criminal property on behalf of criminals. This can be in exchange for payment or reward, although sometimes mules can be recruited unwittingly. Typically, a money mule will receive money on behalf of criminals into their bank account and then may either: (i) transfer the money through their own accounts (this can include a number of personal accounts); or (ii) buy cryptocurrency, or simply withdraw the cash. The aim of involving the money mule is to disguise the source of the criminal property, thereby "cleaning" the money for the criminals.

Acting as a money mule can have serious consequences for those involved. These include being charged with criminal offences and/or being flagged as involved in illegal activity on a sector-wide database, which can result in an inability to access financial products.

For firms, particularly payment services firms, the use by criminals of money mules poses a significant detection challenge. Corroborating evidence is often desirable but not always available. With the increase of APP fraud, these challenges only further increase for firms. The potential for both money muling and an APP fraud to take place with now a consequent reimbursement claim emphasises the need for firms to have strong detection processes. Such processes can then give firms more confidence in relying on tools available to them, such as the ability to delay payments where fraud is suspected.

What should firms be looking for to spot potential money mule activity?

The following are potential markers of mule activity which ought to cause further investigation into whether mule activity may be taking place:

• frequent changes in account information (which might indicate an attempt to avoid detection);
• large unexpected or unexplained deposits into accounts (particularly round-figure deposits and transfers out);
• rapid dispersal of funds through networks of accounts, often within minutes of receipt;
• movement of funds to different jurisdictions (particularly where this is not in line with usual account activity); and/or
• swift withdrawal of funds from ATMs after deposits are made.

How are firms managing their risk?

The FCA has previously said² that it expects firms and, in particular, payment account providers to have risk-based and proportionate systems and controls in place to detect and identify money mules within their customer base, and to update their risk assessments as new threats emerge.

The FCA identified a number of good practices, including the use by firms of technology and machine learning to flag suspicious activity. It also specifically pointed to the use of the National Fraud Database as part of onboarding checks as a practice which was helpful to firms in identifying higher-risk customers.

What is the National Fraud Database?

The National Fraud Database (NFD) is a multi-sector database containing records of fraud and money mule cases in the UK. The platform is operated and maintained by Cifas, an independent, non-profit organisation dedicated to fraud prevention. Membership of Cifas is voluntary - it has more than 750 members spanning sectors such as banking, credit card services, retail credit, insurance, telecommunications and public agencies. Members of Cifas voluntarily file reports onto the database of identified fraudulent conduct within their organisation, which can be searched and used by other members.

Key findings from the FCA review and next steps for firms

At the end of January, the FCA published its review into how firms were making use of the NFD to share information and intelligence relating to potential money mule networks. In particular, it noted that of the 194,084 money mules offboarded by 25 firms between January 2022 and September 2023, only 37% were the subject of reports to the NFD. It follows that a large volume of potentially relevant intelligence was not being made available to firms to help identify money mule networks operating within the financial sector.

The FCA's review focused on multiple cases across 13 firms where accounts suspected of money muling were identified. Generally, the FCA noted that firms submitting reports to the NFD met the high evidential reporting threshold and had carried out thorough investigations to corroborate their findings. However, key points for payment services firms to consider as areas for improvement were:

• Report more! Some firms reported as few as 6% of their offboarded money mule cases over a 21-month period between January 2022 and September 2023, while others reported more than 66% during the same period. Overly restrictive reporting policies and insufficient documentation to justify non-reporting are likely to be viewed as insufficient by the FCA.
• Use NFD intelligence to inform risk assessment! Where clients are onboarded despite being flagged as a risk by the NFD, in the absence of an individual risk assessment and additional controls, the FCA could consider this indicative of weak systems and controls.
• Use the resource on an ongoing basis! Only one firm from the sample pool conducted real-time checks against the NFD after onboarding customers. This delay often resulted in missed fraud markers during the course of a customer relationship.
• Improve customer due diligence! As with the 2023 review, the FCA found that firms are not consistently collecting or recording information on customers' expected annual income or business turnover as part of onboarding,³ meaning they were less able to spot red flags arising from what might otherwise be identified as unusual deposits and transfer.
• Improve record-keeping! The FCA highlighted several occasions where firms were unable to access customer identification or address documentation quickly.
• Account for customer vulnerabilities in investigations! In most instances, the FCA found that firms made no reference to customers' recorded vulnerabilities when investigating and concluding investigations into fraud cases. This is particularly noteworthy given the expectations imposed on firms by the Consumer Duty.
• Educate consumers! Firms should consider whether there are any additional steps they could take to raise awareness about the risks of money muling to prevent individuals from becoming unwitting participants.

Final thoughts

The FCA has consistently emphasised the importance of strong and effective systems and controls to mitigate money mule risks. In our view, firms should now review their detection methodologies and reporting policies to ensure that they are meeting those expectations. By doing so, they can protect themselves and their customers from the growing threat of financial crime and from the regulatory scrutiny that firms are now on notice to expect.

1. Firms' use of the National Fraud Database (NFD) and money mule account detection tools↩
2. Proceeds of fraud - Detecting and preventing money mules↩
3. Proceeds of fraud - Detecting and preventing money mules↩