Disrupting muling activity: The good, the bad and how to prevent things from getting ugly

The prevalence of fraud in the UK has reached alarming levels, with 40% of all crime attributed to fraudulent activities. At the heart of this issue lies the concept of money muling, a practice that enables fraudsters to extract and enjoy wrongful financial gains.

Understanding money mules

Money mule accounts are an integral part of most digitally-enabled fraud today — they serve as the mechanism through which illicit funds are extracted and laundered. There are synthetic mules (which are made of low-risk, high-volume synthetic or stolen identities) and real mules (made of unwitting or complicit individuals who are often lured by an offer of payment).

As mentioned in the UK’s Economic Crime Plan 2, “Money mule networks are integral to moving proceeds of fraud and other crime types and put the public, including children, at risk of recruitment by criminal groups.” The UK government is committed to disrupting mule activity and protecting the public and is due to publish an action plan later this year. 

The FCA's recent review

In October 2023, the Financial Conduct Authority (FCA)'s published its Proceeds of Fraud - Detecting and Preventing Money Mules, a report that serves as a timely response to the escalating issue of fraud. 

While the FCA’s key findings include a number of observations of good practices being carried out by a portion of UK firms, the report also makes clear that many organizations still have a long way to go until they achieve optimal controls for detecting and preventing money mule activity.

The FCA’s review follows a wave of activity throughout 2023, including a Dear CEO letter sent to payments firms in March highlighting the concern that many lack sufficiently robust controls, including a high proportion of customer accounts being used to receive proceeds of fraud, and news of the long-awaited Authorized Push Payments fraud reimbursement requirements.

To counter these challenges, the FCA has called upon payment providers, e-money institutions, and banks to adopt a multi-pronged approach that focuses on protecting consumers and preventing their platforms from being exploited for fraudulent purposes.

The innovative role of machine learning

The FCA's publication highlights the role of technology in combating muling activity. Many institutions have already embraced innovative technologies to identify and prevent these illicit activities. There’s no doubt of technology’s role in tackling this growing problem.

More specifically, machine learning has been called out as one of the applications of innovative technology observed during the FCA review. Machine learning systems adapt to evolving fraud tactics, enhancing the detection of sophisticated fraud schemes with high precision. This technology is applicable to businesses of all sizes, which makes it a valuable asset for strengthening systems and controls of all FCA regulated entities.

While machine learning offers substantial benefits, it’s essential that firms understand and can explain the technology. Thus, explainability is critical to ensuring transparency and accountability in the use of machine learning-based systems. Firms should invest in technologies that not only detect money mules but also offer insights into their functioning.

Best practices from the FCA to prevent muling activity

The FCA encourages the proactive strengthening of controls during onboarding, improving transaction monitoring to detect suspicious activity involving money mules, and optimizing reporting mechanisms for swift action. Here are three of our key takeaways:

• The importance of leveraging available data: The FCA has emphasized the importance of capturing data during onboarding and utilizing this data for more robust detection of illicit activities. This combination of know your customer (KYC) documents and data, digital footprints, and transaction data can create a comprehensive behavioral profile, resulting in more accurate detection of anomalies. By analyzing data such as device fingerprinting and geo-locations, institutions can distinguish between legitimate and suspicious activities.
• Connecting the dots: The intelligence available through your existing data can be invaluable in identifying patterns and connections. The FCA notes that multiple customers using the same device or physical address without a clear reason could be indicative of fraudulent activity. Connecting these dots can help organizations take swift action against fraudsters operating at scale.
• Breaking down silos: Traditional practices of data silos and separation between various teams handling data are no longer effective. As a result, the FCA advocates for the adoption of a whole-firm approach to detecting and disrupting money mule activity. 

What comes next?

As we await the Home Office's money mule action plan, the FCA's message is clear: Firms must proactively identify and rectify weaknesses in their anti-fraud systems and controls. The FCA emphasizes that the full regulatory toolkit — including enforcement — will be used if firms fail to maintain adequate controls, thereby allowing their services and customers to be exploited by fraudsters.

By following the FCA's guidance and embracing innovative solutions, payment service providers, e-money institutions, and banks can play a significant role in the fight against money mules and the broader issue of fraud in the UK and beyond.

To learn more about the resources available to help detect and prevent muling activity, read our APP fraud whitepaper as well as our comprehensive fraud and AML glossaries — or get in touch with our team to learn how we can support your organization.