To address the money mule problem, organisations must combine elements of fraud prevention, cyber threat intelligence, and anti-money laundering capabilities.
Is AML a real-time problem?
The answer seems to be “no” at first glance. Most money laundering typologies, such as transaction layering, rapid and high-frequency fund movements, and unusual counterparty relationships, require historical transaction data to identify suspicious patterns. It takes AML teams weeks (if not months) of diligent analysis to escalate these activities to law enforcement.
However, money mule typologies present an opportunity to incorporate technology from fraud prevention, cyber threat intelligence, and AML to stop, investigate, and escalate illicit activity in real time.
Given the significant overlap between fraud and muling—both involving rapid, low-denomination fund movements through fraudulently onboarded or compromised accounts—fraud prevention tools can be applied to detect mule behaviour instantly. Additionally, unusual device, session, and account activity, often present in muling schemes, can be flagged by cyber threat intelligence tools to support immediate detection.
Yet, money mules aren’t just a fraud or cyber problem. They’re an essential part of the money laundering chain, placing and layering illicit funds through real-time payment systems. Under traditional AML programs, these small, rapid transactions often go unnoticed until enough activity accumulates to trigger a red flag, which is too late to stop the money laundering network. By then, the funds had been laundered through multiple accounts, making recovery difficult. This has significant impacts: in the UK alone, mules launder over £10 billion annually, with over 39,000 accounts demonstrating muling behaviour identified in 2022.
To dismantle mule networks faster, AML, fraud, and cyber teams must collaborate by sharing tools, data, and intelligence.
Fraud Prevention solutions have honed AI-based capabilities, including supervised machine learning (ML), which can be applied to mules to detect illicit transactions in real time. In addition, cyber threat intelligence tools enable real-time detection of accounts, credentials, and devices, providing supporting evidence to halt mule transfers in real-time, even without historical transaction patterns. Combined, these capabilities allow AML teams to act faster, stopping mule transactions in real time and using network analytics to uncover broader connections.
Here’s an example of this convergence:
Real-time AML is easier said than done, given the current tooling and structure of most AML operations. Without automation, AI models, and integrated fraud and cyber threat signals, false positives can overwhelm AML teams. Institutions also need a way to quickly connect related transactions and accounts, ideally using graph analytics to map networks based on shared characteristics such as IP addresses, devices, or locations. Lastly, with a 30-day deadline for SAR filings once suspicious activity is detected, case management workflows and data collection need to be as streamlined and automated as possible.
AML leaders should investigate whether their institution has a money mule problem and, if so, must prepare their operations for real-time AML:
Money mules are a growing real-time AML problem that won’t be solved with siloed efforts. By merging the strengths of fraud prevention, cyber threat intelligence, and AML, institutions can detect, disrupt, and dismantle mule networks before laundered funds disappear.
The Payments Association
St Clement’s House
27 Clements Lane
London EC4N 7AE
© Copyright 2024 The Payments Association. All Rights Reserved. The Payments Association is the trading name of Emerging Payments Ventures Limited.
Emerging Ventures Limited t/a The Payments Association; Registered in England and Wales, Company Number 06672728; VAT no. 938829859; Registered office address St. Clement’s House, 27 Clements Lane, London, England, EC4N 7AE.
Log in to access complimentary passes or discounts and access exclusive content as part of your membership. An auto-login link will be sent directly to your email.
We use an auto-login link to ensure optimum security for your members hub. Simply enter your professional work e-mail address into the input area and you’ll receive a link to directly access your account.
Instead of using passwords, we e-mail you a link to log in to the site. This allows us to automatically verify you and apply member benefits based on your e-mail domain name.
Please click the button below which relates to the issue you’re having.
Sometimes our e-mails end up in spam. Make sure to check your spam folder for e-mails from The Payments Association
Most modern e-mail clients now separate e-mails into different tabs. For example, Outlook has an “Other” tab, and Gmail has tabs for different types of e-mails, such as promotional.
For security reasons the link will expire after 60 minutes. Try submitting the login form again and wait a few seconds for the e-mail to arrive.
The link will only work one time – once it’s been clicked, the link won’t log you in again. Instead, you’ll need to go back to the login screen and generate a new link.
Make sure you’re clicking the link on the most recent e-mail that’s been sent to you. We recommend deleting the e-mail once you’ve clicked the link.
Some security systems will automatically click on links in e-mails to check for phishing, malware, viruses and other malicious threats. If these have been clicked, it won’t work when you try to click on the link.
For security reasons, e-mail address changes can only be complete by your Member Engagement Manager. Please contact the team directly for further help.
