Fintelekt Advisory Services and the Asian Bankers Association presented a webinar on Detection and Prevention of Money Mule Accounts on September 13, 2023. The webinar had record breaking participation: more than 1700 participants were registered from 50+ countries.
Arpita Bedekar, Director – Strategy & Planning, Fintelekt Advisory Services hosted the webinar, with panelists Julia Chin, Head of Compliance, Hugosave SG; Torsten Kleine Buening, Chief Risk and Compliance Officer, ABA Bank Cambodia; Hari Parkar, VP Program Management & Client Delivery, M2P, India and Pat Lordan, Former Head – National Economic Crime Bureau and The Irish Financial Intelligence Unit.
A summary of the discussion is presented below.
Arpita: What are the emerging trends and tactics used by criminals for recruiting money mules and using accounts?
Torsten: In the digital account opening age, accounts can be opened instantly and remotely, which makes it easier for organised criminals to operate through money mules. The accounts are totally legitimate, with all proper documents but then are handed over to the criminal organisation for as little as 50 dollars.
The first wave came in 2019-2020 when the first instant accounts were opened. Since then fraudsters are becoming better. For example, they are no longer using block phone numbers but are providing random phone numbers to mules for opening accounts to avoid detection.
Julia: Criminals often advertise on social media channels such as Telegram, inviting people to sell their credentials for the bank account and offer money for it. For low income customers, it is particularly tempting.
Pat: The trends are no different in Europe. A lot of work has been done to understand the operations of organised criminal groups globally. These groups have bases in most continents and in several countries. They often operate through mule herders, who manage the collection and registration of mules, and subsequently handle the mule accounts. The herders are paid my managers and directors of the organised crime groups.
E-accounts and digital account opening make their life simpler. We have also seen a trend of criminals traveling from other countries to Ireland to open accounts physical. It is a challenge for banks to identify these accounts very quickly and stop them from becoming mule accounts.
Arpita: What are the typically observed red flags or warning signs that financial institutions should look for when identifying potential money mule activity?
Hari: We have seen a trend in the use of minimum KYC accounts which could be opened simply by providing a mobile number and email id, for money mule accounts. They were closed as soon as more information was requested. The other red flags or RFIs are sudden surge in activity in the account or increase in the frequency or volume of transactions, cross-border transfers, cash withdrawals which are not in line with usual patterns, login from different IP addresses, incomplete details provided during account opening, etc. These RFIs should trigger an alert for enhancing the monitoring in such accounts.
Julia: Some red flags have existed from beginning of time – such as one-to-many and many-to-one transactions, after which the funds are transferred to another party very quickly. In case of new accounts, some remain dormant for a while and get eventually used for money mule activity.
Arpita: Can you share any success stories or innovative approaches that have been effective within your institution in preventing and detecting money mule activities?
Torsten: We have put in place various rules and detection scenarios on account-to-account transfers and scenarios such as silent accounts that have a burst of activity. This does not need very expensive commercial software. It can be done internally by a team that is curious and is good with machine learning and analytics code.
Monitoring for money mule accounts cannot be done backwards, it has to be done in real time. The monitoring engines have to work live with the transaction to be caught in time.Torsten Kleine Buening, Chief Risk and Compliance Officer, ABA Bank
We have introduced more and more biometrics and bind the account to the biometrics. Apart from doing liveliness checks, face checks against documents, and verification with government documents during account opening, we have also incorporated biometrics checks as a part of the transfer experience of the customer. While OTP pins and passwords are easy to transfer to another party, we have built in random requests for face to be shown during a transaction, driven by a risk-based algorithm. This necessitates that the mule has to be present during the transaction.
We also differentiate between regular and instant accounts; the latter have restrictions and prohibit cross border use. Criminals are starting to build mules at the first level, then they have a network of aggregation accounts which transfer funds to another bank, from where they get sent cross border. Since the other bank does not see the mule activity in the front, it escapes detection at this level. Moreover, the accounts in the back look very legitimate and relate to businesses such as hotels or restaurants where a high-value transaction would not come under any suspicion.
Another factor is that of awareness. Often victims are not aware of the consequences of their actions and that they can go to jail for the crime because they are a part of the financial crime network.
Hari: The apex bank in India has introduced video KYC and guidelines around liveliness check and recommended a risk based approach for such customers. A central KYC repository where customer details are stored helps mitigate fraudulent activity. Tokenisation for cards on file is another initiative where card details are stored and shared in an encrypted manner to reduce fraud. Financial institutions are trying to upgrade fraud risk monitoring tools and using real time database access monitoring tools.
Arpita: What role does technology play in the detection of money mule activities? Are there any specific tools or solutions that have proven to be effective?
Torsten: The early generation of instant accounts and e-money were based on OTP codes and passwords, which were easy to hand over to third parties and hence required no physical connection to the mule. Now banks are incorporating biometrics and are starting to require face recognition when the transaction is done, for which the mule needs to be physically present. This makes farming of money mule accounts more difficult.
Financial institutions now have a lot of data for pattern detection which can also be utilised for identifying newer scenarios to track money mule accounts.
Julia: Although technology is needed to fight financial crime, I do not see generative AI or similar technology to have the capability to fully detect mule accounts, as machines would still need to be taught using past experience.
Technology alone is not enough. The right training and adequate curiosity from the monitoring team is equally important in the fight against money mules.Julia Chin, Head of Compliance, Hugosave SG
Pat: Technology is vital within the FIU network. GoAML software provided by the United Nations is very beneficial. However, people are irreplaceable as the machine cannot pick up everything.
The challenge for banking and something that is tested in forthcoming FATF reviews is on the effectiveness of the system is the capability to spot money mule transactions in real time.
Most law enforcement agencies think that money mules are victims. There are cases where they are victims, but the majority are aware that they are committing wrongdoing. These individuals do need to be arrested and prosecuted and brought to courts, and a message needs to be sent out that this is wrong. Perhaps law enforcement adopt a slightly softer attitude to financial crime and therefore money mules often get off very easily
Criminals are watching technological advances as well and are moving away from traditional banks to online banking and e-money providers. When the opening is shut off for criminals from there, they turn to other areas such as gambling and online gaming.
Arpita: What more can financial institutions do to educate their customers about the dangers of becoming money mules and the consequences of their actions?
Pat: In Ireland, we carry out a fraud awareness week every year and one of the days during this week is dedicated to money mules. We had anti-money mules initiatives with the Europol. The FIU too conducts a number of money mule awareness days that involve both domestic and international banks in the area. Such awareness campaigns are vital to teach younger, vulnerable people about the consequences of becoming money mules. We have seen that whenever such awareness drives were carried out, there was a dramatic drop in the number of mules detected within the banking system. In 2016, we started a Public-Private Partnership with Irish domestic banks. It is important to keep the awareness as high as possible.
It will not be possible to catch all of the accounts, but it is possible to disrupt them through real time monitoring. One way is by identifying IBANs very quickly and circulate them to other FIUs, which can help with the recovery of victims’ money. There is a need to have a direct contact with the law enforcement agency in other countries, which can help recover money.
In the banking world, there needs to be an access number, and not just an email, so that the bank where the funds are transferred can be quickly contacted and requested to try and stop the transaction.Pat Lordan, Former Head – National Economic Crime Bureau and The Irish Financial Intelligence Unit
Criminals carry out their own risk assessments, just like financial institutions, and evaluate if the accounts carry risk of detection. They do not want to lose mule accounts and want to manage them to their best capability.
Torsten: Banks often hesitate to block accounts because authorities may question why the account was blocked without an order from the FIU, central bank or the court.
It is critical for national associations for banking, or lending, etc. to have close contact with the authorities, to create a framework such that blocking of accounts is possible and greater cooperation can be had between all the entities involved.
Financial institutions need a good social media team that watches for signals: does your institution’s name appear in the Darkweb in relation to scams or frauds? Are there any vulnerabilities which can be identified from such mentions?
It is important to conduct interactive sessions with vulnerable categories such as students or young adults and make them aware of the consequences of acting as money mules, and to understand that such activities involve prosecution and that it can impact their future credibility.Hari Parkar, VP Program Management & Client Delivery, M2P
Julia: The challenge is that customers whose accounts are blocked often complain about it on social media. The community managers and marketing team of the financial institution needs to be on the lookout for potential complaints from such customers.
A recording of the webinar is available on Youtube: