FCA’s ‘money mules’ review flags AML focus areas for payment account providers

What are money mules?

Money mules are individuals recruited by criminals to facilitate the transfer of unlawfully obtained funds. They play a critical role in cashing out the proceeds of fraud, either knowingly or unknowingly becoming part of fraudulent activities or money laundering.

The FCA conducted its review of how firms providing payment accounts are combatting risks of money mule activity as part of its commitment to the national Economic Crime Plan 2 and Fraud Strategy (74-page / 2.07MB PDF). It focused on examining systems and controls in place at firms operating payment accounts, and pinpointed areas that need improvement – which include the need for oversight by senior management and management information reporting – to assist firms with enhancing anti-fraud measures.

Measures implemented by firms

The regulator found that some firms are embracing innovative technologies to identify and combat money mule activities. These include the use of facial recognition systems, device profiling and geolocation, which can flag suspicious activity from analysis of data and transaction patterns to make it easier for firms to detect potential money mule networks.

Investing in machine learning systems also helps reduce the risks of using static rule-based systems. Additionally, the FCA found some firms piloting solutions to strengthen their money mule detection and monitoring capabilities, such as more robust risk assessment tools and enhanced customer checks during the onboarding process.

Areas for improvement

The FCA's review identified areas where firms should enhance their approach to combating money mules.

Onboarding

Some firms conducted what the FCA described as “relatively few” checks during customer onboarding, relying on post-onboarding monitoring to flag suspicious, money mule-type activity. The FCA recommended implementing robust controls during onboarding, incorporating device profiling, geo-location, and behavioural biometrics to improve processes to detect potential money mules.

Transaction monitoring

Some firms' transaction monitoring systems and controls were not adequately focussed on incoming payments. The FCA noted this may prevent or delay firms detecting mule accounts, as some common mule behaviours will not be identifiable from monitoring outbound transactions.

Some firms had issues with triggering alerts accurately, the FCA said, finding alerts being triggered without meeting rule parameters or not being triggered when parameters were met. It added that firms using alerts should continuously test and ensure that their alerts work properly and effectively.

In some firms the FCA found “poor narratives and rationale” for why an alert handler considered an alert was not justified and reminds firms of the need for a “clear audit trail” on alert handling.

Reporting

In some cases, the FCA saw examples of “clear suspicious activity” which did not result in alert handlers raising a Suspicious Activity Report (SAR). According to the review there were instances where SARs were not raised as quickly as the regulator expected. The FCA reminds firms to report mule activity quickly through relevant reporting systems and, when in receipt of fraudulent payments, to respond quickly to firms raising the alerts.

Resourcing

The FCA’s review found some firms would benefit from resource dedicated to the investigation of money mules, not only for detecting and monitoring mule accounts but also for timely responses to fraud notifications from other firms and reporting fraud about their own customers.

Communication and awareness

The FCA’s review found that although some firms have made progress informing customers about fraud, their efforts educating their customers on money mule risks “fall short”. The regulator asks firms to improve their communication and awareness initiatives telling customers about the latest threats.

Consumer education and awareness is essential to combat financial crime, protect consumers, comply with regulations and to maintain a firm’s integrity and reputation, the FCA added.

Training

The review expressed the FCA’s concerns about the effectiveness of fraud alert investigations in some firms, potentially indicating staff members may not have a clear understanding of their roles and responsibilities for combating fraud. The report suggests that firms can enhance the effectiveness of their alert investigations by ensuring that staff members receive adequate training.

Next steps

The report states that payment account providers are expected to consider their own organisation’s arrangements, systems, and controls against the findings of the review. The FCA expects firms to have a proactive approach to identify and remedy weaknesses in their anti-fraud systems and controls.

The report concludes with the FCA reminding firms that they “must consistently adapt” their detection and monitoring and prioritise identifying money mule activity and educating consumers about the risks involved.

The national Economic Crime Plan 2 (2023-26) and Fraud Strategy direct public-private focus onto agreed priorities to tackle economic crime. The plan and strategy highlight that money mules are integral to moving the proceeds of fraud and of other types of crime, and the importance of disrupting money mule activities and protecting the public. The Home Office is expected to publish a money mules action plan in the near future. According to the FCA, its work aligns with the focus of the action plan, to help inform how firms in the financial services sector play their part. We can therefore expect this to be a continued area of focus for such firms – and for the FCA.