A common longstanding practice of money launderers to cleverly obfuscate their laundered funds is through money muling. Before the digital age, money mules were mainly used to physically transfer ill-gotten gains or illegal goods in smaller quantities through courier or in person for a small commission. With the rise and ease of international electronic payments, money launderers have become more creative with mule activity. Money mules make the procedure of detecting and remediating financial crime particularly challenging, hence they represent a consequential AML/CFT compliance risk. Companies that fail to detect money mules using their services in order to launder money, are exposed to the risk of penalties, financial sanctions and reputational damage.
This last month alone has been quite prolific on the enforcement front around the world.
On December 14, 2021, in one of its largest investigations to date, the UK National Crime Agency arrested a 46-year old Emirati man suspected to be a mastermind of an international money laundering network. The suspect was allegedly involved in organizing travel arrangements for a network of at least 26 couriers responsible for moving an estimated £100 million in criminal cash from the UK to Dubai.
Investigators uncovered several instances where couriers were found to have been smuggling millions in cash packed in suitcases from the UK destined to Dubai in exchange for several thousands of pounds for each trip. But the UK authorities have not been the only ones battling drawn out investigations of money mule activity.
On December 06, 2021, an operation conducted by the Australian Federal Police identified 27 alleged money mules, with 18 people charged. A worldwide investigation revealed a network of 1800 individuals spanning 27 countries with $2.6 million in illicit funds being laundered through Australian financial institutions.
In the US, the US Department of Justice indicted two defendants on December 03, 2021,during its nationwide ‘Money Mule Initiative’. The US Money Mule Initiative targets networks of individuals through which international fraudsters obtain proceeds of fraud schemes.
How are Money Mules used?
In a fraud context, money mules receive money from fraud victims and oftentimes forward the illicit funds to overseas perpetrators. By receiving and transferring illicit funds, money mules facilitate a wide range of fraud schemes, including those that often predominately impact older citizens — like romance scams and lottery fraud — and those that target companies through business email compromise schemes.
Money mules often utilize several dummy or mule accounts created globally in various institutions to accept or deposit smaller unsuspecting payments. These payments are then re-routed to multiple other bank accounts to obfuscate the trail of funds further.
During the onset of the CoVID-19 Pandemic, an influx of scam activity involving mule account recruiting was seen in various countries, wherein scammers would offer seemingly lucrative work-from-home opportunities that were essentially mule account recruitment.
Vice recently issued a documentary outlining the role of social media in the recruitment of young students as money mules, where some involved duping victims into thinking they were supporting a charity. Snapchat was used in many occasions not only for recruitment but also for communicating instructions, drop-off locations, and account information.
According to Europol, more than 90% of money mule transactions identified through the European Money Mule Actions are linked to cybercrime. The illegal money often comes from criminal activities like phishing, malware attacks, online auction fraud, e-commerce fraud, business e-mail compromise (BEC) and CEO fraud, romance scams, holiday fraud (booking fraud) and many others.
So who ‘dis?
In many cases, mule activity is conducted by unsuspecting persons, who are typically duped or scammed into participating in the transaction.
Romance scams are standard methods used wherein the victim believes they are completing an innocent transaction for a loved one. In reality, they are facilitating the flow of illicit funds for malicious actors.
Other methods involve intentionally recruiting individuals without a criminal background that fit an ordinary profile. Usually, younger persons may be instructed to open a standard bank account, receiving seemingly regular payments of relatively smaller amounts. They are instructed to transfer these amounts to another account belonging to a different mule or the money launderer themselves. The individual receives a commission for their involvement, and the launderer successfully uses dummy accounts to place and subsequently layer illicit funds while maintaining anonymity.
As seen in multiple research studies, young adults are typically involved in such schemes and the elderly, whether unknowingly or under the emotional influence to do so for a loved one.
Investigators in the Australian ring identified in December 2021 found international students to be common targets being promised pay cheques for simply moving money between accounts, converting money to cryptocurrency and moving it to another wallet, or an online romantic partner requesting a transfer of funds on their behalf.
New Kids on the Block.
One of the more interesting typologies seen in today’s money mule activity involves cryptocurrency-related accounts and transactions. As the use of cryptocurrencies becomes more rampant, the use of cryptocurrency ATMs, start-ups, and exchanges in these schemes add further complexity to the flow of laundered funds facilitated by money mules.
Similar to the method used in traditional banking, numerous unsuspecting individuals are recruited (or scammed) by malicious actors to create an extensive network of mule accounts across several cryptocurrency platforms, perhaps even using a variety of services offered by the platform such as business accounts, personal accounts, lending services, card, or wallet services.
These accounts receive smaller payments in various cryptocurrencies from various combinations of accounts in the network, ultimately moving funds around until the launderer has successfully withdrawn their ill-gotten gains.
One of the key benefits of using cryptocurrency wallets is the ease of conducting global transactions. In moments, funds can be transferred across borders with minimal oversight due to the differences in regulations among jurisdictions and limited technology and training, which limits authorities in various countries from tracking such transactions and reporting them.
Another benefit is the use of multiple types of cryptocurrencies for the transfers, such as the use of privacy coins, as well as the use of cryptocurrency mixers as well to obfuscate the source of the funds further.
The Money Mules Struggle is Real.
Whether in the Cryptocurrency world or the standard fiat banking world, in private or public investigations, tracking mule activity is not as simple as it may seem.
Most mule accounts have the appearance of legitimacy, thereby making it more complex than the conventional run-of-the-mill money laundering typologies. Mule accounts are often opened and maintained by vulnerable young adults who seemingly have recurring deposits and transfers that can easily be justified as free-lance employment income, loan payments, car deposits, allowance from a loved one, etc. They typically blend into the background of transactional analyses due to the smaller volume and seemingly standard account profiles or activity. Furthermore, mule accounts can span various financial institutions (several banks, credit unions, crypto exchanges, etc.), various accounts and account holders, various currencies (digital or fiat), and various methods of transfers (e-transfers, withdrawals, and deposits, wires, etc.). To add to the detection complexity, the transfers are usually rapid in and out transactions to prevent the financial institution from detecting the activity.
A significant part of the difficulty of maintaining a transaction monitoring and reporting process that involves detecting, reviewing, and reporting money mule activity as a financial institution is limited oversight.
The only information and transaction data used is a limited pattern of activity occurring within the financial institution itself. However, the added complexity of international transfers and the use of different banks can limit investigators in the private world as they often get stumped once the money leaves the institution.
On the flip side, although public investigators within law enforcement would have the ability to submit legal requests to other governments to follow and investigate the funds, it has its limitations of time lags, language barriers, bureaucratic red tape, the lack of a memorandum of understanding between the jurisdictions, and differences in the local FIU and AML regulations — to name a few.
In short, the struggle is real for everyone.
The Silver Lining in Money Mule Activity.
All that said, the good news is that money muling has several red flags to assist in detection.
Often there will be inconsistencies identified in the customer’s story. Their profile won’t add up. For instance, a student earning $2500 bi-weekly in cash whose employer name does not appear on social media — cause for further questioning as it could indicate mule activity. Another instance, a customer with geographic location mismatches in login activity or funds being received and transferred from numerous countries when they’ve stated that their income is as a local marketing analyst — cause for further questioning as it could indicate mule activity. There could easily be legitimate reasons for the inconsistencies in the profile, but that’s where your solid KYC team shows up to ask for evidentiary documents to support the story.
ii. Falsified KYC Information/documents
In many instances, several mule accounts are opened simultaneously by the same individual presenting forged or falsified documents to avoid financial institution blacklists. Numerous websites online offer templated bank statements and utility bills from various jurisdictions and companies for purchase. Coupled with a simple photo editing software, these documents become indistinguishable from originals. Malicious actors often use them as proof of source of funds documentation or proof of address documentation which easily bypass document verification tools.
iii. Frequent transfers & pass-through activity
Although frequent transfers and pass-through activity are also indicators of standard money-laundering behavior, this is quite typical of mule activity. Mule activity patterns include recurring deposits and withdrawals or transfers that occur in a brief period. The account may appear as a pass-through account maintaining a minimal to no balance but with high transactional activity.
A significant pattern surrounding mule activity is several accounts sharing physical addresses, mobile device logins, IP address logins, and other common identities. Mule account activities typically involve multiple customers making high-value onward transfers to common accounts in high-risk jurisdictions with no apparent purpose.
Four Commandments for the Money Mule Account Investigator
Know thy customer.
Whether a business customer or an individual, it’s crucial to precisely understand your customer and the type of transactions that are expected based on the profile. Keep tabs on your customers and how their activity has changed or evolved, if at all. Understand the nature of their funds, source of funds, and possible relationships with other accounts in the institution. Most mules will try to blend into being the average innocent customer. Therefore it is crucial to pick up on even small cues that may indicate suspicious behavior.
Focus on the Macro.
When it comes to identifying mule account activity, it’s imperative to review beyond the one customer. Are many customers following similar transactional patterns? If so, how many customers? What are their geolocations? What are the commonalities? To which accounts are the funds being routed? Mule activity typically involves multiple, almost “disposable” accounts that can even be used for a single transaction that may not be flagged under a formal transaction review. Focusing on the macro can help identify customers that share the same commonalities even though the transactions themselves do not have indicators of mule activity.
Find the connections.
Use any data points available to determine commonalities and patterns between accounts and customers, including location, device, behavior, deposit account, and transaction time. Find the interactions between the data points and spot the trend.
Automation is your friend.
Not only will automating your detection processes speed it up, using machine learning algorithms to detect anomalies will further enhance the accuracy of the alerts. The correct code can even help identify patterns between accounts as needed, making your transaction monitoring team’s life much easier.