How Mule Activity Is Changing Financial Institutions’ Fraud Strategies


In previous reports about mule activity, I’ve endeavored to outline the rationale and benefits of taking a more deliberate approach toward proactive mule detection and prevention. My discussions with fraud executives, AML executives, and solution providers have culminated in the following observations:

  • Money mules are the logistic network upon which Fraud Inc.’s value chain is built. Mule networks are the fraudster’s circulatory system. Their economic model is dependent on money mules, and that dependence makes them vulnerable.
  • If the saying “infantry wins battles, logistics wins wars” is true, then so long as fraud fighters target fraudster “infantry” but fail to go after mule “logistics personnel”, the fraudsters have the superior strategy.
  • I have not yet come across a fraud professional who doesn’t acknowledge the value of this rationale, nor have I come across someone who doesn’t genuinely want to take the gloves off and ramp up their efforts to more deliberately and proactively go after mule networks in their institution.
  • Despite the willingness and motivation to shift to a war footing on mules, many fraud executives do not pursue a proactive mule hunting regime because they lack the time, resources, and formal prescriptive provisions for doing so. In short, current incentives to proactively hunt money mules exist outside of a formal mandate, whether that’s in the form of regulation or strategy.
  • There are a small and growing number of financial institutions (FIs) that recognize the value of incorporating proactive mule detection into a more wholistic fraud risk management strategy, but unless and until these strategies are the norm rather than the exception, fraudsters will continue to enjoy a logistics network that runs largely free of disruption. And they will continue to win.
  • No one wants them to win.

Fraud Trends Shifted During the Pandemic

Over US$280 billion in fraudulently obtained stimulus money flowed through the U.S. financial system during the pandemic. As this realization emerged, many, myself included, thought that it would be a matter of time before legislators and regulators began asking U.S. FIs a lot of uncomfortable questions about how they failed to recognize this enormous quantity of illicitly obtained money flowing through the system.

Things certainly seemed to be building in that direction in 2021 and 2022, but, as time wore on and the uncomfortable questions failed to materialize, the C-suite’s interest in proactive mule detection waned, and demand for proactive mule detection solutions seemed doomed to accompany it. And then came scams and the trend among regulators across multiple markets to want to place a portion of the reimbursement burden on receiving banks.

This trend was curious when it emerged, and it remains curious because we’ve been left to speculate about the nature and the origin of this impulse. Much of that speculation orbits around two considerations:

  • The full scope of the fraudulent nature of the scam is unlikely to be revealed until information about how well the beneficiary’s behavior matches known patterns of mule personae is made clear. Since that information is not likely to reside anywhere comfortably outside of the receiving FI, it would make sense for the receiving FI to bear accountability (in this case, in the form of a portion of the liability for a reimbursement) for filling in a necessary piece of the puzzle.
  • This approach creates an incentive with tangible, market-driven monetary penalties for FIs that fail to invest in know-your-customer (KYC) controls that do more than just check the compliance box. This approach adds teeth to KYC obligations, and it does so in a way that is proportional to the effectiveness (or ineffectiveness, depending on how you look at it) of the FI’s KYC controls to detect and control for mule activity.

One wonders about the degree to which this approach was engineered in consultation with the industry vs. in isolation by regulators. Either way, it seems to be well aligned with a trajectory among regulators  to transform risk strategies into more wholistic plans that are better orchestrated in how they seek to control for the ecosystem of criminal activity spanning cybersecurity, fraud, and money laundering.

It has also revived demand for proactive money mule detection and inbound transaction monitoring controls. This demand is beginning to form a new market segment that is likely to mature as more markets adopt changes to scam reimbursement regulatory guidance and obligations imposed by payment networks. This new market segment will coexist with other emerging market segments, such as those oriented around detecting and treating scams by way of outbound transaction monitoring.

To learn more about how changing regulations for scam liability and evolving types of scam activity, including mules, are impacting FIs and necessitating changes in fraud strategies, please join me on Tuesday, June 27 at 11am ET for my upcoming webinar, Find the Mules, Stop the Fraud.