As banks face mounting pressure to combat the growing threat of money mules, the focus has shifted towards continuous, 24/7 monitoring for mule risk. However, a fraud strategy consultant argues that for this approach to be effective, financial institutions must move beyond blunt, fixed thresholds and adopt a more adaptable, context-driven strategy.
The commentary from Liese Rushton, a fraud strategy consultant at Synectics Solutions, comes as concern over the role of money mules in fraud and money laundering intensifies. A recent report from the UK regulator highlighted a surge in mule activity last year, involving at least 225,000 known accounts.
The challenge of evolving mule tactics
According to Rushton, the line between effective and excessive monitoring is becoming harder to find as the tactics of financial criminals evolve alongside the behaviour of genuine consumers. Research from Synectics shows that money mules often remain dormant for an average of eight months before their accounts show a spike in activity, typically hitting between three and four different banks. These mules also target products with historically lower levels of anti-money laundering (AML) oversight to exploit intelligence gaps.
At the same time, legitimate customers are changing how they bank, with behaviours like account-hopping and irregular income flows becoming more common, further blurring the distinction between risky and routine activity. Rushton argues that traditional periodic monitoring, designed for a more static world, is no longer sufficient, as it often only flags muling activity after a transaction is complete.
The pitfalls of perpetual KYC without context
While ongoing mule detection as part of a perpetual Know Your Customer (pKYC) strategy is essential, Rushton warns that a poorly implemented system can create new problems. If screening is based on fixed thresholds and blunt logic, it can generate unmanageable volumes of alerts, increase the workload for already pressured fraud teams, and create a high number of false positives that frustrate legitimate customers and damage trust.
“In the face of a rapidly evolving mule threat, fixed thresholds only create an illusion of certainty and control,” the commentary states. “In practice, they cannot keep pace with evolving tactics and risk generating plenty of volume, but not much relevance.”
Layered context for effective detection
The proposed solution is to fuel ongoing mule detection with rich, layered context. Rushton suggests this allows for interventions that are both prompt and precise, yet flexible enough to adapt to new threats. The recommended layers of context include:
- Consortium data: Using cross-sector intelligence to see a customer’s behaviour across all their financial products.
- Configurable controls: Aligning logic to a bank’s specific risk appetite rather than relying on generic thresholds.
- Explainability: Providing clear reasons for each alert to build confidence with both internal teams and regulators.
This contextual approach can be particularly valuable in complex scenarios, such as distinguishing a genuine Authorised Push Payment (APP) fraud victim from a mule colluding in a staged scam to abuse the mandatory reimbursement process. While a single bank might see isolated activity that appears legitimate, a joined-up view using consortium data could reveal a pattern of orchestration.
The commentary concludes that the success of ongoing mule detection should be judged not by the number of alerts raised, but by their relevance. This requires a shift towards smarter decisions built on “continuous context and shared vigilance.”
The post Continuous AML Monitoring for Money Mules Must be Context-Driven, Expert Argues appeared first on The Fintech Times.