Money Mules & AML/KYC

By

 Money Mule


A money mule is someone who transfers or moves illegally acquired money on behalf of someone else.

A money mule transaction is when someone transfers money on behalf of another person that was acquired illegally. Money mules are often recruited to launder money from crimes like human trafficking, drug trafficking, and online scams.

Criminals recruit money mules to help launder proceeds derived from online scams and frauds or crimes like human trafficking and drug trafficking. Money mules add layers of distance between crime victims and criminals, which makes it harder for law enforcement to accurately trace money trails.

Money mules can move funds in various ways, including through bank accounts, cashier’s checks, virtual currency, prepaid debit cards, or money service businesses.

Some money mules know they are supporting criminal enterprises; others are unaware that they are helping criminals profit.

Money mules often receive a commission for their service, or they might provide assistance because they believe they have a trusting or romantic relationship with the individual who is asking for help.

Types of Money Mules 

Unwitting or unknowing money mules are unaware they are part of a larger scheme.

  • Often solicited via an online romance scheme or job offer
  • Asked to use their established personal bank account or open a new account in their true name to receive money from someone they have never met in person
  • May be told to keep a portion of the money they transferred
  • Motivated by trust in the actual existence of their romance or job position

Witting money mules ignore obvious red flags or act willfully blind to their money movement activity.

  • May have been warned by bank employees they were involved with fraudulent activity
  • Open accounts with multiple banks in their true name
  • May have been unwitting at first but continue communication and participation
  • Motivated by financial gain or an unwillingness to acknowledge their role

Complicit money mules are aware of their role and actively participate.

  • Serially open bank accounts to receive money from a variety of individuals/businesses for criminal reasons
  • Advertise their services as a money mule, to include what actions they offer and at what prices. This may also include a review and/or rating by other criminal actors on the money mule’s speed and reliability.
  • Travel, as directed, to different countries to open financial accounts or register companies
  • Operate funnel accounts to receive fraud proceeds from multiple lower level money mules
  • Recruit other money mules
  • Motivated by financial gain or loyalty to a known criminal group

Through a process of Certification and Accreditation, an IT system can be granted an Authority to Operate (ATO)—sometimes called Authorization to Operate—a status that approves an IT system for use in a particular organization. The government uses ATOs to manage risk in their networks by evaluating the security controls for new and existing systems. Authorization certifies that the organization explicitly accepts the benefits of using the system outweigh the operational risks it introduces.

Targets of Account Takeover (ATO) Attacks

 

1.      Financial. When accessing financial accounts, an attacker can steal money or use the account to make purchases. This can be easily done with a bank or credit card account. Another option they have is to manipulate investment portfolios.

2.      Travel. A hacker can try to steal your frequent flyer miles.

3.      Retail. Hackers may try to take over online retail accounts so they can purchase products while pretending to be you and either send them to themselves or to someone else who can then sell them for profit.

4.      Government benefits. If a fraudster is able to take over an account that provides government benefits, such as Medicare, they can route the benefits to themselves or sell the account information to another hacker online.

5.      Retail loyalty rewards. Hackers can use your loyalty points rewards either for their own benefit or as an asset they can sell to other fraudsters online.

6.      Cellphone contracts. Some hackers will use your cell phone account credentials to make phone calls, send text messages, or use your data to avoid paying for it themselves.

Account Takeover


When a hacker tries to execute an account takeover (ATO), their goal is to take control of your account and use it to steal information or for their own personal profit. In the context of this account takeover definition, the end objective is typically to benefit the hacker or their organization. 

However, account takeover fraud can also be used to execute a vandalism scheme designed to hurt the reputation or the operational capacity of a company. Fortunately, there are several things you can do as part of an account takeover protection plan. All organizations, regardless of size, should have tools and protocols in place for account takeover prevention. 

AML/KYC for Money Mules

Mule accounts play a critical role in the fraud supply chain infrastructure and are a mechanism to cash out fraudulent transactions, launder money, and support criminal operations. Money mules come in many forms, each with different goals and behaviors that require unique approaches to detect. In addition to AML for AO and ATO, some softwares have features like Mule Account Detection that detects sold accounts, accomplices, and misled mules. These personas often go undetected with standard fraud detection measures.

Some Mule Operations

The account peddler

Buying and selling of established bank accounts is a common tactic for money laundering teams.

 

The accomplice

Catching the accomplice decreases illegal operations and reduces criminal growth.

 

The misled mule

Mitigating misled mules can protect financial institutions and their customers from unknowingly breaking the law.

 

Identity theft

Early detection is critical when preventing money laundering activity. 

 

Credential Stuffing

Detecting credential theft and account break ins can prevent the use of victim accounts for money laundering purposes.

Potential Consequences 

a). Money Mules

Inaccessible bank accounts – During an investigation, law enforcement officials may freeze a money mule‟s bank accounts. Being unable to access funds may create a significant financial burden. These activities may also have a long-term impact on credit scores.

Prosecution – Money mules may be prosecuted for their participation in these schemes.

Accountability for charges – In some cases, money mules are found personally responsible for repaying the losses suffered by the other victims.

Vulnerability of personal information – As described in the typical process, criminals often collect personal information from the money mules. It is possible that the criminals may use this information for other malicious purposes.

 

b). Targeted Individuals

 

If the fraud is designed to extract money from individuals, those individuals could experience the following consequences:

 Financial loss – An individual may pay for undelivered goods or have money deducted directly from one of his or her financial or credit card accounts. Depending on the forum used for the transaction and whether the scheme is identified, the individual may be able to recover at least a portion of these losses.

Significant hassle to resolve issues – Identifying and reporting the fraud may require numerous steps, and the process could take a long time

The Reserve Bank of India (RBI) said on Friday (December 6, 2024) that it has created an artificial intelligence (AI) powered model that could reduce digital fraud by helping banks deal with the increasing problem of “mule” bank accounts. The model, called MuleHunter.AI, has been developed by the Reserve Bank Innovation Hub (RBIH), Bengaluru, a subsidiary of the central bank.

The financial sector landscape, is witnessing paradigm shifts with the advent of frontier technologies. Technologies like Artificial Intelligence (AI)/ Machine Learning (ML), tokenisation, Cloud Computing hold transformative potential for the financial sector as they can handle enormous volumes of data, automate complex processes, enhance decision-making, and bring in unprecedented efficiencies.

While the benefits are many, the attendant risks like algorithmic bias, explainability of decisions, and data privacy, are also high.

Robust AML/KYC framework and continued monitoring is essential to keep Money Mules from making use of institutional networks.



Happy reading,


Those who read this, also read:

1. Other Obligations on RE under AML/CFT-RBI, India

Formerly Faculty for Finance & Associate Dean, IBS-Kochi MBA (Banking & Finance – CUSAT);CFA. Accredited Management Teacher from CME of AIMA, Delhi has been in Management Education from 1988. Exposure is in the field of Mutual Funds, Market Research, Project Report preparation & evaluation, Advertising & NGO Activities. This Chief Manager, UTI Asset Management Co Pvt. Ltd(1992-2003), Mumbai. Undergone training in Case Study method of teaching under Mr. Trevor Williams and Mr. Scott M Andrews conducted by the ECCH, UK . Published Books & Book Review, Series of academic articles and maintains a column on MFs under "Fund scan" in Business Manorama since January 2007,Contributes "Portfolio Doctor" column for 'Sampadyam' a wealth mgt publication in Malayalam from manorama group since February 2007, Listed her case studies at asiacase.com.Presented papers in national & international conferences on Mutual Funds. Faculty Member @ ASIET, Kalady from 2010 to June 2019. Dean @ SNGIST, N Paravur, Ernakulam from Sep 2019 -Jan 2021, I continue my efforts to spread the knowledge in area of Finance and contribute to Management Education

Comments

Post a Comment

Popular posts from this blog

National Risk Assessment (NRA): India

By
  India's National Risk Assessment (NRA) is  an ongoing exercise to identify sectors that are vulnerable to money laundering and terrorist financing (ML/TF) .  The NRA is based on recommendations from the Financial Action Task Force (FATF) and helps inform policy-making, resource allocation, and the implementation of effective AML/CFT measures. The NRA also ensures that national strategies address both domestic and international threats. The NRA provides a foundation for informed policy-making, resource allocation, and the implementation of effective AML/CFT measures . It ensures that national strategies are aligned with the specific risk landscape of the country and that they address both domestic and international threats. The subject matter of NRA  was discussed in the Anti-Money Laundering Steering Committee (AMLSC) set up with the approval of Finance Minister, and it was decided to conduct the NRA following the World Bank methodology. The Methodology requi...
Read more

Customer Due Diligence(CDD) : Individuals

By
Image
This post is based on RBI Master Circular dated Feb 25, 2016 updated on Jan 04, 2024  Part I - Customer Due Diligence (CDD) Procedure in case of Individuals For undertaking CDD, REs shall obtain the following from an individual while establishing an account-based relationship or while dealing with the individual who is a beneficial owner, authorised signatory or the power of attorney holder related to any legal entity: (a)     the Aadhaar number where,   (i) He is desirous of receiving any benefit or subsidy under any scheme notified under section 7 of the Aadhaar (Targeted Delivery of Financial and Other subsidies, Benefits and Services) Act, 2016 (18 of 2016); or (ii) He decides to submit his Aadhaar number voluntarily to a bank or any RE notified under first proviso to sub-section (1) of section 11A of the PML Act; or (aa) the proof of possession of Aadhaar number where offline verification can be carried out; or (ab) the proof of possession of Aa...
Read more

Periodic Updation of Customer Risk Profile

By
1. Preparation of Customer Profile from KYC Data In the initial years of KYC, RBI has been following a handholding approach as can be seen from their circular dated July 2009 and that of Feb 25, 2016 as updated on Jan 04, 2024. RBI requires REs to conduct risk profiling and risk categorization and periodic updation.  Extracts from RBI MD dated July 01, 2009 under Customer Acceptance Policy a)ii) Parameters of risk perception are clearly defined in terms of the nature of business activity , location of customer  and his clients, mode of payments, volume of turnover, social and financial status etc. to enable categorisation of customers into low, medium and high risk (banks may choose any suitable nomenclature viz. level I, level II and level III). Customers requiring very high level of monitoring, e.g. Politically Exposed Persons (PEPs) may, if considered necessary, be categorised even higher; b). Banks should prepare a profile for each new customer based on risk categorisatio...
Read more