Identity Trends: The Many Roles of Mules in Financial Crime

The concept of money mules and their activity is certainly not new to professionals in the anti-money laundering domain. Mules play an important role in moving funds from an illicit or illegal activity into the second phase of the financial crime ecosystem: money laundering. Criminal organizations then use money laundering to “operationalize” their ill gotten gains. Those financial facilitators that launder funds are highly proficient at their craft, and clearly would never use their own companies or identities to enable money laundering. Instead, they want to put as many layers as possible between themselves and the money trail.

In this blog, we’ll share how financial institutions can address the latest money mule identity trends.

Money Mules in the Laundering Phase

A money mule can play a critical role in the laundering phase of the financial lifecycle. Gaining access to the financial services system, known as placement, is critical to the money laundering process and mules can hold the key to this access. 

Once the funds are inside the financial system, layering, or moving funds from place to place to obfuscate the true source of criminal proceeds is another role for mules  by transferring funds through a series of accounts. The more layers the launderers can place between themselves and the final destination of funds, the more they can insulate themselves and their organizations. This layering can include individuals, as well as shell or front companies to make the funds appear legitimate so they can exit the financial system with a new “backstory” or a newly labeled source. 

In order to create obfuscation, money mules are used to create that smokescreen in following the money. According to the FBI, there are three types of money mules commonly used by criminal organizations:

Unwitting or unknowing money mules

These mules are typically victims of romance scams or work from home scams. The victims are convinced to use their own bank accounts to accept funds from someone they have never met in person, often with a reward of keeping a certain amount of the deposit. In romance scams, this mule role is usually part of the “grooming” in building trust during the scheme. The victims in these scams often don’t realize they are being used, or that they are performing an illegal act by accepting the proceeds of a crime from a fraudster. 

Unwitting money mules may have no history of high risk behavior and are a good customer of the financial institution. They may inadvertently get caught up in a scam that not only robs them of their money, but are then convinced to accept deposits from other victims in the process. These types of mules can come from any socioeconomic background and either become a target of a romance scam or are simply looking for additional income in a work from home scheme. Often detected through a spike in account activity, these types of mules are caught when financial institutions notice an increase in deposits coming from sources with no obvious connection to the account holder. Fraudsters may then ask the victim to move funds to another account, or to another country. 

Witting mules

 Witting mules are motivated by easy money. They open bank accounts at multiple institutions in their own name and use these accounts to accept deposits from multiple sources. They have likely been warned about the behavior by their financial institutions, which have detected the many-to-one and flow through of funds activities in the accounts. 

Regardless of the warnings, they continue the behavior because of the financial gain, or because they are unwilling to admit or clearly understand their role, or both. Witting mules may have started as victims, but then moved to complying to maintain the revenue. Either way, these mules are challenging to find and push the boundaries of CIP KYC programs and customer risk ratings. 

Because they use their own personal information, spotting these types of mules is based solely on detection of the behavior. As a compliance professional, identification of the mule patterns and setting an exit point for these types of relationships is critical to maintaining your compliance program and protecting your institution.

Complicit mules

These types of mules are typically financial facilitators. These are very experienced and expert financial operators that are aware of their role and actively participate in mule activity. They often advertise their services as money mules, including the types of actions they offer and their price menu. There are even rating systems and peer reviews to help these mules attest to their speed and reliability. 

These are the most difficult and dangerous types of mules. They will travel as directed by criminal organizations to different countries to open a variety of financial accounts, or register companies on behalf of criminal networks. They also operate funnel accounts and aggregate funds from multiple, lower-level mules that are either witting or unwitting participants. These funnel accounts are ultimately used to transfer money overseas and to the top level of the organization.

Tracking Synthetic Mules and Identity Trends

A popular tool of choice for professional financial facilitators is synthetic mules.These synthetic identities are used for the express purpose of creating mule accounts as the destination for illicit funds. 

In addition to recruiting other mules, complicit mules use synthetic identities to create and maintain a network of mules to facilitate large money movements. Because these transnational criminal organizations must facilitate laundering for millions of dollars, they need a large network of entities ready to mobilize funds. Synthetic mules give financial facilitators a group of profiles that is more easily controlled than the other types of mules. 

The uptick in synthetic profiles across all financial institutions has been staggering. Given the potential shift in liability being considered by the CFPB, it’s something that financial institutions need to get their arms around quickly. 

Recent Socure research shows that anywhere from 1 to 3% or more of the portfolios of financial institutions can be synthetic profiles. And while some types of synthetic activity are used to bypass credit issues, synthetic money mules can introduce considerable risk to an organization. The below graph shows DDA synthetic fraud attempts from August 2020 – September 2022. This data supports our suggestion that synthetic “DDA” accounts are mainly opened by fraudsters creating completely fake or fabricated identities in an attempt to establish money mule accounts to carry out nefarious money movement activities. 

Reputational and regulatory risk is a key driver for mule detection and is built into transaction monitoring systems, but with new accountability being considered by the CFPB in regard to receipt of funds from illicit sources, the stakes just got bigger for detecting mules across the board. 

Who’s Lurking in Your Portfolio?

Does your organization have synthetic identities in its portfolio? Those synthetic identities could present a new level of risk in regards to mule activity. The difference is that this is the ONE category of mules we should be able to stop at the door. Detecting synthetic mules at onboarding and beyond in real time can help protect your organization from the most dangerous of mule categories: synthetics that are part of a complicit network.

Coupled with your KYC CIP program, adding a synthetic identity fraud tool such as a synthetic detection score at the beginning of the customer lifecycle, can help minimize downstream risk and costs. And even if you have not screened on the front end, a portfolio scrub can help you re-risk rate your population with additional external data factors, identify potential synthetic profiles, and cull out potential third-party identity risk. 

Learn more about synthetic identity fraud tools and the benefits of a portfolio scrub in our eBook here.