Until recently, ‘the cloud’ used to be a bugbear for the banking industry. Banks were hesitant to move vital data and information from in-house environments to the cloud, least of all for financial crime risk management.
Image courtesy: Freepik
There’s a rise in fraudsters taking advantage of the socio-economic conditions created by the COVID-19 pandemic, to pull off money mule scams. Besides stealing economic stimulus payments and unemployment benefits, money mule fraudsters are flourishing on opportunities during the crisis.
With over $46 million stolen from consumers in the first half of 2020 (FTC), fraudsters have been exploiting the situation using a variety of tactics to mask their activity, including using money mules to launder funds (FBI).
The Financial Crimes Enforcement Network (FinCen) meanwhile has issued an advisory alerting financial institutions to money mule schemes exploiting the coronavirus pandemic. The advisory highlights several red flag indicators and asks banks to report suspicious activities.
Mules (people recruited to deposit illicit money into their bank accounts but masked as regular financial activity) are usually unaware that they are handling illegal funds. The term is a derivation of ‘drug mule’- a person who transports illegal substances over a border.
Recruiters convince mules that the activity is legitimate work for legitimate business and there’s also a reward for their ‘services’.
A person receives a communication apparently from a trusted source (i.e., their bank, a new acquaintance, the government, a health organization or their child’s educational institution) requesting personally identifiable information (PII); the communication has a link in which the customer is asked to provide their PII.
When customers click the link, they’re taken to fraudulent online resources where they end up divulging their PII.
Mule recruiters enlist their mules online via dating sites, email, popular social media platforms, get-rich-quick advertisements, etc. grooming and convincing their victims to open bank accounts under the pretext of ‘helping’ send or receive funds.
Fraudsters (often who have gained illegal access to business or consumer bank accounts) tend to recruit money mules via phishing emails, text messages, chat messages or social media messages.
Besides good-Samaritan and romance baits money mule scammers also use work-from-home schemes to entice victims to open new bank accounts that can then be used to move laundered funds. Fraudsters have been exploiting these dynamics and also leveraging faster payment options to launder money.
Banking on COVID-19 To Exploit Unsuspecting Customers
Besides the known types of money mules (unwitting, willing, complicit), the pandemic has created a new type of mule – the ‘unwitting-willing’. The new mule variant is eager to help others overcome their difficult financial circumstances during the crisis unaware of the risks involved.
Victims of money mule scams can be individuals or businesses or financial institutions. A few fictitious scenarios that fraudsters create to gain trust during the pandemic:
- Claiming that they are citizens quarantined overseas, requesting money to help them out.
- Claiming that they are citizens or service staff members working abroad, wanting to send or receive money on their behalf to help a family member battling COVID-19.
- Claiming to be a member of a medical organization and wanting to send or receive money on their behalf to help those in need.
- Claiming to be affiliated to a charitable organization and wanting to send or receive money on their behalf to help those in need.
Detecting Money Mule Scams During COVID-19
Traditional anti-mule fraud practices such as monitoring, reactive remediation and preventive controls are not enough during this time.
Monitoring helps identify suspected mule accounts – a key factor in any anti-money laundering system – but it doesn’t deter mule activity.
Reactive remediation is when a bank shuts down accounts identified as mule accounts. While this is essential, it is only a basic deterrent.
Preventive controls block known fraudsters from opening or operating accounts, but its effect on money mules is moderate, and it doesn’t impact COVID-motivated unwitting mules or regular unwitting mules.
There are a few steps banks can take during this time.
Being In-The-Know About Customer Activity – a stringent due diligence process involves identifying account owners and legal beneficiaries before the start of a business relationship. This vastly helps reduce the risk of exposure to money mules. If identification processes are lenient, then subsequent monitoring of transactions may not be able to identify individual suspicious activity effectively.
Vital therefore to utilize every chance to update customer information to consistently retain high monitoring standards. Documentation must be reviewed regularly and updated automatically when there are changes in address or jobs or personal status. Identification of suspect transactions based on customer information, helps trigger prompt enquiry. So, a strong KYC / KYCB record maintenance foundation and practice helps.
While the primary responsibility for identifying suspicious transactions lies with the bank staff processing or checking items, banks should as an additional safeguard deploy the right real-time, cross-channel technology that will generate reports for suspicious transactions that can be inspected by the fraud risk team.
Closer Monitoring of Suspect Transactions – account monitoring on an ongoing basis is critical to ensure that bank accounts are reviewed for unusual and suspicious activity. The bank should be aware of high-risk transactions in these accounts, e.g. activity that has no business or apparently lawful purpose, funds transfers to and from higher-risk jurisdictions, currency-intensive transactions and frequent changes in ownership or control of a nonpublic business entity.
If a customer who claims to be working with an online firm or a money transfer agent receives multiple cash deposits into his / her account, and those funds get wired out shortly thereafter, the bank must verify the purpose of the transactions as well as the actual business of the majority of the beneficiaries.
The bank’s fraud risk team must also ensure that the automated monitoring systems record not just the amount and date of a transaction, but also the identity or geographical location of the persons sending / receiving the wire transfers. Not doing this could lead to a situation where the bank is unable to identify and investigate potentially suspicious transactions based on critical risk factors, such as jurisdiction and the potential involvement of PEPs (politically exposed persons).
Observing the Country of Origin – banks may be able to detect informal value transfers involving unwitting participants by paying close attention to the country of origin of the money in question.
These funds are likely to originate from the domicile country of individuals who have been indicted by the US DoJ for romance scams and / or from countries with low Corruption Perceptions Index (Transparency International) scores.
The DoJ recently indicted 80 individuals for executing a massive business email scam and money laundering scheme valued at approximately $3 billion. In this case, the nationalities of the indicted persons should have raised red flags and prompted the bank’s fraud risk officers to question the customers involved about the purpose of the transactions and the sources of the funds.
Since the customer is unlikely to be aware that he or she is laundering money, they should be able to provide valuable information to their bank. E.g., the customer may inform the bank that the funds are coming from a high-risk country and that he or she was asked to provide the account number so that individuals in that country can transfer funds to the account domiciled in the US.
The money mule might also tell the bank that the funds are for investing in a profitable business. The bank must further inquire into the nature of the business, including any relevant addresses. After investigation, if a bank suspects that the funds are proceeds of criminal activity, the bank must file an STR (Suspicious Transaction Report).
Checking Where the Money Is Headed For – Fraud risk / compliance officers can identify money mules by scrutinizing where the money is being sent. Illicit funds are quite likely to be transferred to countries with low scores in the Financial Action Task Force’s (FATF’s) fourth round of Mutual Evaluation Reports. When a bank discovers that funds are moving to geographies having weak anti-money laundering systems and controls, red flags should be instantly raised and the customer must be asked about the source of the funds and the purpose of the transactions.
Monitoring HNWI Customers – Criminal networks convince high value bank customers with accounts in US or UK banks to create shell companies and trusts as ‘legitimate’ activity. The illicit funds may have already been deposited into the account of the high value mule by another victim who is part of the larger operation. This modus operandi masks the beneficial owner of the account with a shell firm or another legal entity. Shell companies or PICs (Private Investment Corporations) typically operate from countries known to be secrecy havens. When such dynamics are at play, it becomes important for the bank to (a) establish the legitimacy of transactions and (b) be able to follow the trail to determine the identity of the UBO (Ultimate Beneficial Owner).
Just like any other pre-meditated financial crime, money mule fraudsters plan and coordinate their moves very carefully. For detecting suspicious patterns, banks need to be able to have the bigger enterprise-wide contextual picture, instead of siloed, ‘single channel only’ views.
Creating detailed and holistic data viewpoints and strategies help create an effective money mule strategy during COVID-19. Also, AI and ML-based analytics enables monitoring transactions on an exponentially greater scale with far lower false positives.
Subscribing to research insights that profile potential mule fraud victims by demographics and psychographics also helps. This enables ‘intelligently’ discovering insights and elusive trends that would have been otherwise difficult to spot.
Money mules used to be seen as small-time felons, transferring small amounts. Organized, sophisticated money mule schemes of the day have become a professional money laundering mechanism. “Money mules are an essential part of organized crime and international fraud schemes, be it a romance con, business email scam, or a work-from-home ploy.” (FATF)
Whether as complicit players or as victims, money mules are now also laundering funds for organized COVID-19-related crime.
Every year, banks shut down tens of thousands of accounts for suspected fraudulent practices. A substantial chunk of these accounts is suspected to be mule accounts. Conventional anti-mule fraud systems have little impact to stop the problem. With the pandemic enhancing opportunities for fraud and money laundering, banks must boost their monitoring and investigation capabilities to prevent losses.
FinCen : Money Mule Schemes Related to COVID-19
FATF: COVID-19-related Money Laundering & Terrorist Financing Risks and Policy Responses
Europol : Money Muling Prevention
Fraud Magazine : Money Mule Profiling Can Help Solve, Prevent Crimes