Knowledge Hub
for Growth

Best practices for payment service providers in the fight against money mules

Fraud made up over 40% of UK crime in 2022. Preventing the laundering of criminal proceeds continues to be a key challenge in the fight against fraudsters.

Payment service providers and e-money institutions have legal and regulatory obligations to play their part in combatting financial crime. This includes taking steps to disrupt money laundering operations, including networks of ‘money mules’, or people who, knowingly or unwittingly, use their payment accounts to transfer criminal proceeds.

In October 2023, the Financial Conduct Authority (FCA) published the findings of a multi-firm review into the systems and controls which payment service providers and e-money firms have in place to combat money mules. Here, we summarise the key ‘best practice’ takeaways from the FCA review.

If you need help and support in reviewing your business’ financial crime compliance processes or putting in place enhanced measures to tackle money mules, our financial services solicitors are here to support you.

My business offers payment services or e-money. Why is the FCA ‘money mule’ review relevant to me?

If your business is offering payment services or e-money, you should ensure your firm is meeting your legal obligations, and the standards which the FCA expects, in preventing financial crime.

Best practice in preventing financial crimes includes taking onboard the findings of the recent FCA multi-firm review into combatting money mules. The FCA makes it clear that they will use their full regulatory toolkit, including enforcement action, in cases where firms fail to maintain proportionate controls to combat money mules.

More information about regulatory expectations for payment services and e-money firms in tackling risk of financial crime can be found in Chapter 19 of the FCA’s ‘Approach to Payment Services and Electronic Money’ document.  Further relevant FCA guidance on combatting financial crime is found in the Financial Crime Guide (FCG) and Financial Crime Thematic Reviews (FCTR) regulatory guides.

For further advice and support on meeting regulatory standards for combatting financial crime in your payments or e-money business, please do not hesitate to contact Harper James’ financial services solicitors.

Why is the FCA focusing on combatting ‘money mules’?

Fraudsters seek to ‘launder’ criminal proceeds through multiple accounts and financial firms to try to obscure the origins of their money. Profits can then be converted into cash or cryptocurrencies which appear to come from legitimate sources.

To do this, fraudsters seek to use networks of ‘money mule’ accounts to transfer funds around the financial system. In 2022, firms reported to the National Fraud Database more than 39,000 accounts which they believed could be linked to mule activity. These issues put at risk confidence in the integrity of the UK financial system.

The FCA also has concerns about harm to consumers. Especially with the cost-of-living crisis, people may be persuaded to operate mule accounts, attracted by easy money or deceived by seemingly convincing cover stories such as ‘work at home for cash’ jobs. Being involved in a money mule scheme can have serious detrimental effects for consumers, including criminal charges, damage to credit ratings, exclusion from financial services or being threatened by the criminal fraternity.

What examples of good practice in tackling money mules did the FCA find at payment and e-money firms which I could replicate in my own business?

The FCA found that many payment and e-money firms have in place effective controls to try to combat ‘money mule’ accounts.

Good practice examples which you could consider replicating for your own business include:

  • Technology innovations: Technology is playing a key role in firms’ strategies for combatting money mule accounts. Firms are linking customer identities to devices using facial recognition systems, device profiling and geolocation tools. These techniques allow firms to, for example, to identify multiple customers’ accounts being managed on a single device, several accounts being opened by different individuals at the same physical address or device locations not matching physical address details provided.
  • Data analysis, machine learning and trigger alerts: Firms are using data analysis to identify unusual patterns of transactions on accounts, such as significant deposits after a period of an account being dormant or large deposits being quickly paid away into another account. Adaptive machine learning, combined with static rules, helps to make the analysis more responsive to new threats. Often systems are programmed to generate automatic alerts which can then be investigated further by a dedicated team.
  • Onboarding checks with the National Fraud Database (NFD): Customer onboarding checks which involved interrogating the NFD are shown to support firms in identifying higher risk customers.
  • Prompt reporting to uncover further steps in money trail: By firms reporting suspicious transactions promptly, either via a Suspicious Activity Report (SAR) to the National Crime Agency or to the National Fraud database, other firms, particularly those whose accounts might also be involved, can be alerted in good time.
  • Leveraging intelligence and lawful data sharing: Many firms are collaborating in the fight against money mules by lawful data sharing both with other firms and with law enforcement. This includes feeding back intelligence and details of emerging threats to industry bodies such as CIFAS, UK Finance, NECC and Fintech FinCrime Exchange for dissemination to the wider sector.
  • Financial crime and fraud training for staff: Dedicated financial crime and fraud training for staff (both via new joiner inductions and refreshers for existing staff) is beneficial in keeping staff informed about strategies being used by fraudsters and best practices in detecting and preventing money mule activity.

What areas of weakness did the FCA find? Could these also be a problem for my firm?

Despite many examples of good practice, the FCA also highlights important areas where improvements still need to be made.

You should review the systems and controls for combatting money mules in your payment services or e-money business and, if you identify similar issues, take action to remedy any weaknesses in ways which are proportionate to:

  • the scale and complexity of your business; and
  •  the degree of risk that your business could be used for financial crime.

Examples of issues which the FCA found include:

  • Lack of Senior management oversight: A lack of focus on combatting money mules at senior levels in firms, and weaknesses in management information on the effectiveness of measures introduced to try to tackle money mules, leads to increased volumes of mule accounts.
  • Control weaknesses at customer onboarding: Some firms tend to apply less scrutiny when onboarding customers, instead relying more on transaction monitoring. A failure to identify ‘red flags’ or to capture baseline details such as salary or turnover at the outset leads to issues with subsequently spotting suspicious transactions. Other specific issues with onboarding include insufficient checks on ‘virtual addresses’ such as post-office box addresses and failing to check if debit cards sent out to physical addresses have been activated.
  • Weaknesses in transaction monitoring protocols: Transaction monitoring often focuses exclusively on outbound transactions from an account rather than on both outbound and inbound transactions. This causes delays in spotting unusual transactions. Although machine learning systems can be effective, these rely on picking out anomalies based on historic data. Machine learning based methods are not therefore always optimal to monitor newly-opened accounts.
  • Problems with automated monitoring alerts: Monitoring alerts do not always trigger or throw up frequent  false positives. Firms often do not test their alert systems sufficiently and experience delays in re-calibrating alerts or varying them to pick up emerging threats. Sometimes staff do not understand alert parameters and so investigations are made harder because the reason for an alert being triggered is not clear. There are also challenges with the rationale for staff closing alert queries not being adequately justified or properly documented.
  • Resourcing, training and customer awareness: At some firms, staff looking at suspicious transaction alerts lack specialist expertise or have other responsibilities which mean they cannot devote sufficient time to thoroughly investigate cases. This means that fraudulent transactions are not fully checked. or reported promptly via SARs or otherwise. This includes incidents when the firm has received a warning from another firm about a suspicious payment. There are also disappointing levels of investment in awareness campaigns for customers. Firms could help their customers to stay safe and combat financial crime by educating consumers about current threats and the risks of becoming involved as a money mule.


In its review, the FCA emphasises the legal and regulatory responsibilities of payment services and e-money firms for tackling financial crime and the possibility of supervisory or enforcement action against firms which fail to meet their obligations.

The FCA expects payment services and e-money firms to consider their own organisation’s arrangements, systems and controls against the findings of the FCA’s money mule multi-firm review. Crucially, firms must consistently:

  • adapt their detection and monitoring methodologies
  • prioritise identification of money mule activities
  • educate consumers about the inherent risks involved.

If you need help and support in reviewing your business’ financial crime compliance processes or putting in place enhanced measures to tackle money mules, our financial services solicitors are here to support you. Our legal experts have experience in advising on the identification and remediation of weaknesses in anti-fraud systems and on how firms can maintain proportionate and adequate controls to prevent its services and customers being exploited by fraudsters. Please get in touch to find out more.

About our expert

John Pauley

John Pauley

Financial Services Partner
John is a specialist solicitor with extensive expertise in financial services regulation. He advises financial institutions, services providers, and merchants on regulated activities including payments, e-money, consumer credit, data protection, anti-money laundering, and gambling operations.

What next?

Please leave us your details and we’ll contact you to discuss your situation and legal requirements. There’s no charge for your initial consultation, and no-obligation to instruct us. We aim to respond to all messages received within 24 hours.

Your data will only be used by Harper James Solicitors. We will never sell your data and promise to keep it secure. You can find further information in our Privacy Policy.

Our offices

A national law firm

A national law firm

Our commercial lawyers are based in or close to major cities across the UK, providing expert legal advice to clients both locally and nationally.

We mainly work remotely, so we can work with you wherever you are. But we can arrange face-to-face meeting at our offices or a location of your choosing.

Head Office

Floor 5, Cavendish House, 39-41 Waterloo Street, Birmingham, B2 5PP
Regional Spaces

Stirling House, Cambridge Innovation Park, Denny End Road, Waterbeach, Cambridge, CB25 9QE
13th Floor, Piccadilly Plaza, Manchester, M1 4BT
10 Fitzroy Square, London, W1T 5HP
Harwell Innovation Centre, 173 Curie Avenue, Harwell, Oxfordshire, OX11 0QG
1st Floor, Dearing House, 1 Young St, Sheffield, S1 4UP
White Building Studios, 1-4 Cumberland Place, Southampton, SO15 2NP
A national law firm

Like what you’re reading?

Get new articles delivered to your inbox

Join 8,153 entrepreneurs reading our latest news, guides and insights.


To access legal support from just £145 per hour arrange your no-obligation initial consultation to discuss your business requirements.

Make an enquiry