Anti-Money Laundering (AML) , Fraud Management & Cybercrime , Geo Focus: Asia

Why Money Mule Accounts Keep Plaguing Indian Banks

RBI Pushes Banks to Enhance Mule Detection Capabilities
Why Money Mule Accounts Keep Plaguing Indian Banks
Image: Shutterstock

A growing number of legitimate banking customers in India are allowing their accounts to be used for money laundering. The governor of the Reserve Bank of India recently urged bankers to intensify their efforts to detect and shut down money mule accounts. The governor also called for robust cybersecurity practices, improved corporate governance and risk management.

See Also: OnDemand | Combatting Rogue URL Tricks: How You Can Quickly Identify and Investigate the Latest Phishing Attacks

Mule accounts are bank accounts used to receive funds from illegal activities and then transfer them elsewhere, serving as a conduit in the money laundering process. Money mules are an old problem in the world of fraud, but as fraudsters have transitioned away from opening accounts at physical locations, mules also have adapted to target digital banking.

A global rise in authorized payment scams has heightened scrutiny on money laundering and the role of mule accounts in the fraud ecosystem. Central to this shift is the ongoing debate about liability for reimbursing scam victims and who bears financial responsibility. A Nasdaq global financial crime report says that money mules are the engine behind a $3.1 trillion money laundering crisis, and 47% of all global financial crimes are related to money mule activity.

The RBI recently updated its master direction on KYC with new amendments that focus on improving controls to detect mule accounts.

Mule Activity in India

The Indian banking sector, like banks in other regions, struggles to find the best approach to detecting mule accounts used for money laundering. In the U.S. and Australia, mule problems are often linked to synthetic identities. But in India, legitimate Indian nationals open mule accounts and sell their use, making these accounts harder to detect during on boarding.

A recent BioCatch report analyzed 350 million sessions of bank customers in India and found that 55% of sessions were operated by third parties, indicating customers were unaware their accounts had been taken over for money laundering.

In reality, reported mule accounts may be only one-tenth of the actual number out there. Bureau, a global identity decisioning and fraud prevention platform, has detected nearly 300,000 potential mule accounts in the last six months after assessing accounts across some of India's leading banks.

Innovative Tactics

Banks face ongoing gaps and challenges in addressing mule accounts, even though the problem is not new. KYC is crucial for compliance with anti-money laundering regulations, involving customer due diligence to assess and monitor associated risks. But KYC alone is no longer sufficient as fraudsters innovate their methods.

"Mule account detection faces the challenge of easily bypassing existing KYC checks without raising any flags," said Ranjan R. Reddy, founder and CEO of Bureau. Previously, fraudulent activity followed account creation almost immediately, making detection easier. Today, fraudsters exploit dormancy, activating mule accounts after a significant lag, complicating detection.

Banks also struggle with innovating the KYC process. "Most banks treat KYC as a regulatory checklist item. Rarely do they cross verify these documents to check if the details are similar to that of a mule account detected in the past," said Ashutosh Mishra, IRM Level 4 and chief risk manager, NABARD.

The use of generative artificial intelligence has added to the problem of detecting mule accounts. The creation of synthetic identities has rendered traditional measures such as liveness checks, primary document verification, and other rudimentary security protocols less effective. "These accounts are used as mule accounts where proceeds of criminal activity pass through to stay undetected," Reddy said.

These technological advancements have given an impetus to the rapid institutionalization of fraud, evidenced by the structured and coordinated operations of organized crime networks. These networks operate like sophisticated businesses, leveraging technology, large-scale data breaches, and complex laundering schemes that use fraudulent tactics such as social engineering and phishing to prey on people's vulnerability and desperation.

What Banks Are Doing

Most banks have implemented some form of transaction monitoring, but they are typically static and lack a necessary risk-based approach to mitigate mule account dangers. "These solutions are reactive, coming into effect only after damage has occurred, making recovery difficult. Preventing mule accounts from entering the system is crucial," Reddy said.

NABARD's Mishra said that existing solutions lack the ability to evaluate customers based on behavior and transactions, making proactive detection challenging.

Vendors struggle to meet Indian banking criteria, especially public sector banks. "Most vendors are startups or headquartered in North America, with limited understanding of Indian banking operations. They often fail to meet bank criteria," Mishra said.

Public sector banks require solution providers to operate in India for a minimum of three years before deploying their solutions. They also mandate service to banks with a substantial customer base, which is often challenging for non-Indian banks.

The Way Forward

While regulators and banks are serious about this, they cannot look at prevention measures purely from the point of view of compliance. They must address the challenges with a genuine intent of protecting their customers and solving the core issues of identity fraud and account takeovers, not just the symptoms.

One way of doing this is to prescreen customers with effective AI-powered mechanisms even before they onboard them and start the KYC process, Reddy said. "This means that banks and FIs need to move away from just government database checks and implement a more robust ecosystem where every user's digital identity is evaluated with a combination of device-level interactions, their online behavior and transactional history."


About the Author

Suparna Goswami

Suparna Goswami

Associate Editor, ISMG

Goswami has more than 10 years of experience in the field of journalism. She has covered a variety of beats including global macro economy, fintech, startups and other business trends. Before joining ISMG, she contributed for Forbes Asia, where she wrote about the Indian startup ecosystem. She has also worked with UK-based International Finance Magazine and leading Indian newspapers, such as DNA and Times of India.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing careersinfosecurity.asia, you agree to our use of cookies.