Hard stats:

• More than 225,000 people were identified as “money mules” for letting criminals use their accounts to launder funds last year, raising concerns at the UK financial watchdog after a 23 per cent increase from a year earlier.
• The Financial Conduct Authority said it recognised the “scale of the challenge” in tackling the fast-growing problem of money mules and their pivotal role in enabling the rise in fraud — which rose to a record 45 per cent of all UK crime in the year to March.
• The watchdog told the Financial Times it surveyed 37 of the biggest banks and payment companies and found they had closed the accounts of 226,957 people identified as money mules last year — up from 184,935 a year earlier.

Andrea Bowe, a director at the FCA overseeing its work on fraud and financial crime, said the watchdog was working with financial firms, law enforcement and international counterparts. The regulator is also eager for tech companies to do more, given recruitment of mules often happens on social media, she said.

“We recognise the scale of the challenge in tackling fraud generally, which is why fighting financial crime is one of the pillars of the new strategy announced this year by the FCA,” she said.

Research released on Thursday by the Royal United Services Institute, a security think-tank, has found money mules are playing a “significant role” in enabling fraud to become “a national security threat, undermining the rule of law and threatening the financial sector”.

The RUSI research, based on data from Lloyds Banking Group, urged financial services companies to share more real-time data to tackle the problem, particularly as more than half of funds received by money mules is paid out within an hour.

Fintechs and digital banks are particularly exposed to the risk of money mules, the research found. RUSI said banking-as-a-service (BaaS) companies that provide payment or lending services to other fintechs were particularly exposed — receiving 10 per cent of payments it tracked from money mule accounts.
​
“New entrants to the market, such as BaaS providers, also appear to be being exploited by fraudsters,” RUSI said. “This calls for a robust regulatory response.”

The Lloyds data showed that 57 per cent of the funds flowing through money mule accounts exited via the UK’s Faster Payment system to other accounts and 20 per cent by value went to a single digital finance firm, which was unidentified.
About 10 per cent of the funds were withdrawn from money mule accounts in cash via ATMs or branches, RUSI said, while nearly a fifth went on debit card payments, including some to international money transfer companies. A much smaller amount, less than 1 per cent, went to cryptocurrency exchanges.

“While it has been known about for many years, there are signs that the number of money mules is growing,” said Kathryn Westmore, senior research fellow at RUSI. “It is generally like a game of whack-a-mole, where you tackle it in one area and it pops up in another.”

However, despite rising concern about the issue, there has been a sharp fall in the number of money mules being reported to the UK national fraud database, which can result in the person being blocked from opening another bank account for six years.

• The number of money mules reported to Cifas, the fraud prevention agency, fell 17 per cent in the first half of this year to 16,017, compared to the same period a year ago. This was almost entirely due to a 34 per cent drop in filings of money mules aged under 21 and a 19 per cent drop in those aged 21 to 30.

Industry experts say the sharp drop in money mule reporting reflects calls by the authorities for financial firms to treat vulnerable customers better instead of any reduction in fraud or in the targeting of young people to launder funds.

“The key driver here is very large regulated entities responding to changing guidance from a regulator — that is borne out in the significant drop in filings relating to younger people,” said Simon Miller, director of policy, strategy and communications at Cifas.

The government said last year it would work with banks and local authorities to ensure “vulnerable or exploited people” were not removed from the banking system. The FCA this year urged firms to improve how they treat customers in vulnerable circumstances.

​Miller said the drop in filings could also partly reflect a change in Cifas reporting rules to avoid banks filing cases where they only suspect someone of being a money mule rather than having evidence they were complicit — but this was thought to have only had a marginal effect.

He added that more money mules were being trained by their recruiters in what to tell banks when they are questioned, which may have contributed to the lower number of filings. More people are handing over their identities to allow fraudsters to open separate accounts in their name.
​
Ben Donaldson, managing director for economic crime at trade body UK Finance, said many money mules were tricked or coerced into it without knowing it is a crime for which they could be imprisoned, even though few are convicted. “I don’t think we can say all mules are victims but certainly many mules are victims, so it’s a complicated problem,” he said.

Source: ​https://www.ft.com/content/6f517e05-0561-442f-842f-72eba8d125f3

A very interesting case study / typology for fast growing digital banks, payments firms and crypto-asset services providers and indeed any fintech in any country where there are anti-money laundering requirements.

A few days ago our Peter Oakes wrote a piece on Linkedin about Monzo Bank's continuing plans to establish an authorised bank in Ireland.  See https://www.linkedin.com/feed/update/urn:li:activity:7347556992883843072.

Today the UK Financial Conduct Authority issued an enforcement notice and fine of £21mn against the rapidly growing digital bank.

Hope this short blog helps financial crime professionals and MLROs with some useful thought for AFC training and the typology library.


📈 As Growth Accelerates, So Must Your Controls
Rapid client onboarding and frequent product rollouts increase exposure to money laundering (ML) and terrorist financing (TF) risk. Firms often focus on scaling—the tech stack, user experience, marketing—while compliance lags. Regulatory expectations, however, demand that internal controls scale simultaneously. Digital banks must avoid the “too little, too late” trap.

A detailed, documented risk assessment underpins everything: products, client segments, geographies, channels. That assessment must inform transaction monitoring rules, reporting thresholds, enhanced due diligence, ongoing review, staff training, management information (MI), and audit cycles.

🛡️ Foundation: AML/CTF Risk Assessment
* Per Irish and EU standards, and echoed in Central Bank of Ireland guidance, your AML/CFT framework must include key elements:
* Thorough risk assessment at the outset and with any material change (new product, geography, channel)
* Board and senior management oversight with regular MI and challenge sessions
* Tailored governance, controls, training, and testing based on risk
This creates the durable infrastructure needed for AML resilience.

🧱 Case Study: Monzo’s £21M Fine for AML Failings
In June 2025, the FCA levied a £21 million penalty on Monzo, citing systemic weaknesses in financial crime control frameworks as the firm scaled its product footprint.

The FCA’s Final Notice (link below) highlighted:

• Insufficient customer risk profiling
• Flawed transaction monitoring
• Under-resourced compliance function

👉 Access the case materials from FCA:
“FCA fines Monzo £21 m for failings in financial crime controls”

• FCA's Final Notice - https://www.fca.org.uk/publication/final-notices/monzo-bank-limited.pdf
• FCA's Press Release - https://www.fca.org.uk/news/press-releases/fca-fines-monzo-21m-failings-financial-crime-controls  

This is a red flag for high-growth fintechs: internal control gaps are not just theoretical—they trigger high-profile enforcement.

🧭 Key Tactical Takeaways

• Embed risk assessment into product development and expansion
• Treat each new product or market like a mini ML/TF risk assessment project.
• Strengthen transaction monitoring in pace with growth
• Ensure value, frequency, and risk coverage evolve with transaction volumes.
• Elevate compliance’s role in tech decisions
• Document regtech capabilities and embed regular health checks.
• Invest in MI for senior leadership and board visibility
• Highlight top risk trends, STR volumes, alert outcomes, and audit results.
• Audit governance effectiveness frequently
• Compliance committees, challenge sessions, and record-keeping must be independently reviewed.
• Prepare for external audit and supervisory attention
• Firms like Monzo have shown regulators won’t hesitate to name and penalize.

✍️ Final Word for MLROs
As MLROs at high-growth firms, your role is to translate risk into action. Ensure your AML/CFT framework is not just documented—but truly operational across all products and regions. Be proactive, visible, and predictive.

​​Thank you to our money laundering typology guest contributor who is a senior AFC professional working in Ireland on international financial crime matters.  This person freely gives time to source interesting typologies and analyses them for our visitors. Contact us if you would like to do likewise, whether anonymous or credited.

Metro Bank fined £16.6m for failings over money laundering checks

1. Summary

• i. Metro Bank was fined £16.6 million by the UK’s Financial Conduct Authority (FCA) for serious failings in its anti-money laundering (AML) systems and controls between June 2016 and December 2020. These deficiencies affected over 60 million transactions, collectively valued at more than £51 billion.
• ii. The issues primarily arose from flaws in Metro Bank’s automated transaction monitoring system, introduced in 2016. Due to data input errors, the system failed to flag transactions on the same day accounts were opened and missed other high-risk activities until records were updated. Despite concerns raised by junior staff in 2017 and 2018, these problems persisted, with only partial fixes implemented in 2019 and full resolution achieved in late 2020.
• iii. The FCA noted that the prolonged lapses in Metro Bank's controls created significant vulnerabilities in the UK's financial system, exposing it to criminal exploitation. Metro Bank has since updated its processes to address the deficiencies and strengthen its AML framework.

2. What’s interesting
i. The Metro Bank case provides critical lessons for AML professionals, highlighting key areas of interest:

• Challenges with Automated Monitoring Systems: The failure of Metro Bank's transaction monitoring system due to input errors illustrates the risks of over-reliance on technology without robust validation and ongoing oversight. AML professionals must ensure data accuracy and conduct regular system audits to prevent similar issues.
• Escalation and Governance Shortcomings: Despite junior staff raising concerns about the system's performance as early as 2017, meaningful action wasn't taken until years later. This underscores the importance of having strong escalation mechanisms and responsive governance structures to address identified weaknesses swiftly.
• Regulatory Expectations for Proactive Risk Management: The FCA highlighted that prolonged lapses in addressing AML deficiencies significantly increase exposure to financial crime. AML professionals should note the regulator's emphasis on proactive risk identification and timely remediation as non-negotiable compliance standards.
• Impact of Deficiencies on Financial System Integrity: Over £51 billion in transactions were inadequately monitored, exposing the system to exploitation by criminals. This reinforces the importance of comprehensive controls to safeguard the financial ecosystem, particularly for high-risk activities like account opening and large transactions.
• Fines and Reputational Risk: The £16.6 million fine and public criticism demonstrate the severe consequences of AML failings, serving as a warning about the financial and reputational damage that can result from non-compliance.

​
ii. This case highlights the critical need for robust systems, effective governance, and a culture of vigilance to maintain strong defences against money laundering risks.

Source: ​ https://www.ireland-live.ie/news/city/1653413/metro-bank-fined-16m-for-failings-over-money-laundering-checks.html