On 23rd January 2025, the Financial Conduct Authority (FCA) published the findings of its multi-firm review on how payment firms and account providers use the National Fraud Database (NFD) and money mule detection tools.
The review highlights inconsistencies in how firms report and detect money mule activity and calls for stronger fraud controls and better collaboration across the industry. In this article, our experts break down the findings in the report, plus key takeaways for firms.
What is Money Muling?
Money muling is a method of money laundering where individuals (often unknowingly) transfer criminal proceeds on behalf of fraudsters. Criminals use money mules to move stolen funds through the financial system, making it harder for authorities to trace the source of the money.
The FCA highlights money muling as a key enabler of fraud and financial crime, pointing to the National Economic Crime Plan 2 (2023–2026) and the UK’s Fraud Strategy, both of which identify mule activity as a serious risk.
Between January 2022 and September 2023, 194,084 money mule accounts were closed by firms, yet only 37% of these were reported to the National Fraud Database (NFD). It is this discrepancy that has the FCA’s attention.
How Firms Use the National Fraud Database
So, how are firms currently using the National Fraud Database? Firms in the review agreed that the NFD is a valuable tool in detecting fraud. But, as the above stats show, the FCA found that reporting rates vary significantly.
Some firms reported only a small percentage of identified money mules, despite having a similar volume of accounts to firms that reported a much higher proportion. One firm, for example, submitted just 6% of offboarded money mules to the NFD, whereas others reported more than 66%.
There were also differences in how firms used the NFD in their fraud monitoring processes. Most firms check the database when investigating suspected fraud cases, but only one firm in the review conducted real-time checks on customers during onboarding. This means that if new fraud markers were added to the NFD by other firms, most payment providers would not detect them until much later.
Some firms also used the NFD to screen new and existing customers but did not contribute to any of their own cases.
Another issue was firms applying internal policies that excluded certain types of fraud cases from NFD reporting. The FCA report makes it clear that all cases should be assessed on their own merits (not internal policies like customer age, location, or fraud value) and that firms should ensure their reporting decisions are well-documented and justified.
Use of Money Mule Detection Tools
Alongside the NFD, some firms use a money mule detection tool that traces fraud across payment networks. The tool generates alerts and provides a visual representation of how funds move between accounts, helping firms detect suspicious patterns.
The FCA found that firms took different approaches when responding to alerts. Many firms investigated first-generation alerts—where funds enter an account that is suspected to be part of a mule network—but some paid less attention to later-generation alerts, where the money is passed further along the chain.
Some firms also applied transaction value thresholds to determine which alerts they would investigate. While this helped filter out lower-risk cases, the FCA found that thresholds were not always set at appropriate levels, leading to missed opportunities to identify mule activity. The FCA recommends that firms review their thresholds to ensure they are calibrated to detect genuine risks.
Additional Findings on Fraud Detection
Beyond using the NFD and detection tools, the FCA identified other weaknesses in firms’ fraud detection processes.
Some firms did not routinely collect information on customers’ expected income or business turnover at account openings. Without this data, it is harder to detect unusual transaction patterns later. The FCA notes that gathering this information during onboarding can strengthen transaction monitoring systems.
The review also found cases where firms struggled to access customer identification documents, either because the records were archived or held by a third-party provider. The FCA advises that firms should be able to retrieve this information quickly when investigating suspicious activity.
While most firms in the review submitted Suspicious Activity Reports (SARs) to the National Crime Agency when they identified money mule activity, there were some cases where firms did not submit a SAR, despite clear risk indicators. The FCA reminds firms that timely reporting is essential to tackling financial crime.
Next Steps for Firms
The FCA expects payment firms and account providers to review their fraud detection processes in light of these findings, expecting all payment firms to take a proactive approach to improving their fraud controls. Firms that fail to meet expectations may face further scrutiny or regulatory action.
For firms looking to assess their fraud risk controls, strengthen transaction monitoring, or improve reporting processes, expert guidance from an API Compliance consultant can help meet FCA expectations.
Reach out to a consultant below using our form.
