The opinions expressed here are those of the authors. They do not necessarily reflect the views or positions of UK Finance or its members. 

Highly effective checks through the customer journey have refocused mule activity toward good, already onboarded customers. Those low-risk individuals with well-established accounts, who don’t fit the typical mule profile and wouldn’t be subject to additional checks. 

It’s here, within existing account portfolios, where modern muling hides. 

In fact, 75% of would-be mules are missed by point-of-application checks. And, on average, it takes eight months for money mules to be intercepted within boarded accounts that have been harvested. Even when new account creation is involved, tactical dormancy is commonplace, with fresh recruits waiting until typical post-onboarding checks have long been completed.

This shift marks a new reality for banks. The next frontier of mule detection isn’t at onboarding, but within live accounts - where risk evolves slowly and hides in plain sight.

What happens before a good customer becomes a fraudulent one?

Long-game fraud strategies and atypical targeting raise an important question: what happens before a good customer becomes a fraudulent one?

Someone doesn’t become a financial criminal overnight. They may be under pressure, coerced, or deceived. They may start as a victim of exploitation and end up a reluctant mule. They may slowly shift towards riskier behaviour or become a single node in a larger APP-scam network.

Regulators, banks, and consumers are paying closer attention to this nuance - the space between “good” and “bad.” The growing overlap between terms like money mule and victim of financial exploitation reflects that shift.

Whatever signals your customers send, you must see them early

And, feed those signals into a treatment strategy that distinguishes exploitation from intent to balance mule defence with victim protection.

What we know about mule risk within boarded accounts shows why that distinction matters - and what’s at stake when it’s missed.

Because when mules do emerge, they move quickly. A recent RUSI study found that less than 15% of funds linked to money mules stay in an account for over 24 hours. That could be a vulnerable person losing savings to an APP scam, or your bank’s network used to launder money for organised crime. 

Either way, you want to know – and know quickly. 

Seeing shifting risk in real time

Running such a strategy makes sense in principle - but is demanding in practice. To capture nuance, not noise, you must be exacting about the datasets you use to detect new information that might shift an account’s risk. You want to:

• Analyse high-risk connections, such as links to confirmed or suspected mules, to identify recruitment activity earlier.
• Cross-reference financial behaviour across loans, credit ratings, and wider sector intelligence to surface early signs of vulnerability.

Equally, some of the most valuable signals come from beyond the four walls of the fraud department. Digital, customer service, and product teams hold data that puts fraud and financial crime patterns into context.

For example, a customer might pass all fraud checks yet show a sudden change in mobile device, a drop in app logins, and multiple calls about moving funds abroad. Individually, none of these details raise concern. Together, they point to coercion - a customer on the cusp of becoming a mule, unwitting or willing. 

When fraud intelligence and wider business data are joined up, banks can interpret these grey areas with greater clarity and intervene before a victim becomes a risk.

Turning complexity into confidence with collaborative data 

Meeting the demands of rising on-book account risk adds another layer of complexity for teams already managing rapid change, sophisticated AI-driven threats, and commercial pressure.

But the data gathered through ongoing screening can become a powerful strategic asset. 

It can automate referrals and sharpen prioritisation - deciding which investigations deserve the deepest focus and in what order. It can enhance downstream defences by triggering further monitoring or blocking in-flight payments with greater accuracy.

Crucially, it does this without discriminating against good customers, missing signs of vulnerability, or allowing mule risk to stay hidden within existing account frameworks. Used intelligently, this data gives banks the power to detect risk earlier, act proportionately, and protect both customers and trust in equal measure.

The new frontier of mule prevention lies within the accounts you already know. The banks who prioritise connected, collaborative intelligence will be the ones who see the change coming first.