How Hong Kong is Tackling the Money Mule Threat

Industry experts discussed the growing sophistication of money mule networks and the complexities of detecting and offboarding suspicious accounts.

Hong Kong financial institutions (FIs) are working to improve their detection and prevention of money mule schemes as they face increasing challenges driven by sophisticated organised crime gangs and a rapidly evolving regulatory landscape.

Regulation Asia and NICE Actimize hosted a roundtable discussion in May, bringing together experts from banks and other FIs in Hong Kong to discuss these pressing concerns and the specific challenges they face. The participants acknowledged that the problem of money mules is growing.

“Regulators are laser-focused on this, given the massive growth in scams and people losing their entire savings,” said Hannah Cassidy, a partner at Herbert Smith Freehills Kramer. “They are tackling it in a number of ways. We’ve seen similarities across Asia and globally.”

Singapore, Thailand, Indonesia, Philippines and India are all actively introducing measures targeting money mules, including those operating in the digital asset space. Singapore for example is increasing penalties and considering introducing caning as a sanction for scam-related offences.

Faster Payments

The roundtable participants raised concerns about the continuous recruitment of new money mules, and the speed at which their accounts can be activated and used to transmit funds across accounts and different banks, including overseas. One participant noted that Malaysian and Thai regulators are requiring real time payment interdiction from banks for the purposes of stopping money mules.

In some other jurisdictions, like Australia, banks are adding friction back into the payment process to slow things down. One participant noted that filtering and screening controls cannot be imposed on fast payment systems like Hong Kong’s FPS, which allow instantaneous fund transfers, meaning the funds are dissipated almost immediately.

Cassidy highlighted that Hong Kong authorities have been working with banks since 2023 to introduce pre-transaction alerts on banking platforms whenever a payee’s FPS proxy ID (e.g. mobile number, email, FPS ID) are listed as high-risk on Scameter, an anti-fraud search engine launched by the Hong Kong police in 2022.

The Scameter data available to banks has recently also been expanded to allow them to identify more suspicious accounts, and banks have been instructed to combine this data with their network analytics capabilities to identify and share data on any mule account networks they identify. 

Meanwhile, the Hong Kong Monetary Authority (HKMA) is also preparing to commence work on developing a new platform that will be able to apply analytics to payment data from different banks to identify hidden suspicious accounts and find flows that could be indicative of mule activity.

Detection Technologies

The roundtable also explored the use of technology in detecting and preventing money mule schemes. Matthew Field, APAC Market Director for AML at NICE Actimize, discussed the evolution of detection methods, from simple transaction-based rules to entity-centric analytics and network analytics.

“As we’ve evolved, it took from 2004 to about 2018 to really start focusing on entity centric analytics … focusing on the behaviour of not only the individual or the entity we were looking at, but their peers and other similar entities that provide red flags around certain behaviour,” Field explained.

This led to further advancements such as the use of network analytics. However, Field said current network analytics initiatives still face challenges in being productionised due to scale and return on investment issues. He discussed the use of “community analytics” to help.

“A mule ring is a community of accounts, entities, individuals,” he said, pointing to the success of using “community analytics” to identify networks of mule accounts within individual institutions and interrogate suspected mule rings and their complex structures.

Field stressed that the industry isn’t doing enough to disrupt financial crime because there is too much focus on “chasing alerts” on individuals and not the complex structures through which money mules operate. “You don’t have a mule ring of just individuals who know each other socially or anything like that. It’s organised crime gangs that operate in fairly complex structures.”

He shared an example of a large foreign bank in Japan that was unaware that hundreds of its accounts were being advertised on the dark web as on-the-shelf muling vehicles until it was notified by the regulator, following a targeted law enforcement operation against an organised crime group in the country.

In another example, Field said a Spanish bank was experiencing difficulty identifying mule accounts that it knew existed within its customer base. The bank was ultimately able to detect 21 new mule rings, as well as hundreds of their participants, through a combination of transaction monitoring and community analytics.

Information Sharing

Another key approach to improve money mule detection and prevention involves enhancing information sharing between FIs. “Individually, we have a huge amount of data on customers and mule networks,” said Cassidy. “Part of the HKMA’s approach is to think about how they can leverage that data and move away from FIs working in silos, and sharing more of that data.”

In Hong Kong, the FINEST platform, launched in June 2023, has been successful in enabling banks to more quickly identify suspicious accounts and take appropriate action. The platform, however, has so far been limited to corporate account information, tackling only part of the problem, as many mule accounts tend to be opened by individuals.

Since early last year, the HKMA has been working on legislative amendments to create a safe harbour for banks to be able to also share information about personal accounts, provided certain thresholds are met and safeguards are in place to protect the confidentiality of that information.

The legislative initiative, which recently passed in Hong Kong’s Legislative Council, has two main pillars:

1. Pre-suspicion sharing: Allows banks to request information to resolve concerns when they have “reasonable grounds to believe” the recipient bank has relevant information
2. Post-suspicion sharing: Enables proactive sharing via FINEST when there are “reasonable grounds to believe” a party is involved in prohibited conduct

The pre-suspicion information may be disclosed on a bilateral or one-to-many basis through FINEST or other secure platforms to be designated by the HKMA. The legislation is expected to be fully functional by the end of 2025.

Voluntary Scheme

Some participants expressed concerns about the voluntary nature of the proposed information sharing scheme, saying that banks may be hesitant to actively participate due to potential litigation risks from victims.

“If banks fail to comply with the conditions specified in the legislation, they will not be protected from litigation by the ‘safe harbour’,” Cassidy said. “It’s up to the banks to be sharing information and taking the appropriate steps. But it will form part of the HKMA’s supervisory work to see the level of engagement by different banks. If there are some banks that are not particularly active, they will likely be strongly encouraged to be more active.”

The accuracy and reliability of information shared was also highlighted as a concern, as is the potential for victims to access this information in pursuit of legal action against banks. “If I were a lawyer representing a plaintiff who lost money from a scam, one of the things I would try to discover is whether or not the bank was privy to information in a database that they chose to ignore,” one participant said.

The participants touched upon the ‘Quincecare’ duty, a legal principle that requires banks to exercise reasonable skill and care when executing a customer’s agent’s payment instructions. Customers are increasingly looking to the courts to find banks liable for failing to prevent fraudulent transactions, even when the customer has authorised the payment.

The discussion highlighted the tension between preventing fraud and avoiding the disenfranchisement of individuals, with the increasing number of court cases adding another layer of complexity to this balancing act.

De-Banking Concerns

Another key concern expressed by the roundtable participants is the potential for the new platform to create a de-facto “blacklist” of individuals, which could result in them being cut off from the financial system.

One participant noted that there is tension between the formation of that blacklist and also the desire for banks to avoid prematurely offboarding or de-banking individuals. “Whilst the legislation is going through, there’s a big piece of work that the HKMA needs to do in terms of producing guidance around how it should operate in practice,” she said.

Banks have asked the HKMA to provide guidance on their expectations around offboarding, as well as around rehabilitation programmes for individuals who may have been unwittingly involved in mule schemes, for example students or people in financial distress who are sucked into crime networks.

Another participant expressed concerns that the overcautiousness of banks, driven by the new information sharing platform, could lead to individuals being unfairly shut out from receiving financial services. “If you have somebody who is identified on this type of a list, you can’t ignore that information,” he said.

“If that person is a recidivist, if they do it again, you’re going to have to defend your decision to onboard them and offer them services. Uncertainty around how a person will behave in the future is going to cause banks to defer to the list and err on the side of caution. So we will have people who will be shut out from receiving services, either because of a mistake that they made, or because of the overcautiousness of the banks”.

Loss Compensation

The participants also discussed loss compensation, a key area of regulatory focus in APAC and elsewhere. The UK has implemented an Authorised Push Payment (APP) fraud compensation scheme, requiring institutions involved in the payment flow to reimburse victims who have authorised transactions but were duped.

Singapore now has a shared responsibility framework in place which apportions responsibility between banks and telcos, and Australia passed legislation in February to introduce a new scam responsibility framework of its own.

The Hong Kong Monetary Authority (HKMA) is likewise considering a shared responsibility framework and plans to consult on the matter later in 2025. While not favouring the UK model, the regulator is reportedly putting pressure on banks to consider compensating victims of scams and fraud in certain cases.

Moving Forward

As money mule networks become more sophisticated and their tactics more elusive, FIs throughout Asia need to stay a step ahead. The challenges of detecting and offboarding suspicious accounts demand innovative solutions that not only identify these risks in real time, but also streamline investigations and triage efforts.

Embracing advanced analytics powered by AI and machine learning can fundamentally transform how FIs safeguard their operations from the cascading effects of fraud. This strategic approach is critical in mitigating both financial losses and reputational harm, enabling a more resilient defence against ever-evolving criminal schemes.

The roundtable highlighted that continued collaboration is needed between FIs, regulators and technology providers to combat the evolving threat of money mules. According to the participants, the key areas of focus moving forward should include:

• Leveraging advanced technologies like community analytics
• Enhancing information sharing frameworks, including cross-border
• Developing clear guidance on offboarding money mules and rehabilitation practices
• Establishing fair and consistent compensation frameworks for victims

The roundtable participants acknowledged that the proliferation of money mule activity, and the organised crime underpinning it, is largely driven by scam centres operating in some Southeast Asian countries, which generated an estimated USD 40 billion in 2023 alone, and have continued to expand their operations globally.

NICE Actimize’s Scams and Mule Defense solution is designed to monitor the entire customer lifecycle, leveraging cutting-edge technology to detect anomalous behavior, swiftly intercept suspicious transactions and prevent the exploitation of vulnerable accounts.

—

For more insights in the APAC region, download the AML Barometer Report 2025