Our monthly round up of news items which help businesses understand the risks around AML and more
Criminals lose, compliance wins, the smarter way to safeguard your business.
Cyber Security
‘Mule as a service’ How cyber gangs could rent your customers to launder their cash
KELA’s “Mule‑as‑a‑Service” analysis lifts the lid on how money mules have been professionalised and commoditised inside the cybercrime ecosystem. Rather than slowly recruiting individuals one by one, high‑end scam and ransomware crews now turn to specialist providers who offer packages of pre‑screened mules, newly opened or taken‑over accounts, and scripted laundering routes across banks, fintechs and crypto platforms. These providers advertise in underground forums much like any SaaS vendor: pricing by geography, bank, risk appetite and throughput, bundling in device fingerprints, IP “warming,” and even customer support for criminals who want to move stolen funds at scale with minimal friction.
The model closes the gap between cyber compromise and cash‑out. Once credentials or funds are stolen via phishing, malware or account takeover, Mule‑as‑a‑Service networks handle the placement and layering, rapidly breaking down large fraud proceeds into thousands of small, real‑time transfers through mule accounts. That separation makes life harder for investigators: the front‑end scam, the mule network and the final laundering channels are often run by different groups, sometimes in different regions, each offering their piece “as a service” to whoever pays. It also means traditional AML controls that rely on historic transaction patterns and periodic reviews are often too slow: by the time typologies fire, the core network has already rotated devices, accounts and recruit cohorts.
For compliance, the key message is that mules sit at the intersection of cyber, fraud and AML, not inside any one silo. KELA and other analysts emphasise that the same indicators fraud teams watch sudden device changes, impossible travel, session anomalies, new payees added in bursts, social media driven recruitment demographics are often the earliest signals of mule activity. When those are combined with AML red flags such as rapid pass‑through of funds, circular flows across linked accounts, inconsistent customer profiles and exposure to known scam payment paths, institutions have a chance to stop laundering in real time rather than simply filing retrospective SARs.
To tackle these threats the following steps are necessary,
• Joint threat assessments where cyber, fraud and AML map how their existing controls see different parts of the same mule network
• Shared data and tooling, especially around device intelligence, behavioural analytics and network/graph analysis, to build richer risk signals for monitoring and investigations
• Targeted scenarios focusing on likely mule cohorts (students, newly arrived migrants, financially stressed customers) and products (instant payments, low‑friction wallets, small‑business accounts used as funnels) rather than only on large transactions.
For due diligence investigators, Mule‑as‑a‑Service also has implications at onboarding: RUS (Rapid Account Set‑up), minimal documentation from certain regions, repeated patterns in employer details or IP ranges used by multiple “unrelated” applicants can all point to industrial mule recruitment.
Comment – The need for an investigative mindset, technology and training continue to be a fundamental requirement for any professional operating to counter these types of threats.
Organised Crime
Europe’s New Organised Crime Priorities. Why EMPACT Matters for AML
Europe’s latest organised crime strategy offers a clear signal to compliance professionals: follow the money, not just the rules.
In June 2025, the Council of the EU adopted the crime priorities for the 2026–2029 EMPACT cycle, confirming that serious organised criminal networks, online-enabled fraud and economic and financial crime will drive coordinated enforcement activity across Member States over the next four years.
EMPACT (the European Multidisciplinary Platform Against Criminal Threats) is the EU’s main operational framework for tackling serious and organised crime, bringing together law enforcement, customs, tax and judicial authorities in joint Operational Action Plans. Economic and financial crime remains a specific priority area, covering VAT and MTIC fraud, excise and customs fraud, and intellectual property crime/counterfeiting, all offences that depend on laundering mechanisms and professional or corporate enablers to make illicit proceeds look legitimate.
For AML and due diligence teams in the UK and Europe, three practical points follow.
First, organised crime typologies need to be visible inside customer and business‑wide risk assessments, sectors exposed to VAT carousel fraud, complex cross‑border trade, counterfeit goods and high‑risk supply chains should not sit in “medium” risk buckets by default.
Second, enhanced due diligence should test how a customer or counterparty might sit within a wider criminal ecosystem, opaque ownership, weak commercial rationale, nominee roles and unexplained wealth are not just generic red flags but features of the criminal business models EMPACT is designed to disrupt.
Third, financial investigation and asset recovery are explicitly central to the new cycle, reinforcing the expectation that private‑sector firms provide quality information, robust monitoring and early escalation where patterns point towards organised criminal activity rather than isolated anomalies.
Taken together, the EMPACT priorities are a useful external benchmark. If a firm’s risk assessment, onboarding and ongoing monitoring bear little resemblance to the serious and organised crime threats now receiving coordinated EU attention, there is a gap that needs closing before criminals exploit it.
Comment -We can assist your business with purpose built or customised risk assessments, find out more here.
Regulatory
What’s the average fine for non compliance with AML?
It’s a question we are often asked, there is no stock answer and penalties can vary widely dependent on jurisdiction, business type and nature of the breach.
For estate and letting agents supervised by HMRC, the latest enforcement update (to 29 January 2026) shows 170 penalties totalling £835,842, implying an average fine of around £4,900 per firm, with individual cases ranging from low thousands to about £100,000 where registration and CDD failings were more serious.
Across the wider HMRC‑supervised population (including accountants, TCSPs, art market participants and other non‑financials), analysis of the same data puts average penalties for failures to register for AML supervision at roughly £5,500, with the highest recent fine at £104,000 and several others between £36,400 and £52,000.
For law firms, recent SRA enforcement round‑ups show most AML fines in the £10,000–£25,000 band, giving an implied average in the low‑ to mid‑five figures, but with headline penalties in the last year reaching six figures (for example, £300,000, £172,934, £120,000 and £114,006 for serious or persistent breaches).
By contrast, FCA AML cases against banks and larger financial institutions sit in a different league, with recent commentary noting fines “ranging from £17 million to £29 million” for control failures and 2025 enforcement reviews showing total AML penalties in the tens of millions, meaning individual outcomes routinely fall in the multi‑million range even though the sample size is small.
Various sources.
Comment – We help supervised firms strengthen their AML due diligence, investigations, and training so they can evidence robust CDD/EDD, mitigate reputational risk, and stay aligned with regulatory expectations.
Our new enhanced due diligence platform at EDD-Pro enables small businesses all the way to Compliance Teams streamline onboarding and investigations with integrated ID verification, structured searches, and investigator‑grade reporting.
