Leveraging Partnerships and Technology to Tackle Money Mules

On 9 and 10 December 2025, the Centre for Finance and Security at RUSI and the Center for Financial Integrity (CFI) convened a third meeting of the Taskforce on Public–Private Partnership in Fighting Financial Crime in Ukraine. Fifty participants, including representatives from the public and private sectors in Ukraine and a number of international experts, gathered for two days of in-person meetings in Warsaw. The discussions focused on the use of so-called money mules in Ukraine, as well as available mitigation measures offered by public–private partnerships (PPPs) and regulatory technology (RegTech).

Participants developed recommendations for understanding, preventing, detecting and responding to the money mule threat in Ukraine. This Insights Paper summarises the main findings of the meeting. None of the discussions at the meeting are attributable to any specific individual or organisation. Unless otherwise indicated, statements in this paper reflect points raised during the discussions.

Introduction

As outlined in a recent paper published by the CFI, money mule schemes have become a significant financial crime issue in Ukraine, particularly following the start of Russia’s full-scale invasion.

Money mules are individuals whose bank accounts, payment cards or personal data are used to move illicit funds, but who are generally not involved in either the underlying criminal activity generating proceeds or the predicate crimes. Some knowingly allow their accounts to be used in exchange for payment, and some become involved through others’ deception or without fully understanding the consequences. In all cases, money mule accounts are used to fragment financial flows and make illicit activity harder to trace.

The CFI paper reviews the impact of the money mule threat on individuals, the financial system and public finances. Estimates suggest that more than UAH 200 billion ($4.8 billion) flows through money mule schemes each year, resulting in up to UAH 50 billion ($1.25 billion) in lost tax revenues. These losses directly affect the resources available for the military, social services and reconstruction.

Understanding the Threat

A robust understanding of the nature and broader environment of money mule activity was described at the meeting as a prerequisite for an effective response.

Money Mule Typologies

There is no single money mule profile. While it is often believed that money mules are usually young or elderly, one of the participants reported that individuals aged between 25 and 40 are also increasingly exposed. Several participants distinguished between individuals who are unaware that their accounts are being used for illicit purposes and those who knowingly allow their accounts or payment instruments to be used in exchange for payment. In either case, individuals frequently do not fully understand the legal and financial consequences of such activity.

Recruitment methods discussed included a range of scams and social engineering techniques. For example, certain targets were led to believe that they were assisting displaced persons from Eastern Ukraine who purportedly could not access banking services. Recruitment methods adapt quickly to social conditions and are difficult to counter through static controls.

Participants also highlighted the misuse of social media and messaging platforms in facilitating money mule recruitment. Ukraine’s high level of digitalisation was described as amplifying the reach of online advertisements that offer to buy bank cards or accounts, sometimes with falsified bank logos.

In response to these risks, retail banking products for younger customers have been restricted in recent years, particularly accounts available to individuals aged 14–16, who do not face criminal liability under Ukrainian law and might thus be at a higher risk of being targeted to become money mules. However, as indicated above, participants noted that recruitment efforts had shifted towards other age groups.

Predicate Crimes and Criminal Ecosystems

Participants cautioned against viewing money mules in isolation. Money mule activity was described as one element within broader criminal ecosystems, rather than as an end in itself. Discussions linked money mule schemes to multiple predicate offences generating criminal proceeds, including fraud and tax evasion. The prevalence of informal economic activity and tax evasion contributes to an environment in which money mule schemes can operate, suggesting deeper structural challenges beyond the financial sector.

There was no consensus as to the usual origins and destinations of criminal proceeds laundered through money mule networks in Ukraine, or as to which of the following three categories they most commonly fall under: proceeds generated in Ukraine and retained domestically; proceeds generated outside Ukraine and laundered through Ukrainian accounts; or proceeds generated in Ukraine and transferred abroad.

Transnational organised criminal groups deliberately exploit for money muling jurisdictions where account opening processes are rapid and transaction monitoring is less stringent, as transactions are less traceable in such jurisdictions. Meeting participants agreed that some of Ukraine’s financial institutions offer near-instant account opening with limited initial checks, relying primarily on post-onboarding monitoring. They noted that stricter application in Ukraine of know-your-customer (KYC) requirements at the onboarding stage could significantly reduce the misuse of accounts for money muling.

Money mule typologies can provide insight into the structure and sophistication of underlying criminal activity, helping financial institutions and law enforcement to better detect and investigate such activity. For example, empirical research from the Netherlands was cited to illustrate how money mules operate within wider criminal networks. The study, based on bank transaction data, shows that money mules are typically positioned at the periphery of criminal networks and are used to obscure links to organisers. It distinguishes between lower-tech schemes, which rely on a larger number of predominantly domestic money mules, and more sophisticated schemes, which tend to involve fewer mules and greater use of cross-border or business accounts.

Threat Level

There was no consensus among participants on whether the overall number of money mules in Ukraine was increasing or decreasing. Some participants reported a year-on-year increase in detected cases, while others described changes in typologies and recruitment methods rather than a clear growth in absolute numbers.

Building a Joint Understanding

Participants agreed that further work is needed to better understand the scale and drivers of money mule activity, particularly with respect to the organisers (also known as ‘herders’) who play a central role in money mule networks. Improving data collection, analysis and information sharing across the public and private sectors was seen as essential to developing a more accurate and comprehensive picture of the threat.

Concerns were raised about limited communication channels between NGOs, banks, platforms and public authorities. Reporting of fraudulent content was described as resource-intensive, with limited administrative capacity to address large volumes of cases.

PPPs were discussed as a means of consolidating insights across institutions. For example, the Lithuanian Centre of Excellence in Anti-Money Laundering (AML) convenes regular meetings between banks, the country’s financial intelligence unit (FIU), police and other stakeholders, and publishes aggregated data on detected cases and prevented losses.

Detection and Response

A large part of the discussion addressed measures taken by public and private stakeholders, both in Ukraine and globally, to detect and respond to money mule activity in line with AML standards and fraud controls.

Current Efforts in Ukraine

Experts from Ukraine described measures they had taken to mitigate the risks associated with money mules, under the supervision of the National Bank of Ukraine (NBU). These measures include:

• Risk assessment

During onboarding, Ukrainian banks collect identification data directly from clients and supplement it with information from external sources – including state registers, Diia (the government’s digital public services platform), BankID (a bank-based electronic identification system) and data aggregators – and open source and media information, in order to form an initial risk profile. This is then combined with transaction monitoring and customer service data to assess overall customer risk. Risk assessments vary across institutions, reflecting differences in risk appetite and customer history, and this means that the same individual may be assessed differently by different banks.

• Scenarios 

Banks create and continuously update scenarios that may indicate a money mule, either at account opening or at a later point. The latter situation was described as more difficult to detect or anticipate since a customer who later allows their account to be used by third parties may otherwise have a low risk profile.

• RegTech

RegTech solutions can be used to combine data from multiple sources (including KYC data, transaction data and device information) to detect behaviours that may be indicative of money mule activity. Several banks referred to device-based controls used alongside traditional AML monitoring, including the tracking of changes in devices and email addresses, and the continuous updating of detection scenarios.