Money laundering poses a persistent and significant threat to the global financial ecosystem, and India is no exception.

Criminals rely on mule accounts to launder the proceeds of their crimes. These legitimate accounts at legitimate financial institutions (FIs) act as conduits to move and disguise funds obtained through fraud, cybercrime, and other illegal activities. In many cases, the owners of these accounts remain unaware they’re committing a crime by receiving and then transferring away third-party funds.

The regulatory tightrope: Mandates vs. restrictions

India has established a multi-layered regulatory framework aimed at combating money laundering and associated financial crimes. Banks are mandated to be vigilant:

1. Prevention of Money Laundering Act (PMLA, 2002): This foundational act requires banks to implement stringent Know Your Customer (KYC) and Customer Due Diligence (CDD) measures, maintain transaction records, and report suspicious activities promptly to the Financial Intelligence Unit of India (FIU-IND).
2. Reserve Bank of India (RBI) master directions: The RBI mandates robust KYC/AML standards, including continuous transaction monitoring using technology, periodic risk assessments, identification of unusual patterns, and enhanced due diligence for high-risk accounts.
3. Financial Action Task Force (FATF) recommendations: As a member, India aligns with FATF's emphasis on a risk-based approach, highlighting the importance of transaction monitoring, sanctions screening, and leveraging technology.
4. FIU-IND guidelines: These provide specific instructions on reporting suspicious transactions (STRs), encouraging advanced analytics and mechanisms to prevent tipping-off criminals.
5. Indian Cybercrime Coordination Centre (I4C) Guidelines: These focus on combating cyber-enabled financial crimes, urging banks to use cybersecurity tools, monitor accounts linked to fraud, collaborate with law enforcement, and raise customer awareness.

These regulations clearly obligate banks to identify and report suspicious activities indicative of money mule operations. However, taking immediate preventative action faces a significant roadblock.

The operational hurdle: The PMLA restriction and its ripple effects

The recently released Indian Banks’ Association (IBA) Working Group Draft Framework on Money Mule Accounts explicitly highlights a critical operational challenge stemming directly from the PMLA itself. As noted in the framework's suggestions (Section 16):

“... as per the Prevention of Money Laundering Act (PMLA), banks do not have the authority to freeze or block customer accounts without proper authorisation from a court or Law enforcement agencies (LEAs).”

This restriction creates a crucial time gap between a bank detecting a highly suspicious account potentially operating as a mule and receiving the necessary authorization (often under Section 102 of the CrPC) to freeze or block it. Fraudsters are adept at exploiting this delay, swiftly moving illicit funds through and out of the detected accounts, often rendering sophisticated detection systems ineffective at preventing the actual financial loss or laundering activity.

This puts banks in a difficult position. While mandated to monitor and report, they are simultaneously constrained from taking immediate preventative action on their own initiative due to PMLA. Furthermore, even when an account is frozen under LEA direction, banks face another hurdle: They cannot release the frozen funds back to the victim without explicit court orders (typically sought by the victim under Sections 451/457 CrPC). Releasing funds prematurely, even to a presumed victim, could expose the bank to significant legal and financial liability if the release is later deemed unauthorized by the courts. This underscores the legal tightrope banks must walk.

Current mechanisms and their limitations

Banks currently employ several mechanisms to tackle mule accounts (as detailed in Section 3 of the IBA framework):

• KYC and CDD: Verifying identity and financial profiles
• Transaction monitoring systems (TMS): Often rule-based systems flagging large transactions, structuring, high velocity, or high-risk jurisdiction transfers
• Suspicious transaction reporting (STR): Reporting unusual activity to FIU-IND
• Sanctions screening: Checking against blacklists.
• Cross-border transaction alerts: Monitoring international transfers

However, these face challenges (Section 4, IBA Framework):

• High rate of false positives: Rule-based systems overwhelm compliance teams.
• Latency in detection: Non-real-time systems allow funds to move before detection/action.
• Limited data integration: Difficulty incorporating external data for better risk assessment
• Adaptation by criminals: Static rules fail to keep pace with evolving tactics.
• Resource constraints: Smaller banks may lack advanced systems or personnel.

This combination of regulatory restrictions, potential bank liability, and inherent system limitations underscores the difficulty banks face in effectively combating money mules.

The victim's uphill battle: Navigating the recovery maze

While banks grapple with detection and freezing limitations, the journey for the consumer – the victim of the fraud – is often arduous and lengthy, even after the authorities manage to freeze an account containing their stolen funds. The freeze itself merely secures the money. It doesn't automatically return it.

Here's a glimpse into the typical path a victim must navigate:

1. Reporting the crime: The first step involves reporting the fraud to the police and/or the National Cyber Crime Reporting Portal (NCRP).
2. Investigation and freeze: Law enforcement investigates the complaint. If they trace the funds to specific accounts and have sufficient grounds, they can direct the bank to freeze the account(s) under Section 102 of the CrPC.
3. Initiating legal action: Crucially, the responsibility then falls upon the victim to initiate formal legal proceedings to reclaim their money. This isn't an automatic process.
4. Approaching the court: The victim must file an application before the relevant magistrate's court (under Sections 451 or 457 of the CrPC, depending on the case stage) seeking the release of the frozen funds.
5. Burden of proof: The victim must conclusively prove their ownership of the funds, demonstrate the transaction leading to the loss was fraudulent, and establish that their claim is legitimate and superior to any other potential claimants (including the holder of the mule account).
6. Procedural delays: This court process can be time-consuming, involving hearings, evidence submission, and potential complexities arising from cross-jurisdictional issues (if funds moved between states) or multiple layers of mule accounts.

The initial delay caused by the PMLA restriction on banks taking immediate action only compounds this problem. By the time an account is frozen, the funds it laundered may have already moved to future stops in the broader laundering network, fracturing into smaller sums spread between many other accounts, making tracing and recovery even more complex, and prolonging the victim's wait for justice and restitution. This highlights how procedural hurdles impact not just banks but, most significantly, the consumers those banks aim to protect.

The path forward: Empowering banks responsibly

Recognizing this paradox, the IBA Working Group proposes a significant step: Consider granting banks enhanced authority, potentially via RBI guidance, to act more swiftly – such as placing temporary holds or freezes – on accounts strongly suspected of mule activity, even before formal LEA/court orders arrive.

This enhanced authority wouldn't exist in a vacuum. The framework suggests bolstering it with a suite of technological and procedural improvements (Sections 5-10, IBA Framework):

• Data-driven detection: Moving beyond static rules to AI/ML-powered systems, incorporating:

• • Data enrichment: Using external data (public records, digital footprints) for better context.
  • Behavioral analytics: Comparing individual activity against historical patterns and peer groups.
  • Anomaly detection: Identifying deviations from normal transaction patterns (volume, velocity, frequency, geography).
  • Real-time monitoring: Analyzing transactions as they happen for immediate flagging.
  • Network analysis: Using graph theory to map relationships between accounts and identify hidden networks.
• Enhanced pre-onboarding checks: Strengthening initial screening through:

• • Rigorous OVD validation (Aadhaar, PAN, etc.) using available portals/APIs
  • Mobile number/email verification and checks against negative lists (DoT MNRL, I4C Suspect Registry)
  • Geo-tagging and location checks during digital onboarding (V-CIP, BC channels)
  • Due diligence on occupation/income claims.
• Robust post-onboarding monitoring: Continuously monitoring for red flags like:
  
  
  • Returned welcome kits/mail
  • Immediate address/mobile number changes post-onboarding
  • Unusual activation patterns (e.g., distant locations, overseas IPs)
  • Rapid beneficiary registration
  • High volumes of small/round-figure transactions inconsistent with profile
• Comprehensive portfolio monitoring: Establishing baseline behaviours and risk profiles using segmentation (age, income, geography) and dynamic risk scoring
• Leveraging alternate data feeds: Integrating data from NPCI (UPI, IMPS transactions) and NCRP (cybercrime reports) for a richer monitoring dataset
• Real-time data-sharing: Creating secure platforms for banks to share confirmed fraudulent transaction/mule account data instantly among themselves and with LEAs/Regulators

Balancing act: Speed vs. safeguards

The proposal to grant banks more immediate power to freeze suspect accounts is a significant one. It aims to close the critical time gap exploited by criminals but also necessitates a careful balancing act. Enhanced authority must be accompanied by:

• Robust internal controls: Clear procedures and oversight for initiating account freezes
• Explainable AI/ML: Ensuring models used for detection are transparent and auditable
• Customer protection: Clear communication channels and swift recourse mechanisms for customers whose accounts might be flagged incorrectly.
• Strong collaboration: Continuous information sharing and feedback loops between banks, RBI, FIU-IND, I4C, and LEAs

The fight against money mules requires a dynamic, collaborative, and technologically advanced approach. The paradox highlighted by the IBA framework – where regulations mandate vigilance but restrict immediate action, further complicated by the subsequent challenges in fund recovery – needs immediate resolution for the benefit of both financial institutions and the victims of fraud.