New legislation raises stakes for mules in Brazil

To read this blog in Portuguese, click here.

Imagine someone offering to pay you to temporarily use your bank account to move money. While it may sound like an easy way to make quick cash, it could place you directly inside a criminal money mule scheme.

Mule accounts have become a critical part of modern financial crime because they help criminals distance themselves from stolen funds. By routing money through multiple personal or business accounts, criminals can obscure transaction trails and make recovery significantly more difficult for victims and financial institutions.

That is why Brazil’s Law No. 15,397/2026 matters. Sanctioned on April 30, 2026, and published in Brazil’s Official Gazette on May 4, the legislation updates the Brazilian Penal Code and increases penalties for several property and cyber-related crimes, including theft, robbery, fraud, electronic fraud, and receiving stolen goods.

What’s changed

For the financial sector, one of the legislation’s most important developments is its direct treatment of mule accounts. The law establishes criminal liability for anyone who transfers a bank account, whether for payment or free of charge, knowing it will be used to move funds tied to criminal activity or criminal proceeds. The penalty is one to five years in prison, plus a fine.

Essentially, the law makes it clear that providing an account for criminal activity is no longer viewed as a peripheral role in fraud. Instead, it’s treated as part of the criminal infrastructure itself.

Why mule accounts matter more in the Pix era

Mule accounts carry particular significance in Brazil because of the speed and scale of digital payments, especially Pix. Instant payments have delivered enormous benefits for consumers, businesses, and financial inclusion. But they have also dramatically shortened the response window when fraud occurs.

With many scams, only minutes are needed for money to leave a victim’s account, move through multiple mules at multiple institutions, and, to investigators, effectively disappear. The faster funds move, the harder they become to trace, block, and recover.

Brazil’s Special Refund Mechanism, known as MED, marked an important step forward by creating a structured process for reporting, blocking, and attempting to recover funds tied to fraud and scams. It also highlighted the operational reality financial institutions now face. Once criminal networks rapidly disperse funds across multiple accounts, successful recovery depends on speed, evidence, and coordination.

But increasingly, institutions are recognizing that recovery alone is not enough. As fraud schemes have become more organized and digitally enabled, attention has shifted toward the infrastructure that allows stolen funds to move in the first place, especially mule accounts.

Fraud’s evolution beyond authentication

After more than 20 years working in fraud prevention, I’ve seen how dramatically the threat landscape has changed. Traditional controls once focused heavily on identity verification at login, device registration, or transaction approval, but modern fraud increasingly relies on social engineering tactics such as phone calls, text messages, fake websites, messaging apps, and fraudulent call centers designed to pressure victims into acting quickly. As a result, the fraud often begins outside of banking environments but ends inside legitimate banking sessions conducted by the legitimate accountholders.

From the institution’s perspective, many traditional fraud indicators appear normal because the real customer is using valid credentials and a known device. By the time funds reach mule accounts, the transaction has already been authenticated and authorized.

That is what makes mule accounts so central to modern fraud operations. They are not simply where stolen funds end up. They are the infrastructure that allows scams to succeed at scale, helping criminal networks rapidly disperse, launder, and extract funds before institutions can respond.

Following the money requires greater context

The movement of stolen funds rarely ends with a single transfer. After passing through mule accounts, money may continue through crypto assets, digital wallets, goods purchases, or other forms of value-conversion designed to further fragment and obscure the transaction trail.

What matters most is not the specific channel itself, but how quickly criminal networks can disperse funds before institutions have time to detect, investigate, or recover them. Each additional layer, account, or platform makes attribution more difficult and recovery less likely.

For financial institutions, this fundamentally changes how risk must be evaluated. A Pix transfer may appear legitimate through traditional controls, while contextual and behavioral signals tell a very different story.

Behavioral intelligence can reveal those signals in real time. A customer may show hesitation, unusual navigation patterns, changes in typing rhythm, long pauses, or signs they are following instructions from someone else. At the same time, the receiving account may display warning signs such as activity inconsistent with its history, incoming funds from multiple unrelated sources, rapid transfers to other accounts, sudden behavioral shifts, or connections to previously identified suspicious accounts. Viewed together, these signals create a much clearer picture of risk.

Fraud prevention needs to evolve with fraud

The challenge facing financial institutions today is no longer just identifying fraudulent transactions after the fact. It is identifying and disrupting the infrastructure that allows stolen funds to move in the first place.

Brazil’s legislation is significant because it reflects a broader shift in how regulators and institutions are approaching mule activity. Mule accounts are no longer viewed as a secondary AML issue operating downstream from fraud.

But legal accountability alone will not solve the problem. Financial institutions will need stronger intelligence, faster detection capabilities, and a more connected view of customer behavior, payment activity, and mule-account risk to disrupt criminal networks before stolen funds disappear across the ecosystem.

Key takeaways:

New legislation in Brazil expands accountability across the fraud chain: Law No. 15,397/2026 creates criminal liability for individuals who knowingly allow accounts to be used for criminal proceeds.
Pix has increased both the speed of payments and fraud: Instant payments have shortened the window for detecting, blocking, and recovering stolen funds, making rapid fund dispersion a major challenge for financial institutions.
Traditional authentication controls are no longer enough: In many scams, the customer, device, and credentials are legitimate. The real issue is customer manipulation through social engineering.
Fraud detection requires more context: Identifying mule-account activity increasingly depends on behavioral signals, payment patterns, account relationships, and fund flows, not transactions viewed in isolation.