Combating Fraud – Helping unmask the fraudsters at Halloween!

The criminal behind the mask at Halloween

Money-muling is not a typology every firm faces – but there are key themes from the FCA thematic review that all firms should be reviewing.

Summary of the key messages:

Risk Assessments (RA) – Customer & Firmwide

  • The FCA again highlighted that firms are not capturing key risk data elements when assessing the customers risks at onboarding (See Challenger Bank Review 2022) e.g. income or turnover – Is your customer Risk Assessment calibrated correctly?
  • How effective is your firm at capturing and updating your Firm Wide RA with new typologies identified? How do you ensure you have effective controls in place to combat these new risks you face?


  • How is your firm balancing the demand for a customer centric onboarding flow, but creating the right level of friction to capture to ensure you are capturing the information at onboarding v relying on subsequently monitoring of customers behaviour in life to identify suspicious activities?
  • Are you not conducting additional DD when you identify customers are using virtual addresses (Po Box, Virtual Office Providers) or have multiple customers using the same address without a valid explanation?
  • Digital Onboarding is growing – how are you managing the risks associated with this? How are you checking the geolocation of customers, they are not using the same device, or how are you verifying the email characteristic to highlight suspicious behaviour?

Transaction Monitoring (TM)

  • Does your firms TM rules include monitoring both in and outbound transactions and checking in-life transactions against the data provided at the onboarding stage?
  • Do you have TM alerts when a new or dormant account receives unusually large payments i.e., value or volume or an account that has remained dormant for a period and is now being used?
  • How are you ensuring your rules and machine learning models are learning to capture and understand your customer’s normal behaviour?
  • How are you documenting the methodology behind your TM rules so you can effectively explain how the framework operates, can be tested and changed?
  • How is your firm testing to ensure you have an effective TM framework and alerting concerns as expected?
  • How frequently do you review and implement changes to your TM rules when new typologies have been identified? Do you do this asap or wait until the periodic review?
  • What procedures do you have in place to respond quickly and efficiently when alerted to the receipt of fraudulent funds from another firm?


  • Do people in your firm know how to raise an internal suspicious report (ISR)?
  • Have you got an effective ISR escalation and review process?
  • Do the staff reviewing the ISR have access to the right data they need to investigate the suspicion effectively and where applicable file the SAR as quickly as the NCA expect.
  • When you are identifying suspicious activity how are you complying with the FCA Guidance on Payment Access and Closures on when to potentially freeze or exit an account?


  • Have you got an effective FinCrime training framework for your staff to ensure relevant staff are kept up to date with new criminal typologies, regulatory changes etc?
  • Do you have effective procedures that staff are trained on to ensure when dealing with Fraud or TM alerts they can record an appropriate narrative to discount the alert as no suspicion or raise an effective ISR where a suspicion has been identified.

Governance and MI

  • Can you evidence that you have an adequate and effective TM framework? How is this reviewed and challenged?
  • What MI is being reported to Boards to ensure there is the right oversight? Are you reporting the right MI with appropriate qualitative commentary?
  • How are you using lawful data sharing to combat the issue of fraud, through collaboration with law enforcement etc.?
  • Is your firm engaging with external bodies to discuss intelligence and emerging threats e.g. CIFAS

Skills and resources

  • Does the FinCrime team have the appropriate resources to avoid backlogs in dealing with TM alerts to enable a quick reaction to TM risks?
  • What happens if backlogs occur – how is this captured in your MI and escalated?

Reach out to Lee Byrne FLPI, CITF, AdvCertVC or email

Sources and Further Reading