July 16, 2026 · 7min read

What the HKMA’s AI Blueprint Tells Us About the Future of Mule Detection Across APAC

The Hong Kong Monetary Authority published something important on June 22, 2026.

Not a regulatory warning. Not a fine. A blueprint.

HMKA’s June 2026 report on AI adoption in fighting financial crime includes four case studies from real banks operating in Hong Kong today. Two of them stopped me in my tracks because they describe exactly what we’re seeing play out across APAC right now.

But before I get to that, I want to zoom out. Because what’s happening in Hong Kong doesn’t exist in isolation. Read it alongside what Singapore has been doing over the past 12 months, and a much larger regional story starts to take shape. One that every financial institution operating in APAC needs to understand.

Key Takeaways

  • The Hong Kong Monetary Authority’s June 2026 report provides a blueprint for Asia Pacific banks on AI adoption, showcasing real-world case studies where banks successfully used advanced technology to detect money mules and shut down sophisticated syndicates.
  • Traditional, static, rules-based controls are failing to stop agile financial crime networks because they lack cross-channel visibility and frequently misclassify high-risk shell accounts as medium risk. 
  • HKMA’s report includes four case studies, two of which focus specifically on money mule detection and how two different financial institutions took different paths to uncover these hidden networks.
  • Singapore provides essential insights for how regulators are responding to money mule threats.

The Regulatory Moment We’re In: Lessons from Singapore

HKMA’s blueprint reflects a shift in how APAC regulators talk about financial crime. The conversation used to be about compliance. Meeting the standard. Passing the assessment. Filing the report. That conversation is changing.

We’ve seen this play out in Singapore, which has a well-documented mule problem. The Singapore Police Force’s annual scam statistics consistently highlight money mules as a critical enabler of the scam ecosystem, with thousands of cases reported annually and young adults disproportionately recruited as unwitting participants. 

End-to-end Defense Against Mule Networks

Money mules are critical actors in financial crime, laundering stolen funds through legitimate accounts. Learn how Feedzai's comprehensive approach neutralizes money mules before money can move.

Learn More

Singapore’s May 2026 FATF Mutual Evaluation Report urged institutions to adopt risk-based thinking to detect complex laundering typologies, especially after a massive S$3 billion laundering case exposed how sophisticated laundering networks exploit multiple financial institutions simultaneously, cycling funds through layered corporate structures before moving them offshore.1

The Monetary Authority of Singapore (MAS) responded aggressively. Its 2024 Shared Responsibility Framework places strict scam liability on banks, while its COSMIC platform enables major banks to share digital intelligence on high-risk customers. This technology-enabled data fusion mirrors the public-private infrastructure now being called for by the HKMA in Hong Kong.

What MAS and the HKMA have recognized, and what COSMIC is designed to address, is that mule networks are not institution-specific problems. They are ecosystem-wide problems. A mule account flagged at one bank reappears at another. Funds move across institution boundaries faster than any single bank’s monitoring system can track them. The only effective response is shared network intelligence, operationalized at machine speed.

This is precisely why the HKMA report’s emphasis on public-private partnerships resonates so strongly in the Singapore context. Ultimately, the region has reached an inflection point. Regulators are no longer asking if banks have transaction monitoring systems; they are asking if those systems actually catch criminals.

The HKMA’s Wake-Up Call on AI and Money Mule Detection

Into this landscape steps the HKMA’s June 2026 report. Its frankness about the limitations of traditional approaches is striking coming from a regulator.

Traditional rules-based approaches were less effective in identifying and freezing funds flowing through mule accounts and shell companies. The report lays out, candidly, why the old playbook isn’t working. Fraud networks operate across borders and leverage technology to adapt quickly. The rise and impact of AI-driven scams are making detection harder and more scalable. Static, rule-based controls are under growing strain.

The report includes four case studies from real Hong Kong banks. Two of them focus specifically on money mule detection, describing two very different institutional journeys toward the same destination.

Case Study: Retail Mule Detection in a Digital Bank

A digital bank, recognizing an industry-wide rise in mule activities and individuals opening accounts for illicit fund movement, made a deliberate choice: start small, demonstrate value, and prepare to scale. By leveraging the HKMA’s GenAI Sandbox for initial development and testing, the bank built and evolved practical use cases through multiple iterations and an agile development approach, using limited internal resources.

The use case was deceptively specific: detecting third parties attempting to impersonate customers by identifying irregularities in the backgrounds of photos submitted during remote onboarding. What they found was extraordinary. The same unknown individual was appearing in facial recognition records of multiple fraudulent account holders. In one instance, syndicated activity was indicated across over 200 accounts, linked by a similar moving vehicle, an apartment with similar furniture, or customers holding multiple handphones while logging into the bank’s accounts.

The results: mule account detection increased by 30%. Screening times improved to within seconds. Finally, transaction monitoring alerts were reduced by 25%, largely because bad actors were stopped at the door. A PoC was initiated in June 2025 and the first version was deployed into production within three months.

Case Study: Corporate Mule Detection Across the Client Lifecycle

The corporate banking case study describes the problem that most large financial institutions are quietly wrestling with right now: shell companies used to facilitate transactions and flow funds from illicit scams through bank accounts.

The rise in the number of mule accounts and the increasing sophistication of mule networks left the bank with limited visibility into the sources of incoming funds and the risks present at account origination. The bank’s response was to build two distinct but connected capabilities.

The first was an Application Engine, a real-time API-enabled onboarding assessment tool, drawing on device intelligence, cross-application analytics against historic onboarding applications, and KYC data both internal and external. Every new customer received a score at onboarding: Pass, Reject, or Review. Review cases were fed back into the model as training data.

The second was In-Life Monitoring, continuous surveillance of account behavior across the whole client portfolio, combining traditional human-explainable risk indicators with a new machine learning prediction model that evaluated customers against predefined typologies and assigned dynamic risk scores.

The outcome that stands out most: the machine learning model rated 42% of customers as high risk, whereas the rules-based detection model had previously rated those same customers as medium risk.2 Of those escalated, 70% were investigated and 40% were exited for financial crime concerns.

These aren’t marginal improvements. These are accounts that the old system was categorically missing.

4 Things the HKMA Report Tells Us About What Works

Reading the HKMA’s case studies and Singapore’s regulatory journey, four consistent themes emerge that I think matter for every financial institution thinking about mule detection across APAC.

1. Banks Should Start With Onboarding, Then Work Backwards

The HKMA’s digital bank case studies make an important point: identifying malicious actors at the initial stage reduces end-to-end monitoring costs, delivering benefits that cascade through the entire AML/CFT risk monitoring process. Every mule account you don’t onboard is dozens of downstream alerts you never have to triage. 

In Singapore’s context, where MAS’s Shared Responsibility Framework places explicit accountability on institutions for losses that occur when adequate friction wasn’t applied at account opening, this isn’t just good risk management, it’s a regulatory imperative.

2. Cross-channel Visibility Is Non-Negotiable for Banks

The HKMA’s corporate banking case study explicitly describes why siloed detection fails.  Legacy rules-based systems struggled to see patterns that unfolded across accounts, products and time horizons. Mule patterns only become visible when you can see the full payment journey, inbound funding, outbound cash-out, and every channel in between. In a world where real-time payment rails like PayNow and DuitNow enable funds to move across borders in seconds, the analytical framework has to match the speed and scope of the threat.

3. Speed of Iteration Beats Sophistication of Model

This is a counterintuitive truth. The HKMA’s digital bank went from PoC to production in three months. The ability to simulate a rule, validate it, deploy it, and observe results within hours,  rather than weeks  means faster response to emerging fraud patterns. As mule networks adapt in real time and where cross-border criminal syndicates can shift tactics overnight, your detection capability needs to adapt faster than your adversary.

4. Machine Learning Sees What Rules Miss, Especially in the Middle

The HKMA’s corporate case study makes a finding that deserves to be quoted in every boardroom conversation about AI adoption: the machine learning model rated 42% of customers as high risk, whereas the rules-based detection model had previously rated those same customers as medium risk. Medium risk customers aren’t ignored. They’re just deprioritized. 

That’s where well-organized money mule networks hide. Rules can’t see them. Machine learning can.

The Next Era of Mule Detection Will Be Built on Shared Intelligence

The HKMA’s report carries a message that I think is directed at the whole region, not just Hong Kong. Static rule sets are increasingly insufficient against adaptive and networked financial crime threats. The institutions that are winning are the ones that have made the shift from chasing alerts to understanding patterns.

Raymond Chan, Executive Director of Enforcement and AML at the HKMA, put it plainly in his foreword: standing still is not an option.2 Banks need to adapt and constantly strive for greater efficiency and effectiveness, adopting proven technologies at scale and being prepared to explore and test new technologies as threats develop. Otherwise, they will be overwhelmed by threats and noise from systems that do not adequately mitigate those threats.

The blueprint is out there. 

The question is how fast you move on it.

If you’re working through mule detection challenges, at onboarding, in-life, or both, I’d welcome a conversation. We’ve been in this fight alongside some of the most forward-thinking financial institutions in the region, and we know what works.

Additional Resources

FAQs About HKMA’s AI Blueprint

What is the HKMA’s AI blueprint?

The HKMA’s AI blueprint is a report published by the Hong Kong Monetary Authority in June 2026, focused on the adoption of Artificial Intelligence (AI) to combat financial crime. It provides a strategic framework for banks, particularly those in the Asia-Pacific region, to modernize their defenses. The blueprint serves as a guide for institutions to move away from static, rules-based controls toward more agile and effective AI-driven detection systems.

Why is the HKMA’s AI blueprint important for APAC banks?

The blueprint is crucial for APAC banks because it addresses the systemic failure of traditional, rules-based controls against modern, cross-border financial crime networks. These agile syndicates exploit gaps that static systems miss, making traditional compliance insufficient. By offering actionable insights and proven case studies, the HKMA’s report helps regional banks transition from simply meeting baseline regulatory standards to actively identifying and dismantling complex fraud patterns. It emphasizes that institutions operating across the region must adopt shared intelligence and advanced technology to keep pace with threats that move across borders and financial institutions faster than ever before.

How can AI improve money mule detection?

AI significantly improves money mule detection by identifying subtle, complex patterns that rules-based systems often miss. For example, AI can analyze visual data during remote onboarding to detect inconsistencies in photos, revealing syndicated activity across multiple accounts. Furthermore, AI-driven, in-life monitoring provides continuous surveillance of account behavior, allowing banks to flag high-risk customers more accurately by evaluating them against specific financial crime typologies. By automating these processes, banks can stop bad actors at the point of onboarding, reduce false-positive transaction monitoring alerts, and shift focus from reactive alerts to proactive, pattern-based threat identification.

What did the HKMA case studies show about machine learning?

HKMA’s case studies demonstrated that machine learning is significantly more effective than traditional rules-based systems at identifying hidden risks. A corporate banking case study found a  machine learning model identified 42% of customers as high risk, while the legacy rules-based system had misclassified those same customers as only medium risk. This is critical because medium-risk accounts are often deprioritized, providing cover for sophisticated money mule networks to operate undetected. 

How does Singapore’s regulatory approach relate to mule detection?

Singapore’s regulatory approach is highly relevant as a model for regional response to mule threats, emphasizing accountability and intelligence sharing. Its 2024 Shared Responsibility Framework creates a strong incentive for banks to apply adequate friction at account opening, as they bear liability for certain scam losses. Additionally, Singapore utilizes the COSMIC platform, which facilitates the sharing of digital intelligence among major banks regarding high-risk customers. This move toward technology-enabled, public-private data fusion mirrors the infrastructure called for by the HKMA, highlighting a regional shift toward treating mule networks as ecosystem-wide problems that require collaborative, machine-speed intelligence rather than isolated, bank-specific monitoring.

Footnotes

1 https://www.channelnewsasia.com/singapore/billion-dollar-money-laundering-case-recap-cna-explains-conclusion-4401811

2 https://brdr.hkma.gov.hk/eng/doc-ldg/docId/getPdf/20260622-2-EN/20260622-2-EN.pdf

All expertise and insights are from human Feedzaians, but we may leverage AI to enhance phrasing or efficiency. Welcome to the future.

Page printed in July 16, 2026. Please see https://www.feedzai.com/blog/ai-money-mule-detection-apac for the latest version.