ACPR: French Banks Face Record AML Challenge as Transit Accounts Exceed 661 Million Euros

This image is AI-generated.

French authorities are facing a sharp escalation in fraud-driven money laundering, with the latest ACPR report revealing an unprecedented 661 million euros in suspicious transfers via so-called “transit accounts” in 2023 alone. These pass-through accounts have become critical enablers for illicit actors seeking to launder the proceeds of scams and frauds, with recent years marked by a significant shift in laundering techniques and the profiles of financial institutions at risk.

The ACPR, France’s leading banking and insurance supervisor, conducted a thematic review in 2024 focused on how these mule accounts facilitate the rapid movement of criminal funds. The review covers 13 major French financial institutions, including both digital-first and traditional banks, chosen for their disproportionate exposure to suspect transfers. The analysis shines a light on both evolving typologies and gaps in AML (anti-money laundering) defences, offering a rare, data-driven look into the vulnerabilities currently being exploited at scale across the sector.

Transit accounts, also called taxi or transitional accounts, are used to receive funds from scam victims and quickly relay them onward, often to foreign destinations, in an attempt to obscure the illicit origin and defeat recovery efforts. The phenomenon is not new, but the pace and creativity of abuse have grown alongside France’s digital banking boom and surging rates of payment fraud.

ACPR AML Guidance: Patterns, Vulnerabilities, and Systemic Exposures

The ACPR’s review highlights a rapidly evolving landscape for both fraud and anti-money laundering controls. The data collected from financial institutions show that between 2022 and 2023, the total value of suspect transfers via transit accounts jumped by 45%, from 457 million euros to 661 million euros. The number of individual suspect transfers also soared by nearly 50% year-over-year, while the typical transfer size remained around 870–900 euros, confirming the trend toward higher volumes of lower-value payments.

Notably, the review found that most suspect accounts were newly opened—43% had been created in the most recent year alone—highlighting the link between rapid customer acquisition, remote onboarding, and increased money laundering risks. Digital-first institutions and those aggressively growing their client base were disproportionately targeted, accounting for the bulk of suspect transfer flows.

Key vulnerabilities identified by the ACPR include:

Remote onboarding: 76% of suspect accounts were opened remotely, often with only limited or document-based checks. Many institutions were found to rely on a narrow set of identity verification steps, sometimes without robust cross-referencing to official registries or biometric confirmation.
“Mule” recruitment: Both individuals and legal entities were used as account holders. In many cases, legitimate customers were persuaded or tricked into lending their account for criminal use, or newly created shell companies were set up to enable large-volume laundering.
Inadequate risk profiling: Many institutions struggled to link transactional behaviour to risk assessments, with high-volume or unusual transactions passing through without real-time detection or limits.

Forensic analysis of 650 high-risk cases revealed that the vast majority of suspect flows were quickly retransferred abroad, with over 60% of funds leaving France. While some cash withdrawals were detected, most laundering took place via digital payments and cross-border SEPA transfers, often to EU neighbours like Luxembourg, Lithuania, Germany, and Belgium, as well as the UK.

Regulatory Expectations and Required Controls for French Financial Institutions

The ACPR’s guidance sets out a comprehensive playbook for managing the risk of transit accounts, targeting both governance and operational processes within financial institutions. The report draws on national and European regulatory frameworks, referencing the French Monetary and Financial Code (CMF), EU Payment Regulations, and EBA guidelines on remote customer onboarding.

Key points and good practices for institutions include:

1. Governance and Risk Management

Boards and executives must treat fraud-related money laundering as a specific, monitored risk, with dedicated KPIs and regular review at the highest levels.
Institutions should adapt controls and pause risky processes when major weaknesses are found, especially when exploited by criminal networks.

2. Customer Onboarding and Identity Verification

Remote onboarding must apply at least two independent ID verification measures, per Article R. 561-5-2 of the CMF. For high-risk clients, further steps and cross-checks (including biometric or third-party certification) are recommended.
Reliance on the first incoming payment for verification should be scrutinised, as certain payment providers and cards may be more exposed to identity fraud.
For corporate accounts, official registry extracts should be certified by independent third parties, and the legitimacy of company representatives must be checked rigorously.

3. Know Your Customer (KYC) and Ongoing Monitoring

Client income, occupation, and transaction patterns must be established and updated regularly, especially for new or high-risk accounts. Financial documentation, open banking access, or robust digital proof of address are recommended.
For corporate clients, financial statements and anticipated transaction volumes must be analysed, with specific attention to newly formed companies and their professional backgrounds.

4. Automated Transaction Monitoring

Monitoring systems must use customer KYC data to set dynamic transaction thresholds, flagging out-of-profile transfers for review.
Automated tools should enable rapid or real-time suspension of suspect transactions, particularly when large values or unusual destinations are involved.
Systems should compare beneficiary names and account holders, detecting anomalies that could signal account misuse.

5. Enhanced Due Diligence (EDD) and Suspicious Activity Reporting

When a transaction cannot be justified, institutions must perform an in-depth review of all associated accounts and, if suspicion remains, file a prompt report with Tracfin (the French FIU).
Enhanced monitoring is critical for newly opened accounts, those with frequent recalls, or those showing signs of “mule” activity.

6. Product and Service Design

Limits on transaction values and types should be tailored to the customer’s profile, with stricter caps for new relationships or where risks are high.
Contracts should allow for manual validation of suspect transactions and immediate suspension when necessary.

7. Internal Audit and Feedback Loops

Regular audits of major suspect cases are essential to identify systemic weaknesses and to ensure controls remain effective as typologies evolve.

The Evolving Profile of Transit Accounts and Current Typologies

The ACPR study uncovered new and emerging patterns in the use of transit accounts:

Recent account openings: 70% of flagged accounts had been open less than one year, with many closed shortly after the first suspicious transaction. Some digital banks saw over 80% of suspect accounts shut within three months.
Young account holders: The average age was 39, but some providers saw a third of mule accounts held by people under 25.
Residential profiles: 97% were French residents, though some institutions saw up to 14% of suspect clients living abroad. Verification of residence was inconsistent and often declarative only.

Of particular note, the ACPR highlighted the rise in identity fraud using digital means, including the use of AI-generated deepfakes to defeat onboarding checks, and the creation of shell companies for bulk laundering. Corporate accounts were implicated in higher average transfer values, suggesting a shift toward more sophisticated laundering structures.

Conclusion: Toward Stronger AML Controls on Transit Accounts in France

French financial institutions face a stark challenge as fraud-driven laundering surges, powered by the speed and accessibility of digital banking. The ACPR’s findings confirm that transit accounts remain a weak point in the AML perimeter, especially for institutions with rapid digital onboarding and less developed risk controls. The data-driven recommendations, anchored in legal requirements, call for a step-change in how banks, payment firms, and fintechs approach onboarding, ongoing monitoring, and response to emerging fraud patterns.

To build a more robust defence, institutions must:

Integrate fraud typologies into core risk models and governance frameworks.
Rethink remote onboarding, employing layered ID checks, biometrics, and open-source validation.
Deploy dynamic, automated monitoring, ready to escalate or suspend transactions in real time.
Foster a culture of continuous improvement, using audits and regulatory feedback to adapt quickly to new laundering techniques.

The stakes are high. As France’s AML regime evolves, the ability of institutions to keep pace with fraud innovation will define the resilience of the financial system and the protection of customers against the fallout from scams and illicit finance.ms and illicit finance.

Source: ACPR

Some of FinCrime Central’s articles may have been enriched or edited with the help of AI tools. It may contain unintentional errors.

Want to promote your brand with us or need some help selecting the right solution or the right advisory firm? Email us at info@fincrimecentral.com; we probably have the right contact for you.