India’s new MuleHunter pact is not really about a clever fraud model.
It is about where fraud control sits.
For years, digital-banking fraud defense has been treated as a bank-level problem. Each bank monitors its own accounts, tightens onboarding, tunes transaction rules and absorbs the customer anger when controls get noisy. That works badly against mule-account networks because the receiving account, first-hop transfer, second-hop transfer and cash-out path can sit across institutions and payment rails.
The Indian Cyber Crime Coordination Centre, or I4C, and the Reserve Bank Innovation Hub have now signed a memorandum of understanding to move that fight upstream. The Ministry of Home Affairs said on May 12, 2026 that the MoU is meant to strengthen cooperation against cyber-enabled financial frauds and mule accounts across the banking and digital-payments system, with fraud-risk intelligence sharing, analytical support and operational coordination as the explicit operating lanes.
That makes mule-account control less like a fraud product and more like shared financial infrastructure.
The Bank Perimeter Is Too Small
A mule account is useful precisely because it looks ordinary until the money moves. Fraudsters need accounts that can receive stolen funds, move them quickly and fragment the trail before investigators, banks or victims can react. Static bank rules can catch some behavior. They also generate false positives, force manual review and create delays.
RBIH’s own annual report describes the old approach plainly: systems based on predefined criteria produce high false positives and require extensive manual review. Its answer is MuleHunter.ai, an AI/ML model for near-real-time identification of mule accounts. In RBIH’s reporting, the model learned mule-account activity patterns from data and reached precision above 90% in its March 2025 account-identification work.
Those claims should be read carefully. Precision is not systemwide eradication. A model can be precise and still miss novel tactics. Criminals do not file change requests before adapting.
But the operating point is still important. A near-real-time account-risk model is a different control surface from a post-transaction investigation queue. It asks whether the account itself is becoming unsafe, not only whether one payment looks odd.
The New Ingredient Is I4C Data
The MoU adds a national data layer.
The government says I4C and RBIH will share mule-account intelligence and suspect identifiers from I4C-MHA’s Suspect Registry to strengthen AI-driven fraud detection systems such as MuleHunter.ai implemented across banks. It also says RBIH will use those datasets to train and enhance AI-driven fraud-risk assessment models, including MuleHunter.ai.
That is the real shift.
If a bank trains only on its own account and transaction history, it sees a partial graph. If complaint data, suspect identifiers and bank intelligence can feed a common detection layer, the model can see patterns that one institution would otherwise meet too late.
This is not a magic shield. It is an information-routing problem. The value is shortening the path between complaint, suspect identity, risk signal and bank action.
The design also changes incentives. A bank that catches a mule account may protect itself. A shared model can make that signal useful to other banks before the same operator reappears elsewhere. Fraud rings have enjoyed open interoperability for years.
MuleHunter Is Becoming A Workflow, Not A Demo
MuleHunter has been moving in this direction for more than a year.
The Reserve Bank of India said in its December 2024 policy communication that MuleHunter.ai was being piloted by RBIH, a subsidiary of the Reserve Bank, and that the model enables efficient detection of mule bank accounts. RBI also said it was running a “Zero Financial Frauds” hackathon with a specific mule-account problem statement and encouraged banks to collaborate with RBIH on the initiative.
RBIH’s annual report fills in the engineering detail. It says MuleHunter.ai was built in collaboration with Canara Bank, Punjab National Bank and Bank of Baroda, uses supervised models, detects mule accounts in near real time and with minimal human intervention, and is intended to be productised and scaled up in 2025-26.
That productisation line is the giveaway. The project is not being positioned as an experiment. It is being turned into a bank workflow.
The hackathon pipeline matters too, but not because hackathons are strategy. Usually they are laminated enthusiasm. Here, they are useful only if they feed tooling. RBI’s framing puts the hackathon beside MuleHunter as a way to generate solutions for the same mule-account problem. RBIH’s broader report shows a pattern of using codeathons, demo days and bank-fintech meetings to push prototypes toward bank pilots.
That is where fraud systems live or die. A model that cannot be inserted into alert triage, account holds, investigator review and interbank escalation becomes a slide. A lower-scoring model that fits the workflow may stop more losses.
The Risk Is Governance Drag
Shared fraud infrastructure creates its own problems.
The first is false positives. Flagging an account can disrupt salary payments, small-business receipts or household liquidity. If signals from a central registry move too quickly into bank action without a review path, the system will trade fraud risk for account-access risk.
The second is data quality. Complaint data is valuable, but it is not clean truth. Suspect identifiers can be incomplete, duplicated or stale. A model trained on weak labels can learn institutional suspicion as much as fraud behavior. That is a reason to version datasets, audit outcomes and keep humans in the loop where account restrictions affect legitimate users.
The third is accountability. If RBIH trains the model, I4C supplies suspect-registry intelligence and banks act on the output, who owns the bad decision? The customer will not care which acronym produced the flag. The bank will be the face of the denial. Regulators should make that chain explicit before scale turns edge cases into policy.
The fourth is adversarial adaptation. Once operators know the account layer is being watched across banks, they will change the pattern: slower movement, cleaner first deposits, fragmented identities, more social engineering around legitimate account holders. MuleHunter’s continuous-learning feature is relevant for that reason.
The Account Layer Is The New Control Point
The important thing about the I4C-RBIH pact is not that India is using AI against fraud. That sentence is too broad to be useful.
The important thing is that India is connecting complaint infrastructure, suspect registries, bank data and model deployment at the account layer. Payments can be instant, but accounts still need identities, histories, counterparties and behavior. The account is the fraud network’s reusable asset.
If the system works, banks get earlier warnings and investigators get better leads. If it fails, banks get another noisy alert source with official branding. The difference will come down to data governance, bank integration and whether model outputs become actionable evidence instead of dashboard color.
India’s bet is that mule-account defense cannot be solved one bank at a time. That is probably right. The fraud graph is shared. The defense graph has to be shared too.
Discussion
Sign in to join the discussion.
No comments yet. Be the first to share your thoughts.