Money Mule Defence in Spain

Have you been reported, summoned to testify or had your account frozen for receiving and forwarding money from a scam? What is colloquially called being a "money mule" is not a stand-alone offence in the Spanish Criminal Code. The conduct —lending your account so third parties can deposit the proceeds of an online fraud and then transferring or withdrawing them— is usually prosecuted as money laundering (Art. 301 CP), as participation in the fraud (Arts. 248-249 CP) or, occasionally, as receiving stolen goods (Art. 298 CP). The entire defence turns on a single question: whether or not you knew the money came from a crime.

"Money mule" is not a stand-alone offence

There is no "money mule offence". The term describes a role within an online fraud scheme: the person whose bank account is used to move money out of the financial system and make it harder to trace. The legal classification therefore depends on the specific facts and, above all, on the subjective element (what you knew and could have known). The same conduct may end in dismissal, be classified as reckless laundering or, at worst, as intentional participation in the fraud. The gap in penalty between those outcomes is huge, and it is decided precisely on the proof of knowledge.

The three possible charges

• Money laundering (Art. 301 CP): the most common charge. If the prosecution cannot prove you knew the criminal origin, it is usually reduced to reckless laundering under Art. 301.3 CP (prison 6 months-2 years), based on a breach of the duty of care. Where intent is proven, 301.1 applies (prison 6 months-6 years and a fine).
• Participation in the fraud (Arts. 248-249 and 28-29 CP): if the mule is deemed part of the fraudulent plan, they answer as an accomplice to the computer fraud, with the fraud penalty (prison 6 months-3 years in the basic Art. 249 offence, aggravated by the amount).
• Receiving stolen goods (Art. 298 CP): as an alternative, where someone profits from an item proceeding from a property offence knowing its origin, with prison of 6 months to 3 years.

Why you were identified and why your account was frozen

The trail is a banking one: the scam victim reports it, the bank and the police follow the transfer and reach your account, which is the first identifiable link in the chain (the organisers are usually abroad and untraceable). It is common for the bank to freeze the account and hold the balance at the court's disposal even before the summons. Being summoned as an investigated person by the cybercrime units of the Civil Guard or the National Police does not mean you are guilty: it means your account appears in the scheme and you must build your account of events with legal assistance.

Money Mule Defence Strategies

• Lack of intent and mistake of fact (Art. 14 CP): the core of the defence. If you did not know the money came from a crime, the subjective element of intentional laundering and of participation in the fraud is missing.
• The fake job offer: many mules answer adverts for a "payment manager", "financial agent" or "collections representative" with the appearance of a real company (contract, logo, website). Proving that prior deception shows the mule was a victim, not a conscious participant.
• Rebutting "wilful blindness": the prosecution uses this Supreme Court doctrine to argue that "you should have suspected". It is countered by proving the apparent legality, the absence of any meaningful benefit and the lack of obvious warning signs.
• Reducing intentional to reckless laundering: where dismissal is not possible, reclassifying from Art. 301.1 to Art. 301.3 sharply lowers the penalty and opens the door to a suspended sentence.
• Repair of the harm (Art. 21.5 CP): returning the amount actually available can operate as a mitigating factor and improve the negotiating position.

What to do if summoned or if your account is frozen

Do not testify without a lawyer and exercise your right to remain silent (Art. 118 LECrim) until the case file has been studied. Keep everything relating to the job offer (advert, emails, contract, WhatsApp chats, details of the supposed company): it is the central evidence of your good faith. Do not carry out any further operations with the affected account. Against the freezing or attachment, you can oppose the precautionary measures by proving your status as a good-faith third party.

Jurisdiction and the path of the case: investigation, trial and why the National Court is (almost) never competent

A money-mule case almost always begins with a police report after the victim of the underlying computer fraud (Art. 249.1.a) files a complaint. The investigation falls to the Juzgado de Instrucción of the place where the offence was committed; for money laundering, case law tends to anchor jurisdiction where the act of concealing or converting the funds takes place, which in practice often coincides with the account holder's domicile or the location of the transfers. This point is worth settling early, because a well-argued objection to jurisdiction can route the case to the court that is actually competent.

Who tries the case depends on the penalty in the abstract. Basic intentional laundering under Art. 301.1 (six months to six years) and the negligent form under Art. 301.3 (six months to two years) are tried before the Juzgado de lo Penal where the penalty does not exceed five years; only if aggravations or concurrent offences push the ceiling above that threshold would the matter move to the Audiencia Provincial. Absent an express connection to offences within its catalogue (terrorism, nationwide organisations, certain supranational economic crime), the Audiencia Nacional has no jurisdiction: an ordinary domestic mule is dealt with by the territorial ordinary courts.

Digital evidence and the lawfulness of how it was obtained: secrecy of communications and chain of custody

The evidentiary core of these cases is digital: bank statements, IP traces, online-banking access logs, messaging-app conversations and, at times, a forensic image of the suspect's phone or computer. None of that material is gathered in the same way or with the same guarantees. Traffic data and IP identification engage the secrecy of communications under Art. 18.3 of the Constitution and, as a rule, require judicial authorisation under Arts. 588 ter a and following of the Criminal Procedure Act; access to the content of mass-storage devices is governed by Art. 588 sexies, which demands a reasoned and proportionate court order.

The defence scrutinises whether each intrusion had sufficient judicial cover, whether the reasoning was genuine or boilerplate, and whether the chain of custody of the digital material was documented without gaps. A device image taken without the safeguards of Art. 588 sexies, geolocation or a data hand-over lacking proper cover, or an unexplained break in the traceability of the copies may render the evidence void under Art. 11.1 of the Judiciary Act and drag down derivative evidence with it. In an offence that turns on knowledge of the unlawful origin, undermining the very evidence meant to prove that knowledge can be decisive.

The boundary with neighbouring offences: eventual intent, gross negligence and receiving stolen goods

The charge sits on a fine line. If it is shown that the holder knew, or seriously foresaw, the criminal origin of the funds and agreed to help, this is intentional laundering under Art. 301.1, and possibly participation in the computer fraud of Art. 249.1.a where the contribution was functional to the movement of assets. If the holder did not actually know but, given the circumstances (offers of easy money for using one's own account, immediate transfers to unknown third parties, instructions to forward funds in crypto), had the duty and the ability to know and ignored every basic precaution, the conduct fits gross-negligence laundering under Art. 301.3.

Below that threshold, where neither intent nor criminally relevant gross negligence is present, the answer is that the conduct is not punishable: reasonable, non-negligent ignorance is not a crime. It is also important to distinguish laundering from receiving stolen goods under Art. 298, reserved for profiting from the proceeds of a property offence without taking part in it, a figure with different requirements. Placing the facts correctly in one category or another is not a technicality: it marks the difference between a serious penalty, a lesser one, or acquittal.

Limitation periods and plea agreements: deadlines and negotiated outcomes

The limitation period is calculated on the maximum penalty attached to the offence. Intentional laundering under Art. 301.1, punishable with six months to six years' imprisonment, becomes time-barred after ten years under Art. 131 of the Penal Code. The negligent form under Art. 301.3, with a ceiling of two years, is time-barred after five years. Time runs from when the offence is completed and is interrupted when proceedings are effectively directed against the person under investigation; checking whether the period has elapsed, or whether the case lay dormant long enough, is a mandatory first step for any defence.

Where the evidence of knowledge is solid, a plea agreement may be worth considering. Reframing a charge of intentional laundering as the negligent form under Art. 301.3 substantially lowers the sentencing range, and circumstances such as repairing the harm to the victim or providing meaningful cooperation can operate as mitigating factors. A plea is a strategic decision that is only appropriate after analysing the strength of the evidence on intent or negligence, any possible nullities and the civil liability; never an automatic step, but the result of weighing the risk of trial against the negotiated outcome.