A Crime Script Analysis of Pao Fen Operations and the Construction of Prevention Strategies

Pao Fen as a Money Laundering Modality in Asia: An Introduction

Pao Fen is a Chinese term that originated in the context of money laundering activities in East and Southeast Asia. The Chinese character Pao translates to “running,” while Fen refers to the smallest unit of Chinese currency (RenMinBi and RMB). When combined, Pao Fen literally signifies the rapid transfer and dispersion of small amounts of money. This term did not exist in traditional Chinese vocabulary but has emerged in recent years alongside the rise of cyber-enabled fraud, becoming a specialized term to describe a distinct mode of laundering illicit proceeds.

First appeared in China and then predominantly being active in East and Southeast Asia, Pao Fen operations are primarily conducted by Chinese-speaking participants. Within Chinese criminological scholarship, Pao Fen is defined as a structured laundering technique involving the fragmentation of large sums of illicit funds into smaller transactions to conceal their origin and facilitate their circulation through financial networks (Huang, 2024). Originating within cybercriminal subcultures, the model is decentralized and commission-based, relying on recruited individuals, often called runners, who use personal bank accounts, digital wallets, or cryptocurrency platforms to quickly receive, split, and redistribute illicit funds (Huang, 2024; Ping’an-Helan, 2021; Zhao, 2024). These runners typically earn commissions ranging from 1% to 2% per transaction in exchange for enabling the movement of criminal proceeds (Economic Information Daily, 2021; Qin, 2019; Zhao, 2024). While functionally similar to global money mule operations, Pao Fen is distinguished by its industrial scale, advanced digitization, and deep integration with platform-based infrastructures unique to China’s digital payment environment.

Unlike conventional laundering schemes, Pao Fen operations leverage purpose-built platforms and encrypted communication channels to coordinate laundering tasks. Participants register on these platforms, receive transaction assignments, and complete fund transfers using dynamic QR codes or third-party payment credentials. The platforms act as intermediaries, connecting upstream criminal networks involved in telecom fraud, illegal gambling, or cross-border scams with a large network of downstream participants (known as runners). The technical features of Pao Fen platforms, including real-time order matching, automated commission distribution, and the strategic obfuscation of transaction patterns, significantly enhance the speed, anonymity, and resilience of laundering activities, while concurrently complicating efforts by financial regulators and law enforcement to detect or disrupt illicit fund flows (Huang, 2024; Ministry of Public Security of the People’s Republic of China, 2024; Zhao, 2024; Yang and Liao, 2023).

Although runners in Pao Fen schemes are frequently perceived as minor or low-level actors, their role is functionally indispensable. By enabling the initial placement and complex layering of illegal proceeds, runners serve as gatekeepers to the broader laundering process. Criminological literature generally classifies actors in laundering networks into three categories: core organizers who conceptualize and manage the scheme; professional facilitators who offer technical, legal, or logistical expertise; and recruited participants, who willingly or unwittingly provide access to financial systems (L. Bekkers & Leukfeldt, 2023; Leukfeldt, 2014; Lusthaus et al., 2024). Individuals involved in Pao Fen operations fall within this third category. Their use of legitimate financial channels provides a veil of normalcy, fragmenting transactions across thousands of accounts and complicating forensic tracing.

While often perceived as a low-level activity involving peripheral actors, Pao Fen operations in fact inflict significant harm on both individual participants and broader financial systems. At the individual level, participants with vulnerabilities are drawn in by promises of easy income through seemingly harmless “part-time tasks.” However, involvement in Pao Fen exposes them to serious legal consequences, including criminal prosecution, imprisonment, revocation of banking privileges, and long-term credit damage (Lao, 2023; Ma, 2023; Zhang, 2021). At the systemic level, Pao Fen functions as a highly effective laundering mechanism that facilitates the large-scale movement of illicit funds across borders, thereby enabling the persistence and expansion of cyber-enabled criminal networks. It does so by embedding illegal transactions within routine financial activity, often disguising them as peer-to-peer payments or legitimate e-commerce flows. This integration overwhelms conventional anti-money laundering (AML) controls, exploits regulatory blind spots, and fragments investigative trails, making detection and enforcement particularly difficult (e.g., Yan, 2022). The scale and impact of Pao Fen have drawn growing concern from Chinese authorities. According to Chinese government media reports, in the first three quarters of 2023 alone, 1,718 individuals were indicted for money laundering, and over 62,000 were prosecuted for crimes involving the concealment or disguise of criminal proceeds—an increase of more than 90% year-on-year (CCTV News, 2023; China Daily, 2023). These figures point to the urgency of understanding and addressing Pao Fen as a structurally embedded and technologically enabled threat to financial integrity and legal accountability.

Despite its increasing prevalence and systemic threat, there remains a significant gap in empirical research on the internal structure and procedural mechanisms of Pao Fen. In English-speaking countries, individuals who assist in transferring illicit funds during laundering processes are commonly referred to as money mules (Financial Crimes Enforcement Network, n.d.; United Nations Office on Drugs and Crime, n.d.). An extensive and well-established body of research has explored the phenomenon of money mules, focusing on their operational functions within laundering networks, the demographic characteristics of those most frequently recruited, and the tactics used by criminal actors to target and manipulate these individuals (e.g., Bekkers et al., 2025; Esoimeme, 2021; Europol, 2021; Hong and Lee, 2024; Leukfeldt, 2014; Leukfeldt & Kleemans, 2019; Loggen and Leukfeldt, 2022; Raza et al., 2020; Odinot et al., 2017). The existing literatures in English-language research have significantly deepened understanding of money mules’ operations across diverse regional and socioeconomic contexts but limited scholarly attention has been devoted to Pao Fen, which is active in Asia, especially in China. Current academic knowledge of Pao Fen is drawn almost exclusively from Chinese-language sources (Li et al., 2024; Liu, 2014; Ma, 2023; Zhao, 2024; Zhang and Gu, 2023; Sun, 2022). However, most Chinese-language studies on Pao Fen offer primarily descriptive or conceptual analyses and have not yet to empirically map its operation. Meanwhile, few researchers have applied criminological lens to identify concrete intervention points within the laundering process of Pao Fen. Moreover, English-language scholarship on Pao Fen remains virtually nonexistent, which limits comparative and cross-jurisdictional understanding of its organizational structures, developmental trajectories, and social impacts as a form of transnational crime. Given Pao Fen’s growing role as a critical node in transnational cyber-enabled laundering networks, and its integration with globalized fraud and gambling schemes, there is an urgent need for international scholarly attention. As the practice increasingly transcends national boundaries, effective governance and intervention require coordinated, cross-border criminological research, practices, and policy collaboration.

To deepen the research on laundering crimes, this study uses crime script analysis to analyze judicial cases from China, specifically involving Pao Fen operations. Crime script analysis is a methodological framework that deconstructs complex criminal activities into sequential stages or “scripts,” similar to scenes in a play, to reveal offender decision-making and procedural structures (Cornish, 1994). The analysis identifies key actors and actions at each procedural stage, providing a systematic understanding of how Pao Fen unfolds. The primary research questions guiding this study are: (1) What are the specific stages and routines involved in Pao Fen process? (2) How can this process be disrupted through evidence-based crime prevention strategies? To answer the questions, this study first deconstructs Pao Fen operations into a series of distinct procedural stages. Based on this empirical mapping, the study further proposes the situational intervention preventions for Pao Fen, which applies principles from situational crime prevention framework to identify specific disruption points at each stage of the laundering lifecycle. The framework focuses on strategies to increase offenders’ perceived effort and risk, reduce potential rewards and justifications, and minimize situational triggers. The findings provide detailed insights into specific laundering stages and offender actions that can inform situational crime prevention strategies, such as increasing guardianship over bank account registrations and strengthening verification protocols. These targeted interventions can support international law enforcement and financial intelligence efforts to disrupt the operational flows of cyber-enabled laundering networks.

Applying Situational Crime Prevention on Organized Nature of Pao Fen

Pao Fen networks display a distinctly organized and procedural structure, making them particularly amenable to intervention through the framework of Situational Crime Prevention (SCP). Unlike opportunistic or isolated cybercrimes, Pao Fen operates as a systematic, multi-tiered enterprise involving upstream fund suppliers, midstream platform operators, and downstream runners responsible for fragmented fund transfers. These roles are integrated into stable digital infrastructures and coordinated through hierarchical communication structures, exhibiting features that closely align with criminological definitions of organized crime (Huang, 2024; Wu, 2022; J. Zhang & Gu, 2023).

Originally developed in the 1970s by researchers at the British Home Office (Clarke, 2009), SCP focuses on reducing crime opportunities by targeting specific situational factors surrounding criminal events (Clarke, 1983). From its inception, SCP promoted practical techniques tailored to prevent particular types of offenses by altering the immediate environment in which crimes occur. SCP focuses on reducing criminal opportunities by manipulating situational elements surrounding an offense. It is grounded in rational choice theory and emphasizes that altering the environment, rather than the offender’s disposition, can deter criminal behavior. Over time, the approach has evolved. Clarke (1995) first organized 12 prevention techniques into three broad categories, which were later expanded to 16 techniques across four strategies by Clarke and Homel (1997). A further revision by Cornish and Clarke (2003) refined the framework to its current form, encompassing 25 situational techniques. Notably, Cornish and Clarke (2002) extended SCP to address organized crime by integrating principles from rational choice theory. They introduced the crime script approach to demonstrate how offenders, especially those involved in complex, organized operations, engage in deliberate, goal-oriented decision-making. Rather than acting on impulse, these offenders weigh risks and benefits to optimize their criminal strategies. While SCP has traditionally been applied to volume crimes, scholars have increasingly extended it to organized and cyber-enabled crimes, including those with complex logistical routines (Borrion, 2013; Cornish & Clarke, 2002; Levi & Maguire, 2004). This shift is particularly relevant for analyzing Pao Fen, where laundering tasks follow repeatable patterns and decision points.

There are three core reasons why SCP is especially suitable for analyzing Pao Fen. First, Pao Fen is procedurally complex. It involves multiple actors performing interdependent tasks: criminal networks circulate illicit funds, digital platforms manage semi-anonymous task distribution, and runners execute payment orders. This layered structure mirrors the types of “crime scripts” SCP was designed to dissect and disrupt. Second, Pao Fen is routinized and scalable. It follows standardized, repeatable sequences of laundering activity, including task delegation, fund transfers, identity masking, and commission settlement. Much like workflows in legitimate enterprises, these scripts offer clear entry points for intervention if mapped correctly. Third, the offender population within Pao Fen networks, particularly runners, often consists of economically marginalized individuals with limited awareness of legal risks. This makes the decision-making context crucial. SCP directly addresses such vulnerabilities by proposing targeted techniques that increase perceived risks, reduce rewards, and remove excuses for participation. For example, disrupting recruitment messaging or imposing transaction limits can reshape the cost-benefit calculations that underpin runner compliance.

By treating Pao Fen not as a spontaneous act but as a structured and scriptable offense, SCP offers a powerful analytical and preventative framework. As Cornish and Clarke (2002) explain, organized crimes of this nature represent the highest form of rational offending because they are carefully planned, well-resourced, and deliberately structured to remain concealed. Through crime script modeling, choke points in the laundering process can be identified and matched with situational interventions tailored to each stage.

Building on this foundation, this study develops a series of situational interventions specifically tailored to the Pao Fen operations. These tailored strategies integrate the five strategic dimensions of situational crime prevention, with empirically derived financial crime script stages identified through a systematic analysis of Chinese court judgments. By aligning concrete prevention techniques with each procedural phase, such as implementing stricter bank account verification during infrastructure preparation or enhancing transaction monitoring during core laundering execution, these proposed strategies provide a criminologically grounded and practically actionable framework to disrupt Pao Fen operations at multiple intervention points. Beyond its immediate application, this approach contributes to criminological scholarship by demonstrating how situational crime prevention can be systematically adapted to address complex and technology-enabled forms of organized financial crime.

Data and Analytical Strategy: A Crime Script Analysis on 235 Criminal Cases

A qualitative analysis was conducted in this study using national legal documents manually retrieved from China Judgments Online. This platform, established by the Supreme People’s Court (SPC) of the People’s Republic of China, has been recognized as a legitimate source and widely used in prior academic research (Cai et al., 2018; Gao et al., 2020; Y. Zhang & Huang, 2025). The credibility of the platform and its consistent use in previous scholarship provided a strong foundation for the use of data from this source in the present study.

To collect relevant legal documents, the primary search term “Pao Fen” in Chinese was used, initially yielding 9,159 documents. Because Pao Fen activities predominantly involve criminal conduct, an additional filter narrowed the search to “Criminal Cases” in Chinese. After applying this filter, the final dataset comprised 9,054 cases, covering the period from 2014 to 2025, as China Judgments Online began systematically publishing court decisions in 2014, which is the earliest year available on the platform. However, due to platform display limitations, only the first 600 cases were viewable and accessible. No additional content-based filtering was applied because the aim was to capture a broad and unbiased cross-section of accessible Pao Fen cases. Further filtering could have introduced selection bias by excluding operational variations. Instead, a randomized sampling strategy was employed to ensure transparency and reduce bias, providing each case an equal chance of selection.

It is important to note that while China Judgments Online is the official repository for court decisions in China, not all court decisions are published on the platform. Publication is governed by SPC regulations that exclude certain types of cases, such as those involving state secrets, personal privacy concerns, juvenile defendants, or other sensitive content. Furthermore, the decision to publish is also subject to judicial discretion at the court level, and some cases may be withheld to protect victims or facilitate ongoing investigations. Therefore, the available dataset represents the publicly released subset of national judgments, reflecting both mandated publication requirements and court-level selection mechanisms.

Given the qualitative nature of this study, a purposive sampling strategy was adopted with the goal of obtaining a manageable and information-rich sample that could facilitate an in-depth understanding of the operational processes involved in Pao Fen activities. Qualitative research prioritizes depth over breadth, focusing on detailed examination rather than generalization across a population (Braun & Clarke, 2019). Within this approach, random sampling was used as a practical technique to reduce researcher selection bias when choosing from the available 600 cases. While purposive sampling focuses on information-rich cases, random selection within the accessible pool ensured that diverse types of operational practices were included without introducing subjective selection (Barglowski, 2018; Liamputtong, 2019). To guide sample size determination, a Qualtrics sample size calculator was used, setting a 95% confidence level, a population size of 600 (the viewable cases), and a 5% margin of error. This calculation yielded an ideal sample size of 235 cases, balancing adequate coverage with analytical manageability. Thus, random sampling complemented the qualitative aim by ensuring transparency and diversity within a purposive, in-depth analytical framework.

To achieve this, a randomized sampling strategy was implemented using Microsoft Excel. Because China Judgments Online displays search results with a maximum of 15 cases per page, the 600 accessible cases were distributed across 40 pages. First, an Excel database was constructed by manually recording the page number (1–40) and the position (1–15) of each case listed on each page, creating a structured and comprehensive sampling frame that covered all available cases. A random number generator function in Excel was then applied within each page’s entries to randomly select cases. Specifically, multiple random case numbers were generated per page to ensure that selections were distributed across the entire dataset rather than concentrated within any single page. This randomized procedure ensured that every case within the accessible 600 had an equal and independent chance of being selected, while also maintaining balanced representation across the full set of search results.

After applying the randomization procedures and excluding cases with incomplete or irrelevant information, the final sample comprised 235 criminal cases, aligning with the calculated ideal sample size and providing a robust foundation for in-depth qualitative analysis. Each case was traceable to its original page number and specific position on the judicial website. Following data collection, all case files were imported into NVivo 14 for qualitative analysis. A two-stage thematic inductive approach, following Corbin and Strauss (1990), was used to systematically code and analyze the dataset. For clarity and consistency in the results section, each case will be referenced using the label “case + [number]” (e.g., case 1, case 2, etc.).

Result: Six Primary Phases of the Pao Fen Process and Proposed Prevention Strategies

The crime script analysis revealed that the Pao Fen process consists of six sequential and interlinked phases. First is Infrastructure Preparation, where actors acquire the necessary tools and resources. This is followed by Activation and Access Setup, which involves account activation, credential handovers, and card testing. The third phase is Core Laundering Execution, during which illicit funds are moved, layered, and transferred. Next is Conversion and Integration, where electronic proceeds are transformed into cash or digital assets and profits are distributed. The fifth phase, Network Consolidation and Expansion, is marked by repeat participation, recruitment, and operational adaptation. Finally, Detection and Termination involves law enforcement intervention, arrests, and the partial dismantling of laundering networks.

Table 1 provides an overview of these phases and their sequencing. The results first outline each phase in general terms to build the reader’s understanding, followed by detailed descriptions of sub-actions, illustrative quotes, and visual representations that depict the complexity and adaptability of these laundering scripts. For each phase, targeted prevention strategies based on the situational crime prevention framework are also proposed to address identified operational patterns and vulnerabilities.

OPEN IN VIEWER

Table 1.

Crime Script Analysis of Pao Fen: Scenes, Actions, and Financial Components with Proposed Prevention Strategies.

Crime script scenes	Core actions	Action components	Key actors	Financial crime components	Props	Preventions strategies
Infrastructure preparation	Network positioning	Equifinal: interpersonal recruitment, ad recruitment, offender intro, self-initiated entry, establishing own Pao Fen teams	Recruiters, Runners, Organizers	Financing sources: illegal upstream investments, self-funding	Digital platforms and apps (e.g., WeChat, QQ, and TikTok China)	Deflect Offenders; Harden Target and Control Access
	Planning activity for laundering	- Equifinal: bank accounts and SIM cards obtainment and/or establishment of fraudulent front/shell companies- Sub-actions: travel coordination		Financing sources: illegal upstream investments	Banking instruments (cards or POS [point of sale] machines a ); communication devices, digital platforms, and apps; identification and verification documents
Activation and access setup	Compensation discussion	Equifinal: flat rates, commissions based on risks, mixed profit model, non-monetary incentives- Sub-actions: negotiation of initial payment, referral recruitment	Recruiters, Runners	- Payment settlement  ○ Execution level—fixed per-card fees, daily rates, % commissions; models included phased, and credit-based.  ○ Organizational level—brokers deducted cuts before downstream payouts	Digital platforms and apps (e.g., WeChat, QQ, and TikTok China)	Control Tools; Identify Property; Utilize Place Managers
	Account and/or identity transfer or control	Equifinal: runners’ own bank cards or third-party identity-based cards- Sub-actions: packaging card/SIM/phone/U-shield, biometric verification, transfer completed		Payment settlement: phased cash payment	Bank cards, mobile phones, SIM cards, credentials (e.g., ID, password, U-shields, and facial recognition), digital payment and communication platforms, logistic
	Initial fund movement	Equifinal: verify bank card functionality- Sub-actions: complete bank account transfer, conduct small-scale “water testing” transactions, relay verification evidence to upstream actors		- Financing Source: illegal- Financial-economic crimes link: fraud proceeds	Bank cards, screenshots/digital proofs, communication apps/platforms
Core laundering execution	Laundering	Equifinal: bank cards- Sub-actions: obtain cards → Verify → Trial transactions → Transfer/withdraw fundsEquifinal: POS terminals- Sub-actions: Operate POS → Fake purchases → Embed funds via shell companiesEquifinal: cryptocurrency- Sub-actions: Buy crypto → Transfer to upstream actorsEquifinal: gambling platforms- Sub-actions: Deposit funds → Bet transactions → Withdraw as winnings	Organizers, Fund receivers, Transfer agents, technical operators, Withdrawal operatives	- Revenue/costs: Millions laundered; costs include runner commissions, avoidance of detections- Payment methods: mobile payments, crypto- Financial-economic crimes link: fraud proceeds	Bank cards, POS terminals, mobile devices, digital wallets, laundering software platforms, logistic (i.e., vehicles), purchased merchandises	Strengthen Formal Surveillance, Disrupt Market, Utilize Place Managers
Conversion and integration	Cash withdrawal or conversion	Equifinal: Cash withdrawals- Sub-actions: ATM or bank counter → split transactions → facial recognition → cover narrativesEquifinal: Crypto conversion- Sub-actions: Funds → USDT → exchange platforms (e.g., OKX) → cash out to RMBEquifinal: Electronic dispersal- Sub-Actions: Funds → Alipay QR codes → multiple recipients	Withdrawal operatives, Organizers/Coordinators, New recruits	Revenue and costs: transaction quantities: multiple withdrawals; profits converted to cash or crypto	Bank cards, Mobile payment apps, crypto platforms, cover narratives	Discourage Imitation, Disrupt Markets, Identify Property
	Profit retention	Equifinal: Profit distribution via various means- Sub-actions: Determine fixed/percentage payout → allocate based on role/volume/proximity		- Revenues and costs: Profits vary by role, volume, proximity; costs include payouts as operational expenses- Payment methods: cash, digital transfer, crypto payout (USDT)- Payment settlement: % based commissions, direct cash payouts	Cash, Bank cards, Mobile payment apps, Cryptocurrency (USDT), and Recipient accounts
	Arrest and disengagement	Equifinal: Exit- Sub-actions: Law enforcement surveillance → flagged accounts → arrestEquifinal: continuation- Sub-actions: Receive profits → recruit new runners → obtain fresh bank cards → relocate → adopt alternate identities → restart laundering cycle		- Revenue and costs: Future profits and costs are expected- Payment Settlement: future recruitment payouts- Payment methods: bank cards, cash, and digital payments	Reuses prior-stage prop
Network consolidation and expansion	Persistence and repeat actions	Equifinal: repeat participation- Sub-actions: provide card → transfer fundsEquifinal: recruitment- Sub-actions: recruit others → pay bonusesEquifinal: Tool reuse- Sub-actions: reuse cards/POS → reissue cardsEquifinal: role escalation- Sub-actions: become intermediaries → manage recruits	Persistent runners, Organizers, Recruiters	Repetition of prior-stage financial components	Reuses prior-stage prop	Deflect offenders, extend guardianship
Detection and termination	Arrest and disengagement	Equifinal: Law enforcement intervention- Sub-actions: Arrest → prosecution → sentencingEquifinal: Network evasion and persistence- Sub-Actions: Some remain fugitives → retain tools and networks → continue operations	Law enforcement, arrested participants, uncaptured actors	Revenues and costs: Seizure of funds/assets; legal costs for defendants	Legal instruments and remaining financial infrastructure	Reduce anonymity, extend guardianship, alert conscience, and screen exits

a

A POS (Point of Sale) machine processes card payments and can be misused to disguise illicit funds as legitimate sales.

Discussion: New Criminological Insights into Laundering Networks from Pao Fen Case Analysis

Pao Fen has emerged as a pervasive and deeply embedded cyber-enabled money laundering practice across China, as well as in other East and Southeast Asian countries, reflecting a national-level challenge in the control of financial crime. Despite the severity and visibility of this issue, as evidenced by recurring law enforcement operations and media coverage in Chinese provinces such as Guangdong, Guangxi, Henan, Jiangxi, and Shanxi (see, e.g., Guangdong Provincial Public Security Department, 2024; Wang & Tian, 2024; Xinhua News, 2024), there remains a notable absence of comprehensive, centralized datasets documenting the scale, actor typologies, and operational patterns of Pao Fen participants. Current academic research in this space is limited and tends to rely on high-level summaries, descriptive statistics, or official reports, without much rigorous empirical engagement (e.g., Pei & Jiao, 2024; Yan, 2022; Zhao, 2024). Particularly lacking are English-language studies that systematically analyze the internal dynamics, tools, and behaviors that constitute the laundering process.

This study addresses that gap by offering the first empirically grounded operational model of Pao Fen, derived from a unique dataset of Chinese judicial case records. Through detailed analysis of 235 cases, this study identified six-phase operations in Pao Fen comprising: Infrastructure Preparation, Activation and Access Setup, Core Laundering Execution, Conversion and Integration, Network Consolidation and Expansion, and Detection and Termination. These stages reflect the transformation of laundering from individual experimentation into institutionalized, cyclical criminal routines. Based on this operational logic, this study develops targeted strategies for disrupting Pao Fen by applying situational crime prevention principles to each stage of the process.

Among the findings, one of the most critical insights is the identification of self-initiated offender trajectories within Pao Fen. In contrast to the dominant narrative presented in much of Western scholarship, which often depicts money laundering participants as individuals who are recruited either willingly or under coercion by hierarchical criminal organizations (Abdul Rani et al., 2024; Leukfeldt & Kleemans, 2019; Raza et al., 2020), this study uncovers a distinct subset of actors who proactively and voluntarily entered laundering networks. These individuals did not wait to be approached or manipulated. Instead, they actively sought out opportunities to engage in laundering activities by leveraging digital platforms such as Baidu Tieba, WeChat Moments, and encrypted communication tools such as Telegram and Bat. These offenders demonstrated a high level of autonomy as they independently navigated the entire process, from identifying potential laundering schemes to acquiring the necessary digital tools, understanding operational protocols, and participating in fund transfers. In doing so, they bypassed traditional recruitment structures, treating laundering as a self-driven opportunity rather than a coerced act. This finding challenges the conventional framework and points to the existence of voluntary, self-directed offenders. Recognizing this offender type has important implications for both criminological lens and law enforcement strategies. It clarifies how individuals may self-select into criminal economies online and highlights the ways in which digital environments facilitate both recruitment and voluntary entry into illicit financial systems.

A second key insight lies in the identification of persistent and repeatable behaviors among Pao Fen participants, revealing a structured and evolving criminal network. The analysis in this study shows that laundering activities are not isolated or opportunistic events but instead routinized and cyclical processes, often carried out by the same actors across multiple laundering cycles. These individuals frequently reuse or reacquire similar tools, including previously frozen bank accounts, reissued bank cards, POS terminals, and cryptocurrency wallets, demonstrating a high level of operational continuity and adaptability. Beyond tool reuse, the findings also reveal patterns of internal recruitment and hierarchical progression within laundering networks. Experienced participants do not merely continue their own operations, instead they often recruit and mentor new participants, expanding the network and solidifying their roles as mid-level coordinators or team leads. In some cases, individuals who began as basic fund runners progressed to more strategic roles, such as managing Telegram groups, providing technical onboarding, or distributing illicit profits, indicating a form of promotion and role specialization. This pattern of behavioral persistence and internal advancement suggests that Pao Fen operations function with quasi-organizational structures, allowing them to regenerate and scale even after law enforcement interventions. Traditional deterrence efforts, such as freezing individual accounts or disrupting a single laundering chain, are insufficient in the face of such systemic resilience. To address this, a more dynamic framework needs to be proposed to prevent this type of criminal behaviors such as the current proposed framework to longitudinal monitor offender behaviors, including AI-driven detection of repeated tool usage, role evolution, and recruitment behaviors, to more effectively disrupt these adaptive laundering networks.

A third major contribution of this study is the recognition that Pao Fen activities are not static or isolated events, but rather dynamic, adaptive, and continuously evolving operations. Effectively countering them requires ongoing threat profiling and intervention strategies that are both flexible and technologically sophisticated. This conclusion is supported by several key features observed in Pao Fen operations. First, runners frequently employ deliberate risk avoidance strategies, including geographic relocation and structured transaction patterns. Second, laundering behaviors are persistent and repeatable, often carried out across multiple operational cycles. Third, although the organizational structure is relatively loose, it maintains a functional hierarchy that allows actors to shift roles and expand activity as needed. Finally, participants display a high level of digital fluency, as seen in their use of encrypted communication platforms, virtual currencies, and remote-access tools to maintain operational secrecy and scalability. In response to these complexities, integrating AI-based surveillance and intervention mechanisms within this stage-based situational interventions constitutes a valuable application of situational crime prevention principles to complex laundering network. Traditional situational crime prevention strategies, such as increasing guardianship and limiting access to crime opportunities, remain relevant for disrupting Pao Fen operations. Their effectiveness can be further strengthened through the integration of artificial intelligence tools capable of real-time anomaly detection, behavioral pattern analysis, and mapping of decentralized laundering networks. This integration allows for proactive interventions that target specific laundering stages and behaviors, rather than relying solely on post-incident enforcement. Given the adaptive and dispersed structure of Pao Fen networks, implementing AI-informed situational crime prevention represents a practical advancement to better align interventions with offenders’ operational realities.

Limitations and Future Directions

While this study offers critical insights into the operational dynamics of Pao Fen networks, it is important to acknowledge the limitations in the work that point to the need for further research in this area. First, the study is subject to sampling bias and limited generalizability. Due to technical constraints associated with the judicial document search engine, only the first 600 court cases were accessible and analyzed. As a result, the crime script developed from this dataset reflects a limited subset of Pao Fen cases and may not fully capture the diversity of laundering scenarios occurring across China, as well as other regions in Asia and beyond. For instance, the study does not include cases involving cross-border laundering through cryptocurrency mixing services or laundering strategies embedded in newer digital platforms. Therefore, while the findings offer valuable insight into prevalent laundering patterns, they may not represent the full range of laundering behaviors, especially those involving advanced or evolving technological methods.

Second, the data exhibited significant variability in richness and detail. Although court documents provide more structured and credible information compared to media reports, they remain constrained by legal procedural focus. Most documents are limited to formal charges, legal reasoning, and sentencing outcomes, and often omit deeper insights into offenders’ psychological motivations, internal decision-making processes, or the organizational structures of laundering networks. Additionally, there is often a lack of standardization in how case details are recorded across jurisdictions, resulting in inconsistencies and gaps in the evidentiary base. These omissions restrict our ability to explore offender intent or understand how informal norms and trust operate within laundering networks.

Third, the sample is inherently biased toward apprehended offenders. This means the analysis is based solely on individuals who have been identified, charged, and prosecuted, potentially excluding an important subset of offenders who remain undetected or deliberately operate under the radar using more advanced risk management and anonymization techniques. These individuals may exhibit significantly different laundering behaviors, including the use of crypto tumblers, cross-jurisdictional shell firms, or sophisticated bot-operated laundering chains. Consequently, the current study likely underestimates the technological and procedural diversity that characterizes the full landscape of Pao Fen operations.

In light of these limitations, future research would benefit from incorporating a broader and more diverse range of data sources to more fully capture the complexity and evolving nature of Pao Fen operations. Moving beyond court documents to include qualitative interviews with offenders, digital ethnographies of laundering communities, and computational modeling of laundering flows could offer richer insights into their decision-making processes, operational logics, and technological adaptations. These expanded approaches can not only strengthen the generalizability and depth of crime scripts but also create opportunities to empirically test the effectiveness of the strategies proposed in this study. For example, applying these proposed strategies in controlled simulations or partnering with financial institutions and enforcement agencies to assess real-world implementation could help evaluate its utility in detecting, disrupting, and deterring laundering behaviors.

As the first empirical effort that systematically unpacked Pao Fen launder operations and translated those insights into an actionable intervention framework, this study can provide a foundational step toward more informed, data-driven strategies for combating cyber-enabled financial crime. Future research should build on this foundation to refine, validate, and adapt intervention tools in response to the continuously evolving laundering landscape.