De-risking instead of individual case review: When banks push companies out of payment transactions

De-risking refers to the practice of banks terminating business relationships not because of specific legal violations, but to reduce regulatory, reputational, or operational risks across the board. Often, entire customer groups or business models are excluded instead of examining and managing risks on a case-by-case basis. The competition between traditional banks and FinTechs is increasingly shifting to the regulatory level, with noticeable consequences for companies.

From journalists to entrepreneurs operating across borders, those affected are increasingly reporting that banks are freezing accounts or terminating business relationships without specific accusations, transparent justification, or an effective complaints procedure. What long seemed like a fringe phenomenon is now being discussed internationally as a structural problem: Banks are no longer just “de-risking” individual customers, but entire groups.

The term sounds technical, almost harmless. In reality, this can have serious consequences for companies: wages can no longer be paid, suppliers stop deliveries, taxes and social security contributions remain unpaid, existing contracts are terminated, and insolvency threatens within days. The European Banking Authority has been warning in guidelines and statements for years that the risk-based approach in the anti-money laundering regime can lead to blanket de-risking. Financial institutions should therefore not exclude customer groups without individual risk assessment, as this constitutes an unintended form of financial exclusion – especially for complex and cross border clients.

Reports from Germany, Austria, France, the Netherlands, and the Nordic countries show recurring patterns: blanket terminations, formulaic or missing justifications, references to “compliance,” and months of refusing to communicate. Individual assessments are increasingly being replaced by categorizations. Anyone falling into a group defined as “sensitive” is excluded, regardless of whether any legal violation has occurred.

Official figures from Great Britain show that these are not isolated incidents. There, eight major banks closed more than 140,000 business accounts belonging to small and medium-sized enterprises (SMEs) in 2023, representing approximately 2.7 percent of their total SME customer base. At the same time, the number of complaints is rising sharply: Debanking complaints received by the Financial Ombudsman Service have increased significantly since 2020/21.

For private customers, an account closure is already a drastic measure. For businesses, it is often a threat to their very existence, for one simple reason: The account is operational infrastructure. If it is lost, not only do payment transactions cease, but the core of operations is disrupted. Salary and fee payments are interrupted, rent, leases, and insurance cannot be paid, suppliers stop deliveries, taxes remain due, and payment supply chains break down. Bank silence often prevents any mitigation of the damage.

External business owners are particularly affected, and journalists and organizations frequently fall through the cracks. Multiple countries, currencies, or payment flows are considered a complexity risk. Reports particularly often concern customers of FinTech institutions whose business models rely heavily on automation and scaling. This is efficient, but not automatically fair.

International media are picking up on these cases not because of individual tragedies, but because of structural characteristics: Banks act as private gatekeepers of vital infrastructure, decisions remain opaque, entire groups are affected, and the effect is de facto sanction-like, without any state procedure. In Great Britain, policymakers are already reacting with stricter requirements for notice periods and the level of justification. Across the EU, efforts are underway to create consolidated statistics on de-risk terminations, less a sign of lesser impact than of a transparency deficit.

Conclusion:

De-risking is therefore no longer merely a service or compliance issue. It is an economic and legal risk that restricts legitimate business activity and can threaten the very existence of companies within a very short time. The central question is therefore not whether banks are allowed to manage risks—they must. But where legitimate risk management ends and blanket exclusion without minimum standards of the rule of law begins. Where this boundary blurs, public interest and a journalistic mandate arise.

Note / Legal:

This article is a journalistic analysis. It separates facts from classification and evaluation and does not replace legal advice. Affected institutions generally have the opportunity to comment.