The SEB Pank AS case – When risk models damage companies: The structural failure of European AML systems

One of many individual cases that highlights a systemic problem in Europe.

The fight against money laundering has long since become a fight against shadows – and increasingly, it is hitting the wrong people. What is supposed to protect financial systems in theory is increasingly leading to false alarms, account freezes and business-damaging stigmatisation of completely innocent companies in practice.

A recent incident at SEB Pank AS in Estonia is a prime example of how far AML practice in Europe has strayed from actual risk assessment.

The specific incident: payment blocked – and the company classified as ‘possible fraud’

On 8 November 2025, SEB Pank AS blocked a regular transfer to a company without prior warning and without any comprehensible justification.

The payer was told that the company was “suspicious” or ‘possible fraud’.

According to the research,

  • no documentation was provided in accordance with § 42 RahaPTS (Estonian Money Laundering Act),
  • nor were any reasons given in accordance with § 88 of the Banking Act,
  • nor were any risk-based criteria explained in accordance with the EBA guidelines (EBA/GL/2021/02).

In response to a detailed request for information, the company received only a brief reply:

No information could be provided due to banking secrecy.

The European Court of Justice expressly clarified in its 2023 WISE ruling that banking secrecy does not apply to Art. 15 GDPR requests for information.

This case shows that there is a lack of transparency and comprehensible decisions, even though both are required by law.

What the case reveals: structural misconduct that is spreading across Europe

The SEB case is not an isolated one.

Similar patterns can be seen at banks in Germany, Austria, Malta, Lithuania and Luxembourg:

  • legitimate companies are classified as ‘high risk’ without specific reasons,
  • payments are blocked even though there are no red flags,
  • justifications remain vague or are completely absent,
  • in some cases, negative classifications are even communicated to third parties – with considerable damage to reputation.

Banks seem to be increasingly acting on the principle that it is better to block 100 legitimate transactions than to allow one risky one to go through. However, it is not the banks that bear the costs of this system, but their customers.

The new logic: automated AML systems – few people, little verification, a lot of damage

Modern banks work with complex AML engines that generate risk scores based on the following parameters:

  • industry-based risk models,
  • algorithmic pattern recognition,
  • internal blacklists,
  • incomplete data from external screening tools,
  • keywords in intended uses.

What is missing: human review.

What prevails: automated general suspicion logic.

For companies, a trigger word – or the mere existence of a FinTech company account – can be enough to fall under a ‘suspicious status’ that is difficult to reverse.

The paradoxical flip side: complex MLM and Ponzi schemes often go undetected

At the same time, research shows that many structures in recent years – including MLM/token models such as Safir/Zeniq, VOO/AVINOC and international ‘copper’ narratives – have been using payment service providers undisturbed for years.

There are several reasons for this:

  1. Ponzi-like payment flows often appear inconspicuous from an AML perspective
  2. Many small deposits, no high-risk countries, clear subject lines.
  3. Banks do not analyse business models
  4. A model can be illegal even though all transactions appear formally correct.
  5. Regulatory intervention comes late
  6. Often only after media research or massive investor losses.

The contrast could hardly be greater:

A legitimate company is aggressively blocked – while fraudulent models were able to operate undisturbed.

Legal obligations are clear – the problem lies in practice

European banks are obliged to document AML decisions (RahaPTS § 42), justify them (German Banking Act § 88), make them transparent (Art. 15 GDPR) and correct inaccurate data (Art. 15 GDPR).

  • document (RahaPTS § 42),
  • justify (Kreditwesengesetz § 88),
  • make transparent (Art. 15 GDPR),
  • correct inaccurate data (Art. 16 GDPR),
  • and apply proportionality (EBA/GL/2021/02).

However, the SEB Pank AS case shows how easily banks can evade their obligations – to the detriment of those affected.

Regulators often only react when media attention increases.

A dangerous trend for Europe’s business landscape

The result is a climate of uncertainty:

  • Payments can be blocked at any time.
  • Companies often do not know why.
  • Reputations are damaged without any possibility of defence.
  • Small companies are under general suspicion because they fit a risk profile.
  • AML is turning from a security tool into a business risk.

For innovative companies, international legal service providers, start-ups and SMEs, this creates an environment that is effectively hostile to business.

What needs to change

The SEB case is not a scandal, but a symptom of a flawed system.

A modern AML regime needs:

  1. Transparency requirements that are actually enforced
  2. Verifiable, documented AML classifications – no black box systems
  3. Proportionality
  4. Protective mechanisms against reputation-damaging misclassifications
  5. Regulatory authorities that actively sanction abuses

As long as banks are allowed to produce false alarms without consequences, the system will remain asymmetrical:

Harmless transactions are blocked. Dangerous ones remain undetected.

Conclusion

The SEB Pank AS case highlights the depth of the problem:

It is not individual banks that are failing – the system is failing.

An AML regime that ruins legitimate businesses while allowing fraudulent structures to go undetected does not protect society.

It protects itself.

Europe urgently needs an AML system that:

  • actually identifies risks,
  • minimises false alarms
  • and respects the fundamental rights and economic existence of innocent companies.

Until then, one bitter reality remains: when in doubt, AML hits the wrong people.

Note:

This article is a journalistic analysis. It is based on publicly available sources (Blocktrade blog). It is not a legal assessment or financial advice. All assessments have been researched to the best of our knowledge and are marked as opinions within the meaning of Art. 10 ECHR / Art. 5 GG. Counterstatements will be taken into account in accordance with § 56 RStV.

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Vision.One & NOMO: New Promises Despite InsolvencyeCredits, TAG Markets, Copy X & Werner Kaiser: Ripping Off the Crowd?