De-Risking

In the early 2000s, banks faced growing pressure to strengthen their defenses against money laundering and terrorist financing. Heavier penalties, stricter oversight, and costly compliance requirements made many institutions rethink how to handle high-risk clients and sectors. Instead of dealing with such risks using additional controls, some banks chose to withdraw services altogether, a process now known as de-risking.

What Is De-Risking?

De-risking is the practice where financial institutions terminate or restrict business relationships with clients, industries, or geographical locations which they deem to be at great risk. It tends to safeguard against money laundering, terrorism financing, fraud, or potential regulatory scrutiny. While it reduces the risk exposure of an institution, it also comes with certain repercussions, such as excluding legitimate customers and hindering financial inclusion.

This practice is sometimes called “de-banking,” since it excludes people or businesses from the financial system altogether. While de-risking in the short run decreases risk, it can also disrupt proper legitimate payments and create broader financial inclusion challenges.

What Is the FATF’s View on De-Risking?

The Financial Action Task Force (FATF) defines de-risking as “the phenomenon of financial institutions terminating or restricting business relationships with clients or categories of clients to avoid, rather than manage, risk in line with the FATF’s risk-based approach.”

FATF stresses that this approach contradicts its risk-based approach (RBA). This calls for assessing every customer on an individual basis and implementing proportionate measures.

FATF views de-risking as a significant issue since blanket restrictions push activity into informal channels, undermining transparency and AML/CFT objectives. Since 2015, it has called upon banks and regulators to implement proportionate, case-by-case controls—using simplified checks for low-risk clients and more enhanced measures only where risks are actually high.

What Kind of Businesses Are Most Likely to Be De-Risked?

De-risking affects businesses that are perceived to be high-risk, including money service businesses, charities in high-risk regions, and correspondent banks in foreign countries.

Other high-risk clients include embassies, politically exposed persons (PEPs), gaming or e-gaming businesses, and emerging market exporters.

What Are the Main Forms of De-Risking?

De-risking does not follow a single pattern. It varies depending on how financial institutions manage their exposure to high-risk clients, industries, or regions. The main forms of de-risking include:

• Wholesale De-risking: A complete withdrawal of services from entire sectors or categories of clients, such as money service businesses, charities, or correspondent banks. This approach is often the broadest and most criticized because it ignores individual risk levels.
• Selective or Partial De-risking: Institutions might permit customers to keep accounts but limit specific services, e.g., cross-border payments or access to trade finance.
• Geographic De-risking: Disconnection of services in selected countries or jurisdictions deemed high-risk, commonly because of poor AML/CFT legislation, corruption, or FATF blacklisting/grey-listing.
• Product or Service De-risking: Restricting access to certain financial products considered high-risk, i.e., cross-border remittances, trade finance, or services based predominantly on cash transactions.
• Client-Type De-risking: Refusal to engage with specific groups of customers, such as politically exposed persons (PEPs), non-governmental organizations in war zones, or cash-based businesses.
• Transaction-Based De-risking: Maintaining relationships but rejecting or strictly monitoring specific transactions, for example, hefty cash deposits, crypto-based transfers, or foreign wire transfers.

Why Do Financial Institutions De-Risk Clients?

Financial institutions de-risk mainly in order to shield themselves from reputational, financial, and operational risks. Handling high-risk customers or operating in jurisdictions with weak oversight can expose banks to fines, sanctions, or reputational loss.

Profitability is also an important factor. Monitoring certain clients through costly enhanced due diligence may cost more than the resulting revenue, making the relationship non-feasible. Regulatory pressure also contributes, since simultaneous AML/CFT obligations and sanctions regimes add to the complexity and uncertainty of compliance.

What is the De-Risking Process?

The de-risking process follows a risk-based approach, ensuring that decisions are consistent and defensible. It starts with risk assessment, where institutions identify high-risk clients, industries, or jurisdictions through regulatory, operational, and reputational criteria, frequently driven by recommendations from FATF. Customers are segmented into risk tiers to decide on the degree of monitoring or controls to apply.

High-risk clients must be subject to enhanced due diligence (EDD) in order to establish compliance readiness and potential risk exposure. Decisions are made by the bank on this basis. Where risks can be managed, they may apply stricter controls or enhanced monitoring. If risks are high or compliance costs outweigh benefits, the institution may restrict or terminate the relationship. The rest of the clients are closely monitored so that risks remain at an acceptable level.

In reality, de-risking may result in account closure or refusal to provide services without much explanation. Regulators such as the U.S. Treasury require transparency and a documented risk basis on which decisions are to be made. FATF emphasizes that customer termination should only follow a proper risk assessment and after exploring alternative options.

What Did the U.S. Treasury’s De-Risking Strategy Propose?

The Anti-Money Laundering Act of 2020 required the U.S. Treasury to design a national de-risking strategy to address concerns that financial institutions were exiting customer relationships too broadly. The strategy centers on balancing AML/CFT compliance with financial inclusion and outlines some important steps:

• Consistent Supervisory Expectations: Regulators should apply clear and consistent expectations, reducing the risk that banks will over-comply in response to potential fines.
• Risk-Based Programs: Institutions are encouraged to tailor AML/CFT frameworks to actual levels of risk, replacing blanket exemptions with proportionate measures.
• Transparency in Account Closures: Banks should provide clear notice and explanation when closing accounts, particularly for vulnerable groups such as NGOs and remittance providers.
• International Coordination: More coordination with foreign partners is required to enhance AML systems overseas to help U.S. banks retain correspondent relationships in higher-risk jurisdictions.
• Monitoring De-Risking Patterns: Treasury recommends tracking account terminations and analyzing sector-specific impacts to detect harmful or disproportionate trends.

How Does De-Risking Impact Financial Inclusion and Communities?

When banks pull back from entire markets or geographic areas, essential services like remittances, trade finance, and nonprofit funding are impacted. This has the effect of driving transactions into informal networks, reducing transparency and increasing money laundering and terrorist financing risks.

Cross-border payments can be challenging for small businesses and communities, while NGOs are subject to slower delivery and increased cost of aid. Banks face reputation and regulatory risk as well as poorly managed de-risking. The authorities warn that indiscriminate closures undermine the risk-based approach and may destabilize financial institutions.

Through the use of proportionate, case-by-case approaches, institutions are able to reduce risk without undermining financial inclusion and supporting legitimate economic activity.

What Are the Regulatory Concerns About De-Risking?

Regulators warn that overly broad de-risking can undermine the effectiveness of AML/CFT frameworks. The risk-based approach (RBA) requires institutions to evaluate each client individually, rather than closing accounts indiscriminately. FATF has underlined that exclusion should be the exception, not the rule, as opposed to a substitute for good risk management.

Such practices threaten financial exclusion, driving transactions into informal networks where control is more logical. They also generate market instability, as in EBA warnings that excessive withdrawal distorts competition and lowers financial stability.

Regulators also note that the majority of banks over-comply due to fear of fines. More targeted guidance is being urged to offer proportionate, risk-based options instead of wholesale exits.

How Does De-Risking Relate to AML Compliance?

De-risking is closely tied to Anti-Money Laundering compliance. Financial institutions and banks are required to abide by strict regulations in order to capture and track high-risk clients. When meeting these requirements becomes too costly or risky, some institutions choose to end relationships instead of managing them. This is typical for money service businesses, charities, or correspondent banks, which are commonly classified as high-risk.

While de-risking can limit exposure to regulatory sanctions, it also poses the risk of being cut off from finance. Global institutions like the Financial Action Task Force (FATF) call for de-risking not to replace a risk-based approach, wherein institutions implement tailored controls rather than closing down whole industries.

How Can Institutions Mitigate Risk Without De-Risking?

Financial institutions can de-risk without account closure by taking a risk-based approach. This means exposing high-risk customers to enhanced due diligence, implementing tiered controls, and referring customers to improve compliance practices.

Technology plays a central role in managing de-risking. Banks rely on automated screening, transaction monitoring, artificial intelligence (AI), and machine learning to strengthen oversight. RegTech solutions further help them assess risks more accurately, detect suspicious activity in real time, and minimize false positives. Digital identity verification and automated KYC streamline the onboarding process, while advanced monitoring systems focus on identifying high-risk activity. Together, these technologies enable financial institutions to maintain relationships with legitimate clients more efficiently and confidently.

Through the integration of proportionate controls, technology, and open communication with customers and regulators, institutions can effectively control risks. It also supports financial inclusion and AML/CFT compliance.