De-risking in AML

Understanding de-risking in AML

In an era of increased regulatory intervention and amid high-profile AML penalties, financial institutions (FIs) around the world have sought to mitigate threats by resorting to de-risking. However, as we move through 2026 and beyond, the focus has shifted from simple avoidance to sophisticated, risk-based management.

What is de-risking in anti-money laundering (AML)?

In the words of the European Banking Authority (EBA), “De-risking is the refusal to enter into or a decision to terminate business relationships with individual customers or categories of customers associated with higher money laundering or terrorist financing (ML/TF risk), or to refuse to carry out higher ML/TF risk transactions.” This can be a case-by-case option or take place on a blanket, sectoral level.

When firms take a sectoral approach to de-risking, they tend to end relationships with higher-risk customers, such as foreign correspondent banks (FCBs), money services businesses (MSBs), or embassies.

De-risking AML practices tend to affect certain regions of the world – particularly developing countries with emerging or underdeveloped financial markets and higher AML/CFT risks. In these contexts, de-risking may disproportionately affect charities’ work or legitimate businesses’ interests.

What are common challenges with de-risking in AML?

By adopting blanket de-risking practices, firms often generate new AML problems for the wider financial system:

• Financial displacement: When relationships are terminated, the need for financial services remains. Customers may move to smaller banks with less stringent controls or “shadow” banking systems that are harder for regulators to monitor.
• Siloed systems: Large banks often operate with complex infrastructures. A customer exited for de-risking purposes may simply re-enter the bank through a different business vector if systems aren’t integrated.
• Information gaps: De-risking frustrates the ultimate goals of AML programs to share information. It pushes activity into less regulated territory, making criminal organizations harder to track.
• Regulatory scrutiny: As of 2026, global bodies like the Financial Action Task Force (FATF) have clarified that wholesale de-risking is often a failure of the “risk-based approach.” Collective action can also create the appearance of collusion, which may lead to legal consequences.
• Humanitarian impact: It can harm organizations relying on financial services to deliver critical assistance to vulnerable people in developing regions.
• Implementation costs: Exiting customers en masse requires a coordinated, expensive exit program that is difficult to implement consistently.
• Geographic exclusion: De-risking tends to disadvantage smaller countries, as customers in these countries may not be attractive financial prospects for larger banks.

Example: De-risking under the microscope in the UK

The theoretical challenges of de-risking were cast into the global spotlight in the summer of 2023 by a high-profile controversy in the United Kingdom. After a major banking group closed the accounts of a prominent political figure, citing reputational risk and their status as a politically exposed person (PEP), the decision triggered immediate and widespread backlash.

The situation was widely viewed as a potential act of financial censorship. The reputational damage was so severe that it led to the resignation of the banking group’s CEO. In response, the Financial Conduct Authority (FCA) launched a review into how banks treat PEPs, and the UK government announced plans to reform banking rules to require more transparency around account closures.

What are the main issues with de-risking programs?

Many banks have developed dedicated de-risking programs to address the need to exit high-risk customers en masse. Those programs function to critically review the commercial benefits of a potential high-risk relationship against the severity of the money laundering risk it poses, and ultimately decide whether to terminate or deny access. But they are sometimes misaligned with the FATF’s recommended risk-based approach.

In a report, the FATF formally reframed financial inclusion as a core pillar of global financial security by acknowledging that wholesale de-risking is often a misapplication of the “risk-based approach” and makes it harder for law enforcement to track illicit flows. To fight this, the FATF has shifted the language from suggesting that countries “may” allow simplified measures for low-risk scenarios to a directive that they “should allow and encourage” them. 

This shift is designed to ensure that vulnerable or undocumented populations are not unfairly excluded from the formal economy, thereby reducing the “black market” spaces where criminals and terrorists typically operate.

Examples: Strategies discouraging de-risking in Australia and the US

Following FATF’s updated directives, major regulators have begun formalizing strategies to discourage “blanket” de-banking in favor of case-by-case assessments.

For instance, in Australia, AUSTRAC issued specific guidance between 2021 and 2023, urging financial institutions to move away from sectoral exits, noting that ML/TF risks can vary significantly even among customers in the same industry.

Similarly, the US Department of the Treasury’s 2023 De-risking Strategy explicitly addresses the exclusion of high-risk but legitimate categories, such as NPOs and money service businesses used by immigrant communities. By proposing concrete actions – including modernizing sanctions programs with baseline humanitarian authorizations and refining bank inspection practices – these regulators are shifting the compliance burden toward a more sophisticated, data-driven application of the risk-based approach.

But these strategies do not suggest that banks must onboard every customer. Instead, they demand that the decision to exit be rooted in specific, individual risk data rather than broad assumptions. When this granular assessment is performed, it becomes clear exactly when a relationship has crossed the line from “manageable” to “unacceptable.”

When is de-risking the right decision?

While wholesale de-risking is a misapplication of the risk-based approach, terminating an individual business relationship is a crucial tool in any effective AML program. De-risking is not only appropriate but necessary in several specific circumstances:

• Confirmed illicit activity: If a firm has clear evidence that a customer is actively involved in money laundering, terrorist financing, or other serious financial crimes, exiting the relationship (and filing the appropriate reports with law enforcement) is a legal and ethical obligation.
• Sanctions compliance: When a customer, or their jurisdiction, becomes subject to binding international sanctions, continuing to provide services may be illegal. In these cases, terminating the relationship is mandatory.
• Refusal to cooperate with due diligence: A customer in a high-risk category who refuses to provide the necessary information for customer due diligence (CDD) or enhanced due diligence (EDD) cannot be effectively monitored. If a firm cannot see or understand the risk, it cannot manage it, making an exit the only prudent course of action.
• Unmanageable risk profile: After conducting a thorough risk assessment, a firm may find that a customer’s risk profile is fundamentally outside its board-approved risk appetite. If no further steps can reasonably be taken to mitigate the risk to an acceptable level, a commercial decision to exit is justifiable.

In these scenarios, de-risking is the logical and responsible conclusion of a properly applied, evidence-based risk assessment.

What are alternatives to de-risking in AML?

De-risking AML may be a calculated, cost-efficient response to money laundering threats, but it lacks the sensitivity and diligence implicit in the risk-based approach to AML, which requires firms to actively seek and collect information about their customers. 

That requirement can be costly and time-consuming, making de-risking an attractive alternative. By implementing more cost-efficient risk-based AML strategies, however, firms can reduce or eliminate the need to de-risk and, in so doing, broaden access to financial services for potential customers.

In practice, this means leveraging smart, automated AML/CFT solutions to enhance customer due diligence (CDD) procedures. AI-driven technology adds efficiency and accuracy to AML screening and monitoring, helps firms develop effective risk-scoring models to prioritize customers better, and assign them to the correct AML risk categories.