Your bank closed your business account. The letter mentioned a “review of your relationship” or a change in “risk appetite.” It didn’t say what you did wrong, because you probably didn’t do anything wrong. This is an issue over 100,000 businesses face in the UK alone, and it’s called de-risking.
And the global body that sets the rules on financial crime has been telling banks to stop doing it for over a decade.
Quick Takeaways
- De-risking is when banks exit entire customer categories rather than assessing individual businesses on their merits. FATF has called it inconsistent with its own standards since 2014
- UK banks closed over 141,000 business accounts in 2023, with at least 4,214 attributed explicitly to “risk appetite”
- Financial Ombudsman complaints about debanking rose 69% over three years, and the uphold rate climbed to 36%
- The UK’s April 2026 debanking reforms require 90-day notice and written reasons, but only for consumers, micro-enterprises, and small charities
- The structural fix isn’t finding one bank that will say yes. It’s building a multi-banking architecture where no single exit shuts down the business
What Does De-Risking Actually Mean?
De-risking is a bank’s decision to terminate or refuse relationships with whole categories of customer, rather than managing risk on a case-by-case basis. The FATF, which sets the global standard for anti-money laundering, has explicitly said this practice violates the risk-based approach it requires.
The FATF first gave it a name in October 2014, stating that “the wholesale cutting loose of entire classes of customer” is “not in line with the FATF standards.”
Its 2016 Guidance on Correspondent Banking went further: banks that exit sectors wholesale “avoid, rather than manage” risk. The European Banking Authority echoed this in its January 2022 Opinion, distinguishing legitimate file-level decisions from “unwarranted” blanket exits.
And the FCA’s own supervisory guidance says the risk-based approach “does not mean that banks should deal generically with whole categories of customers.”
In other words, the global rulebook tells banks not to do what your bank just did. The rules haven’t stopped it because the economics make de-risking the rational choice for the bank, even when it’s the wrong choice for the system.
De-risking and debanking are the same thing and typically used interchangeably. De-risking is the term regulators and compliance teams use. Debanking is the word that entered public debate after the Coutts/Farage controversy in 2023.
How Widespread Is the Problem?
Over 141,000 UK business accounts were closed by eight major banks in a single year. Globally, correspondent banking relationships have declined by more than a fifth since 2011.
The UK Treasury Committee, in February 2024, obtained data directly from eight major banks showing 141,620 business account closures in calendar year 2023. That’s roughly 2.7% of the entire UK SME banking book. Of those, at least 4,214 were attributed explicitly to “risk appetite” (the total amount of risk the bank is willing to accept), the category-level label that confirms the decision had nothing to do with the individual business.
Financial Ombudsman Service complaints about debanking rose 69% between 2020/21 and 2023/24, reaching 3,858 cases. The proportion upheld in the customer’s favour climbed to 36%.
The pattern is global.
The Bank for International Settlements documented a 22% decline in active correspondent banking relationships between 2011 and 2019. Small island states in the Caribbean and Pacific lost over 40% of their correspondent connections, cutting entire economies off from international payment rails.
The FCA’s September 2024 report confirmed what affected business owners already knew: “reputational risk” was being used inconsistently across firms, applied to situations where the label “did not seem to correlate with significant risks to the firm’s standing,” and documented so poorly that the original rationale often couldn’t be reconstructed.
Why Do Banks De-Risk?
Four structural forces converge on every closure letter, and none of them assesses your individual compliance record.
The first is compliance economics.
The LexisNexis True Cost of Financial Crime Compliance study put global compliance spend at $206 billion in 2023. A single corporate KYC review costs $1,500 to $3,500, and high-risk customers require annual refreshes, ongoing transaction monitoring, and SAR-filing resources.
A small merchant generating $50,000 a year in fees while requiring $15,000 in annual compliance overhead is a negative-margin account. Banks don’t keep negative-margin accounts.
The second is enforcement memory.
HSBC paid $1.92 billion in 2012. BNP Paribas paid $8.97 billion in 2014. Danske Bank settled for $2 billion in 2022 as a money laundering fine. TD Bank paid a record $3.09 billion in October 2024 for money laundering and AML failures.
After penalties on that scale, bank risk committees learned that exiting an entire customer category is cheaper and safer than managing it. The compliance officer who kept the account open carries personal liability. The one who closed it doesn’t.
The third is corresponding pressure.
Under the FATF’s Recommendation 13 and the Wolfsberg CBDDQ framework, US-dollar clearing banks push due diligence demands down to respondent banks, who push them down to their merchant customers. When a correspondent bank tells a regional bank to clean up its book, the regional bank terminates the categories the correspondent flagged.
The fourth is card-scheme economics.
Visa’s VAMP program, live since April 2025, charges acquirers per disputed transaction once portfolio thresholds are breached. That gives acquirers a specific dollar figure for the cost of keeping high-chargeback categories on their books.
Which Sectors Get De-Risked Most?
The sectors hit hardest share three traits: high compliance cost relative to revenue, opacity into onward customer flows, and category-level reputational sensitivity.
Money service businesses and cross-border remittance providers sit at the top of the list. The Somalia-corridor enforcement actions of the mid-2010s created lasting institutional memory, and the KYCC (know your customer’s customer) obligations make every file expensive to maintain.
Digital-asset firms are close behind. The collapse of Silvergate Bank and Signature Bank in March 2023, followed by FOIA-released FDIC “pause letters” revealing coordinated supervisory caution, confirmed what crypto operators had experienced for years: category-level exits, not individual-risk decisions.
Charities and NGOs operating in conflict zones face the same pattern. The FATF revised Recommendation 8 in 2023 specifically to tell banks not to blanket de-risk non-profit organisations, a revision that was necessary precisely because banks were doing it routinely.
Online gambling operators, adult entertainment businesses, cannabis and CBD companies, forex and CFD brokers, and politically exposed persons round out the list. What connects them isn’t illegality. Every one of these sectors operates lawfully in multiple jurisdictions. What connects them is the compliance cost-to-revenue ratio that makes generalist banks walk away.
For a detailed breakdown of how high-risk sectors are classified and what triggers rejection, see our guide to why high-risk businesses get rejected by banks.
Will the UK’s New Debanking Rules Protect Your Business?
Probably not. The April 2026 reforms require 90-day notice and written reasons, but the scope is narrow enough that most high-risk businesses fall outside it.
The Payment Services and Payment Accounts (Contract Termination) (Amendment) Regulations 2025 take effect on 28 April 2026. For new framework contracts entered on or after that date, payment service providers must give 90 days’ notice instead of two months and provide written reasons that are “sufficiently detailed and specific” for the customer to understand why.
The catch is scope. Through the existing PSRs corporate opt-out, the protections cover consumers, micro-enterprises (nine or fewer employees, under €2m turnover), and small charities. Larger SMEs, regulated payment firms, and relationships entered before April 2026 are excluded.
Financial-crime exemptions allow shorter notice and no reasons where a SAR has been filed or serious crime is suspected. For the typical mid-market business in a high-risk sector, the new regulations won’t prevent debanking. They’ll make the goodbye letter slightly more detailed.
What Is the Structural Solution?
The reflex after a closure is to find one bank that will say yes. That solves a month of cash-flow pressure and rebuilds the same single-point-of-failure the closure just exposed.
Structural resilience is different. It assumes any institution may exit your category at any time and engineers around that assumption. That means a primary operating bank, a redundant secondary provider, and specialist EMIs for multi-currency flows, with the understanding that EMI safeguarded balances carry no FSCS deposit protection.
It means jurisdiction diversification across the UK, EU, Singapore, and UAE so a single regulator’s posture change doesn’t strand the business. It means payment orchestration with smart routing, so a single acquirer exit is an operational adjustment rather than an existential crisis.
And it means file preparation matched to underwriting appetite. The difference between a six-month rejection loop and a three-week onboarding is whether the application lands with an acquirer who already serves your category, with documentation that answers every question the underwriter will ask before they ask it. That’s where a specialist intermediary earns its place.
Capitalixe builds these architectures across a network of 100+ financial institutions. If your business has been de-risked, or if you’re operating on a single banking relationship and want to build redundancy before the next closure, talk to us or explore our banking solutions.
