How to prevent de-risking whilst being a good AMLCFT gatekeeper

How to prevent de-risking whilst being a good AML/CFT gatekeeper?

The European Banking Authority (‘EBA’) advises on new guidelines on de-risking. The guidelines provide additional tools for financial service providers on how to provide inclusive basic payment services whilst effectively managing money laundering and terrorist financing risks. Here we will look into how to embed these new guidelines in your existing governance and processes in an inclusive and efficient way.

According to Maslow’s hierarchy of needs, food, water, warmth, and rest are the most basic needs for human survival and growth. Although this theory was released in back in 1943, it is still relevant and widely used to this day.[1] Nowadays, one could argue that money and access to financial products and services in Europe is an additional basic need for human survival in the 21st century. Eighty years after the first release of Maslow’s theory, it is almost impossible to survive in European countries without access to a payment account at a bank. How else would you be able to pay for your mortgage, your energy bills, and food in the ever-growing environment of cashless shops and restaurants across Europe?

Access to basic needs can be a matter of life and death for the most vulnerable people in our European society, such as providing a safe haven for refugees and providing care for homeless people. The European Union acknowledges the basic need for a payment account back in 2014 and embedded the right of access to a payment account for all residents in the European Union in the law.[2] However, even with the right of access to a payment account in place, the EBA states that such access is not always ensured. Especially not for the most vulnerable ones in our society.[3]

There is a fine line for financial service providers between providing access to the financial system to consumers based on the right to access and preventing access to the financial system for those who misuse the system for money laundering or terrorist financing (‘ML/TF’) purposes. The refusal of a financial institution to enter into, or a decision to terminate, client relationships with individual customers or categories of customers associated with higher money laundering/ terrorism financing (‘ML/TF’) risk, or to refuse to carry out higher ML/TF risk transactions is known as de-risking. [4]

The de-risking of entire categories of customers, without due consideration of individual customers’risk profiles, can be unwarranted and a sign of ineffective ML/TF risk management. According to the EBA, the main drivers for de-risking are the following:

  • the ML/TF risks exceed institutions’ ML/TF risk appetite and give rise to legal as well as reputational risks’;
  • lack of expertise by institutions in specific customers’ business models; and
  • cost of compliance.

A study conducted by the EBA[5] found that de-risking still occurs across the EU and affects different types of (potential) customers of financial institutions, such as respondent banks, payment institutions and electronic money institutions, as well as certain categories of individuals or entities that can be associated with higher ML/TF risks, for example refugees from high ML/TF risk jurisdictions or not-for-profit organisations (NPO’s). While the impact and scale of de-risking within different categories of customers vary, de-risking can lead to prohibition of legitimate customers from accessing financial services or can prevent NPO’s from delivering international aid in conflict zones where the populations are in great need of humanitarian assistance. Moreover, de-risking by excluding certain (groups of) consumers from access to the financial system can be a threat to the global financial system as a whole. Malicious consumers could move their illegal funds to less regulated- or unregulated markets leading to uncontrollable ML/TF risks as the funds are out of sight of the authorities.[6] Hence, the risk-based anti-ML/TF approach is crucial for the financial services industry, whilst preventing de-risking.

To ensure that customers are not denied access to financial services without valid reason, the EBA launched the public consultation on two sets of new guidelines on the effective management of ML/TF risks when providing access to financial services.[7] Whilst the first set will be implemented as an annex in the existing EBA ML/TF risk factor guidelines and will focus specifically on NPO’s,[8] the second set will lead to new guidelines on the issue of effective management of ML/TF risks by financial institutions when providing access to (basic) financial services.

Which new tools are provided in the EBA Guidelines?

The first set of the new EBA Guidelines provide extra measures for financial service providers when assessing the risk profile of a (prospective) customer who is identified as an NPO. To be able to assess NPO’s in the right way and ask the right questions as part of the risk-based approach, the first step is to identify NPO’s during the onboarding process as a specific group. The EBA Guidelines define specific measures to assess the specific ML/TF risk of the different customers identified as NPO’s and which risk factors could be considered for this customer group. The risk factors and measures are additions on the customer due diligence process that must already be in place based on the Directive (EU) 2015/849, better known as the Anti-Money Laundering Directive, implemented in local legislative requirements.

The risk factors and measures also follow the structure of the existing customer due diligence process but require a further assessment of the due diligence process for NPO’s. This set of new EBA guidelines will be integrated in the existing ML/TF risk factor guidelines after the two-months public consultation period is closed on 6 February 2023. The final version will be expected later this year.

The second set of the new EBA guidelines clarifies how to prevent de-risking whilst staying a good gatekeeper, with a specific focus on the most vulnerable groups in our society. These guidelines define additional controls and procedures to differentiate between ML/TF risks associated with specific categories of customers and the risk of specific individual customers belonging to these categories. The guidelines prescribe to include all options to mitigate the ML/TF risk in policies and procedures before a client is refused or terminated resulting to no access to the financial system. The guidelines describe specific options and measures to take in case of increased ML/TF risk without declining a client in full. Examples mentioned are different forms of intensified monitoring, steps to take when customers have valid reasons for not providing traditional forms of identification and options for limitation of access to products and services.

How Protiviti can help your organisation to prepare for the EBA Guidelines

The EBA guidelines that are in consultation are an addition to the growing regulations and guidelines already in place related to managing ML/TF risks in the financial industry. It is important for financial service providers to maintain oversight of the ML/TF governance in place. Therefore, it is crucial to implement the new guidelines once they enter into force in the existing ML/TF framework. The following steps could be taken by financial service providers to embed the new guidelines in the existing ML/TF framework and customer due diligence processes:

  1. Identify the different target groups (such as legal entity types, industry, place of residence, expected transaction profiles or unusual ways of identification) for the specific products and services offered,
  2. Identify the specific ML/TF risks for the different target groups,
  3. Embed (additional) risk factors in the customer due diligence process on general process level and the target groups as defined in step one, to assess the risk profile customer based,
  4. Assess and implement measures on how to mitigate ML/TF risks without refusing or terminating individual clients in full, such as limited product access,
  5. Assess if customers that are refused or terminated are declined on the right grounds on a customer level.

Protiviti can prepare you to comply with the guidelines in a timely and efficient matter to be ready for the future and treat all customers with all risk profiles in an inclusive and efficient way. For more information about our financial crime consulting solutions, visit our solution page or get in contact with us.


[1] Maslow’s Hierarchy of Needs - Simply Psychology

[2] EUR-Lex - 32014L0092 - EN - EUR-Lex (

[3] tackle-de-risking

[4] Consultation paper on amending risk factor GLs and GLs on access  to financial services.pdf 


[5] EBA Opinion and annexed report on de-risking.pdf (

[6] Documents - Financial Action Task Force (FATF) (

[7] Consultation paper on amending risk factor GLs and GLs on access  to financial services.pdf 


[8] Final Report on Guidelines on revised ML TF Risk Factors


Lotte van Meerten
Lotte is a Manager with Protiviti in the Amsterdam, Netherlands Office. She has around 7 years of business experience in Compliance, Integrity and Risk management. Her main focus has always been on integrity and behavior in relation to risk management. At Protiviti, her ...
Owen Strijland
Owen started his career in 1999 as a general ICT consultant in the healthcare and finance domain, through his roles as a change advisor to the executive board for a large insurance/ banking company and his role as manager risk management he encountered a variety of ...
Perry Huijgen
Perry Huijgen is a Senior Manager in the Risk & Compliance solution at Protiviti Amsterdam (NL). Perry is leading the Financial Crime solution offering within the Amsterdam office. Within his current role, Perry partners with management and board members of ...
Laura Benavides
Laura is a Senior Consultant at Protiviti Amsterdam. She started her career in 2018 in Privacy where she worked as an advisor for companies to implement data protection regulations (GDPR). Later Laura shifted to the Corporate Services Industry, where she specialised in ...