04 September 2025

CJEU (AG) ¦ Bank Accounts vs. Foreign Sanctions Lists: When Can Banks Refuse a Basic Payment Account?

Rights to bank accounts and anti-money laundering rules

The recent Advocate General’s opinion in Case C‑81/24 (Jenec) highlights a difficult question at the intersection of financial inclusion and anti-money laundering (AML) risk management: may a bank refuse to open a payment account with basic features solely because the applicant’s name appears on a third‑country sanctions list – in this case, the US Office of Foreign Assets Control (OFAC) list – even though that person has not been convicted of the relevant offence nor been subject to EU, UN or national restrictive measures? The opinion considers how Directive 2014/92/EU (the Payment Accounts Directive) must be read together with Directive (EU) 2015/849 (the AML/CTF Directive) and accompanying EBA guidance.

The legal framework and the balancing act

Directive 2014/92/EU establishes a right of access to a payment account with basic features to promote inclusion, subject to narrow exceptions. Article 16(4) allows refusal where opening the account would result in an infringement of the EU rules on the prevention of money laundering and terrorist financing. The Directive is clear in limiting refusals: they must be justified, proportionate, and not a pretext for excluding commercially unattractive customers. Recitals stress that AML rules should not be misused to shut out customers and that refusal can only be justified where the consumer actually fails to comply with the AML legislation.

Directive 2015/849 adopts a risk‑based approach. It requires obliged entities to identify and assess ML/TF risks, to apply customer due diligence (CDD) measures proportionate to those risks, and to maintain policies and controls to mitigate identified risks. Critically, Article 14(4) provides the one explicit situation where a business relationship must not be entered into: where the obliged entity is unable to comply with the essential CDD requirements in Article 13(1)(a)–(c) (identify and verify the customer, identify and verify beneficial owner, assess purpose and intended nature of the relationship). Apart from that narrow clause, the directive envisages differentiated CDD measures – simplified or enhanced – depending on risk.

EBA guidance supplements the directives and instructs firms to take into account government information, customer reputation, adverse media, asset freezes and other indicators when assessing customer risk. The EBA also warns against broad “de‑risking” – i.e. excluding whole categories of customers – and encourages proportionate measures, including limiting customers to basic products where appropriate.

Facts behind the case

The case concerns an applicant (LH) who was blocked from making a bank transfer and later prevented from opening a payment account because his name triggered the bank’s internal controls linked to inclusion on OFAC’s list. He had not been convicted of the offence for which OFAC listed him, and no EU, UN or Slovenian restrictive measures were in place. The national court asked the Court of Justice whether Article 16(4) permits Member States to require banks to refuse a basic payment account application because the applicant appears on OFAC’s list.

Bastian Schwind-Wagner _Follow

"The Advocate General’s opinion in Case C‑81/24 clarifies that banks cannot refuse to open a basic payment account solely because an applicant appears on a third‑country sanctions list such as OFAC’s; inclusion on such a list is a relevant risk factor but not an automatic ground for exclusion. Banks must conduct a documented, proportionate, case‑by‑case risk assessment and consider whether enhanced due diligence or product limitations can mitigate the risk.

Supervisors must review refusals and ensure they are based on genuine inability to manage ML/TF risk rather than cost or convenience, preserving the Directive 2014/92 objective of financial inclusion. Where mitigation is impossible, a refusal may be lawful, but customers must be informed of reasons and available remedies."

Key legal findings and reasoning

The Advocate General’s analysis leads to two central conclusions.

First, inclusion on a third‑country sanctions list such as OFAC’s cannot, by itself, justify refusing to open a payment account with basic features under Article 16(4) of Directive 2014/92. The AML/CTF Directive sets the sole absolute bar on entering into a business relationship where CDD cannot be completed as required by Article 13(1)(a)–(c). In the reported facts, the applicant’s identity could be verified and there was no apparent failure to identify a beneficial owner or to state the purpose of the relationship. Thus the literal ground for mandatory refusal under Article 14(4) of Directive 2015/849 does not appear to exist.

Second, the opinion acknowledges that inclusion on a sanctions list can be a relevant risk factor that may justify enhanced CDD or other measures under the risk‑based framework. Banks must take a holistic, evidence‑based view of risks and may decide that they lack the capacity – given their policies, controls and resources – to mitigate an identified risk adequately. In such circumstances, and subject to supervisory oversight, a bank may lawfully refuse to open an account if it concludes that ongoing monitoring or other proportionate measures would be insufficient to manage the ML/TF risk. The bank’s discretion in this area is not unlimited: competent authorities must review the risk assessment and the adequacy of internal policies, and the consumer must be informed of remedies and complaint procedures following a refusal.

Practical implications for banks

Banks cannot rely on automatic, categorical rules that deny basic payment accounts solely because a prospective customer appears on an OFAC list or similar third‑country list. Instead, they must:

Treat inclusion on such a list as one risk indicator among others. It can trigger enhanced due diligence, but it should not automatically terminate the possibility of onboarding, especially for basic accounts designed to restrict activity and thus reduce potential misuse.
Conduct a documented, proportionate, case‑by‑case risk assessment that considers the nature of the product (basic account), the customer, the source of information, and whether the bank’s controls can effectively mitigate the risk through monitoring and limits.
Keep written records showing why a refusal was necessary and that alternatives (e.g. limiting the product or applying enhanced monitoring) were considered and found inadequate in light of the bank’s capacities and legal obligations.
Be ready for regulatory scrutiny. Article 48(8) of the AML/CTF Directive and Article 16(7) of the Payment Accounts Directive make clear that supervisors must review the appropriateness of discretionary refusals and that consumers must be informed of reasons and redress mechanisms.

Implications for financial inclusion and policy

The Advocate General’s opinion attempts to preserve access to basic payment services while respecting AML/CTF objectives. It underscores the EU legal balance: AML rules justify refusal only in narrow, defined circumstances, while the risk‑based approach expects banks and supervisors to adopt proportionate, evidence‑based measures rather than broad exclusions. Policymakers and supervisors should be wary of allowing external sanctions lists to become de facto global exclusion tools for basic financial services because that would risk undermining financial inclusion objectives enshrined in Directive 2014/92.

Where third‑country lists are used in compliance programmes, banks and supervisors should develop clear policies that specify when inclusion on such a list will lead to enhanced due diligence and when – only after a careful and documented inability to mitigate risk – it may justify refusal. Supervisors should also ensure that refusals are not driven by cost or convenience but by genuine, documented incapacity to manage risk.

Conclusion

The Advocate General proposes that the Court of Justice rule that a bank may not refuse to open a payment account with basic features solely because a consumer appears on an OFAC list. Inclusion on a third‑country sanctions list can constitute a relevant risk indicator that prompts enhanced due diligence, and in exceptional cases a bank may lawfully refuse where it reasonably cannot mitigate the risk. The final determination, however, depends on the facts and on national law and supervisory review. The opinion therefore clarifies that AML obligations are a legitimate ground for refusal, but they do not license automatic, blanket exclusions that would defeat the EU’s policy of financial inclusion.

Although the Advocate General’s opinion provides a clear interpretative framework in this respect, the final decision on this matter rests with the Court of Justice of the European Union (CJEU), which may choose to adopt, modify or depart from the Advocate General’s reasoning in its ruling.

The information in this article is of a general nature and is provided for informational purposes only. If you need legal advice for your individual situation, you should seek the advice of a qualified lawyer.

Did you find any mistakes? Would you like to provide feedback? If so, please contact us!

Dive deeper

InfoCuria ¦ Case C‑81/24 (Jenec) ¦ Link
EUR-Lex ¦ Opinion of Advocate General Richard de la Tour delivered on 4 September 2025 ¦ Link
EUR-Lex ¦ Directive 2014/92/EU ¦ Link
EUR-Lex ¦ Directive (EU) 2015/849 ¦ Link

« Fine [POL] ¦ GDPR: Bank fined PLN 18.4 Million for unjustified Scanning of Customer IDs

CJEU (AG) ¦ Compliance with the Right to the Protection of Personal Data Does Not Require Prior Authorisation by a Judicial Authority »

Bastian Schwind-Wagner _Follow Bastian is a recognized expert in anti-money laundering (AML), countering the financing of terrorism (CFT), compliance, data protection, risk management, and whistleblowing. He has worked for fund management companies for more than 24 years, where he has held senior positions in these areas.