11 June 2026

Ruling [CJEU] ¦ EU Court Limits Automatic Banking Refusals Based on OFAC Listings

A significant ruling for financial crime compliance

On 11 June 2026, the Court of Justice of the European Union delivered an important judgment in Case C‑81/24, Jenec, concerning the interaction between access to basic payment accounts, anti-money laundering obligations, counter-terrorist financing controls, and sanctions lists issued by a third country.

The case arose in Slovenia and concerned a consumer, identified as LH, who was refused access to a basic payment account by OTP banka. The refusal was linked to the fact that LH appeared on a list maintained by the United States Office of Foreign Assets Control, commonly known as OFAC. The key legal question was whether EU law allows Member States to require banks to refuse the opening of a basic payment account solely because the applicant is listed by OFAC.

The Court’s answer was clear. EU law does not allow an automatic refusal on that basis alone. A bank may take an OFAC listing into account as a relevant risk factor, but it must carry out an individual assessment of the money laundering or terrorist financing risk connected with the proposed business relationship.

The background to the dispute

The case began with a blocked payment at a petrol station in Ljubljana. LH attempted to pay an invoice issued to his wife using her bank account. After his personal details were entered into the payment system, the bank blocked the transaction.

The bank later explained that, in light of political events and increased security concerns, it had adopted stricter measures to comply with anti-money laundering and counter-terrorist financing obligations. According to the bank’s internal documents, those measures included compliance with restrictions imposed by OFAC.

LH later asked OTP banka to open a basic payment account in his own name. After he presented his identity card, he was told that the bank’s system did not allow such an account to be opened. He requested a written decision, but did not receive one. He then brought legal proceedings seeking an order requiring the bank to open a basic payment account for him.

The Slovenian court asked the Court of Justice whether Article 16(4) of Directive 2014/92, read together with Directive 2015/849, permits a Member State to require banks to refuse a basic payment account to a consumer solely because that person is listed by OFAC.

Bastian Schwind-Wagner _Follow

"The EU Court ruled that banks cannot automatically refuse a basic payment account solely because a consumer appears on an OFAC list. Such a listing may be treated as a risk factor, but the bank must first carry out an individual AML/CFT risk assessment.

The judgment confirms that financial crime controls must be evidence-based and proportionate. Banks may still refuse an account where the assessed risk cannot be managed, but they must be able to justify that decision beyond the mere existence of a third-country sanctions listing."

The right to a basic payment account under EU law

Directive 2014/92 gives legally resident consumers in the European Union the right to open and use a payment account with basic features. This right applies even to consumers without a fixed address, asylum seekers, and certain consumers without a residence permit whose removal is impossible for legal or practical reasons.

The purpose of this regime is financial inclusion. A basic payment account gives consumers access to essential services, such as receiving funds, making payments, and using payment instruments. Without such an account, participation in modern economic life becomes difficult.

The directive does, however, contain an important limit. Under Article 16(4), Member States must ensure that credit institutions reject an application for a basic payment account where opening the account would breach anti-money laundering and counter-terrorist financing provisions established by Directive 2015/849.

The issue in Jenec was therefore not whether banks must comply with AML/CFT law. They must. The issue was whether an OFAC listing, by itself, automatically means that opening a basic payment account would breach EU AML/CFT rules.

OFAC listing as a risk factor, not an automatic bar

The Court held that Directive 2015/849 does not provide that inclusion on an OFAC list, or on any similar list issued by a third country, automatically prohibits a bank from entering into a business relationship with the person concerned.

This distinction matters. OFAC is a United States authority. Its sanctions lists can be highly relevant for banks, especially banks with exposure to the US financial system, US dollar clearing, US persons, or US correspondent banking relationships. But an OFAC listing is not the same as a restrictive measure imposed by the United Nations, the European Union, or the relevant Member State.

The Court accepted that an OFAC listing may be a relevant risk factor. A bank is not required to ignore it. But the listing must be assessed within the risk-based framework required by EU AML/CFT law. It cannot replace that assessment.

In practical terms, the Court rejected a purely mechanical rule. A bank cannot say that the person is listed by OFAC and therefore the account must automatically be refused, without assessing the actual risk connected with the proposed relationship.

The risk-based approach remains central

Directive 2015/849 is built on a risk-based approach. The Court recalled that this approach requires decisions based on evidence and on the identification and assessment of risks.

Under the directive, obliged entities such as banks must identify and assess money laundering and terrorist financing risks, taking into account factors linked to customers, countries or geographic areas, products, services, transactions, and delivery channels. They must also have policies, controls, and procedures to manage those risks effectively.

Customer due diligence measures include identifying the customer, verifying the customer’s identity, identifying the beneficial owner where relevant, understanding the purpose and intended nature of the relationship, and monitoring the relationship on an ongoing basis.

If a bank cannot comply with certain core due diligence obligations, it must not establish the relationship. But in the case before the Court, the information available suggested that LH had been identified and that the intended relationship was the opening of a basic payment account. The refusal appeared to be based solely on his OFAC listing.

The Court therefore emphasized that enhanced due diligence may be required where higher risk is identified, but that higher-risk classification is not automatic. It must follow an assessment of the relevant factors.

Basic payment accounts may carry lower risk

The Court also noted an important point for financial crime teams: the nature of a basic payment account may reduce the associated risk.

A basic payment account has limited functions. It is not the same as a full-service corporate banking relationship, private banking relationship, trade finance facility, or complex cross-border account structure. Because of its limited nature, the risk of money laundering or terrorist financing may be lower.

That does not mean such accounts are risk-free. The Court expressly left room for a bank to refuse an account where, after an individual assessment, it concludes that it cannot manage the risk effectively through measures proportionate to its nature and size.

The key point is process. A refusal may be lawful if it is based on a proper individualized assessment and if the bank can show that the risk cannot be adequately managed. A refusal is not justified merely because the customer appears on a third-country sanctions list.

No answer needed on presumption of innocence

The referring Slovenian court also asked questions concerning Article 48 of the Charter of Fundamental Rights of the European Union, which protects the presumption of innocence.

Those questions were raised in case the Court answered that an automatic refusal based on an OFAC listing was permitted. Since the Court held that EU law does not permit such an automatic refusal, it did not need to answer the Charter questions.

The factual background made those questions understandable. The referring court noted that criminal proceedings in Slovenia concerning LH had been closed and archived, that LH had not been convicted anywhere in the world for the offence linked to his OFAC listing, and that no restrictive measures had been imposed on him by the United Nations, the European Union, or Slovenia.

What this means for banks

For banks, the judgment is a reminder that financial crime controls must be both robust and legally grounded. Screening against OFAC and other third-country lists can remain part of a bank’s risk management framework. In many institutions, such screening is a standard control, especially where US nexus risk is present.

However, for EU basic payment accounts, a third-country listing cannot operate as a standalone and automatic reason for refusal under EU AML/CFT law. The bank must assess the customer, the proposed product, the expected use of the account, the source of funds where relevant, geographic links, transaction expectations, and the feasibility of monitoring and controls.

If the bank refuses the account, it should be able to demonstrate that the refusal followed an individual risk assessment and that the risk could not be adequately managed through appropriate measures. The judgment points against blanket rules that treat all OFAC-listed individuals in the same way for the purpose of basic account access.

What this means for compliance policy

The judgment may require banks operating in the EU to review policies that automatically block basic payment account applications based solely on third-country sanctions listings.

A compliant policy should distinguish between binding sanctions obligations under EU, UN, or national law, and non-EU lists that may be relevant risk indicators but are not automatically binding in the same way. It should also document how non-EU listings are assessed, when enhanced due diligence is triggered, and when refusal may be justified.

This does not reduce the importance of sanctions screening or AML/CFT controls. Instead, it requires a structured connection between the screening result, the risk assessment, and the final decision.

The core message

The Court’s ruling in Jenec confirms that financial inclusion and financial crime prevention must be balanced under EU law. Banks are not expected to open accounts where doing so would breach AML/CFT obligations. But they are also not permitted to rely on anti-money laundering rules as a pretext for refusing access without proper assessment.

An OFAC listing can matter. It can trigger closer scrutiny. It can contribute to a higher-risk assessment. In some cases, it may support a refusal. But under EU law, it cannot be the sole automatic reason for denying a consumer a basic payment account.

The information in this article is of a general nature and is provided for informational purposes only. If you need legal advice for your individual situation, you should seek the advice of a qualified lawyer.

Did you find any mistakes? Would you like to provide feedback? If so, please contact us!

Dive deeper

InfoCuria ¦ Judgment, 11/06/2026, C-81/24, Judgment, ECLI:EU:C:2026:470 ¦ Link
EUR-Lex ¦ Case C-81/24, Judgment of the Court (Fourth Chamber) of 11 June 2026 ¦ Link

« Ruling [EGC] ¦ General Court Backs EPPO Access to Witness Testimony in Court of Auditors Investigation

Bastian Schwind-Wagner _Follow Bastian is a recognized expert in anti-money laundering (AML), countering the financing of terrorism (CFT), compliance, data protection, risk management, and whistleblowing. He has worked for fund management companies for more than 24 years, where he has held senior positions in these areas.