What is de-risking and why is it controversial?

The full answer

De-risking is when a bank, payment processor, or other regulated entity exits entire classes of customer relationships rather than evaluating individual customer risk. Instead of doing the work to understand a specific money services business or correspondent bank, the institution decides the whole category is too costly and drops it.

The most affected segments: money services businesses, cryptocurrency exchanges, charities operating in conflict zones, embassies and diplomatic accounts, and correspondent banking relationships with jurisdictions on the FATF Grey List. Many of these customers are licensed, compliant, and fully legitimate. The issue isn't that they're high-risk. It's that properly assessing and monitoring them is expensive.

De-risking is driven by a rational calculation. AML enforcement has been costly. Failing an AML exam can mean consent orders, monitorships, and fines in the hundreds of millions. The internal cost of enhanced due diligence is high, beneficial ownership identification through layered corporate structures takes time, and AML alert false positive rates can exceed 95%, making monitoring expensive. Exiting a category eliminates all of that cost. The problem is it's not what the rules actually require.

FATF's 2016 guidance on correspondent banking states directly that blanket termination of entire customer categories is "not consistent with the risk-based approach" and "can lead to financial exclusion." Individual risk assessment, documented decisions, and enhanced due diligence where warranted: that's what the framework requires. FinCEN's guidance on banking money services businesses makes the same point: banks are not required to avoid all MSBs as a class, and doing so is inconsistent with a risk-based compliance program.

The World Bank's research on correspondent banking shows roughly a 20% decline in active correspondent banking relationships globally between 2011 and 2019, with steeper drops in the Caribbean, Pacific islands, and sub-Saharan Africa. Somalia is the case study: in 2015, three of the four banks providing formal remittance channels terminated those services. Somali remittances are estimated at $1.3 billion annually. Those flows didn't stop when formal channels closed. They moved to informal hawala networks with no AML obligations, no SAR filing, and no record-keeping. That's the core of the controversy: de-risking reduces visibility into financial flows, not the flows themselves.

The BIS Committee on Payments and Market Infrastructures documented the systemic effects in a 2016 report on correspondent banking. Some smaller jurisdictions have been reduced to routing transactions through chains of intermediate banks, each adding latency, cost, and a gap in the audit trail.

Why this matters

For compliance teams, de-risking creates exam risk from two directions.

First, examiners can find that a bank's AML program isn't genuinely risk-based if the bank can't show individual assessments were conducted before terminating customer segments. Saying "we don't serve MSBs" isn't a program. What triggers a regulatory exam increasingly includes pattern analysis of termination activity, and examiners are more willing to characterize blanket exit policies as program deficiencies.

Second, the cost calculation is shifting. AI-based transaction monitoring has materially reduced false positive rates in documented deployments, making it more economically viable to monitor high-risk customer categories rather than exit them. This adds operational complexity, but it changes the math. If alert volumes are manageable, the economic case for de-risking weakens.

Customer risk rating refresh cycles are another lever. Banks that implement perpetual KYC approaches maintain continuous visibility into customer risk rather than relying on point-in-time reviews that miss changes. This makes it more practical to serve higher-risk categories with appropriate controls rather than dropping them outright.

The G20 has included correspondent banking de-risking on its financial inclusion agenda for several years. FATF-style regional bodies have published findings showing that de-risking in Pacific island nations and parts of Africa created systemic AML vulnerabilities by pushing transaction volumes into channels with no oversight. The regulatory consensus is moving: blanket de-risking is increasingly treated as a program weakness, not a prudent risk management decision. How much AML compliance costs is a legitimate factor in any business decision, but it doesn't justify exits that reduce the overall effectiveness of the financial system's AML controls.

Related questions

• What is the FATF Grey List? De-risking often accelerates when a jurisdiction enters the grey list, sometimes affecting customers with no direct connection to the identified deficiencies.
• What is the difference between CDD and EDD? Enhanced due diligence is the risk-based alternative to de-risking for high-risk customers and the approach regulators actually require.
• What triggers a regulatory exam? Fear of examination findings is a primary driver of de-risking, and examiners are increasingly scrutinizing blanket exit policies.
• Can AI be used for AML transaction monitoring? Better surveillance tools change the cost calculus that makes de-risking attractive.
• What happens when a bank fails an AML exam? The enforcement consequences that drive de-risking decisions in the first place.

Related concepts and regulations

• What percentage of AML alerts are false positives? High false positive rates drive compliance costs up and make high-risk customer categories harder to serve profitably.
• How often should customer risk ratings be refreshed? The risk-based alternative to de-risking requires ongoing individual customer risk assessment.
• What is a beneficial owner? Beneficial ownership complexity is a major driver of de-risking decisions in correspondent banking.
• What is perpetual KYC? Continuous monitoring approaches reduce the cost of serving higher-risk customer categories, weakening the economic argument for de-risking.
• How much does AML compliance cost a mid-market bank? Compliance cost is a central driver of de-risking decisions, and understanding its components is necessary to evaluate alternatives.