No Automatic Bar: European Court Of Justice Prohibits Bank Account Refusals Based Solely On US Sanctions Listings (ECJ Case C 81/24)

June 2026 – A credit institution operating lawfully within the EU may not refuse to open a basic payment account for an individual solely on the ground that the person appears on a sanctions list maintained by the US Office of Foreign Assets Control (“OFAC”). Any refusal must be based on an individualised anti-money laundering and counter-terrorist financing ("AML/CFT") risk assessment in accordance with EU law.

Legal background

Article 16(2) of Directive 2014/92/EU (the "Payment Accounts Directive" or "PAD") confers on every consumer lawfully resident in the EU the right to open and use a basic payment account. This right is universal in scope and is expressly designed to promote financial inclusion across the internal market.

Article 16(4) of the PAD establishes the only mandatory ground for refusal, namely, if opening an account would result in a violation of AML/CFT provisions under Directive (EU) 2015/849 (the "Anti-Money Laundering Directive" or "AMLD"). Furthermore, recitals 34 and 47 of the PAD emphasise that: (i) anti-money laundering rules must not be used as a pretext to reject economically less attractive customers; and (ii) rejection is only justified if the consumer is actually in breach of anti-money laundering and terrorist financing rules, but not because of the cost or difficulty of verification.

Article 13(1) of the AMLD prescribes standard customer due diligence ("CDD") obligations, comprising customer identity verification, beneficial ownership identification, and assessment of the purpose and nature of the business relationship. Article 14(4) of the AMDL provides for the only explicit legal ground triggering an obligation to refuse a business relationship, i.e., if an obliged entity is unable to fulfil the CDD requirements in accordance with Article 13(1)(a) to (c) of the AMDL. Enhanced due diligence (“EDD”) is required under Article 18 of the AMDL in cases of recognisably higher risk, but EDD is a management tool and not a trigger for automatic refusal. In contrast, the AMLD does not contain any provision stipulating that inclusion on a list drawn up by a foreign government authority, which has no binding legal force within the EU, automatically prohibits the establishment of a business relationship.

ECJ ruling in case C‑81/24 (Jenec)

In case C-81/24, the ECJ decided on a preliminary reference from the Slovenian District Court of Maribor arising from OTP Banka's refusal to open a basic payment account for an individual appearing on OFAC’s Specially Designated Nationals List. The individual had never been convicted, in any jurisdiction, of the conduct underlying his OFAC designation, and neither the EU, the UN, nor Slovenia had imposed any restrictive measures against him. Thus, the bank's refusal was based exclusively on the OFAC screening result, without any underlying risk assessment.

In a nutshell, the ECJ ruled that:

“Article 16(4) PAD […] must be interpreted as not authorising Member States to require credit institutions to refuse to open a basic payment account for a consumer solely on the ground that that consumer is included on a list of persons subject to restrictive measures imposed by a third country, without the credit institution concerned having carried out an individual assessment of the risk of money laundering or terrorist financing associated with the intended business relationship.”

A more detailed examination of the ECJ's decision reveals that it is founded on the following four interconnected arguments:

• No automatic bar based on an OFAC listing: The AMLD does not designate an OFAC listing—or any equivalent third-country designation—as a per se prohibition on establishing a business relationship. The risk-based approach mandated by Article 8 of the AMLD requires evidence-based, case-specific decision-making, not algorithmic screening outcomes.
• Article 14(4) AMLD conditions are not met: The client was identifiable, his identity was verifiable, there was no suggestion of a third-party beneficial owner, and the purpose of the account was self-evident. The bank's inability to open the account was therefore not attributable to any genuine CDD failure but solely to its internal OFAC policy.
• An OFAC listing may be a risk factor, but it is not a risk conclusion: A listing by a third-country authority may be a relevant factor in an individualised risk assessment and may trigger the obligation to apply EDD under Article 18 of the AMLD. However, even EDD requires prior identification of elevated risk through a proportionate analysis and is not itself a refusal mechanism.
• Limited account functionality poses a mitigating factor: The Court endorsed the Advocate General's view that the restricted functionality of a basic payment account inherently reduces associated ML/TF risk and facilitates ongoing monitoring of unusual transactions, further undermining any automatic refusal logic.

Therefore, under Article 16(4) of the PAD—read in conjunction with the AMLD—any refusal of a basic payment account must be grounded in a demonstrable, individualised AML/CFT risk assessment.

Practical consequences for credit institutions

The judgement has immediate and concrete implications for compliance frameworks:

• Blanket OFAC/SDN screening policies that generate per se refusals are unlawful under EU law. Institutions maintaining such policies are exposed to enforcement action by the competent national authorities and to civil claims from persons wrongly denied accounts.
• Each refusal requires a documented individualised risk assessment. The assessment must weigh all relevant factors, including—but not limited to—any third-country designation, the limited functionality of the account, the absence of EU/UN restrictive measures, and any exculpatory circumstances (e.g., archived criminal proceedings).
• Written notification is mandatory. Article 16(7) of the PAD requires that refusals be communicated immediately, in writing, with specific reasons, unless disclosure would undermine national security or AML/CFT objectives. The bank's failure in Jenec to issue any written decision was already indicative of the absence of a genuine assessment.
• Enhanced due diligence is the proper response where an OFAC listing is identified as a risk factor. Where a proper assessment concludes that residual risk cannot be managed by proportionate controls, refusal may then be justified—but that conclusion must be demonstrated, not assumed.

Significance beyond the banking sector

For the following reasons, the ECJ’s ruling also has significance beyond the banking sector:

• First, it authoritatively subordinates the extraterritorial reach of US economic sanctions to the EU's fundamental rights and internal market framework. OFAC designations—and by analogy those of any comparable third-country authority—cannot justify the systematic denial of rights conferred by EU law.
• Second, the ruling accelerates a broader regulatory shift away from de-risking and toward genuinely risk-based inclusion. The EBA's Risk Factors Guidelines already warn against categorical de-risking, and the Court has now given that warning constitutional and legislative force. Future supervisory guidance and national transposition measures will need to be calibrated accordingly.
• Finally, the case has revealed that treating an OFAC listing—an administrative, non-judicial classification issued by a foreign government—as decisive for assessing criminal liability risk where there has been no conviction is incompatible with Article 48 of the Charter of Fundamental Rights of the European Union.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.