In financial compliance, missing genuine risks can bring serious consequences—but the overzealous approach of blanket de-risking is creating a different kind of crisis.
Rather than stopping crime, it often excludes low-risk individuals and businesses who rely most on stable financial access. The practice has given rise to what some call “ghost customers”—innocent clients locked out of formal banking systems and forced toward unregulated markets, claims RelyComply.
Regulators have urged financial institutions (FIs) to focus on higher-risk customers to comply with data protection laws. However, this narrow view fails to address the broader damage of excluding legitimate users. Entire communities and demographics are left without access to financial services, threatening both economic inclusion and reputation. In turn, many may seek alternative, unregulated avenues, inadvertently empowering bad actors and fuelling the very risks the system is built to prevent.
For years, the World Bank has warned of de-risking’s negative fallout. The term refers to a financial institution cutting or restricting ties with customers or businesses it deems potentially risky, often due to weak anti-money laundering (AML) controls or links to high-risk sectors like crypto.
As RelyComply head of product Kiearn Duggan explained, “If you cast a wide net, the better the chance of catching a launderer, only you’ll also catch others in a similar remit with absolutely no criminal history or ill intent.” A 600-person workshop of private and public sector representatives found that this approach has disproportionately impacted customers in Eastern and Southern Africa, marginalising those already underserved.
Blanket de-risking directly undermines the goal of financial inclusion—the very principle that has driven FinTech innovation across emerging markets. With mobile-based banking and digital wallets expanding access to millions, indiscriminate account closures and over-compliance threaten progress. While strict regulation is essential, it must not come at the cost of legitimate users’ financial freedom.
For institutions, the practice poses serious repercussions. It erodes trust, alienates customers, and weakens reputations. Businesses suffer from stalled growth and lower retention, while regulators face increasing criticism over customer treatment and human rights concerns. When access to finance is arbitrarily restricted—as seen with non-profit organisations in Syria losing funding amid conflict—the impact goes far beyond compliance.
Recognising this, the Financial Action Task Force (FATF) has taken steps to promote risk-based AML frameworks that support inclusion. Its June 2025 guidance encourages the integration of underserved communities into financial systems. Similarly, the European Banking Authority’s 2023 updates outlined controls that balance AML compliance with access to financial products. Still, as Duggan noted, “However, you cannot just pile one regulation on top of another. They are still considered a burden, and may not be able to help all businesses cover regional or cultural nuances.”
This is where RegTech is proving transformative. Advanced compliance platforms enable real-time monitoring, precise risk scoring, and enhanced due diligence, reducing the need for one-size-fits-all policies. By analysing transactions and customer behaviour dynamically, RegTech solutions allow FIs to maintain both compliance and inclusion. They also promote cross-sector data sharing in line with privacy laws—essential for transparency and collaboration.
Recent cases in South Africa underline the importance of accountability. In 2024, former Statistician-General Pali Lehohla criticised banks’ arbitrary account closures, while the Financial Sector Conduct Authority (FSCA) demanded clear justification and appeal processes. The Ndudane vs Financial Intelligence Centre case further established the right of customers to access information used in risk assessments, reinforcing transparency and fairness.
Ultimately, AML efforts must separate genuine criminal risk from everyday financial activity. As Duggan concluded, “For AML to really do its job, investigations have to seek out the real threats from those that are just trying to go about their daily financial business.” Over-compliance may feel safe, but it damages inclusion and strengthens the shadows it seeks to dispel. Smarter, data-driven risk management is the only way forward—one that protects both customers and the integrity of the financial system.
Copyright © 2025 RegTech Analyst
Copyright © 2018 RegTech Analyst
