Background
In October 2017, a Slovenian bank (then Nova Kreditna Banka Maribor, now OTP banka d.d.) blocked a payment attempted by LH from his wife’s account, citing compliance with restrictions imposed by the U.S. Office of Foreign Assets Control (OFAC). LH was listed on the OFAC sanctions list, but had never been convicted anywhere in the world of the underlying offence, and no restrictive measures had been adopted against him by Slovenia, the European Union, or any international organisation of which either was a member. A Slovenian criminal investigation touching on the same conduct had been closed and archived in February 2015.
In March 2022, LH directly applied to OTP Bank to open a basic payment account — the EU-mandated universal account with limited features — in his own name. The bank refused, again because its internal systems flagged his OFAC listing. The bank declined to issue a written decision. LH brought proceedings before the Local Court of Maribor, Slovenia, seeking an order requiring the bank to open the account.
The referring court was uncertain whether mere inclusion on an OFAC list could constitute an “infringement of the provisions on the prevention of money laundering and terrorist financing” under Article 16(4) of Directive 2014/92/EU, justifying refusal of a basic payment account. It also raised whether any such automatic refusal would violate the presumption of innocence in Article 48 of the EU Charter of Fundamental Rights, and referred four questions to the Court of Justice.
The Court’s Holding
The Fourth Chamber held that Article 16(4) of Directive 2014/92, read in conjunction with Directive 2015/849 (the Anti-Money Laundering Directive), does not permit Member States to require credit institutions to refuse to open a basic payment account for a consumer for the sole reason that the consumer appears on a list of persons subject to restrictive measures imposed by a third country. A refusal can only be grounded in Article 16(4) where the credit institution has first conducted an individual risk assessment of the specific money laundering or terrorist financing risk connected with the intended business relationship, going beyond the mere fact of the person’s listing.
The Court reasoned that Directive 2015/849’s risk-based approach requires assessment at three levels — EU, Member State, and obliged entity — before enhanced due diligence measures are triggered. Inclusion on an OFAC list may constitute a relevant risk factor that a bank must take into account, but it does not automatically prohibit establishing a business relationship. Rather, the bank must apply enhanced customer due diligence and, only where it concludes after that individual assessment that the risk cannot be managed proportionately, may it refuse to open the account under Article 16(4). The Court also noted that the limited nature of a basic payment account itself reduces, though does not eliminate, the associated money laundering and terrorist financing risk.
Because the first question was answered in the negative — meaning a blanket refusal based solely on OFAC listing is not permitted — the Court found it unnecessary to answer the second through fourth questions, which had been posed only contingently on an affirmative answer to the first.
Key Takeaways
- Appearance on an OFAC list (or any equivalent third-country sanctions list) is a relevant risk factor, but it does not automatically entitle a credit institution to refuse to open a basic payment account under EU law.
- Before refusing a basic payment account on AML/CFT grounds, a bank must conduct a genuine individual risk assessment of all relevant factors surrounding the specific business relationship — not merely check whether the applicant appears on a list.
- The right to a basic payment account under Directive 2014/92 can only be overridden where, following that individualised assessment, the institution concludes it cannot manage the identified risk through proportionate measures; a refusal is unlawful where it is based solely on third-country listing without such an assessment.
- The limited functionality of a basic payment account is a mitigating factor that reduces (but does not eliminate) associated money laundering and terrorist financing risk, and must be weighed in the assessment.
Why It Matters
This ruling clarifies that EU banks cannot use U.S. OFAC designations — or those of any other third country — as an automatic override of the fundamental EU right to a basic payment account. It draws a firm line between legitimate risk-based AML compliance and de facto financial exclusion driven by deference to foreign sanctions regimes that have no binding force under EU or Member State law. Institutions that have adopted blanket OFAC-screening policies that automatically deny accounts will need to ensure those policies incorporate genuine individualised assessments consistent with Directive 2015/849’s risk-based framework.
More broadly, the judgment reinforces the EU’s commitment to financial inclusion: the basic payment account right exists precisely to ensure that no legally resident person is shut out of the financial system, and that safeguard cannot be circumvented by pointing to procedural burden or commercially motivated screening. National courts assessing refusals in similar fact patterns must now examine whether the bank actually conducted a substantive individual risk assessment — not merely whether the applicant appeared on a list.