The payment does not arrive. You try again. Nothing. You call your relationship manager. Let me look into it, they say, in a tone that already tells you something is wrong. Then comes the callback. Your account has been placed under review. No timeline. No specific explanation. Just: we will be in touch.
At that moment, every business obligation that depends on that account is suspended. Supplier payments, payroll, loan servicing, client receipts: everything stops. A blocked account is not a slow account or a restricted account. It is, for all practical purposes, no account. And the process of resolving it — providing documentation, answering questions, waiting — can take days, weeks, or longer, with no guarantee of the outcome.
This scenario is not unusual. It is increasingly common. And in almost every case, it was avoidable.
The environment has changed, but not in the way most clients think
Banking for cross-border clients, holding structures and international businesses has become materially harder. Most clients attribute this to bureaucracy, to banks being difficult, or to compliance departments that have lost proportion. That reading misses what is actually happening.
Banks are operating under an entirely different risk calculus than they were a decade ago. The regulatory consequences of compliance failures have escalated to the point where individual enforcement actions run into figures that concentrate minds at every institution in the world. The response, rationally, is to tighten automated screening, reduce discretion at the relationship manager level, and exit client relationships that generate compliance cost disproportionate to revenue.
This process — known as de-risking — is not targeted at bad actors. It is targeted at cost. Across Europe, businesses with cross-border structures report growing scrutiny of international transactions, with even routine transfers triggering compliance reviews. A client with a cross-border structure, transactions across multiple jurisdictions, and a business profile that requires explanation does not fail a bank's automated screening because anything is wrong. They fail it because they are complex, and complexity has a compliance cost that the bank has decided it does not want to bear.
The question is not how to find a bank that is easier to deal with. It is how to manage banking relationships in an environment where the bank's tolerance for unexplained complexity is close to zero and falling.
How it happens, and why it is almost always avoidable
Account blocks rarely arrive without warning. The warning is just not labelled as one.
The most common trigger is also the most preventable: a delayed response to an AML information request. Banks conduct periodic reviews of existing clients, requesting updated KYC documents, current financial statements, confirmation that the business profile on file still reflects reality. A client who does not respond promptly, or whose documents have lapsed, creates a compliance gap. The account goes on hold. The client, who may simply have been slow with paperwork, is now managing a crisis that a timely response would have made impossible.
A close second is the transaction that falls outside the expected business profile. Banks hold a picture of what a client does: their counterparties, their transaction types, their typical flows. A payment that falls outside that picture is not automatically suspicious — but it is automatically flagged. If the client has not forewarned the bank — a new supplier, a new market, a one-off transaction of unusual size — the flag triggers a review queue. The payment waits. The client waits. What a ten-minute call beforehand would have prevented now takes days to resolve.
Then there is the scenario that surprises clients most, because it has nothing to do with anything they have done. A counterparty placed under investigation after a payment has been processed. An ultimate beneficial owner with an indirect connection to a sanctioned party, buried several layers into a corporate structure. The exposure travels through the transaction, not through intent. The client's account processed the payment. That is enough.
This point goes beyond the banking relationship. Transacting with a sanctioned counterparty carries direct legal exposure for the client: regulatory investigation, potential criminal liability, reputational damage, all of which arrive regardless of whether the client knew anything about the designation. The bank's reaction is a secondary concern. The client's own position is what matters first. Counterparty due diligence before transacting is not a formality imposed by compliance departments. In the current sanctions environment, it is self-protection.
The common thread across all of these is not bad luck. It is the absence of proactive communication with the bank. A client who keeps their bank informed, provides documentation before it is requested, and flags changes before they appear in transaction flows, gives the bank context. Context is what prevents a flag from becoming a hold, and a hold from becoming a crisis.
The velocity problem
What has changed most fundamentally is not the existence of these risks. It is the speed at which they materialise and compound.
Successive packages of EU sanctions have been passed in recent years, each expanding the list of designated individuals, entities and prohibited transactions. A counterparty that was clean in January may be designated in March. A payment corridor that was permissible last quarter may be subject to a new restriction today. The EU has adopted a Sanctions Criminalisation Directive requiring member states to criminalise the violation of EU sanctions with minimum criminal penalties, meaning the consequence of getting this wrong is no longer only civil.
The speed of change means that static compliance is no longer adequate. Reviewing banking arrangements once a year, updating KYC when the bank asks, checking counterparties when there is time: by the time the annual review happens, the environment may have moved several times. The correct posture is continuous vigilance, not periodic attention.
Payment institutions are not a substitute
As traditional banking has become harder to access, payment institutions — electronic money institutions, neobanks, digital payment platforms — have become the default solution for many cross-border businesses. They are faster to onboard, more flexible in their transaction handling, and significantly less bureaucratic than traditional banks.
They are also not banks. The distinction matters in ways that are not always visible until a problem arises.
Payment institutions are themselves banking clients. They depend on their own banking lines to provide services to their own clients. Those relationships operate within a risk framework that can change independently of anything the end client does. A payment institution that loses a banking line, faces a regulatory review, or exits a product category does so at its own pace, on its own timeline. The end client has no visibility into this until the service is disrupted.
The client who has replaced their banking infrastructure with a collection of payment institution accounts has not eliminated banking risk. They have moved it into a layer they cannot see or control.
The correct architecture treats payment institutions as operational infrastructure for transactional flows: efficient, flexible, appropriate for that purpose. Genuine banking relationships serve a different function — holding wealth, receiving significant distributions, and providing the institutional credibility that counterparties, auditors and tax authorities require. Diversification across institutions with genuinely different risk frameworks provides resilience. Concentration in any single type of institution, however convenient, provides the appearance of resilience without the substance.
Risk management versus crisis management
The thread running through all of this is a distinction that is simple to state and expensive to ignore.
Risk management happens before the event. Crisis management happens after it.
A client who maintains current documentation, keeps their bank informed of new counterparties before they appear in transaction flows, flags a new business activity before the first transaction, and conducts due diligence on counterparties as a matter of course: that client's account does not get blocked. Not because they are exempt from the rules, but because the bank always has the context it needs to understand what it is seeing. There are no surprises.
A client who responds to banking compliance requirements reactively — providing documents when asked, explaining transactions after they are flagged, looking for a new banking relationship after the existing one has deteriorated — is managing crises. Each of which could have been avoided.
The cost differential between these two approaches is not symmetrical. The cost of maintaining a proactive banking relationship — current documentation, occasional communication, advance notice of material changes — is modest and largely administrative. The cost of managing a blocked account — legal fees, operational disruption, reputational questions, the time of people who have better uses for it — is significant. And that is the outcome where everything resolves. Where it does not resolve cleanly, the costs are of a different order entirely.
One final point on presentation
The same client, the same facts, the same institution. Different outcome.
This is not an abstract observation. It reflects the reality of how banking decisions are made. A compliance officer reviewing a client file is not conducting an independent investigation. They are reading what is in front of them and forming a judgment about whether the risk is understandable and manageable. A file that anticipates the questions — that explains the structure, identifies the beneficial owner clearly, addresses the transaction history and provides context for anything unusual — produces a different judgment than a file that leaves questions open.
The relationship manager is the client's advocate inside the institution. Their ability to advocate depends entirely on what the client has given them to work with. A client who has invested in the relationship, kept the bank informed, provided good documentation and made the relationship manager's job easier rather than harder, has an advocate with something to say.
Banking relationships, like all relationships, reflect the investment made in them.