A quiet risk is gaining momentum: banks are increasingly de-risking their exposure to businesses that touch the crypto ecosystem—even indirectly. This includes not just exchanges and wallets, but also fintechs, SaaS platforms, and payment businesses whose customers or partners operate in crypto, Web3, or other “high-risk” sectors.

Even businesses that don’t offer crypto directly are finding themselves caught in the crossfire, especially if their clients, investors, or vendors are exposed. Think: a fintech app with crypto rewards, or a SaaS platform serving Web3 clients. Some fintech-forward providers continue to support compliant businesses in this space, but many mainstream banks are tightening their risk thresholds without warning.

The upcoming EU Anti-Money Laundering (AML) Package, expected to take effect by the end of 2025, will accelerate this trend. Financial institutions will face tougher obligations to identify and manage financial crime risk, including expanded expectations for due diligence on indirect exposure. While enforcement timelines will vary by entity and jurisdiction, the direction of travel is clear: more scrutiny, more offboarding, and lower tolerance for perceived risk.

Why it matters

1. The risk is indirect (and often difficult to see).

You may not be handling crypto yourself, but exposure through your network—clients, vendors, or backers—can still trigger concern. Some businesses have been de-banked with little explanation, though in places like the UK, banks are now required to give 90 days’ notice and justification.

2. AML regulation is expanding the risk perimeter.

The EU AML Package will apply to a wider range of entities, including certain digital platforms, depending on their function and exposure. The new rules introduce standardised due diligence and risk management requirements, along with a central AML Authority (AMLA).

3. It affects capital flow, payments, and trust.

Account closures or restrictions can delay funding rounds, disrupt payroll, or lead to lost clients. Even the perception of being “high risk” can erode business relationships and investor confidence.

What to do this quarter

1. Assess your financial infrastructure
   ☐ Map your exposure to regulated banking, FX, and payment providers
   ☐ Identify concentration risk (e.g. reliance on a single provider or jurisdiction)

2. Screen your client and partner base
   ☐ Are any of your customers or stakeholders involved in high-risk sectors (crypto, gambling, remittances, etc.)?
   ☐ Proactively document any steps you've taken to manage that exposure

3. Engage your providers early
   ☐ Be transparent with banks and payment platforms about your exposure and controls
   ☐ Ask about their evolving risk appetite—don’t wait to be surprised

4. Build banking resilience
   ☐ Open secondary accounts or lines with fintech-friendly providers
   ☐ Diversify payment rails across regions and entities where possible

5. Strengthen internal AML and risk processes
   ☐ Even if not legally required, demonstrate strong onboarding and monitoring
   ☐ Prepare documentation to show you understand financial crime risk and act on it

6. Brief senior leaders and investors
   ☐ Position de-banking as a strategic risk, not just an operational nuisance
   ☐ Communicate your plan for resilience and continuity

Bottom line:

Banking access is becoming more fragile, especially for fast-moving businesses with even indirect exposure to crypto. The ability to demonstrate proactive risk governance—not just regulatory compliance—may soon become a differentiator in investor due diligence, customer onboarding, and strategic partnerships.