De-Banking Regulation in the UK: What Businesses Need to Know

De-banking — the withdrawal of banking services from businesses or individuals — has moved from a niche compliance topic to a significant policy issue in the UK. A combination of high-profile cases, widespread industry-level de-risking in high-risk sectors, and specific controversies (including Nigel Farage's Coutts account closure in 2023 which triggered a political crisis) has forced regulatory and legislative attention. The result has been a set of enhanced requirements on payment service providers regarding account closure notice, reasons for closure, and data collection — but the practical protections for businesses most affected by de-banking remain limited. This article examines what the regulatory framework actually provides and what it does not.

The Pre-Existing Legal Framework

Before the post-2023 de-banking reforms, the legal framework governing account closure for UK business banking customers was surprisingly thin. Unlike consumer protection, which benefits from extensive FCA conduct rules under the Consumer Duty and prior conduct requirements, business banking relationships were primarily governed by contract law — the terms and conditions of the account agreement — with limited regulatory overlay. Standard business current account terms typically include a unilateral right for the bank to close the account on notice (commonly 60 days), with no obligation to provide reasons. For regulated sectors (banks, payment institutions), the PSR 2017 and EMR 2011 requirements applied to payment services contracts, but with limited practical bite on account termination.

The 2023 De-Banking Reforms

Following the Coutts controversy, HM Treasury and the FCA undertook a rapid policy review resulting in amendments to the PSR 2017 through the Payment Services (Amendment) Regulations 2024. The key changes applicable to payment accounts (accounts used for payment services, covering most business current accounts and EMI accounts) are:

Extended notice period: PSPs must now provide a minimum 90 days' notice before closing a payment account, increased from the previous 60-day minimum and providing businesses with more time to arrange alternative banking. For accounts where the PSP suspects illegal activity (including money laundering, fraud, or sanctions breaches), the notice period can be waived — the AML exception remains intact.

Reasons for closure: PSPs must now provide the reasons for account closure along with the closure notice, unless providing reasons would: constitute tipping off under POCA 2002, be contrary to a legal requirement, or disclose confidential information the PSP is legally required to protect. The reasons requirement represents a meaningful improvement in transparency — previously, PSPs could and routinely did decline accounts on a "no reason given" basis. In practice, the reasons given will often be generic ("the account no longer fits our risk appetite" or "we have assessed your business as posing risks we are unable to manage") rather than specific, because PSPs are understandably reluctant to provide reasons that could constitute tipping off or could be challenged in subsequent litigation.

FCA data collection: The FCA has implemented a quarterly data collection requirement for major UK retail banks and payment institutions on account closures by sector, enabling the regulator to identify patterns of de-banking across specific business types. This data collection has begun to create a regulatory accountability mechanism — while not directly preventing de-banking, it makes systematic de-risking of entire sectors visible to the FCA and creates the basis for regulatory scrutiny of disproportionate closure rates.

What the Reforms Do Not Provide

The 2024 reforms are meaningful but fall well short of the protections some had advocated. The reforms do not: require PSPs to serve all business customers, establish any right for a business to maintain a banking relationship, require detailed specific reasons in cases where the PSP has a legitimate risk basis for closure, or provide a clear appeals mechanism with binding authority. There is no "right to banking" equivalent to the basic bank account rights that consumers have under separate legislation.

For businesses in high-risk sectors — iGaming, crypto, offshore structures — the practical reality remains that UK clearing banks will decline or exit relationships based on sector-level risk appetite decisions that are legally permissible, commercially rational (from the bank's risk-adjusted perspective), and now marginally more transparent but not substantively restricted. The reforms help individual businesses understand why they are being declined and provide more time to arrange alternatives; they do not fundamentally change the landscape of banking access for sectors that fall outside major banks' risk appetite.

The FCA's Consumer Duty and Business Clients

The FCA's Consumer Duty (Policy Statement PS22/9, in force July 2023) imposes a new standard of consumer protection requiring firms to act to deliver good outcomes for retail customers. Importantly, the Consumer Duty applies to retail customers — individual consumers and sole traders. It does not directly apply to business-to-business relationships, meaning that a business losing its banking account does not have Consumer Duty protections available to it. However, the Consumer Duty has indirect effects: where a business banking de-banking decision is connected to services that also affect retail consumers (e.g., a payment institution that is also an intermediary in a chain serving retail clients), the FCA's overall supervisory approach under Consumer Duty creates a higher standard of care that PSPs must reflect in all their conduct, even towards business clients.

The CCYFX Perspective: Building Banking Resilience

From WH's perspective working with businesses in iGaming, crypto, and offshore structures daily, the de-banking regulations have improved the experience of account closure but have not changed the fundamental advice: the most effective protection against de-banking is not regulatory, it is structural. Businesses that maintain relationships with multiple banking providers — across different institution types (clearing bank + specialist EMI + international bank) and jurisdictions — are resilient to the loss of any individual relationship. A business that depends on a single bank account for its entire payment flow is acutely vulnerable; a business with three separate named IBAN accounts at three separate regulated institutions is operationally resilient even if one relationship ends.

CCYFX's FCA-authorised EMI status means we approach de-banking differently to clearing banks: our risk appetite is explicitly designed for the high-risk sectors that clearing banks de-risk, and our compliance framework is calibrated to serve these sectors responsibly rather than excluding them by default. Contact us at info@ccyfx.com to discuss how we can provide banking resilience for your business.