⏰ Estimated read time: 7 minutes

If, as a society, we are serious about stopping the migration of financial crime underground, we need more than regulatory tweaks. We need structural, even radical, solutions.

Banks, under pressure from regulators, have been unofficially deputised as gatekeepers of financial access, but without sufficient infrastructure to manage the risks they are asked to bear.

After all, what bank would willingly risk its banking licence, or its public reputation, over a small cohort of customers? In banking, the upside is rarely worth the existential risk.

Banks as Unofficial Enforcers of AML/CTF Compliance

Banks are directly regulated under AML/CTF laws, but increasingly, they are also acting as de facto regulators of access to the financial system itself. Through risk-based decision-making, banks assess customers’ profiles and have, in some cases, chosen to debank entire industries they deem high-risk, including remittance providers, digital currency exchanges, and certain fintechs.

While some institutions apply these standards thoughtfully, others resort to blanket exclusions. In doing so, they are effectively determining who can and cannot participate in the financial system, a role arguably better suited to policymakers and government agencies.

The problem is not just one of fairness. It is one of visibility. Every time we push businesses out of the regulated system, we make it harder to detect and manage financial crime.

At the same time, expecting banks to service businesses that won’t invest in basic control environments to mitigate risks the banks themselves have spent millions managing, is equally unfair. Risk must be managed, not blindly absorbed.

A “User Pays” Due Diligence Model

What if access to banking wasn’t dependent solely on a bank’s risk appetite, but could be earned through an external validation process?

Concept: Businesses in high-risk categories could pay for an independent AML/CTF due diligence assessment, aligned with regulatory expectations, that participating banks agree to recognise and factor into their onboarding decisions.

Benefits: It levels the playing field, reduces reliance on subjective tolerance, and could provide excluded businesses a clear, accountable path back into the system.

Rather than forcing banks to shoulder the entire risk assessment burden, or punishing businesses for being in a high-risk sector, this model would offer a clear, auditable route to access.

This could create a trusted external validation channel for high-risk customers, allowing AML/CTF teams to better allocate resources toward monitoring and ongoing vigilance, rather than expending disproportionate effort fighting onboarding battles.

Of course, a critical consideration would be the extent to which banks could, or should, rely on a third party’s due diligence assessment. Rather than asking banks to outsource their judgment entirely, a practical model could focus on sharing underlying findings of fact, supported by evidence, through secure information-sharing frameworks akin to those contemplated in Open Banking. This would give banks greater transparency over the due diligence performed, while still reducing duplication of effort and subjective gatekeeping.

Further Infrastructure Support
AUSTRAC could aid this model by maintaining a public register indicating when it last completed a due diligence review of a remitter or digital currency exchange as part of their registration or re-registration process. The register could also indicate whether the business was assessed under the older, lighter-touch registration approach or the newer, more detailed framework. While banks would not entirely rely on this when making decisions, it would provide banks with additional confidence and visibility when assessing high-risk customers.

If external validation alone isn’t enough or doesn’t gain traction, we may need to rethink deeper public infrastructure.

The Reserve Bank as a Bank of Last Resort

If regulatory obligations and associated risks mean the private sector cannot support lawful, regulated businesses, perhaps it is time to rethink public infrastructure.

Proposal: The Reserve Bank, or a government-backed entity, could provide minimal banking services to debanked industries that meet rigorous AML/CTF standards.

Purpose: The goal would not be to make access easy or routine, but to ensure that financial activity remains visible, monitorable, and within the regulated system, rather than being driven underground.

Benefits:

• Maintains transparency over financial flows from higher-risk sectors that might otherwise move into informal or unregulated channels
• Reduces systemic financial crime risks caused by wholesale financial exclusion
• Aligns with existing public interest models in other critical sectors, such as healthcare, education, and superannuation

Policy Rationale:

We already accept, in other domains, that certain services are too important to be left to purely commercial market forces. Perhaps financial system participation, at least at a minimal, accountable level, warrants similar treatment.

If the federal government were required to manage the ML/TF and reputational risks currently borne by private banks, it might think differently about the broader infrastructure needed to mitigate those risks, such as the timely implementation of a comprehensive beneficial ownership register.

It is a polite but important question, because risk is much easier to shift than it is to own.

Absent a public sector solution, the burden of maintaining minimal financial access may fall back onto the private sector, potentially through the introduction of mechanisms like a statutory right to a Bank Account.

A Statutory MVP Bank Account as Part of a Banking Licence

There has been past discussion around the idea of creating a statutory right to a bank account. For transparency, we are not advocating for such a broad entitlement. However, if a related concept were to be reconsidered, what could a workable model look like?

Concept:
One potential option would be the creation of a Minimal Viable Product (MVP) Bank Account, mandated as a condition of holding a banking licence.

This account would provide basic financial participation for high-risk customers under tightly controlled conditions, while protecting the broader financial system.

Features for Individual Customers:

• Receive funds electronically from pre-approved sources (e.g., employers)
• Pay essential living expenses, such as utilities, groceries, and transport
• Subject to bespoke transaction monitoring and enhanced customer due diligence
• Restrictions would apply, including:

1. No cross-border transactions
2. Limits on the volume and value of cash deposits and withdrawals
3. Controls to prevent the rapid movement of funds between accounts

Features for Businesses:
Given the broader range of legitimate inbound and outbound transactions, MVP accounts for businesses would require greater disclosure of financial records to the banking institution or an accredited third-party auditor.

Benefits:

• Provides high-risk individuals and businesses with a transitional pathway to rebuild trust and regain broader access to financial services
• Reduces systemic risk by keeping financial activity visible and contained within the regulated sector
• Enables evidence-based assessments for ongoing or future exclusion, rather than reliance on broad assumptions
• Shifts compliance costs appropriately to the consumer, reflecting the increased monitoring burden

Governance and Review:
Banks would be required to review MVP accounts periodically, determining whether continued restrictions are necessary or whether the customer is eligible to progressively regain access to broader products and services.

Cost Model:
MVP accounts would not be subsidised. Consumers would pay appropriate fees that reflect the higher compliance costs associated with enhanced monitoring and reporting requirements.

Policy Rationale:
For most high-risk customers, the MVP account would serve as a temporary, corrective arrangement, supporting a structured return to full financial participation.

For those who fail to satisfy ongoing enhanced due diligence and transaction monitoring requirements, the MVP framework would at least provide policymakers and banks with a clear and reasonable basis for financial exclusion, grounded in evidence rather than prejudice or convenience.

MVP Accounts are not a silver bullet, but they could provide a measured, practical response to the unintended consequences of debanking. They offer a middle path between unrestricted access and total exclusion: one that keeps financial crime risk visible, measurable, and manageable.

Considering Trade-offs

Of course, none of these proposals are without trade-offs. Each approach, whether due diligence gateways, public-sector infrastructure, or MVP bank accounts, comes with its own set of challenges, costs, and potential unintended effects. While this article has focused on the potential benefits, these must be carefully weighed against the limitations of each approach before implementation.

We acknowledge that counterarguments, such as the feasibility of a “User Pays” system or the operational burden on public institutions, deserve deeper consideration and are likely to surface as this conversation evolves.

The Unintended Consequences of Debanking, and the Real Risk of Blindness

Debanking is often seen as a necessary evil. But in practice, it may cause greater harm than good:

• Increased Financial Crime Risks: Businesses excluded from the formal system turn to unregulated or informal channels, hiding illicit finance.
• Barriers to Innovation and Competition: Fintech startups, remittance providers, and cryptocurrency exchanges face higher operational barriers, or are squeezed out entirely.
• Reduced Transparency: Fear of debanking drives some businesses to conceal or misrepresent their operations, undermining compliance monitoring.

We are not stewarding risk. We are offloading it, and congratulating ourselves for doing so.

The original intent of a risk-based approach was to empower businesses to make informed, contextual, and proportionate decisions. But in practice, it is increasingly becoming shorthand for risk aversion, or worse, commercially driven exclusion.

AUSTRAC and FATF have both warned against wholesale de-risking, urging financial institutions to evaluate clients individually.

Blanket debanking doesn’t reduce systemic risk, it amplifies it.

If we are serious about financial crime prevention, the real risk isn’t just about who we include, it’s who we blind ourselves to.

What If We Did Nothing?

If the current trajectory continues, financial crime won’t disappear, it will simply retreat underground, making detection harder and enforcement weaker.

Meanwhile, declining visibility is likely to trigger even stricter compliance demands, requiring more intrusive monitoring and reporting to compensate for systemic blind spots.

Left unchecked, this combination of hidden risk and rising regulatory burden could ultimately erode public trust in the financial system, creating systemic risks far greater than those we sought to avoid.

Final Word: Structuring Access with Accountability

We cannot simply regulate our way to a crime-free system. But we can design smarter access frameworks, provide better infrastructure, clearer standards, and more inclusive oversight.

The real risk isn’t just who we exclude. It is what happens next, and where those excluded actors go.

If we want to manage risk responsibly, perhaps it is time to stop asking who deserves access and start asking how we can structure access with appropriate accountability.

Because risk that is hidden underground isn’t eliminated, it simply becomes untraceable.

The conversation about risk, access, and accountability must continue, and must not be forgotten, even as broader regulatory reforms move forward.