The US regulatory environment governing how banks evaluate and serve customers is undergoing a significant shift. What once was largely a risk management issue—how to identify and avoid excessive exposure to financial crime risk—has now become a broader policy priority touching on financial inclusion, constitutional rights, and regulatory enforcement.

This article explores key policy developments, regulatory expectations, and practical considerations for financial institutions and others in the broader sector. While several federal and state regulatory agencies already have work underway to align with the current administration’s expectations, banks should continue to assess and prepare for future risks and supervisory readiness in relation to this evolving landscape.

From De-Risking to “Fair Banking”: How US Policy Has Evolved

De-Risking as a Regulatory Concern

Historically, “de-risking” has referred to banks terminating or limiting relationships with entire categories of customers based on perceived risk rather than on an individualized risk assessment. Regulators and policymakers have long recognized that indiscriminate de-risking can push financial activity outside the regulated financial system, increasing national security risk, and harming financial inclusion and access for certain populations. In 2023, the U.S. Department of the Treasury issued a De-Risking Strategy under the Anti-Money Laundering (AML) Act of 2020, highlighting how broad de-risking undermines financial inclusion and identifying recommendations to promote risk-based, evidence-driven compliance programs. This strategy emphasized the risks of terminating relationships with broad customer classes instead of managing risks at the individual level.[1]

The 2025 Executive Order on “Fair Banking”

In August 2025, the President signed Executive Order 14331, “Guaranteeing Fair Banking for All Americans.” This order reframed the debate by directing federal banking regulators to prohibit politicized or “unlawful debanking,” defined as denying or restricting access to financial services based on political beliefs, religious beliefs, or lawful business activities unrelated to individualized, objective risk. The EO requires regulators to revise guidance to remove concepts like “reputational risk” that could enable politicized debanking, review historical policies and practices, and take remedial actions against institutions that have such practices.[2]

The order articulates a clear policy: banking decisions must be grounded in material, measurable, and justifiable risks, not on protected beliefs or non-risk characteristics.[3]

Regulatory Implementation and Enforcement Signals

Following the EO, key banking regulators—notably the Office of the Comptroller of the Currency (OCC) and Federal Deposit Insurance Corporation (FDIC)—have taken concrete steps:

• OCC Actions: In September 2025, the OCC announced actions to “depoliticize the federal banking system,” aligning with the EO’s requirements. The agency stated that it will take action to end unlawful debanking where identified, and urged banks to ensure policies align with the new expectations. The OCC also removed references to “reputation risk” from supervisory guidance and will propose a rule to eliminate such references from regulations.[4]
• Preliminary Bank Reviews: In late 2025, the OCC released preliminary findings from its review of large banks’ debanking activities, revealing that major institutions had policies incorporating reputational or values-based criteria. The OCC signaled that accountability for past practices is forthcoming.[5]
• FDIC Rulemaking and Reviews: The FDIC has publicly supported the EO, indicating plans to issue regulations to prohibit examiners from pressuring banks on account closures based on reputational or nonfinancial metrics, and is reviewing supervised institutions’ policies and complaint databases for unlawful debanking.[6]

Moreover, regulators have extended this policy lens to aspects of AML/CFT compliance, with the Treasury and Financial Crimes Enforcement Network (FinCEN) pushing for risk-based AML programs that avoid “one-size-fits-all” approaches that can drive category-wide exclusions.[7]

Compliance Implications

Risk-Based Customer Evaluation

Banks must ensure that customer acceptance, retention, and service termination decisions are based on individualized and objective risk assessments tied to legitimate financial risks (e.g., credit, AML/CFT, operational). Policies that systematically exclude entire segments of customers (e.g., by political affiliation, industry sector, ideology, or simply media attention) without documented risk justification now expose institutions to regulatory scrutiny and potential enforcement actions.

Companies should review customer segmentation policies and ensure that:

• Risk segmentation criteria are grounded in measurable risk indicators (e.g., transaction patterns, compliance deficiencies).
• Documentation sufficiently supports decisions to decline or terminate services on a case-by-case basis.
• Policies avoid subjective considerations such as public perception or controversy that regulators are moving away from.

Potential Regulatory Exposure for Past Actions

The EO explicitly mandates that regulators review past or current policies and practices that required, encouraged, or influenced banks to engage in politicized or unlawful debanking and take remedial actions, including potential fines, consent decrees, or other measures.[8]

For banks, this raises the possibility of:

• Supervisory actions against legacy policies or customer decisions
• Enforcement referrals to agencies like the Department of Justice if unlawful debanking based on protected characteristics is identified[9]
• Litigation risk from affected customers asserting unlawful discrimination or regulatory breaches

Comprehensive internal reviews of account closure and denial decisions—especially those involving controversial or politically sensitive clients—should be undertaken promptly by those who still may have work to do on this point.

Financial Crime Risk and AML/CFT Compliance

While the policy emphasis is on fair access, AML/CFT compliance remains a pillar of safety and soundness. The Treasury’s de-risking strategy and FinCEN’s proposed rules emphasize the need for reasonably designed, risk-based AML/CFT programs that integrate financial inclusion considerations.[10]

Banks should consider the continued need to balance the imperative to avoid blanket exclusions with the duty to manage actual risk. Effective compliance programs will:

• Employ advanced analytics and customer due diligence to identify genuine risk
• Avoid inflexible thresholds that automatically trigger service denial without individual assessment
• Document how AML/CFT processes drive decisions while mitigating undue exclusion

Practical Steps for Banks and Others in the Financial Sector

Regardless of where one is in evaluating the implications of the EO and related supervisory agency initiatives, continued and expanded focus on this topic may serve institutions well in terms of balancing the various obligations at play here:

Policy and Procedure Review

• Reassess existing customer acceptance and termination policies to identify any elements that implicitly or explicitly support category-based exclusions.
• Revise policies to ensure that risk drivers are objective, risk-based, and defensible under the emerging regulatory framework. Policies should be clear what may result in rejecting or exiting a customer. Consider how decisions will be documented going forward.
• Consider how Suspicious Activity Reports (SARs) are used in customer risk management and related policy decisions. For example, the common “three strikes and you’re out” policy may not withstand regulatory scrutiny anymore. In addition, institutions may want to focus on their models and what they can learn from the actual suspicious activity they help detect. This may help provide more substantive and quantifiable support in making customer risk management decisions.
• Decide how to update compliance manuals and training related to the concerns around reputation risk as a risk management consideration.

Documentation and Justification

Good documentation is now more critical than ever. Banks should:

• Maintain detailed records of risk assessments and decisions to deny service.
• Ensure that compliance and risk systems capture the rationale and evidence supporting each customer relationship decision.
• Develop templates for risk justification that align with regulatory guidance.

This documentation should serve as a key aid in management and board reporting, strategic planning, as well as in supervisory communications and examination.

Remediation of Historical Decisions

Given regulatory interest in past practices, banks should:

• Identify past account closures or denials that may have been influenced by nonrisk factors (e.g., political or religious views) and assess whether remediation is appropriate.
• Where justified, consider outreach to affected customers or reoffers of service.

Banks should work with legal counsel to evaluate potential liabilities from previous practices and assist in designing remediation that helps mitigate legal exposure.

Supervisory Engagement and Reporting

Proactive regulatory engagement can build trust and reduce enforcement risk:

• Meet with examiners to discuss policy changes and demonstrate proactive compliance.
• Prepare reporting on how risk-based assessments are incorporated into customer lifecycle decisions.
• Respond thoughtfully to supervisory inquiries regarding customer access policies.

Strategic Considerations

The policy shift presents both compliance challenges and strategic opportunities:

• Reengagement with previously avoided markets: Institutions can reconsider serving customer segments previously deemed high risk if risk can be managed objectively and effectively.
• Competitive advantage: A transparent, risk-based customer strategy may differentiate institutions that deliver fairness and inclusion without increasing risk.
• Reputation management: Clear public positioning and communication about fair access can help rebuild trust after a period of reputational risk debates.

Conclusion

The US government’s evolving stance on de-risking and debanking represents a meaningful shift in regulatory priorities. It may be wise to view this not as a temporary political debate but as a long-term change in supervisory philosophy that will likely shape compliance expectations, enforcement risks, and operational policy going forward.

Implementing objective, risk-based customer evaluation frameworks, auditing legacy decisions, entrenching documentation discipline, and engaging proactively with regulators can be effective steps for institutions seeking to thrive under this new paradigm.

The views and opinions expressed in this article are those of the authors.

Read Past Raising the Bar Issues