Provisional text

OPINION OF ADVOCATE GENERAL

RICHARD DE LA TOUR

delivered on 4 September 2025 (1)

Case C81/24 [Jenec] (i)

LH

v

OTP banka d.d., formerly NOVA KREDITNA BANKA MARIBOR

(Request for a preliminary ruling from the Okrajno sodišče v Mariboru (Local Court, Maribor, Slovenia))

( Reference for a preliminary ruling – Approximation of laws – Financial services – Money laundering and terrorist financing – Directive 2014/92/EU – Directive (EU) 2015/849 – Consumer on a list of the Office of Foreign Assets Control (OFAC) – Refusal by the bank to make a payment and rejection of an application to open a payment account with basic features )






I.      Introduction

1.        How can the right to a bank account be reconciled  with anti-money laundering rules?

2.        Directive 2014/92/EU (2) establishes a right to a payment account in order to promote inclusion unless there is an infringement of the provisions on the prevention of money laundering and the countering of terrorist financing. Directive (EU) 2015/849 (3) sets out principles for risk assessment, identification of customers and their beneficial owners and verification of their identities, as well as the implementation of due diligence measures at the point of entry and throughout the business relationship to prevent the financial system from being used for money laundering or terrorist financing purposes.

3.        Since anti-money laundering regulation is built around a holistic risk-based approach, the question arises as to how to deal with the particular scenario where a consumer who applies to open a payment account with basic features is refused that account because that consumer is on a sanctions list drawn up by a third country, even though that consumer has not been convicted anywhere in the world of any of the offences in respect of which he or she has been placed on the list, nor has he or she been subject to any restrictive measures imposed by his or her Member State, the European Union or an international organisation of which the Member State in question or the Union is a member.

4.        At the Court’s request, I will focus my Opinion on the first question referred by Okrajno sodišče v Mariboru (Local Court, Maribor, Slovenia), which asks whether Article 16(4) of Directive 2014/92, read in the light of Directive 2015/849, may be interpreted as authorising Member States to require banks to reject a consumer’s application to open a payment account with basic features on the ground that he or she is included in a list of the Office of Foreign Assets Control (OFAC) of the United States Department of the Treasury.

II.    Legal context

A.      European Union law

1.      Directive 2014/92

5.        Recitals 34, 37 and 47 of Directive 2014/92 state:

‘(34)      … While it is important for credit institutions to ensure that their customers are not using the financial system for illegal purposes such as fraud, money laundering or terrorism financing, they should not impose barriers to consumers who want to benefit from the advantages of the internal market by opening and using payment accounts on a cross-border basis. Therefore, the provisions of Directive [2005/60/EC] (4) should not be used as a pretext for rejecting commercially less attractive consumers.

(37)      Member States should be able, in full respect of the fundamental freedoms guaranteed by the Treaties, to require consumers who wish to open a payment account with basic features in their territory to show a genuine interest in doing so. Without prejudice to the requirements adopted in conformity with Directive [2005/60] to prevent money laundering, physical attendance at the premises of the credit institutions should not be required in order to show such a genuine interest.

(47)      Credit institutions should refuse to open or should terminate a contract for a payment account with basic features only in specific circumstances, such as non-compliance with the legislation on money laundering and terrorist financing or on the prevention and investigation of crimes. Even in those cases, a refusal can only be justified where the consumer does not comply with that legislation and not because the procedure to check compliance with the legislation is too burdensome or costly. However, there could be cases where a consumer abuses his right to open and use a payment account with basic features. For example, a Member State should be able to permit credit institutions to take measures against consumers who have committed a crime, such as a serious fraud against a credit institution, with a view to avoiding a recurrence of such a crime. Such measures may include, for example, limiting access by that consumer to a payment account with basic features for a certain period of time. Besides, there may be cases in which the previous refusal of an application for a payment account may be necessary in order to identify consumers who could benefit from a payment account on more advantageous terms. In such a case, the credit institution should inform the consumer that he may use a specific mechanism in the event of refusal of an application for a payment account for which a fee is charged as provided for in this Directive to obtain access to a payment account with basic features that is free of charge. Both such additional cases should, however, be limited, specific and based on precisely identified provisions of national law. When identifying additional cases in which credit institutions can refuse to offer payment accounts to consumers, Member States should be able to include, inter alia, grounds of public security or public policy.’

6.        Article 16(1) to (4) and (7) of Directive 2014/92 provide:

‘1.      Member States shall ensure that payment accounts with basic features are offered to consumers by all credit institutions or a sufficient number of credit institutions to guarantee access thereto for all consumers in their territory, and to prevent distortions of competition. …

2.      Member States shall ensure that consumers legally resident in the Union, including consumers with no fixed address and asylum seekers, and consumers who are not granted a residence permit but whose expulsion is impossible for legal or factual reasons, have the right to open and use a payment account with basic features with credit institutions located in their territory. Such a right shall apply irrespective of the consumer’s place of residence.

Member States may, in full respect of the fundamental freedoms guaranteed by the Treaties, require consumers who wish to open a payment account with basic features in their territory to show a genuine interest in doing so.

Member States shall ensure that the exercise of the right is not made too difficult or burdensome for the consumer.

3.      Member States shall ensure that credit institutions offering payment accounts with basic features open the payment account with basic features or refuse a consumer’s application for a payment account with basic features, in each case without undue delay and at the latest 10 business days after receiving a complete application.

4.      Member States shall ensure that credit institutions refuse an application for a payment account with basic features where opening such an account would result in an infringement of the provisions on the prevention of money laundering and the countering of terrorist financing laid down in Directive [2005/60].

7.      Member States shall ensure that, in the cases referred to in paragraph 4 …, after taking its decision, the credit institution immediately informs the consumer of the refusal and of the specific reason for that refusal, in writing and free of charge, unless such disclosure would be contrary to objectives of national security, public policy or Directive [2005/60]. In the event of refusal, the credit institution shall advise the consumer of the procedure to submit a complaint against the refusal, and of the consumer’s right to contact the relevant competent authority and designated alternative dispute resolution body and provide the relevant contact details.’

2.      Directive 2015/849

7.        Recital 22 of Directive 2015/849 states:

‘The risk of money laundering and terrorist financing is not the same in every case. Accordingly, a holistic, risk-based approach should be used. The risk-based approach is not an unduly permissive option for Member States and obliged entities. It involves the use of evidence-based decision-making in order to target the risks of money laundering and terrorist financing facing the Union and those operating within it more effectively.’

8.        Article 1(1) of that directive provides:

‘This Directive aims to prevent the use of the Union’s financial system for the purposes of money laundering and terrorist financing.’

9.        Article 8 of that directive is worded as follows:

‘1.      Member States shall ensure that obliged entities take appropriate steps to identify and assess the risks of money laundering and terrorist financing, taking into account risk factors including those relating to their customers, countries or geographic areas, products, services, transactions or delivery channels. Those steps shall be proportionate to the nature and size of the obliged entities.

2.      The risk assessments referred to in paragraph 1 shall be documented, kept up-to-date and made available to the relevant competent authorities and self-regulatory bodies concerned. Competent authorities may decide that individual documented risk assessments are not required where the specific risks inherent in the sector are clear and understood.

3.      Member States shall ensure that obliged entities have in place policies, controls and procedures to mitigate and manage effectively the risks of money laundering and terrorist financing identified at the level of the Union, the Member State and the obliged entity. Those policies, controls and procedures shall be proportionate to the nature and size of the obliged entities.

4.      The policies, controls and procedures referred to in paragraph 3 shall include:

(a)      the development of internal policies, controls and procedures, including model risk management practices, customer due diligence, reporting, record-keeping, internal control, compliance management including, where appropriate with regard to the size and nature of the business, the appointment of a compliance officer at management level, and employee screening;

(b)      where appropriate with regard to the size and nature of the business, an independent audit function to test the internal policies, controls and procedures referred to in point (a).

5.      Member States shall require obliged entities to obtain approval from their senior management for the policies, controls and procedures that they put in place and to monitor and enhance the measures taken, where appropriate.’

10.      Under Article 13 of Directive 2015/849:

‘1.      Customer due diligence measures shall comprise:

(a)      identifying the customer and verifying the customer’s identity on the basis of documents, data or information obtained from a reliable and independent source … ;

(b)      identifying the beneficial owner and taking reasonable measures to verify that person’s identity so that the obliged entity is satisfied that it knows who the beneficial owner is, including, as regards legal persons, trusts, companies, foundations and similar legal arrangements, taking reasonable measures to understand the ownership and control structure of the customer … ;

(c)      assessing and, as appropriate, obtaining information on the purpose and intended nature of the business relationship;

(d)      conducting ongoing monitoring of the business relationship including scrutiny of transactions undertaken throughout the course of that relationship to ensure that the transactions being conducted are consistent with the obliged entity’s knowledge of the customer, the business and risk profile, including where necessary the source of funds and ensuring that the documents, data or information held are kept up-to-date.

2.      Member States shall ensure that obliged entities apply each of the customer due diligence requirements laid down in paragraph 1. However, obliged entities may determine the extent of such measures on a risk-sensitive basis.

3.      Member States shall require that obliged entities take into account at least the variables set out in Annex I when assessing the risks of money laundering and terrorist financing.

4.      Member States shall ensure that obliged entities are able to demonstrate to competent authorities or self-regulatory bodies that the measures are appropriate in view of the risks of money laundering and terrorist financing that have been identified.

…’

11.      The first subparagraph of Article 14(4) of that directive provides:

‘Member States shall require that, where an obliged entity is unable to comply with the customer due diligence requirements laid down in point (a), (b) or (c) of the first subparagraph of Article 13(1), it shall not carry out a transaction through a bank account, establish a business relationship or carry out the transaction, and shall terminate the business relationship and consider making a suspicious transaction report to the [EU Financial Intelligence Unit] in relation to the customer in accordance with Article 33.’

12.      Article 48(8) of that directive provides:

‘Member States shall ensure that competent authorities take into account the degree of discretion allowed to the obliged entity, and appropriately review the risk assessments underlying this discretion, and the adequacy and implementation of its internal policies, controls and procedures.’

3.      European Banking Authority (EBA) guidelines on money laundering and terrorist financing risk factors

13.      Guideline 1 of the EBA guidelines of 1 March 2021 under Articles 17 and 18(4) of Directive [2015/849], on customer due diligence and the factors that credit and financial institutions should consider when assessing the money laundering and terrorist financing risk associated with individual business relationships and occasional transactions (‘The [Money Laundering and Terrorist Financing (ML/TF)] Risk Factors Guidelines’), repealing and replacing Guidelines JC/2017/37, (5) entitled ‘Risk assessments: key principles for all firms’, provides in paragraph 1.30(c):

‘Firms should always consider the following sources of information:

(c)      information from governments, such as governments’ national risk assessments, policy statements and alerts, and explanatory memorandums to relevant legislation.’

14.      EBA Guideline 2, entitled ‘Identifying ML/TF risk factors’, states in points 2.3 and 2.5:

‘2.3.      When identifying the risk associated with their customers, including their customers’ beneficial owners, firms should consider the risk related to:

(b) the customer’s and the customer’s beneficial owner’s reputation;

2.5.      The following risk factors may be relevant when identifying the risk associated with a customer’s or beneficial owner’s reputation:

(a)      Are there adverse media reports or other relevant sources of information about the customer, for example are there any allegations of criminality or terrorism against the customer or the beneficial owner? If so, are these reliable and credible? Firms should determine the credibility of allegations on the basis of the quality and independence of the source of the data and the persistence of reporting of these allegations, among other considerations. Firms should note that the absence of criminal convictions alone may not be sufficient to dismiss allegations of wrongdoing.

(b)      Has the customer, beneficial owner or anyone publicly known to be closely associated with them had their assets frozen due to administrative or criminal proceedings or allegations of terrorism or terrorist financing? Does the firm have reasonable grounds to suspect that the customer or beneficial owner or anyone publicly known to be closely associated with them has, at some point in the past, been subject to such an asset freeze?

…’

15.      EBA Guideline 3, entitled ‘Assessing ML/TF risk’, provides at paragraphs 3.2. and 3.3:

‘3.2.            Firms should take a holistic view of the ML/TF risk factors they have identified that, together, will determine the level of ML/TF risk associated with a business relationship, an occasional transaction or their business.

3.3.      Firms should note that, unless [Directive 2015/849] or national legislation states otherwise, the presence of isolated risk factors does not necessarily move a relationship into a higher or lower risk category.’

16.      EBA Guideline 4, entitled ‘[Customer due diligence (CDD)] measures to be applied by all firms’ provides at paragraphs 4.9., 4.10. and 4.66:

‘4.9.      “De-risking” refers to a decision taken by firms to no longer offer services to some categories of customers associated with higher ML/TF risk. As the risk associated with individual business relationships will vary, even within one category, the application of a risk-based approach does not require firms to refuse, or terminate, business relationships with entire categories of customers that are considered to present higher ML/TF risk. Firms should carefully balance the need for financial inclusion with the need to mitigate ML/TF risk.

4.10.      As part of this, firms should put in place appropriate and risk-sensitive policies and procedures to ensure that their approach to applying CDD measures does not result in unduly denying legitimate customers access to financial services. Where a customer has legitimate and credible reasons for being unable to provide traditional forms of identity documentation, firms should consider mitigating ML/TF risk in other ways, including by:

(b)      offering only basic financial products and services, which restrict the ability of users to abuse these products and services for financial crime purposes. Such basic products and services may also make it easier for firms to identify unusual transactions or patterns of transactions, including the unintended use of the product; but it is important that any limits be proportionate and do not unreasonably or unnecessarily limit customers’ access to financial products and services.

4.66.      Firms should not enter into a business relationship if they are unable to comply with their CDD requirements, if they are not satisfied that the purpose and nature of the business relationship are legitimate or if they are not satisfied that they can effectively manage the risk that they may be used for ML/TF purposes. Where such a business relationship already exists, firms should terminate it or suspend transactions until it can be terminated, subject to instructions from law enforcement, where applicable.’

B.      Slovenian law

1.      Law on payment services, electronic money issuing services and payment systems

17.      Article 180(1) of the Zakon o plačilnih storitvah, storitvah izdajanja elektronskega denarja in plačilnih sistemih (Law on Payment Services, Electronic Money Issuing Services and Payment Systems) (6) of 7 February 2018, in the version applicable to the dispute in the main proceedings, provides:

‘A consumer legally resident in the …Union who applies to open a basic payment account within the …Union, or to have access to such an account, shall not be discriminated against by the bank, in particular for reasons related to nationality, residence, gender, race, colour, ethnic or social origin, genetic features, language, religion or belief, political or other opinion, membership of a national community, membership of a national minority from another country, financial situation, lineage, disability, age or sexual orientation. The conditions which apply to the opening of and access to a basic payment account shall in no way be unjustifiably discriminatory.’

18.      Article 181 of that law provides:

‘1.      All banks operating consumer payment accounts are obliged to offer consumers a basic payment account.

3.      A consumer legally resident in the … Union, including a consumer with no fixed address and an asylum seeker, and a consumer who has not been granted authorisation to reside but whose expulsion is impossible for legal or factual reasons, shall have the right to open and use a basic payment account with a bank. That right shall apply irrespective of the consumer’s habitual place of residence.

4.      The bank shall organise the procedure for opening a basic payment account in such a way that the exercise of that right is not too difficult or burdensome for the consumer. The bank shall open the basic payment account without undue delay and at the latest within ten business days of receiving the consumer’s complete application for the opening of a payment account with basic features.

5.      The period laid down in the preceding paragraph shall also apply where the consumer’s application to open a basic payment account is rejected.

6.      The bank shall refuse the consumer’s application for the opening of a basic payment account if opening such an account would result in an infringement of the provisions of the law governing the prevention of money laundering and terrorist financing …. In such a case, the bank shall take measures in accordance with the law governing the area of the prevention of money laundering and terrorist financing.

8.      In the cases provided for in paragraphs 6 and 7 of this article, the bank shall, after taking the decision to reject the application to open a basic payment account, inform the consumer without delay, in writing and free of charge, of the rejection of the application and of the specific reasons for its rejection, except where this is prohibited under other provisions.

9.      In the event of rejection of an application to open a basic payment account, the bank shall inform the consumer of the remedies available for the rejection of his or her application, of the right to inform Banko Slovenije (the Bank of Slovenia) of the rejection of the application to open a basic payment account, and of the right to initiate the out-of-court dispute resolution mechanism provided for in Article 286 of this law. In its notification, the bank must also provide the relevant contact details.

…’

2.      Law on the prevention of money laundering and terrorist financing

19.      Point 1 of Article 4(1) of the Zakon o preprečevanju pranja denarja in financiranja terorizma (Law on the Prevention of Money Laundering and Terrorist Financing) (7) of 4 April 2022 provides:

‘Banks and their branches in Member States, branches of banks of third States and branches of the banks of Member States that establish a branch in the Republic of Slovenia shall take measures for the detection and prevention of money laundering and terrorist financing, as laid down in this law, before or upon receipt, delivery, exchange, safekeeping, holding or other conduct involving money or other assets and upon the conclusion of business relationships.’

III. Facts in the main proceedings and the questions referred for a preliminary ruling

20.      On 22 October 2017, LH, the applicant, attempted to pay at a service station by bank transfer from an account in his wife’s name, opened with NOVA KREDITNA BANKA MARIBOR d.d. (‘NKBM’). This transfer was blocked following the input of his personal data into the system. NKBM justified this blockage to his wife by explaining that it had adopted a series of stricter measures to meet the obligations arising from the legislation on the prevention of the financing of terrorism and money laundering, in particular the prohibition on collaborating with a client included in a list of restrictive measures (European Union, OFAC, United Nations, internal list). Other internal NKBM documents (8) contain similar requirements for persons included in an OFAC list.

21.      During the course of the proceedings before the national court brought by the applicant against NKBM seeking the opening of a payment account with basic features as well as damages, the applicant went in person, on 23 March 2022, to an NKBM branch to request the opening of such an account. After producing his valid identity card, the NKBM employee informed him that the system did not allow the employee to open a current account in the applicant’s name. No written response was provided within ten days of his application to open an account.

22.      On 23 February 2015, the Specializirano državno tožilstvo Republike Slovenije (the Special State Prosecutor of the Republic of Slovenia) closed and archived the case brought against the applicant, which concerned the same offences as those for which an international arrest warrant against him had been issued. The applicant has not been convicted elsewhere in the world of the criminal offence for which he is listed by OFAC, and no restrictive measures have been taken against him by the United Nations, the European Union or the Republic of Slovenia.

23.      The national court states that the parties disagree as to whether the mere fact of being included on an OFAC list, without having been convicted of any offence for which he is on that list, or having been subject to any restrictive measure from the United Nations, the European Union or a Member State, constitutes a breach of the provisions relating to the prevention of money laundering and terrorist financing which may justify a refusal to open a payment account with basic features. It adds that, if inclusion on such a list constitutes a special circumstance justifying increased vigilance, it is not clear whether it can justify a refusal to open a payment account with basic features. If such a refusal is justified, the referring court questions compliance with the right to the presumption of innocence protected by Article 48 of the Charter of Fundamental Rights of the European Union. (9)

24.      In these circumstances, the Okrajno sodišče v Mariboru (the Local Court, Maribor) decided to stay the proceedings and to refer the following questions to the Court of Justice for a preliminary ruling:

‘(1)      Does Article 16(4) of Directive [2014/92/EU] permit Member States to require banks to refuse a consumer’s application for a payment account with basic features, on the ground that that consumer is included in the OFAC list …in that opening such an account would constitute an infringement of the rules on the prevention of money laundering and terrorist financing laid down in Directive [2015/849]?

(2)      If the first question is answered in the affirmative, is there an exception where that consumer has never been convicted anywhere in the world of the offence for which he or she is included in the abovementioned list, and/or where no restrictive measures of any kind have been taken against that consumer by the Member State concerned, the … Union or any other international organisation of which the Member State concerned or the … Union is a member?

(3)      Does an answer in the affirmative to the first question mean non-compliance with Article 48 of the [Charter] which establishes the right to the presumption of innocence?

(4)      Does an answer in the negative to the second question mean non-compliance with Article 48 of the Charter of Fundamental Rights of the European Union which establishes the right to the presumption of innocence?’

25.      Written observations have been submitted by the applicant, NKBM, the Slovenian Government, the Council of the European Union, the European Parliament and the European Commission.

IV.    Analysis

26.      In line with the Court’s wishes, I will focus my Opinion on the first question referred.

27.      The referring court queries whether Article 16(4) of Directive 2014/92 permits Member States to require banks to refuse a consumer’s application for a payment account with basic features, on the grounds that that consumer is included in an OFAC list and that opening such an account would constitute an infringement of the rules on the prevention of money laundering and terrorist financing laid down in Directive 2015/849.

28.      Article 15 of Directive 2014/92 states that no discrimination may take place when examining an application to open a payment account in respect of a consumer legally resident in the Union by reason of his or her nationality or place of residence. Article 16 of that Directive lays down a right of access to a payment account with basic features (10) specifying a number of elements in order to ensure the effectiveness of that right.

29.      Thus, paragraph 1 of Article 16 of that directive states, inter alia, that Member States shall ensure that payment accounts with basic features are offered in a sufficient number of credit institutions and that such payment accounts are not offered only by credit institutions that provide such accounts with solely online facilities. The first subparagraph of paragraph 2 of Article 16 of that directive also specifies what is meant by ‘consumer legally resident in the Union.’ Finally, paragraph 3 of Article 16 of the directive provides that the opening or refusal to open must take place without undue delay and at the latest ten business days after receiving a complete application.

30.      Article 16 of Directive 2014/92 also provides for cases of refusal to open a payment account with basic features, distinguishing between three situations. The first is where opening such an account would result in an infringement of the provisions on the prevention of money laundering and the countering of terrorist financing laid down in Directive 2015/849. (11) The second is where Member States may permit credit institutions to refuse to open a payment account with basic features if a consumer already holds such an account in their territory. (12) The third is where Member States may identify a limited number of additional cases where credit institutions may be required or may choose to refuse an application for a payment account with basic features, provided such cases are based on provisions of national law aimed at facilitating access by the consumer to a payment account with basic features free of charge, or at avoiding abuses by consumers of their right to access a payment account with basic features. (13) In those three cases of refusal, credit institutions must immediately inform the consumer of the specific reason for that refusal, in writing and free of charge, unless such disclosure would be contrary to objectives of national security and the maintenance of law and order or to the objectives of the Union rules on money laundering and terrorist financing. (14)

31.      Thus, Directive 2014/92 provides for a minimum harmonisation of the situations in which the opening of a payment account with basic features may be refused, leaving a margin of discretion to the Member States except where such opening would result in a breach of the provisions on the prevention of money laundering and the fight against terrorism laid down in Directive 2015/849. In this case, the Member States do not have a margin of discretion, which is reflected in the wording ‘Member States shall ensure that’.

32.      However, recital 34 of Directive 2014/92 states that the provisions of Directive 2015/849 (15) should not be used as a pretext for rejecting commercially less attractive consumers.

33.      Recital 47 of Directive 2014/92 states that, in the event of a risk of non-compliance with the legislation on money laundering and terrorist financing, a refusal to open an account can only be justified where the consumer does not comply with that legislation and not because the procedure to check compliance with the legislation is too burdensome or costly.

34.      The difficulty of the question referred to the Court arises from the fact that Directive 2015/849 is also a minimum harmonisation directive.

35.      Indeed, a number of provisions of that directive provide that Member States may adopt stricter measures to prevent money laundering and terrorist financing, within the limits of EU law. (16) The Directive also provides that Member States have options such as, for example, allowing obliged entities to apply simplified due diligence measures where a Member State or an obliged entity has identified areas of lower risk, (17) or that entities can themselves determine the extent of customer due diligence measures on a risk-sensitive basis. (18) That flexibility is linked to the risk-based approach adopted as the basis for Directive 2015/849. (19)

36.      It is therefore necessary to examine, on that basis, what breach of the rules on combating money laundering and terrorist financing could justify a refusal to open a payment account with basic features within the meaning of Directive 2014/92.

37.      Article 14(4) of Directive 2015/849 expressly provides for only one situation in which a business relationship must not be entered into: where the obliged entity is unable to comply with the customer due diligence requirements laid down in point (a), (b) or (c) of the first subparagraph of Article 13(1) of that directive. For the sake of completeness, those due diligence obligations relate to identifying the customer and verifying the customer’s identity (Article 13(1)(a) of that directive), identifying the beneficial owner and taking reasonable measures to verify that person’s identity (Article 13(1)(b) of that directive), and assessing and, where appropriate, obtaining information on the purpose and intended nature of the business relationship (Article 13(1)(c) of that directive 2015/849). In the present case, subject to the assessment of the referring court, none of those elements appears to be lacking since the customer is identified, the existence of a beneficial owner different from the customer is not alleged and the desired business relationship consists of the opening of a payment account with basic features. Consequently, prima facie, the refusal to open the account applied for cannot be justified on the basis of that directive.

38.      In addition, the Slovenian Government states that it has not provided, under the more stringent measures which may be put in place pursuant to Article 5 of Directive 2015/849, for a requirement to refuse to enter into a business relationship in the event of inclusion on an OFAC list. It therefore appears that NKBM, in refusing to open a bank account with basic features for the sole reason that the potential customer is included in an OFAC list, is overstepping the limits of EU law, which governs the Member States’ margin of discretion. (20)

39.      Furthermore, as the Parliament rightly points out, even in the case of restrictive measures taken under EU law, the Union’s regulatory framework provides that, with specific authorisation, financial services may be provided to persons subject to such restrictive measures. (21) Thus, the objective of combating the financing of terrorism and money laundering does not totally prohibit the use of the banking system.

40.      Accordingly, by prohibiting the entering into of a business relationship only in the abovementioned circumstances (failure to identify the customer or the beneficial owner, failure to assess the purpose and nature of the business relationship), the EU legislature has struck a balance of interests between the right to open a payment account with basic features, on the one hand, and the fight against money laundering and terrorist financing, on the other.

41.      However, mere inclusion on an OFAC list may be taken into consideration when assessing the level of due diligence to be applied to the business relationship once it has been established.

42.      Indeed, Directive 2015/849 provides for several levels of due diligence to be applied during the course of the business relationship, since the ongoing monitoring of that relationship is part of the normal due diligence requirements. (22)

43.      First, Articles 15 to 17 of that directive provide for cases in which Member States may authorise a simplified due diligence requirement on the part of the obliged entity.

44.      Second, Articles 18 to 24 of the directive lay down enhanced due diligence requirements. Annex III to the same directive sets out the factors of potentially higher risk which Member States and obliged entities must take into account as a minimum. This strengthening of the due diligence requirement is linked to risk factors that may be geographical (high-risk third countries or cross-border relationships involving a third country), or related to products, services, transactions or distribution channels (use of new technologies in particular), or to the customer (politically exposed persons, for example).

45.      As regards customer risk factors, neither the wording of Directive 2015/849 nor that of Annex III thereto envisages the possibility of inclusion on a sanctions list. However, in the EBA guidelines, the EBA indicates that, for this risk factor, the risk linked to the customer’s reputation should be taken into account (23) and that, in this regard, adverse media reports or other relevant sources of information about the customer may be taken into consideration, without the absence of criminal convictions alone being sufficient to dismiss allegations of wrongdoing, (24) or the fact that the customer has had their assets frozen due to administrative or criminal proceedings, including in the past. (25) In addition, the EBA recommends that information from governments should be taken into account. (26) Therefore, inclusion on an OFAC list could relate to these customer-related risk factors.

46.      Furthermore, the EBA clarifies that financial institutions should take a holistic view of the risk factors identified (27) and should note that, unless Directive 2015/849 or national legislation states otherwise, the presence of isolated risk factors does not necessarily move a relationship into a higher or lower risk category. (28)

47.      Consequently, where the obliged entity is a banking institution, it must have an overall, weighted analysis of the degree of risk generated by a new business relationship in order to assess the level of due diligence that should be applied to it. Therefore, depending on the circumstances of the case and subject to the assessment of the referring court, inclusion on an OFAC list could justify enhanced due diligence measures.

48.      However, Article 8(3) of Directive 2015/849 provides that Member States must ensure that obliged entities have in place policies, controls and procedures to mitigate and manage effectively the risks of money laundering and terrorist financing identified at the level of the Union, the Member State and the obliged entity and that those policies, controls and procedures are proportionate to the nature and size of the obliged entities.

49.      Therefore, the question arises as to how much leeway a banking institution has if it considers that its policies, controls and procedures would not be sufficient to effectively mitigate and manage the risk it has identified through measures proportionate to its nature and size. Does this scenario open up another legitimate case for refusal to open a payment account with basic features?

50.      I consider, as does the Commission, that Article 16(4) of Directive 2014/92 on the refusal to open a payment account with basic features if the opening of such an account would result in an infringement of the provisions on the prevention of money laundering and the countering of terrorist financing could serve as a basis for such a refusal in the event that the banking institution is unable to manage the risk of money laundering or terrorist financing. The EBA Guidelines expressly provide for such a case. (29)

51.      However, in its analysis to arrive at this decision, NKBM should have, in my opinion, taken into account several factors.

52.      In the first place, in favour of the decision to open a payment account with basic features, first, the EBA clearly states in its guidelines that offering only basic financial products and services restricts the ability of users to abuse these products and services for financial crime purposes. (30) Thus, the request to open a payment account with only basic features is likely to limit the risk. Second, as I have already noted, (31) the mere question of the cost of monitoring cannot justify refusing to open a payment account with basic features.

53.      In the second place, Directive 2015/849 clearly provides that, if, despite examining these factors, the banking institution considers it necessary to refuse to open such an account, its discretion is not unlimited. First, Article 48(8) of that directive states that ‘Member States shall ensure that competent authorities take into account the degree of discretion allowed to the obliged entity, and appropriately review the risk assessments underlying this discretion, and the adequacy and implementation of its internal policies, controls and procedures’. Second, Article 16(7) of Directive 2014/92 states that, where a banking institution refuses to open a payment account with basic features, it must inform the consumer of the procedure to submit a complaint against the refusal and of the consumer’s right to contact the relevant competent authority and designated alternative dispute resolution body. Consequently, the banking institution’s discretion is subject to the control of the competent authority of each Member State.

54.      In the present case, it will be for the referring court to assess whether risk factors other than inclusion in an OFAC list justified the decision to refuse to open a payment account with basic features and whether NKBM was in a position to ensure ongoing monitoring of the business relationship in the event of an account being opened.

55.      In conclusion, I propose that the answer to the first question referred for a preliminary ruling should be that Article 16(4) of Directive 2014/92, read in conjunction with the provisions of Directive 2015/849, must be interpreted as meaning that a banking institution may not refuse to open a payment account with basic features solely on ground that the name of the consumer applying to open such an account appears on an OFAC list. It is, however, for the national court to ascertain whether or not, under national law, account is expressly taken of inclusion in an OFAC list for the purposes of refusing to open a payment account with basic features.

V.      Conclusion

56.      In the light of all of the foregoing considerations, I propose that the Court answer the question referred by the Okrajno sodišče v Mariboru (Local Court, Maribor, Slovenia) as follows:

Article 16(4) of Directive 2014/92/EU of the European Parliament and of the Council of 23 July 2014 on the comparability of fees related to payment accounts, payment account switching and access to payment accounts with basic features, read in conjunction with the provisions of Directive (EU) 2015/849 of the European Parliament and of the Council of 20 May 2015 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing, amending Regulation (EU) No 648/2012 of the European Parliament and of the Council, and repealing Directive 2005/60/EC of the European Parliament and of the Council and Commission Directive 2006/70/EC, as amended by Directive (EU) 2019/2177 of the European Parliament and of the Council of 18 December 2019,

must be interpreted as meaning that a banking institution may not refuse to open a payment account with basic features solely on the ground that the name of the consumer applying to open such an account appears on a list of the Office of Foreign Assets Control (OFAC), part of the United States Department of the Treasury.

It is, however, for the national court to ascertain whether or not, under national law, account is expressly taken of inclusion in an OFAC list for the purposes of refusing to open a payment account with basic features.

1      Original language: French.

i      The name of the present case is a fictitious name. It does not correspond to the real name of any of the parties to the proceedings.

2      Directive of the European Parliament and of the Council of 23 July 2014 on the comparability of fees related to payment accounts, payment account switching and access to payment accounts with basic features (OJ 2014 L 257, p. 214).

3      Directive of the European Parliament and of the Council of 20 May 2015 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing, amending Regulation (EU) No 648/2012 of the European Parliament and of the Council, and repealing Directive 2005/60/EC of the European Parliament and of the Council and Commission Directive 2006/70/EC (OJ 2015 L 141, p. 73), as amended by Directive (EU) 2019/2177 of the European Parliament and of the Council of 18 December 2019 (OJ 2019 L 334, p. 155) (‘Directive 2015/849’).

4      Directive of the European Parliament and of the Council of 26 October 2005 on the prevention of the use of the financial system for the purpose of money laundering and terrorist financing (OJ 2005 L 309, p. 15). That directive was repealed and replaced by Directive 2015/849.

5      EBA/GL/2021/02, the ‘EBA Guidelines’. A new version of this guidance is currently in force, namely the EBA guidelines of 31 March 2023 on policies and controls for the effective management of money laundering and terrorist financing (ML/TF) risks when providing access to financial services (EBA/GL/2023/04).

6      Uradni list RS  Nos 7/18 and 9/18.

7      Uradni list RS, No 48/22.

8      For example, the Instructions for establishing business relationships with natural persons, the Customer acceptance policy, the Methodology applicable to restrictive measures and the Code of conduct.

9      ‘The Charter’.

10      It is noted that the basic features are set out in Article 17(1) of Directive 2014/92 and include, in particular, services enabling all the operations required for the opening, operating and closing of a payment account, services enabling funds to be deposited in a payment account, services enabling cash withdrawals in the Union from a payment account, and services enabling direct debit transactions, payment through a payment card or credit transfers within the Union.

11      See footnote 4 to this Opinion. See Article 16(4) of Directive 2014/92.

12      See first subparagraph of Article 16(5) of Directive 2014/92.

13      See Article 16(6) of Directive 2014/92.

14      See Article 16(7) of Directive 2014/92.

15      See footnote 4 to this Opinion.

16      See, in particular, Articles 5 and 18 of Directive 2015/849 and the judgments of 17 November 2022, Rodl & Partner (C‑562/20, EU:C:2022:883, paragraphs 46 to 48) and of 2 March 2023 PrivatBank and Others (C‑78/21, EU:C:2023:137, paragraphs 63 and 64).

17      See Article 15(1) of Directive 2015/849.

18      See Article 13(2) of Directive 2015/849.

19      See recital 22 of Directive 2015/849.

20      See point 35 of the present Opinion.

21      See, in particular, Article 6(1) of Council Regulation (EC) No 2580/2001 of 27 December 2001 on specific restrictive measures directed against certain persons and entities with a view to combating terrorism (OJ 2001 L 344, p. 70), which provides for the possibility of exceptions to the prohibition on providing financial services laid down in Article 2(2) of that regulation.

22      See Article 13(1)(d) of Directive 2015/849.

23      See EBA guidelines, point 2.3(b).

24      See EBA guidelines, point 2.5(a).

25      See EBA guidance point 2.5(b).

26      See EBA guidelines point 1.30(c).

27      See EBA Guidelines, point 3.2.

28      See EBA Guidelines, point 3.3.

29      See EBA Guidelines, point 4.66.

30      See EBA Guidelines, point 4.10(b).

31      See point 33 of the present Opinion.