On 11 June 2026, the Court of Justice of the European Union (the “Court”) delivered its judgment in Case C-81/24, Jenec. The case concerned the relationship between the right of access to a payment account with basic features under Directive 2014/92/EU (the “Payment Accounts Directive”) and the AML/CFT obligations imposed on financial institutions under Directive (EU) 2015/849 (the “AML Directive”).

The Court held that a bank may not refuse to open a payment account with basic features solely because the applicant appears on a sanctions list issued by a third country, such as the United States Office of Foreign Assets Control (OFAC). While such a designation may constitute a relevant risk factor, refusal must be based on an individual assessment demonstrating that the relevant AML/CFT or sanctions-related risks cannot be adequately managed through proportionate measures.

The Court’s approach

Jenec concerned a consumer legally resident in the European Union (EU) who applied to open a payment account with basic features. The Slovenian bank refused the application on the basis that the consumer appeared on an OFAC list, although he was not subject to United Nations (UN), EU or Slovenian sanctions and had not been convicted of the offence connected with the listing.

The Court confirmed that EU law grants legally resident consumers the right to open and use a payment account with basic features. This right is connected to financial inclusion and access to essential payment services, but it remains subject to compliance with AML and counter-terrorist financing rules. Where opening the account would breach those rules, refusal may be justified.

The central issue is the basis on which that conclusion is reached. The Court rejected the proposition that inclusion on a third-country sanctions list can automatically replace the bank’s risk assessment. The relevant assessment must consider the individual customer, the nature of the account requested, the intended use of the account, expected transactions, source of funds, customer explanations and the controls available to manage any identified risk. The legal question is therefore not simply whether the customer appears on a list, but whether, following an individual and documented assessment, the institution can manage the risk in a proportionate manner.

The Advocate General’s opinion

The Advocate General’s Opinion on Jenec, delivered on 04 September 2025 (the “Opinion”) assists in understanding the Court’s reasoning. The Payment Accounts Directive protects access to payment accounts with basic features and recognises that AML rules should not become a pretext for rejecting customers because the relationship is difficult or unattractive. The AML Directive, by contrast, establishes the AML framework around a holistic, risk-based approach.

The Opinion also referred to the European Banking Authority’s risk factor guidance, under which reputation, adverse information, government information and prior asset freezes may be relevant risk indicators. At the same time, an isolated risk factor does not automatically determine the final risk category, as firms are expected to take a holistic view of the relevant circumstances.

On that basis, an OFAC listing may justify enhanced due diligence, escalation, further information requests, closer monitoring or restrictions on the use of an account. In some cases, it may support refusal where, following an individual assessment, the institution concludes that the relevant risks cannot be adequately managed through proportionate measures. The significance of the designation will depend on the nature of the sanctions programme, the activities of the customer, the services requested and the institution's own exposure through correspondent banking relationships, US dollar clearing arrangements, contractual obligations imposed by foreign banking partners, reputational considerations and potential secondary sanctions risk. What it cannot do, without more, is automatically determine the legal outcome under EU law. This is especially relevant where the requested product is a payment account with basic features, since the limited functionality of that product forms part of the proportionality analysis.

Cyprus perspective

For Cyprus practice, the judgment is relevant for two connected reasons.

First, access to a payment account with basic features is not only an EU law concept. Cyprus transposed the Payment Accounts Directive through Law 64(I)/2017, with the Central Bank of Cyprus (CBC) acting as the competent authority for implementation. This means that account refusals fall within a Cyprus regulatory framework, and not merely within a bank’s commercial discretion.

Second, Cyprus has recently strengthened its AML and sanctions framework. Law 150(I)/2025 established the National Sanctions Implementation Unit, Law 149(I)/2025 criminalises violations of EU restrictive measures, and the CBC AML/CFT Directive of 2025 reinforces the expectation that supervised institutions maintain effective systems for managing AML/CFT risk.

Read together, these developments make the correct identification, classification and assessment of sanctions and AML/CFT risk particularly important.

The approach adopted in Jenec is also consistent with the CBC AML/CFT Directive of 2025. The Directive expressly provides that institutions should not implement policies and controls in a manner that results in the general refusal or termination of business relationships with entire categories of customers perceived as presenting higher money laundering or terrorist financing risk. Instead, institutions are expected to assess each business relationship individually, document their decisions, consider alternative risk mitigation measures and ensure that any refusal or termination is proportionate and justified. This reflects the broader risk-based methodology embedded throughout the Directive, under which risk factors inform the assessment but do not automatically determine the outcome. The same approach applies where the concern arises from a third-country designation, such as an OFAC or UK sanctions listing: the designation may be highly relevant, but it does not remove the need for an individual and documented assessment.

In practice, a Cyprus bank or payment institution should be able to explain why an account has been refused. A file that simply records that the customer is “OFAC listed” may not be sufficient where the requested product is a basic payment account and there is no EU, UN or Cyprus designation. The institution should be able to point to the customer-specific risk assessment, the expected account activity, the relevant geographic or sanctions exposure, the information obtained, the controls considered and the reasons why the risk could not be managed.

Conclusion

The Jenec judgment is best understood as a proportionality judgment within the EU framework for financial inclusion and financial crime compliance. For Cyprus, its importance lies in the discipline it brings to sanctions and AML decision-making at a time when the domestic framework has become more rigorous, particularly following the 2025 AML and sanctions developments and the criminalisation of EU sanctions breaches.

Jenec confirms that third-country sanctions designations may be significant risk factors, but they do not automatically determine the outcome where EU law protects access to a basic payment account. Cyprus institutions should therefore ensure that any refusal is based on an individual, documented and proportionate assessment.

Disclaimer

This publication is for general information only and does not constitute legal advice.

Co-authors:

Kyriaki Stinga – Advocate / Partner

Adonis Zachariou – Advocate / Associate

Dorina Mastora - Deputy Compliance Officer