top of page

Your bank hates crypto? Here’s why they freeze accounts


Your bank hates crypto? Here’s why they freeze accounts
Your bank hates crypto? Here’s why they freeze accounts

What’s the real problem

De-risking happens when a bank seeks to limit (or cut, as the case may be) relationships it perceives, at its discretion, as high risk. This logically includes remittances, NGOs, and, among many other things, cryptocurrencies.


Various authorities such as the EBA (European Banking Authority) and the FATF (Financial Action Task Force) have been saying for many years that the sensible approach would be risk-based with graduated measures and not prohibitions of a sector per se (we can’t single out the crypto world just because). In fact, in 2022 the EBA insisted that indiscriminate de-risking seriously harms financial inclusion.


What changed in 2025?

As you already know, CASPs (that is, licenses granted by competent governmental entities aligned with MiCA, such as the CNMV) are in a transition period. Until very recently it was enough for the exchange to be registered with the Bank of Spain, but now all of them need an ad-hoc license (CASP). In this regard, the European Union allows this transition until July 2026, but Spain in particular set a shorter deadline, until December 30 of this year.


This means that, as of today, many exchanges operate “in transition,” which makes banks tighten controls further.


In 2024, the EBA extended its criteria on money laundering and terrorist financing (ML/TF in English, or PBC/FT in Spanish) regarding CASPs, bringing much more focus on ownership, on/off-ramps, and custody. This, according to them, will lead to better traceability. They are the practical “how” for PSPs/CASPs to manage originator/beneficiary data in transfers of funds and crypto.


On the other hand, we have the European Union’s Travel Rule. This is a regulation that, from December 30, 2024, requires banks and CASPs to report the originator and beneficiary data in crypto transfers (the same as happens with bank transfers, but now for crypto).


How a bank decides

For a bank to make a decision about a customer, it needs to assess them based on different layers:


First, there is customer risk; here what they look at most is economic coherence and the famous KYC. That is, that the volumes you move are consistent with your age, activity, and income.


Is there banking history? Are there pattern changes? Do we have the tax origin of the funds? These are typical questions they will ask about your profile.


On the other hand, there is counterparty risk (that is, the Exchange/CASP). They will look at whether it is authorized under MiCA, whether it holds a license or is in the transition period, whether it can send and receive information in compliance with the Travel Rule. They will also look at which jurisdiction the company comes from and what kind of country it is (a Spanish exchange if you live in Spain is not the same as an exchange from a country outside Europe).

Lastly, there is transactional risk; that is, whether within the activity there are atypical amounts, a transaction larger than usual, P2P activity, any bridge to questionable jurisdictions, relationships with mixers, etc.


Common triggers

  • Misaligned ownership: The bank or the CASP, as the case may be, must know whether you are acting on your own account or not, and who really controls that account or wallet. If the holder does not match the exchange account, for example, the risk rises markedly.

  • Amounts inconsistent with your economic capacity: This is one of the most common reasons. If there is inconsistency in amounts or volumes relative to your profile (income, activity, assets), what’s called a Special Examination applies (under Art. 17, the activity is analysed with special attention, everything is documented in writing, and the analysis is left at the authority’s disposal).

    If, after the examination, there are indications of money laundering, the bank notifies SEPBLAC.The general rule indicates that the bank must immediately stop the operation, not execute it.Be very careful, since the bank cannot tell you that it has carried out these interventions. It is forbidden to disclose to the client or to third parties communications to SEPBLAC for possible laundering.

  • Use of mixers: Another classic trigger is when it is verified that the customer has used mixers in their activity. These anonymization tools are red flags for any bank or CASP. It’s not illegal per se, but in compliance’s view, it raises the risk and demands more scrutiny of the specific customer.

  • Use of sanctioned countries: This is common when P2P operations are carried out. If a specific wallet is linked to sanctioned persons or entities, any money flow from the compromised account to your account naturally sets off alarms.


Account freezes

Keep in mind that today the processes we’ve mentioned are performed by automated platforms. That is, when your deposit arrives, the CASP or the bank runs the tx-hash (and other details) through blockchain analytics that label your activity according to certain criteria (exchanges, illicit markets, mixers, sanctioned addresses), calculating risk.


They also look at who is sending you the money (whether it’s an authorized CASP or not), whether it comes from a suspicious jurisdiction, whether it has had prior incidents, etc.


When these triggers fire, the most common outcome is the well-known account freeze. It remains “under review” and they demand proof of funds (known in the space as SoF/SoW) and traceability (receipts, tx-hash, etc.).


Whether the request is accepted or rejected will largely depend on the evidence you provide.


If it is rejected and there are indications of something suspicious, as we’ve said, immediate notice is given to SEPBLAC. And as you know, they are not going to inform you that SEPBLAC has been notified.


Rights you have as a user when accounts are frozen

The first thing you must keep in mind is that if the provider refuses to execute a payment order, first of all they must notify you of the refusal, explain the reasons, and indicate the correct procedure to correct possible errors (this last part has exceptions—for example, when the regulation forbids communicating it; that is, except for security exceptions, they should indicate the correct procedure).


And what happens if they don’t tell me anything and freeze my account?

First, save screenshots or the message showing that the operation was rejected, with the date and time, and the operation reference (if any).


Then, request in writing the reasoning for the refusal and how to remedy it, citing Art. 51 of Royal Decree-Law 19/2018.


Remember what they’re looking for: matching ownership between bank and exchange, own wallets, and proof of funds (pay slips, personal income tax return, bank statements for the last 90 days, TXID, etc.).


If they don’t respond, or they give you an insufficient response, escalate to your bank’s SAC/Customer Ombudsman. This step is mandatory before moving to a higher body. For payment services claims (such as transfers or cards) they have 15 business days to respond by law. If they don’t answer you or you’re not convinced, then we go to the Bank of Spain.


If there is no response, we go to the Bank of Spain; the BdE’s own website gives us a step-by-step:https://clientebancario.bde.es/pcb/es/menu-horizontal/podemosayudarte/consultasreclama/comorealizarrecl/?utm_source=chatgpt.com


Here you must attach your ID, the prior SAC claim, and the documentation evidencing the rejection, plus the evidence needed to obtain the supporting justification.


Do NOT ask for things by phone or WhatsApp; leave a visible trail that will later serve as proof.


How do we avoid bank account blocks?

There are a series of good practices that help you minimize those risks. First, make sure that the account you operate from follows a logic: from your bank, to the exchange, and from there to your wallet. And to divest, you do what is known as a “return to origin,” that is, from the same exchange back to the same bank that made the initial deposit.


Keep a folder handy with a small AML pack on your activity:

  • Income, such as pay slips, IRPF (Form 100) and bank statements.

  • Crypto tax report, with on-ramp history, TXIDs, exchange reports, etc.

  • Screenshots.

  • A short Word document or PDF outlining the process at a high level.


As far as possible, operate with platforms authorized under MiCA, that is, CASPs, or that are in the transition process; this helps a great deal and avoids red flags for you.


If they ask you questions or issue a requirement, it is always essential to present the closed pack with all the information ready. This is always a very good sign for compliance officers.


Everything we’ve discussed today is, ultimately, risk management. By doing things as clearly as possible you reduce friction and gain predictability.


See you next time!

 
 
 

Comments

bottom of page