.svg)
In March 2026, the US Federal Trade Commission (FTC) issued warning letters to four major payment companies for alleged debanking and deplatforming activities. The warning letters, which were sent to Visa, Mastercard, PayPal and Stripe, allege that the companies denied services to customers based on their political or religious beliefs rather than objective financial risks.
The FTC leveraged its Section 5 authority on unfair or deceptive acts or practices (UDAP) to warn the companies against violating their own terms of service (ToS) and acceptable use policy (AUP). In doing so, the warning letters signal a supervisory reorientation in financial services — one that places greater emphasis on fair access and objective risk-based standards, and reins in the use of reputationally driven derisking.
The bigger picture
Material derisking for banks has historically been driven by the anti-money laundering (AML) and know your customer (KYC) mandates of the US Financial Crimes Enforcement Network (FinCEN). This compliance strategy is typically characterised by defensive moves aimed at avoiding hefty regulatory penalties related to financial crime.
By contrast, some payment companies rely on ToS and AUP enforcement frameworks that may be applied in ways that introduce greater discretion, particularly where policies touch on subjective concepts such as misinformation or harmful content. With its warning letters, the FTC's pivot targets this exact behavior under Section 5, cracking down on ToS and AUP that are applied arbitrarily to suppress otherwise legal transactions.
The issuance of these warning letters aligns with a broader federal fight against debanking, including ongoing efforts to formally remove reputation risk from banking frameworks by prudential regulators, as well as through executive orders and pending legislation.
In October 2025, the Federal Deposit Insurance Corporation (FDIC) and Office of the Comptroller of the Currency (OCC) jointly proposed a rule to eliminate reputation risk from their supervisory programs. The proposal would prohibit the FDIC and OCC from criticising or taking adverse action against a financial institution on the basis of reputation risk. The proposal would also prohibit both regulators from requiring, instructing or encouraging a financial institution to close an account, to refrain from providing an account, product or service or to modify or terminate any product or service on the basis of a customer’s political or religious beliefs, as perceived to present reputation risk.
The Federal Reserve later proposed a rule, in February 2026, to codify the removal of reputation risk from its supervision of banks, following a previous decision to remove all references to reputation risk from its examination materials. According to the Federal Reserve, the proposal was issued in light of “troubling cases of debanking”, with the central bank further stating that "discrimination by financial institutions on these bases is unlawful".
Both proposals stem from President Trump’s Executive Order 14331 ("Guaranteeing Fair Banking for All Americans"), which directed regulators such as the FDIC, OCC and Federal Reserve to remove reputation risk considerations, prohibit politicised or religion-based debanking and reinstate affected customers.
Legislation introduced in the US Senate in recent months also aims to tackle the issue of debanking. The Fair Access to Banking Act, for example, would require financial services access to be based on impartial, risk-based analysis, not reputational favoritism. Meanwhile the STREAMLINE Act, which seeks to simplify Bank Secrecy Act (BSA) reporting requirements, would “cut red tape and modernise these requirements, so law enforcement can focus on real criminals — not debanking hardworking Americans”, according to its sponsors.
At the state level, new fair access laws now in effect have created a fragmented compliance map, where some state statutes now align with the broader federal trend toward stifling debanking. For financial institutions, this makes maintaining a uniform, national standard for account closures increasingly difficult. In Florida, for example, House Bill 3 and House Bill 989 prohibit financial institutions from denying, suspending or cancelling financial services to current or prospective customers, or otherwise discriminating against them, on the basis of their viewpoints. Like Florida, Tennessee’s fair access law, House Bill 2100, requires financial institutions to make determinations about the provision of services based solely on an analysis of material risk factors unique to the customer, and broadly prohibits debanking.
These combined federal and state actions suggest a reorientation of regulatory philosophy, where the provision of financial services is framed as a vital public service without the right of refusal for immaterial risks. As such, using ToS and AUP or reputation risk as a basis for closing customer accounts is becoming a liability for financial institutions — now that the focus of regulatory scrutiny has shifted from derisking to fair access. For financial institutions, this creates an immediate compliance challenge: navigating an environment where offboarding a customer could now present more regulatory risk than keeping them.
Why should you care?
Amid this regulatory pivot, financial institutions must balance the new mandate for fair access to their services against the risk of weakening established AML and KYC safeguards. However, the impact of this tension depends heavily on the financial institution’s business model.
Unlike banks, payment companies have emerged as an early focus of the FTC’s current consumer protection efforts. This direct scrutiny means payment companies must immediately re-evaluate their ToS and AUP to ensure account termination clauses are neither unfair or deceptive nor inconsistently applied. If derisking decisions are deemed arbitrary or viewpoint-based, payment companies face immediate enforcement risks. While the FTC’s initial warning letters target major players in the payments space, smaller payment companies should prepare for a potential second wave of downstream scrutiny. Complying with new anti-debanking expectations will introduce significant operational complexity. Specifically, payment companies should consider implementing neutrality audits to prove their ToS and AUP enforcement is objective — a difficult friction point to manage in high-velocity, high-volume transaction environments.
For banks, recent developments at the FDIC, OCC and Federal Reserve signal the end of the "reputational shield". Compliance teams can no longer comfortably use reputation risk as a catch-all justification for offboarding legal, albeit commercially unfavorable, clients. This creates a complex balancing act: banks must continue to meet FinCEN’s strict mandates to block illicit actors and prevent financial crime, while simultaneously navigating a new environment that demands neutrality and fair access under FTC supervision. If regulators determine a bank's derisking strategy is arbitrary or viewpoint-based rather than tied to objective financial risk, it faces heightened enforcement liabilities.
For both payment companies and banks, the FTC’s warning letters — which represent a more assertive application of its Section 5 enforcement authority — alongside the broader federal and state push against debanking call for a fundamental rethinking of risk management practices. Historically, compliance programs were built to aggressively derisk to avoid penalties associated with financial crime. Now, financial institutions face the competing threat of consumer protection enforcement for derisking too aggressively or arbitrarily.
As evidenced by the FTC’s warning letters, regulators are actively looking for inconsistencies that point to debanking. If a financial institution applies its ToS and AUP unevenly or uses it as a pretext for viewpoint discrimination, for example, it could trigger costly FTC investigations and enforcement actions, as evidenced by the FTC’s US$4.9m and US$3m settlements with First American Payment Systems and FloatMe, both non-bank financial service providers. This creates a heavier burden of proof for risk-based offboarding decisions, where financial institutions must now be prepared to prove that any decision to deny or terminate service is based on objective, quantifiable financial risk or illegal customer activities.
US regulators are not acting in a vacuum; in April 2026, the UK Treasury introduced stricter rules to root out debanking, requiring clear explanations and 90-day notice periods for account closures. As international momentum builds, multinational financial institutions may face a future where fair access is universally enforced, and ideological debanking carries significant cross-border regulatory consequences.
Next steps
As regulatory scrutiny shifts toward ensuring fair access, financial institutions must move from high-level policy review to operational preparedness by considering the following steps:
- Audit derisking policies. Conduct a comprehensive review of existing offboarding frameworks to ensure they rely strictly on objective, quantifiable AML and KYC risks rather than subjective viewpoint-based or reputational concerns.
- Update risk appetite statements. Revise institutional risk appetite statements to formally remove reputation risk as a standalone justification for denying or terminating customer accounts, aligning with recent prudential guidance and executive orders.
- Conduct legal review of state fair access standards. Map your operational footprint against the fragmented landscape of state-level fair access laws to ensure regional offboarding procedures comply with local debanking prohibitions.
- Clarify ToS and AUP under Section 5. Review and revise external ToS and AUP to eliminate vague or subjective clauses on misinformation or "harmful” content that the FTC could target as unfair, deceptive or inconsistently applied under its Section 5 authority.
- Provide neutrality training to personnel. Train frontline compliance staff, risk committees and customer service teams on new regulatory expectations, ensuring they understand the legal necessity of impartial, viewpoint-neutral account evaluations.
- Document derisking justifications. Establish a rigorous, evidence-based documentation process for all account closures, ensuring all offboarding decisions are backed by a clear audit trail that demonstrates material financial risk or illegal customer activity to satisfy potential regulatory reviews.
- Implement a robust customer appeals process. Create a clear, transparent mechanism for customers to challenge account suspensions or terminations, mitigating consumer complaints that often trigger FTC scrutiny.
- Evaluate third-party and vendor alignment. Assess the derisking practices of your commercial partners and downstream vendors, preventing exposure to fair access violations.
