By: Money Navigator Research Team
Last Reviewed: 19/01/2026
FACT CHECKED
Quick Summary
UK banks routinely run “compliance reviews” to refresh customer due diligence (KYC) and to meet ongoing anti-money laundering and counter-terrorist financing obligations (AML).
If the bank’s monitoring flags something that needs checking – or if it cannot complete a periodic review – it may restrict parts of a business account while information is requested and assessed.
Restrictions can range from limits on outbound payments to a broader freeze, and the bank’s updates may be minimal because of legal and regulatory constraints around suspicious activity reporting and investigation integrity.
This article is educational and not financial advice.
What a “bank compliance review” actually is
A compliance review is the bank re-checking whether it has enough, up-to-date information to understand:
Who controls/benefits from the business (ownership and beneficial ownership)
What the business does (products/services, customers, geographies)
How money typically moves (expected volumes, counterparties, payment types)
Whether activity still matches the risk profile on file (ongoing monitoring)
These checks sit within the UK’s AML framework, including customer due diligence and ongoing monitoring obligations described in the Money Laundering Regulations 2017 (UK statutory instrument PDF) and industry guidance such as JMLSG Part I (both linked below). Banks also follow regulator expectations on systems and controls, including the FCA’s published materials (linked below).
Key point: a compliance review is often procedural, not an accusation. It can be triggered by routine refresh cycles as well as by unusual activity patterns.
Money Laundering Regulations 2017 (UK statutory instrument PDF): The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (PDF)
Industry guidance (PDF): JMLSG Part I guidance (June 2023, July revision)
FCA publication: PS24/17: Financial Crime Guide updates
Why restrictions happen during KYC/AML checks
Restrictions are a risk-control tool. Banks may restrict activity when they cannot confidently complete due diligence or when transaction monitoring indicates the bank needs to pause certain movements until checks are done.
Common drivers include:
1) Periodic KYC refresh is overdue or incomplete
Banks regularly re-validate KYC details. If they can’t obtain required information in time (or records are inconsistent), they may limit functionality until the file is current.
2) Event-driven review triggered by activity changes
Examples can include abrupt shifts in volume, new counterparties, unusual payment corridors, large cash-like flows, or activity that does not fit the stated business model.
3) “Source of funds / source of wealth” questions
Where risk changes, banks may ask where funds are coming from and why volumes look the way they do, particularly if patterns shift materially from what was expected under the account’s profile.
4) Suspicious activity handling constraints
Where the bank forms suspicion, the legal and operational workflow can limit what it can say and when it can process certain transactions.
Government guidance explains the broader SAR/DAML concepts and timelines at a high level (linked below). HMRC’s supervision handbook also summarises how SARs and DAML work in practice (linked below).
GOV.UK guidance: Tell us about suspicious activity that may be linked to money laundering
HMRC manual: Economic Crime Supervision Handbook – Making Referrals and Suspicious Activity Reports (SARs)
Home Office guidance: Money laundering reporting obligations and DAML-related exemptions
What “restricted” can look like in practice
Restrictions are not one-size-fits-all. Banks can apply:
Outbound controls (eg some bank transfers blocked or queued)
Limits on new payees or higher verification steps
Card or cash feature limits (depending on product design)
Temporary holds on specific transactions pending checks
Wider account access limits (sometimes described as a freeze)
It’s also important to separate a compliance restriction from other causes of account disruption (for example, tax enforcement action). If that distinction matters in your case, see: HMRC enforcement vs bank compliance freezes.
Summary Table
| Scenario | Outcome | Practical impact |
|---|---|---|
| Routine KYC refresh overdue | Features may be limited until documents/data are updated | Payments may be delayed; some functions may require manual review |
| Activity deviates from expected profile | Event-driven review; additional questions raised | New payees/transfers may be blocked; higher friction for outbound payments |
| Counterparty or geography risk escalates | Enhanced review; extra verification steps | International payments or certain counterparties may be paused |
| Suspected financial crime risk flagged | Narrow or broad restrictions while internal processes run | Communication may be minimal; timelines can be uncertain |
| Third-party payment flows complicate tracing | More evidence requested to map funds flow | Card settlement or payouts may not reconcile cleanly, increasing delays |
Why banks can be vague during a compliance review
Businesses often find the most frustrating part is the lack of detail. There are a few structural reasons this can happen:
Investigation integrity: banks avoid disclosing information that could prejudice internal checks or external reporting pathways.
Standardised communications: many firms use templated wording to avoid over-disclosing.
Multi-team workflows: frontline support may not have visibility into compliance case notes or decision logic.
This is one reason restrictions can feel “sudden” even when a bank’s monitoring has been building a picture over time.
What banks commonly ask for during these reviews
Banks’ requests vary by sector and risk profile, but they often seek evidence that explains business reality and funds flow. Typical categories include:
Business identity and control: ownership details, directors/PSCs, group structure
Trading evidence: invoices, contracts, sales channels, supplier arrangements
Funds flow mapping: where money comes from, where it goes, and why
Tax and compliance context: VAT registration context, payroll patterns, or regulatory permissions (where applicable)
For a practical list of documents that banks commonly request in disruption scenarios, see: Documents banks ask for when considering account closure. (Even though that guide is framed around closure decisions, the document types frequently overlap with restriction-stage reviews.)
How restrictions affect payments and day-to-day operations
Incoming payments
Inbound payments may still arrive in many restriction scenarios, but outcomes vary by product and by the specific restriction type. If you need the “what happens next” mechanics, see: Difference between a frozen and closed business bank account.
Outgoing payments and payroll
Outbound restrictions can create timing and reconciliation issues (supplier payments, payroll runs, tax payments). Where payroll continuity is the main operational concern, see: Payroll when a business account is closing or restricted.
Card processors and payout platforms
Even when the bank restriction is the “root cause”, payment processors may apply their own controls (for example, holding payouts while they reassess risk or bank account stability). For the processor side of the picture, see: Why payment processors hold payouts during account restrictions.
Scenario Table
| Scenario-level | Process-level | Outcome-level |
|---|---|---|
| Data gap (KYC file outdated) | Bank requests refresh; case queued for verification | Restrictions lifted once KYC is complete and internally approved |
| Pattern shift (new activity/volumes) | Monitoring alert > analyst review > questions on rationale and evidence | Restrictions may narrow (eg outbound only) or persist pending clarity |
| Complex funds flows (marketplaces, intermediaries) | Bank asks for end-to-end flow documentation and counterparty mapping | Longer review cycles are more likely, with staged unfreezing |
| Suspicion threshold reached | Internal escalation and reporting pathways; comms constrained | Updates may remain generic; restrictions can continue until processes conclude |
| Multiple institutions involved | Bank, processor, and counterparties each run checks separately | Resolution may be non-linear; one party unblocks before another |
Compare Business Bank Accounts
Different providers implement compliance reviews differently (for example, how document upload works, whether there is in-app case messaging, and how quickly restrictions are applied/relaxed once checks complete).
If you want a neutral feature-by-feature overview of UK options, see our business bank accounts comparison hub. This is informational and does not account for your specific circumstances.
Frequently Asked Questions
Not always. “Freeze” is often used as a catch-all term, but many restrictions are partial (for example, outbound payment limits) rather than a full inability to use the account.
The operational difference matters because partial restrictions can still allow inbound funds or certain payment types. For a clearer distinction in plain English, see: Difference between a frozen and closed business bank account.
A bank compliance restriction and an HMRC enforcement action are different mechanisms, even if the user experience feels similar (money becomes difficult to move).
Where the distinction is relevant, it can change what information exists, who can authorise release, and why communications look the way they do. See: HMRC enforcement vs bank compliance freezes.
There isn’t a single standard duration because restrictions can be driven by different triggers: missing KYC refresh items, an event-driven monitoring alert, or more complex internal workflows.
Public guidance describes certain SAR/DAML concepts and timelines in specific contexts, but banks’ end-to-end case handling time can still vary based on complexity, evidence quality, and internal queues. The GOV.UK overview is here: Tell us about suspicious activity that may be linked to money laundering.
Banks often limit detail to avoid revealing monitoring logic, internal thresholds, or information that could prejudice internal or external processes.
In higher-risk situations, communications can remain generic by design. HMRC’s handbook summarises why SAR/DAML concepts exist and how they operate in practice: Economic Crime Supervision Handbook – SARs and DAML.
Evidence usually needs to explain the business model and reconcile the funds flow with what’s visible in the account (sales evidence, supplier costs, counterparties, and the reason for any changes in activity).
The exact list varies, but many requests fall into repeatable categories. This guide summarises common document types banks request in disruption scenarios: Documents banks ask for when considering account closure.
Some businesses can continue to trade in a limited way (for example, where inbound payments still settle), while others find core operations impaired (supplier payments, payroll, tax payments).
Operational viability depends on the restriction type and the reliance on the account for settlement. The operational angle is covered here: Can a business still trade if a bank account is frozen?.
Card acceptance and settlement depend on the acquiring/processor arrangement, the merchant’s risk profile, and whether the settlement bank account is considered stable and usable.
Even when the bank is the primary issue, processors may independently hold payouts while they reassess risk or wait for confirmation that settlement can complete. See: Why payment processors hold payouts during account restrictions.
Some restrictions prevent the creation of new payment instructions while allowing existing ones to run; other restrictions block outbound movement more broadly.
Because impacts vary by restriction type and provider, the practical scenarios are covered in: Direct Debits & standing orders when a business account is frozen.
In practice, some businesses try to open an additional account to maintain continuity, but acceptance depends on the new provider’s onboarding checks and the business’s profile.
This topic has its own guide, including operational constraints and typical friction points: Can you open a new business bank account if one is frozen?.
Banks typically have internal complaint pathways, and some businesses may be eligible to take certain disputes to the Financial Ombudsman Service (eligibility depends on the complainant category and size thresholds).
The Ombudsman’s small business eligibility information is here: Who the Financial Ombudsman can help (small business). General complaints process information is here: How to complain (Financial Ombudsman Service).
Most “compliance review” pain comes from a hidden mismatch: banks operate on a model of expected behaviour for each account, while many real businesses evolve faster than that model updates.
The restriction is often less about a single transaction and more about the bank’s need to re-establish a defensible narrative: who is involved, what the business does, and whether current money movement is consistent with that story.
When the bank can’t reconcile the account’s activity to the profile it must maintain under AML rules and supervisory expectations, it reduces optionality by restricting functionality until that narrative is rebuilt and signed off internally.
Sources & References
Money Laundering Regulations 2017 (UK statutory instrument PDF)
JMLSG Part I guidance on customer due diligence and ongoing monitoring (PDF)
GOV.UK guidance on reporting suspicious activity and defence concepts
HMRC Economic Crime Supervision Handbook: SARs and DAML overview
Home Office guidance on money laundering reporting obligations and DAML exemptions