Search
Choose a style
Dark
Light
Time to read: 9 min

Locked out: Why UK banks are blocking your money

UK payments: Are firms ready for CASS 15 deadline?
UK payments: Are firms ready for CASS 15 deadline? Image credit: Shutterstock

New fraud liability rules have given UK banks every incentive to block legal transactions. The result is that 40% of crypto payments are being blocked, and customers pay the price

Across the UK, banking customers are discovering they cannot move their own money.

Transfers to digital banks are being blocked, and cryptocurrency transactions are being declined. People with years of spotless banking history are finding themselves stuck on hold, trying to make sense of why a payment was flagged.

According to a 2026 survey by the UK Cryptoasset Business Council, approximately 40% of all cryptocurrency transactions are now being blocked or delayed by UK banks. 

One exchange reported nearly £1bn ($1.3bn) in declined transactions from UK customers in the past year alone. An estimated 35% of affected customers have responded by switching banks entirely.  

The October 2024 shift

On 7 October, 2024, the Payment Systems Regulator‘s (PSR) mandatory reimbursement requirement came into force (the UK government is now in the process of folding the PSR into the FCA). Under the new rules, banks became liable for up to £85,000 every time a customer falls victim to authorised push payment (APP) fraud – where criminals trick people into authorising payments to accounts they control.

Jess Houlgrave, CEO, WalletConnect. Image credit: LinkedIn

The Financial Conduct Authority (FCA) reinforced the message in a ‘Dear CEO’ letter sent the following day. “Under the Consumer Duty, firms must avoid causing foreseeable harm,” the regulator stated, naming APP fraud as a specific example of that harm.

The effect was to transform banks from institutions which process payments into institutions that are financially on the hook for them. For every outgoing transfer, the question was no longer just whether to send it, but whether the bank was prepared to carry £85,000 of liability if something went wrong.

UK consumers lost over £329m to cryptocurrency scams in 2022 alone, making crypto transfers the highest-risk category in the new liability framework.

“APP liability has turned banks into de-facto ‘gatekeepers’ of lawful commerce,” says Jess Houlgrave, CEO of WalletConnect

Speaking to Payment Expert, she said that “when you make a bank financially responsible for what happens after a transfer, the rational response is to reduce exposure – and that means blanket friction for whole categories (digital banks, crypto platforms), not just high-risk customers.”

Who controls the rails

The CMA9 – the nine largest banks operating in the UK (AIB Group (UK), Bank of Ireland, Barclays Bank, HSBC Group, Lloyds Banking Group, Nationwide Building Society, Northern Bank trading as Danske Bank, NatWest Group, and Santander UK – control the infrastructure which processes the vast majority of UK payments. 

Together they serve 99.9% of the UK population and operate the core payment rails: SWIFT, the Faster Payments System, and CHAPS. As a result, they also face the highest level of FCA scrutiny and bear the full weight of the APP fraud reimbursement requirement.

Digital banks like Monzo are FCA-authorised but sit outside the CMA9, operating under different oversight tiers. This creates a compounding risk for traditional banks in that they’re not just liable for fraud on their own platforms, but for any transfer which quickly exits their regulatory ecosystem. 

A payment travelling from a CMA9 bank to a digital bank to a cryptocurrency exchange exposes the originating institution to £85,000 of liability at each step – even if the fraud occurs at an institution with different regulatory obligations.

“The challenge when it comes to APP fraud, or scams, is that you have to look beyond the identity of the user, to what a bank can infer of their intent,” Alisdair Faulkner, CEO and Co-founder of Darwinium tells Payment Expert.

“After all, the legitimate account holder may be under the spell of a social engineering scenario, such as a romance scam or a pig-butchering scenario, and be unaware of the intended consequences of their transfer.”

The destination and the intent of a payment, it turns out, matter as much as the amount.

How banks responded

The specific limits vary, but the pattern is consistent: hard caps on cryptocurrency-related transfers, with little room for case-by-case judgment. NatWest implemented limits of £1,000 per day and £5,000 per 30-day period in March 2023. Santander imposes £1,000 per transaction with a £3,000 monthly limit. 

HSBC and Barclays allow £2,500 per transfer and £10,000 over 30 days for bank transfers, though Barclays went further in June 2025 by also blocking all Barclaycard crypto purchases outright. 

Chase UK, Metro Bank, Starling Bank, TSB, and Virgin Money maintain outright blocks on both bank transfers and debit card payments to cryptocurrency exchanges. 

The Payment Services Regulations 2017 (PSR) give banks legal authority to delay payments for up to four business days if they have “reasonable grounds to suspect fraud or dishonesty.” Risk factors include transaction amount, destination, whether the payee appears linked to criminality, and critically, the type of receiving institution.

Pavel Efremov, Director, FinchTrade. Image credit: LinkedIn

“The problem is the broken trust signals across the payment journey,” Houlgrave adds. “FCA registration and compliance don’t reliably translate into sufficient machine-readable risk context at the moment a bank decides to block or allow a payment. Without better real-time attestation, banks will default to ‘no’ even when the end destination is legal and regulated.” 

Pavel Efremov, Director at FinchTrade, adds: “Banks are not acting irrationally. They are acting exactly as the incentives tell them to. The problem is that the incentives were designed without thinking about what registered crypto firms actually are.”

The result: widespread blocking

The cumulative effect of this is proving a real point of friction between banks and their customers. The UK Cryptoasset Business Council survey, which covered ten major centralised exchanges including Coinbase, Kraken, OKX, Gemini, and Bitpanda, found 80% of platforms reporting increased customer friction over the past year. Perhaps most striking is that 70% of exchanges described the UK banking environment as becoming “more hostile” compared to twelve months ago.

The FCA reported that 12% of UK residents now own cryptocurrency, up from 10% previously. Access to the 59 crypto companies on the FCA’s cryptoasset register – all operating legally – is being restricted through the banking layer, regardless of their regulatory status.

Dan Wyatt, Partner, RPC. Image credit: LinkedIn.

Dan Wyatt, Partner at law firm RPC, says: “Banks are clearly being much more cautious and risk-averse when assessing transactions now that they are, for payments caught by the mandatory reimbursement scheme. 

“The stark figures around the number of crypto-related cash transactions now being blocked demonstrate this dramatic shift and the effectiveness of the regime from a consumer-protection perspective.

“Conversely there will also be many UK consumers who are frustrated by the caution now exercised by banks in blocking legitimate transactions relating to crypto; crypto exchanges will of course also be very frustrated.

“The mandatory reimbursement scheme therefore continues to represent a difficult balancing act between consumer protection and business interests.”

“The data shows clearly that it is now much more difficult to make transfers of fiat currency if the transfers are ultimately for crypto-related purposes, and will continue to have the effect of limiting access to crypto in the UK. 

“However, overall that is probably a price worth paying in the interests of consumer protection. Banks which are seen as being more willing to approve crypto-related payments are therefore likely to acquire more customers from the cohort of those looking to make them.”

Houlgrave goes a step further, claiming blocked crypto payments are pushing users “into worse outcomes”. 

“When customers can’t access regulated routes, they look for workarounds – smaller split transfers, less transparent channels, offshore providers – which can increase fraud risk and reduce the visibility banks and regulators need,” she adds.

The impossible balance

Banks are now caught between two regulatory obligations with no clean resolution. The FCA’s Consumer Duty law, which came into full effect in July 2024, requires firms to deliver good outcomes for customers and avoid foreseeable harm.

Block a legitimate transaction to an FCA-registered platform, and a bank potentially breaches consumer duty by cutting customers off from legal services. Allow a fraudulent transaction through, and it triggers an £85,000 mandatory reimbursement plus potential enforcement action for inadequate fraud controls.

So, while over-blocking could costs customer goodwill, under-blocking may cost £85,000 a time, plus regulatory scrutiny and potential enforcement. Given that choice, the direction banks chose to adopt makes sense.

A contradiction at the heart of policy

The tension between regulatory requirements and potential consumer duty breaches could derail government ambition. HM Treasury published its National Payments Vision in October 2024, explicitly positioning the UK as a hub for digital finance innovation. The government is developing regulatory frameworks for stablecoins and digital securities, actively trying to attract crypto businesses.

Yet the banking layer is blocking 40% of cryptocurrency transactions, including to fully regulated, FCA-registered platforms. The UK Cryptoasset Business Council has suggested this may breach Regulation 105 of the Payment Services Regulations 2017, which requires case-by-case assessments rather than categorical restrictions.

“The way forward is smarter permissions, not blanket bans,” Houlgrave believes. “The UK can protect consumers and support its digital finance ambition by enabling standards for verified recipient identities, stronger beneficiary confirmation, and user-consented security flows – so banks can manage APP exposure while customers can still move their money to regulated services.”

Where the money is going instead

The blocking is playing a role in customer migration to neobanks. As traditional banks tighten restrictions, cryptocurrency-related banking activity is concentrated in a small number of digital platforms, primarily Revolut and Monzo.

This creates a potential fragility in the future. If either platform faces regulatory challenges, operational problems, or simply decides to exit the crypto market, large segments of UK customers could lose banking access overnight. 

Policies intended to spread liability may be manufacturing a new point of systemic failure by concentrating crypto banking into just two institutions.

Meanwhile, traditional banks are losing the customers they can least afford to lose: younger, digitally native individuals who represent decades of potential value. Those customers are heading for digital-only institutions and, in many cases, not coming back.

Each institution is protecting itself from potential £85,000 losses multiplied across thousands of customers. That logic is coherent at the level of the individual bank. The result at the level of the system – customers unable to freely move their own money to legal, FCA-registered services – is something else entirely.

Controls will likely tighten before they loosen. The FCA’s ‘Dear CEO’ letters suggested it will monitor for “conduct breaches and inadequate systems and controls,” which keeps the pressure on banks to demonstrate robust fraud prevention. Each new block is, from the bank’s perspective, evidence of a system working correctly.

Payment Expert received no response after reaching out to several CMA9 institutions for comment.

Subscribe to our newsletter