Following German media reporting about investigations into Michael Gastauer and the Black Banx “banking” narrative, FinTelegram conducted a limited, hands-on product review as an EU-based private customer. The result: two “current accounts” (EUR/GBP) were opened with minimal friction, but the onboarding, disclosures, and entity/licensing transparency raise immediate questions under EU, UK, and U.S. financial-services rules. Presumption of innocence applies; this is a compliance interpretation of what the interface and disclosures appear to offer.
What We Observed (and documented in screenshots)
1) “Current Accounts” created instantly (EUR + GBP).
The dashboard shows two “Current Accounts” with Account Number 1999431711 (EUR) and 1999431712 (GBP). The numbers look internal/sequential, not like IBANs or UK sort-code formats.
2) Product menu resembles a regulated banking/PSP stack.
Navigation includes: Receive Payments, Send Payments, Currency Conversion, Debit Cards, Statements, Beneficiary List, Trace Payments, plus Savings Accounts and Crypto Wallet.
3) Functionality gated behind KYC—and “biometric identification.”
Attempting “Receive Payments” triggered a Biometric identification flow (“complete … holding your ID”). The subsequent “Biometric identification” page did not work during your test (13 Jan 2026).
4) Tiering/upsell message tied to funding level.
Dashboard notice: upgrading from “Black” to “Gold” if the user adds 100,008.55 USD, promising “better service level and lower rates.” This resembles a paid-tier financial-services proposition.
5) Footer disclosure: entity opacity + “bank” framing.
The dashboard footer states that to learn “which Black Banx entity you receive services from” you must contact in-app support, while also stating:
- “Black Banx Bank S.A. (No. 15770) is authorised by UOCO Finance Authority…”
- “Deposit products and services are offered by Black Banx Bank S.A.”
Regulatory classification: EU, UK, U.S. (high-level perimeter view)
1) EU/EEA: payment services vs e-money vs deposit-taking
If the service enables “receive” and “send” payments for customers via maintained accounts, that typically falls inside PSD2 payment services and requires authorisation as a payment institution, e-money institution, or operation as an authorised agent/distributor under strict conditions. PSD2 is the baseline perimeter for account-based payment services.
If user funds are stored and used for payments (a “prepaid account” / stored value), regulators will assess whether it constitutes electronic money (e-money) and therefore requires an EMI licence and safeguarding rules.
If it is truly “deposit products and services” (repayable funds from the public as a banking product), that moves into credit-institution/banking territory—an activity EU law reserves to authorised institutions; Member States must prohibit non-banks from taking deposits/repayable funds from the public.
Key compliance takeaway (EU): A consumer-facing interface offering “current accounts,” “receive payments,” “debit cards,” and “savings” is very likely to be regulated somewhere—and if EU residents can onboard, the provider must be able to explain exactly which licensed entity serves that resident, under what passport/permission, and under what safeguarding/deposit-protection regime.
2) UK: PSRs/EMRs perimeter (similar test, different supervisor)
In the UK, account-based payment services generally fall under the Payment Services Regulations 2017, while stored-value issuance/payment accounts can fall under the Electronic Money Regulations 2011. The FCA’s materials summarise e-money as stored monetary value issued on receipt of funds for payment transactions.
Key compliance takeaway (UK): If UK residents are served, the operator typically needs an FCA authorisation/registration path (or an exempt/limited model that still has strict boundaries). “Bank-like” branding does not remove that perimeter.
3) United States: money transmission and “bank” boundaries
In the U.S., money transmission is heavily regulated: a business that transfers funds can qualify as a money transmitter/MSB under FinCEN rules (plus separate state-by-state licensing).
If a platform markets “deposit” or “bank account” style products, additional banking/consumer-protection issues arise (chartering, permissible activities, potential misrepresentation concerns), even where funds are actually held at partner banks.
Key compliance takeaway (U.S.): “Accounts” + “receive/send payments” tends to trigger MSB/state MTL analysis; “deposits” and “bank” language raises a second, higher-stakes perimeter.
Compliance red flags from the screenshots and footer text
- Unclear contracting entity at point of sale.
Requiring users to contact support to learn the serving legal entity is at odds with standard consumer-facing disclosure expectations for regulated PSP/EMI models. - “Deposit products” language without clear jurisdictional framing.
The footer asserts deposits are offered by “Black Banx Bank S.A.” but does not present a clear, verifiable home supervisor, scope of permission, or customer eligibility boundary in the onboarding journey itself. - No visible geo-blocking despite “not a solicitation outside licensed territories.”
The disclaimer says it is not soliciting outside licensed territories, yet EU residents could open accounts in practice (per your test). This mismatch is a classic trigger for supervisory interest. - Operational risk signals.
A broken biometric/KYC workflow at the moment a user tries to enable “Receive Payments” suggests weak control maturity—relevant for AML/CTF and consumer-harm risk even before legality questions. - Product labeling implies regulated activities.
“Current Accounts,” “Savings Accounts,” “Debit Cards,” “Trace Payments,” and “Beneficiary List” are not typical for an unregulated “software-only” service. They read like regulated financial services.
Actionable insight for counterparties, partners, and users
If you are a payment partner, bank, card program manager, correspondent, crypto on/off-ramp, affiliate, or introducer, basic due diligence should demand:
- The exact legal entity serving each jurisdiction (EU/EEA, UK, U.S.)
- The licence/registration number, supervisor, and scope (PSP/EMI/bank/MSB/state MTL)
- Safeguarding / client money arrangements (or deposit-protection framework, if truly “deposit products”)
- The identity of any partner bank(s) providing local account details (IBAN, sort code, ABA/routing)
- The full KYC/AML program and reliance model for biometric ID checks
Call for Information (Whistle42)
FinTelegram is collecting documentation on Black Banx/WB21-related services, onboarding, and the identity of the regulated entities (if any) actually providing accounts and payment rails to EU/UK/U.S. residents.
If you are a customer, employee/contractor, banking partner, card issuer/program manager, PSP/EMI, crypto liquidity partner, or regulatory insider with verifiable information (contracts, licence correspondence, bank-account rails, safeguarding setup, term sheets, or internal policies), please submit it securely via Whistle42.com.
