Poland has tightened its anti-money laundering regime with a set of legislative amendments now in force. Companies that overlooked previous compliance cycles face a narrower window to act. The updated rules raise the standard for KYC (know-your-customer) procedures, beneficial owner verification, and internal control systems across a broad range of obligated entities.
Poland's amended AML legislation, implementing the latest EU directive requirements, introduces stricter obligations for obligated entities operating in Poland. including enhanced due diligence thresholds, mandatory beneficjent rzeczywisty (beneficial owner) re-verification, and updated risk assessment requirements. Companies must bring internal procedures into full conformity without delay. Failure to comply before enforcement authorities begin inspections carries the risk of significant administrative penalties.
This alert covers what has changed, which business categories are affected, and the concrete steps international companies should take immediately.
What changed – the regulatory development and effective date
Poland's anti-money laundering legislation has been updated to align with the EU's evolving AML directive package. The changes entered into force in stages, with the primary obligations now fully applicable.
The key developments are as follows.
Enhanced due diligence thresholds have been revised. Cash transaction monitoring thresholds have been adjusted downward for certain categories of obligated entities. Transactions that previously fell below the trigger point may now require full customer due diligence documentation.
Beneficial owner verification has been strengthened. Obligated entities must re-verify the identity of beneficial owners – defined as natural persons who ultimately own or control a legal entity – across their existing client portfolios. The Centralny Rejestr Beneficjentów Rzeczywistych (Central Register of Beneficial Owners, CRBR) has been updated with stricter reporting requirements. Discrepancies between a company's internal records and the CRBR must now be reported to the relevant supervisory authority rather than simply noted in the file.
Risk assessment frameworks must be updated. Internal AML risk assessments are no longer a one-time exercise. The amended rules require that risk assessments be reviewed periodically – and immediately whenever there is a material change in the business relationship or a change in the regulatory environment.
Correspondent banking and credit facility relationships face additional scrutiny. Institutions maintaining correspondent banking arrangements or extending credit facilities must conduct enhanced screening of counterparties in higher-risk jurisdictions. Documentation requirements for these relationships have been expanded.
Bank account opening procedures are affected. Financial institutions and payment service providers must apply updated KYC standards at the point of bank account opening and on a rolling basis thereafter. Remote onboarding procedures must meet specific technical and documentary standards.
Who is affected – threshold criteria and business categories
The updated obligations apply to a broad range of entities designated as obligated institutions under Polish AML legislation. International companies with a Polish presence should assess whether they fall within scope.
Affected categories include:
- Banks, credit institutions, and payment service providers operating in Poland
- Investment firms, asset managers, and capital market intermediaries
- Notaries, lawyers, and accountants providing certain advisory or transactional services
- Real estate agents and developers involved in property transactions above specified value thresholds
- Virtual asset service providers registered in or serving Polish clients
Foreign companies operating through Polish branches or subsidiaries are fully within scope. A parent entity domiciled outside Poland does not remove the Polish subsidiary from its compliance obligations. Group-level AML programmes designed for other jurisdictions – including EU jurisdictions with similar frameworks – do not automatically satisfy Polish requirements. Local adaptation is necessary.
Threshold criteria matter for determining the intensity of obligations. Entities with a higher volume of cash transactions, cross-border payment flows, or client relationships in higher-risk sectors face enhanced due diligence requirements. Even entities at the lower end of activity thresholds must maintain baseline KYC documentation and a current risk assessment.
For companies active in both banking and capital markets in Poland, the interaction between AML obligations and securities regulation creates additional compliance touchpoints. A detailed review of those intersections is available in our analysis of capital markets matters in Poland.
To discuss how the updated AML rules apply to your specific operations in Poland, contact us at info@ferrazwhitmore.com.
What to do now – immediate actions and compliance timeline
Companies should treat the current period as an active compliance window. Supervisory authorities in Poland have indicated that enforcement inspections will intensify. Acting now reduces the risk of penalties and reputational damage.
The following actions should be prioritised immediately.
1. Audit your obligated entity status. Confirm whether your Polish entity falls within the definition of an obligated institution under AML legislation. This analysis should cover the entity's activities, client base, and transaction types – not only its formal legal category.
2. Update your internal AML procedures. Review existing internal policies and procedures against the amended requirements. Procedures that were compliant under previous rules may no longer meet the revised standards for risk assessment, customer due diligence, and beneficial owner verification.
3. Re-verify beneficial owner data and CRBR entries. Cross-check the beneficial owner information held in your internal records against current CRBR entries. Where discrepancies exist, resolve them and report as required. Outdated or incomplete entries in the CRBR are a common trigger for regulatory scrutiny.
4. Train compliance and customer-facing staff. The updated rules impose new obligations on staff conducting KYC at bank account opening and during ongoing monitoring. Training must reflect the current standards, not the previous cycle.
5. Review correspondent banking and credit facility documentation. If your entity maintains correspondent banking relationships or has extended or received credit facilities. Verify that enhanced due diligence documentation is in place for all counterparties in higher-risk categories. Gaps in this documentation carry elevated enforcement risk.
Companies operating across multiple EU jurisdictions should note that Poland's implementation contains specific procedural requirements that differ in detail from, for example, Portuguese AML rules. For a comparative view, see our alert on AML updates in Portugal.
For comprehensive legal support on AML compliance obligations in Poland, our banking and finance team is available through our banking and finance practice in Poland.
About Ferraz & Whitmore
Ferraz & Whitmore is an international law firm based in Lisbon, advising business clients across 46 jurisdictions. Our team combines Portuguese civil law expertise with English common law tradition to deliver cross-border legal solutions in banking, finance, and AML compliance. We advise international businesses, institutional investors, and in-house legal teams on regulatory compliance matters across the EU and beyond. Our banking and finance practice covers AML programme design, KYC procedures, beneficial owner analysis, and engagement with supervisory authorities in Poland and across Central and Eastern Europe. As a law firm in Poland and across Europe, Ferraz & Whitmore provides results-oriented counsel for companies that need a lawyer in Poland with genuine cross-border experience. To discuss your AML compliance position in Poland, contact us at info@ferrazwhitmore.com.
Disclaimer: This publication is provided for informational purposes only and does not constitute legal advice. The information herein should not be relied upon as a substitute for professional legal counsel tailored to your specific circumstances. Ferraz & Whitmore assumes no liability for actions taken or not taken based on the contents of this material. For advice regarding your particular situation, please contact info@ferrazwhitmore.com.