A Silesian manufacturing group with operations in three EU countries received a routine compliance audit request in late 2024. The audit revealed that one of its Polish subsidiaries had, for several months, continued a commercial relationship with an entity later designated under the Polish sanctions list. The subsidiary's management had no formal screening process. The exposure was real, the timeline was short, and the consequences of inaction were irreversible.

Poland's Ustawa o szczególnych rozwiązaniach w zakresie przeciwdziałania wspieraniu agresji na Ukrainę (Act on Special Solutions to Counter Support for Aggression against Ukraine, the Sanctions Act 2022) imposes strict obligations on Polish entities to screen counterparties, freeze assets, and report designated persons to the General Inspector of Financial Information (GIIF). Violations carry criminal penalties of up to PLN 20 million and personal liability for company officers. The Act operates alongside EU sanctions regulations, creating a layered compliance framework that Polish courts and enforcement bodies interpret broadly.

This case study traces how the Silesian group identified its exposure, structured a remediation strategy, and engaged with Polish enforcement authorities before formal proceedings were initiated. The lessons apply to any business with Polish operations, supply chains touching sanctioned jurisdictions, or counterparties in the CIS region.

What obligations does the Polish Sanctions Act 2022 impose?

The Sanctions Act 2022 requires every entity conducting business in Poland to screen its counterparties against the national sanctions list maintained by the Minister of Internal Affairs and Administration. The screening obligation is continuous – not a one-time onboarding check. Designated entities must have their assets frozen immediately, and the freeze must be reported to the GIIF within a statutory deadline of 24 hours. Failure to freeze or report within that window triggers liability regardless of intent.

The Act covers a wide range of obligated entities. Banks, payment institutions, and insurance companies carry the heaviest compliance burden. However, commercial companies – including manufacturers, distributors, and trading houses – are equally bound when they transact with designated persons. The National Court Register (KRS) does not automatically flag sanctioned beneficial owners, so companies must run independent checks. This gap creates practical risk for businesses that rely solely on KRS data.

Three specific obligations stand out for non-financial businesses:

  • Continuous counterparty screening against the Polish and EU consolidated lists
  • Immediate asset freeze upon designation, with a 24-hour reporting window to the GIIF
  • Notification to the Polish Financial Supervision Authority (KNF) where the frozen assets include financial instruments

The Silesian group's subsidiary had none of these processes in place. Its onboarding procedure checked the EU consolidated list at contract signature but ran no periodic rescreening. The counterparty was designated eight months after the contract was signed. For those eight months, payments continued – and each payment potentially constituted a separate violation.

How did the group structure its remediation strategy?

Speed and transparency were the two governing principles. Once internal counsel identified the exposure, the group had a narrow window to act before the GIIF or the Office of the Commissioner for Financial Information initiated its own inquiry. Voluntary disclosure to the GIIF – made before any formal investigation opens – is a recognised mitigating factor under Polish enforcement practice. The group filed a voluntary disclosure within 72 hours of the internal finding.

We secured a negotiated outcome that avoided criminal referral for a manufacturing client in Silesia (winter 2025). The key was the sequence: freeze first, disclose second, remediate third. Reversing that order – or omitting any step – forfeits the mitigation credit entirely. The group's officers faced potential personal liability exceeding PLN 5 million. That exposure was reduced to an administrative warning after the voluntary disclosure and remediation plan were accepted.

The remediation plan covered four areas. First, the group implemented automated daily screening against both the Polish list and the EU consolidated list maintained by the Office of Publications of the European Union. Second, it appointed a dedicated sanctions compliance officer at the Polish subsidiary level. Third, it conducted retrospective screening of all active counterparties – over 340 entities. Fourth, it introduced a contract clause requiring counterparties to self-certify non-designation on a quarterly basis.

One structural issue required separate attention. The group's German parent had its own sanctions compliance programme aligned to German law. That programme did not map directly onto Polish obligations. For cross-border compliance alignment, the team drew on experience with foreign judgment enforcement procedures – the analytical framework used in enforcing an Italian judgment in Poland illustrates how Polish procedural requirements diverge from EU-level assumptions.

What did the enforcement process reveal about Polish sanctions compliance?

The GIIF review lasted approximately four months. During that period, the group responded to three rounds of written queries, produced transaction records going back 18 months, and provided evidence of the new compliance infrastructure. Polish enforcement authorities treat cooperation quality as a substantive factor – not merely a procedural courtesy. Incomplete or delayed document production effectively restarts the review clock and signals bad faith.

Two findings from the process are transferable to other businesses. First, the GIIF distinguishes between systemic failures and isolated errors. A company that had no screening process at all faces a heavier penalty than one whose process failed in a specific instance. Documenting the pre-existing compliance effort – even if imperfect – materially affects the outcome. Second, the Act's personal liability provisions apply to board members who had actual or constructive knowledge of the violation. "Constructive knowledge" is interpreted broadly: if a board member received a contract summary identifying the counterparty's jurisdiction, that may suffice.

We also obtained interim protective measures for a distribution client in Małopolska (spring 2025), preventing asset seizure during a parallel customs inquiry. The sanctions and customs frameworks interact in ways that are not obvious from the text of either statute. Where a counterparty is designated, customs clearance for goods in transit may be suspended simultaneously – creating a dual exposure that requires coordinated legal response, not sequential handling.

For businesses with ongoing arbitration or litigation in Poland, sanctions designation of a counterparty mid-proceeding raises additional issues. The procedure for enforcing a French judgment in Poland illustrates how asset-freezing measures interact with enforcement proceedings – a dynamic that applies equally when the freeze arises from sanctions rather than a court order.

What are the transferable lessons for Polish sanctions compliance?

The Silesian matter distils into four practical lessons. Each addresses a failure mode that recurs across the Polish businesses we advise on sanctions compliance.

  • Onboarding screening is not enough – rescreening must be periodic, at minimum monthly, and triggered by any change in counterparty ownership
  • The 24-hour reporting window to the GIIF is absolute – it does not extend for weekends, public holidays, or internal approval processes
  • Personal liability for officers is not theoretical – the Sanctions Act 2022 allows criminal prosecution of individuals, with sentences of up to three years' imprisonment alongside the PLN 20 million corporate fine
  • Voluntary disclosure before investigation opens is the single most effective mitigation tool available under Polish law

The compliance infrastructure question also connects to broader ownership structures. Groups that use holding arrangements to manage Polish subsidiaries should ensure that the sanctions compliance obligation sits at the operating entity level, not only at the parent. For context on how Polish holding and foundation structures affect governance obligations, see our analysis of family foundation versus holding company structures.

Finally, the interaction between the Sanctions Act 2022 and EU sanctions regulations creates a compliance layer that neither instrument fully explains on its own. Polish courts apply the Act in light of EU law, but Polish enforcement authorities have independent powers. A company that is compliant with EU sanctions may still violate the Polish Act if it fails to file the GIIF report within 24 hours – even where the underlying freeze was executed correctly.

What to prepare before a sanctions compliance review:

  • Full counterparty list with beneficial ownership data, current as of the review date
  • Evidence of screening dates and list versions used for each check
  • Internal escalation records showing how potential matches were assessed and cleared
  • GIIF correspondence file, including any prior voluntary disclosures
  • Board resolution or equivalent document appointing a sanctions compliance officer

Specific circumstances require specific advice. A sanctions exposure that is not addressed before the GIIF opens an inquiry precludes the voluntary disclosure route permanently – and with it, the most effective mitigation available under Polish law.

To discuss how the Sanctions Act 2022 applies to your Polish operations, and to assess whether your current screening process meets statutory requirements, email info@kordeckipartners.com.

Frequently asked questions

Q: Does the Polish Sanctions Act 2022 apply to foreign companies with Polish subsidiaries?

A: Yes. The Act applies to any entity conducting business in Poland, regardless of where the parent is incorporated. A foreign-owned Polish subsidiary is a Polish legal entity and is fully subject to the screening, freezing, and reporting obligations. Parent-level compliance programmes do not substitute for Polish subsidiary compliance unless they are specifically designed to meet Polish statutory requirements, including the 24-hour GIIF reporting window.

Q: How long does a GIIF enforcement review typically take, and what are the costs?

A: Based on recent matters, a GIIF review following voluntary disclosure typically concludes within three to six months. Where the review is initiated by the GIIF rather than by voluntary disclosure, the timeline extends to twelve months or more. Legal representation costs vary significantly depending on the volume of transactions under review, but businesses should budget for several months of intensive document production and correspondence. Early engagement of specialist counsel reduces total cost by shortening the review period.

Q: Is it a common misconception that only banks and financial institutions must comply with the Polish Sanctions Act 2022?

A: It is. The Act imposes obligations on all entities conducting business in Poland, not only regulated financial institutions. Manufacturing companies, distributors, IT service providers, and real estate businesses are all within scope. The misconception arises because financial institutions carry additional obligations under separate anti-money laundering legislation. However, the core sanctions obligations – screening, freezing, and GIIF reporting – apply universally to commercial entities operating in Poland.

KORDECKI & Partners is a law firm based in Warsaw and Krakow, advising business clients across 30 jurisdictions. Our team combines expertise in Polish and international law with a practical approach to sanctions compliance, commercial litigation, and dispute resolution. We work with Polish entrepreneurs, foreign investors, and in-house legal teams navigating the Polish and EU sanctions framework. To discuss your situation, contact info@kordeckipartners.com.

Disclaimer: This publication is provided for informational purposes only and does not constitute legal advice. The information herein should not be relied upon as a substitute for professional legal counsel tailored to your specific circumstances. KORDECKI & Partners assumes no liability for actions taken or not taken based on the contents of this material. For advice regarding your particular situation, please contact info@kordeckipartners.com.