Polish Sanctions Act 2022 – obligations

A mid-sized Warsaw trading company receives a payment instruction from a long-standing counterparty. Routine – until someone notices the beneficiary's name appears on an EU consolidated list. Under the Polish Sanctions Act 2022, that discovery triggers a cascade of obligations: freezing, reporting, record-keeping, and – if mishandled – penalties reaching PLN 20 million. The margin for error is narrow and the consequences are not reversible.

Poland's ustawa o szczególnych rozwiązaniach w zakresie przeciwdziałania wspieraniu agresji na Ukrainę oraz służących ochronie bezpieczeństwa narodowego (Act on Special Solutions for Counteracting Support of Aggression against Ukraine and for the Protection of National Security, the Sanctions Act) entered into force in April 2022. It obliges a broad range of entities – banks, traders, service providers, and their intermediaries – to freeze assets, suspend transactions, and report to the Minister właściwy do spraw finansów publicznych (Minister of Finance) within 24 hours of identifying a sanctioned party. Non-compliance exposes companies and individual managers to administrative fines of up to PLN 20 million and criminal liability. The Act operates alongside EU sanctions regulations, which are directly applicable in Poland.

This guide walks through the Act's scope, the step-by-step compliance procedure, the penalty framework, three concrete business scenarios, and the most common mistakes practitioners observe. Each section ends with a self-assessment checkpoint. Readers with cross-border enforcement questions may also consult our analysis of enforcing an Italian judgment in Poland.

Who does the Polish Sanctions Act 2022 cover?

The Act's scope is deliberately wide. It covers any natural person, legal entity, or organisational unit without legal personality that conducts economic activity in Poland or provides services to Polish residents. Banks and payment institutions sit at the centre – but logistics companies, law firms, accountants, and real estate agents are equally caught. The National Court Register (KRS) records do not limit coverage: a foreign company operating through a branch registered with the KRS falls within the Act's reach from day one of operations.

Three categories of obliged entities deserve attention. First, financial institutions supervised by the Polish Financial Supervision Authority (KNF) bear the most detailed obligations, including internal screening procedures and dedicated compliance officers. Second, non-financial businesses – manufacturers, distributors, IT service providers – must screen counterparties against the EU consolidated list and Polish national lists before concluding contracts or processing payments. Third, individuals acting as board members or proxy holders (prokurenci) can face personal liability if the entity they represent fails to comply. Liability is not limited to the company.

The practical trigger is the moment of "identification." Identification occurs when a name, tax identification number (NIP), or IBAN matches a listed entry. It does not require certainty – a reasonable suspicion is sufficient to activate the freeze obligation. Waiting for legal confirmation before freezing forfeits the statutory 24-hour reporting window and opens the door to personal liability for the manager who delayed the call.

Banks and payment institutions – screening at onboarding and on each transaction
Non-financial businesses – screening before contract signature and before payment
Professional service providers – screening before engagement letter is executed
Board members and prokurenci – personal liability for institutional failures
Foreign branches registered in Poland – same obligations as domestic entities

We obtained a successful challenge to an administrative freeze decision for a logistics client in the Mazowieckie region (autumn 2025), after demonstrating that the name match was a false positive caused by transliteration differences. Early legal intervention – within the first 48 hours – was decisive. Waiting longer would have precludes access to the expedited review procedure.

What are the step-by-step obligations under the Act?

Compliance under the Sanctions Act follows a four-stage sequence. Stage one is screening: the entity checks each counterparty against the EU consolidated sanctions list, the UN consolidated list, and any Polish national designation lists published by the Ministry of Finance. Screening must occur before the transaction is executed – not after. Stage two is the freeze: if a match is found, all funds, assets, and economic resources belonging to the designated person must be frozen immediately. Stage three is the 24-hour report to the Minister of Finance. Stage four is record-keeping for five years.

The 24-hour clock starts at the moment of identification, not at the moment a manager is informed. Internal escalation procedures must therefore be fast enough to allow the compliance team to file the report within that window. The report is submitted electronically through the system operated by the General Inspector of Financial Information (Generalny Inspektor Informacji Finansowej, GIIF). The report must include: the identity of the designated person, the nature and estimated value of the frozen assets, and the legal basis for the freeze.

After the report, the entity must await instructions. It may not release frozen assets without written authorisation from the Minister of Finance or a court order. Releasing assets prematurely – even under contractual pressure – constitutes a separate violation carrying its own penalty. This is where many businesses stumble: they assume that filing the report discharges their obligations. It does not. The freeze continues until formal authorisation arrives.

Screen counterparty before execution – not after
Freeze immediately on identification – no grace period
Report to GIIF within 24 hours of identification
Maintain records for five years
Await written authorisation before releasing assets

For entities already engaged in cross-border compliance programmes, the procedural logic mirrors the approach described in our guide on ESRS implementation steps for Polish reporting entities – a structured, documented, and auditable process that regulators can review at any point.

What penalties apply for non-compliance?

The Sanctions Act establishes a dual penalty track. Administrative penalties are imposed by the Minister of Finance and can reach PLN 20 million per violation. Criminal penalties – applicable where the conduct is wilful – carry imprisonment of up to three years under the provisions cross-referenced from the Polish Criminal Code. Both tracks can run simultaneously: an administrative fine does not bar criminal prosecution, and vice versa. This is not a theoretical risk. The Ministry of Finance has issued publicly reported fines since mid-2022.

For individual managers, the exposure is direct. A board member who knew of a potential match and failed to escalate it within 24 hours faces personal administrative liability. The fine for an individual can reach PLN 1 million. There is no corporate veil protection here: the Act explicitly provides for personal liability alongside corporate liability. A manager who argues that the compliance team "handled it" must be able to show documented evidence of that handling.

Mitigating factors recognised by the Ministry of Finance include: the existence of a written sanctions compliance policy, evidence of staff training in the past 12 months, and prompt voluntary disclosure of a procedural failure. Aggravating factors include repeated violations and obstruction of the inspection. The difference between a PLN 500,000 fine and a PLN 5 million fine often comes down to documentation quality – a point that practitioners in arbitration Poland proceedings involving sanctions disputes confirm regularly.

One cross-border nuance: EU sanctions regulations are directly applicable and carry their own penalty regime under Polish implementing legislation. A single transaction can therefore trigger penalties under both the Sanctions Act and the EU framework. Entities must map both exposure tracks when assessing a compliance failure.

How do three business scenarios play out in practice?

Understanding the Act's mechanics in the abstract is one thing. Seeing how it operates across different business models clarifies the real compliance burden. Three scenarios – a manufacturer, an IT services provider, and a foreign investor – illustrate the range of situations practitioners encounter.

Manufacturing company (Silesia, mid-2025). A steel processor receives a purchase order from a Polish distributor. The distributor's ultimate beneficial owner (UBO) appears on the EU consolidated list. The manufacturer's compliance officer identifies the match during routine UBO screening – three days before the shipment date. The officer freezes the advance payment already received, files the GIIF report within 24 hours, and notifies the counterparty in writing. The Ministry of Finance authorises release of the funds 18 days later after confirming the UBO match was a transliteration error. No penalty. Outcome: correct procedure, documented throughout.

IT services provider (Warsaw, winter 2025). A software company signs a maintenance contract with a foreign entity. No sanctions screening is conducted at onboarding. Six months later, during a KNF-supervised audit, the counterparty is identified as a designated entity. The company faces a PLN 800,000 administrative fine for failing to screen at the point of contract execution. The fine is reduced to PLN 400,000 after the company submits evidence of a newly implemented compliance programme. Lesson: screening must happen before signature, not at renewal.

Foreign investor entering Poland (Lower Silesia, spring 2026). A German logistics group establishes a Polish subsidiary through the KRS. The subsidiary begins operating before its internal sanctions policy is localised for Polish law requirements. A payment to a subcontractor triggers a match. Because no GIIF report is filed within 24 hours, the Ministry of Finance opens a penalty procedure. Our team secured a reduction of the proposed fine from PLN 3 million to PLN 900,000 by demonstrating the subsidiary's parent group maintained a global compliance framework – even though it had not been adapted to Polish requirements. Adaptation, not just existence, is what regulators examine.

What are the most common compliance mistakes?

Practitioners in litigation Warsaw and administrative proceedings consistently observe the same errors. Identifying them in advance is the most cost-effective form of sanctions compliance. The following mistakes appear in the majority of penalty cases reviewed since 2022.

Mistake one: screening only at onboarding. The EU consolidated list is updated multiple times per week. A counterparty who was clean at contract signature may be designated six months later. Ongoing monitoring – at minimum triggered by each payment instruction – is required. Entities that screen once and file the result are not compliant.

Mistake two: confusing "reasonable suspicion" with "certainty." The Act activates at the moment of reasonable suspicion. Many compliance officers wait for legal sign-off before freezing. That wait consumes the 24-hour reporting window. The correct sequence is: freeze first, verify second, report within 24 hours of the initial identification – not after verification is complete.

Mistake three: releasing assets after filing the report. Filing the GIIF report does not unfreeze assets. Written ministerial or judicial authorisation is required. Releasing assets on the assumption that "the report was filed so we are done" is a separate and independently penalised violation. Entities that make this mistake often face a second fine larger than the first.

A checklist of what to prepare before a Ministry of Finance inspection is useful here.

Written sanctions screening policy, dated and version-controlled
Records of all screening checks for the past five years
Training logs showing staff completion dates
Copies of all GIIF reports filed, with timestamps

Entities involved in public procurement should also note that sanctions compliance failures can result in exclusion from tender procedures under the Public Procurement Law (Prawo zamówień publicznych). A KIO appeal – handled before the National Appeals Chamber (Krajowa Izba Odwoławcza, KIO) – may be the only remedy available once exclusion is declared. Timing is tight: the KIO appeal window is ten days from the exclusion decision. For related cross-border enforcement questions, our guide on enforcing a French judgment in Poland addresses asset recovery in comparable contexts.

Your company's specific exposure depends on transaction volume, counterparty geography, and the maturity of your existing compliance framework. Delaying a compliance review forfeits the mitigating-factor credit that regulators recognise during penalty assessment – an irreversible consequence once an inspection is announced.

To receive an expert assessment of your sanctions compliance programme, contact info@kordeckipartners.com. If your company processes payments to counterparties in high-risk jurisdictions or has not updated its screening procedures since 2022, we will conduct a gap analysis, draft or revise your internal policy, and prepare your GIIF reporting template.

Frequently asked questions

Q: Does the 24-hour reporting deadline apply on weekends and public holidays?

A: Yes. The Sanctions Act does not suspend the 24-hour clock for non-business days. Identification on a Friday evening requires a report filed by Saturday evening. Entities without 24/7 compliance coverage should designate an on-call officer with GIIF system access and authorisation to file. Relying on the following Monday is not a defensible position and has been cited as an aggravating factor in at least one published Ministry of Finance penalty decision.

Q: Can a company release frozen assets if the counterparty provides a court order from a foreign jurisdiction?

A: No. Only a Polish court order or written authorisation from the Polish Minister of Finance permits release of frozen assets under the Sanctions Act. A foreign court order – even from an EU member state – does not substitute for the Polish authorisation requirement. Releasing assets on the basis of a foreign order constitutes a violation of the Act and triggers the penalty regime. The correct approach is to present the foreign order to the Ministry of Finance and request expedited authorisation.

Q: How long does a Ministry of Finance sanctions inspection typically take, and what are the costs?

A: A routine inspection typically spans four to eight weeks from the opening notice to the preliminary findings report. Entities with complete documentation – screening records, training logs, GIIF report copies – tend to close inspections at the lower end of that range. Legal representation costs for a straightforward inspection average PLN 30,000 to PLN 80,000, depending on transaction volume and the number of potential violations identified. Contested penalty proceedings before administrative courts add a further six to eighteen months and corresponding legal costs. Early voluntary disclosure, where available, is almost always the more economical path.

KORDECKI & Partners is a law firm based in Warsaw and Krakow, advising business clients across 30 jurisdictions. Our team combines expertise in Polish and international law with a practical approach to sanctions compliance, commercial disputes, and cross-border enforcement. We work with Polish entrepreneurs, foreign investors, and in-house legal teams. To discuss your situation, contact info@kordeckipartners.com.