Sanctions screening obligations for Polish companies

A Warsaw-based trading company receives a purchase order from a longstanding client. The client's ultimate beneficial owner has just appeared on an EU consolidated sanctions list. The company processes the order. Within weeks, it faces asset freezes, reputational damage, and potential criminal exposure for its management board. The entire sequence takes less than a month to become irreversible.

Polish companies are subject to binding sanctions screening obligations under both EU regulations and domestic law implementing international restrictive measures. Failure to screen counterparties before concluding transactions can result in personal liability for board members, administrative fines, and asset freezes that preclude any subsequent remediation. The primary domestic framework is the ustawa o szczególnych rozwiązaniach w zakresie przeciwdziałania wspieraniu agresji na Ukrainę oraz służących ochronie bezpieczeństwa narodowego (Act on Special Solutions for Preventing Support for Aggression Against Ukraine and Protecting National Security, the Sanctions Act), supplemented by directly applicable EU Council regulations.

This analysis examines the doctrinal foundations of screening obligations, the cross-border dimension for Polish entities operating internationally, strategic compliance design, and the enforcement outlook under Polish and EU supervisory frameworks. It covers who must screen, what triggers a match, how to manage false positives, and what happens when the process fails.

What legal framework governs sanctions screening in Poland?

Polish sanctions compliance sits at the intersection of three regulatory layers. EU Council regulations are directly applicable and take precedence. The Sanctions Act supplements them with domestic enforcement mechanisms. Sector-specific obligations under ustawa o przeciwdziałaniu praniu pieniędzy i finansowaniu terroryzmu (the Anti-Money Laundering Act, AML Act) impose parallel screening duties on obligated institutions, including banks, payment service providers, and certain professional services firms. All three layers must be read together.

The EU consolidated list, maintained by the European External Action Service, is the primary screening reference for Polish entities. It covers individuals, entities, and bodies subject to asset freezes, travel bans, or transaction prohibitions under various EU restrictive-measures regimes. As of early 2026, over 2,000 entries relate to Russia and Belarus alone. The Office of Foreign Assets Control (OFAC) list and the United Kingdom's Office of Financial Sanctions Implementation (OFSI) list carry extraterritorial reach that Polish exporters and financial institutions must also consider.

The National Court Register (KRS) and the Central Register of Beneficial Owners (CRBR) are domestic reference points for identifying ultimate beneficial owners. Polish law requires companies to verify beneficial ownership before entering material transactions. The Polish Financial Supervision Authority (KNF) supervises financial sector compliance. The General Inspector of Financial Information (GIIF) coordinates AML and sanctions enforcement across obligated entities. Non-financial companies answer primarily to the Ministry of Finance and, in state-procurement contexts, to the National Appeals Chamber (KIO).

• EU Council regulations – directly applicable, asset freeze and transaction prohibitions
• Sanctions Act – domestic criminal and administrative enforcement
• AML Act – screening obligations for financial and professional services firms
• KRS and CRBR – beneficial ownership verification tools
• KNF and GIIF – primary supervisory authorities for financial sector

One doctrinal point warrants attention. EU sanctions regulations impose strict liability for asset-freeze violations: the absence of intent does not excuse non-compliance. Polish criminal law under the Sanctions Act, by contrast, requires intent for criminal prosecution. The gap matters in practice. A company may escape criminal liability but still face administrative sanctions and civil consequences from counterparties whose transactions were disrupted.

Who must screen, and when does the obligation arise?

Every Polish legal entity engaging in commercial transactions bears a baseline obligation to avoid dealing with sanctioned persons. This is not confined to banks or export firms. Manufacturing companies, IT service providers, real estate developers, and professional services firms all fall within scope whenever they contract with counterparties who could plausibly appear on a sanctions list. The obligation arises at the point of contracting – not at payment – so screening must precede signature.

For obligated institutions under the AML Act, the duty is more granular. Banks must screen at onboarding, at transaction execution, and on a continuous basis when circumstances change. Payment institutions face a 24-hour window to freeze and report suspicious transactions. Professional service firms – lawyers, auditors, notaries – must screen clients before providing services that could facilitate sanctioned activity. Failure to maintain continuous screening programmes exposes these entities to fines of up to EUR 5 million or 10% of annual turnover, whichever is higher.

We secured a reversal of a compliance-related contract termination worth over PLN 3.5m for a logistics client in the Mazowieckie region (spring 2025). The counterparty had relied on an outdated screening snapshot taken at onboarding. Demonstrating that the sanctioned status post-dated contract execution was decisive in the arbitration proceedings.

For non-financial companies, the threshold question is materiality. A one-off low-value purchase from a domestic supplier carries different risk than a long-term supply agreement with a group whose parent is incorporated in a high-risk jurisdiction. Proportionate screening means calibrating depth and frequency to the risk profile of each counterparty relationship. That said, proportionality does not create a safe harbour. If a company transacts with a listed entity and cannot show it took reasonable steps to screen, personal liability of directors becomes a realistic outcome.

Timing is equally important in public procurement. Under the Public Procurement Law (Prawo zamówień publicznych, PZP), contracting authorities must exclude tenderers who are subject to sanctions. Tenderers must certify compliance. A KIO appeal – the standard challenge route before the National Appeals Chamber – can be used both to challenge an exclusion decision and to report a competitor's failure to disclose sanctioned affiliates. The KIO must rule within 15 days of the appeal being lodged.

How should a compliant screening programme be structured?

A functional screening programme has four components: a policy framework, a data-quality process, an escalation protocol, and an audit trail. Each component must be proportionate to the company's size, sector, and counterparty risk. A manufacturing SME with 50 suppliers needs a different architecture than a Warsaw-based financial institution processing thousands of transactions daily. The structure, however, follows the same logic regardless of scale.

The policy framework defines which lists are screened, at what frequency, and by whom. At minimum, Polish companies should screen against the EU consolidated list and the CRBR. Exporters of dual-use goods must additionally consult the lists maintained by the Bureau of Industry and Security (BIS) and consider OFAC exposure if USD-denominated transactions are involved. The policy should specify a maximum acceptable screening lag – many institutions set this at 24 hours for high-risk counterparties and 7 days for low-risk ones.

Data quality is the practical bottleneck. Sanctions lists use transliterations of Cyrillic names that vary across databases. Fuzzy-matching algorithms generate both false positives and false negatives. A name-only search against the EU list without checking date of birth, nationality, or entity identifiers is inadequate. Companies relying on manual spreadsheet checks without documented false-positive resolution procedures are, in enforcement terms, operating without a programme at all.

• Define list scope: EU consolidated list, CRBR, OFAC, OFSI where relevant
• Set screening frequency: 24 hours for high-risk, 7 days for low-risk counterparties
• Use multi-field matching: name, date of birth, nationality, registration number
• Document every hit and resolution decision with timestamps
• Conduct annual programme reviews and post-incident audits

Escalation protocols determine what happens when a potential match is identified. The first step is de-duplication: confirming whether the hit is a genuine match or a false positive. This should involve legal counsel, not only compliance staff. If a genuine match is confirmed, the company must freeze assets or withhold the transaction immediately and notify the GIIF within the statutory period. The Sanctions Act requires notification within 24 hours of identifying a frozen asset. Missing this deadline is itself a separate offence.

For a tailored strategy on building a proportionate screening programme, reach out to info@kordeckipartners.com.

What are the cross-border dimensions for Polish entities?

Polish companies operating across borders face a layered extraterritorial challenge. EU sanctions apply to all transactions processed in euros, regardless of where the contracting parties are located. USD-denominated transactions clear through US correspondent banks, bringing OFAC jurisdiction into play. A Polish exporter selling to a non-sanctioned buyer in a third country may still violate OFAC rules if the goods transit through a sanctioned jurisdiction or if the end-user is on the Specially Designated Nationals (SDN) list.

The cross-border dimension is acute for Polish companies with subsidiaries in non-EU jurisdictions. A subsidiary in Kazakhstan or the UAE may be subject to local rules that permit transactions which EU sanctions prohibit. The parent company in Poland cannot rely on local-law compliance in the subsidiary's jurisdiction as a defence under EU law. Group-wide sanctions policies must address this gap explicitly, including escalation procedures when subsidiary management receives conflicting instructions.

We obtained interim measures protecting assets worth over EUR 4m for a German investor's Polish subsidiary facing a disputed sanctions designation in Lower Silesia (autumn 2025). The case turned on whether the Polish entity had actual knowledge of the parent's sanctioned status at the time of the relevant transactions. Documenting the screening programme and its outputs was the key evidentiary element.

Enforcement cooperation between the EU and the United Kingdom post-Brexit creates a separate compliance dimension. OFSI designations do not automatically mirror EU designations, and divergences have increased since 2022. Polish companies with UK business relationships must maintain parallel screening against both lists. For companies involved in international arbitration in Poland, the question of whether a sanctioned party can participate in proceedings – and whether an award in favour of a sanctioned entity can be enforced – has become a live issue before Polish courts. The analysis in our guide on enforcing a United States judgment in Poland step by step provides relevant context on enforcement barriers that apply equally to sanctions-affected awards.

Foreign direct investment screening adds a parallel layer. The Polish Office of Competition and Consumer Protection (UOKiK) reviews acquisitions by non-EU investors in protected sectors. Sanctions status of an acquirer or its beneficial owners is a factor in the screening analysis. Our separate review of foreign investment screening in Poland and UOKiK powers covers the procedural mechanics in detail.

What enforcement risks do non-compliant companies face?

Enforcement exposure under Polish law operates on three tracks simultaneously: criminal, administrative, and civil. The Sanctions Act criminalises wilful transactions with sanctioned entities, with penalties of up to 10 years' imprisonment for natural persons. Administrative sanctions include fines of up to PLN 20 million per violation. Civil liability arises when a counterparty suffers loss because the company failed to screen and then had to unwind a transaction mid-execution.

Personal liability of board members is the enforcement risk that concentrates attention. Under the Sanctions Act, management board members who authorise transactions with sanctioned entities face individual criminal exposure. This is not derivative liability – it is direct. The defence that "compliance approved it" does not insulate a board member who signed the contract or approved the payment. This risk is irreversible: a criminal conviction cannot be undone by subsequent remediation.

The KNF has imposed sanctions on financial institutions for inadequate AML and sanctions screening programmes. Fines in the range of PLN 1 million to PLN 5 million have been levied for systemic programme deficiencies rather than individual transaction failures. Repeat deficiencies can trigger licence suspension. For non-financial companies, the Ministry of Finance has the power to impose administrative fines and refer matters to the prosecutor's office.

Reputational risk compounds legal exposure. Correspondent banks apply de-risking policies that terminate relationships with companies that appear on internal watchlists. A single publicised sanctions violation can trigger de-banking within 30 to 90 days. For companies that depend on trade finance or cross-border payments, de-banking is an existential threat that no subsequent legal defence can fully reverse. The operational consequence forecloses business options well before any court or regulator has made a final determination.

What is the strategic and regulatory outlook for sanctions compliance in Poland?

The EU sanctions framework is hardening. The EU's Anti-Money Laundering Authority (AMLA), operational from 2025, will directly supervise certain obligated entities and set binding standards for sanctions screening across member states. Poland will be within AMLA's jurisdiction for financial sector entities. AMLA's technical standards are expected to raise the minimum bar for screening frequency, data quality, and programme documentation above current Polish practice in several sectors.

The broader legislative direction is toward criminal harmonisation. The EU directive on criminal sanctions for sanctions violations, adopted in 2024, requires member states to introduce criminal penalties for a defined set of evasion acts. Poland must transpose this directive into domestic law. The transposition will likely tighten the intent threshold and expand the range of predicate acts that trigger criminal liability. Companies that have relied on the intent-based defence in Polish criminal law should not assume that defence will survive transposition intact.

For companies involved in sanctions-related disputes – whether challenging a designation, contesting a contract termination, or defending a KIO appeal – the procedural framework is evolving. Litigation Warsaw practitioners are seeing an increase in disputes where sanctions compliance failures become the basis for contractual termination by counterparties. The question of whether a sanctions-compliance clause constitutes a material breach entitling termination is now a recurring issue in commercial litigation. Our earlier analysis of sanctions screening obligations for Polish companies addresses foundational compliance questions that underpin these disputes.

The strategic implication is clear. Sanctions compliance is no longer a back-office function managed by junior compliance staff. It is a board-level risk that requires legal counsel with expertise in both EU sanctions law and Polish enforcement mechanisms. Companies that invest in programme design now will be better positioned when AMLA supervision begins and when transposed criminal provisions take effect. Companies that do not will face a compressed remediation timeline under enforcement pressure – which is the worst possible time to build a programme from scratch.

A specific compliance gap in your company's screening programme requires assessment before enforcement action makes remediation irreversible. Waiting until a regulator identifies the deficiency forfeits the ability to self-report and negotiate reduced exposure.

To receive an expert assessment of your sanctions screening programme and enforcement exposure, contact info@kordeckipartners.com.

Frequently asked questions

Q: Does a small Polish company with no financial sector activities need a formal sanctions screening programme?

A: Yes. EU sanctions regulations apply to all legal entities established in Poland, regardless of sector or size. The obligation to avoid transacting with listed persons is unconditional. What proportionality allows is calibrating the depth and frequency of screening to the actual risk profile of the company's counterparties. A company with a small number of domestic suppliers faces different obligations than a large exporter, but neither is exempt. Documenting the risk-based approach taken is itself part of the compliance requirement.

Q: How long does it take to build a compliant screening programme, and what does it cost?

A: For a mid-sized non-financial company, a baseline programme covering policy design, list integration, escalation procedures, and staff training can be implemented within 6 to 8 weeks. Legal advisory fees for programme design typically range from PLN 15,000 to PLN 50,000 depending on complexity. Technology costs for automated screening tools vary widely. The more relevant cost comparison is against a single administrative fine of PLN 20 million or the reputational cost of de-banking. Programme investment is a fraction of the downside.

Q: Is it a misconception that screening only matters at onboarding?

A: It is a common and dangerous misconception. Sanctions lists are updated continuously – sometimes daily during active conflict periods. A counterparty who was clean at onboarding may be designated six months later. Ongoing screening obligations require companies to re-screen existing relationships at defined intervals and to trigger re-screening whenever a material change in circumstances occurs, such as a change in beneficial ownership or a new transaction above a defined threshold. Onboarding-only screening creates a compliance gap that grows with every list update.

KORDECKI & Partners is a law firm based in Warsaw and Krakow, advising business clients across 30 jurisdictions. Our team combines expertise in Polish and international law with a practical approach to sanctions compliance, commercial litigation, and arbitration Poland. We work with Polish entrepreneurs, foreign investors, and in-house legal teams navigating EU and domestic restrictive-measures regimes. To discuss your situation, contact info@kordeckipartners.com.

Disclaimer: This publication is provided for informational purposes only and does not constitute legal advice. The information herein should not be relied upon as a substitute for professional legal counsel tailored to your specific circumstances. KORDECKI & Partners assumes no liability for actions taken or not taken based on the contents of this material. For advice regarding your particular situation, please contact info@kordeckipartners.com.