Sanctions screening obligations for Polish

A Warsaw-based trading company receives a purchase order from a new client. The commercial terms look attractive. The client's name, however, appears on a list maintained by the Office of Foreign Assets Control – a detail no one checks before the invoice goes out. The transaction closes. Six months later, a freeze notice arrives. The cost of that missed screening step now exceeds the value of the original deal several times over.

Polish companies are subject to a layered sanctions screening obligation that combines EU directly applicable regulations, Polish national law implementing those regulations, and – for entities with US-dollar exposure – extraterritorial US measures. The primary domestic framework is the Act on Special Measures Against the Propagation of Aggression Against Ukraine and for the Protection of National Security, supplemented by EU Council regulations imposing asset freezes and transaction prohibitions. Failure to screen before a transaction is completed can result in administrative fines, criminal liability for management, and the irreversible freezing of assets – consequences that no subsequent remediation can fully undo.

This analysis covers the doctrinal foundations of Polish screening obligations, the practical scope of entities affected, cross-border complications for foreign-invested companies, strategic implementation questions, and the enforcement outlook heading into 2026. Each section opens with a direct answer to a practitioner question and closes with actionable guidance. The framework described here applies to companies of all sizes; the complexity of the obligation scales with the volume and geography of counterparty relationships.

What is the legal basis for sanctions screening in Poland?

Polish screening obligations rest on three interlocking layers. First, EU regulations are directly applicable and require no domestic implementing act to bind Polish entities. Second, the Act on Special Measures Against the Propagation of Aggression Against Ukraine (commonly called the "Sanctions Act") established the national register of persons subject to asset freezes and assigned enforcement responsibilities to the Minister of Internal Affairs and the Head of the National Revenue Administration (Krajowa Administracja Skarbowa, KAS). Third, the Financial Intelligence Unit (Generalny Inspektor Informacji Finansowej, GIIF) – the Polish anti-money laundering authority – has issued guidance treating sanctions breaches as a predicate to AML reporting obligations, creating a second enforcement channel.

The EU regulations at the heart of the framework are those imposing restrictive measures against Russia and Belarus. These regulations list designated persons and entities and prohibit any natural or legal person from making funds or economic resources available to them. The prohibition applies regardless of whether the Polish company knew of the designation, which means the obligation is strict in character. A good-faith argument does not eliminate liability; it may, in limited circumstances, reduce the penalty.

The Sanctions Act created a domestic list that supplements but does not replace the EU list. Entries on the Polish list can move faster than EU Council decisions. This matters because a counterparty may be listed domestically before the EU designation is formally published. Companies relying only on EU list checks therefore face a gap. The first concrete figure to hold: under the Sanctions Act, domestic asset freezes take effect immediately upon publication in the Official Gazette, with no grace period for existing contracts.

EU Council regulations (directly applicable, no transposition needed)
Sanctions Act – domestic list administered by the Minister of Internal Affairs
KAS enforcement authority over trade and financial flows
GIIF oversight creating parallel AML reporting obligations
US OFAC extraterritorial reach for USD-denominated or US-nexus transactions

Which Polish companies are affected by screening obligations?

Every legal person incorporated in Poland is bound by EU regulations and by the Sanctions Act. The obligation is not limited to financial institutions or regulated entities. A manufacturing company in Silesia shipping components to a distributor in a third country, an IT services provider in Mazowieckie billing a foreign client, and a logistics operator in Pomerania moving cargo across multiple jurisdictions are all within scope. The screening duty applies at the moment of any transaction – meaning before goods are shipped, services are rendered, or payments are processed.

The scope broadens further for entities that are "obligated institutions" under the Act on Counteracting Money Laundering and Terrorist Financing (Ustawa o przeciwdziałaniu praniu pieniędzy oraz finansowaniu terroryzmu, AML Act). Banks, payment institutions, law firms, accountants, and real estate agents fall into this category. For these entities, sanctions screening is also a component of customer due diligence, and the frequency of re-screening is higher – the GIIF guidance recommends re-screening existing clients whenever a new transaction is initiated, not only at onboarding.

A question practitioners hear regularly: does the obligation extend to screening beneficial owners, not just the named counterparty? The answer under EU regulations is yes. Where a designated person owns or controls more than 50% of a legal entity, that entity is itself treated as designated – even if its own name does not appear on any list. This "50% rule" is the most common source of missed hits in corporate structures with opaque ownership. We secured a reversal of a compliance penalty for a manufacturing client in the Mazowieckie region (autumn 2025) precisely because the regulator had failed to demonstrate that the 50% threshold was met through documented ownership analysis, rather than assumption.

How does the cross-border dimension complicate compliance for foreign-invested companies?

For a German investor whose Polish subsidiary transacts in euros and US dollars, the screening obligation is not simply a question of Polish law. EU regulations bind the subsidiary directly. US OFAC rules apply if the transaction touches the US financial system – which virtually any dollar payment does. The practical result is that the Polish entity must maintain two parallel screening processes: one against EU and domestic lists, one against the OFAC Specially Designated Nationals (SDN) list. These lists do not always overlap, and the timing of updates differs.

The cross-border complication intensifies when the Polish company is part of a group with operations in jurisdictions that have adopted their own autonomous sanctions regimes – the United Kingdom, Switzerland, Canada, and Australia each maintain lists that diverge from the EU consolidated list in material respects. A group-wide compliance policy drafted to the EU standard will under-screen for transactions processed through UK or Swiss entities. The Polish subsidiary, if it acts as a booking entity or provides shared services to those entities, may be exposed to secondary liability arguments.

A concrete figure: the EU consolidated sanctions list is updated on average more than 300 times per year. Manual checking against a static spreadsheet is structurally inadequate. Companies relying on periodic batch screening – rather than real-time checks at the point of transaction initiation – will, with near certainty, process at least one prohibited transaction annually if their counterparty base is large. For cross-border investors managing both dispute resolution for Ukraine companies doing business in Poland and broader Central European exposure, the intersection of Ukrainian sanctions lists with EU measures creates additional complexity that is frequently underestimated.

The KAS has cooperation agreements with customs authorities across the EU single market. A sanctions breach identified by a foreign customs authority can trigger a parallel KAS investigation in Poland within days. This extraterritorial enforcement feedback loop means that a Polish company cannot treat a transaction as "closed" simply because payment has cleared. The risk window extends for as long as the statute of limitations for administrative sanctions – currently five years from the date of the prohibited act.

What are the strategic elements of an effective screening programme?

An effective screening programme has four operational components: list coverage, matching logic, workflow integration, and documentation. List coverage means subscribing to all lists relevant to the company's transaction geography – at minimum the EU consolidated list and the Polish domestic list, and for any USD-denominated transaction, the OFAC SDN list. Matching logic refers to the algorithm used to compare counterparty names against list entries. Exact-match tools are insufficient; transliteration variants, name-order reversals, and phonetic similarities all generate true positives that exact matching misses.

Workflow integration is where most programmes fail. Screening must occur before transaction approval, not as a post-processing audit. This requires embedding the screening tool into the order management, procurement, or payment approval workflow so that a positive match generates a hold – not a log entry that someone reviews next week. A 72-hour hold pending legal review is a defensible operational design. Processing a transaction despite a pending match is not.

Documentation is the element regulators scrutinise most closely in enforcement proceedings. A company that screened correctly but cannot demonstrate it – no timestamp, no list version, no analyst sign-off – will be treated as a company that did not screen at all. The minimum documentation standard is: date and time of screening, list version used, result (no match / potential match / confirmed match), analyst identity, and disposition decision with rationale. Retaining this documentation for five years satisfies the statutory limitation period.

We obtained interim protective measures for a German investor's subsidiary in Lower Silesia (spring 2026) in a dispute arising from a contract that had been suspended following a sanctions match. The case illustrated a secondary strategic point: a well-documented screening decision – one that shows the company acted promptly and in good faith upon identifying a potential match – is the single most effective piece of evidence in defending against a regulator's claim that the company was reckless. Without that documentation, the legal position deteriorates rapidly. Companies developing their IP or technology operations should also consider that sanctions exposure can affect licensing arrangements and technology transfer agreements – a point addressed further in our analysis of IP protection strategy for Polish tech companies.

What to prepare before a KAS audit:

Written sanctions compliance policy approved by the management board
List of all screening tools used, with version history and update frequency
Transaction logs showing screening timestamps and results for the past five years
Records of positive matches and disposition decisions, including legal sign-off
Evidence of staff training completed within the past 12 months

To receive an expert assessment of your company's current screening programme and its exposure to KAS enforcement, contact info@kordeckipartners.com.

What is the enforcement outlook for sanctions screening in Poland heading into 2026?

Polish enforcement of sanctions obligations has intensified materially since 2022. KAS has expanded its dedicated sanctions unit and increased the frequency of compliance inquiries directed at trading companies, logistics operators, and financial intermediaries. The GIIF has coordinated with the European Banking Authority on supervisory convergence, meaning that the standard applied in Polish enforcement proceedings is increasingly aligned with the standard applied in Germany, France, and the Netherlands – jurisdictions with longer enforcement histories and higher fine levels.

Administrative fines under the Sanctions Act can reach PLN 20 million per violation. Criminal liability for management board members is a separate track: directors who knowingly authorise a prohibited transaction face imprisonment of up to three years under the Polish Criminal Code. The irreversible consequence is not only financial – a criminal conviction for a sanctions breach forfeits the director's right to serve on any supervisory or management board for a period set by the court, typically between three and ten years. This personal liability exposure is the most effective motivator for board-level attention to compliance programme quality.

The enforcement outlook is shaped by three trends. First, the EU is moving toward mandatory real-time screening requirements for payment service providers, with a legislative proposal expected in the second half of 2026. Polish payment institutions will be among the first affected. Second, the EU's work on a new sanctions enforcement directive is likely to harmonise minimum penalties across member states – which will push Polish fine levels upward from their current floor. Third, KIO appeal proceedings (arbitration before the National Appeals Chamber) involving public procurement contracts are increasingly scrutinised for sanctions compliance: a contracting authority that awards a contract to a company with undisclosed sanctions exposure faces its own liability, creating a private enforcement dynamic through the procurement channel.

Companies with existing exposure should act now. The window to self-remediate – to identify past misses, report them voluntarily, and negotiate a penalty reduction – is narrower than most boards assume. Voluntary disclosure to KAS within 30 days of identifying a breach is the threshold that triggers the reduced-penalty track under the Sanctions Act. After that deadline, the full administrative fine applies and the criminal referral risk increases. For companies wanting a deeper view of how disputes arising from sanctions-related contract suspensions are resolved, our dedicated analysis at sanctions screening obligations for Polish companies provides additional doctrinal context.

Specific situations your company faces require a precise legal response. A missed screening hit, an ongoing KAS inquiry, or a contract suspended on sanctions grounds each carries irreversible consequences if not addressed within the applicable statutory window. Delay forfeits the voluntary disclosure reduction and may convert an administrative matter into a criminal one.

If your company has transacted with counterparties in high-risk jurisdictions, received a KAS inquiry, or has not yet implemented a formal screening programme – we will conduct a rapid compliance gap analysis, identify exposure under both EU and Polish law, and design a remediation roadmap with defensible documentation: info@kordeckipartners.com.

Frequently asked questions

Q: Does a small Polish company with no international operations need a formal sanctions screening programme?

A: Yes. The obligation under EU regulations and the Sanctions Act applies to all legal persons incorporated in Poland, regardless of size or the domestic character of their operations. A company supplying goods to a Polish distributor who then re-exports them to a sanctioned jurisdiction may still be in the transaction chain for purposes of EU prohibitions. A written policy and basic list-checking process – even a manual one – is the minimum defensible standard for a company with limited cross-border exposure. The absence of any documented process is treated as an aggravating factor in enforcement proceedings.

Q: How long does a sanctions compliance audit typically take, and what does it cost?

A: A focused gap analysis covering list coverage, workflow integration, and documentation for a mid-sized trading company typically takes between two and four weeks. The output is a written report identifying specific deficiencies and a prioritised remediation plan. Cost varies with the complexity of the counterparty base and the number of jurisdictions involved, but most gap analyses for companies without prior enforcement contact fall within a range that is a fraction of the minimum administrative fine. Investing in the audit before a KAS inquiry is structurally cheaper than responding to one.

Q: Is it a misconception that sanctions only apply to transactions with Russian or Belarusian counterparties?

A: It is a common and dangerous misconception. The EU maintains sanctions regimes against more than 30 jurisdictions, including Iran, North Korea, Syria, Myanmar, and Venezuela, among others. The Polish domestic list can include persons connected to any of these regimes. OFAC sanctions reach far beyond Russia and Belarus. A company that has calibrated its screening solely to the Russia/Belarus context – the most prominent regime since 2022 – will have blind spots across a significant portion of the global sanctions architecture. The correct approach is to screen against the full EU consolidated list, the Polish domestic list, and, where applicable, OFAC and UK lists.

KORDECKI & Partners is a law firm based in Warsaw and Krakow, advising business clients across 30 jurisdictions. Our team combines expertise in Polish and international law with a practical approach to sanctions compliance, commercial disputes, and cross-border transaction risk. We work with Polish entrepreneurs, foreign investors, and in-house legal teams navigating EU and domestic sanctions frameworks. To discuss your situation, contact info@kordeckipartners.com.