A Warsaw-based distributor wins a promising new contract with a supplier from a third country. The commercial team is ready to sign. Then someone asks: has this counterparty been screened against the EU consolidated sanctions list? Silence. No procedure exists. The contract is signed anyway – and three months later the firm's bank flags the payments and freezes the account.
Polish businesses are directly bound by EU sanctions regulations, which are self-executing and require no separate national implementing act. Any transaction with a designated person or entity is void by operation of law and may trigger criminal liability under Polish criminal law. The obligation to screen counterparties falls on the company itself – not on its bank, not on its lawyer, and not on the tax authority.
This guide sets out the sanctions screening process step by step: which lists to check, how to build an internal procedure, what common mistakes look like in practice, and how three types of Polish businesses – a manufacturer, an IT firm, and a foreign investor's subsidiary – should calibrate their approach. The guide also covers costs, timelines, and the questions clients ask most often.
Why does sanctions compliance matter for Polish companies?
Poland sits at the crossroads of EU trade and Eastern European supply chains. That geography creates real exposure. EU sanctions regulations – including those targeting Russia, Belarus, Iran, and North Korea – apply directly in Poland without any domestic transposition. The Urząd Komisji Nadzoru Finansowego (Polish Financial Supervision Authority, KNF) and the Generalny Inspektor Informacji Finansowej (General Inspector of Financial Information, GIIF) both oversee elements of sanctions enforcement. Criminal liability under Polish law can reach up to ten years' imprisonment for wilful violations.
The risk is not theoretical. Polish exporters, logistics firms, and professional service providers have all encountered account freezes, customs holds, and regulatory inquiries in the past two years. Missing a designated counterparty is not treated as an administrative slip – it is treated as a sanctions breach. The consequence is irreversible: a completed transaction with a listed entity cannot be "unwound" by subsequent compliance activity.
There is also an AML dimension. The ustawa o przeciwdziałaniu praniu pieniędzy (Anti-Money Laundering Act, AML Act) requires obliged entities to apply enhanced due diligence when dealing with high-risk third countries and politically exposed persons. Sanctions screening and AML customer due diligence overlap significantly. A firm that builds one procedure well can often satisfy both obligations with the same workflow.
ESG reporting under CSRD Poland frameworks increasingly treats sanctions compliance as a governance indicator. Investors and large counterparties now ask for evidence of screening procedures as part of supplier onboarding. A missing procedure costs not only regulatory exposure – it costs contracts.
What does a step-by-step sanctions screening process look like?
A functioning sanctions screening process has five stages. Each stage has a defined owner, a time budget, and a documented output. The entire cycle for a straightforward counterparty check should take no more than 48 hours. Complex cases – involving layered ownership or third-country intermediaries – may take five to seven working days.
Stage 1 – Identify the screening trigger. Screening is not a one-time event. It is triggered by: onboarding a new counterparty, renewing a contract, processing a payment above EUR 10,000, or receiving an alert from a compliance tool. Each trigger must be defined in the written procedure. Without a trigger map, screening happens randomly.
Stage 2 – Collect counterparty data. The minimum dataset is: full legal name, registered address, country of incorporation, ultimate beneficial owner (UBO) to the 25% threshold, and any known trade names or aliases. For natural persons: full name, date of birth, nationality. Incomplete data is the single most common cause of false negatives in screening.
Stage 3 – Run the check against mandatory lists. Polish businesses must check at minimum:
- The EU consolidated list of persons, groups, and entities subject to EU financial sanctions (updated daily by the Urząd Publikacji Unii Europejskiej, EU Publications Office)
- The UN Security Council consolidated sanctions list
- The OFAC Specially Designated Nationals list (relevant for USD transactions and US-nexus supply chains)
Checking only one list is a common and costly mistake. A counterparty may appear on the UN list but not yet on the EU list, or vice versa.
Stage 4 – Assess matches and false positives. Screening tools generate hits. Not every hit is a true match. The compliance officer must compare name spelling variants, dates of birth, and addresses. The assessment must be documented. A documented false-positive determination protects the firm if the transaction is later questioned.
Stage 5 – Record, escalate, or clear. If the counterparty is clear: record the screening result and proceed. If there is a potential match: escalate to senior management and legal counsel immediately. Do not proceed with the transaction until the match is resolved. Transactions completed during an unresolved escalation carry full liability exposure.
We secured a clearance outcome for a manufacturing client in Mazowieckie (autumn 2025) whose counterparty triggered a false positive on the EU list due to a transliteration variant of an Arabic name. Proper documentation of the false-positive determination allowed the client to proceed without regulatory exposure.
How should different types of Polish businesses calibrate their screening?
Screening intensity should match the business model. A one-size-fits-all approach wastes resources in low-risk contexts and under-invests in high-risk ones. Three scenarios illustrate the calibration logic.
Scenario 1 – Manufacturing exporter (Silesia). A mid-size manufacturer exports machinery components to distributors in Turkey, UAE, and Kazakhstan. Its risk profile is elevated: dual-use goods, multiple third-country hops, and frequent new counterparties. This firm needs automated screening software (annual cost: EUR 3,000–8,000 depending on volume), a dedicated compliance officer with at least 20% of their time allocated to sanctions, and re-screening of all active counterparties every 30 days. The written procedure should also cover export control classification, since sanctions and export controls overlap for dual-use goods.
Scenario 2 – IT services firm (Warsaw). A software house provides development services to clients in Western Europe and the US. Direct sanctions exposure is lower, but the firm handles USD invoices and occasionally onboards freelance developers from CIS countries. The appropriate approach is a lightweight procedure: manual screening on onboarding, re-screening annually, and a clear escalation path to a compliance lawyer Warsaw-based or remote. Cost: primarily internal time, roughly 4–6 hours per month. This firm should also check whether any of its software products fall within technology export restrictions.
Scenario 3 – Foreign investor's subsidiary (Lower Silesia). A German parent company establishes a Polish subsidiary to source from Eastern European suppliers. The subsidiary is caught by both EU sanctions (as a Polish entity) and potentially by German foreign trade law (as a controlled entity of a German parent). This is the most complex scenario. The subsidiary needs a procedure that satisfies both frameworks. It should document which list versions it checked and when – because the German parent's auditors will ask. We assisted a foreign investor in Lower Silesia (spring 2025) in building a dual-framework procedure that passed both Polish and German internal audit review within six weeks of implementation.
For all three scenarios, the compliance programme design benefits from cross-referencing sector-specific guidance. For Netherlands-headquartered groups with Polish operations, the approach described in our guide on compliance programme design for Netherlands subsidiaries in Poland provides a useful structural framework.
For bridge+CTA placement:
Your firm's specific exposure depends on its counterparty geography, transaction volumes, and ownership structure. Acting without a documented procedure forfeits the only available defence in a regulatory inquiry – demonstrating reasonable care. To receive an expert assessment of your sanctions screening setup, contact info@kordeckipartners.com.
What are the most common mistakes – and how do you avoid them?
Mistakes in sanctions screening fall into three categories: procedural gaps, data quality failures, and over-reliance on technology. Each category has a different fix.
Procedural gaps are the most frequent. The most damaging is the absence of a re-screening schedule. Screening a counterparty once at onboarding and never again is legally insufficient. Designations happen continuously. The EU updates its consolidated list multiple times per week. A counterparty that was clean in January may be listed by March. Firms should re-screen all active counterparties at least every 30 days, and immediately upon any public announcement of new sanctions packages.
Data quality failures are the second category. Screening a counterparty under the wrong name – a trade name rather than the legal name, or a transliterated name that differs from the list entry – produces false negatives. The UBO chain is the other common failure point. Screening the immediate counterparty but not its 50%-plus owner leaves a significant gap. EU sanctions regulations expressly catch entities owned or controlled by designated persons, even if the entity itself is not listed.
Over-reliance on technology is the third category. Automated tools are necessary for volume, but they are not infallible. A tool that is not configured for Cyrillic-to-Latin transliteration will miss Russian-name variants. A tool that is not updated daily will lag behind new designations. Whistleblower compliance mechanisms and internal audit functions should periodically test the screening tool with known positive cases to verify detection rates.
There is also a contractual dimension that firms overlook. Sanctions clauses in commercial contracts – allowing either party to terminate if the other becomes a designated person – are now standard in cross-border agreements. Firms that do not include such clauses face difficulties exiting contracts cleanly if a counterparty is later listed. A compliance lawyer reviewing standard contract templates can address this in a single session.
For Ukrainian and CIS counterparties specifically, the considerations are layered. Our guide on compliance programme design for Ukraine subsidiaries in Poland addresses the intersection of sanctions, AML, and corporate governance for this counterparty profile.
What does a sanctions screening procedure cost – and what should you prepare?
Cost depends on firm size, transaction volume, and risk appetite. The honest answer is that a basic but defensible procedure is affordable for most Polish businesses. A sophisticated procedure for high-volume exporters requires a larger investment – but the cost of a single sanctions breach (account freeze, regulatory fine, reputational damage) dwarfs any compliance budget.
For a small or medium-sized firm with up to 50 counterparties: internal time cost of approximately 8–12 hours to draft the written procedure, plus annual software cost of EUR 0–2,000 for a basic screening tool. Many firms begin with free EU list access and manual checks, which is legally acceptable if documented properly.
For a firm with 50–500 active counterparties: a commercial screening tool in the EUR 3,000–8,000 per year range, plus legal review of the written procedure (typically 4–8 hours of counsel time). Total first-year cost: EUR 5,000–12,000. Ongoing annual cost: EUR 3,000–8,000.
For a large exporter or financial institution: enterprise screening platforms, integration with ERP systems, and dedicated compliance staffing. Costs vary significantly and are best assessed case by case.
What to prepare before engaging a compliance lawyer:
- A list of your top 20 counterparties by transaction volume, with their legal names and countries of incorporation
- A description of your current onboarding process (if any)
- Any existing internal compliance documents, even if outdated
- The names of any third-country intermediaries in your supply chain
- Your standard commercial contract template, to review for sanctions clauses
The pre-pack sale procedure – relevant when a firm faces insolvency partly triggered by a sanctions freeze – follows a different timeline and logic. For context on that adjacent risk, see our overview of the pre-pack sale in Poland procedure and timeline.
A specific gap in your firm's procedure creates irreversible exposure the moment a designated counterparty passes through undetected. To discuss how a sanctions screening procedure applies to your business, email info@kordeckipartners.com.
Frequently asked questions
Q: How often must a Polish company re-screen its existing counterparties?
A: EU sanctions law does not specify a fixed re-screening interval, but the standard of reasonable care requires screening to be continuous in practice. Most compliance programmes set a minimum cycle of 30 days for active counterparties, with immediate re-screening triggered by any new EU or UN sanctions package. Firms in high-risk sectors – logistics, financial services, commodities trading – typically screen weekly or use real-time monitoring tools. Failure to re-screen is not a mitigating factor in enforcement; regulators treat it as a procedural failure.
Q: Does a Polish company need to screen if it only deals with EU-based counterparties?
A: This is a common misconception. EU registration does not guarantee sanctions compliance. A company incorporated in Germany or the Netherlands may itself be owned or controlled by a designated person – and EU sanctions regulations expressly extend to entities owned or controlled by listed individuals, regardless of where the entity is registered. Screening should always follow the UBO chain, not just the immediate legal counterparty. The cost of skipping this step is full liability exposure.
Q: What is the relationship between sanctions screening and AML obligations for Polish firms?
A: The AML Act and EU sanctions regulations are separate legal frameworks, but their practical requirements overlap significantly. Both require identification of the ultimate beneficial owner, assessment of high-risk jurisdictions, and documentation of due diligence steps. Firms subject to the AML Act – banks, payment institutions, law firms, accountants, real estate agents – can often satisfy sanctions screening requirements within the same customer due diligence workflow. However, the lists checked, the escalation paths, and the documentation standards differ. A combined procedure designed by a compliance lawyer reduces duplication and ensures both frameworks are satisfied.
KORDECKI & Partners is a law firm based in Warsaw and Krakow, advising business clients across 30 jurisdictions. Our team combines expertise in Polish and international law with a practical approach to sanctions compliance, ESG reporting, and regulatory risk management. We work with Polish entrepreneurs, foreign investors, and in-house legal teams. To discuss your situation, contact info@kordeckipartners.com.
Disclaimer: This publication is provided for informational purposes only and does not constitute legal advice. The information herein should not be relied upon as a substitute for professional legal counsel tailored to your specific circumstances. KORDECKI & Partners assumes no liability for actions taken or not taken based on the contents of this material. For advice regarding your particular situation, please contact info@kordeckipartners.com.