A Warsaw-based distributor receives a new purchase order from a long-standing supplier. The counterparty name looks familiar. Nothing flags internally. Three weeks later, the company discovers the supplier's parent entity was listed on the EU consolidated sanctions list two months earlier. The transaction is now frozen, the bank demands explanations, and the board faces personal liability questions. This scenario is not hypothetical – it reflects cases handled across Poland in recent months.

Polish businesses are required to screen counterparties against applicable sanctions lists before entering into any transaction. The obligation flows from EU regulations that are directly applicable in Poland, enforced by the Office of Foreign Assets Control equivalent – the Generalny Inspektor Informacji Finansowej (General Inspector of Financial Information, GIIF) – alongside the Urząd Ochrony Konkurencji i Konsumentów (Office of Competition and Consumer Protection, UOKiK). Failure to screen exposes the company and its directors to administrative penalties reaching EUR 1 million or more, as well as criminal liability.

This alert explains what has changed in the sanctions screening framework, which businesses are directly affected, and what immediate steps your compliance team must take. The structure follows three points: the regulatory shift, the threshold triggers, and a concrete action checklist.

What has changed in the Polish sanctions screening framework?

The screening obligation is not new. What has changed is enforcement intensity and the breadth of the designated-person perimeter. Since mid-2022, the EU has expanded its sanctions packages at an accelerated pace. Each new package extends the list of designated individuals, entities, and sectors. Polish authorities – including the Narodowy Bank Polski (National Bank of Poland, NBP) and the GIIF – have issued guidance making clear that real-time list monitoring is now expected, not periodic batch checks.

The practical consequence is significant. A counterparty that was clean at contract signature may be designated before invoice settlement. Under EU sanctions law, the obligation to freeze assets and refrain from making funds available arises at the moment of designation – not at the moment of discovery. That gap creates liability even for businesses acting in good faith, unless they can demonstrate a functioning screening process was in place.

AML obligations under Polish anti-money laundering legislation reinforce this. Obligated institutions – banks, law firms, accountants, real estate agents, and certain trading companies – must conduct enhanced due diligence when sanctions risk is elevated. The GIIF can audit screening procedures and impose fines of up to PLN 1 million per breach on non-financial sector entities.

Who is affected and what are the thresholds?

Every Polish legal entity that transacts with counterparties in sanctioned jurisdictions, or that handles goods with dual-use potential, falls within scope. There is no minimum revenue threshold. A sole-trader company importing electronic components is as exposed as a listed group. The key triggers are: the nationality or registration of the counterparty, the beneficial ownership chain, and the nature of the goods or services exchanged.

Three categories face heightened exposure. First, companies with supply chains touching Russia, Belarus, Iran, or North Korea. Second, businesses with counterparties registered in jurisdictions that appear on the EU high-risk third-country list for AML purposes. Third, any entity that is itself an obligated institution under Polish AML law – the screening duty here is statutory and auditable.

Ownership thresholds matter. EU sanctions regulations apply to entities owned or controlled – directly or indirectly – by a designated person. The control threshold is typically 50% ownership or effective decision-making power. This means a counterparty with a clean registration can still be a prohibited party if a sanctioned individual holds a majority stake upstream. Screening the registered name alone is insufficient. (We have seen this ownership-chain gap cause frozen payments for a manufacturing client in Mazowieckie – autumn 2025 – where the immediate supplier was clean but its parent was not.)

For businesses designing or updating their compliance programme, the compliance programme design framework for subsidiaries operating in Poland provides a useful structural reference. ESG reporting obligations under CSRD Poland are also increasingly intersecting with sanctions disclosures, particularly for larger entities subject to mandatory due diligence on supply chains.

What must your business do now?

Speed matters. Designation lists update without advance notice. A screening process that runs weekly is no longer adequate for high-volume or high-risk transaction flows. The following checklist reflects minimum expectations under current regulatory guidance.

  • Screen all new counterparties against the EU consolidated list, UN list, and OFAC SDN list before contract execution – not after.
  • Implement automated or daily-refresh screening for existing counterparty databases, with alerts triggered by any new designation.
  • Map beneficial ownership to the 50% control threshold for all non-EEA counterparties and flag any gaps for enhanced due diligence.
  • Assign a named compliance officer responsible for sanctions screening, with documented escalation procedures for flagged matches.
  • Retain screening records for at least five years – the standard audit retention period under Polish AML law.

Whistleblower compliance infrastructure supports this process. Internal reporting channels – required for companies above 50 employees under the Polish whistleblower protection law – should explicitly cover sanctions concerns. Staff who identify a potential match must have a clear, protected route to escalate without fear of retaliation. This is not optional for in-scope employers.

Foreign investors and subsidiaries should also review how their group-level sanctions policy maps onto Polish law. Group policies drafted under UK or US law do not automatically satisfy EU regulatory requirements. For France-based or Luxembourg-based groups with Polish operations, the alignment exercise is particularly important – see our analysis of compliance programme design for France subsidiaries in Poland and the parallel guidance for Luxembourg subsidiaries. Our team assisted a technology distributor in Silesia (winter 2026) in aligning its group sanctions policy with Polish AML and EU sanctions requirements within a six-week window – avoiding a potential GIIF audit finding.

The irreversible consequence of a missed screening is asset freezing. Once a transaction is flagged post-execution, the business cannot unilaterally reverse it. Funds remain frozen pending GIIF authorisation, which can take months. That operational disruption – not just the fine – is what makes a functioning screening process a business-critical control, not a box-ticking exercise.

For a tailored assessment of your current sanctions screening process and compliance gaps, contact info@kordeckipartners.com. Our team will review your counterparty onboarding workflow, screening tool coverage, and escalation procedures – and identify any exposures before an audit does.

Frequently asked questions

Q: Does sanctions screening apply to Polish companies that do not export goods?

A: Yes. The obligation covers any transaction – purchase, service, payment – where the counterparty or its beneficial owner is a designated person. Import-only businesses and domestic service providers are equally in scope if their supply chain touches sanctioned jurisdictions or persons. There is no export-only carve-out under EU sanctions law.

Q: How often must a Polish business update its sanctions screening?

A: For high-risk counterparties and high-volume transaction flows, daily or real-time screening is expected under current GIIF guidance. At minimum, all existing counterparty records should be rescreened whenever a new EU sanctions package enters into force – typically every few weeks at present. A purely annual review is no longer sufficient and will not satisfy an audit.

Q: Can a compliance lawyer in Warsaw help structure a sanctions screening programme?

A: A compliance lawyer Warsaw-based can map your specific transaction flows against applicable list obligations, draft internal screening procedures, and prepare documentation for GIIF or bank inquiries. Legal advice is particularly valuable where beneficial ownership chains are complex or where group-level policies need to be reconciled with Polish and EU requirements. The Pillar Two compliance steps for Polish subsidiaries illustrates how multi-layer regulatory obligations can be structured in a single integrated programme.

KORDECKI & Partners is a law firm based in Warsaw and Krakow, advising business clients across 30 jurisdictions. Our team combines expertise in Polish and international law with a practical approach to ESG compliance, sanctions screening, and AML programme design. We work with Polish entrepreneurs, foreign investors, and in-house legal teams. To discuss your situation, contact info@kordeckipartners.com.

Disclaimer: This publication is provided for informational purposes only and does not constitute legal advice. The information herein should not be relied upon as a substitute for professional legal counsel tailored to your specific circumstances. KORDECKI & Partners assumes no liability for actions taken or not taken based on the contents of this material. For advice regarding your particular situation, please contact info@kordeckipartners.com.