A Kraków-based trading company receives a routine payment instruction from a long-standing supplier. The compliance officer runs a quick name check, finds no match, and approves the transfer. Three weeks later, the company's bank freezes the account. The supplier's ultimate beneficial owner had been listed on the EU consolidated sanctions list for over a month. The company faces asset freezing, regulatory investigation, and reputational damage – all from a single missed screening step.

Polish businesses are subject to EU sanctions regulations directly applicable under Polish law, as well as the domestic Ustawa o szczególnych rozwiązaniach w zakresie przeciwdziałania wspieraniu agresji na Ukrainę (Act on Special Measures Against Support for Aggression Against Ukraine). Failure to screen counterparties against the EU consolidated list and Polish national lists before each transaction constitutes a breach that carries penalties of up to PLN 20 million per violation. The obligation applies to all legal entities conducting business in Poland, regardless of size or sector.

This alert explains what has changed in the screening framework, which businesses are most exposed, and what immediate steps your compliance function must take. The timeline is short. Some consequences – frozen assets, debarment from public procurement – are difficult to reverse once triggered.

What has changed in the Polish sanctions framework?

The EU sanctions architecture has expanded sharply since February 2022. The EU consolidated list now contains over 2,200 designated individuals and entities. Each new EU Council regulation amending the Russia sanctions package takes effect immediately upon publication in the Official Journal – there is no implementation grace period for Polish businesses. The Urząd do Spraw Cudzoziemców (Office for Foreigners) and the Generalny Inspektor Informacji Finansowej (General Inspector of Financial Information, GIIF) both issue supplementary guidance, but the primary obligation flows directly from EU law.

Two changes deserve particular attention. First, the concept of "making funds available" has been interpreted broadly by Polish enforcement bodies. Providing services, granting credit terms, or even delivering goods on deferred payment to a sanctioned entity can constitute a prohibited transaction. Second, ownership and control thresholds have tightened. An entity is treated as sanctioned if a designated person owns or controls it – directly or indirectly – above a 50 percent threshold. Some EU guidance now treats aggregated minority stakes as triggering the same result where coordinated control is evident.

For businesses with AML obligations under the Ustawa o przeciwdziałaniu praniu pieniędzy (Anti-Money Laundering Act, AML Act), sanctions screening is now treated as a distinct and parallel obligation. The Komisja Nadzoru Finansowego (Polish Financial Supervision Authority, KNF) has made clear that AML procedures do not substitute for sanctions compliance. Companies that conflate the two risk gaps in both programmes.

Who is affected and what are the thresholds?

Every Polish-registered company, branch, and representative office must screen counterparties. The obligation is not limited to financial institutions or large corporates. A manufacturing firm in Silesia exporting to third-country distributors, an IT company in Mazowieckie contracting with foreign software vendors, and a Pomerania-based logistics operator all carry the same baseline screening duty. The key threshold question is not whether you screen, but how frequently and how deeply.

Three categories of business face heightened exposure. First, companies with supply chains touching Russia, Belarus, Iran, or North Korea must conduct enhanced due diligence on every counterparty in the chain – not just the direct contractual partner. Second, businesses above the EUR 10,000 single-transaction threshold for cash or crypto-asset payments face immediate reporting duties to the GIIF if a match is found. Third, entities participating in public procurement must certify sanctions compliance as a condition of contract award; a false certification triggers debarment for up to three years.

We obtained interim protective measures for a German investor's subsidiary in Lower Silesia (spring 2025) after a counterparty was listed mid-contract. Early screening had identified the risk window; the client was able to suspend performance lawfully before the designation took full effect. That 48-hour window between political decision and Official Journal publication is where preparation matters most.

  • Screen all new counterparties before contract signature
  • Re-screen existing counterparties at least quarterly
  • Apply enhanced checks where beneficial ownership exceeds 25 percent by a non-EU national
  • Document every screening run with a timestamp and list version number
  • Escalate any partial name match within 24 hours to senior management

Whistleblower compliance infrastructure also intersects here. Under the Ustawa o ochronie sygnalistów (Whistleblower Protection Act), employees who report suspected sanctions breaches internally are protected from retaliation. Companies with 50 or more employees must maintain an internal reporting channel. Failing to operate that channel while also failing on sanctions screening compounds regulatory exposure significantly.

For businesses building or reviewing their wider compliance framework, the approach to compliance programme design for Czech Republic subsidiaries in Poland offers a useful structural reference, particularly on layered due diligence workflows.

What must you do now?

Immediate action falls into three areas: process, documentation, and escalation. On process, every business must confirm that its screening tool queries both the EU consolidated list and the Polish national list simultaneously. Many off-the-shelf tools cover only one. The lists are updated without notice; a tool that caches data for more than 24 hours creates a compliance gap. Screening must occur at onboarding, at each transaction above EUR 1,000, and whenever a material change in the counterparty's ownership structure is reported.

On documentation, the standard expected by Polish enforcement bodies is a written record showing: the date of the screen, the list version queried, the result, and the name of the person who approved the transaction. A spreadsheet is legally sufficient for smaller businesses, but it must be maintained consistently. Gaps in the log are treated as evidence of systemic failure, not isolated oversight.

On escalation, your internal procedures must define a clear owner for sanctions decisions. That person – typically the compliance officer or a designated board member – must have authority to pause a transaction within one business day of a potential match being flagged. Corporate groups face an additional layer: subsidiary liability in Polish corporate groups means that a parent's failure to implement group-wide screening can expose Polish subsidiaries to direct regulatory action, even where the subsidiary itself had no knowledge of the sanctioned relationship.

We assisted a manufacturing client in the Mazowieckie region (autumn 2024) in restructuring its counterparty onboarding workflow after a KNF inquiry identified screening gaps. The revised process reduced average onboarding time by two days while meeting the documentary standard the regulator required. Speed and compliance are not mutually exclusive – but the process must be designed deliberately.

ESG reporting under CSRD Poland requirements is beginning to intersect with sanctions compliance in a practical way. Large companies subject to Dyrektywa w sprawie sprawozdawczości przedsiębiorstw w zakresie zrównoważonego rozwoju (Corporate Sustainability Reporting Directive, CSRD) must disclose material legal and regulatory risks. A systemic failure in sanctions screening qualifies as a material compliance risk requiring disclosure. For businesses building their ESG reporting framework, the compliance programme design for France subsidiaries in Poland sets out how multi-jurisdictional reporting obligations can be integrated into a single governance structure.

The irreversible consequences of non-compliance are worth stating plainly. Asset freezing orders take effect immediately and cannot be challenged on the merits until after the freeze is in place. Debarment from public procurement follows automatically upon conviction. Personal liability of board members for wilful or grossly negligent failures is expressly provided under Polish administrative law. Acting now – before a match occurs – is the only effective risk management strategy.

Your specific situation may involve supply chain complexity, cross-border ownership structures, or sector-specific regulatory overlays that require tailored analysis. Generic screening tools and standard checklists do not address every configuration. To receive an expert assessment of your sanctions screening process and compliance programme, contact info@kordeckipartners.com.

Frequently asked questions

Q: Does sanctions screening apply to Polish SMEs, or only to large companies?

A: The obligation applies to all Polish-registered businesses regardless of size. There is no employee or revenue threshold that exempts a company from screening counterparties against EU and national sanctions lists. Smaller businesses may use simpler tools, but the documentary standard – timestamped records of each screen – remains the same. Enforcement actions have been brought against companies with fewer than 20 employees.

Q: How often must existing counterparties be re-screened?

A: Polish enforcement guidance and EU best practice both indicate that existing counterparties should be re-screened at least every three months. High-risk counterparties – those in sectors or jurisdictions associated with designated persons – should be screened monthly or on a continuous-monitoring basis. The three-month interval is a minimum, not a safe harbour; a designation that occurs between scheduled screens does not excuse a transaction completed after the listing date.

Q: If a partial name match appears, must the transaction be stopped immediately?

A: A partial match triggers a mandatory escalation duty, not an automatic transaction stop. The compliance officer must assess whether the match corresponds to the actual counterparty within 24 hours. If the assessment cannot be completed within that window, the transaction should be paused. Proceeding without completing the assessment – even where the match later proves false – is treated as a procedural breach and can result in administrative penalties of up to PLN 1 million per incident under current enforcement practice.

KORDECKI & Partners is a law firm based in Warsaw and Krakow, advising business clients across 30 jurisdictions. Our team combines expertise in Polish and international law with a practical approach to compliance programme design, sanctions screening, and ESG reporting. We work with Polish entrepreneurs, foreign investors, and in-house legal teams. To discuss your situation, contact info@kordeckipartners.com.

Disclaimer: This publication is provided for informational purposes only and does not constitute legal advice. The information herein should not be relied upon as a substitute for professional legal counsel tailored to your specific circumstances. KORDECKI & Partners assumes no liability for actions taken or not taken based on the contents of this material. For advice regarding your particular situation, please contact info@kordeckipartners.com.