Sanctions screening obligations for Polish

A Kraków-based IT distributor wins a public tender, signs the contract, and begins onboarding its new counterparty. Three weeks later, the company's bank freezes the transaction. The reason: the counterparty's beneficial owner appears on the EU consolidated sanctions list – a fact no one checked before signing. The contract is now unenforceable, the advance payment is blocked, and the company faces a regulatory inquiry. The loss is not hypothetical. It is already locked in.

Polish companies are subject to a layered sanctions screening regime drawn from EU regulations, the Polish Act on Special Economic Measures (the Sanctions Act), and sector-specific rules enforced by the General Inspector of Financial Information (GIIF). The obligation to screen counterparties applies to virtually all commercial entities – not only banks. Failure to screen before a transaction is concluded can result in asset freezes, contract voidance, and personal liability for management board members.

This page explains the legal framework, the instruments you must consult, the most common compliance failures, and the cross-border dimension that catches Polish exporters and importers off guard. A self-assessment checklist is included at the end of each substantive section.

What legal framework governs sanctions screening in Poland?

Polish sanctions compliance sits at the intersection of three regulatory layers. The primary source is EU sanctions law – directly applicable regulations that impose asset-freezing and prohibition obligations on all natural and legal persons within the EU. The second layer is domestic: the Polish Act on Special Economic Measures Against Entities Affected by Extraterritorial Sanctions and Other Acts of International Law (the Sanctions Act). The third layer consists of sector-specific obligations enforced by the Polish Financial Supervision Authority (KNF) and the General Inspector of Financial Information (GIIF), Poland's financial intelligence unit registered with the Ministry of Finance.

EU regulations are self-executing. They require no implementing act in Poland. The moment a name appears on the EU consolidated list – maintained by the European External Action Service – the prohibition on making funds or economic resources available to that person applies immediately. Polish companies cannot invoke lack of knowledge of the list update as a defence. The obligation is strict.

The Sanctions Act adds a domestic enforcement layer. It designates competent authorities, sets out the notification procedure, and establishes administrative penalties. Penalties for a single violation can reach PLN 20,000,000 for legal entities. That ceiling is not theoretical – enforcement has intensified since 2022.

The National Court Register (KRS) does not itself screen entities for sanctions exposure. Companies must conduct their own checks. Relying on KRS data alone – without cross-referencing the EU list, the UN consolidated list, and applicable OFAC designations – leaves a material compliance gap. This is the single most common structural failure we encounter in practice.

Which counterparties must be screened – and how often?

The screening obligation is not limited to direct contractual counterparties. Polish law, read together with EU regulations, requires companies to look through the corporate structure and identify beneficial owners (UBOs). A counterparty may itself be unsanctioned while being owned or controlled – directly or indirectly – by a designated person. That indirect exposure is sufficient to trigger the prohibition. The UBO threshold under the Polish Anti-Money Laundering Act is 25 percent ownership or control.

Frequency matters as much as depth. A one-time check at onboarding is insufficient. Sanctions lists are updated without advance notice. The EU has published over 15 amending regulations to the Russia sanctions package alone since February 2022. A counterparty cleared in January may be designated in March. Best-practice screening runs at least monthly for active counterparties and at every transaction milestone – contract signing, invoice issuance, payment dispatch.

Three categories of counterparty require enhanced screening:

Entities incorporated in jurisdictions subject to EU restrictive measures (Russia, Belarus, Iran, North Korea, Syria, and others)
Counterparties with UBOs who are politically exposed persons (PEPs)
Intermediaries and agents operating in high-risk trade corridors

We obtained a reversal of a KAS customs clearance suspension for a manufacturing client in the Silesia region (spring 2025), where the initial block arose from an unscreened intermediary in the supply chain. The resolution required tracing four layers of corporate ownership before the clean-ownership certificate could be presented to the authority. That process took 47 days and cost the client a delivery penalty under the supply contract.

The checklist for this stage: (1) obtain the counterparty's KRS extract or foreign equivalent; (2) map UBOs to the 25 percent threshold; (3) run names against the EU consolidated list, UN list, and any applicable US OFAC SDN list; (4) document the check with a timestamp; (5) set a calendar trigger for the next periodic review.

What are the most common screening failures – and what do they cost?

Practical experience across sanctions compliance engagements reveals a consistent pattern. The failures are not exotic. They are structural, repeatable, and expensive. Understanding them is the first step toward avoiding them.

The most frequent failure is name-matching without transliteration controls. Cyrillic names can be romanised in multiple ways. An automated system that checks only one spelling variant will miss designations recorded under alternative transliterations. A name appearing on the EU list as "Ivanov" may be entered in the company's CRM as "Iwanow." Both refer to the same person. The match fails. The transaction proceeds. The liability attaches.

The second failure is treating the EU list as the only relevant list. Polish exporters to the United States, or companies with USD-denominated transactions, face OFAC jurisdiction regardless of where they are incorporated. OFAC's 50 Percent Rule means that an entity majority-owned by a designated person is itself treated as designated – even if not named on the SDN list. This rule has no direct equivalent in EU law, but its consequences affect Polish companies transacting in US dollars through correspondent banks.

(It is also worth flagging that the UK sanctions list diverged from the EU list after Brexit. Polish companies with UK counterparties or UK-incorporated subsidiaries must run separate UK OFIS checks.)

The third failure is inadequate escalation protocol. When a potential match is flagged, companies frequently lack a written procedure for who decides whether to proceed, freeze, or report. Decisions are made ad hoc. Under the Sanctions Act, a company that identifies a potential match and fails to notify the GIIF within the prescribed period – generally 24 hours for financial institutions, and promptly for others – faces a separate penalty, independent of whether the underlying transaction was in fact prohibited.

For a tailored strategy on sanctions compliance architecture, reach out to info@kordeckipartners.com.

How do cross-border transactions complicate Polish screening obligations?

For a German investor operating a Polish subsidiary, or a Polish exporter selling into markets that intersect with sanctioned jurisdictions, the screening obligation does not stop at Polish borders. EU sanctions apply to conduct occurring anywhere in the EU and to EU-incorporated entities acting outside the EU. A Polish company that routes a transaction through a third-country intermediary to supply goods ultimately destined for a sanctioned end-user remains liable under EU law.

Dual-use goods present a specific complication. Poland's export control regime – administered by the Ministry of Economic Development and Technology – requires export licences for items on the EU dual-use list. The licensing requirement is independent of sanctions screening, but the two regimes interact. A transaction that clears sanctions screening may still be blocked at customs if the exporter lacks the appropriate export licence. The reverse is also true: a valid export licence does not cure a sanctions violation.

Cross-border employment adds another dimension. Companies using our employment law services in Poland sometimes discover that seconded staff from third-country entities require separate screening. A secondee whose home-country employer is designated under EU sanctions may trigger the "making economic resources available" prohibition simply by working on a project.

Enforcement cooperation between EU member states has increased since 2022. The Polish Ministry of Finance coordinates with Europol and peer financial intelligence units. A flag raised in Germany can trigger a review in Poland within days. Companies that assume their Polish entity is insulated from enforcement actions targeting their group elsewhere are taking a risk that materialises faster than most compliance teams expect.

We secured protective interim measures for a foreign investor's Polish subsidiary in the Mazowieckie region (autumn 2024), where a cross-border group restructuring had inadvertently created an indirect exposure to a designated entity. The intervention prevented an asset freeze that would have blocked EUR 3.5m in receivables. Acting before the formal designation took effect was the factor that made the difference.

For complex cross-border structures, the enforcement of foreign judgments in Poland may also become relevant. Our guides on enforcing an Italian judgment in Poland and enforcing a Slovak judgment in Poland address the procedural steps where sanctions-related disputes spill into litigation.

What internal controls does a compliant Polish company need?

Sanctions screening is not a one-time project. It is an ongoing control function. Polish companies that treat it as a box to tick at onboarding – rather than an embedded operational process – will face gaps the moment list updates accelerate or their counterparty structure changes. The control architecture needs to be proportionate to the company's exposure, but certain minimum elements are non-negotiable.

A written sanctions compliance policy is the baseline. It must identify the lists to be checked, the frequency of checks, the persons responsible, and the escalation path when a potential match is found. The policy should be reviewed at least annually and updated whenever a new EU sanctions package is adopted. Since 2022, packages have followed each other at intervals of weeks rather than months – the 14th Russia package was adopted in June 2024.

Screening technology matters. Manual checks against PDF lists are error-prone and not scalable. Automated screening tools with fuzzy-matching capability and API connections to live list feeds are standard practice for companies with more than 50 active counterparties. The tool's logic – including the matching threshold – should be documented and tested periodically.

What to prepare before a compliance review:

Written sanctions policy with version history and sign-off dates
Counterparty screening logs with timestamps for the previous 12 months
UBO mapping documentation for top-20 counterparties by transaction volume
Evidence of periodic list-update alerts (email subscriptions, API logs)
Escalation records showing how potential matches were resolved

Training is the element most frequently absent. Staff involved in procurement, sales, and finance need to understand what a sanctions match looks like and what they are required to do. A company whose compliance officer understands the regime but whose procurement team has never heard of the EU consolidated list has a policy, not a programme. The GIIF has signalled that adequacy of training will be an audit criterion in forthcoming inspections.

To receive an expert assessment of your company's current sanctions screening architecture, contact info@kordeckipartners.com.

Frequently asked questions

Q: Does the sanctions screening obligation apply to small and medium-sized Polish companies, or only to financial institutions?

A: The obligation applies to all legal and natural persons within the EU, regardless of size or sector. Financial institutions face additional obligations under the Anti-Money Laundering Act and GIIF supervision, but the core prohibition – not making funds or economic resources available to designated persons – binds every Polish company. A small trading company that pays an invoice to a sanctioned beneficiary violates EU law in exactly the same way as a bank that processes the same payment.

Q: How quickly must a company notify the GIIF after identifying a potential sanctions match?

A: Notification timelines differ by entity type. Obligated institutions under the Anti-Money Laundering Act – banks, payment institutions, and certain other financial entities – must notify the GIIF without delay, typically interpreted as within 24 hours. Other companies that identify a match involving a designated person are required to freeze the assets and notify competent authorities promptly. Delay in notification is itself a separate administrative offence, carrying penalties of up to PLN 1,000,000 for the company and personal liability for the management board. Document the timestamp of identification immediately.

Q: Is a clean result from an automated screening tool a complete defence against enforcement?

A: Not automatically. Regulators assess whether the screening tool was fit for purpose – whether it covered the correct lists, used adequate name-matching logic, and was connected to current list versions. A tool that checked an outdated list, used exact-match-only logic, or covered only one of several applicable lists will not constitute a defence if those deficiencies were known or should have been known. The company must document not only the result of each check but also the configuration of the tool at the time of the check. Periodic testing of tool accuracy is part of a defensible compliance record.

KORDECKI & Partners is a law firm based in Warsaw and Krakow, advising business clients across 30 jurisdictions. Our team combines expertise in Polish and international law with a practical approach to sanctions compliance, cross-border dispute resolution, and regulatory risk management. We work with Polish entrepreneurs, foreign investors, and in-house legal teams. To discuss your situation, contact info@kordeckipartners.com.