Poland

**GIIF (Ministry of Finance page regarding Virtual Currencies - in Polish):** https://www.gov.pl/web/finanse/dzialalnosc-w-zakresie-walut-wirtualnych (This page provides information on the register and requirements).

**Virtual currency exchange service:** This includes exchanging virtual currencies for fiat currencies and vice-versa, as well as exchanging one virtual currency for another. This category explicitly covers **exchanges**.

**Virtual currency safekeeping wallet service:** This refers to the provision of services for safeguarding private cryptographic keys on behalf of clients, to hold, store, and transfer virtual currencies. This explicitly covers **custody providers**.

**Fiat-to-fiat payment processing related to crypto transactions:** If a payment processor only handles traditional fiat currency payments (e.g., processing credit card payments for a crypto exchange) without ever touching the virtual assets themselves, they would typically fall under the traditional Payment Services Act (Ustawa o usługach płatniczych) and potentially require a license from the Polish Financial Supervision Authority (KNF) as a payment institution or small payment institution.

**Current (Registration):** Poland operates a **registration regime** for VASPs under its AML Act. This means entities must register their activities with GIIF and comply with AML/CTF obligations. It is not a full "licensing" regime in the sense of prudential supervision (e.g., capital adequacy, operational risk, consumer protection oversight by KNF) like banks or investment firms currently face. The focus is purely on preventing money laundering and terrorist financing.

**Future (MiCA - Licensing):** The EU's **Markets in Crypto-Assets Regulation (MiCA)** will introduce a comprehensive **licensing regime** for a broader range of crypto-asset services across the EU. MiCA will come into full effect in **December 2024** for most provisions. Once MiCA is fully applicable, entities providing crypto-asset services (CASPs) as defined under MiCA will need to obtain a license from a national competent authority (in Poland, likely KNF) and will be subject to more extensive prudential, organisational, and consumer protection requirements, including capital requirements.

**Legal Entity / Local Presence:**

The applicant must be a **Polish legal entity** (e.g., Spółka z ograniczoną odpowiedzialnością - limited liability company, or Spółka akcyjna - joint-stock company).

The management board members (or individuals managing the business) and beneficial owners must meet "fit and proper" criteria.

At least one individual from the management board of the Polish legal entity must have their **residence in Poland** or possess a Polish citizenship.

**Internal AML/CTF Procedures:** Develop and implement robust internal anti-money laundering and counter-terrorist financing procedures, including a risk assessment specific to the business and its clients.

**AML Officer:** Appoint a designated individual responsible for AML/CTF compliance (AML Officer or Compliance Officer).

**Customer Due Diligence (CDD):** Implement procedures for identifying and verifying the identity of clients, including beneficial owners, and understanding the purpose and nature of business relationships. This involves collecting identity documents, verifying data, and screening against sanctions lists.

**Ongoing Monitoring:** Conduct ongoing monitoring of client relationships and transactions to detect suspicious activities.

**Transaction Monitoring:** Implement systems to monitor transactions for unusual patterns or thresholds.

**Reporting:** Report suspicious transactions and activities to GIIF.

**Record-keeping:** Maintain records of client identification data and transactions for at least 5 years.

**Training:** Provide regular AML/CTF training for relevant employees.

Under the current Polish AML Act, there are **NO specific minimum capital requirements** solely for VASP registration. This is a significant difference from traditional financial licenses.

*Future MiCA Impact:* MiCA *will* introduce capital requirements for Crypto-Asset Service Providers (CASPs), ranging from €50,000 to €150,000 depending on the type of services provided.

**Fit & Proper Criteria (Management/Owners):**

Individuals intending to perform activities in the field of virtual currencies, as well as members of the management board and beneficial owners, must:

Have no criminal record for intentional financial crimes (e.g., money laundering, terrorist financing, fraud, tax offenses).

Not have been subject to a final decision declaring bankruptcy or being declared bankrupt.

Demonstrate sufficient knowledge and experience relevant to the virtual asset services (though this is less formally defined than for KNF licenses).

Establish a Polish legal entity (e.g., Sp. z o.o.).

Draft comprehensive internal AML/CTF procedures and policies.

Identify and appoint an AML Officer.

Gather documentation for management and beneficial owners (e.g., criminal record certificates, declarations).

Applications are submitted electronically through a dedicated online portal maintained by the Ministry of Finance / GIIF.

The application requires providing details about the company, its services, management, beneficial owners, and attaching the required documents.

Company registration documents (KRS extract).

Declarations regarding the fulfilment of "fit and proper" criteria by management board members and beneficial owners.

Criminal record certificates for relevant individuals (e.g., from the National Criminal Register - Krajowy Rejestr Karny).

Proof of Polish residence/citizenship for the required management board member.

GIIF reviews the application for completeness and compliance with legal requirements.

GIIF may request additional information or clarifications.

If approved, the entity is entered into the register of virtual currency activities.

**Timeline:** The statutory processing time for registration is generally not explicitly defined as a fixed period for the entire process, but GIIF has deadlines to notify applicants of deficiencies. The actual process can take several weeks to a few months, depending on the quality of the application and GIIF's workload.

**Fees:** There is typically an administrative fee for the registration itself, which is relatively low (e.g., PLN 616 as of late 2023). The main costs are associated with legal and compliance consultancy services for preparing the application and AML documentation.

**Entry into force:** Rules related to stablecoins (asset-referenced tokens and e-money tokens) will apply from **30 June 2024**. The remaining provisions (e.g., for other crypto-assets and CASPs) will apply from **30 December 2024**.

**Scope:** MiCA will cover a broader range of crypto-assets and services than the current AML Act.

**Licensing Authority:** In Poland, the Polish Financial Supervision Authority (KNF) is expected to be the competent authority for MiCA licenses.

Detailed organizational and governance requirements.

Rules on investor protection, market abuse, and transparency.

**Transition Period:** MiCA includes transition periods. Entities already providing crypto-asset services in accordance with national law (like those registered under the Polish AML Act) may be able to continue their activities until **1 July 2026**, or until they are granted or refused a MiCA license, provided they notify the KNF of their intention to apply.

**General Inspector of Financial Information (GIIF - Generalny Inspektor Informacji Finansowej):** This is Poland's Financial Intelligence Unit (FIU). GIIF receives suspicious activity reports (STRs) from obliged institutions, including VASPs, and is responsible for implementing asset freezes based on sanctions lists.

**Polish Financial Supervision Authority (KNF - Komisja Nadzoru Finansowego):** KNF is responsible for licensing and supervising VASPs in Poland and ensuring their compliance with AML/CFT and sanctions regulations. KNF can impose administrative penalties for non-compliance.

Example search result (may vary by specific amendment date): https://isap.sejm.gov.pl/isap.nsf/DocDetails.xsp?id=WDU20180000072 (Original Act) and subsequent amendments like 2022 item 1801.

**Requirement:** Entities providing services related to virtual currencies, including "holding virtual currencies, including offering services to their users that consist of maintaining virtual currency instruments or access keys on their behalf," are considered Virtual Asset Service Providers (VASPs). These entities are obliged to register in the **Register of Activities in the Field of Virtual Currencies (Rejestr Działalności w Zakresie Walut Wirtualnych)**.

The applying entity must be a legal person, an organizational unit without legal personality, or a natural person conducting business activity.

Individuals involved in management or ownership must not have been convicted of specific financial crimes or money laundering offenses.

Proof of knowledge and experience in the field of virtual currencies (e.g., certificate of completion of training, professional experience) is required.

**Regulatory Body:** The register is maintained by the **Minister of Finance**.

**Purpose:** This registration primarily serves AML/CFT purposes, ensuring that service providers implement appropriate customer due diligence (KYC), transaction monitoring, and suspicious activity reporting measures. It is not a comprehensive prudential license.

**Ustawa z dnia 1 marca 2018 r. o przeciwdziałaniu praniu pieniędzy oraz finansowaniu terroryzmu (Act on Counteracting Money Laundering and Financing of Terrorism):**

**URL (Polish AML Act on ISAP – Official Legislative System):** https://isap.sejm.gov.pl/isap.nsf/DocDetails.xsp?id=WDU20180000723

**Information on the Register (Ministry of Finance, Polish):** https://www.gov.pl/web/finanse/dzialalnosc-w-zakresie-walut-wirtualnych

**Current Status:** The current Polish AML Act *does not explicitly mandate specific rules for the segregation of client assets* for virtual currency custodians. While good practice and general commercial law principles might suggest segregation, there is no direct regulatory requirement specific to crypto custody in the current AML framework.

**Current Status:** There is *no specific definition of a "qualified custodian"* for virtual assets within current Polish law. The AML Act focuses on identifying and registering VASPs for AML/CFT purposes, not on their operational qualifications or prudential standards as custodians.

Titles III and IV (relating to asset-referenced tokens and e-money tokens) apply from **30 June 2024**.

Titles II, V-XII (covering other crypto-assets and crypto-asset service providers, including custody) apply from **30 December 2024**.

**Requirement:** Under MiCA, entities wishing to provide custody and administration of crypto-assets will need to obtain an **authorization** from their competent national authority (likely the Polish Financial Supervision Authority – KNF). This authorization will be passportable across the EU.

**Conditions for Authorization:** CASPs will need to meet stringent organizational, operational, and prudential requirements, including:

Having a minimum initial capital (Article 60).

Maintaining sound administrative and accounting procedures.

Having robust IT systems and security protocols.

Suitability of management and shareholders.

**Regulatory Body:** The KNF will be the primary national competent authority for MiCA in Poland.

**Requirement:** MiCA explicitly mandates the segregation of client crypto-assets and funds. Article 67 specifies that CASPs providing custody services must:

Enter into an agreement with clients for the custody of crypto-assets.

Keep records and accounts that enable them to immediately distinguish crypto-assets held on behalf of clients from their own crypto-assets.

Ensure that client crypto-assets and funds are not used for their own account.

Not encumber client crypto-assets or funds without explicit prior consent.

**Requirement:** MiCA imposes **initial capital requirements** (Article 60) for CASPs providing custody services. Additionally, Article 67(4) requires CASPs providing custody to maintain a **professional indemnity insurance policy** or hold **own funds equivalent to the professional indemnity insurance**, covering the risks of liability for negligence or professional errors.

**Status:** MiCA requires CASPs to have robust IT systems, security protocols, and procedures (Article 66(2)(c)), but it *does not explicitly mandate* the use of cold storage. It focuses on the outcomes of secure safeguarding, allowing flexibility in the technical implementation (hot, warm, cold, multi-sig, etc.), provided the overall security framework is sound and risk-managed.

**Status:** MiCA effectively establishes a framework for "qualified" custodians by requiring **authorization** and compliance with detailed **prudential and operational standards**. Any CASP authorized under MiCA to provide custody services will meet the regulatory definition of a qualified provider within the EU.

**Regulation (EU) 2023/1114 of the European Parliament and of the Council of 31 May 2023 on markets in crypto-assets, and amending Regulations (EU) No 1093/2010 and (EU) No 1095/2010 and Directives 2013/36/EU and (EU) 2019/1937 (MiCA Regulation)** – specifically, Article 3(1)(10) (definition of crypto-asset services), Article 3(1)(15) (definition of custody and administration of crypto-assets), Chapter 2 (Authorization of CASPs), and Article 67 (Specific obligations for CASPs providing custody and administration of crypto-assets).

**Titles III (e-money tokens) and IV (asset-referenced tokens)**, which specifically concern stablecoins, apply from **30 June 2024**.

The remainder of the MiCA Regulation applies from **30 December 2024**.

**Definition:** Crypto-assets that purport to maintain a stable value by referencing the value of **a single fiat currency**.

**Classification:** These are essentially a form of e-money issued on a DLT. They are regulated almost identically to traditional e-money.

**Legislation:** **Regulation (EU) 2023/1114 of the European Parliament and of the Council of 31 May 2023 on markets in crypto-assets, and amending Regulations (EU) No 1093/2010 and (EU) No 1095/2010 and Directives 2013/36/EU and (EU) 2019/1937 (MiCA)** – specifically **Title III, Articles 43-57**.

**Definition:** Crypto-assets that are not e-money tokens and purport to maintain a stable value by referencing any other value or right, or combination thereof, including one or several fiat currencies, one or several commodities, one or several crypto-assets, or a combination of such assets.

**Classification:** These are distinct from e-money and have their own specific set of rules.

**Legislation:** **MiCA** – specifically **Title IV, Articles 15-42**.

If a stablecoin does not fall under EMT or ART (e.g., if it's purely algorithmic and fails to maintain stability, or if it confers rights akin to traditional financial instruments), it might fall under other classifications.

**Payment Tokens:** MiCA also generally covers crypto-assets other than ARTs and EMTs, but these typically don't aim for stability.

**Securities:** If a crypto-asset qualifies as a financial instrument under MiFID II (Directive 2014/65/EU), then it would be regulated under existing securities laws, not MiCA. However, MiCA explicitly states it does not apply to crypto-assets that qualify as financial instruments.

**1:1 Backing:** EMTs must be backed at all times by highly liquid and safe assets, denominated in the same currency as the EMT, at a 1:1 ratio.

**Segregation & Custody:** The reserve assets must be segregated from the issuer's own assets and independently managed. They must be held in a credit institution or custodian.

**Investment Policy:** Issuers must invest reserve assets only in highly liquid financial instruments with minimal market risk, and in a manner that ensures they can meet redemptions at any time.

**Reserve Assets:** Issuers must maintain a reserve of assets that is at all times equal to or greater than the value of the ARTs in circulation.

**Composition:** The reserve assets must be held in assets with a low market, concentration, and credit risk. The composition of the reserve must reflect the assets referenced by the ART.

**Segregation & Custody:** Similar to EMTs, reserve assets must be segregated from the issuer's own assets, held in custody by a third party, and subject to regular audits.

**Investment Policy:** Reserve assets must be invested safely and prudently, in highly liquid financial instruments with minimal market risk.

**Authorized Entities:** Only credit institutions (banks) or e-money institutions authorized under the E-money Directive (Directive 2009/110/EC) can issue EMTs.

**Authorization Process:** Existing authorized e-money institutions or credit institutions automatically qualify to issue EMTs but must notify their competent authority (KNF in Poland) and comply with specific MiCA requirements. New entrants must obtain relevant licenses.

**Authorization Requirement:** Issuers of ARTs must be legal entities authorized by their competent authority (KNF in Poland) to offer ARTs to the public or seek their admission to trading.

**Application Process:** A comprehensive application must be submitted to the KNF, including a detailed white paper, governance arrangements, operational risk management framework, and a recovery plan.

**Fit and Proper:** Management and significant shareholders must be "fit and proper."

Holders of EMTs have the right to redeem them at any time, at par value, and on demand, against the issuer, for the fiat currency that the EMT references.

Holders of ARTs have a direct claim on the issuer and the reserve assets. Issuers must establish clear and detailed redemption policies, allowing holders to redeem their ARTs for the underlying assets or their fiat value.

**Implicit Restrictions:** While MiCA doesn't explicitly ban "algorithmic stablecoins," its strict requirements for reserve backing for both EMTs and ARTs mean that any stablecoin that purports to maintain a stable value purely through an algorithm (without sufficient liquid, segregated, and independently custodied reserve assets) would generally not be able to comply.

**Failure to Stabilize:** If an algorithmic stablecoin fails to maintain its peg and value, it would likely not qualify as an ART or EMT under MiCA, and thus would not benefit from its regulatory clarity, leaving it in a more uncertain legal status or potentially subject to other regulations if it exhibited characteristics of a security.

**Legislation:** The requirements in MiCA for reserve assets for ARTs (Article 35) and EMTs (Article 46) are the key provisions that make purely algorithmic stablecoins unfeasible under the regulation.

**NBP's Stance:** The National Bank of Poland (NBP) has been actively monitoring and analyzing central bank digital currencies (CBDCs). As of late 2023/early 2024, the NBP is in an exploratory phase regarding a potential digital zloty (PLN CBDC). No decision has been made to issue a CBDC, nor is there a defined timeline for its introduction.

**NBP Research:** The NBP publishes analyses and reports on digital currencies.

**URL (NBP's page on digital currency - Polish):** https://www.nbp.pl/home.aspx?f=/systemplatniczy/cyfrowa-waluta.html

**Distinct Nature:** A CBDC would be a direct liability of the NBP (the central bank), representing sovereign money in digital form. Stablecoins are private sector liabilities, backed by private reserves.

**Potential Impact:** The introduction of a robust PLN CBDC could potentially reduce the demand for private PLN-backed stablecoins (EMTs) by offering a risk-free, central bank-backed digital alternative for payments and settlements. It could also provide a trusted settlement asset for financial markets, potentially impacting the utility of ARTs.

**Complementary vs. Competitive:** Depending on design, a CBDC could either complement stablecoins (e.g., providing a base layer for their settlement) or compete directly with them, particularly in areas like retail payments.

**Anti-Money Laundering (AML) and Counter-Terrorist Financing (CFT):**

**Act of 1 March 2018 on Counteracting Money Laundering and Terrorist Financing (Ustawa o przeciwdziałaniu praniu pieniędzy oraz finansowaniu terroryzmu):** This Polish law implements EU AML directives.

**Scope:** Entities providing services related to virtual assets (including stablecoins and other crypto-assets, such as exchanges, custodians, and certain platforms) are classified as "obliged institutions" (instytucje obowiązane). They must comply with AML/CFT requirements, including customer due diligence (CDD), transaction monitoring, and reporting suspicious activities to the General Inspector of Financial Information (GIIF).

**Virtual Asset Service Providers (VASPs) Register:** Poland maintains a mandatory register of virtual asset service providers, overseen by the Director of the Tax Administration Chamber in Katowice (on behalf of the Minister of Finance). Entities operating in Poland providing VASP services must be registered.

**URL (Polish AML Act - consolidated text on ISAP):** https://isap.sejm.gov.pl/isap.nsf/DocDetails.xsp?id=WDU20180000723

**URL (VASP Register info - Polish):** https://www.gov.pl/web/kas/rejestr-dzialalnosci-w-zakresie-walut-wirtualnych

The KNF (Komisja Nadzoru Finansowego) is the competent authority in Poland responsible for supervising financial markets. Under MiCA, the KNF will be the primary authority for authorizing and supervising stablecoin issuers and other crypto-asset service providers.

The KNF has historically issued warnings and communications regarding the risks of investing in crypto-assets, including stablecoins, emphasizing their speculative nature and lack of regulatory protection prior to MiCA.

**URL (KNF official website):** https://www.knf.gov.pl/

**Current Status (Partial, AML-Focused):** Poland, like other EU member states, primarily regulates virtual assets through its Anti-Money Laundering (AML) and Counter-Terrorist Financing (CFT) legislation. This means the focus is on identifying and reporting suspicious transactions, preventing illicit finance, and ensuring transparency of Virtual Asset Service Providers (VASPs). There's less regulation currently regarding consumer protection, market integrity, or the issuance of crypto-assets (unless they fall under existing financial instruments law).

**Future Status (Comprehensive with MiCA):** With the EU's MiCA regulation coming into full effect by early 2025, Poland will adopt a comprehensive framework covering market integrity, consumer protection, operational resilience for crypto-asset service providers (CASPs), and specific rules for different types of crypto-assets (e.g., asset-referenced tokens, e-money tokens).

**Komisja Nadzoru Finansowego (KNF) / Polish Financial Supervision Authority:**

**Role:** The primary financial market regulator in Poland. KNF is responsible for the supervision of VASPs registered under the AML Act, ensuring they comply with anti-money laundering and counter-terrorist financing obligations. They will also be the primary national competent authority for enforcing the MiCA regulation in Poland.

**Ministerstwo Finansów (MF) / Ministry of Finance:**

**Role:** Responsible for maintaining the Register of Virtual Asset Service Providers (Rejestr Działalności w Zakresie Walut Wirtualnych). It also formulates tax policy regarding virtual assets and contributes to AML/CFT policy.

**Generalny Inspektor Informacji Finansowej (GIIF) / General Inspector of Financial Information:**

**Role:** The Polish Financial Intelligence Unit (FIU), responsible for receiving, analyzing, and disseminating information on suspicious financial transactions to combat money laundering and terrorist financing. VASPs are obliged to report suspicious activities to GIIF.

**Date:** March 1, 2018 (with subsequent amendments, particularly those implementing EU AMLD5).

**Key Provisions:** This is the cornerstone of current crypto regulation. It defines "virtual currencies" (waluty wirtualne) and "virtual asset service providers" (VASPs). It mandates that entities providing services related to virtual assets must register with the Ministry of Finance. These services include:

Exchange between virtual currencies and fiat currencies.

Intermediation in the exchange referred to above.

Maintenance of accounts of virtual currencies (custodian wallets).

Registered VASPs are subject to strict AML/KYC (Know Your Customer) obligations, including customer due diligence, transaction monitoring, and reporting suspicious activities to GIIF.

**Rozporządzenie Parlamentu Europejskiego i Rady (UE) 2023/1114 z dnia 31 maja 2023 r. w sprawie rynków kryptoaktywów (Regulation (EU) 2023/1114 of the European Parliament and of the Council of 31 May 2023 on markets in crypto-assets, and amending Regulations (EU) No 1093/2010 and (EU) No 1095/2010 and Directives 2013/36/EU and (EU) 2019/1937) - MiCA Regulation:**

**Date:** Adopted May 31, 2023. Phased implementation: rules for asset-referenced tokens (ARTs) and e-money tokens (EMTs) apply from **June 30, 2024**, and rules for other crypto-assets and CASPs apply from **December 30, 2024**.

**Key Provisions:** As a directly applicable EU regulation, MiCA will significantly expand and harmonize the regulatory landscape for crypto-assets across the EU, including Poland. It will:

Provide legal clarity for crypto-assets not already covered by existing financial services legislation.

Impose authorization requirements for CASPs (Crypto-Asset Service Providers) and issuers of certain crypto-assets.

Establish rules on issuance, public offers, and admission to trading of crypto-assets.

Set out specific requirements for stablecoins (ARTs and EMTs).

Include consumer protection rules, market abuse prevention, and operational requirements for CASPs.

**Reference (Official Journal of the EU - English):** https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32023R1114

**Crypto Trading:** Trading virtual assets by individuals and entities is **legal** in Poland. There are no direct prohibitions on buying, selling, or holding cryptocurrencies.

**Crypto Exchanges and other VASPs:** Operating a crypto exchange or other Virtual Asset Service Provider (VASP) is **legal, but highly regulated.**

**Mandatory Registration:** Any entity offering VASP services (as defined in the AML Act) must be registered in the **Register of Activities in the Scope of Virtual Currencies** maintained by the Minister of Finance.

**Supervision:** Registered VASPs are supervised by the KNF for compliance with AML/CFT regulations.

**Strict AML/KYC:** Exchanges and other VASPs must implement robust AML/KYC procedures, including identity verification for customers, transaction monitoring, and reporting suspicious activities to GIIF.

**Penalties:** Operating as an unregistered VASP is illegal and subject to administrative penalties, including significant fines.

**MiCA Impact:** Once MiCA is fully applicable, existing VASPs will need to comply with the new requirements and obtain specific authorizations as Crypto-Asset Service Providers (CASPs) from the KNF to continue operations, expanding beyond just AML compliance to broader market conduct and consumer protection rules.

**Legislation:** The primary legislation is the **Ustawa z dnia 1 marca 2018 r. o przeciwdziałaniu praniu pieniędzy oraz finansowaniu terroryzmu** (Act of March 1, 2018, on counteracting money laundering and terrorist financing).

This Act was significantly amended to transpose AMLD5, which notably brought Virtual Asset Service Providers (VASPs) under its scope.

**URL (consolidated text):** https://isap.sejm.gov.pl/isap.nsf/DocDetails.xsp?id=WDU20180000723 (This is the Polish Parliament's legal information system, usually the most reliable for consolidated acts).

**Effective Date:** The key amendments that incorporated virtual asset service providers (VASPs) as "obliged institutions" (instytucje obowiązane) under the AML Act became effective on **March 31, 2020**. This is when the FATF Travel Rule requirements, through the lens of EU AML directives, became legally binding for Polish VASPs.

**For transfers between obliged institutions (VASPs) within the EU/EEA:** Full originator and beneficiary information must be collected and transmitted, regardless of the amount.

**For transfers originating or ending outside the EU/EEA:**

For transfers **up to EUR 1,000**, only basic originator (name, account number/unique transaction identifier) and beneficiary (name, account number/unique transaction identifier) information is required.

For transfers **over EUR 1,000**, full originator (name, address, official personal document number, customer identification number, date and place of birth, or national ID number) and beneficiary (name, account number/unique transaction identifier) information is required.

**Exchange services between virtual currencies and fiat currencies.**

**Exchange services between one or more forms of virtual currencies.**

**Intermediation in the exchange services** mentioned above.

**Maintenance of virtual currency accounts (custodian wallet providers).** This includes keeping of virtual currencies and providing instruments enabling their access.

Have **internal procedures and IT systems** in place to collect, verify, store, and transmit the required originator and beneficiary information securely and accurately.

Ensure the **integrity and confidentiality** of the data.

Be able to **respond to requests for information** from the General Inspector of Financial Information (GIIF – Generalny Inspektor Informacji Finansowej), which is Poland's Financial Intelligence Unit (FIU), and other competent authorities.

Comply with data retention requirements (typically 5 years after the end of the customer relationship or transaction).

**Financial penalties:** Up to PLN 5,000,000 (approx. EUR 1,150,000) or up to double the amount of the benefit gained from the infringement, if this amount can be determined.

**Prohibition on performing duties** for individuals responsible for the infringement.

**Public statement** regarding the infringement.

**Temporary or permanent withdrawal of the license or permit** to operate.

**Withdrawal from the register of activities in the scope of virtual currencies.**

**Financial penalties:** Up to PLN 1,000,000 (approx. EUR 230,000).

**Legal Basis:** Article 29 of the Treaty on European Union (TEU) and Article 215 of the Treaty on the Functioning of the European Union (TFEU).

**Key Principles:** EU sanctions typically involve:

**Asset freezes:** Prohibiting the making available of funds and economic resources (including virtual assets) to designated persons, entities, or bodies.

**Travel bans:** For designated individuals.

**Trade restrictions:** On certain goods and technologies (e.g., dual-use items, arms embargoes), and increasingly, services.

**Financial restrictions:** Prohibitions on investment, lending, or providing financial services to specific entities or sectors.

**Virtual Assets:** EU sanctions explicitly cover virtual assets within the definition of "funds" or "economic resources." For example, the EU's restrictive measures against Russia, Belarus, and other regimes have been updated to explicitly include crypto-assets within the scope of asset freezes and other financial restrictions.

**Example:** Council Regulation (EU) 2022/328 (and subsequent amendments) concerning restrictive measures in view of Russia's actions destabilising the situation in Ukraine explicitly includes "crypto-assets" in the definition of "transferable securities" and "funds," thereby subjecting them to the asset freeze and other financial restrictions.

VASPs in Poland are legally obligated to screen all their customers, beneficial owners, and, in certain circumstances, counterparties and transactions, against the EU Consolidated List of persons, groups, and entities subject to EU financial sanctions.

This screening must be conducted proactively during customer onboarding (Customer Due Diligence - CDD), periodically throughout the customer relationship, and dynamically for transactions.

Any match or potential match requires immediate freezing of assets (including crypto) and reporting to the General Inspector of Financial Information (GIIF - Generalny Inspektor Informacji Finansowej).

EU sanctions impose restrictions on conducting business with entities or individuals in, or acting on behalf of, sanctioned countries or regions (e.g., Russia, Belarus, Iran, North Korea, Syria, certain regions of Ukraine).

VASPs must implement controls to prevent services from being used to circumvent these geographic restrictions, including IP blocking, address analysis, and source of funds checks.

Non-compliance with EU sanctions in Poland is subject to penalties outlined in Polish national law. The primary legal act is the **Ustawa z dnia 1 marca 2018 r. o przeciwdziałaniu praniu pieniędzy oraz finansowaniu terroryzmu (AML Act)**.

Administrative penalties can include significant fines (up to PLN 5 million for legal entities, or up to 10% of annual turnover, or twice the amount of benefit derived from the violation).

Criminal penalties (imprisonment) can apply to individuals who intentionally violate sanctions or facilitate money laundering/terrorism financing.

**Treaty on European Union (TEU):** https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A12012M%2FTXT

**Treaty on the Functioning of the European Union (TFEU):** https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A12012E%2FTXT

**EU Sanctions Map (Consolidated List Search):** https://www.sanctionsmap.eu/#/main

**Council Regulation (EU) 2022/328 (Russia Sanctions example):** https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32022R0328 (and subsequent amendments)

**Legal Basis:** UN Security Council Resolutions, implemented via EU Regulations.

**Sanctioned Entity Screening Obligations:** VASPs must screen against the UN Security Council Consolidated List, which is typically incorporated into the EU Consolidated List.

**Geographic Restrictions:** UN sanctions often target specific countries (e.g., North Korea, Iran, Sudan) and are reflected in EU regulations.

**Penalties for Violations:** As above, governed by Polish AML Act.

**UN Security Council Consolidated List:** https://www.un.org/securitycouncil/sanctions/information

**Secondary Sanctions:** Certain OFAC sanctions programs include secondary sanctions that can target non-US persons for engaging in specific activities with sanctioned entities, even if those non-US persons are not directly subject to US jurisdiction.

**US Dollar Transactions:** Any transaction involving the US financial system or US dollar clearing can fall under OFAC's jurisdiction, regardless of where the entities are located. Given the prevalence of USD in crypto markets, this is a major risk.

**Global Best Practice:** Due to the global interconnectedness of financial systems and the potential for reputational damage and correspondent banking de-risking, many non-US financial institutions and VASPs screen against OFAC lists (especially the SDN List) as a best practice, even without a direct US nexus.

**Sanctioned Entity Screening Obligations:** While not directly mandated by Polish law for non-US persons without a US nexus, best practice for VASPs in Poland includes screening against the OFAC Specially Designated Nationals (SDN) and Blocked Persons List, as well as other relevant OFAC lists.

**Geographic Restrictions:** OFAC maintains extensive sanctions programs against countries like Iran, North Korea, Cuba, Syria, and others. VASPs that conduct business with these jurisdictions or individuals associated with them risk secondary sanctions.

**OFAC Sanctions Programs and Country Information:** https://home.treasury.gov/policy-issues/financial-sanctions/sanctions-programs-and-country-information