Authors: Piotr Sołowij, Legal counsel in cooperation with Katarzyna Batko-Tołuć, Programme Director of Citizens Network Watchdog Poland
Anti-money laundering (hereinafter: AML) activities operate in Poland on the basis of EU regulations and the Act on Anti-Money Laundering and Countering the Financing of Terrorism of 1 March 2018, which implements the EU law into the national legal order.
The specialised authority for anti-money laundering and countering the financing of terrorism is the General Inspector of Financial Information (hereinafter: GIIF), which functions within a specially created unit in the Ministry of Finance.
The main state register in the AML area is the Central Register of Beneficial Ownership (hereinafter: CRBR). It collects information on beneficial owners such as name, any citizenship held, country of residence, PESEL (individual and unique number of a physical person functioning in Poland), information on the size and nature of the beneficial owner's share or entitlement. Data is provided to the register by so-called "obliged institutions", the exact catalogue of which is listed in the Act. This includes, among others, limited liability companies, trusts or NGOs.
The subject of AML in Poland is most relevant to the business field. This is evidenced by the training courses and conferences taking place, as well as the offer of various IT tools to facilitate AML processes. This is probably due to the fact that business entities have to provide information on beneficial owners to the CRBR and fulfil other AML obligations.
This topic became additionally important for business following the outbreak of full-scale Russian aggression against Ukraine. Due to the sanctions imposed on entities with Russian capital, the need for extended counterparty verification arose. A helpful tool in this regard may be the CRBR.
Business entities have also recently had to take into account the electoral calendar in Europe and Poland, as AML regulations impose additional obligations on them if they establish business relationships with politically exposed persons (PEPs).
As far as the use of publicly available tools provided by AML is concerned, in Poland, entities outside the business community make minimal use of them. In journalism, there is practically no material in which authors indicate that their findings resulted from the analysis of data available in the CRBR. In the case of NGOs, in the professional media, the topic is mainly present from the perspective of reporting obligations and the need for NGOs themselves to provide data to the CRBR. The Polish My State Foundation runs a service called Rejestr.io, which analyses data from the Polish National Court Register in a clear way and shows the links between different entities. However, there are no similar solutions aggregating data from the CRBR, even as regards selected approach, e.g. using it to business cooperation with Russia related companies[1]. The situation is similar for self-governments and local government units.
The main AML issues include problems with the practical determination of who is the de facto beneficial owner and access to data published in the CRBR. The latter issue is relevant in light of the CJEU judgment in Joined Cases C-37/20 and C-601/20, WM (C-37/20), Sovim SA (C-601/20) v Luxembourg Business Registers. However, no legislative changes have been made in Poland in view of the conclusions of the judgement regarding the need to limit general access to the CRBR.
Currently, the CRBR is public, free of charge and open to the public. Any interested person can check the information contained therein from a web browser. The need to change this unrestricted accessibility is raised in the context of the above-mentioned CJEU judgement, the latest AML Directive VI and the discussion on the occasion of the introduction of the institution of family foundations into the Polish legal order. The Polish AML Act equates a family foundation with a trust in terms of disclosure of the persons who are the beneficial owners. What is controversial is the scope of persons affected by this obligation. In the case of family foundations, the circle of persons whose data will be disclosed may include, for example, minor children or persons unrelated to the running of the foundation's affairs such as parents or grandparents of the founders. On the other hand, this may limitthe field of public scrutiny exercised by civil society organisations and investigative journalists, which, however, is not a potential currently exploited. It is probably due to lack of capacity, tools, expertise and interest. There is a little number of organisations dealing with the abuses in public and public-private spheres in Poland[1]. Some individual cases are exposed by the journalists if they concern persons and businesses interesting for the media[2]. Still, the texts are based on experts' opinions or provided almost as a clickbait. There have been no in-depth data analyses on family foundations.
Both Polish legislation and EU regulations aim to counter money laundering, i.e. the introduction of criminal assets into the economy in order to give them the appearance of legitimate origin.
At the same time, nowadays the phenomenon of money laundering is dangerous due to its international character and being subject to globalisation processes. In addition, it is linked to organised crime1 . Often this phenomenon is linked to other crimes such as participation in an organised criminal group, extortion, terrorism, human trafficking and smuggling of illegal migrants, illegal trafficking in drugs and psychotropic substances, sexual exploitation, illegal arms trafficking, corruption, environmental crimes, smuggling, tax crimes and cyber crimes2.
Among the effects of money laundering is the weakening of the functioning of financial institutions and, consequently, of the financial sector as a whole. This can affect less interest from foreign investors or reduce the confidence of citizens in financial institutions. At the same time, economists point out that this translates into a reduction in the productivity of the economy in general3.
The anti-money laundering and counter-terrorist financing legislation is designed to protect economic transactions and to enhance the safe operation of financial and non-financial markets, their reliability and transparency. An additional element is to ensure public security and counter terrorist attacks4.
At the same time, the legislation sets the institutional framework: it creates the relevant financial information authorities, imposes obligations on obliged institutions, creates tools to block and stop suspicious transactions, and allows for the imposition of administrative fines and criminal sanctions5.
The Basel AML Index6 can be used to compare AML arrangements in different countries.
(a) Polish legislation
- Act of 1 March 2018 on the prevention of money laundering and terrorist financing (i.e. Journal of Laws 2023, item 1124, as amended).
- Article 165a and Article 299 of the Act of 6 June 1997 - Penal Code (i.e. Journal of Laws of 2024, item 17, as amended);
- Professional secrecy provisions for the legal profession in relation to AML:
○ Article 3(6) of the Act of 6 July 1982 on legal advisers (i.e. Journal of Laws 2024, item 499),
○ Article 6(4) of the Law on Advocacy of 26 May 1982 (i.e. Journal of Laws of 2022, item 1184, as amended),
○ Article 18 § 4 of the Act of 14 February 1991 - Law on Notaries Public (i.e. Journal of Laws of 2022, item 1799, as amended).
(b) Union rules7
- AML Directive IV - Directive (EU) 2015/849 of the European Parliament and of the Council of 20 May 2015 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing.
- AML Directive V - Directive (EU) 2018/843 of the European Parliament and of the Council of 30 May 2018 amending Directive (EU) 2015/849 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing.
- AML Directive VI - Directive (EU) 2018/1673 of the European Parliament and of the Council of 23 October 2018 on combating money laundering by criminal law.
Among the key elements that the latest AML Directive VI introduces are:
- harmonisation of EU Member States' AML practices,
- extending the regulation of central registers of beneficial ownership by harmonising the concept of 'legal interest' that should exist in order to obtain data from the register (an important issue in the context of the CJEU judgement discussed later in the analysis)8 ,
- a cash payment limit of €10,000, with the exception of payments between private individuals in a non-professional context9 ,
- The creation and definition of the activities of the Anti-Money Laundering andCountering the Financing of Terrorism Authority (AMLA).
AMLA - Anti-Money Laundering and Countering the Financing of Terrorism Authority
A new European anti-money laundering and counter-terrorist financing authority is being established under the latest AML regulations. The AMLA will be based in Frankfurt and is expected to be operational by mid-2025.
The office will:
- directly supervise some of the EU's riskiest credit and financial institutions, including cryptocurrency service providers;
- support the non-financial sector;
- coordinate the FIUs in the Member States;
- impose monetary sanctions in the event of serious violations10 .
a) Inspector General for Financial Information
The specialised authority for anti-money laundering and countering the financing of terrorism is the Minister of Finance and the Chief Inspector of Financial Information (hereinafter: GIIF).
The GIIF is appointed and dismissed by the Prime Minister on the proposal of the Minister of Finance and after consultation with the Coordinator for the Activities of Special Services in the Council of Ministers. His or her term of office lasts six years and may last for a maximum of two terms. He or she performs his or her tasks at the Ministry of Finance within a specially designated unit.
The tasks of the Inspector General include taking action to prevent money laundering and the financing of terrorism, in particular:
1) analysing information on assets suspected by the Inspector General to be related to a money laundering or terrorist financing offence;
2) carrying out a procedure to stop a transaction or block an account;
3) requesting and sharing transaction information;
4) providing authorised authorities with information and documents substantiating suspicions that an offence has been committed;
5) exchange of information with cooperating bodies;
6) drawing up a national risk assessment of money laundering and terrorist financing and a strategy to counter these offences in cooperation with cooperating units and obliged institutions[1];
7) exercising control over compliance with anti-money laundering and counter-terrorist financing legislation;
8) to take decisions on inclusion in, or removal from, the list of persons and entities subject to specific restrictive measures referred to in Article 117 and to maintain that list;
9) cooperation with the competent authorities of other countries, as well as with foreign institutions and international organisations dealing with the prevention of money laundering or terrorist financing;
10) information exchange with foreign FIUs, including maintaining a contact point for this exchange;
11) imposing the administrative penalties referred to in the Act;
12) making knowledge and information on anti-money laundering and terrorist financing regulations available in the Public Information Bulletin on the website of the office serving the minister responsible for public finance;
13) processing of information in accordance with the procedure laid down by law;
14) initiating other activities to counter money laundering and terrorist financing11
The GIIF publishes annual reports on its activities12 . As one of its duties, it also produces a national risk assessment on money laundering and terrorist financing 13.
b) Central Register of Beneficiaries (CRBR)14
One of the key elements of the AML system is the Central Register of Beneficial Owners. It is used to collect and process information about the beneficial owners of entities identified in the AML Act.
The purpose of the register is to collect accurate and up-to-date data on beneficial owners. This makes it possible to disclose who is benefiting from an activity and reduces the possibility of hiding one's identity in ownership structures.
The register is public, free of charge and open to the public. Any interested person may, from the level of a web browser, check the information contained therein The CRBR functions under the Polish Anti-Money Laundering and Terrorist Financing Act and implements the provisions of AML Directive IV into the Polish legal order.
Article 58 of the AML/CFT Law identifies the entities obliged to report information on beneficial owners and update it. These include:
- general partnerships;
- limited partnerships;
- limited joint-stock partnerships;
- limited liability company;
- simple joint stock companies;
- joint-stock companies, with the exception of public companies within the meaning of the Act of 29 July 2005 on Public Offering, Conditions Governing the Introduction of Financial Instruments to Organised Trading and Public Companies (Journal of Laws of 2022, item 2554);
- trusts whose trustees or persons in equivalent positions: have their place of residence or seat in the territory of the Republic of Poland or enter into business relations or acquire real estate in the territory of the Republic of Poland in the name or on behalf of the trust;
- partnerships;
- European economic interest groupings;
- European companies;
- cooperatives;
- European cooperatives;
- associations subject to registration in the National Court Register;
- foundations.
Among the information that is reported to the CRBR, in accordance with Article 59 of the above law, are: name, any nationality held, country of residence, PESEL (individual and unique number of a physical person functioning in Poland), information on the size and nature of the shareholding or entitlement of the beneficial owner.
a) CJEU judgement in the context of Poland and access to CRBR
In November 2022, the judgement of the Court of Justice of the European Union in Joined Cases C-37/20 and C-601/20, WM (C-37/20), Sovim SA (C-601/20) v Luxembourg Business Registers15 was delivered.
At issue was the question of access to data in the registers of real beneficiaries kept by Member States. In the judgement, the CJEU ruled that the provision on public access to data from registers of beneficial owners was invalid because it conflicted with the Charter of Fundamental Rights regulations.
Some Member States such as Cyprus, Luxembourg and the Netherlands have introduced restrictions on access to the registers16. In Poland, no similar changes have been introduced so far.
The issue of unlimited access to data was raised by the Ombudsman in his address to the Minister of Finance. He also pointed out that comprehensive and systemic changes should be made to the regulations relating also to other open public registers where citizens' personal data is available17.
Doubts have also been raised about the circle of persons whose information is published in the CRBR in the context of the introduction of the institution of a family foundation in Poland18. This issue is discussed in more detail later in the analysis.
There is currently no information that legislative work is underway to implement the conclusions of the above judgement, but in the future, this may affect the availability of CRBR data19. Which may be problematic for representatives of civil society organisations (mainly watchdog) and investigative journalists20.
b) Definition of beneficial owners
According to the provisions of the Act, the beneficial owner can only be a natural person or persons. In the case of documented impossibility to determine the aforementioned person(s), the natural person holding a senior management position in the company (i.e. members of its board of directors) shall be indicated as the beneficial owner.
It is not uncommon for information about the beneficial owners of companies with international capital to be unavailable even to the board members themselves.
At the same time, the Act does not exclude entities that are controlled by companies listed on a foreign stock exchange in the catalogue of those obliged to identify and notify the beneficial owner to the CRBR. Accordingly, such companies should, with due diligence, take all possible steps to identify their beneficial owner
Under the Act, public companies are not obliged to report information on and update beneficial owners and therefore do not provide any data to the CRBR.
a) Anti-money laundering in business
Due to the obligations that AML legislation imposes on a very large number of entities, including those operating in the form of companies, AML issues constitute a large branch of legal advice and other services in this area.
This is evident both in the range of AML tools for analysing transactions, business relationships or beneficial owners and in the wide range of training offered to those working in this area.
Conferences on AML-related topics are also organised. Topics that have come up for discussion in recent years include:
● A large amount of new regulation (overregulation);
● Tools, programmes, IT solutions to support AML;
● Building effective processes to combat financial crime in organisations;
● Counterparty verification and international sanction lists;
● Use of AI and GenAI in AML21;
● Reporting and expectations from regulatory institutions.
b) Procurement from Russia22
With the start of Russia's full-scale aggression against Ukraine, various sanctioning solutions were introduced, including a ban on the award of public contracts to Russian companies. At the EU level, such a ban stemmed from Regulation 2022/576 amending Regulation 833/2014. In the domestic legal order, the basis for this was the Law on Special Solutions to Counter Supporting Aggression against Ukraine and to Protect National Security.
The exclusion of Russian companies and capital there requires the verification of contractors in this respect. Following the introduction of the legislation, doubts have arisen as to how this should be done. Should contracting entities themselves verify contractors and subcontractors in publicly available registers or demand documents from them.
In view of these concerns, it has been pointed out that one of the basic tools for carrying out such verification is the CRBR. However, in doing so, it should be borne in mind that in the case of more complex relationships of an international nature, the information contained in the CRBR may not be sufficient.
Adequate vetting of customers not only from Russia, but also from other countries, is an important business risk factor and should be given due consideration in ongoing business activities.23
The sanction list maintained by the Ministry of Internal Affairs and Administration is also a key resource in this area: https://www.gov.pl/web/mswia/lista-osob-i-podmiotow-objetych-sankcjami.
c) Politically exposed persons (PEPs)
Relevant institutions are obliged to determine whether a customer or beneficial owner is a politically exposed person. They have to implement risk-based procedures and may accept declarations from the aforementioned persons as to whether they hold such a position or not24. This has been important in recent months due to the electoral calendar in Europe25 and Poland26.
Entering into business relationships with such individuals is subject to additional challenges due to the fact that holding such positions is associated with an increased risk of money laundering due to the possibility of abusing one's position for personal gain, through acts such as corrupt practices, accepting bribes or misappropriating public funds27.
In the case of a business relationship with a politically exposed person, obliged institutions shall apply financial security measures to such persons and take the following measures:
1) obtain senior management approval to enter into or continue a business relationship with a politically exposed person;
2) apply appropriate measures to establish the source of the client's assets and the source of the assets at the client's disposal in the course of the business relationship or transaction;
3) intensify the application of the financial security measure concerning the ongoing monitoring of the customer's business relationship28 .
d) Journalism
In general, there is a lack of examples of media reports from Polish journalists that are based on data available from the CRBR and AML mechanisms. Perhaps such reports or analyses exist, but the authors do not indicate the methods for obtaining information. If investigative texts are produced that use the notion of 'beneficial owner' in any way, they are most often about the sanctions imposed on Russia and its agents after the full-scale aggression against Ukraine. We have not come across an investigative text that deals with the prevention of corruption.
The notion of 'beneficial owner' is referred to mainly by niche portals such as Frontstory.pl and KrytykaPolityczna.pl. They point to the difficulty of reaching the beneficial owners.
"The scheme is simple. Russian-linked companies set up subsidiaries around the world, often registering these entities in foreign tax havens or in countries with relatively little or no regulation. In order to obscure the picture, the subsidiaries multiply, issuing more companies, so that the smokescreen extends ever wider. The result is a giant structural matrioshka, except that the smaller, more deeply hidden 'dolls' often bear little resemblance to the parent company. Tracing the links between the ultimate beneficiary and the purchasing company is extremely difficult."29
Problems with the registry of real beneficiaries in the context of tracking links to Russia are also pointed out by the Czech organisation DataLab:
"The solution lies in the use of analytical tools employed by this study, as well as a push for better-functioning beneficial ownership registers."30
Only a text which is a translation and does not concern Poland has appeared on corruption - 'The great secrets of little Luxembourg' available on Frontstory.pl31.
e) Local governments32
Local government, i.e. local authorities, including municipal companies, are not the primary stakeholders in the AML system, but they also have a number of different responsibilities. The transparency of their functioning is also important for the transparency of the functioning of the state and against corruption.
Local governments, in addition to institutions such as the NBP, the FSA, the NIK, as well as government administration bodies, are among the so-called cooperating units under the AML/CFT Act of 1 March 2018.
This involves a number of different supervisory and reporting duties: supervision of associations and foundations, which are also obliged to provide information to the CRBR, providing the GIIF with information on annual control plans, reporting data, as well as on the use of recommendations published by the GIIF. This also requires properly trained staff in the offices.
In addition, important from the point of view of local government transparency is the obligation that, in the case of municipal companies, the real beneficiaries who are subject to notification to the CRBR are those who hold the position of mayors.
f) Family foundation 33
In May 2023, a new category of legal entities - family foundations - became operational. This solution is intended to enable intergenerational succession in family businesses by facilitating the transfer of the helm of the company after the death or retirement of the owner. It is intended to prevent problems related to the transfer of company ownership by inheritance, which has sometimes been cumbersome and which has hit the stability of the company.
The entry into force of the family foundation legislation was also linked to changes in the AML/CFT Act, which had to take into account the new entities in its regulations. The Act equates a family foundation with a trust in terms of the disclosure of the persons who are the beneficial owners. What is controversial is the scope of persons affected by this obligation. In the case of family foundations, the circle of persons whose data will be disclosed may include, for example, minor children or persons unrelated to the management of the foundation's affairs such as parents or grandparents of the founders.
This extent of disclosure and universal access to the CRBR also contradicts the CJEU judgement discussed elsewhere in the paper, which, however, has so far not been addressed by appropriate legislative changes.
The recommendations on legal changes in Poland concern implementation of amended Directive as this is when the changes are most probably going to happen.
In such a case we recommend to start the process of implementation in advance with public consultations to analyse different aspects of the directive’s goals. Knowing the Polish legal process we can expect strong lobbying of family foundations to be excluded from the register, which is not necessarily the best solution. It has been already signalled by journalists that this new legal entity can be used against its legal purpose. It may be therefore more relevant to change the law on family foundations than to change the beneficial owners provisions.
There is also a need to allow the registered access to the register for those who provide civil or media oversight so the solutions should be well overthought.
Finally, we recommend to Polish NGOs and journalists to look for data in the register and identify whether it meets their needs or not. Doing this before the amendments are designed can help in making a good law that fits their needs.
[1] The list is determined in the Art. 2, Section 1 of the Polish legislation (Act of 1 March 2018 on the prevention of money laundering and terrorist financing) and includes 26 points. There are different types of entrepreneurs there, NGOs in different forms, public trust professionals.
[1] Anti-Corruption Academy, Citizens Network Watchdog Poland, Institute for Public Affairs, Frank Bold Foundation and Stefan Batory Foundation or created by journalists - Reporters Foundation and running media - Oko Foundation.
[2] E.g. former president of Orlen S.A. - a publicly controlled company in the energy sector established a family foundation that attracted the interest of the media.
[1] There is such a tool in Czech Republic, where DatLab Institute z.s.prepared a database combining: 1) Orbis database of worldwide ownership ties by Bureau van Dijk, including data about company beneficiaries, managers, and other registry information, 2) Czech business registry; 3) Beneficiary owners registry; 4) EU, USA, and other sanctions lists; Navalny’s FBK lists and relevant person lists published by various bodies in Ukraine and 5) tender electronic daily (TED) registry of public procurement. https://datlab.eu/blog/public-tenders-worth-eu2-5-billion-awarded-to-companies-tied-to-russia-since-february-2022
The analysis has been developed under the framework of the project “Empowered Watchdog Community and Enhanced Transparency Standards for Government Accountability”, co-financed by the Governments of Czechia, Hungary, Poland, and Slovakiathrough Visegrad Grants from the International Visegrad Fund. It is also co-funded by the Ministry of ForeignAffairs of the Republic of Korea. The mission of the fund is to advance ideas for sustainable regional cooperation in Central Europe.
The content of the analysis is the responsibility of Citizens Network Watchdog Poland and the opinions expressed therein may not reflect the position of the International Visegrad Fund and the Ministry of Foreign Affairs of the Republic of Korea.