Polski
Deutsch
Türkçe
Français
Español
Suomi
Bokmål
KYC Legal Regulations
Legal regulations that require institutions to verify their customers
In Poland, KYC (Know Your Customer) and KYB (Know Your Business) processes are regulated by several key laws and legal acts that impose obligations related to anti-money laundering, counter-terrorism financing, and ensuring security in the financial sector and other industries. Here are the most important laws and regulations in this area:
Below are the laws and regulations that serve as strong motivators for banks and insurance companies to verify the identity of their clients.
KYC and KYB Laws in the EU and Poland
1. Anti-Money Laundering and Counter-Terrorism Financing Act (AML)
The European Union introduced its first anti-money laundering regulations in 1991 with the adoption of the so-called First AML Directive (Anti-Money Laundering Directive). Since then, the AML directive has been updated and expanded in response to evolving threats and methods of money laundering and terrorism financing.
Here are the key AML updates and directives in the EU:
1. First AML Directive (1991) – Established the basic principles for anti-money laundering.
2. Second AML Directive (2001) – Expanded the scope of regulations to include more institutions and activities.
3. Third AML Directive (2005) – Strengthened regulations by introducing customer identification measures (KYC) and transaction monitoring rules.
4. Fourth AML Directive (2015) – Harmonized regulations across the EU and strengthened risk assessment requirements.
5. Fifth AML Directive (2018) – Introduced more advanced identification measures and extended oversight to virtual currencies.
6. Sixth AML Directive (2021) – Added precise definitions of money laundering offenses and strengthened liability rules for financial crimes.
Currently, AML regulations in the EU primarily rely on the Fifth and Sixth AML Directives, which aim to enhance financial transparency and prevent money laundering and terrorism financing in the changing technological and financial environment.
The act specifies the obligations of obligated institutions, including banks, insurance companies, brokerage houses, and other financial institutions, in verifying client identities and monitoring suspicious transactions. It also mandates the application of appropriate financial security measures, including KYC and KYB, and the reporting of suspicious transactions to the General Inspector of Financial Information (GIIF).
2. Personal Data Protection Act
The General Data Protection Regulation (GDPR) was adopted by the European Union on April 27, 2016, and came into force on May 25, 2018, becoming binding law throughout the European Union.
GDPR regulates the protection of personal data of individuals and aims to unify data protection regulations across the EU, ensuring a higher level of privacy and data security.
GDPR requires institutions to ensure the security of client data, limit its processing to the necessary minimum, and obtain consent for data processing in cases where consent is required.
3. Banking Law
Full title: Act of August 29, 1997, Banking Law (Journal of Laws of 2021, item 2439, as amended).
The Banking Law requires banks to conduct detailed identity verification procedures for their clients, including the use of KYC procedures when opening bank accounts, granting loans, and performing other banking operations. This act also sets out procedures for handling suspected criminal activities by clients.
4. Criminal Code
Criminal Codes of individual EU Member States
For example, in Poland, the Act of June 6, 1997, Criminal Code (Journal of Laws of 2022, item 1138, as amended).
The Criminal Code includes provisions that penalize offenses related to money laundering and terrorism financing. It imposes penalties for actions aimed at money laundering, which, in conjunction with the AML Act, provides a legal basis for conducting and monitoring KYC processes.
5. Payment Services Act
The European equivalent of Poland's Act of August 19, 2011, on Payment Services is Directive (EU) 2015/2366 on payment services in the internal market, also known as PSD2 (Payment Services Directive 2). PSD2 was adopted by the European Union in 2015 and came into effect on January 13, 2018. The purpose of PSD2 is to increase innovation, competitiveness, and security in the payment services sector within the EU, as well as to provide better consumer protection.
Key elements of PSD2 include:
- Open Banking – allowing third parties access to clients' banking data (with their consent), promoting the development of new payment services.
- Strong Customer Authentication (SCA) – introducing the requirement for additional security measures during transaction authorization.
- New Rules for Payment Service Providers (TPP) – defining operational guidelines for new types of providers, such as Payment Initiation Service Providers (PIS) and Account Information Service Providers (AIS).
PSD2 largely harmonizes payment services regulations at the European level, and EU Member States, including Poland, have adjusted their national regulations, such as Poland's Payment Services Act, to align with PSD2 requirements.
Each country fulfills its legislative obligations, and in Poland, this is governed by the Act of August 19, 2011, on Payment Services (Journal of Laws of 2021, item 2439, as amended). This act regulates the activities of payment institutions and payment service providers in Poland. It specifies requirements for client identification and the application of financial security measures, including KYC principles.
6. Recommendations of the Financial Supervision Authority
The European counterpart to Poland’s Financial Supervision Authority (KNF) is the European Banking Authority (EBA). Established in 2011, EBA is one of three European supervisory authorities responsible for regulating and supervising the financial market in the European Union.
EBA cooperates with national supervisory authorities (such as KNF in Poland) to ensure uniform regulatory and supervisory standards in the banking sector across Europe. EBA’s responsibilities include setting guidelines on security standards, capital requirements regulations, and risk management principles.
In addition to EBA, the EU financial oversight structure also includes:
1. European Securities and Markets Authority (ESMA) – overseeing capital markets, securities, and investment fund management.
2. European Insurance and Occupational Pensions Authority (EIOPA) – responsible for the supervision of the insurance and pension markets.
These three authorities (EBA, ESMA, and EIOPA) form the European System of Financial Supervision (ESFS), which aims to ensure the stability and integrity of financial markets within the EU and to protect consumers.
KNF has issued numerous guidelines and recommendations regarding anti-money laundering (AML) and counter-terrorism financing (CTF) procedures, including the use of proper KYC and KYB practices. These recommendations impose an obligation for thorough identity verification and oversight of client activities, while also minimizing the risk of abuse in the financial sector.
Order a free KYC/KYB consultation for your company: roman.zurowski@contric.com
or
