In connection with repeated cases of submitting to the General Inspector of Financial Information requests to initiate an investigation, complaints or complaints against the activities of obligated institutions, including banks, we would like to inform you that in accordance with
the Act of 1 March 2018 on counteracting money laundering and financing of terrorism (Journal of Laws of 2023, item 1124 as amended), hereinafter referred to as the Act, each obligated institution in the case of establishing business relations or carrying out an occasional transaction is obliged, under Art. 33.2 of the Act, identifying the risk of money laundering and financing of terrorism related to the established business relationship or occasional transaction and assessing it. Another obligation of obligated institutions is to apply all CDD measures stipulated in Art. 34.1 of the Act.    

In accordance with Art. 34.1 of the Act, CDD measures include:

identification of the customer and verification of his identity;

identifying the beneficial owner and taking reasonable steps to:

verification of his identity,

the determination of ownership and control, in the case of a client that is a legal person, an organisational unit without legal personality or a trust;

assessing the business relationship and, as appropriate, obtaining information on its purpose and intended nature;

ongoing monitoring of the client's business relationship, including:

an analysis of transactions carried out as part of a business relationship in order to ensure that those transactions are consistent with the obligated institution’s knowledge of the customer, the type and scope of its business and are consistent with the money laundering and terrorist financing risks associated with that customer,

examination of the source of the assets at the customer’s disposal, where justified by circumstances,

ensuring that the documents, data or information held concerning the business relationship are kept up to date.

Institutions are obliged to apply CDD measures to the extent and with an intensity that takes into account the identified risk of money laundering and financing of terrorism related to the business relationship or to an occasional transaction. The method of applying CDD measures should be specified in the internal procedure for combating money laundering and financing of terrorism in force in the obligated institution. In accordance with Art. 50.1 and 2 of the Act, obligated institutions introduce an internal procedure in the field of anti-money laundering and countering the financing of terrorism. This procedure determines, taking into account the nature, type and size of the business, the rules of conduct applied in the obligated institution and includes, in particular, the determination of:

actions or activities undertaken to mitigate the risk of money laundering and financing of  terrorism and to properly manage the identified risk of money laundering or financing of terrorism;

the measures taken to properly manage the identified money laundering or financing of terrorism risk associated with the relevant business relationship or occasional transaction;

rules for the application of CDD measures;

the rules for the performance of duties, including the provision of information on transactions and notifications to the General Inspector.

Each institution is obliged to fulfil its obligations in the field of anti-money laundering and countering the financing of terrorism. Collecting information about customers in order to apply CDD measures specified in the Act is one of the basic obligations of obligated institutions, necessary for the proper implementation of the provisions of the Act.

In accordance with Article 41 para. 1 of the Act, in a situation where the obligated institution cannot apply one of the CDD measures, does not establish business relations, does not carry out an occasional transaction, does not carry out transactions through a bank account, terminates business relations. In order to safeguard the possible interests of the obligated institution, e.g. in the event of a court dispute, it would also be beneficial to document the impossibility of applying a given CDD measure. This would make it easier for the obligated institution to prove that there has been no abuse on its part.

Obligated institutions, fulfilling the obligation specified in Art. 33.2 of the Act, are obliged to recognize the risk of money laundering and financing of terrorism related to business relations or occasional transaction and assess the level of identified risk. Risks shall be identified and assessed taking into account in particular:

the type of client;

the geographical area;

the purpose of the account;

the type of products, services and means of their distribution;

the level of assets deposited by the client or the value of transactions carried out;

the purpose, regularity or duration of the business relationship.

It should be emphasized that also the level of identified risk depends on what CDD measures will be applied by the obligated institution.

Obligated institutions apply CDD measures specified in the Act in the cases referred to in Article 35 of the Act. This applies, among others, to the situation of establishing business relations with the client. In accordance with Art. 33.4 obligated institutions apply CDD measures to the extent and with an intensity that takes into account the identified risk of money laundering and financing of terrorism related to economic relations or an occasional transaction and its assessment does not release any obligated institution from the obligation to apply CDD measures. In the case of establishing business relations with a client, the institution is obliged to apply all CDD measures specified in the Act, having only the possibility to change the intensity and scope of their application depending on the risk generated by a given client or occasional transaction.

The absolute obligation of each obligated institution, in the event of inability to apply one of the CDD measures referred to in Art. 34.1 of the Act, it is, among others, not to establish a business relationship with a client or to terminate existing relationships, as well as not to carry out transactions through a bank account and to consider whether the conditions set out in Art. 41.2 the law are met.

However, the abandonment of establishing of the business relationship or the decision to terminate the business relationship cannot be dictated solely by the fact that the entity belongs to a group of clients with an increased risk of money laundering and financing of terrorism (according to guidelines of the European Banking Authority (1)). Any decision concerning such a client should be based on an individual analysis. Obligated institutions may consider taking action to:

 

adjusting the level and intensity of monitoring in a manner commensurate with the money laundering and terrorist financing risk associated with the client,

offering only essential financial products and services that limit the possibility for users to abuse those products and services for financial crime purposes. Such essential products and services may also make it easier for institutions to identify unusual transactions or patterns of transactions, including unintended use of the product; however, it is important that any restrictions are proportionate and do not unreasonably or unnecessarily restrict customers’ access to financial products and services;

effective verification and documentation of identity in the case of a customer who is a natural person with a higher risk status.

In the opinion of the General Inspector of Financial Information, the Act gives obligated institutions the opportunity to choose the methods and ways of implementation of the obligations imposed by the Act. It is important that their implementation achieves the purpose of the Act, which is to counteract money laundering and financing of terrorism.

Only the obliged institutions are responsible for the proper implementation of the above mentioned obligations, including the effective management of money laundering and terrorist financing risks, as well as for making decisions regarding the level of assigned risk and, consequently, whether to establish or refuse to establish a business relationship with the client.

The General Inspector of Financial Information does not have statutory legitimacy to interfere
in the above decisions of obligated institutions, in particular, it cannot affect their change, but it has an impact and will react in the event of systemic problems in institutions obliged to assess the risk of clients, leading to the exclusion of entire categories of clients from business relationships.

The GIFI also has no influence on the business policy of obligated institutions and their relations with individual clients. The activities of obligated institutions in this respect are not subject to assessment and supervision by the General Inspector of Financial Information.

The task of the GIFI in this respect – as the body carrying out the checks – is, however, to assess the correct implementation of the obligations set out in the Act and the compliance of the activities of institutions obliged to comply with the provisions on anti-money laundering and countering the financing of terrorism.

The Polish Financial Supervision Authority has been consulted on the content of this communication.

 

1. 1. https://www.eba.europa.eu/eba-issues-guidelines-challenge-unwarranted-de-risking-and-safeguard-access-financial-services. Guidelines under Articles 17 and 18(4) of Directive (EU) 2015/849 on customer due diligence measures and the factors credit and financial institutions should consider when assessing the money laundering and terrorist financing risk associated with individual business relationships and occasional