AML Standards manual for cryptocurrency business in Poland

New Polish AML Act (the Polish Act of 1st March 2018 on counteracting money laundering and financing terrorism (Polish Journal of Laws 2018, item. 723) implemented important amendments in anti-money laundry obligations for companies in Poland which render cryptocurrency exchange services. New Polish AML Act fully corresponds with 4th and 5th EU AML Directives.

First of all, Polish AML Act is one of the first Polish regulation which defines virtual currency:

virtual currency – this shall be understood as digital representation of a value which is not:

  1. a legal tender issued by NBP (the National Bank of Poland), foreign central banks or other public administration authorities;
  2. an international clearing unit established by an international organization and accepted by individual countries belonging to or cooperating with such organization;
  3. electronic money within the meaning of the Polish Act on Payment Services;
  4. financial instrument within the meaning of the Polish Act on Trading in Financial Instruments;
  5. a bill of exchange, a promissory note or a cheque.

 Secondly, Polish commercial entities are recognized as “obligated institutions” – (financial institutions) if they are carrying out business activity consisting in the provision of services in the scope of:

  1. exchange between virtual currencies and means of payment;
  2. exchange between virtual currencies;
  3. intermediation in the exchange referred to in letter a or b;
  4. keeping maintaining the accounts in electronic form, of identifying data enabling the entitled persons to use virtual currency units, including the conduct of transactions of their exchange.

AML obligations of financial institution in Poland

Under Polish AML Act financial (obligated) institutions has to complete with certain obligations. These obligations of polish financial institution may be divided into following groups:

  1. Implementation of an internal procedure on combating money laundering and terrorist financing – AML Policy;
  2. Application the financial security measures to customers in certain circumstances – KYC/ Client Identification procedure;
  3. Reporting the General Inspector of Financial Information in certain situations;
  4. Designation of senior management responsible for implementing the duties set out Polish AML Act;
  5. Performing training programmes to personnel covering the execution of AML obligations

1. Implementation of an internal procedure on combating money laundering and terrorist financing – AML Policy in Poland

The obliged institution’s internal procedure shall determine, having regard to the nature, type and size of the activity conducted, the rules of conduct applied in the obliged institution and shall in particular cover determining of:

  1. the activities or actions taken with the aim of mitigating the risk of money laundering and terrorist financing as well as appropriate management of the identified risk of money laundering and terrorist financing;
  2. the rules for recognizing and assessment of the risk of money laundering and terrorist financing associated with the given business relationships or an occasional transaction, including the rules for verification and updating of the assessment of the risk of money laundering and terrorist financing made previously;
  3. the measures applied for the purpose of appropriate management of the recognized risk of money laundering or terrorist financing associated with the given business relationships or an occasional transaction;
  4. the rules for the application of financial security measures;
  5. the rules for storing documents and information;
  6. the rules for the fulfillment of the obligations including providing to the General Inspector of information on transactions and notifications;
  7. the rules for disseminating among employees of an obliged institution knowledge in the field of the provisions on combating money laundering and terrorist financing;
  8. the rules for reporting by employees of actual or potential breaches of the provisions on combating money laundering and terrorist financing;
  9. the rules for internal control or supervision of compliance of activity of an obliged institution with the provisions on combating money laundering and terrorist financing as well as the rules of conduct determined in the internal procedure.

2. Financial security measures of Polish financial institution

What are financial security measures?
Financial security measures have to be understand as:

  1. customer identification and verification of its identity;
  2. identification of the person authorized to act on behalf of a customer and verify his/her identity and power to act on behalf of the customer.
  3. beneficial owner identification and taking reasonable actions for the purpose of:
    1. verification of his/her identity;
    2. recognizing of the ownership and control structure of the customer – in the case of a customer that is a corporate entity.
  4. the assessment of business relationships and obtaining information on the purpose and intended nature of those relationships
  5. ongoing monitoring of the business relationships of the customer, including:
  6. an analysis of transactions undertaken throughout the course of business relationships to ensure that the transactions are consistent with the obliged institution’s knowledge of the customer, his/her business type and scope, and consistent with the money laundering and terrorist financing risk related to this customer;
  7. investigation of the source of origin of property values at the disposal of the customer – in the cases justified by circumstances;
  8. ensuring that the documents, data or information on business relationships held are kept up-to-date.

When financial security measures are applied?
Upon Polish  AML Act obliged institutions shall apply the customer due diligence measures in the case of:

  1. Establishment of business relationships. In other words, obligated institution has to apply security measures (due diligence measures) when the contract with customer is established to have an element of duration;
  2. Conducting an occasional transaction of a value equivalent to EUR 15,000 or more, irrespective of whether the transaction is being conducted as a single operation or several operations which seem to be related to each other; occasional transaction has to be recognized as transaction outside of a business relationship;
  3. Conducting an occasional transaction which constitutes a transfer of funds of an amount exceeding the equivalent of EUR 1,000;
  4. Conducting an occasional cash transaction of a value equivalent to EUR 10,000 or more, irrespective of whether the transaction is being conducted as a single operation or several operations which seem to be related to each other;
  5. Obliged institutions shall apply financial security measures also in case of a suspicion of money laundering or terrorist financing;
  6. Doubts as regards the accuracy or completeness of the customer identification data obtained so far.

Financial security measures has to be apply also in business relationship with a politically exposed person. In such case  obliged institutions shall apply the following actions:

  • obtain approval from senior management as regards the establishment or continuation of business relationships with the politically exposed person;
  • apply adequate measures in order to establish the source of the customer’s property and source of origin of the property values at the customer’s disposal as part of business relationships or transactions;
  • enhance the application of the financial security measure.

Example of financial security measures:

Natural person identification shall consist in determining the following data:

  1. Full Name;
  2. Residential Address;
  3. Citizenship;
  4. Number entered in the Polish Universal Electronic System for Civil Registration (PESEL) – if applicable;
  5. Date and place of birth;
  6. The name (business name), the tax identification number (TIN – PL: ”NIP”) and the address of the principal place of business activity – in the case of a natural person conducting business activity.

 Corporate entity identification  shall consist in determining the following data:

  1. the name (business name);
  2. the organizational form;
  3. the address of the registered office or the address of conducting business;
  4. the Tax Identification Number (PL: ”NIP”);
  5. commercial registration number;
  6. date of registration;

On the other hand, financial security measure is the verification of the identity and above mentioned data. Verification can be based on the documents proving the identity of a natural person, the document containing up-to-date data from the excerpt from the relevant register (commercial register) or other documents, particulars or information from a reliable or independent source.

Above mentioned financial security measures are stipulated in Polish AML Act and have to be treated as minimum standards. Each financial institution has to implement its own AML standards and interior rules. Its recommended also to enforce specific levels of risk of money laundering and terrorist financing with different (enhanced) security measures. 

A higher risk of money laundering and terrorist financing can be indicated in particular by:

  1. establishment of business relationships in unusual circumstances;
  2. the fact that the contractor is:
    1. a legal person or an organizational unit having no legal personality, whose activity serves to storage of personal assets;
    2. a company in which bearer shares were issued, whose securities are not admitted to organized trading, or a company in which the rights attached to shares or stocks are exercised by entities other than shareholders or stockholders;
  3. the subject of the business activity carried out by the contractor covering conducting of a significant number of cash transactions or cash transactions of high amounts;
  4. unusual or excessively complex ownership structure of the contractor, having regard to the type and scope of the business activity conducted by this contractor;
  5. the fact of the contractor making use of services or products offered as part of private banking;
  6. the fact of the contractor making use of services or products contributing to anonymity or hindering the contractor’s identification, including the service consisting in creating additional numbers of accounts marked pursuant to the provisions issued under Article 68, subparagraphs 3 and 4 of the Act of 29 August 1997 – Polis Banking Law, as well as Article 4a, paragraph 5 of the Polish Act of 19 August 2011 on Payment Services linked to the account held, in order to make the account numbers available to other entities for the purpose of identification of payments or originators of those payments;
  7. the fact of establishment or maintenance of business relationships or conducting an occasional transactions without the contractor being physically present – in the case when a higher risk of money laundering or terrorist financing related thereto was not mitigated in another manner, including by the use of the a notified electronic identification measure adequately to the medium security level referred to in Regulation (EU) No 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC (OJ L 257, 28.8.2014, p. 73) or the requirement of using a qualified electronic signature or a signature confirmed by the Electronic Platform of Public Administration Services (ePUAP) trusted profile;
  8. the fact of ordering of transactions by third entities unknown or not linked to a contractor, the beneficiary of which transactions is the contractor;
  9. the fact of covering by business relationships or transactions of new products or services or offering of products or services with the use of new distribution channels;
  10. linking business relationships or an occasional transaction by contractor with:
    • a high-risk third country;
    • a country defined by reliable sources as a country of high corruption or other criminal activity levels, a country providing funding or support for committing activities of a terrorist nature, or with which an activity of an organization of a terrorist nature is associated
    • a country in relation to which the United Nations Organization or the European Union have taken a decision on imposing sanctions or specific restrictive measures.

3. Obligation of reporting transactions to Polish regulator (General Inspector of Financial Information)

Financial institution has to provide to the General Inspector the information on:

  1. a received payment or disbursement of the cash of equivalent in excess of EUR 15.000;
  2. a transfer of funds of equivalent in excess of EUR 15.000 made – however, according to not official interpretation of Polish AML ACT it applies only to financial institutions which are performing money transfers as payment provider, for example banks.

The information about transaction should be reported within 7 days from the day of receipt of the payment or making disbursement of funds. Such information shall indicate:

  1. a unique transaction identifier in the records of an obligated institution;
  2. the date or the date and the time of conducting the transaction;
  3. the identification data the contractor giving an instruction or order of conducting the transaction;
  4. the amount and currency being the subject of the transaction;
  5. the transaction type;
  6. the transaction description;
  7. the manner of issuing an instruction or order of conducting the transaction;
  8. the numbers of the accounts used for conducting the transaction marked with the identifier of the International Bank Account Number (IBAN) or an identifier including the code of the country and the account number in the case of accounts not marked with an IBAN.

Financial institution is obligated also to submit notification

  1. to the General Inspector of the circumstances which could indicate a suspicion of commission of an offence of money laundering or terrorist financing;
  2. to the General Inspector, by electronic communication means, of a case of justified suspicion that a given transaction or specific property values may be associated with money laundering or terrorist financing.
  3. to the competent prosecutor of a case of a justified suspicion that the property values being the subject of a transaction or accumulated on an account are the proceeds of an offence other than an offence of money laundering or terrorist financing or a fiscal offence or are associated with an offence other than an offence of money laundering or terrorist financing or with a fiscal offence.
  4. to the General Inspector, by electronic communication means, of conducting the suspicion transaction, in the case when the notification was impossible prior to its conducting. In the notification the financial institution shall justify the reasons for failure to provide prior notification and provide the information confirming the suspicion.