Key Laws and Regulations

Given Poland’s EU membership, the legal framework applicable to financial institutions (including banks) is largely influenced by EU legislation, in particular, Directive 2013/36/EU (CRD) and Regulation (EU) 575/2013 (CRR). The latter is directly applicable to banks in Poland.

The primary source of regulations governing the banking sector in Poland is the Act of 29 August 1997, Banking Law (BL). The BL sets out, in particular, licensing conditions, principles applicable to conducting banking activity, the terms of providing key banking products (deposits, loans, bank guarantees, etc), bank-specific principles for bankruptcy proceedings, and principles of exercising banking supervision.

Other important legal acts governing the banking sector include: 

• the Act of 19 August 2011 on payment services, which sets the regulatory framework of payment services and implements Directive (EU) 2015/2366 (PSD2);
• the Act of 15 September 2000, the Commercial Companies Code, which sets out the general framework for joint-stock companies, ie, the form in which banks are usually formed;
• the Act of 23 April 1964, the Civil Code, which regulates the private law aspect of crucial banking agreements, eg, the bank account agreement and regular loan agreement (umowa pożyczki);
• the Act of 12 May 2011 on consumer credit, which sets the rules for providing consumer credit under Directive 2008/48/EEC (CCD);
• the Act of 23 March 2017 on mortgage credit and the supervision of mortgage brokers and agents, which sets the rules for providing consumer credit under Directive 2014/17/EU (MCD);
• the Act of 29 July 2005 on trading financial instruments, which regulates the rules of public trade in financial instruments and implements Directive 2014/06/EU (MiFID 2);
• the Act of 1 March 2018 on countering money laundering and terrorism financing, which regulates the obligations of banks as “obliged entities” and implements Directive (EU) 2015/849 (AMLD V); and
• the Act of 10 June 2016 on the Bank Guarantee Fund, deposit protection scheme and mandatory restructuring, which implements Directive 2014/59/EU (BRRD).

Banks should also be aware of soft law instruments, positions, recommendations and guidelines issued by the relevant regulatory authorities. Although formally non-binding, these soft-law sources usually provide a supervisor’s approach to, or interpretation of, binding legal acts.

Regulatory Authorities

The Polish Financial Supervision Authority (Komisja Nadzoru Finansowego; PFSA) is the regulator responsible for the microprudential supervision of banks in Poland. Poland is not part of the Eurozone and does not participate in the Banking Union or the Single Supervisory Mechanism. As such, the supervisory powers and duties lie with the national regulator.

The Financial Stability Committee (Komitet Stabilności Finansowej) is the primary regulator responsible for the macroprudential supervision of the banking sector. The Committee issues recommendations and positions on macroprudential matters and co-ordinates the work of its members regarding macroprudential oversight.

The Bank Guarantee Fund (Bankowy Fundusz Gwarancyjny) is the regulator responsible for running the mandatory deposit protection scheme and is the local bank resolution authority.

The General Inspector of Financial Information (Generalny Inspektor Informacji Finansowej) is the regulator responsible for supervision in the AML/CFT field.

Authorisation

There is only one type of banking license available; however, the scope of a bank’s permitted activities is determined by the scope of the application for the authorisation to set up the given bank and the decision issued by the PFSA. 

Commercial banks are usually formed as joint-stock companies. In such case, the number of founders (initial shareholders) cannot be fewer than three, unless the founder is another bank (from Poland or outside of Poland).

The only sub-type of a bank in the form of a joint-stock company is a mortgage bank operating under the Act from 29 August 1997 on mortgage bonds and mortgage banks. These specialised banks may only engage in selected activities, which essentially include activities related to the mortgage market.

Polish regulations also enable co-operative banks (banki spółdzielcze) and credit unions (Spółdzielcze Kasy Oszczędnościowo-Kredytowe) to be established. The latter may engage in similar activities to those of banks, but represent a different kind of financial institution. 

Scope of Activities

Banks may only engage in activities directly listed under the BL, referred to as “banking activities” (czynności bankowe). They primarily include:

• accepting deposits of money payable on demand or on a specified date and maintaining accounts for such deposits;
• maintaining other bank accounts;
• granting loans, both “bank loans” (kredyty bankowe) and cash loans (pożyczki);
• granting and confirming bank guarantees and opening and confirming letters of credit;
• issuing bank securities;
• providing payment services and issuing electronic money;
• acquiring and disposing of monetary receivables;
• storing objects and securities and providing safe deposit boxes;
• conducting the purchase and sale of foreign exchange values;
• granting and confirming guarantees (sureties);
• performing commissioned activities related to the issuance of securities; and
• performing other activities specified for banks in other laws.

The restrictive interpretation presented by the PFSA provides that if the regulations do not explicitly authorise a bank to carry out a certain business activity, such activity should not be pursued as the bank’s regular business.

Conditions of Authorisation

Under the BL, a bank can be established if:

• the bank is equipped with adequate own funds, the amount of which should correspond to the type of banking activities to be performed and the size of the intended activity;
• the bank is equipped with premises with adequate technical equipment;
• the bank’s founders provide a guarantee of the bank’s prudent and stable management;
• the persons scheduled to take up positions of the bank’s supervisory board and management board members meet the relevant legal requirements;
• the persons scheduled to take up the positions of chair of the management board and the management board member responsible for risk management have proven knowledge of the Polish language; and
• the (minimum of a) three-year plan presented by the founders indicates that these activities will be safe for the funds collected in the bank.

Process of Applying for Authorisation

The authorisation to operate as a bank is granted in two stages. Firstly, the authorisation to set up a bank; and secondly, an authorisation to start operations (an operating license) have to be obtained. After obtaining these two authorisations, an entity may start operating. 

A model process of applying for authorisation includes the following steps:

• preparing and filing an application for the authorisation to set up a bank (approximately three to six months);
• the first phase of the proceedings before the PFSA (approximately 9-12 months);
• registering the bank in a form of joint-stock company with the national court register (approximately three months);
• preparing and filing an application for the authorisation to start operations as a bank (approximately three months); and
• the second phase of the proceedings before the PFSA (approximately six to nine months).

The above-mentioned timelines constitute a rough approximation, given the amount and complexity of information to be provided to the PFSA. Other formalities include usual filings and registrations for tax or employment purposes.

The administrative fee in the proceedings before the PFSA amounts to 0.1% of the contemplated share capital of the bank and does not include other costs, eg, legal, consulting or business advisory.

General

The procedure for acquiring qualified holdings in Polish banks is subject to unified EU rules resulting from CRD. However, compared to other jurisdictions, Polish proceedings are much more document-heavy and the PFSA’s approach tends to be very formalistic. 

Shareholding Thresholds

The BL provides that an entity or person that intends, directly or indirectly, to acquire or subscribe to shares or rights from the shares of a national bank in a number that ensures reaching or exceeding, respectively, 10%, 20%, one-third, or 50% of the total number of votes at the shareholders general meeting or shares in the share capital, is obliged to notify the PFSA of its intention.

The same obligation applies to the intention to acquire control of a bank in any other way than by way of the acquisition or subscription of shares.

Notification

An entity filing the notification to the PFSA is obligated to disclose its parent company, arrangements made by this parent company, and information about the parent company remaining in any arrangements that allow other entities to exercise rights from shares of a bank or exercising parent company rights over such bank.

The notification to the PFSA includes:

• the identification of the applicant;
• the identification of the target bank;
• a description of the professional activities the applicant performs and a description of the obtained education;
• a description of the group to which the applicant belongs;
• a description of the applicant’s financial situation;
• information on criminal and fiscal crimes, conditionally discontinued proceedings and concluded disciplinary proceedings, as well as concluded administrative and civil proceedings if this may influence the assessment of the applicant;
• information on pending criminal and fiscal crime proceedings, as well as pending administrative, disciplinary, and civil proceedings if they may influence the assessment of the applicant;
• a description of actions aiming at acquiring and subscribing for shares, in particular, information on the target share in the share capital or the target number of votes at the general meeting; and
• information on the applicant’s intention regarding the bank’s future business activity. 

Detailed requirements for all this information and these documents are provided in secondary legislation. An important part of the filing is constituted by the commitments undertaken by the investor(s) vis-à-vis the PFSA concerning the target bank and its activities.

The PFSA may object to the intended acquisition or subscription for shares if:

• the applicant has failed to supplement the notification;
• the applicant has not provided the additional information required by the PFSA within the deadline; or
• it is justified by the need for the prudent and stable management of the bank due to the possible impact of the applicant on the bank or the applicant’s financial situation.

The PFSA’s objection (or decision declaring the absence of grounds for it) may be issued within 60 working days following receipt of the complete notification. However, in practice, such proceedings usually last for approximately four to six months as the PFSA issues extensive requests related to the submitted documents. 

No voting rights may be exercised from the shares acquired or subscribed for in violation of the relevant regulatory filing rules.

General Corporate Structure

The Commercial Companies Code is the primary source of law for joint-stock companies, including banks (subject to differences resulting from the BL). The Code provides for a two-tier board structure, and the governing bodies of a bank include the management board, the supervisory board and the shareholders general meeting. 

Additional Requirements

The BL introduces additional, specific corporate governance requirements, generally in line with EU law requirements for credit institutions. The measures include an obligation to:

• introduce a management system consisting of, at least, a risk management system and an internal control system;
• separate a risk division from other divisions and appoint a dedicated board member responsible for risk management who also cannot oversee an area that generates risk for the bank’s operations;
• separate the function of the dedicated board member responsible for risk management from the president of the management board who also may not be entrusted with supervising an area that generates a material risk for the bank’s operations;
• separate a control function, compliance unit, and independent internal audit unit (within the internal control system); and
• establish, within the supervisory board, a nomination committee, a risk committee and remuneration committee (applies to significant banks, ie, listed banks or banks with more than a 2% share in the banking sector’s assets, deposits or own funds; and banks the PFSA designates as significant).

Soft Law and Industry Initiatives

The PFSA issued a dedicated recommendation concerning the principles of internal governance in banks, ie, Recommendation Z (Rekomendacja Z). The document contains a set of general and specific rules governing many aspects of a bank’s governance, ranging from separating functions within the internal structure, to managing conflicts of interest, to risk or outsourcing management.

The EBA Guidelines on internal governance (EBA/GL/2017/11) are applicable in Poland. The PFSA also issued a more general recommendation, ie, the Corporate Governance Rules for Supervised Entities (Zasady Ładu Korporacyjnego dla Instytucji Nadzorowanych), which apply to all supervised entities. 

Banks listed on the Warsaw Stock Exchange (WSE) are also obligated to adhere to the Good Practices of Listed Companies issued by the WSE. The WSE Good Practices are based on a “comply or explain” principle.

General

Management board members (including the president of the management board) are appointed by the supervisory board.

A bank’s management board and supervisory board members should have the knowledge, skills and experience appropriate for their respective functions and duties. They should also assure due performance of those duties. In particular, this refers to the person’s reputation, honesty, integrity and ability to run the bank’s business in a prudent and stable manner (the fit and proper requirement).

Accountability

Management and supervisory board members are subject to regular civil liability towards the bank itself and its shareholders. Additionally, the PFSA may impose on them penalties for non-compliance with the issued guidance or other applicable obligations. The penalties are up to approximately PLN20 million (approximately EUR4 million). 

The PFSA’s Approval

Appointing the president of the management board and the management board member responsible for risk management requires the PFSA’s approval. 

The PFSA has to be notified with the following information:

• the identification of the candidate;
• the candidate’s knowledge, skills, and experience, in particular, education, professional experience and completed courses;
• information about the other entities in which the candidate serves as a statutory board member;
• the candidate’s criminal record;
• administrative sanctions, other proceedings that may adversely affect the financial position of such person, and administrative, disciplinary or enforcement proceedings in which the appointed person has acted or acts as a party;
• Polish language proficiency; and
• any other information that may affect the assessment of meeting the fit and proper requirement.

The PFSA will not approve the appointment if:

• the fit and proper criteria are not fulfilled;
• the candidate was penalised for an intentional crime or fiscal crime, excluding privately prosecuted crimes;
• the candidate does not inform the PFSA about charges in criminal proceedings or fiscal crime proceedings, except for charges related to privately prosecuted crimes within 30 days from the date of the charges; or
• the candidate does not prove their Polish language proficiency.

The Polish language requirement may be waived if the PFSA deems its fulfilment unnecessary for prudential supervision reasons, in particular, the level of acceptable risk or the scope of the bank’s intended activities.

In 2020, the PFSA issued a document, ie, Methods for Assessment of Suitability of the Members of the Bodies of Entities Supervised by the Polish Financial Supervision Authority (Metodyka Oceny Odpowiedniości Członków Organów Podmiotów Nadzorowanych), which contains a very detailed methodology behind the PFSA’s approach to the fit and proper requirements. These are generally in line with the applicable EBA Guidelines on assessing the suitability of management body members and key function holders under Directive 2013/36/EU and Directive 2014/65/EU (EBA/GL/2017/12).

Remuneration Policy

Banks have to adopt remuneration policies for each category of persons whose professional activity has an impact on the bank’s risk profile. These persons primarily include:

• supervisory board and management board members;
• directors (usually heads of divisions); and
• other persons who have knowledge of risks associated with the bank’s activities and who are responsible for making decisions impacting these risks. 

The management board is responsible for preparing and implementing the remuneration policy, which is subject to the supervisory board’s approval.

Non-significant banks with lower values of owned assets may implement simplified policies. The same applies to persons whose annual variable remuneration does not exceed the PLN equivalent of EUR50,000 or one-third of the total annual remuneration of these persons. Other exceptions may apply where an appropriate justification is present. 

The PFSA may limit the variable component of the remuneration of persons covered by the remuneration policy, as a percentage of net income, in cases where its amount impedes meeting the own-funds requirements.

Additional requirements for remuneration policies may be found in the EBA Guidelines on sound remuneration policies (EBA/GL/2015/22), which apply in Poland.

AML-Related obligations

Banks are “obliged entities” under the Act on countering money laundering and terrorism financing. As such, they are subject to many obligations, among others:

• applying customer due diligence (standard, simplified or enhanced, as applicable);
• adopting and complying with an internal AML procedure;
• maintaining records of information acquired during maintaining business relationships with clients;
• providing the General Inspector of Financial Information with information regarding accepting certain funds with an equivalent value of more than EUR15,000;
• suspending suspicious transactions and blocking accounts; and
• applying specific restrictive measures to sanctioned entities included in the relevant lists of sanctioned parties. 

The General Inspector of Financial Information or the PFSA may require the bank to change the scope or to end the correspondent relationship with a respondent entity with its seat in a high-risk third country identified by the European Commission.

Customer Due Diligence Measures

Banks are primarily obligated to apply customer due diligence measures when:

• establishing a business relationship;
• carrying out occasional transactions;
• there is a suspicion of ML/TF; or
• there is doubt about the veracity or adequacy of previously obtained customer identification data.

Customer due diligence measures include:

• identifying and verifying the customer’s identity;
• identifying and taking reasonable measures to verify the beneficial owner;
• assessing and, as appropriate, obtaining information on the business relationship’s purpose and intended nature; and
• conducting ongoing monitoring of the business relationship.

Banks should also be aware of any positions and interpretations that the General Inspector of Financial Information may issue regarding AML/CFT duties.

General

Under the Act on the Bank Guarantee Fund, deposit protection scheme and mandatory restructuring, the Polish mandatory depositor protection scheme is administered by the Bank Guarantee Fund (BGF), a special legal person set up to govern the scheme. All banks that have their corporate seat in Poland are required to participate in the fund by contributing to it in proportions based on several factors, eg, the bank’s management profile, capital, liquidity and quality of assets. 

Scope of the Coverage

The funds covered by the BGF include:

• funds in any currency accumulated by the depositor in bank accounts where the depositor is a party to the bank account agreement;
• the depositor’s other receivables arising from selected banking activities;
• the receivables of the person who covered the funeral costs of a deceased bank account holder; and
• selected receivables of the depositor arising from bank securities.

The guarantee does not extend to:

• the depositor funds which, during the two years prior to the date of fulfilment of the guarantee condition, were not subject to turnover other than interest operations and their sum is less than the PLN equivalent of EUR2.5; or
• electronic money as defined in the legislation implementing Directive 2009/110/EC (EMD2) and funds received in exchange for electronic money.

Entities Entitled to Guarantee 

The following entities are entitled to guarantee:

• natural persons;
• legal persons;
• organisational units that are not legal persons but have legal capacity (eg, commercial partnerships);
• school savings funds;
• savings and loan associations; and
• parent councils. 

Limitations

The following entities are not entitled to guarantee:

• the State Treasury;
• the National Bank of Poland;
• banks, foreign banks and credit institutions;
• credit unions and the National Credit Union (Krajowa Spółdzielcza Kasa Oszczędnościowo-Kredytowa);
• the BGF;
• certain financial institutions;
• persons and entities not identified by the entity participating in the fund;
• local government units; or
• public authorities of a member state other than the Republic of Poland and a third country, in particular, central and regional governments and local government units of these countries.

Under Directive 2014/49/EU, the funds are covered by the guarantee up to the PLN equivalent of EUR100,000, according to the average exchange rate of the National Bank of Poland as of the date of fulfilment of the guarantee condition.

Exercising Rights Under the Guarantee

The guarantee is payable within seven business days of the date of fulfilment of the guarantee conditions which, for banks, include the following:

• issuing the PFSA’s decision to suspend a bank’s activities; and
• filing the BGF’s motion for a bank’s bankruptcy with the competent court.

As of the date of the fulfilment of the guarantee condition, the BGF acquires a claim to the entity in relation to which the guarantee condition has been fulfilled, in the amount of the sum of guaranteed funds.

Scope of Secrecy

The BL requires the bank, its employees, and all persons or entities through whom the bank performs banking activities (czynności bankowe) to maintain bank secrecy. The secrecy extends to all information concerning a banking activity, including obtained during the negotiation, conclusion, and execution of the contract governing the particular banking activity.

The obligation to maintain bank secrecy does not extend to cases where, among others:

• without disclosing the information, it is not possible to duly perform the contract governing the certain contract or to duly perform other activities connected to concluding or performing this contract;
• the information is disclosed to an entity to which the bank outsourced its activities;
• the information is disclosed to an attorney in connection with the provision of legal services; or
• the disclosure of information to other banks, credit institutions, or financial institutions belonging to the same financial holding company is necessary for the proper performance, prescribed by law, of anti-money laundering and counter-terrorist financing obligations.

Obligation to disclose bank secrecy

Banks are required to disclose information subject to bank secrecy exclusively to (selected entities):

• other banks and credit institutions to the extent that the disclosed information is necessary in connection with the performance of banking activities and the purchase and sale of receivables;
• other financial institutions in the cases indicated in regulations;
• providers of PSD2 open-banking services (PIS, AIS);
• the PFSA in relation to exercising supervision;
• the court or a prosecutor in connection with ongoing proceedings for certain crimes or fiscal crimes;
• the court in connection with other ongoing proceedings;
• in selected cases, the Head of the National Fiscal Administration; or
• the Financial Ombudsman.

Consequences of a Breach

Breaching bank secrecy is subject to both civil liability (damages) and criminal liability (involving a fine of up to PLN1 million and imprisonment for up to three years). 

Disclosing information that is subject to bank secrecy which, at the same time, constitutes personal data, may be subject to additional administrative penalties under the GDPR.

Initial Capital and Basel Standards

The BL prescribes the minimum of the PLN equivalent of EUR5 million as a bank’s initial capital. However, the PFSA requires the initial capital to correspond to the intended scale and scope of bank activities that a bank wishes to engage in. The broader the scope of the banking licence, the greater the expectations the PFSA may have for initial capital.

The European Union adopted the CRR/CRD package to implement most of the Basel III standards. These acts are either directly applicable in Poland (CRR), or were implemented in the BL (CRD).

Capital Requirements

The core capital adequacy requirement imposes an obligation upon banks to maintain a total capital ratio (own funds – the sum of Tier I capital and Tier II capital) of at least 8% of risk-weighted assets. The Common Equity Tier 1 capital ratio should be at least 4.5%, while an overall Tier I capital ratio should not be lower than 6%.

The leverage ratio means the relative – to the bank’s own funds – size of the bank’s assets, off-balance sheets liabilities, and contingent liabilities. At no time should it be lower than 3%.

The BL further stipulates that banks are obligated to maintain higher capital adequacy rates if those the CRR prescribed are not sufficient to cover all identified, significant risks present in a bank’s operations and changes in the economics environment, taking into account the expected level of risk. 

The PFSA is authorised to impose additional requirements for own funds and a bank’s liquidity.

Liquidity Requirements

Under the CRR, banks are required to have enough liquid assets to cover a minimum of 100% of net outflows for 30 days under stress conditions.

Banks that do not comply with the requirement or expect not to comply are obligated to notify the PFSA of this fact and present a recovery plan aiming at restoring the appropriate liquidity level.

Buffers and the obligatory reserve

Safety buffer

Banks should also maintain an additional safety buffer equal to the amount of the Common Equity Tier 1 capital of 2.5% of the total risk exposure. 

Countercyclical buffer

The countercyclical buffer should amount to the Common Equity Tier I capital at the level of the total risk exposure calculated in accordance with the CRR, multiplied by the weighted average of the countercyclical buffer ratios.

Other buffers

Polish regulations also distinguish a buffer applicable to global systemically important institutions. Additional systemic risk buffers may also be introduced when appropriate.

The buffers do not account for the bank’s fulfilment of the own-funds requirement under the CRR or under any other additional capital adequacy requirements under the applicable legislation.

Obligatory reserve

Banks are also required to maintain reserves representing a portion of, among others, cash deposited in bank accounts held by these banks. The obligatory reserve of banks is the amount, expressed in zlotys, of cash in zlotys and foreign currencies deposited in bank accounts, funds obtained from the issuance of debt securities, and other funds accepted by the bank subject to repayment. Some funds are excluded from the mandatory reserve calculation.

Insolvency

Banks may be subject to regular insolvency proceedings before the competent courts, with certain differences. Only the PFSA may file for a bank’s insolvency. However, if the BGF issues a resolution decision, the PFSA cannot file for insolvency.

Directive 2014/59/EU, which largely follows the FSB Key Attributes of Effective Resolution Regime, has been implemented in Poland.

Poland, as a non-Eurozone country, does not participate in the EU Single Resolution Mechanism. The competence to resolve a failing bank lies with the domestic BGF.

The resolution may be triggered, in particular, to maintain financial stability or protect depositors. These goals are achieved through:

• preparing resolution plans;
• the redemption or conversion of equity instruments; or
• resolving the bank.

The Course of a Resolution

Three factors need to be met to start a resolution:

• a bank is at risk of failing;
• there are no reasonable indications that the actions of the bank, institutional protection system, or the supervisor will remove the bankruptcy threat in a timely manner; and
• the resolution is necessary for the public interest.

After starting the resolution, the BGF acquires right to adopt resolutions and decisions on matters reserved by the Articles of Association of a bank’s bodies, and becomes an entity entitled to solely represent the bank under resolution as the management board and the bank’s other bodies are dissolved. The BGF may appoint a management board or an administrator for the bank under resolution.

Resolution tools include:

• the sale of the business;
• bridge institutions;
• asset separation; and
• bail-in.

The resolution proceedings may be supported by the actions of the institutional protection scheme, recently created in Poland, to guarantee the liquidity and solvency of the scheme’s participants. The institutional protection scheme is administered by a special purpose entity created by commercial banks.

Insolvency Deposit Preference

The BGF’s depositor protection scheme protects the clients’ deposits in the case of the ordinary insolvency of a bank. In the case of resolution, the depositors are protected as the asset separation tool is usually utilised, and the assets of the resolved bank are transferred, eg, to a bridge bank, free of most liabilities. In the case of the bridge bank’s insolvency, the regular deposit protection scheme should apply.

Voluntary Protection System

As of 2022, the BL provides the legal framework for voluntary protection systems. As a result, banks may engage in a contractual protection system governed by the purposefully established joint-stock company. The voluntary protection system may, inter alia, assist BGF in resolution processes. As of now, one protection system was established by the Polish banks (System Ochrony Banków Komercyjnych S.A.).

EU-Level Developments

Many regulatory developments affecting Polish banks are being initiated at the EU level. Among the upcoming, important developments are the following.

• The PSR/PSD3 Package – the EU Commission presented a proposal for a review of the existing legal framework for payment services in the EU in June 2023. Most material obligations under the PSD2 will be moved to a regulation to ensure uniform application across the EU.

• FiDA Proposal – an “Open Finance” proposal to allow for an exchange of data on financial products also outside the already covered scope under the PSD2.

• Digital Euro Proposal – a framework for issuing digital euro by the European Central Bank.
• The Banking Package – pending amendments to the CRD/CRR framework aimed at finalising the implementation of Basel III Accords and at introducing ESG risks in banks’ risk management systems.
• A set of new regulations and directives in the AML/CFT field – among other changes, an EU-wide AML/CFT supervision authority (AMLA) will be set up.
• AI Regulation – this regulation will set a uniform framework for the use of AI-powered tools. Among the “high-risk AI systems” subject to an increased regulatory burden are the systems intended to be used to evaluate the creditworthiness of natural persons or to establish their credit score. The AI-related risks will be part of the risk management systems of EU banks.
• The revision of the Consumer Credit Directive 2008/48/EEC – among many changes, the most important include extending coverage to currently excluded interest-free loans and introducing new information obligations.

Important EU-level legal acts impacting banks have been adopted in 2022 and 2023. Among them, most notably, are: Regulation (EU) 2022/2554 on digital operational resilience for the financial sector (DORA), and Regulation (EU) 2023/1114 on markets in crypto-assets (MiCA). DORA, which will comprehensively regulate the ICT risk management framework for banks, applies from 17 January 2025. MiCA will come into effect on 30 December 2024.

Domestic Developments

Ongoing reform of the WIBOR critical benchmark

In the first half of 2022, the Polish government announced its plan to replace the WIBOR (Warsaw Inter Bank Offered Rate) critical benchmark with a different, adequate benchmark. In September 2022, the National Working Group (NWG) responsible for reforming benchmarks announced that the WIRON (Warsaw Interest Rate Over Night) index (formerly, the WIRD index) will replace the WIBOR benchmark.

The WIRON index should be available for use in newly signed contracts and newly issued financial instruments starting December 2022. The WIRON index is expected to fully replace the WIBOR benchmark in 2027. The whole reform will take place under Chapter 4A of Regulation (EU) 2016/1011 (BMR). The effect of designating the replacement of the WIBOR benchmark will be to replace, by operation of law, the references to this benchmark with references to the WIRON index in all contracts and financial instruments subject to the law of one of the EU member states, except where these contracts or instruments contain suitable fallback clauses.

The replacement will be designated in the form of a decree issued by the Minister in charge of financial institutions. The decree will also specify the details related to the transition to the WIRON index, including, in particular, the spread adjustment and the methods of its determination, as well as the date on which the WIRON index will begin to apply.

The planned reform is part of the worldwide trend of transitioning from forward-looking indexes (offered rate type) to backward-looking, risk-free-rates representing realised transactions with the shortest maturity (overnight deposits (ON)).

The NWG frequently publishes recommendations on the use of WIRON in financial contracts and financial instruments.

Recent Changes in Outsourcing Rules for Banks

In 2023, the Polish Parliament also adopted a Financial Market Development Act (FMDA; the Act of 16 August 2023 on amending certain acts to ensure the development of the financial market and the protection of investors in that market). The FMDA amended more than 20 legal acts in the field of financial markets. One of the main novelties for banks is the change of rules governing regulated outsourcing arrangements. In particular, under the FMDA-introduced amendments, outsourcing of certain activities by banks, which formerly required a PFSA permit, will no longer be subject to the PFSA’s approval but will be allowed upon simple prior notification to the PFSA. Also, the BL will now explicitly allow for chain outsourcing and provide rules governing that process.

Regulatory Framework

The regulation of environmental, social and corporate governance (ESG) issues are among the European Commissions’ primary goals. Banks, to the extent that they have the status of obligated entities, under ESG regulations, must adapt their activities to the new requirements. The steps taken by Polish banks in the transition to a low-carbon, more sustainable and resource-efficient closed-loop economy are increasingly visible in the market. This is related to the gradual entry into force of individual acts and their implementation into the Polish legal order.

Obligations Under EU legislation 

CRR/CRD

Under Article 449a of the CRR, large institutions (as defined in the CRR) that issued securities admitted to trading on a regulated market of any member state are obligated to disclose information on ESG risks, including physical risks and transition risks. The method of disclosure of this information is governed by the Commission Implementing Regulation (EU) 2021/637, in particular Article 18a thereof.

In June 2021, the European Commission published draft amendments to the CRR and CRD under the so-called Banking Package. One of the three main objectives of the reform is to develop banks’ obligations to identify, disclose and manage ESG risks under existing risk management mechanisms. According to the latest drafts, among other changes, the existing obligation under Article 449a of the CRR will be extended to all credit institutions (while maintaining the proportionality principle).

According to a European Commission press release of 27 June 2023, the European Parliament and the Council have reached a political agreement on the shape of the packages’ provisions. The new framework may be expected to apply from 1 January 2025 (CRR) and July 2025 (CRD). The latter depends on the implementation by the member states.

NFRD/CSRD

The current Directive 2014/95/EU (NFRD) imposes an obligation on certain entities (inter alia, banks) to report, as part of, eg, the management report, on their policies on environmental, social, labour, the respect for human rights, anti-corruption and anti-bribery issues.

On 5 January 2023, the Corporate Sustainability Reporting Directive (CSRD), which amends the NFRD, entered into force. The CSRD aims to increase investment in sustainable operations in member states. According to the CSRD, all obliged entities shall present information on ESG matters in their management report. This information will be reported according to the Common European Sustainability Reporting Standards.

The CSRD provides for a three-stage timetable for entities to apply the new obligations. Information will be presented for the first time by the largest entities that already report so-called non-financial information under the Polish Accounting Act. A year later, the remaining large entities will submit their first reports. Small and medium-sized listed companies will report for the first time for the 2026 financial year.

SFDR and taxonomy

The aim of Regulation (EU) 2019/2088 (SFDR) is to provide transparency in specific areas of the activities of financial market participants and investment advisors with respect to ESG issues. To this end, the SFDR introduces a series of disclosure obligations aimed at obligated entities to consider ESG factors in the investment and advisory process in a consistent manner. Only banks that provide portfolio management service are subject to obligations under the SFDR.

In September 2023, the European Commission started public and targeted consultations regarding the SFDR, which may result in a proposal to amend the regulation.

The obligations listed in the SFDR are closely linked to the obligations referred to in Regulation (EU) 2020/85 (the “Taxonomy Regulation”). The disclosure obligations established in the Taxonomy Regulation complements the sustainability-related disclosure provisions established in the SFDR.

National Regulations and Soft Law

Under the BL, the nomination committee or the supervisory board must adopt a diversity policy in the management board. The policy should take into account the broad set of qualities and competencies required for board members. The banks also must notify the PFSA about their respective gender pay gaps every year.

Furthermore, the sanctions for non-compliance with specific provisions of the SFDR and the Taxonomy Regulation by financial market participants and financial advisors were introduced in the amendment to the Act on Financial Market Supervision in July of 2022. The sanctions are both financial (amounting to as much as PLN21 million) and non-financial. The power to impose them is held by the PFSA.

In addition to strictly legislative actions, banks should also be aware of any ESG positions and guidelines issued by the European Central Bank, local and EU (EBA and ESMA) supervisory authorities, as well as non-supervisory authorities, eg, the Task Force on Climate-Related Financial Disclosures. The PSFA has not yet issued general guidance on ESG matters, but such guidelines may be expected in the short- to medium-term. At present, the PFSA already includes ESG in the list of matters on which it seeks commitments from investors seeking clearance for the acquisition of a bank or other financial regulated institution.