The key Polish legislation that regulates the financial sector is divided into several categories, including, among others:

• banking;
• consumer credit;
• payment services;
• the capital market;
• the insurance sector; and
• other financial products that do not fall directly into one of the foregoing categories (eg, crypto-assets).

The financial services sectors described in the foregoing operate under distinct regulatory frameworks, drawing from both Polish national legislation and EU law.

This legal landscape features both sector-specific acts, such as the Payment Services Act (defined in the following), tailored for the payment industry, and broader legislative instruments that apply across multiple financial service domains – a prime example of the latter is the Anti-Money Laundering and Counter-Terrorist Financing Act (defined in the following), which imposes obligations across the banking, insurance and payment sectors.

Among the legal acts exclusively regulating a specific financial services sector, the following examples can be considered key.

• Banking:
1. the Act of 29 August 1997 – Banking law (the “Banking Law“);
2. the Act of 29 August 1997 on the Polish National Bank (Narodowy Bank Polski; NBP); and
3. the Act of 21 July 2006 on supervision over the financial market.
• Capital market:
1. the Act of 27 May 2004 on investment funds and management of investment funds (the “Act on Investment Funds”);
2. the Act of 29 July 2005 on trading in financial instruments (the “Act on Trading in Financial Instruments”);
3. the Act of 29 July 2005 on supervision over the capital market; and
4. the Act of 29 July 2005 on public offering and the conditions of introducing financial instruments into the organised trading system and on public companies (the “Public Offering Act”).
• Consumer credits sector (including loans granted to consumers – ie, consumer credit):
1. the Act of 12 May 2011 on consumer credit (the “Consumer Credits Act”).
• Payment services sector:
1. the Act of 19 August 2011 on payment services (the “Payment Services Act”).
• Insurance sector:

1. the Act of 11 September 2015 on insurance and reinsurance activities (the “Insurance Activities Act”);
2. the Act of 15 December 2017 on distribution of insurance (the “Insurance Distribution Act”); and
3. the Act of 22 May 2003 on insurance and pension supervision.

Furthermore, there are certain acts in the Polish legal system that are binding on all financial market participants, such as:

• the Act of 16 February 2007 on the protection of consumers and competition;
• the Act of 27 July 2002 – foreign exchange law;
• the Act of 5 August 2015 on the handling of complaints by financial market entities, on the Financial Ombudsman and on the Financial Education Fund; and
• the Act of 1 March 2018 on countering money laundering and financing of terrorism (the “AML Act”).

Polish financial regulations are deeply rooted in EU law, and certain of them are directly applicable, such as:

• the Capital Markets Regulation (CRR);
• Regulation 2016/1011 of 8 June 2016 on indices used as benchmarks in financial instruments or to measure the performance of investment funds (BMR); and
• Regulation 2024/1624 of 31 May 2024 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing (AMLR); and
• Regulation 2023/1114 of 31 May 2023 on markets in crypto-assets (MiCAR).

Others are implemented into domestic legal acts, including:

• the Capital Requirements Directive (CRD) and CRR – its provisions were implemented through the Banking Law;
• the Markets in Financial Instruments Directive (MiFID) – implemented through the Act on Trading in Financial Instruments;
• the Consumer Credit Directive (CCD) – implemented through the Consumer Credit Act;
• the Payment Services Directive (PSD) – implemented through the Payment Services Act;
• the Insurance Distribution Directive (IDD) – implemented through the Insurance distribution Act; and
• the Anti-Money Laundering Directive (AMLD) – implemented through the AML Act.

From an EU perspective, the scope of the regulations applicable to Polish financial institutions has been changing for some time now, increasing the complex and holistic framework obligations for financial institutions. Notable examples include the Digital Operational Resilience Act (DORA) and the Artificial Intelligence Act (AI Act) – these regulations impose stringent requirements on regulated entities, extending beyond product governance to encompass internal processes, technological infrastructure and risk management practices. Compliance now demands comprehensive implementation strategies that integrate governance, IT security and third-party oversight. Importantly, the scope and depth of these EU-level initiatives suggest a clear supervisory trend that is likely to influence national regulatory frameworks, including in Poland.

On another note, in the Polish legal system there exists an extensive framework of soft law regulations, which are mostly guidelines and explanations as to the practical use of certain legal provisions, issued by the Polish financial market supervisors. The Polish regulators may also integrate into their supervisory practices the recommendations issued by European Supervision Authorities (ESAs) – such as the European Banking Authority (EBA), European Securities and Markets Authority (ESMA) and European Insurance and Occupational Pensions Authority (EIOPA). More detailed information regarding the most important soft law documents issued in Poland are described in 3.2 Rules and Guidance.

The competence of the Polish Financial Supervision Authority (PFSA) to perform the functions outlined in the foregoing is derived directly from Polish legislation; specifically, Article 137 of the Banking Law grants the PFSA the explicit authority to issue recommendations, providing a foundational legal basis for its guiding role in various financial sectors. This power is further reinforced by the broader provisions of the Act on Financial Market Supervision, which delineates the PFSA’s overarching supervisory mandate across various segments of the financial market.

Legal entities in Poland are permitted to undertake regulated services in two main ways:

• certain activities are exclusively reserved for specific categories of entities (for instance, only a duly authorised bank or credit institution may offer the opening and maintenance of bank accounts, or indeed extend credit); and
• legal entities having ordinary legal forms without any special status due to the business activity conducted may need to obtain dedicated authorisation to provide a given category of services (eg, financial intermediary activities).

Within the Polish jurisdiction, one can identify examples of products and services that fall under the definition of “regulated financial services”.

Banking Services

The provision of these services is reserved exclusively for banks and credit institutions that have obtained the appropriate permit from the PFSA. Banks may conduct banking activities as defined in Articles 5 and 6 of the Banking Law, meaning that banks may provide services including:

• offering and granting credit;
• opening and maintaining bank accounts;
• granting and confirming bank guarantees and opening and confirming letters of credit;
• issuing bank securities; and
• carrying out monetary settlements.

Payment Services

the provision of payment services in Poland is restricted to specific entities known as “payment service providers”. This group, in addition to banks, comprises payment institutions and electronic money institutions, as well as smaller entities such as small payment institutions.

Additionally, within the payment services category, services can be distinguished, such as:

• payment information service (PIS) – allows a third-party provider to initiate a payment transaction directly from the payer’s account; and
• account information service (AIS) – allows access to information regarding a payment service user’s payment accounts, and in practice, enables the monitoring of financial status from other applications online.

To operate as a domestic payment institution or domestic electronic money institution, it is necessary to obtain official authorisation from the PFSA through a licensing process. For small payment institutions, payment service offices and providers supplying solely AISs, the only requirement is to be entered in the relevant payment service and electronic money issuer register. Payment service providers may provide services including the following (although this is highly dependent on the scope of authorisation granted by the PFSA):

• executing payment transactions, including transferring funds to a payment account with the user’s provider or another provider;
• providing money transfer services; and
• providing payment transaction initiation services.

Investment Services

Investment activity in Poland requires a licence from the PFSA and is conducted by, among other entities, investment firms (commercial law companies). Investment firms may conduct brokerage activities as defined in Article 69 of the Act on Trading Financial Instruments, meaning that investment firms may provide services including:

• portfolio management;
• investment advice;
• reception and transmission of orders in relation to financial instruments;
• execution of orders on behalf of clients; and
• dealing on own account in financial instruments.

It is important to note that investment services can also be delivered by entities primarily licensed within the banking sector, often through an extension of their existing banking licence to encompass brokerage activities or fund management. This dual capacity allows certain banks to offer a broader spectrum of financial services to their clients, integrating traditional banking with capital market operations.

Crypto-Asset Industry

Under MiCAR, only certain entities are permitted to offer crypto-asset services within Poland. These include authorised crypto-asset service providers (CASPs) and established financial institutions. The list of institutions that can provide such services is defined by law, and includes investment firms and electronic money institutions.

Crypto-currency related services may include:

• offers to the public and admission to trading on a trading platform for e-money tokens;
• offers to the public and admission to trading on a trading platform for asset-referenced tokens;
• offers to the public and admission to trading on a trading platform for crypto-assets other than asset-referenced tokens; and
• providing other crypto-asset services (as defined in MiCAR).

The products and services described in the foregoing are subject to rigorous scrutiny by market regulators, such as, at the national (Polish) level, the PFSA, the General Inspector of Financial Information (GIFI) and the Financial Ombudsman, and, at the EU level, the EBA, ESMA and EIOPA. Should an undertaking be found to have provided such products and services in breach of applicable statutory provisions, it may face a pecuniary, organisational or reputational sanction.

One of the key and frequently recurring practical challenges for organisations evaluating the regulatory standing of the services they provide in Poland concerns activities of a technical, organisational or indirect nature that only indirectly support the actual client-facing business.

This encompasses, for instance, undertaking analyses for investment purposes that support banking/investment activities, often carried out within IT/business shared service centres (SSCs). Such services often border on regulated areas, requiring a detailed legal analysis. The purpose of such an analysis is to determine whether a given activity qualifies as a regulated service or falls outside the scope of regulation – for example due to the possibility of applying specific exemptions.

Within Poland, some services can be classified as unregulated, provided that either the entities offering them or the inherent scope of those services benefit from a statutory exemption.

Polish financial regulations also directly stipulate certain activities that may be undertaken without requiring a licence or being subject to a specific regulatory regime. For example, the Polish Payment Services Act indicates specific forms of activity that are explicitly excluded from regulatory oversight (Article 6: payment transactions made exclusively in cash directly between the payer and the payee, and payment transactions involving the non-professional collection and delivery of cash within the framework of a non-profit or charitable activity). While this is a direct transposition of the PSD2 provisions, the exemptions referred to in Article 6 are often interpreted from the perspective of other provisions of Polish law and the practice of Polish supervisory authorities.

Where doubts persist regarding the interpretation of a specific enactment, the supervision authority (PFSA) may further comment on and interpret a given exemption through guidelines or Q&As (eg, the exemption of services provided by suppliers of software enabling access to market data and quotations, consisting of collecting and providing an archive of the transaction history and correspondence conducted by users of such software under specific circumstances, in accordance with the concept of outsourcing as defined under the Act on Supervision over Financial Market Entities and Regulation (EU) 2017/565).

Consequently, Polish jurisprudence plays a crucial role in shaping authoritative legal interpretations. Such exemptions are commonplace throughout all legislation pertaining to the financial sector.

Examples of such exemptions include:

• an entity that offers loans to, for example, entities that are part of its capital group and are not consumers, and which does not offer or grant credit, may be exempted from the PFSA’s supervision, as its activities are not classified as banking services or consumer credit services;
• certain entities (whilst strictly connected to the financial market) may operate based on registration alone, without a licence, such as managers of alternative investment companies (alternatywna spółka inwestycyjna; ASIs) below a defined portfolio threshold – these are required only to submit periodic reports to the PFSA and are exempt from full supervisory obligations; and

• the provision of services based on limited-use payment instruments, which enable the holder to acquire goods or services within a restricted network of entities that are all commercially and directly linked to the professional issuer of these instruments (“buy now, pay later”).

Any entity intending to commence operations in Poland that may be connected to regulated activities should bear in mind that carrying out such activities without the requisite authorisation may lead to severe penalties. For instance, the provision of unauthorised banking activities may lead to criminal liability under the Banking Law, whilst unauthorised investment services can result in severe financial sanctions under the Act on Trading in Financial Instruments.

Consequently, it is crucial to verify, prior to commencing such operations in Poland, whether an applicable exemption exists, and to evaluate the associated legal and operational risks.

The regulation of crypto-assets in Poland is currently undergoing a significant transformation. This evolution is primarily driven by the EU’s enactment of MiCAR, a landmark piece of legislation that will be directly applicable to all undertakings operating within the Polish crypto-asset market.

This signifies a profound shift, as previously, neither crypto-asset offerings themselves nor their providers were subject to the direct oversight of financial regulators, save for those instruments that qualified as financial instruments under MiFID.

MiCAR undertakes the classification of crypto-assets and introduces a regime for their distribution similar to that regulating public offerings in EU law (where the issuance of a crypto-asset white paper containing all relevant information of the instrument will be mandatory). Similarly, entities involved in the distribution of crypto-assets or operating a crypto-asset trading market will also be subject to a licensing process conducted by the relevant supervisory authority and supervision by the regulator.

Currently, most entities offering cryptocurrency services in Poland operate on the basis of entry into the virtual asset service provider (VASP) register, which is run by the Director of the Tax Chamber in Katowice, pursuant to the AML Act. To continue operating after the implementation date of MiCAR, these entities will need to extend their licence to that of a CASP.

MiCA is directly applicable in all member states, but entities conducting crypto-related activities in Poland also have obligations under national regulations, primarily the AML Act. Most crypto-related activities regulated by MiCA, such as cryptocurrency-to-cryptocurrency exchanges, cryptocurrency-to-fiat exchanges, exchange brokerage and custodial wallets, will also be subject to the AML Act.

Another challenge for crypto-asset businesses is the obligation to comply with the objectives set forth in the Travel Rule Regulation (TFR or the “Travel Rule”). Under the TFR, existing procedures will need to be adapted to meet additional obligations, including verifying beneficial ownership or control over a non-hosted address when crypto-asset transfers are sent or received from that address, and providing information about the initiator and beneficiary of a crypto-asset transfer. In Poland, compliance with the Travel Rule is supervised by GIFI, and companies must comply with the guidelines of the EBA and local regulations, such as the AML Act.

Poland is working towards implementing the Act on Crypto-Asset Market, for which the legislative process is still ongoing. Additionally, it should be noted that Polish law classifies entities operating in the field of virtual currencies (eg, crypto-asset exchanges, brokerages and or wallet management service providers) as obligated institutions under the AML Act. Consequently, they must adhere to the full AML regime.

While Poland’s financial landscape features several supervisory authorities responsible for ensuring the security and stability of the financial market, the PFSA plays a key role when it comes to the supervision of financial market participants.

This supervision can be broadly categorised into two areas:

• oversight based on an entity’s business conduct in the financial market, where the provision of services is governed by relevant legislation and requires a licence; and
• supervision predicated on the activities in question involving consumers.

As a result, a regulated entity may find itself subject to the oversight of one or more regulators, as Poland’s financial sector is regulated by a co-ordinated system of authorities. The PFSA leads broad oversight of financial institutions, while the NBP manages monetary policy and payment systems. The Polish Bank Guarantee Fund (BFG) protects depositors and handles bank resolutions, focusing mainly on deposit protection and resolution mechanisms. Consumer rights are supported by the Financial Ombudsman, and GIFI enforces anti-money laundering laws. The Office of Competition and Consumer Protection (OCCP) ensures fair business practices.

The most important supervisory authority over the financial market in Poland is the PFSA – all regulated financial market entities are subject to the supervision of the PFSA. The commission is authorised to licence entities, perform inspections in various areas and penalise behaviours that are in breach of binding provisions of law. The PFSA is authorised to supervise entities such as credit institutions, loan institutions, investment firms, public (listed) companies, payment institutions, insurance distributors and insurance companies. The PFSA’s jurisdiction extends beyond entities merely registered in Poland and operating under its direct authorisation. To a certain extent, activities conducted through a branch of a foreign institution are also subject to PFSA oversight. Furthermore, entities operating on a cross-border basis in Poland must also remain cognisant of the imperative to comply with specific, selected provisions of Polish financial regulations, ensuring a comprehensive supervisory reach across various operational models.

The financial services ombudsman for customers – ie, the Financial Ombudsman – mainly monitors the actions of financial institutions in relation to resolving client complaints. The Financial Ombudsman can issue guidelines for clients of financial entities, as well as guide and instruct them on their rights when dealing with financial market entities. It assists in disputes with financial market entities provided they have submitted a complaint to the financial market entity and it has been rejected, or their claims have not been fully acknowledged. However, the Financial Ombudsman does not have the authority to issue a binding decision on the financial market entity. It may also intervene on behalf of clients during court proceedings that involve financial institutions, as well as initiate proceedings before civil courts in matters that are within the scope of its jurisdiction.

The primary financial authority responsible for AML/CFT matters is GIFI, and the fulfilment of obligations set forth in the AML Act is supervised by both GIFI and the PFSA. Obliged entities are subject to mandatory reporting to GIFI and may be audited in relation to their compliance with obligations associated with customer due diligence processes. Within its remit, GIFI actively investigates transactions that raise reasonable suspicions, may conduct procedures to suspend transactions or block accounts, and provides obligated institutions with relevant information about entities suspected of being involved in terrorist activities. Obligated institutions are required to immediately notify GIFI of any circumstances that may indicate a suspicion of money laundering or terrorist financing, as well as reasonable suspicions that a specific transaction or asset may be related to such crimes, and they are also obliged to provide information on so-called above-threshold transactions, meaning those whose value exceeds the threshold set in the AML Act.

The central bank of Poland, responsible for the stability of the Polish currency – ie, the NBP – has several competencies with respect to the supervision of the Polish financial system. It mainly supervises national payment systems, which are crucial for the efficient and secure functioning of monetary funds in Poland. This supervision includes issuing permits for new systems, assessing their performance and collecting statistical data. Generally, the NBP is also responsible for the supervision of monetary policy and micro-prudential supervision, and is considered the AML/CFT supervisory authority for currency exchange offices, for example.

The primary authority regarding consumer protection in Poland (not only with regard to the financial market) is the President of the OCCP – the business practices of financial entities are also supervised by the President of the OCCP. Supervision depends on whether the financial entity’s offer is addressed to consumers. The OCCP monitors, in particular, actions taken in relations with consumers and maintains a register of abusive clauses that financial entities include in their regulations and contracts offered to consumers. Its remit also includes supervision of the marketing activities of financial entities and the prevention of practices violating the collective interests of consumers. On the other hand, the OCCP ensures fair competition in the internal market; therefore, merger control, state aid and anti-competitive practices are within its jurisdiction.

The Polish BFG is primarily responsible for protecting bank depositors by guaranteeing their deposits up to a certain limit (currently up to EUR100,000 or its equivalent in Polish zloty per depositor per bank). It plays a key role in managing failing banks through resolution actions, including restructuring or liquidation procedures, by implementing resolution mechanisms such as the transfer of assets and liabilities, write-downs and bail-ins to maintain financial stability and protect taxpayers from bearing the costs of bank failures. While not a supervisory authority in the traditional sense, the BFG monitors risks associated with banks by collecting data and information about the financial health of banks. The BFG complements the regulatory framework by focusing on deposit protection and crisis resolution, working closely with the PFSA and NBP to ensure the resilience of Poland’s banking sector.

Together, these supervisory bodies ensure a stable, secure and consumer-oriented financial market in Poland, operating under national laws aligned with EU regulations, directives and the rules established by the ESAs – operating strictly within the confines of the mandate bestowed upon them by EU regulations. It is crucial to highlight the profound and often decisive influence that these bodies exert on the operational practices and strategic direction of the Polish financial market.

In Poland, soft law plays a crucial role in shaping the practical application of binding legal regulations. These non-binding instruments – such as guidelines, recommendations and communications – often accompany the implementation of new legislation and serve to clarify, expand or operationalise its provisions.

The most active regulatory bodies issuing soft laws are the PFSA and GIFI. Polish financial institutions also routinely apply guidance from European supervisory authorities such as the EBA, ESMA or EIOPA, as well as international standards like those of the Financial Action Task Force (FATF) in the area of AML/CFT.

Soft law touches nearly every aspect of a financial institution’s operations – from product governance and organisational structure (as addressed in PFSA recommendations, such as Recommendation S – principles for responsible mortgage lending and credit risk management; and Recommendation U – good practices for bancassurance and insurance product distribution to ensure transparency and customer protection) to internal procedures and practical compliance measures (GIFI communications, Recommendation M – good practices for managing operational risk within banks).

As a general rule, all soft law regulations can be found on the Polish supervisors’ websites. Polish supervisory authorities publish some information concerning their application of legal provisions or supervisory measures as part of the information posted on their websites. When an issue constitutes a source of uncertainty regarding the fulfilment of a specific obligation, they issue guidelines in the form of a separate document, which is also available online. The majority of documents issued are available only in the Polish language.

For reference, key information may be found on the following websites:

• PFSA – regulations and practice (available both in Polish and English; however, only a limited number of documents are available in English);
• Financial Ombudsman – analyses and reports (available only in Polish);
• President of the OCCP – explanations (available only in Polish);

• President of the OCCP – reports (available both in English and Polish);

• President of the OCCP – register of abusive clauses (available in Polish only); and
• GIFI – communications (available in Polish only).

It should be noted that the PFSA plays a pivotal role in shaping the provision of services by financial market entities. Its official communications, positions and recommendations exert a significant influence on operational practices. Notably, broader EU legislation – such as DORA, AML frameworks and requirements concerning third-party relationships – is frequently not just interpreted by the PFSA but often refined, and at times even expanded upon, through the "soft laws" and guidance published by Komisja Nadzoru Finansowego (KNF). Consequently, it is paramount for any financial institution commencing operations in Poland to meticulously monitor not only the latest regulatory developments from both Polish and EU legislative bodies, but also the PFSA’s supervisory practice as articulated in these very publications.

As example pieces of soft law that relate to financial services regulation in Poland, the following documents should be mentioned.

• PFSA:
1. Recommendation S concerning good practices in the management of mortgage-secured credit exposures;
2. Recommendation Z concerning internal governance in banks;
3. guidelines on selected aspects of the provision of investment advice services by investment firms and banks;
4. guidelines on risk measurement of an obliged entity;
5. guidelines regarding the consolidation of contacts with clients of investment firms;
6. guidelines on the use of copy trading in the provision of brokerage services;
7. guidelines on the definition of offering financial instruments;
8. guidelines on the proper use of solutions in the financial sector for establishing business relationships without the physical presence of the client;
9. guidelines on the application of DORA by financial entities; and
10. guidelines on information accompanying transfers of monetary assets.
• OCCP:

1. explanations on issuing commitment decisions in cases of anti-competitive practices and practices infringing the collective interests of consumers;
2. explanations on dawn raids; and
3. explanations on penalties for management board members.
• GIFI:

1. Communication No 87 for entrepreneurs conducting business in the area of virtual assets;
2. Communication No 84 regarding performing customer due diligence during transactions using virtual assets;
3. Communication No 66 on the inclusion of persons and entities subject to specific restrictive measures on the national sanctions list; and
4. Communication No 36 on the risk assessment of an obliged entity.

The scope of soft laws regarding financial services in Poland is extensive; therefore, the aforementioned documents should be viewed as a selection of the most important documents, rather than a comprehensive list.

The provisions of the CRD/CRR package are based on the principle of maximum harmonisation. The CRR regulation applies directly to member states, including Poland, and does not require transposition into national law (consequently, the vast majority of prudential resolutions of the PFSA in this area were repealed and replaced by the provisions of the CRR regulation).

Procedure for Implementation of the CRD VI/CRR III Package into the Polish Legal System

In May 2025, information was published on the government website regarding the commencement of work on a draft act amending the Banking Law and certain other acts, aimed at implementing the CRD VI/CRR III package as well as incorporating into national law Articles 2 and 3 of Directive 2024/2994 of the European Parliament and of the Council of 27 November 2024, amending Directives 2009/65/EC, 2013/36/EU and 2019/2034 as regards the treatment of concentration risk relating to exposures to central counterparties and counterparty risk in the case of centrally cleared derivative transactions.

The changes included in the draft, aimed at implementing the provisions of the CRD VI Directive into the national legal framework, comprise:

• the establishment of an obligation for banks to take ESG risks into account in internal strategies and processes for assessing internal capital needs and management, as well as the introduction of a requirement for banks to develop specific plans to counteract these risks;
• amendments to requirements in Article 22aa of the Banking Law regarding management and supervisory board members, including PFSA approval for large bank appointments and PFSA assessment of key risk, compliance, audit and financial unit heads for large institutions under CRR III;
• the introduction of rules for PFSA supervision of significant banking transactions such as major share acquisitions, asset transfers, mergers and divisions;
• the introduction of regulations for branches of third-country banks operating in Poland requiring PFSA authorisation, branch establishment rules and a risk-based classification system;
• the harmonisation of sanctions provided for breaches of national and EU banking regulations; and
• strengthening of the independence of the PFSA by limiting terms for its chairperson and deputies, imposing post-employment restrictions with CRD VI compensation and banning these officials from holding investor status in supervised entities’ financial instruments.

The planned date for the Council of Ministers to adopt the draft was the third quarter of 2025. The public consultation process has now concluded. On 25 August 2025, the positions submitted as part of the consultations were published on the government legislative centre’s website.

Currently, the T+1 settlement system is not in use in Poland. Polish securities settlement systems, notably those operated by the National Depository for Securities (Krajowy Depozyt Papierów Wartościowych; KDPW), have traditionally been designed and optimised for T+2 settlement cycles, in line with longstanding international standards. In addition, the Polish market is integrated with broader European and global capital markets, where counterparties and intermediaries may still operate on T+2 or longer cycles. Achieving seamless cross-border T+1 settlement requires synchronised changes across borders, which remains a work in progress at the EU level.

For example, the KDPW operates multiple settlement systems. Generally, transactions are settled on a T+2 basis. However, KDPW allows certain exceptions, such as T+1 settlement for negotiated loans and T+3 settlement for obligatory, partial buy-outs of investment certificates.

ESMA, in its final report on amendments to the Regulatory Technical Standards (RTS) on settlement discipline, recommends that all EU member states transition to the T+1 settlement system. ESMA expects this implementation to begin in December 2026 and to be completed by October 2027.

The planned EU-wide implementation timeline (December 2026 to October 2027) aims to provide sufficient lead time for these necessary changes.

In Poland, the ESG regulatory framework developed in line with legislation introduced at the EU level, mostly being at the maximum level of harmonisation (via regulations) and thus being directly applicable without the need for implementation into national provisions. Primarily, such regulations concern information and reporting obligations imposed on financial market entities that disclose information on the impact of climate change on their business activities.

As the ESG framework is fast-paced, financial sector entities are continually being subjected to new obligations and requirements stemming from EU assumptions regarding economic transformation in response to climate change, which are intended to mitigate its effects.

Directly applicable EU laws in Poland include:

• Regulation 2019/2088 on sustainability‐related disclosures in the financial services sector (Sustainable Finance Disclosure Regulation; SFDR) – concerns the integration of sustainability risks into business and the consideration of adverse sustainability impacts in operations, as well as presenting sustainability-related information on financial products;

• Regulation 2020/852 on the establishment of a framework to facilitate sustainable investment (EU Taxonomy) – concerns the establishment of criteria for determining whether a given economic activity qualifies as environmentally sustainable for the purposes of determining the extent to which a given investment is environmentally sustainable;

• Commission Delegated Regulation 2021/1253 supplementing Directive 2014/65/EU (MiFID II) – concerns regulatory technical standards on the organisational requirements of investment firms and the rules for client-facing and product governance obligations in light of the integration of sustainability risks and factors;

• Commission Delegated Regulation 2021/1256 (IDD) – complements SFDR rules for insurance-based investment products (IBIPs), often overlapping with MiFID II regulated activities;
• Commission Delegated Regulation 2021/2178 – amends the Regulation 1286/2014 (PRIIPs) framework to align its key information document (KID) disclosure requirements with the SFDR; and
• Regulation 2024/3005 of 27 November 2024 on the transparency and integrity of ESG rating activities.

EU Directives and Polish legal implementing acts include:

• Commission Delegated Directive 2017/593 (the “MiFID II Delegated Directive”), which introduced product governance requirements for firms that manufacture and distribute financial instruments and structured deposits, as further amended by Commission Delegated Regulation 2021/1269 on the integration of sustainability factors into product governance obligations for investment firms – implemented into the Polish legal system through the Regulation amending the Regulation of the Minister of Finance of 30 May 2018 on the procedure and conditions for the conduct of the investment firms and banks referred to in Article 70(2) of the Act on Trading in Financial Instruments and trustee banks; and
• Directive 2013/34/UE on the annual financial statements, consolidated financial statements and related reports of certain types of undertakings, as further amended by Directive 2022/2464 of the European Parliament and of the Council of 14 December 2022 (the “Corporate Sustainability Reporting Directive”; CSRD) and Directive 2025/794 of the European Parliament and of the Council of 14 April 2025 amending the CSRD (the so-called Stop-the-Clock Directive), implemented into the Polish legal system through the Act of 6 December 2024 amending the Accounting Act, the Act on Certified Auditors, Audit Firms and Public Oversight, and certain other acts (the “CSRD Implementing Act”) and Act of 9 July 2025 amending the CSRD Implementing Act.

The PFSA’s Role

On a regular basis, the PFSA closely follows the guidelines issued by the ESA regarding matters related to ESG products and initiatives supporting sustainable development. In particular, the PFSA actively maintains a dedicated Q&A section on the SFDR, which is fully aligned with the interpretative clarifications provided by ESMA. This proactive approach ensures that market participants in Poland receive clear, consistent and up-to-date guidance on the implementation of sustainable finance regulations, facilitating compliance and promoting transparency in the growing ESG landscape.

PFSA “simplification team” proposal advocates for ESG investment and sustainable financial products in the EU

On 2 June 2025, the PFSA bureau, in co-operation with the Ministry of Finance, presented a package of proposals aimed at simplifying regulations for the financial services sector in the EU.

As regards the simplification of financial services regulatory rules, the PFSA advocates the following.

• Optional suspension of the application of Commission Delegated Directive 2021/1269 of 21 April 2021 amending the MiFID II Delegated Directive. This would mean lifting the requirement to apply the provisions of Commission Delegated Directive 2021/1269 in cases where an investment firm does not offer sustainable financial products, as, in the PFSA’s opinion, Commission Delegated Directive 2021/1269 imposes disproportionate obligations on investment firms subject to MiFID II. In addition, a review of MiFID II is proposed regarding product governance obligations, as well as a suitability and appropriateness assessment, and the criteria for recognising a client as a professional client.
• Less burdensome reporting requirements, like postponement of the obligation regarding assurance of sustainability reporting (as per the CSRD), which could reduce the number of delisting procedures and reduce entry barriers for new companies.
• As regards the SFDR, the PFSA supports legislative works aimed at the introduction of sustainability-related product categories, including the clear separation of disclosure obligations from the requirements for the construction of these products (Articles 6, 8 and 9 of the SFDR). It additionally proposes:
1. removal of pension products from the scope of the SFDR, where the fund member has no choice as to the investment of paid-in funds and, at the same time, the number of members/net asset value does not exceed properly established thresholds; and
2. simplification of the disclosures required for financial products with investment options (MiFID Optional Products; MOPs) – the product disclosures required by the SFDR Delegated Act are not formulated in a clear and unambiguous manner, particularly for MOPs offered in the form of IBIPS, which could increase the time and cost of mandatory product disclosures incurred by small pension funds, as well as by insurance companies offering insurance investment products.

With regard to the general attitude towards ESG of the Polish supervisory authorities, an incentive encouraging banks to increase their involvement in financing “green” assets is the fact that issues related to this involvement, like other ESG matters, are subject to evaluations of banks conducted as part of the supervisory review and evaluation process (Bankowy Instrument Oceny Nadzorczej; BION).

Poland is in the early stages of implementing the EU AI Act. A national implementing bill exists only in draft form, is under internal governmental review and may be amended upon introduction to Parliament. It is not final and may change following consultations and EU-level implementing measures. The draft Polish law is primarily institutional and procedural, designed to operationalise the AI Act domestically and set up enforcement.

Key elements of the draft Polish AI Act include:

• establishment of a national AI market surveillance authority and single EU contact point with investigative and corrective powers, including inspections, decisions and administrative fines;
• formal co-operation mechanisms with sectoral regulators (including the PFSA and the President of the Personal Data Protection Office; PPDPO), procedures for controls and urgent measures where AI poses immediate risks, and a complaints channel;
• a serious-incident reporting regime for high-risk AI systems and onward notifications to relevant national/EU authorities;
• a framework for notifying and overseeing conformity assessment bodies and for innovation support (regulatory sandboxes with SME access and transparency obligations); and
• concentration of judicial review before the Competition and Consumer Protection Court in Warsaw and an administrative fines regime aligned with the AI Act.

Separately, EU-level timelines already shape obligations irrespective of national transposition: prohibitions on certain AI practices are in force, and the high-risk/general-purpose AI (GPAI) regimes phase in through 2025–27. The Polish bill is intended to make these obligations enforceable domestically and to delineate institutional roles.

Beyond the draft framework bill, Polish authorities have not issued binding, comprehensive guidelines on the use of AI. Supervisors and watchdogs point firms to existing legal duties – the GDPR, sectoral conduct rules, outsourcing and operational resilience obligations, consumer protection, anti-discrimination norms, transparency and explainability requirements, and general administrative/civil law – and participate in consultations.

In practice, enforcement follows current frameworks where AI is used in regulated activities. Consequently, non-governmental organisations and think-tanks, such as the FinTech Poland foundation, are developing their guidelines and rules for the use of AI in the financial market. Such reports highlight both the opportunity in the use of AI by businesses and the challenge of introducing AI in a responsible and ethical manner.

Use of AI is monitored carefully by Polish supervisory authorities. Among others, the following bodies have already taken a stance.

• PPDPO: The PPDPO focuses on privacy and fundamental rights risks in AI training and deployment. It underscores lawful basis, purpose limitation and data minimisation, robust data protection impact assessments (DPIAs) for high-risk processing, safeguards against bias and discrimination, meaningful human oversight of automated decision-making, and protection of data subjects’ rights (transparency, access and limits on solely automated decisions). The PPDPO also highlights the security of processing across AI supply chains and the traceability of data and models.
• Financial Ombudsman (Rzecznik Finansowy): The Financial Ombudsman has not issued binding sector-wide AI guidance. Public messaging emphasises the explainability and intelligibility of AI-supported outcomes for retail clients, especially in underwriting, pricing, credit decisions and claims handling, linking explainability to the pre-existing duties of transparency, fair treatment and effective complaint handling. Firms should be able to provide clear reasons for outcomes and show that automated processes do not produce unfair discrimination,
• PFSA: The PFSA has not yet published comprehensive, binding AI guidance specific to the AI Act. It prioritises education, awareness and dialogue, including governance literacy and alignment with intersecting EU financial frameworks. Supervisory attention remains on operational and outsourcing risk (including model and data risk), the explainability of material models affecting customers and prudential outcomes, auditability and documentation, and effective board oversight. As AI Act obligations phase in, the PFSA’s expectations converge around risk management, data governance, testing and monitoring, logging and post-market surveillance.

In the absence of sector-specific, binding AI circulars, firms should map AI use cases to existing law and be ready to evidence compliance, including customer-facing explainability. The draft bill anticipates a powerful national AI authority with inspection and enforcement capabilities and structured co-operation with the PFSA and PPDPO, so co-ordinated inquiries and information-sharing should be expected. High-risk AI systems will need EU-level controls once the framework is enacted; institutions should inventory AI systems, assess potential high-risk classifications, implement risk and data governance controls, and plan for incident reporting and post-market monitoring. Regulatory sandboxes are expected to support compliant experimentation but will not displace baseline legal duties.

The draft bill is designed to dovetail with the AI Act’s phased application through 2026–27. Meanwhile, regulators are active in consultations and capacity-building. Until binding, sector-specific AI guidance is issued, supervisory focus will remain on existing legal frameworks and on documentation, explainability, fairness and governance around model use. Heightened scrutiny is likely as the national authority becomes operational and the EU issues further implementing measures.

Poland is widely considered as one of the leaders in digital transformation in the world of finance. Innovative solutions are being introduced in the areas of cashless payments and electronic banking. Financial market regulators, such as the PFSA, are also involved in promoting fintech solutions. Importantly, in Poland, banks are considered a core part of the fintech industry, and banking services therefore often remain at a similar level of innovation as fintech payment or lending services.

The Polish regulatory landscape demonstrates strong openness to innovation in regulated sectors such as banking and payment services. It actively promotes dialogue with market participants whilst applying the principles of proportionality and risk analysis. This permits the flexible adaptation of requirements to the specific needs of entities, whilst ensuring system stability. Consequently, the Polish regulatory framework supports the development of modern financial solutions, combining a pragmatic approach with a focus on market security and consumer protection.

At the same time, it must be noted that while the PFSA adopts an open and progressive approach to, for example, the payment services sector and regtech/insurtech/digitisation and automatisation in the financial market, as well as other innovative solutions, this does not imply that regulated fintech-related activities in Poland are entirely free from constraints. The PFSA’s unwavering focus on consumer safety requires entities to demonstrate, among other things, robust client authentication measures, sound internal controls and sufficient capital resilience.

Conducting Business in the Field of Innovative Payment Services in Poland

Payment services stand out as a leading sector profoundly influenced by fintech innovation. A significant portion of this dynamic market is now held by national payment institutions, whose numbers are systematically increasing, reflecting the ongoing shift and growth within this segment of the financial landscape.

Furthermore, Polish legislators have provided for the institution of small payment institutions, providing an alternative way to offer payment services. These entities benefit from less restrictive regulations; however, the scale of operations is much smaller than in the case of NPIs. This allows for the creation of controlled “entry points”, allowing for product-market fit testing with lower capital barriers and simpler procedures before the company decides to apply for a full NPI licence.

Navigating the Regulatory Framework of the Crypto-Market

Despite MiCA’s staged entry into force, Poland has yet to adopt the necessary national implementing legislation, creating a degree of legal uncertainty, particularly concerning the transitional arrangements for CASPs already operating in the market.

Consequently, the crypto-asset sector in Poland is predominantly perceived as a sphere that will demand rigorous control and robust supervision, rather than as fertile ground for testing new regulatory solutions or fostering rapid experimentation.

The PFSA’s Approach to Sandboxes and Regulatory Hubs

As part of the PFSA’s fintech initiative, the authority created a dedicated platform for entrepreneurs operating within the financial market, a highlight of which is the Innovation Hub Programme supporting the development of financial innovation (fintech), under which the PFSA conducts dialogue with entities that have designed, are developing or are planning to use technological solutions, products or services aimed at fostering innovation in the financial market, while also being subject to PFSA supervision. The PFSA also provides guidance regarding recommendations and guidelines for staying compliant with applicable regulations in the Polish market.

Additionally, the PFSA offers solutions supporting the technological aspects of financial innovation, such as the Virtual Sandbox. This testing environment allows for the simulation of selected functionalities and services offered in the financial market. Test participants using the Virtual Sandbox gain access to IT infrastructure, allowing them to verify their business assumptions in the controlled conditions of the testing environment. To gain access to the Virtual Sandbox, businesses should consult their material on enhancing financial services within the Innovation Hub and then test their ideas in practice in the Virtual Sandbox.

The PFSA, the Ministry of Finance (Ministerstwo Finansów) and the Ministry of Development (Ministerstwo Rozwoju) appointed the Special Task Force for Financial Innovation in Poland (fintech). The aim of the Task Force is to identify legal, regulatory and supervisory barriers to the development of financial innovations (fintech) in Poland and to prepare proposals for solutions that could eliminate or reduce the identified barriers.

There are also non-governmental solutions in Poland whose objective is to enhance the technological progress of the financial market, including the FinTech Poland and Cashless Poland foundations. FinTech Poland works towards representing the interests of market users and businesses in the Polish fintech market, mainly through obtaining legal opinions on the application of relevant legislation, while Cashless Poland helps everyday businesses offer cashless payment solutions through providing payment terminals or establishing payment gateways.

The PFSA’s Approach to Vulnerable Customers and Guidelines/Positions Issued to Date

Polish supervisory authorities usually take a clear consumer-oriented stance. Services related to crypto-assets, payment services or consumer credit (including under the buy now, pay later model) remain within the purview of supervisory authorities such as the PFSA or OCCP. When implementing new solutions in the financial services sector, Polish supervisory authorities usually consider consumer-related risks first and foremost, and require supervised institutions to have appropriate security measures in place.

For instance, the PFSA has classified services related to crypto-assets as carrying significant risk and warned consumers against investing their savings in them. Among other things, the PFSA has connected the crypto-asset market to dangers such as high volatility, cybercrime, lack of transparency, false advertisements and manipulative actions.

Similarly, the OCCP takes cautionary actions against consumers abusing functionalities of e-commerce businesses such as “buy now pay later” options, which are effectively very similar to consumer credit agreements and may result in the consumer becoming indebted.

The PFSA’s comprehensive oversight also extends broadly to the insurance market, with a particular focus on products incorporating a capital element. The Authority actively addresses concerns in this area by issuing a range of publications that detail restrictions and specify appropriate distribution methods for such products within the Polish financial market. This proactive engagement underscores the PFSA’s commitment to ensuring clarity, consumer protection and sound market practices across all facets of financial services.

On 28 June 2025, the Polish Act of 26 April 2024 on ensuring the fulfilment of accessibility requirements for certain products and services by economic operators, also referred to as the “Polish Accessibility Act”, came into force, implementing the requirements of the European Accessibility Act (Directive 2019/882).

The Polish Accessibility Act defines the scope of products and services subject to its provisions, as well as the economic operators required to comply with it. The Act sets out requirements for services such as consumer credit, mortgage credit, brokerage and electronic money/payment services. The accessibility requirements, which must be met by these products and services, outline the obligations of economic operators to ensure compliance therewith.

Furthermore, the Act establishes system principles and procedures for market supervision in the area of accessibility, ensuring that products and services placed on the market meet the standards necessary to support equal access for all users, including persons with disabilities. The Act applies to a wide range of services and products, including:

• automated teller machines (ATMs) and cash deposit machines (CDMs);
• retail banking services, telecommunications and e-commerce platforms;
• payment terminals, self-service terminals dedicated to the provision of services covered by the Act, ticketing machines and check-in machines; and
• interactive terminals designed to provide information, except for terminals installed as integrated parts of motor vehicles, aircraft, ships and railway rolling stock.

The Act imposes obligations on manufacturers, importers, distributors and service providers to ensure that their offerings are accessible. Service providers may offer or provide services using products that do not meet accessibility requirements until 28 June 2030, if these products were used to offer or provide the same type of services before the effective date of the Act.

Terminals that do not meet the accessibility requirements and were used by service providers to offer or provide services before the effective date of the Actmay continue to be used to offer or provide the same type of services until the end of their economic life, but for no longer than a period of 20 years from the date they were first used.

The new accessibility regulations require that all product information – such as instructions, labels and warnings – should be communicated in a clear and accessible manner, using more than one sensory modality and with readable fonts, appropriate contrast and spacing. Instructions provided outside of the product (eg, on a website) must include alternative formats for non-text content, descriptions of the users’ interface and information about compliance with accessibility requirements. The product itself, including its user interface, must support communication and operation regardless of the user’s sensory, motor or cognitive limitations, offering alternatives to speech, colour and sound and compatibility with assistive technologies. Terminals must additionally include speech synthesis in the interface language, provide immediate access to accessibility features and have high-contrast buttons

In practice, this has involved adapting websites, mobile applications, ATMs and customer service channels to meet functional accessibility standards such as perceivability, operability and understandability. Institutions have had to revise consumer and supplier documentation, assess compliance gaps and establish internal processes for ongoing monitoring. Additionally, they were required to prepare public-facing declarations of conformity, ensure accessible formats for all communications and engage with regulators to address potential non-compliance risks. These efforts have not only supported legal compliance but also promoted inclusive service delivery across the financial sector.

Shadow banking may be defined as a network of financial intermediaries that conduct maturity, credit and liquidity transformation without being subject to banking regulation and do not have formal access to central bank liquidity or public sector credit guarantees.

Shadow banking entities offer financial services that resemble banking services and products, but they cannot perform activities such as accepting deposits, which are reserved for licensed banks that are supervised by the PFSA. It should be noted that whoever offers banking services without supervisory approval may be subject to a financial penalty of up to PLN20 million and imprisonment for up to five years.

As of 1 January 2024, lending institutions that offer consumer credit have been subject to supervision by the PFSA. Far from operating in an unregulated grey area, however, these entities are explicitly authorised by the PFSA to engage in consumer lending, with individual loan amounts capped at PLN255,550,00. Crucially, their operational scope is strictly limited; they are unequivocally prohibited from conducting the broad spectrum of financial activities reserved exclusively for licensed banks (or credit institutions operating in Poland on a cross-border basis or through a branch). This clear distinction underscores a regulated, albeit specialised, segment of the financial market.

Accordingly, on its website, the PFSA publishes and constantly updates a list of public warnings, which contains, among others, entities whose activities have raised suspicion that they may be acting illegally. This may concern entities such as “parabanks”, as described in the foregoing, should they perform services constituting the collection of funds (accepting deposits), where such activities are limited to credit institutions that have acquired a licence from the PFSA or another EU member state.

The process of obtaining a licence to conduct supervised activities on the financial market is not uniform and varies depending on the scope of activities that the company is planning to perform.

The licensing procedure is outlined both in statutory acts and delegated regulations (considering that additional obligations may derive from specified EU regulations).

The process of obtaining authorisation to conduct business activities in the financial market usually takes the form of an administrative proceeding conducted before the PFSA. This means that the proceedings are time-limited, both for the applicant (given the limited time for submitting documents or additional responses and/or explanations required by the PFSA) and for the supervisory authority, which is obligated to deliver its decision within the time specified by law.

The licensing process typically involves preparing a comprehensive set of documents, including business plans, organisational structures and compliance procedures, followed by a formal application to the PFSA.

The process can be quite complex, given that the authority, in most cases, usually verifies issues such as:

• the applicant’s financial situation;
• the education and experience of the individuals who are to perform management and supervisory functions in the company; and
• the draft documents necessary to start performing dedicated activities after obtaining the licence (where the required degree of detail varies depending on the type of authorisation). If the PFSA deems it necessary, it may also ask for additional documents to assess the legal and financial situation of the applicant.

The exact time taken to issue and deliver the decision granting a licence to perform regulated services depends on the legislation governing each proceeding and the current situation of the financial market (eg, if new financial market regulations come into force, coupled with a simultaneous peak in licence applications, the authorisation process may take significantly longer).

The general rule in licensing proceedings is that, after receiving the notification, the PFSA determines whether it contains all the required documents. If the regulator determines that the application is incomplete, it may call upon the applicant to supplement it in a given time period. After all the requirements are met, the PFSA confirms that the notification is complete. If any information needed to make a judgement as to the applicant’s standing is missing, the PFSA may call upon the applicant for further explanations or documents, during which time the issuance of decisions is suspended.

The total time taken to obtain a decision may be approximately 12 months, depending on the difficulties and complexities of the proceeding (this period may be extended in cases where, for example, a wide range of products forms part of the business plan, although in simpler cases it may also be shorter).

In the banking sector, the procedure is governed by the Banking Law, requiring a two-step process: permission to establish a bank and permission to commence operations. The process may take several months and involves submitting a comprehensive set of documents, including a business plan, governance structure and proof of IT readiness.

For payment institutions, the licensing process is governed by the Payment Services Act and may take 12 months or more. Applicants must demonstrate operational readiness, IT security compliance and capital adequacy. The PFSA charges registration fees, which vary depending on the institution’s size and scope of services.

Direct (personal) supervision applies mainly to members of the management boards and supervisory boards of financial entities. In particular, in the case of banks, individuals must fulfil a number of obligations and be approved by the PFSA to assume certain positions within the management body of a supervised entity. The scope of competencies varies depending on the entity, but as a rule, the PFSA assesses the appropriateness of a candidate based on the following information, evidence of which should be presented to the PFSA:

• sufficient education, competencies and professional experience to fulfil a role in a corporate body of the regulated entity;
• previous roles held in other supervised entities;

• criminal penalties or ongoing criminal proceedings;

• other court proceedings;
• knowledge of the Polish language; and
• other circumstances that may influence the assessment of the candidate’s appropriateness.

Furthermore, members of the management board of certain supervised entities on the financial market may be subject to administrative penalties imposed by the PFSA.

Beyond their overarching strategic and operational duties, members of management boards within financial market entities are often required to assume specific, additional roles stemming from stringent regulatory demands. For example, banks, payment institutions, and investment firms are typically obliged to designate a dedicated management board member whose primary responsibility is to oversee thorough implementation of the AML Act provisions throughout the organisation, acting as a key figure in ensuring the entity's compliance as a designated, obliged institution. Accordingly, members of the management board of financial institutions are subject to general corporate responsibility requirements, in accordance with the Code of Commercial Companies.

The financial sector in Poland will undergo many challenges in the coming year. Among other things, several legal acts are currently being subjected to the legislative process, including the following.

• The draft AI Act, which will add an additional layer of AI-related regulatory requirements to the Polish legal system:
1. establishment of a national AI market surveillance authority and single EU contact point with investigative and corrective powers, including inspections, decisions and administrative fines;
2. formal co-operation mechanisms with sectoral regulators (including the PFSA and PPDPO), procedures for controls and urgent measures where AI poses immediate risks, and a complaints channel;
3. a serious incident reporting regime for high-risk AI systems and onward notifications to relevant national/EU authorities;
4. a framework for notifying and overseeing conformity assessment bodies and for innovation support (regulatory sandboxes with SME access and transparency obligations); and
5. concentration of judicial review before the Competition and Consumer Protection Court in Warsaw and an administrative fines regime aligned with the AI Act.
• EU Anti-Money Laundering Regulation (AMLR) implementation – the AMLR is designed to significantly enhance and harmonise the framework for combatting money laundering and terrorist financing across the EU:
1. it is intended that the AMLR will establish a single, directly applicable rulebook for obliged entities across the EU, thereby replacing existing national variants (including the Polish AML Act) and ensuring a consistent approach;
2. it will introduce more stringent and harmonised requirements for customer due diligence, including mandatory enhanced verification of beneficial ownership information against centralised registers, particularly for complex structures; and
3. the regulations will provide a framework for improved information-sharing mechanisms between financial intelligence units (FIUs) and supervisory authorities, while also granting the new Anti-Money Laundering Authority direct supervisory powers over certain high-risk obliged entities.
• The draft Act on Crypto-Asset Market, which will clarify certain requirements indicated in MiCAR:
1. the PFSA will be the main supervisor of entities operating within the crypto-asset market;
2. CASPs operating under a MiCAR licence will be obliged to maintain professional secrecy; and
3. CASPs will be obliged to meet the reporting obligations of the PFSA (concerning, among other things, the financial situation of the entity).

On a separate note, currently, there are numerous legislative initiatives in the EU that will either directly or indirectly affect Polish regulations, including:

• the Financial Data Access Regulation (FiDAR), which aims to establish a framework for open finance in the EU, enabling consumers and businesses to share their financial data securely with third-party providers (financial information service providers; FISPs) in a controlled and permissioned manner – this will promote innovation, competition and new financial services; and
• the PSD3/Payment Services Regulation (PSR), which will complete the existing extensive framework of regulations concerning payment services in the EU.