Banking sector, AML & Fintech: Key Changes of 2025 in Poland & EU
Banking Sector in Poland in 2025
In the banking sector, the most significant regulatory changes focus on harmonizing EU regulations and adapting to modern technological and market challenges.
- EU CRD VI Directive and CRR III Regulation: These amendments address capital prudential requirements for banks, aiming to implement Basel III standards within the European Union. These regulations strengthen bank stability and resilience to financial crises. They include new capital requirements, improved risk assessment, and stricter reporting obligations.
- Digitalization and Cybersecurity: The implementation of DORA (Digital Operational Resilience Act), which will take effect in January 2025, imposes obligations on banks and financial institutions regarding operational risk management and cybersecurity. Banks must develop robust procedures for IT system testing, incident reporting, and cooperation with technology service providers.
- PSD3 and PSR: Work is underway on the new version of the Payment Services Directive (PSD3) and the accompanying Payment Services Regulation (PSR). These aim to enhance transparency in payment services and tighten transaction security requirements. Key changes include new rules for transaction authorization, consumer protection measures, and advancing open banking to a higher level.
AML (Anti-Money Laundering) in 2025
- 6th AML Directive and the Creation of AMLA: The 6th AML Directive, introduced alongside the establishment of the European Anti-Money Laundering Authority (AMLA), will be pivotal for ensuring consistent supervision of financial institutions and obliged entities across the EU. AMLA will assume direct oversight of high-risk entities and focus on improving the efficiency of cross-border cooperation.
- Changes to Polish AML Regulations: In Poland, the AML Act is expected to be expanded to include new provisions regarding the financing of the proliferation of weapons of mass destruction (WMD). The amendments will also introduce more detailed requirements for the General Inspector of Financial Information (GIIF) and obliged entities, including adjustments to risk assessment procedures.
- EBA Guidelines on Sanctions: Starting December 30, 2025, financial institutions, payment service providers (PSPs), and crypto-asset service providers (CASPs) will be required to implement new EBA guidelines for fulfilling sanction obligations. These guidelines impose specific requirements concerning IT systems, data analysis, alerts, and customer screening processes. A particular emphasis is placed on integrating AML/CFT processes with the new sanction procedures.
The EBA document sets out two main categories of guidelines:
- For financial entities supervised by the EBA,
- For payment service providers (PSPs) and crypto-asset service providers (CASPs).
The key areas covered in the guidelines include:
- Incorporating sanctions into the organizational structure of financial entities,
- Developing internal policies and procedures tailored to sanction compliance, with a focus on integrating existing AML/CFT processes,
- Specific requirements for PSPs and CASPs, such as:
- IT systems used for data monitoring and analysis,
- Managing alerts, screening customers and transactions for applicable sanctions,
- Reporting violations and implementing outsourcing procedures.
The integration of sanction obligations with AML/CFT procedures enhances regulatory compliance and improves the effectiveness of systems designed to prevent violations at both national and EU levels. The new guidelines will require significant operational and technological adjustments from financial institutions and fintech companies. These changes align with broader regulatory reforms aimed at strengthening supervision over financial flows and combating money laundering and terrorist financing.
Fintech Regulation in Poland in 2025
The fintech sector is undergoing dynamic regulatory changes driven by the need to govern new financial technologies, crypto-assets, and ensure customer security.
- Crypto-Asset Regulation (MiCA): The Markets in Crypto-Assets Regulation (MiCA), set to come into force in 2024, introduces uniform rules for firms offering crypto-asset-related services. Key aspects include investor protection, requirements for transparency in token issuance, and supervision of trading platforms.
- New Requirements for PSPs and CASPs: Payment Service Providers (PSPs) and Crypto-Asset Service Providers (CASPs) will be required to implement transaction monitoring systems and risk analysis processes in line with EBA guidelines. These regulations emphasize procedures such as screening, alert reporting, and outsourcing principles.
- AI in Fintech: The implementation of the AI Act in the EU is crucial for fintech companies utilizing artificial intelligence algorithms. These regulations introduce AI risk classifications, requirements for high-risk systems, and new standards of accountability for AI-driven decisions. Fintech firms will need to adapt their algorithms to comply with these new rules, particularly in areas like lending, credit scoring, and risk analysis.
The upcoming changes in the banking, AML, and fintech sectors aim to enhance the security, transparency, and stability of the financial market while adapting to new technological and regulatory challenges in Poland and Europe. These reforms also address emerging threats such as financial crime and uncontrolled AI applications.
Join our newsletter and keep up to date with important developments and news in the Fintech industry.