Banking & Fintech /

Risk assessment of an obliged institution – new GIFI notice


Notice from the General Inspector of Financial Information


Banking and Payment Services experts of our Law Firm in Poland informs that on January 14, 2022, the General Inspector of Financial Information (hereinafter: „GIFI„) issued a notice number 36 on risk assessment of an obliged institution.

Under the Article 27 of the Law on On Combating money laundering and the financing of terrorism (Journal of Laws of 2021, item 1132, hereinafter: „UAML”), obliged institutions shall identify and assess the money laundering and terrorist financing risks relating to their activities, taking into account risk factors concerning customers, countries or geographic areas, products, services, transactions or their delivery channels. These activities shall be proportionate to the nature and size of the obligated institution.

The GIFI highlights the obligation to document the identified risk of money laundering and terrorist financing related to the business relationship or to the occasional transaction and its assessment. The principles of documenting the risk should be described in the internal AML and terrorist financing procedure („AML procedure„).


GIFI practical recommendations


The GIIF notes the following:

  1. the obliged institution assesses 2 types of risks – (i) a „general risk assessment” related to money laundering and terrorist financing relating to the obliged institution’s general activities and (ii) an „individual risk assessment„, which relates to the identification and assessment of money laundering and terrorist financing risks related to the obliged institution’s specific and individual business relationship with a customer or a specific and individual occasional transaction,
  2. conclusions resulting from individual risk assessments should influence ongoing updates of the overall risk assessment,
  3. when assessing risk it is worthwhile to follow the position of the Polish Financial Supervision Authority of 15 April 2020 (link),
  4. the overall risk assessment must be adjusted to the nature and scope of activities carried out by the obliged institution,
  5. using general templates without adjusting them precisely to the specific and individual character and scope of activities exposes the obliged institution to accusations of failing to comply with the statutory obligation.

The content of the GIFI’s notice is available on the website:

Author team leader DKP Legal
check full info of team member: Aleksandra Walas

Contact us

Młyńska 16
61-730 Poznań
+48 61 853 56 48[email protected]
Rondo ONZ 1
00-124 Warsaw
+48 22 300 16 74[email protected]
Swobodna 1
50-088 Wrocław
+48 61 853 56 48[email protected]
Opolska 110
31-355 Kraków
+48 61 853 56 48[email protected]
Jana Sobieskiego 2/3
65-071 Zielona Góra
+48 61 853 56 48[email protected]