Limited effectiveness of Anti-Money Laundering and Combating the Financing of Terrorism System in Poland

Audit no. P/24/010/KBF

Poland is among ten European countries with the highest risk of money laundering and terrorism financing. NIK decided to evaluate effectiveness of the national system which is to fight these phenomena. The audit revealed that the system did not always function properly or reliably. Legal and organisational gaps, even irregularities were identified in the activities of the Minister of Finance and the General Inspector of Financial Information as well as other entities obliged to control the implementation of statutory duties placed on obligated institutions. The auditors found several months’ delays in developing strategic documents, irregularities related to the government’s legislative work and the lack of audits in associations and foundations. NIK criticised the processing of suspected activity reports, delayed and lengthy administrative proceedings to impose fines and the absence of effective measures with regard to increased risk of money laundering and terrorism financing after Russia’s aggression against Ukraine and related rise in cash flow.

According to the Basel AML Index 2022, in the 11^th Public Edition Ranking on money laundering and terrorism financing risks around the world, Poland took 9^th place out of 31 European countries, becoming one of ten countries with the highest risk of money laundering and terrorism financing in Europe.

The key objective of the NIK audit was to assess how the General Inspector of Financial Information (GIIF) and other inspection entities carried out tasks related to counteracting money laundering and terrorism financing. NIK audited 16 entities: in the Ministry of Finance (MF), the National Bank of Poland (NBP), the Polish Financial Supervision Authority (KNF), four tax and customs offices and four courts of appeal, three province governor's offices, the Municipal Office of the Capital City of Warsaw and the District Office in Lublin.

The AML/CFT System  – a weapon in the fight against money laundering and terrorism financing

The Anti-Money Laundering/Combating the Financing of Terrorism System in Poland is made up of the minister responsible for public finance, the General Inspector of Financial Information, cooperating units, entities other than GIIF which exercise control over obligated institutions and the obligated institutions themselves. Also, there is the Financial Security Committee in place to support the General Inspector by providing their opinion and advice on the AML/CFT.

The key legal act which defines the principles and the mode of the system functioning is the Act on Anti-Money Laundering and Combating the Financing of Terrorism (AML/CFT Act). It imposes an obligation on specific entities to verify if the obligated institutions discharge their duties in the scope set out in the Act. Apart from the General Inspector of Financial Information this control is exercised, among others, by: the President of the National Bank of Poland in relation to the entities running exchange bureau activity in the light of the Foreign Exchange Law Act, KNF in relation to the institutions under its supervision, presidents of the courts of appeal in relation to notaries, heads of tax and customs offices in relation to obliged institutions controlled by those bodies as well as province and district governors in relation to associations and foundations.

NIK stands in a position that effectiveness of the AML/CFT system from 1 January 2022  to 30 June 2024 was insufficient.

National Risk Assessment – two years’ delay

The General Inspector of Financial Information developed two editions of the National Risk Assessment on money laundering and terrorism financing. The Minister of Finance signed the first edition in 2019 and the second one in 2023. Both national risk assessment projects received positive opinions of the Financial Security Committee and both contained elements required by the Act. The second edition was prepared with over 2 years’ delay, though. Therefore, requirements laid out in the AML/CFT Act were not met.

In the 2023 edition of the national risk assessment (NRA) on money laundering and terrorism financing the money laundering risk in Poland was assessed as high at its minimum, i.e. at level 3 in a 4-level scale. Potential benefits from illegal operations were also estimated in the document: 3.3% of GDP. It means that the money laundering risk in that area was evaluated as very high.

Long-term preparations and delays in implementing the ALM/CFT strategy

The General Inspector of Financial Information developed a draft AML/CFT strategy corresponding to the NRA of 2019 only 13 months after it had been signed by the Minister of Finance. The Supreme Audit Office criticised the fact that a big part of activities set out in the strategy were not carried out, in particular those related to the optimisation of activities in the field of operational analyses and legal regulation of the issue of supervision over online currency exchange services. NIK also negatively assessed the fact that by 24 December 2024 the Inspector General had not developed a draft AML/CFT strategy for the national risk assessment of 2023, which reduced effectiveness of the system.

Online bureaux de change without supervision

NIK negatively assessed the Minister of Finance’s failure to take effective measures to regulate operations of online bureaux de change and supervise them, despite his declarations that it would be justified. As a result, despite having been obligated institutions since 2013, the online bureaux de change were not covered by the AML/CFT control either by the President of the National Bank of Poland or the Polish Financial Supervision Authority. Already in its audit report in 2015, NIK pointed out that the area in question was not regulated. In their correspondence to the Minister of Finance, the National Bank of Poland and the Commissioner for Human Rights have repeatedly highlighted the need to standardise those entities’ operations and to establish supervision over them. It was only in the draft act on the crypto-asset market of 2024 that a draft amendment to the Foreign Exchange Law, which regulated the operations of entities providing non-cash currency exchange services, was included. By the end of 2024, the Minister of Finance had not submitted the draft for public consultation or to be reviewed by the Council of Ministers.

Lengthy processing of reports

The effectiveness of the AML/CFT system was adversely affected by the significant lapse of time from the receipt of some of the reports of suspicious transactions and suspicious activity to the date of their qualification for further analysis. The number of reports received by the GIFI from 1 January 2022 to 30 June 2024 and "awaiting assignment to the case" or "awaiting classification" as of 17 July 2024 accounted for nearly 45% of the total reports. As a result of a random selection of a sample of 20 reports, from those waiting the longest, NIK determined that the  average number of days that passed from the receipt of a report to its qualification for analysis was at least 338 working days (490 calendar days).

The above means that no effective analysis of suspicious transaction and activity reports has been ensured. Also, no solutions have been developed to reduce the time needed to carry out the initial analysis of reports, and no detailed scope of activities for the initial and operational analysis has been defined.

Significant delays in proceedings

From the beginning of 2022 to 30 June 2024, GIIF initiated administrative proceedings to impose fines after a significant lapse of time, i.e. after an average of 360 days (nearly one year) from the end of the audit. It is worth noting that out of the 39 proceedings conducted at that time in the first instance, four were initiated after two years and four months on average, from the end of the audit. In the case of three proceedings, prosecution for identified violations was partially time-barred. As a result of these statutes of limitations, no fine was imposed on the entities for all the violations found. NIK has pointed out that initiating proceedings by the GIIF after a significant lapse of time and long-term, sometimes even lengthy, proceedings reduce effectiveness of the AML/CFT system.

Staff shortages and hiring unqualified persons

In the audited period, the Minister of Finance did not ensure proper organisational and technical conditions, i.e. required human and IT resources that would enable GIIF to carry out its tasks efficiently and effectively.

NIK stands in a position that  personnel changes involving the replacement of almost all staff and the employment of new persons without inspection or audit qualifications in place of experienced auditors could have limited the possibility of conducting a bigger number of audits.

Uncontrolled cash inflow from Ukraine

Under the EU law, each Member State establishes a Financial Intelligence Unit (FIU) to prevent, detect and effectively combat money laundering and terrorism financing. In Poland, the tasks of a FIU are implemented by the General Inspector of Financial Information, which has not taken effective measures with regard to an increased risk of money laundering and terrorism financing following Russia's aggression against Ukraine and the resulting massive influx of the Ukrainian population to Poland and the accompanying cash flow. GIIF has not developed guidelines, recommendations or instructions for the entities laid out in the Act or obligated institutions. Although the risks of money laundering and terrorism financing being an outcome of the ongoing aggression of the Russian Federation against Ukraine have been identified, its activities have focused primarily on combating the financial exclusion of refugees from the banking system. That was to avoid a situation in which Ukrainian citizens would be outside the financial circulation, as this would create the risk of problems related to unlicensed entities filling the gap in the market.

GIIF conducted analyses on the inflow of funds from Ukraine and cooperated with the Ukrainian FIU. The element of threat and vulnerability resulting from the aggression against Ukraine was highlighted in the National Risk Assessment (NRA). According to NIK, though, the increase in the money laundering and terrorism financing risk in the said circumstances required taking action, such as preparing recommendations and guidelines for specified entities concerning an in-depth analysis of that risk. In addition, the NRA was not developed until November 2023, i.e. 21 months after Russia's attack on Ukraine.

Recommendations

De lege ferenda proposals to the Minister of Finance:

• four proposals to take action to regulate the issue of  auditing foundations and associations in terms of the AML/CFT,
• taking action to cover the so-called online bureaux de change with industry supervision,
• taking legislative work to implement a mechanism in the Polish legal system for temporary retention of funds by way of an administrative decision.

De lege ferenda proposals to the Minister of Finance in cooperation with the Minister of Justice to take measures:

• to regulate the issue of auditing foundations and associations in terms of counteracting money laundering and terrorism financing,
• to involve the Minister of Justice in auditing notaries, under the AML/CFT Act.

Other system recommendations to the Minister of Finance:

• setting deadlines for the so-called dynamic obligated institutions, in particular those referred to in the AML/CFT Act, to fulfil their duties,
• GIIF should provide instructions and guidelines to entities set out in the AML/CFT Act in connection with the increased risk of money laundering and terrorism financing as a result of a massive influx of immigrants and refugees to Poland,
• developing effective solutions to shorten the time from the date of receipt of suspicious activity reports by the Financial Information Department of the Ministry of Finance to the date of their initial analysis,
• ensuring that the work of the Financial Information Department of the Ministry of Finance is organised in such a way as to initiate administrative proceedings to impose fines due to irregularities found in the AML/CFT area without undue delay and to prevent the lengthiness of these proceedings,
• intensifying works related to the implementation of the GIIF 2.0 IT System project along with the implementation of goAML software/ application,
• the Director of the Financial Information Department of the Ministry of Finance should provide training on the audit, control and compliance methodology for employees performing control activities in obligated institutions and selecting candidates for work in the Control Department with competences in the said areas.

Other system recommendations to the Minister of Justice:

• taking steps to extend the functionality of the Department Support System for the National Court Register (SOW KRS) and the KRS search engine – to enable the search for associations and foundations supervised by a specific authority.