Payment and lending institutions today face increasing challenges in the area of anti-money laundering (AML). The growing importance of crypto-assets, new criminal schemes, and regulatory changes in the European Union make the proper application of AML procedures crucial for the security of organizations. On October 8, 2025, a webinar was held, led by attorney at law Monika Macura, on anti-money laundering in financial institutions. In this article, we briefly summarize the most important conclusions and practical tips presented during the meeting, which may help payment and lending institutions to more effectively fulfill their AML obligations.

Current regulatory landscape

In 2025, financial institutions are seeing an intensification of controls and changes in regulations. The Polish Financial Supervision Authority (KNF) is conducting numerous control proceedings, identifying areas for improvement. At the same time, an EU regulation is coming into force which, from 2027, will harmonize the anti-money laundering system across the EU and introduce a new supervisory authority, the AMLA, with powers to inspect and impose penalties.

Customer identification and verification

The basic obligation of every institution is to correctly identify the customer and the beneficial owner. In the case of natural persons, this is usually the same data, while for legal persons, the process requires collecting information about the ownership structure and shares in the company. The KNF points out that institutions often do not apply financial security measures proportionate to the customer’s risk. As a result, the same procedures are applied to everyone, regardless of the level of risk, which is not in line with regulatory requirements.

Customer risk assessment

The risk assessment should consider, among other things:

• the type of customer and their capital links,
• the products and services they use,
• the manner of establishing business relationships,
• links with high-risk countries, and PEP status (politically exposed persons).

Customers should be segmented according to their level of risk, and financial security measures should be tailored to this assessment, ranging from simplified to enhanced. Risk monitoring and review should be carried out on a regular basis and when unusual events occur, such as large transactions or changes in the way services are used.

Transaction monitoring and analysis

Customer monitoring is not only periodic verification, but also analysis of current transactions for suspicious operations. Many institutions do not have analytical tools to support this process, which increases the risk of non-compliance and failure to respond to potential money laundering cases. A negative monitoring result or the inability to carry out monitoring may result in the termination of the customer relationship and the submission of a SAR report to the General Inspector of Financial Information.

AML documentation and procedures

The Polish Financial Supervision Authority (KNF) points out that AML procedures in many institutions are vague, outdated, and do not take into account actual customer segments or the manner in which relationships are established. There is a lack of evidence of implementation of procedures and training, and the documents are inconsistent and often do not work in practice. Good practices include:

• developing procedures tailored to the specific nature of the institution,
• detailed customer onboarding instructions,
• rules for identifying the beneficial owner, verifying documents, and assessing risk,
• procedures for monitoring and reporting suspicious transactions,
• a training system for employees, including management.

Training and the role of management

AML training is a key element of the anti-money laundering system. It should be tailored to the level of knowledge of employees and management board members. Insufficient training results in procedural errors and decisions that are contrary to accepted standards. The Polish Financial Supervision Authority recommends conducting initial, periodic, and dedicated training for management.

Implementing an effective AML system

Financial institutions should regularly review procedures, monitor customers, and document all activities. An independent internal review and updating of procedures in the context of new products and methods of establishing customer relationships constitutes proof of due diligence to the supervisor.

How to increase security in your organization

An anti-money laundering system requires the involvement of all departments, including management and AML specialists. Effective customer identification, risk assessment, transaction monitoring, and process documentation are the fundamental pillars of institutional protection. Implementing these practices minimizes the risk of violations and sanctions.

We invite you to familiarize yourself with the full range of our support for companies providing payment services, and if you have any questions, please contact our attorney at law Monika Macura, who advises financial institutions on the creation and implementation of effective anti-money laundering procedures.