Poland

Identity Verification & KYC For Poland

Q: What KYC documents are required in Poland for individuals?

Polish KYC requires Dowód Osobisty (national identity card, valid 10 years), Polish Passport, or Karta Pobytu for non-EU/EEA nationals. Each verified against issuing authority records or via NFC chip. Remote verification supported via mojeID digital identity confirmation and liveness-verified selfie.

Q: What is the Anti Money Laundering Act in Poland and who must comply?

Poland's AML/CFT Act of 1 March 2018 transposed EU AML Directives IV, V, and VI. Obligated institutions include banks, payment firms, investment firms, insurers, real estate brokers, lawyers, notaries, accountants, crypto operators, and corporate service providers. Non-compliance incurs GIIF investigation and administrative penalties.

Q: How does online identity verification work with Dowód Osobisty in Poland?

Online identity verification via Dowód Osobisty uses NFC/RFID chip reading via mojeID, facial biometric scan via eDO App with liveness detection, or QR code scanning within mObywatel. Non-NFC devices fall back to document-only verification with liveness-verified selfie matching. GDPR Article 32 encryption applies throughout.

Q: What is KYB verification and why is it required in Poland?

KYB confirms Polish business entity legal status, beneficial ownership, and compliance fitness under the AML Act and KNF guidance. Process includes KRS Extract validation (legal capacity), NIP and REGON cross-reference, and CRBR Extract verification of beneficial owners with more than 25% control.

Q: How does CRBR beneficial owner verification work for Polish companies?

CRBR is Poland's public beneficial ownership register operated by the Ministry of Finance. Companies declare ultimate beneficial owners with more than 25% control within 7-14 days of registration. Obligated institutions verify CRBR entries; discrepancies are documented. Non-registration penalties reach PLN 1,000,000.

Q: What is the GIIF reporting system and when must suspicious transactions be reported?

GIIF operates SI*GIIF, an electronic STR reporting system. Obligated institutions report suspicious activity without delay and all transactions above EUR 15,000. GIIF acknowledges receipt within 7 days. Accounts may be frozen for 96 hours, extendable to 6 months by prosecutor order.

Q: What is PESEL and how does it support KYC in Poland?

PESEL is Poland's 11-digit national identity number, unique per individual, encoding date of birth and gender. It appears on Dowód Osobisty, Paszport, and Prawo Jazdy. Shufti cross-references PESEL during identity verification to confirm consistency with official registries and detect identity theft or multi-accounting.

Q: How do GDPR and AML data retention obligations interact in Poland?

GDPR Article 17 right to erasure does not apply during AML-mandated retention. Poland's AML/CFT Act requires 5-year retention of KYC documents and transaction records. GDPR Article 6(1)(c) provides lawful basis for AML processing. UODO enforces compliance; violations may incur fines up to EUR 20 million.

Q: Can mDowód digital ID be used for remote KYC verification in Poland?

mDowód is a digital Dowód Osobisty stored on a smartphone, enabling QR code scanning for identity confirmation when the physical card is unavailable. It requires the mObywatel app and NFC capability. Shufti accepts mDowód during remote onboarding with liveness verification and NFC chip validation where available.

Shufti delivers KYC and KYB in Poland, online identity verification, and AML system in Poland compliance. Fully aligned to the anti-money laundering act and KNF standards.

Operational performance for Poland KYC

Our Numbers Speak Volumes

99.23%

Pass rates

< 5 sec

Verification
Time

99%

EIDV
Coverage

Evidence-Ready Checks Across People & Businesses

Individual Documents We Verify

Shufti supports 18 Polish identity document types used in domestic and cross-border KYC.

View All Supported Documents

National ID Card

Primary identity document for Polish citizens resident in Poland. Shufti supports older and current card formats seen in onboarding and regulated domestic KYC checks.

Passport

Polish biometric passport used for travel, fallback identity checks, and cross-border onboarding. MRZ and biographic fields support structured extraction and matching.

Driver’s Licence

EU-style photo licence used as supporting identity evidence. It helps confirm name and date of birth when a national ID is unavailable, but it is not the main KYC anchor.

Residence Permit

A residence card used by foreign residents in Poland. It supports identity and residence-status checks for non-citizens onboarding across financial, telecom, and employer-linked flows.

Temporary Residence Card

Commonly used by non-EU nationals living in Poland. It helps confirm identity and lawful temporary stay during its validity period in regulated onboarding journeys.

Including EU Blue Card

Covers residence-card cases issued under specific permit routes, including highly qualified work pathways. Used where residence basis affects onboarding risk or product eligibility.

mObywatel Digital ID

An official electronic identity document used in Poland, including in banks. It supports domestic identity proofing, but it is not a travel document and does not replace passports abroad.

Business Entity Identity

KRS Extract

Court-verified extract for incorporated entities. Confirms legal name, registration status, legal form, address, directors, and other core facts used in Polish KYB checks.

CEIDG Record

Official record for sole traders and civil-law business activity. Used to confirm business identity, activity status, address, and proprietor details during onboarding.

Articles Or Constitutional Documents

Supporting corporate documents are used when registry data alone is not enough. They help confirm formation terms, governance structure, and authority rules in higher-risk reviews.

Business Tax Identity

NIP Certificate

Core tax identifier used in Polish business onboarding. Supports entity validation, tax registration checks, invoicing controls, and consistency across registry and screening records.

VAT Status Evidence

Used to confirm VAT registration and tax standing for active businesses. Helps validate counterparties, billing relationships, and cross-check tax identity during KYB reviews.

REGON Evidence

Official statistical business identifier used alongside NIP and registry data. Helps match business records across Polish databases and strengthens entity verification consistency.

Ownership & Control (UBO)

CRBR Record

Official beneficial ownership register evidence used to identify UBOs. Supports control checks, but it should be corroborated with wider ownership and registry documentation.

Director And Shareholder Evidence

Used to confirm who manages or controls the entity. Supports authority checks, ownership mapping, and consistency reviews across KRS, CRBR, and internal onboarding data.

Self-Declaration Or Supporting Ownership Pack

Used where institutions need broader ownership evidence beyond registry data. Helps document control structure, indirect ownership, and rationale for higher-risk KYB decisions.

Languages We Cover

Document Text Handling

Polish identity documents use the Latin script with diacritics such as Ą, Ć, Ę, Ł, Ń, Ó, Ś, Ź, and Ż. Shufti captures these characters accurately and handles MRZ where applicable.

Name Matching Controls

Shufti normalises Polish spelling variants and diacritics for matching. It also handles hyphenated surnames, gendered variants, and Cyrillic-to-Latin transliteration in migrant records.

Evidence Consistency

Shufti links document data, selfie results, and screening records across steps. Original spelling is preserved for audit, while normalised variants support matching and review.

GOVERNANCE & CONTROLS

Audit-Ready Decisions, Lower Operational Drag

Fewer Re-Submissions On Polish IDs

NFC chip capture and document fallback reduce re-submissions from legacy devices.

Cleaner Audit Trails For KNF and GIIF Reviews

KNF and GIIF inspections satisfied: biometric, document, and CRBR evidence logged.

Accurate Polish Name Matching

Diacritic-aware matching prevents false rejections on Dowód Osobisty and CRBR names.

KYC, KYB, And AML In One Back Office

Face verification, UBO confirmation, and AML screening run together in one workflow.

Dowód Osobisty-First Verification Flow

Primary identity flow built on Dowód Osobisty NFC chip, with automatic fallback.

Enterprise-grade compliance infrastructure

Poland IDV/KYC Challenges

CRBR Data Gaps

CRBR access restricted post-CJEU 2022 ruling; English support limited; complex UBO structures require cross-referencing articles of association.

NFC Fallback Friction

Legacy devices lack NFC; Polish ID card fallback to document-only verification increases re-submissions and adds manual review overhead.

Ukrainian Refugee Docs

Over 1.5 million Ukrainian refugees with temporary protection hold non-standard documents; Diia.pl digital permits require specific infrastructure.

EU AML Transposition Gaps

AMLD IV, V, VI transposition demands continuous adaptation; GIIF STR volumes rising; GDPR erasure conflicts with 5-year AML retention obligation.

Shufti’s IDV/KYC Solutions for Poland

KYC Solutions

Face Verification

Liveness-detected selfie matched against Dowód Osobisty photo. Anti-spoofing and biometric algorithms detect stolen-identity and multi-account fraud patterns.

Age Verification

Selfie-based age estimation confirmed via Dowód Osobisty or Karta Pobytu verification. Date of birth validated for gaming, alcohol, and financial eligibility.

Address Verification

Shufti verifies any address-bearing document. Polish utilities (PGE, Tauron, PGNiG) and banks (PKO Bank Polski, Bank Pekao, mBank) accepted as evidence.

Document Verification

Verify all 18 Polish document types including Dowód Osobisty NFC chip, Paszport biometric features, and Karta Pobytu. Diacritics captured and matched precisely.

KYB Solutions

Business Verification

Verify Polish entities via KRS Extract, NIP, REGON, and CRBR beneficial owner records. Directors face-verified against official photographs and UBO thresholds.

Enhanced Due Diligence (EDD)

Trigger EDD for Polish high-risk entities including non-EU ownership and PEPs. CRBR discrepancies documented; evidence structured for GIIF and KNF audits.

AML Screening

Business AML Screening

Screen Polish entities against PEP lists, EU Consolidated Sanctions List, UN Security Council lists, and Polish national sanctions list maintained by MSWIA.

Transaction Screening

Flag patterns meeting GIIF thresholds: suspicious activity and transactions above EUR 15,000. Real-time screening with automated STR generation in SI*GIIF.

REGULATORY ALIGNMENT

Built to Fit Poland's Compliance Landscape

Komisja Nadzoru Finansowego (KNF)

KNF supervises banks, capital markets, insurance, and payment institutions in Poland. Shufti's KYC logs and CRBR cross-references satisfy KNF inspection requirements.

Generalny Inspektor Informacji Finansowej (GIIF)

Poland's FIU receiving and analysing STRs and AML reports under the 2018 AML/CFT Act. Shufti integrates with SI*GIIF, pre-populates STR fields, and monitors EUR 15,000 thresholds.

Urząd Ochrony Danych Osobowych (UODO)

Poland's data protection authority enforcing RODO (GDPR), with fines up to EUR 20 million. Shufti applies Article 32 encryption and 5-year AML retention aligned to UODO guidance.

Narodowy Bank Polski (NBP)

Central bank overseeing monetary policy, payment systems, and AML governance in Poland. Shufti's transaction screening aligns with NBP payment system and AML standards.

Urząd Ochrony Konkurencji i Konsumentów (UOKiK)

Office of Competition and Consumer Protection enforcing competition law and consumer rights. Shufti's identity verification and fraud prevention controls support UOKiK expectations.

Krajowa Administracja Skarbowa (KAS)

National Revenue Administration for tax and customs administration across Poland. Shufti's NIP and REGON verification and business registration checks support KAS compliance.

Ministerstwo Spraw Wewnętrznych i Administracji (MSWIA)

Ministry of Interior and Administration controlling identity documents and Poland's sanctions list. Shufti integrates MSWIA sanctions into AML screening and KYC tiering workflows.

Deployment Choice

Available via Azure Poland Central (full region), Google Cloud Warsaw (full region), or AWS Local Zone Warsaw for in-country data residency requirements.

Regulatory Alignment

Aligned to RODO (Polish GDPR implementation) and AML/CFT Act recordkeeping obligations. UODO and GIIF enforce compliance; Article 6(1)(c) lawful basis applied.

Retention controls

Configurable retention and purge settings aligned to the 5-year minimum under Poland's AML/CFT Act of 2018. GDPR erasure requests deferred during retention.

Encryption posture

GDPR Article 32 encryption applied to personal and financial data in transit and at rest. AES-256 for stored data and TLS 1.2+ for data in transit connections.

Data Controls & Privacy for Poland

BUILT FOR COMPLIANCE TEAMS

Poland AML Sources That Strengthen Decision

House of Representatives of Poland

Senate of the Republic of Poland

Financial Supervision Authority (KNF)

Ministry of Internal Affairs and Administration

Bird & Bird

Business Insider Polska

Gazeta Wyborcza

Rzeczpospolita

House of Representatives of Poland

Senate of the Republic of Poland

Financial Supervision Authority (KNF)

Ministry of Internal Affairs and Administration

Bird & Bird

Business Insider Polska

Gazeta Wyborcza

Rzeczpospolita

House of Representatives of Poland

Senate of the Republic of Poland

Financial Supervision Authority (KNF)

Ministry of Internal Affairs and Administration

Bird & Bird

Business Insider Polska

Gazeta Wyborcza

Rzeczpospolita

Frequently Asked Questions

What KYC documents are required in Poland for individuals?

Polish KYC requires Dowód Osobisty (national identity card, valid 10 years), Polish Passport, or Karta Pobytu for non-EU/EEA nationals. Each verified against issuing authority records or via NFC chip. Remote verification supported via mojeID digital identity confirmation and liveness-verified selfie.

What is the Anti Money Laundering Act in Poland and who must comply?

Poland's AML/CFT Act of 1 March 2018 transposed EU AML Directives IV, V, and VI. Obligated institutions include banks, payment firms, investment firms, insurers, real estate brokers, lawyers, notaries, accountants, crypto operators, and corporate service providers. Non-compliance incurs GIIF investigation and administrative penalties.

How does online identity verification work with Dowód Osobisty in Poland?

Online identity verification via Dowód Osobisty uses NFC/RFID chip reading via mojeID, facial biometric scan via eDO App with liveness detection, or QR code scanning within mObywatel. Non-NFC devices fall back to document-only verification with liveness-verified selfie matching. GDPR Article 32 encryption applies throughout.

What is KYB verification and why is it required in Poland?

KYB confirms Polish business entity legal status, beneficial ownership, and compliance fitness under the AML Act and KNF guidance. Process includes KRS Extract validation (legal capacity), NIP and REGON cross-reference, and CRBR Extract verification of beneficial owners with more than 25% control.

How does CRBR beneficial owner verification work for Polish companies?

CRBR is Poland's public beneficial ownership register operated by the Ministry of Finance. Companies declare ultimate beneficial owners with more than 25% control within 7-14 days of registration. Obligated institutions verify CRBR entries; discrepancies are documented. Non-registration penalties reach PLN 1,000,000.

What is the GIIF reporting system and when must suspicious transactions be reported?

GIIF operates SI*GIIF, an electronic STR reporting system. Obligated institutions report suspicious activity without delay and all transactions above EUR 15,000. GIIF acknowledges receipt within 7 days. Accounts may be frozen for 96 hours, extendable to 6 months by prosecutor order.

What is PESEL and how does it support KYC in Poland?

PESEL is Poland's 11-digit national identity number, unique per individual, encoding date of birth and gender. It appears on Dowód Osobisty, Paszport, and Prawo Jazdy. Shufti cross-references PESEL during identity verification to confirm consistency with official registries and detect identity theft or multi-accounting.

How do GDPR and AML data retention obligations interact in Poland?

GDPR Article 17 right to erasure does not apply during AML-mandated retention. Poland's AML/CFT Act requires 5-year retention of KYC documents and transaction records. GDPR Article 6(1)(c) provides lawful basis for AML processing. UODO enforces compliance; violations may incur fines up to EUR 20 million.

Can mDowód digital ID be used for remote KYC verification in Poland?

mDowód is a digital Dowód Osobisty stored on a smartphone, enabling QR code scanning for identity confirmation when the physical card is unavailable. It requires the mObywatel app and NFC capability. Shufti accepts mDowód during remote onboarding with liveness verification and NFC chip validation where available.

Build a Poland-ready KYC, KYB & AML programme with Shufti

Check Pricing Request Demo

INDEPENDENTLY AUDITED. GLOBALLY CERTIFIED.

Certified to Global Standards

PROVEN WORKFLOWS

Use Cases for Regulated Growth in Poland

Fintech

Forex

Banking

Gaming

Gig Economy

Crypto

Marketplace

Fintech

Forex

Banking

Gaming

Gig Economy

Crypto

Marketplace

Fintech

Forex

Banking

Gaming

Gig Economy

Crypto

Marketplace

Accelerate Growth, Eliminate Friction

Onboard users in seconds, not days. Deploy tiered address verification flows that maximise completion rates for genuine users while filtering out synthetic fraud.

Learn More Try Now

Onboard Global Traders in Real-Time

Verify investors across 250+ countries & territories. Ensure compliance with international financial regulations while preventing identity theft and high-risk chargebacks.

Learn More Try Now

Secure Trust at Every Transaction

Automate KYC and AML workflows to reduce manual onboarding costs. Strengthen residency checks while delivering the frictionless digital experience modern customers expect.

Learn More Try Now

Power a Fair & Secure Player Experience

Reduce bonus abuse and multi-accounting rings at the door. Enforce location rules and trigger step-up checks without disrupting the player journey.

Learn More Try Now

Build a Trusted, Verified Workforce

Screen freelancers and drivers at scale. Verify residency and reduce onboarding friction while maintaining trust between users.

Learn More Try Now

Scale Your Exchange with Confidence

Balance anonymity with compliance. Instantly verify user jurisdiction to meet Travel Rule obligations and help stop abuse without slowing down legitimate trading volume.

Learn More Try Now

Reduce fraud without blocking growth

Shufti supports marketplace integrity by verifying seller and buyer identities, enabling age-gated journeys where needed, and preserving evidence to support investigations, disputes and risk-led enforcement actions.

Learn More Try Now