Name
Global FinTech Guide
Country _ Name
Poland
SectionTitle
Identification
Body
FinTechs belonging to this category provide identification services, which are required for most banking services.

Introduction

Attitude of the country towards identification services

The possibility of opening bank accounts via mobile applications or websites appeared on the Polish market a few years ago, but it was only the outbreak of the coronavirus pandemic that triggered the development of innovative identity services and forced companies to adapt their offers to remote reality.
Among the possible forms of verifying a bank account there has been added the possibility of using the mObywatel application, i.e., a free mobile application issued by the Chancellery of the Prime Minister offering mobile versions of documents in the form of digital services. These mobile versions of documents are widely recognised in Poland. In order to use the application, it is required to have a so-called trusted profile. In the application it is possible to 'hold' such documents as an ID or a driving license.


Legal affairs

Obligations and requirements to provide identification services

The requirements for identification and verification of the customer and beneficial owner are included in the Anti-Money Laundering and Countering the Financing of Terrorism Act (Ustawa o przeciwdzialaniu praniu pieniedzy oraz finansowaniu terroryzmu) ('AML Act'). In addition, there are also the guidelines of the General Inspector of Financial Information on identifying a customer of an obliged institution and verifying his identity in the absence of his physical presence and the position  of the Office of the Financial Supervision Authority (Urzad Komisji Nadzoru Finansowego) on customer identification and verification of his identity in the financial sector subject to the supervision of the Financial Supervision Authority based on the video-verification method. The implementation of the AML Regulation will significantly change the obligations of obliged entities regarding customer identification and verification of the beneficial owner’s status.


The topic of outsourcing will also be covered in the upcoming AML Regulation. Once the AML Regulation comes into force, obliged entities will be allowed to outsource certain AML/CFT-related tasks to service providers, but this outsourcing will be subject to specific requirements. By 10 July 2027, the AML Authority (AMLA) is expected to issue guidelines for obliged entities regarding the rules on outsourcing these tasks.

Obligated institutions under AML Act may outsource the process of client identification to other entities, if under a written agreement the entity outsourced to the execution of financial security measures is to be treated as part of the obligated institution.

The implementation of the AML Regulation will significantly change the obligations of obliged entities regarding customer identification and verification of the beneficial owner’s status.
The topic of outsourcing will also be covered in the upcoming AML Regulation. Once the AML Regulation comes into force, obliged entities will be allowed to outsource certain AML/CFT-related tasks to service providers, but this outsourcing will be subject to specific requirements. By 10 July 2027, the AML Authority (AMLA) is expected to issue guidelines for obliged entities regarding the rules on outsourcing these tasks.

Outsourcing the execution of financial security measures does not relieve the obliged institution from the responsibility for their application. Therefore, any mistakes made by the third party will burden the obliged institution with administrative liability under the AML Act.

Additional comments regarding the legal situation for identification services or what FinTech’s must be aware of in this business area

The use of identification service providers may involve the need for such providers to process information covered by banking secrecy - i.e. information about the bank's customers. Among other reasons, the conclusion of a contract will entail the need to take into account the regulations on banking outsourcing, which were significantly amended in the fall of 2023. The new regulations are more liberal than the previous ones and provide for, among other things:

  • No obligation on the service provider to bear unlimited liability for any damage caused to the bank's clients as a result of the outsourcing contract;
  • The possibility of further outsourcing of activities performed under the outsourcing (previously, the outsourcing chain was limited to one level of subcontractors)
  • A simplified procedure for carrying out so-called foreign outsourcing, i.e., outsourcing the provision of services by a bank to suppliers outside the EEA or the processing of information covered by bank secrecy outside the EEA.
Liberalization of banking outsourcing regulations positively affects the possibility of using identification services provided by third-party suppliers.

It is also worth mentioning that the use of identification services provided by third-party providers will very often involve the processing of the bank's information in public cloud computing services, often provided by global providers such as AWS, Google, Microsoft. Until recently, the Communication from the Financial Supervisory Authority office on information processing by supervised entities using public or hybrid cloud computing services of January 23, 2020 was relevant in this context. However, it was repealed in January 2025, as most of its functions have now been taken over by the Digital Operational Resilience Act (DORA).
Identification services are subject to the requirements of the Digital Operational Resilience Act, which will apply to the use of ICT services in the Polish financial sector. The act will impose requirements in the areas such as ICT risk management, ICT incident management or ICT third-party provider risk management on financial institutions and, consequently, some of those requirements will reflect on ICT service providers as well. In this regard, attention should also be paid to national regulations that are currently under legislative process in Poland and are expected to be adopted in the second half of 2025. The new law will amend a number of existing financial market acts to align them with the application of the Digital Operational Resilience Act (DORA). 


Economic conditions

Market size for identification services and biggest companies in this business area

It is difficult to define the market, because as with other FinTech services in Poland, financial institutions can conduct such identification using their own, internal services. However, due to legal regulations and digitization, market for identification services is growing. Companies use different tools to verify identity, many of them use digital identity providers. A Polish company that supports the development of the identity market verification is Authologic, which also operates in other European countries. Companies may also benefit from the help of other external companies such as Indentt, Autenti or Onfido.

Additional comments regarding the economic situation for identification services or what FinTech’s must be aware of in this business area

N/A

Authors

Close

Choose country