Poland’s Regulatory Vacuum on Digital Assets Deepens AML Risks After Presidential Veto

Poland’s ongoing failure to implement a comprehensive legal regime for digital assets aligned with the European Union’s Markets in Crypto-Assets (MiCA) regulation has created a mounting anti-money-laundering threat, one intensified by the recent presidential veto of the enabling legislation. With this decision, Poland now stands as the lone EU member state without a MiCA-compliant framework, a position that has prompted sharp warnings from political leaders about the country’s growing appeal to international criminal groups. The administration of Prime Minister Donald Tusk had stressed that the crypto-asset bill was essential to equip authorities with the tools needed to oversee a market increasingly vulnerable to manipulation by foreign intelligence services, Russian organized crime syndicates, and highly advanced laundering schemes. Yet the president, citing fears of excessive regulatory pressure on a developing sector and concerns over preserving citizens’ freedoms, inadvertently cleared the way for illicit financial flows to expand—undermining the very stability the veto claimed to protect.

This regulatory void compounds weaknesses already embedded in Poland’s pre-MiCA oversight system. Although the Act on Counteracting Money Laundering and Financing of Terrorism, which implements the EU’s Fifth Anti-Money Laundering Directive, formally classifies virtual currency providers as obliged institutions, its practical effectiveness has long been questioned. The national Virtual Asset Service Provider registry in particular has been exposed as a significant vulnerability. Critics argue that the registry has fostered a deceptive aura of legitimacy, making it easy for criminal networks to exploit Poland as a gateway into global markets. By securing swift VASP registration—based largely on self-declared “knowledge and experience”—illicit operators have been able to present themselves internationally as fully compliant entities operating under EU-level supervision. This façade has been used to cultivate trust among unsuspecting targets and fuel large-scale illicit activity. One major illegal crypto-asset operator, which managed to obtain a Polish VASP entry, reportedly moved billions in cybercrime proceeds, including funds tied to global “pig butchering” scams, while posing as a regulated Polish firm. The minimal entry requirements created a structural vulnerability that failed to filter out sophisticated international financial crime groups, turning the registry into an unwitting mechanism for the placement and layering of criminal proceeds.

Poland’s inability to enact MiCA-aligned legislation not only preserves these vulnerabilities but also widens the gap between the country’s AML/CFT framework and international standards, particularly those established by the Financial Action Task Force. FATF Recommendation 15 requires that Virtual Asset Service Providers be subject to licensing or registration and robust AML/CFT supervision, including compliance with the Travel Rule obligating the transmission of sender and recipient data on crypto-asset transfers. In follow-up reviews, Poland has faced criticism for technical gaps, such as lacking explicit requirements for obliged entities to assess and mitigate money-laundering or terrorism-financing risks associated with emerging technologies and new business models prior to launch. Without MiCA, Poland misses the comprehensive enhancements it was designed to impose—strengthened customer due diligence, intensified transaction monitoring, and strict prudential and conduct rules. The absence of the EU-wide passporting system leaves Polish firms stranded in regulatory uncertainty, while non-compliant operators encounter fewer restrictions. This exposes Poland as a weak point in the EU’s financial defenses, inviting criminals seeking to escape the tighter oversight applied throughout the rest of the bloc.

MiCA is not limited to market integrity or consumer safeguards; it is fundamentally structured to bolster financial-crime prevention. Its framework for Crypto-Asset Service Providers mandates stringent Know Your Customer protocols, exhaustive due-diligence checks, and continuous scrutiny of client activity. It expands reporting duties for suspicious behavior and imposes demanding transaction-monitoring standards. Complemented by the Regulation on the Traceability of Transfers of Funds—which fully aligns the crypto-asset sector with the international Travel Rule—MiCA closes the anonymity gaps that enable money laundering. By vetoing the implementing legislation, the president effectively postponed the introduction of these crucial AML/CFT protections. Law enforcement agencies and financial institutions must therefore continue operating with weakened tools, despite explicit government warnings about the risks of Russian financial infiltration and the growing sophistication of transnational crime within unregulated digital-asset markets. This prolonged delay heightens systemic exposure, enabling criminals to use Poland as a discreet conduit through which illicit funds can enter the broader European economy.

The political deadlock over digital-asset regulation now carries direct and dangerous consequences for Poland’s capacity to combat financial crime. Without MiCA, the country remains susceptible to exploitation by criminal enterprises specializing in cybercrime, sanctions evasion, and complex laundering schemes, all of which actively seek jurisdictions with fragmented or outdated oversight. The current landscape facilitates every stage of laundering—from the placement of illicit funds into loosely supervised crypto-assets, to the layering of those funds through intricate cross-border chains aided by the perceived legitimacy of a Polish VASP registration, and finally the integration of these proceeds into legitimate financial channels. FATF has repeatedly emphasized that inconsistent AML/CFT rules across jurisdictions offer fertile ground for criminal exploitation, and Poland’s status as the EU’s sole holdout dramatically magnifies that risk across the continent. With the veto forcing the legislative process back to square one, the adoption of MiCA-compliant regulations may be delayed for years, granting financial criminals an extended window to operate with minimal resistance. The urgent implementation of strong, internationally aligned AML safeguards is now a matter of national and regional security, necessary to protect Poland’s financial integrity and shield its citizens from predation by advanced transnational criminal networks.

By fLEXI tEAM