Poland 2026 Payment Systems Amendment, Direct Access, Licensing and a 14‑day Onboarding Playbook

The Poland payment systems amendment 2026, signed into law by the President in spring 2026, fundamentally changes how non-bank financial institutions connect to Poland’s national payment infrastructure. For the first time, licensed fintechs, electronic money institutions (EMIs), payment service providers (PSPs) and certain crypto-asset service providers (CASPs), can seek direct access to clearing and settlement systems previously reserved for banks. The amendment introduces a condensed 14‑day notification-to-activation window that demands rigorous preparation, and industry observers expect a rush of applications from both domestic start-ups and EU-passported operators. This playbook provides compliance officers, general counsel and fintech founders with the eligibility criteria, licensing interactions, operational obligations and a detailed step-by-step onboarding checklist needed to execute within that window.

TL;DR, 7‑step playbook summary:

1. Confirm your entity holds a valid EMI authorisation, PSP licence or CASP registration recognised in Poland.
2. Assemble the required documentation pack (corporate, AML/KYC, technical and financial).
3. Submit your formal notification to the relevant payment-system operator (e.g. Krajowa Izba Rozliczeniowa, KIR).
4. Establish API and technical connectivity with the operator’s test environment.
5. Complete end-to-end test transactions and pass AML/CFT verification checks.
6. Negotiate operational SLAs, settlement prefunding and indemnity terms with your clearing bank.
7. Receive activation confirmation and begin live processing within 14 days of notification.

For a broader primer on how different types of payment systems function globally, see the linked overview. Operators with crypto-related business models should also review the requirements for a crypto licence in Poland under MiCA 2026.

What the Poland Payment Systems Amendment 2026 Changes, Legal Summary

Poland’s payment-system framework is principally governed by the Act on Payment Services (Ustawa o usługach płatniczych) and the Act on Settlement Finality in Payment and Securities Settlement Systems (Ustawa o ostateczności rozrachunku). The 2026 amendment modifies key provisions of both statutes, transposing updated EU requirements and adding national rules that open direct participation rights to a broader set of licensed entities.

Core statutory changes

• Direct participation rights. Non-bank payment institutions that hold a valid licence or authorisation from the Komisja Nadzoru Finansowego (KNF), or that exercise EU-passported rights, may now apply for direct participant status in designated payment systems operated in Poland.
• 14‑day notification-to-activation window. System operators are required to process a conforming notification and grant or refuse access within 14 calendar days. Any refusal must be in writing with stated grounds and is subject to administrative appeal before KNF.
• Non-discriminatory access obligations. Operators must apply objective, proportionate and non-discriminatory criteria when assessing access requests, aligning with Article 36 of the Payment Services Directive (PSD2) as transposed into Polish law.
• Enhanced supervisory powers. KNF gains explicit authority to mandate access where an operator’s refusal is found to be unjustified, and Narodowy Bank Polski (NBP) retains oversight of systemic payment-system stability.

Key legislative timeline

The official amendment text is published on the Polish legislative database (ISAP) hosted by the Sejm. Practitioners should consult this primary source, alongside KNF and NBP regulatory guidance, for the definitive statutory language.

Who Can Apply for Direct Access to Payment Systems in Poland, Eligibility Checklist

The amendment does not grant universal access. To qualify for direct access to payment systems in Poland, an entity must satisfy a defined set of payment system access requirements. The following eligibility checklist distils the core criteria drawn from the amended statutory provisions and KNF supervisory expectations.

• Licensing status. The applicant holds a current EMI licence, PSP authorisation or CASP registration issued or recognised by KNF, either directly or via EU passporting under PSD2 / the Electronic Money Directive (EMD2) / MiCA.
• Legal form. The entity is incorporated as a Polish legal person (sp. z o.o., S.A.) or operates in Poland through a registered branch of an EEA-licensed institution.
• Minimum regulatory capital. The entity meets the ongoing own-funds requirements applicable to its licence category, e.g. EUR 350,000 for EMIs or the applicable PSD2 minimum for PSPs.
• AML/CFT compliance. The applicant demonstrates a fully implemented AML/CFT programme compliant with Poland’s Anti-Money Laundering Act (Ustawa o przeciwdziałaniu praniu pieniędzy), including customer due diligence, transaction monitoring and suspicious-activity reporting to the General Inspector of Financial Information (GIIF).
• Technical readiness. The applicant can demonstrate connectivity capability, API integration readiness, message-format compliance (ISO 20022 where required) and the ability to complete testing within the 14‑day window.
• Operational resilience. The entity can evidence business-continuity and disaster-recovery arrangements consistent with KNF expectations and, where applicable, the EU Digital Operational Resilience Act (DORA).

Common disqualifiers and pitfalls

• Expired or suspended licence. An entity whose KNF authorisation is under suspension, restriction or pending renewal will not satisfy the licensing gateway.
• Inadequate AML documentation. Incomplete or outdated AML risk assessments are a leading cause of operator refusal. Industry observers note that system operators will request current internal-audit reports, not just policy manuals.
• No local operational substance. A passporting entity with no Polish staff, no local compliance officer and no data-processing footprint may face additional scrutiny under the proportionality test.
• Failure to pre-engage the operator. Submitting a cold notification without prior dialogue with the system operator (KIR or another designated operator) often results in requests for supplementary information that push the timeline beyond 14 days.

Licensing Interaction, PSD2, EMI, PSP and MiCA Mapping Under the Poland Payment Systems Amendment 2026

A common misconception is that the amendment creates a new, standalone licence. It does not. Fintech direct access in Poland is conditional on holding one of the existing regulatory authorisations. The amendment merely removes the infrastructure barrier, the rule that only credit institutions could become direct participants in certain designated payment systems. Below is a mapping of how each licensing route interacts with the new direct-access right.

EMI licence Poland, how it interacts

An electronic money institution authorised by KNF (or passported from another EEA state under EMD2) now qualifies to apply for direct participant status. The EMI must continue to satisfy safeguarding requirements, client funds must be held in segregated accounts or covered by an insurance policy. An EMI licence in Poland is the most common route for fintech operators that issue prepaid cards, e-wallets or stored-value instruments and wish to clear transactions directly rather than routing through a sponsor bank.

PSP licensing Poland, authorisation vs registration

PSP licensing in Poland distinguishes between fully authorised payment institutions and registered small payment institutions (MIP, mała instytucja płatnicza). The amendment’s direct-access right applies to fully authorised payment institutions. MIPs, which operate under a simplified registration with lower capital requirements, are not eligible for direct participation, though the likely practical effect is that growth-stage fintechs will upgrade from MIP to full authorisation to unlock this access.

PSD2 Poland 2026, passporting and access

PSD2’s non-discriminatory access principle (Article 36) has been transposed into Polish law for several years, but its practical enforcement for system access was inconsistent. The 2026 amendment strengthens the domestic enforcement mechanism, giving KNF explicit intervention powers. For EU-passported PSPs and EMIs, this means that direct access is legally available on the same terms as for domestically licensed entities, subject to meeting the eligibility criteria above.

MiCA impact Poland, crypto-asset service providers

Crypto exchanges and custodians authorised as CASPs under MiCA may also seek payment-system access if their services involve the execution of payment transactions in fiat currency. Where a CASP also holds a PSP or EMI licence, the pathway is straightforward. Where the CASP relies solely on its MiCA authorisation, early indications suggest that operators will require additional evidence of payment-processing capability and AML controls specific to fiat on/off-ramp activity. For a detailed breakdown of CASP licensing in Poland, see the guide to crypto licences in Poland under MiCA 2026.

Comparison table, entity types, licensing routes and key obligations

Operational and Compliance Obligations on Gaining Direct Access

Obtaining direct access is not the finish line, it is the starting point for a heightened compliance regime. Once an entity becomes a direct participant in a Polish payment system, the following operational obligations apply continuously.

• AML/CFT transaction monitoring. Direct participants must apply real-time or near-real-time screening of payment messages against sanctions lists (EU, UN, Polish national lists) and file suspicious-activity reports with the GIIF within statutory timeframes.
• Safekeeping and reconciliation. Participants must reconcile settlement positions daily and maintain adequate liquidity buffers to cover peak-day settlement obligations. NBP operational guidance sets the benchmark for liquidity-coverage expectations.
• Security and incident reporting. Major operational or security incidents must be reported to KNF and to the system operator without undue delay, consistent with PSD2 incident-reporting obligations and DORA requirements effective from January 2025.
• Data localisation and ICT resilience (DORA). The EU Digital Operational Resilience Act (DORA) requires that critical ICT third-party providers are subject to oversight. Direct participants relying on cloud or outsourced infrastructure must ensure contractual compliance with DORA’s requirements on subcontracting, audit rights and exit strategies.

Ongoing reporting and audit readiness

KNF expects direct participants to submit quarterly prudential reports covering settlement volumes, fail rates, liquidity-buffer utilisation and AML statistics. Additionally, participants should maintain an audit-ready posture, meaning internal-audit reports on payment-system controls are current and available for inspection at 48 hours’ notice. Industry observers expect KNF to conduct targeted supervisory reviews of newly admitted direct participants within the first 12 months of access.

The 14‑Day Onboarding Playbook for Poland Payment Systems Amendment 2026, Step by Step

This is the core deliverable of the article: a practical, day-by-day playbook for bank onboarding as a fintech in Poland following the 2026 amendment. The 14‑day clock starts when the system operator receives a conforming notification. Every day counts.

Day 0, Pre-notification preparation (before the clock starts)

1. Assemble the documentation pack. Gather all items in the checklist table below.
2. Pre-engage the system operator. Contact KIR (or the relevant designated operator) to confirm the notification address, format requirements and any operator-specific supplementary forms.
3. Confirm API readiness. Ensure your technical team has reviewed the operator’s published API specifications, message standards (ISO 20022 where applicable) and test-environment access procedures.
4. Appoint a dedicated onboarding lead. Designate a single internal point of contact with authority to execute legal documents, approve technical configurations and escalate issues.

Documents banks and operators require

Days 1–3, Legal submission and bank engagement

1. Submit the formal notification. Deliver the complete documentation pack to the system operator by registered electronic means (or as specified in the operator’s rules). The 14‑day clock begins on receipt.
2. Send the bank-engagement communication. If you are establishing a settlement relationship with a Polish clearing bank (rather than settling directly), email the bank’s institutional-onboarding desk simultaneously. A sample engagement script:

“Dear [Bank Institutional Onboarding Team], We are a [EMI/PSP] authorised by KNF under licence no. [X]. We have submitted a direct-access notification to [KIR/operator] on [date] pursuant to the amended Act on Payment Services. We request the establishment of a settlement account and operational SLA on an expedited basis consistent with the 14‑day statutory window. Attached please find our corporate, licensing, financial and AML documentation pack. We welcome a call at your earliest convenience to discuss prefunding arrangements and indemnity terms. Regards, [Onboarding Lead]”

3. Respond to any immediate queries. Operators may issue a request for information (RFI) within 24–48 hours. Pre-prepared responses accelerate the process.

Days 4–7, Technical connectivity and test-environment setup

1. Obtain test-environment credentials. The operator issues sandbox/test-environment access upon preliminary documentation review.
2. Configure API connectivity. Connect to the operator’s API endpoints, configure message formatting and validate certificate/authentication protocols.
3. Run initial test transactions. Execute a minimum suite of test cases: credit transfers, direct debits (if applicable), rejection scenarios and reconciliation messages.

API readiness checklist:

• TLS certificates installed and validated
• ISO 20022 message schemas loaded and tested
• Unique participant identifier (BIC or equivalent) configured
• Reconciliation and statement-download processes automated
• Failover and timeout handling tested

Days 8–11, AML verification, end-to-end testing and SLA finalisation

1. AML/CFT verification. The operator and/or clearing bank performs its own due diligence on your AML programme, this may include interviews with your MLRO (Money Laundering Reporting Officer) and sample-transaction walkthroughs.
2. End-to-end (E2E) test cycles. Complete full settlement cycles in the test environment, including same-day and next-day settlement, and confirm that your reconciliation output matches the operator’s settlement confirmations.
3. Finalise SLA and indemnity terms. Negotiate and sign the operational service-level agreement with the clearing bank, covering settlement cut-off times, prefunding mechanics, indemnity caps and dispute-resolution procedures.

Days 12–14, Activation, go-live and post-launch monitoring

1. Receive operator decision. The system operator issues a written decision granting or refusing access. A grant triggers production-environment activation.
2. Switch to production. Migrate configurations from test to production, execute a small batch of live transactions and monitor settlement in real time.
3. Activate monitoring dashboards. Ensure compliance, operations and treasury teams have real-time visibility on settlement positions, fail rates and liquidity draw-downs.
4. Fallback plan. If any step stalls, immediately engage KNF to invoke the non-discriminatory access enforcement mechanism. Maintain your existing indirect-access (sponsor-bank) arrangement until direct access is fully operational.

For additional context on how fintech onboarding processes compare internationally, see the operational guidance for setting up a fintech company in the UAE and the equivalent process for fintech companies in Nigeria. A comparative view of MSB licensing in the US also provides a useful benchmark for payments licensing timelines.

Practical Bank Engagement and Negotiation Tactics for Fintech Onboarding in Poland

Bank onboarding for a fintech in Poland involves more than document submission. Polish banks and system operators assess operational substance, risk profile and commercial viability before agreeing to settlement relationships. The following tactics improve outcomes.

• Demonstrate local operational substance. Present evidence of Polish-based compliance staff, a local registered office and data-processing arrangements. Banks are more comfortable when they see genuine operational commitment rather than a brass-plate passporting exercise.
• Offer prefunding above minimum. Proposing settlement prefunding at 120–150% of your estimated peak-day exposure signals financial strength and reduces the bank’s credit-risk concerns.
• Present a clean AML track record. Provide your most recent external AML audit (if available) and any regulatory correspondence from KNF confirming compliance. Banks treat a history of clean KNF inspections as a strong positive signal.
• Negotiate SLA terms early. Do not leave operational SLAs, settlement cut-off times, value-dating conventions, dispute windows, to the final days. Propose your preferred terms in the initial engagement letter so negotiations run in parallel with technical testing.
• Prepare indemnities carefully. Banks will request indemnification for losses arising from your payment instructions. Negotiate caps, carve-outs and insurance backstops rather than accepting unlimited indemnity clauses.

Red flags banks look for

• Frequent changes in beneficial ownership or corporate structure
• Concentration of volumes in high-risk jurisdictions without enhanced due diligence
• Absence of a dedicated Polish compliance officer or MLRO
• Inability to demonstrate real-time sanctions screening
• Reliance on a single unregulated technology vendor for core payment processing

Risks, Enforcement and Remedies

Non-compliance with the direct-access provisions carries material consequences. KNF holds primary supervisory authority over licensed entities’ compliance with payment-services law, while NBP oversees the stability and operational soundness of the payment systems themselves.

• Administrative sanctions. KNF may impose fines on entities that operate as direct participants without meeting eligibility requirements, or on system operators that refuse access without justified grounds.
• Access revocation. A system operator may suspend or revoke a participant’s direct access if the entity’s licence is withdrawn, suspended or if the entity materially breaches operational rules.
• Contractual remedies. Settlement agreements with banks typically include termination-for-cause provisions, indemnity calls and the right to withhold settlement funds pending dispute resolution.
• Recommended mitigations. Maintain a parallel indirect-access (sponsor-bank) channel during the first 6–12 months of direct participation. Carry excess liquidity in settlement accounts. Invest in continuous AML monitoring upgrades and schedule a voluntary KNF compliance review within the first year of direct access.

Case Studies, Sample Timelines Under the Poland Payment Systems Amendment 2026

Case A, EUR-denominated EMI seeking PLN clearing

A Lithuanian-licensed EMI passported into Poland wishes to clear PLN-denominated card transactions directly. The entity holds a valid EMI passport notification from KNF, maintains a compliance team of three in Warsaw and has pre-engaged KIR six weeks before the amendment entered into force. On Day 0, the documentation pack is complete. Notification is submitted on Day 1, test-environment credentials are received on Day 4, E2E testing completes on Day 10, and the operator grants access on Day 13. Live processing begins on Day 14.

Case B, Crypto exchange with dual CASP/PSP licence

A Polish-incorporated crypto exchange holds both a CASP authorisation under MiCA (via national transposition) and a limited PSP authorisation for fiat on/off-ramp services. The entity seeks direct access to settle fiat withdrawals. Because its PSP authorisation is limited in scope, KIR requests supplementary documentation on fiat transaction volumes and enhanced AML controls for crypto-derived funds. The RFI adds 2 days to the process. Final access is granted on Day 14, exactly at the statutory deadline. The entity maintains its existing sponsor-bank channel as fallback for the first 90 days.

Conclusion, Next Steps for Fintechs Seeking Direct Access in Poland

The Poland payment systems amendment 2026 represents a structural shift in how non-bank financial institutions participate in Polish payment infrastructure. For compliance officers and fintech founders, the practical implication is immediate: the 14‑day onboarding window demands that documentation, technical connectivity and bank relationships are prepared before the notification is filed, not after. Entities that invest in pre-engagement with system operators, maintain robust AML frameworks and present genuine operational substance in Poland will move through the process efficiently. Those that approach it reactively risk refusal, delay and reputational damage with both operators and KNF.

The combination of direct access rights, strengthened KNF enforcement powers and DORA-era operational resilience standards means that Poland is positioning itself as a serious fintech-infrastructure hub within the EU. Early indications suggest that the first cohort of direct participants will set the precedent for operator expectations, making first-mover preparation especially valuable.

Sources

1. Dudkowiak & Putyra, Direct Access for Fintechs: What Poland’s New Payment Systems Amendment Means for Your Business
2. Narodowy Bank Polski (NBP), Payment System Guidance
3. Komisja Nadzoru Finansowego (KNF), Polish Financial Supervision Authority
4. Krajowa Izba Rozliczeniowa (KIR), Polish Clearing and Settlement Operator
5. ISAP / Sejm, Polish Legislative Database (Official Amendment Text)
6. European Commission, PSD2/PSD3 Regulatory Framework
7. European Banking Authority (EBA), PSD2 Guidance and Technical Standards
8. Traple Konarski Podrecki & Partners, Legal Commentary