Sanqto
home industries accounting firms
Industry page

For accounting and bookkeeping firms

Keeping the books or handling the accounts of a company linked to the sanctions list is the provision of a service — and it's prohibited. The accounting firm is liable.

See demo
Works offline
GDPR-aligned
EU / UN / OFAC lists
Auditable reports
Legal status for this industry
The duty not to provide services or funds applies regardless of AML status. Brokerage, advisory, leasing, insurance — each is a "service" within the meaning of Reg. 269/2014.
Reg. 269/2014 · 833/2014 · Polish Act of 13.04.2022
Legal obligation

Does an accounting firm have to run sanction screening?

Yes. Keeping the books and accounts of an entity on the sanctions list as a service is a provision covered by the ban — and an accounting firm is also an obliged entity under AML law.

An accounting service is a provision covered by the ban

Regulation (EU) 269/2014 prohibits providing services to entities on the list and making funds and economic resources available to them. Keeping the books, tax accounting and payroll all fall squarely within that. Sectoral sanctions — Regulation (EU) 833/2014 — separately restrict the provision of accounting and tax-advisory services to Russian entities.

An accounting firm is an AML obliged entity

Entities that keep accounting books as a service, and tax advisers, are obliged entities within the meaning of the Anti-Money Laundering Act of 1 March 2018. This carries a duty to apply customer due diligence measures. The sanctions duty, however, is a separate basis — screening against sanctions lists is necessary regardless of AML procedures.

Risk comes in with every new client

An accounting firm takes on clients based on basic registration data, often without insight into the ownership structure. A newly serviced company may be controlled by a UBO on the list, and links also arise through the client's owners and counterparties. Verification should cover the serviced entity and the people who run it.

What skipping the check risks

The Act of 13 April 2022 provides for an administrative penalty of up to PLN 20M for breaching the ban. Directive (EU) 2024/1226 requires EU states to criminalise sanctions violations — in Poland it is being transposed by draft bill UC92. On top of that comes the risk of liability for the firm's owner and of losing the trust of the remaining clients.

This material is educational and does not constitute legal advice. Legal status: May 2026. Basis: Council Regulations (EU) 269/2014 and 833/2014 and the Polish Act of 13 April 2022.

Risk scenarios

What this looks like in your work.

SCENARIO 01

A new client with a foreign structure

The firm takes on a company backed by foreign capital whose UBO is in Annex I of Reg. 269/2014. Keeping its books is the provision of a prohibited service.

SCENARIO 02

Keeping a client after a change of owner

An existing client changes hands — the new UBO has been added to the sanctions list. Without re-screening, the firm keeps providing a service to a listed entity.

Hot spots

Where the risk is highest.

  • 01
    Bookkeeping and accounting provided as a service
  • 02
    New clients with a foreign structure
  • 03
    Ownership changes at serviced companies
  • 04
    UBOs hidden behind the client
Tailored workflow

When exactly to screen the customer.

1
When taking on a new client
Screen the serviced company and its owners
2
On a change of the client's owner
Re-screen the ultimate beneficial owner
3
Periodically for the client portfolio
Monitor for sanctions-list changes
Mini-case

"Saldo" accounting office, 180 clients

Deployed in 3 days, client base imported from the accounting software via CSV. Periodic portfolio monitoring catches ownership changes and new listings. Package: Business — 5 900 EUR one-time.

typical persona
Service-side SMB
1–20 staff · deployed in 7 days
Most-asked questions

Truth first, technology second.

Does this really apply to my industry?
Yes. The ban on making funds available or providing services to listed persons (Art. 2 of Reg. 269/2014) applies to all economic operators — regardless of whether the industry is formally under AML obligations. For sectors like travel or real estate, criminal and administrative liability already exists today.
What if the customer doesn't agree to be screened?
Screening uses data you already hold from the contract or invoice (first name, last name, company name, tax ID, optionally date of birth). It does not require customer consent — it is the business's discharge of a legal obligation (GDPR Art. 6(1)(c)).
What do I do when there's a hit?
The app flags the result red, generates a justified report, and surfaces the procedure: pause the service, freeze funds, notify the FIU within 24 hours. Nothing is reported automatically — the decision sits with you.
Are the reports accepted by the FIU and tax authority?
Each report carries a timestamp, the reference-list version, the operator identifier and a hash of the input file — a format aligned with regulator expectations. Local archival for 5 years (the required retention period).
How often are the lists updated?
Every hour, plus immediately after publication of changes in the Official Journal of the EU. The app pulls reference files itself — it never sends customer data the other way.
Does this integrate with my CRM?
Yes. The Business and Enterprise tiers expose a REST API and ship integrations for popular CRMs (Pipedrive, HubSpot, Salesforce, Bitrix). On Starter you use the manual form.
Where is my data physically?
Wherever you install the app — your machine, your server, your network. There is no "Sanqto cloud" for customer data. Consequence: no data-processing agreements, no third-country transfers.
What's the fine if I don't screen?
Up to PLN 20,000,000 in administrative fines (Art. 15(1)(2) of the Act of 13 Apr 2022) and criminal liability up to 15 years for making funds available. Liability sits with the business — not the customer.
Contact

Book a 20-minute deployment call.

No salesperson, no slide deck. We'll show the install and answer the legal questions.

We reply within 1 business day.
Demo on your data (locally, on your hardware).
30-day trial, no commitments.

By clicking, you consent to being contacted with our offer. Data does not leave the EEA.

See demo