Sanqto
home industries law and notary offices
Industry page

For law firms and notary offices

Legal services or a notarial deed for a client on the sanctions list are the provision of a service — and it's prohibited. The law firm and the notary are liable.

See demo
Works offline
GDPR-aligned
EU / UN / OFAC lists
Auditable reports
Legal status for this industry
The duty not to provide services or funds applies regardless of AML status. Brokerage, advisory, leasing, insurance — each is a "service" within the meaning of Reg. 269/2014.
Reg. 269/2014 · 833/2014 · Polish Act of 13.04.2022
Legal obligation

Do a law firm and a notary have to run sanction screening?

Yes. Providing legal services and notarial acts to an entity on the sanctions list is prohibited conduct — independently of the fact that a law firm is also an AML obliged entity.

A legal service is a provision covered by the ban

Regulation (EU) 269/2014 prohibits making funds and economic resources available to listed entities and providing services to them. Legal support, drawing up a notarial deed, representation and advisory work all fall squarely within that. In addition, sectoral sanctions — Regulation (EU) 833/2014 — restrict the provision of certain services, including advisory services, to Russian entities.

A law firm is also an AML obliged entity

Notaries and — for certain activities — advocates and legal counsel are obliged entities within the meaning of the Anti-Money Laundering Act of 1 March 2018. This carries a duty to apply customer due diligence measures, including client verification. The sanctions duty and the AML duty are two separate bases — screening against sanctions lists is needed regardless of which of them you analyse.

The risk sits in the client's structure

A law firm rarely serves a client who appears directly on the list. The risk is hidden in the structure: the company being incorporated, a party to an M&A transaction or the buyer of a property may be controlled by a UBO on the list. Verification should cover not only the instructing client but every party to the act and their owners.

What skipping the check risks

The Act of 13 April 2022 provides for an administrative penalty of up to PLN 20M for breaching the ban. Directive (EU) 2024/1226 requires EU states to criminalise sanctions violations — in Poland it is being transposed by draft bill UC92. On top of that comes the risk of professional and disciplinary liability and of damage to the firm's reputation.

This material is educational and does not constitute legal advice. Legal status: May 2026. Basis: Council Regulations (EU) 269/2014 and 833/2014 and the Polish Act of 13 April 2022.

Risk scenarios

What this looks like in your work.

SCENARIO 01

Incorporating a company for a front client

A law firm incorporates a company for a client acting on the instructions of a person in Annex I of Reg. 269/2014. Legal support for a listed entity is the provision of a prohibited service.

SCENARIO 02

A notarial deed for a sale of shares

A notary draws up a deed transferring shares in a company whose UBO is on the list. The notarial act enables a transaction that is prohibited.

Hot spots

Where the risk is highest.

  • 01
    Incorporation and corporate servicing of companies
  • 02
    Notarial deeds — property, shares, businesses
  • 03
    M&A transactions and foreign clients
  • 04
    UBOs hidden in the structure
Tailored workflow

When exactly to screen the customer.

1
On accepting an engagement or a matter
Screen the client and every party to the act
2
Before signing a deed or a contract
Verify the ultimate beneficial owners
3
Periodically for regular clients
Monitor for sanctions-list changes
Mini-case

"Lex Corpore" law firm, 540 matters / year

Deployed in 4 days, client and parties screened when a matter is accepted. UBOs verified before deeds are signed. Package: Business — 5 900 EUR one-time.

typical persona
Service-side SMB
1–20 staff · deployed in 7 days
Most-asked questions

Truth first, technology second.

Does this really apply to my industry?
Yes. The ban on making funds available or providing services to listed persons (Art. 2 of Reg. 269/2014) applies to all economic operators — regardless of whether the industry is formally under AML obligations. For sectors like travel or real estate, criminal and administrative liability already exists today.
What if the customer doesn't agree to be screened?
Screening uses data you already hold from the contract or invoice (first name, last name, company name, tax ID, optionally date of birth). It does not require customer consent — it is the business's discharge of a legal obligation (GDPR Art. 6(1)(c)).
What do I do when there's a hit?
The app flags the result red, generates a justified report, and surfaces the procedure: pause the service, freeze funds, notify the FIU within 24 hours. Nothing is reported automatically — the decision sits with you.
Are the reports accepted by the FIU and tax authority?
Each report carries a timestamp, the reference-list version, the operator identifier and a hash of the input file — a format aligned with regulator expectations. Local archival for 5 years (the required retention period).
How often are the lists updated?
Every hour, plus immediately after publication of changes in the Official Journal of the EU. The app pulls reference files itself — it never sends customer data the other way.
Does this integrate with my CRM?
Yes. The Business and Enterprise tiers expose a REST API and ship integrations for popular CRMs (Pipedrive, HubSpot, Salesforce, Bitrix). On Starter you use the manual form.
Where is my data physically?
Wherever you install the app — your machine, your server, your network. There is no "Sanqto cloud" for customer data. Consequence: no data-processing agreements, no third-country transfers.
What's the fine if I don't screen?
Up to PLN 20,000,000 in administrative fines (Art. 15(1)(2) of the Act of 13 Apr 2022) and criminal liability up to 15 years for making funds available. Liability sits with the business — not the customer.
Contact

Book a 20-minute deployment call.

No salesperson, no slide deck. We'll show the install and answer the legal questions.

We reply within 1 business day.
Demo on your data (locally, on your hardware).
30-day trial, no commitments.

By clicking, you consent to being contacted with our offer. Data does not leave the EEA.

See demo