Poland’s Central Register of Beneficial Owners – help in the maze for foreign-owned businesses

For all businesses and also some non-business organisations in Poland now, there is a new obligation, namely to identify the real ultimate beneficial owners (“UBO”s) onto a central public register. In Polish this is called Centralny Rejestr Beneficjentów Rzeczywistych which is easy for them to say, but not so easy for us, so the form CRBR is an acceptable abbreviation. Literally this means “Central Register of Real Beneficiaries” but we would normally say “Beneficial Owners” or “Ultimate Beneficial Owners” or just UBOs which is like a UFO, but more “boring” than “flying”, unless of course you own something quite valuable, in which case it is not boring at all.

This was all enacted last year with an initial deadline of 13th May 2020 which has now, because of the pandemic, been set back to 13th July 2020, and may well need to be set back further, however at the time of writing the deadline is STILL 13th July 2020, which is a Monday.

The initiative became law by way of enacting an EU Directive on combatting money laundering which goes right back to 2015. This however is a text-book example if you need one, for how the international standard or law in organisations like the EU (not only the EU, but here it has tended to show up the most) is set and then member states have a degree of leeway in how they then put this into local law. There is usually a minimalist approach, but Poland somehow usually manages to show that it is well ahead of the curve by enacting something which is at the top end of how rigorous and bureaucratic it can be, with major penalties, with no real guidance as to how those penalties would be scaled and assessed, without making even logical exceptions (for instance, if the details already published in the KRS – Polish Companies House equivalent – are already public, up-to-date and accurate as a reflection of UBO the you’re exempt, but no, they didn’t do that. And they didn’t exempt even quoted companies which even Russia did when they enacted a version of UBO law which was seen as pretty strict back in 2015).

Part of the interface with the Government portal, which is only available in Polish even though there is no exemption for foreign businesses, moreover it is mainly intended for them. Thankfully, help is at hand…

So this is a great example of how the Polish authorities ride roughshod over business people in order to flex the muscles of the public sector and the state over the private sector muggins who pay for them to do it. They know full well that the business world, which remains in fear and thrall as in the days of yore, will do as they are told, and so they don’t worry too much. There is a computer interface, you have to use that, and you must use your company representative who is entitled to represent you as per the KRS (at which point you say, well if you do look in the KRS then you know that the UBOs are there already, but the answer is “we know what is on the KRS but we don’t know if these are not just nominees, and anyway it was the EU who told us to do this so just do it”).

The matter will be a minor chore for the majority of Polish businesses, but not even all of them. The problem they may have is the interface and the fact that when it comes to signing you need and electronic signature in the form of an ePUAP or a qualified signature, and even though official representatives of Companies are supposed to have these already, in fact they have not all done so, and those who have done so are still not very fluent in their use as they need to use them maybe once or twice a year, so this becomes a bit like expecting someone who goes to Church at Passover and Yom Kippur for weddings and funerals only, say the Nicene Creed and the First Surah from memory and in the original languages when very few people even speak Nicene these days.

Then you get people like us auditors who are using these things most weeks now, but we cannot just go in and do it for you, because it’s: a) not allowed and b) rendered impossible anyway by the very nature of electronic signing. Now imagine how more complex this is going to be for a foreign business especially if the Board are all non-Polish speakers and there is no Polish-speaking general proxy on the KRS or nobody on the KRS who can represent the company has an official electronic signature. Moreover the file has to be in a specific XML format, you cannot just hand in paper or even a pdf. The rules about what constitutes beneficial interest and how you measure it for various business cases are in a series of FAQs which are untranslated or badly translated.

And oh, I forgot to mention, the penalty for failure to do this by the deadline is, at least theoretically, PLN 1 million.

So, this means in practice, even though I know that a lot of UK-owned and other foreign-owned companies in Poland will be fretting about this, neither I no any other advisor, can come to you and say “hey that’s fine just hand it all over and we’ll do that for you and here’s my bill which is all you need to handle”. What can be done then, meaningfully?

Well, folk like me, UK Chartered Accountants in Poland should be able to (and I definitely am able to) provide a CRBR Walk-Through Service with the following elements:


  1. Feasibility check
    Talk to you beforehand to find out in your own language (I’m happy to do this in English, German, Russian, Polish and French) what your situation is regarding the representation, if the people have their PESEL or not, the ePUAP or qualified signature and make sure you are going to be able to make deadline without additional legal actions such as changes to the KRS. These might take a month or more if needed as there are several steps, and may even involve travel in this tough time, so there is no time to waste for that procedure if it’s needed now. If we identify that that’s needed you can take it to your usual company lawyer or I’ll get my own team on it, your choice. This stage may involve checking that you have a valid sig and remember your password to it. In no case will I ask for or see this password.
  2. Information gathering
    Talk through the situation re what the Ultimate Beneficial Owner profile is in your Company and how to apply the rules, again in your language, from the list above. If it’s not a typical situation so that research is needed, again you wouldn’t want to leave that to the last minute. In most cases it isn’t, but if you have situations where there are complex groups and offshore structures it can be difficult. (By the way, don’t trouble me if your purpose is to actually do money laundering and get around the law and keep people secret. I have no interest on helping anyone who does this and will not do so, as stated elsewhere on this site. I don’t like reporting people as I do not like to think of myself as an arm of the state, but please do not even put me into that dilemma, just go and find someone desperate enough to assist you.   However,  as long as you do want to obey the spirit of this law and play fair, and are simply interested in knowing how to do so in a complex situation, then I am happy to involve myself).
  3. Prep the XML, then enter it with you talking through the process
    Based on the info in 1 and 2, I can go in and prepare the XML file and send it to you, then we talk again and with share screen I show you how to add the XML file, and then go through the signature process if you have doubts about it. Then I explain about taking and keeping the file which proves you have done this and also check that the register now shows what we think it should given the information gathering in part 2.
  4. Concurrent health-check in KRS
    While we are about it we can check that the filings in the KRS look in order and up-to-date and if not what needs to be done.


Depending on complexity, I would expect to be able to help you with that walk-through approach as per the above steps for between £200 and £500, depending on complexity, paid half in advance, half on completion. As I mentioned, you don’t have to be a UK or Irish or other Anglosphere business, but if you need the service and speak English, French, German, or Russian, then I can help make sure this is done and keep you safe from the rather draconian fine they are waving in the faces of decent business people.If you are interested in this walk-through service and would like to know more, please fill in the below form and submit it.


What should the relationship of internal and external audit look like?

Not every organisation has both an external audit and internal audit. In some jurisdictions you can get companies that have internal audit but no external audit, while in most countries you get quite a prevalent external audit with far less incidence of internal audits. Russia is a prime example of the latter case.

External audits done under ISAs are supposed to plan and carry out work in order to have a reasonable expectation of detecting fraud and other irregularities, and certainly the expectation of users has traditionally been that external auditors are responsible for finding fraud.

I work both as external auditor and I also carry out internal audits for clients who don’t have their own departments or who do but still need to be beefed up locally by brought-in experts. Therefore I have no particular axe to grind, but I will say this – a lot seems to be expected of external auditors with relation to fraud without giving them the tools necessary to find instances of fraud.

Internal audit departments can, within reason (they cannot supercede data protection law or labour law, etc, or contravene people’s basic human rights when monitoring them) have whatever tools they like if they are within budget. I can just imagine what my clients would think if I as an external would start installing cameras, GPS trackers on company vehicles, doing spot checks for alcohol, lifestyle checks on managers, and all the other things that internals can do. And yet if you take the standards literally I have to do a job not far off that of a policeman as an external auditor.

All we are usually given as external auditors is a couple of generic questionnaires which we try to go through with the client’s management adapting it to the specifics of their business, then we have the duty and hopefully also the ability to map out and analyse the systems of the client, including the controls and to perform walk-through tests and seek to identify key controls. The way an external auditor assesses a key control and the way an internal auditor assesses a key control are also different in a number of ways, and how we define a key control for our respective purposes differs, and then the timing and frequency of checks on that control will differ. Many people who have worked only in external audit won’t know how or why they differ and therefore their ability to get the best from internal if it is even there will be in many cases limited.

Actually most of the fraud questionnaires in use are a good start because they are based in fact on the fraud triangle originally talked about by notable criminologist Donald Cressey back in the 1960s and 70s. This is the triangle of means, motivation and rationalisation or self-justification. It is based on the idea that if a person hasn’t got the opportunity to get around the system, doesn’t really need to and thinks it would be wrong to, then the chances of that person committing fraud are extremely remote. If on the other hand a person thinks that they know how to get away with it, need the money and also think they deserve to do it, then the fraudulent activity by that person is virtually certain. Various permutations of this give varying degrees of likelihood of fraud. The questions in fraud questionnaires would be good at helping to build a “fraud triangle” exercise in a given context, but only as long as the person doing it knows what they are doing both in theory and in practice. Often it is given to quite junior people to carry out and also very often in assessing audits I have seen that the answers don’t necessarily carry through to specific tests relevant to those answers, but instead increase general risk meaning that there is a likelihood that the sample sizes for other detailed substantive tests (by the way the weakest set of tests for detecting fraud) will be higher. And sometimes you are lucky to even get that much of a response.

Externals go on to make their control tests if they do recognise a key control (and on a worldwide scale I would hazard a guess that tests of controls are still done on only a small minority of audits, with most defaulting to the substantive route based really on lack of time or confidence with control work by the external audit team) and also the other big weapon they have in the arsenal is substantive analytical review. But SAR is only as good as the in-depth knowledge of the branch or business, so externals – especially those which are not branch specific as some Big Four externals are – don’t really have the sector knowledge that the internal audit team have and so their chance of noticing something that doesn’t stack up as they go through their analyses of ratios, or building of expectations and confronting to reality is not as good as that of the internal in many cases.

And then auditors finish every section by mopping up whatever needed assurance they could not derive from the earlier procedures by other substantive procedures based if done properly on a statistical sample, which is designed to get them from the assurance they got from less time-consuming procedures through to within their tolerable error (a function of risk and materiality from their perspective, which again differs from the internal auditor’s perspective which may not even be couched in money figures but in non-monetary terms). However the chances of getting at fraud looking through sampled accounting documents is miniscule, and here many external auditors do the bulk of their work.

So naturally if there is an internal audit team, an enlightened external auditor should be ver anxious to understand how they decided their work plan, what they did, and how many key controls have been checked thoroughly and how many risks are still open. If they want to give the organisation real value for money they will design tests that supplement, rather than duplicate the work of internal auditors.

Internal auditors will encourage this – they too will want to see that the organisation’s budget for external audit work goes on procedures that help to improve the risk heat map and the overall picture for the organisation. This call only be done when each side understands the other and “speaks their language”. Many internals have worked as external but not many are continually doing both types and therefore able to think through an assurance issue from both perspectives.

The Money Value of Time

The National Audit Office building, built orig...
The National Audit Office building, built originally as the Imperial Airways Empire Terminal. The statue, “Speed Wings over the World” is by Eric Broadbent” (Photo credit: Wikipedia)

According to page 2 of today’s UK Financial Times, a UK National Audit Office report shows over 6.5m people waited more than 10 minutes to get their calls answered by HMRC, adding £33m to customer’s phone bills and wasting £103m of their time last year.

This snippet of information triggered a few things that I wanted to say to you this morning. The first of these is, that, despite the fact that it is obviously pretty dire that people need to wait so long to get their calls answered by the service they are paying taxes to fund in the first place, at least in the UK there is a body which is concerened at the loss of time and places a value, in monetary terms, on that loss of time by the customer.

Anyone who has spent any time either in government offices, or even banks or supermarkets in this part of the world will probably confirm that the idea that the customer’s time is valuable and should be respected is a rather alien concept. Not so long ago it was an utterly alien concept, but even today it is still a concept which they find rather hard to grasp.

Not as bad as China, though, from what I heard and also saw. People being expected to queue all day outside the Chinese consulate for their visa and then at the very moment that the scheduled closing time of the office came the shutters come down like with Kiosk Keith and that was that. The spare time of the employees was utterly sacrosanct, that of the customer not at all. This of course shows an elitist mentality, which can be found in almost all state sector offices to one or another degree anywhere in the world. Expect it and try somehow to deal with it.

Much less acceptable is the wasting of the customer’s time in business. If the customer is paying then they have a right to have their matters expedited and people who keep people waiting ought either to invest in more infrastructure to avoid it or to wonder if they are in the right business. Continue reading “The Money Value of Time”

It pays to avoid the BBBs (Bargain Basement Bookkeepers)

Violent Storm Strikes Western Europe
Is a storm brewing over your books and records?

I am writing to relate a story based on true events which came to light last week when one gentleman came into one of our offices and spoke to me. To keep matters confidential, I won’t say the country – the same can happen in any country – or identify anything about this company the gentleman had – even the sector. It can happen to many sectors.

This gentleman had given his company bookkeeping and tax affairs to an outsourced book-keeper for his business in that particular country. He used outsourcing back home in his own country (I’m not saying where that is either) and he appreciated the benefit of being able to have his bookkeeping professionally handled by experts without needing to employ anyone, worry about holiday cover, etc etc.

Some time ago this gentleman had included our firm in his search, and we gave him a price entirely fair for a company with our niche in the market, that is, internationally trained people, with English, with proper quality assurance, supervision and back-up.  In other words,  a peer-reviewed, branded service tailored absolutely to the needs of West European businesses in the middle tier coming to start up in East Europe, and also very good for businesses not exactly in the middle tier and from places outside West Europe.

That means that the fee offered was not nearly as high as a Big Four service would cost, but certainly higher than a purely local service.

Now I’m not knocking the purely local services – many of them are very good, but for purely local clients as they don’t tend to be claiming proficiency in foreign languages or have the ability to engage cross-culturally with the client (a source of just as many miscommunications as the language barrier on its own). They are not a great fit with the international client, and often their cheaper price becomes a false economy as frustrations rise on both sides of the desk.

The problem in this case wasn’t lack of English – this gentleman’s chosen bookkeeper spoke English, apparently.

But she was in business just on her own. With no back-up employees, probably very little insurance, probably very few resources to turn to, and very few overheads hence enabling a price no quality firm could ever compete with. That was the price that tempted this gentleman to take her bid over mine.

But since then, it became apparent that this bookkeeper was not entirely what she seemed to be.

Neither this gentleman nor myself are qualified psychiatrists, and we could only speculate on what might have gone wrong, or been wrong all along with this person. The fact is, though, that mental illness happens in the human population. We’ve probably all had employees or acquaintances who have had a mental illness, and in a larger company they quickly get noticed by colleagues, and steps taken to look after them and safeguard the clients’ affairs. When they are on their own, no such controls exist.

Suffice it to say this lady no longer was answering emails or picking up the telephone when he was calling, and when he rang from another number she didn’t know, she put the phone down when she heard his voice – the person entrusted with his company’s books and records and processing a VAT reclaim for more money than she would normally earn in many years. As you can see, the situation is now much harder – and therefore more costly – for us to repair than if he had simply given us the work in the first place.

It simply doesn’t pay to use these Bargain Basement Bookkeepers. You know what you get if you pay peanuts, and if a price looks too good to be true, it probably is.

Dlaczego potrzebujemy RMUA u lekarza?

Logo of the Social Insurance Institution of Poland
Poland's Social Insurance logo

In the following article produced for the benefit of their clients but included here for general interest, is an article by one of Luxmed’s experts showing why it is that in Poland even privately insured patients still may be required by their doctor to possess proof of social insurance under certain circumstances.


Zgodnie z Ustawą o świadczeniach opieki zdrowotnej finansowanych ze środków publicznych, lekarz ma prawo odmówić wystawienia recepty na leki refundowane, jeżeli Pacjent nie przedstawi dowodu aktualnego ubezpieczenia. Takim dowodem może być każdy dokument potwierdzający prawo do świadczeń opieki zdrowotnej finansowanych ze środków NFZ, w szczególności dokument potwierdzający opłacenie składki ubezpieczenia zdrowotnego. Continue reading “Dlaczego potrzebujemy RMUA u lekarza?”

Domain names scam – what to do if affected

World Map Politic 2005 with ccTLDs - LQ version
CCTLD map from Wikipedia

You may have received e-mail (especially from Chinese and Hong Kong companies relating to .cn domains bearing your name if you didn’t register in China, but now more commonly in East Europe also) which says that if you use these people’s services they can prevent your name’s domain in that country from getting blocked.

Now this email gets sent out all over the world to addresses harvested from the internet page and chats and from usenet fora by robots, and of course the people behind the email cannot really afford to block every single domain that they are fishing for.  The one sure fire way of making sure that they do block your domain is if you respond to them, whether with threats or with asking for the help, even in terms of “what it would cost”. I suggest you only do this if you don’t want the domain really and have no intention of buying it, as if you are lucky it will lead the scammers into real cash outlay which they’ll never see any return on. I highly encourage that! Maybe some of these pests will stop it if they see that enough internet users are wise to them and don’t mind leading them up a garden path…

You can always search here on EuroDNS (in the interests of transparency that affiliate link earns 10% of anything you buy after you go there, but it shouldn’t cost you more and it’s the service I use myself) and see what the status is of all of your possible combinations of your name and the country endings or generic endings, as well as check the Whois status of all these countries, both Europe and Asia, all in one place. You will probably find that nobody has blocked your domain at all, and if you are interested in owning the domain you can block it there and then. They are ethical and I never had a problem with them that the owner didn’t solve within a week. If they are not contactable one day you can usually get them the next day. Continue reading “Domain names scam – what to do if affected”

Should your Company have a pro-forma audit?

Mostrador de um relógio Foto de Jose Goncalves
Tempus fugit - is it time for your proforma audit?

For businesses which have never been audited but which are growing up quickly to meet the audit thresholds in a year or two, you may wish to consider having your first audit done while it is still voluntary to do so, and the results, if less positive than expected, can at least be kept private.

Once your business has exceeded the audit thresholds (very typically in Europe this means for a private company about 50 employees, 5 million Euros turnover and 2.5 million Euros of gross assets, and it means 2 out of those three conditions – we just stated actually the Polish ones verbatim, (with the proviso that they also state a set PLN amount to avoid subjectivity for businesses that are on the cusp), but most countries are not far off that – even the Czech Republic which really needs much smaller thresholds)

Clearly this doesn’t apply at all to public limited companies, ie. the “S.A.”, “a.s.”, UK plc or German AG style companies which must be audited regardless of size – in some jurisdictions even if they are dormant – but for private limited liability companies most jurisdictions have size criteria like the ones just given – for Slovakia about 60% of the sizes given, so please note that this is divergent from the Czech ones, which are far too high for that country and result in proportionally fewer audits, which is a bad thing for corporate governance in that country.

While you are under the limits audit is voluntary. And you can have an unofficial audit whereby the audit comes and does for you all the normal work he would do if officially appointed, but it is only pro-forma. “Pro-forma” is Latin for something like the idea of “as if” so the auditor will work and report as if they had been properly appointed, but it is really a dry run for you. You do not appoint them as statutory auditors in the minuted general meeting, you do not have to file the report as the audit was voluntary, and you get all the benefit of the audit without the risk, and on top of all of that, I can get you these pro-forma audits for only 75% of the cost of a statutory audit, because the Firms we associate with want to promote good voluntary governance practice in the economy.

If you wait for your first audit until it is an obligatory one because you’ve outgrown the size criteria – and as we come out of the recession that will happen to some of you next year hopefully sooner than you dare hope for now – then if the auditor finds something wrong then the report of the auditor could be “modified” – I’ll do a separate article on what sorts of “modifications” exist and what they mean in accountancy speak, but it’s not good if you get one.

It will not help if you need a loan, and it will probably trigger a lot of interest on the part of the tax inspector. But you’ll have to publish it anyway, if there isn’t time to do the remedial work a good auditor should outline to you in time for your statutory deadline.

Now auditors get cajoled, encouraged in a friendly way or even outright threatened by desparate managers and owners to overlook things or change to an opinion that doesn’t match the facts, and there is nothing that can be done in those circumstances. Auditors are not generally anywhere near as afraid of their client as they are of their regulator, but more than that we are educated throughout our professional lives to be independent in our outlook, and so the only way to get out of some modified opinions is to do the remedial work the auditor recommends or make the adjustments that they recommend.

There’s no point in changing to another auditor you think will be more pliable – they must write to the old auditor and ask if there are any reasons why they cannot act. The best thing to do, if you are not sure how well your company will stand up to an audit is to have your first one a year or so before you need to. Then if the audit shows up a lot to be desired, you have a whole year to put it right and nobody will ever know because auditors are bound by confidentiality – it isn’t us who even publish our reports, it’s the responsibility of the client. The report is given to its addressee, which is always the shareholder, and some other corporate governance boards if they are in existence.

So it’s well worth thinking about, especially if your business has been growing fast and maybe has outgrown its systems.

Let us know if we can help.