Emil Radziszewski – Managing Director of the Banking Supervision Division, Krzysztof Dąbrowski – Managing Director of the Security Division, Łukasz Hardt – Adviser to the Chair of the KNF, and Dominika Waltz-Komierowska – Deputy Director of the Legal Department spoke at the 17th Congress of Banking Law and Financial Technologies.

Emil Radziszewski took part in the debate titled ‘Security, technology, responsibility. Strategic dialogue on the future of the banking sector in Poland’. During the debate, he spoke about regulations, challenges related to the development of technology, and the importance of cybersecurity for the banking sector.

As he emphasised, ‘even though regulations describe market phenomena, this is not their purpose. Above all, they are to counter the identified threats emerging with such phenomena, e.g. with the development of new technologies and services.’ What is vital is a regulatory strategy for specifying, and raising awareness on, what should be regulated, and for defining how and when new solutions should be implemented. As he pointed out, strategic planning should precede the process of creating regulations at any level: from legislative sponsors, through regulators, to organisations and entities drafting their own internal regulations.

Cybersecurity was an important point of the discussion. Emil Radziszewski emphasised that it was one of key topics not only for the banking sector but for the entire economy. He drew the attention of the audience to the necessity to distinguish between the security of banking systems and the safety of a customer. He indicated that the materialisation of ICT risk might hamper clients’ access to funds, but it did not mean that such funds were lost.

As he emphasised, threats to the security of clients’ funds existed at the intersection of banking systems and clients’ activity, namely in a banking app. Due to operating methods used by criminals, an app user and their action are the main risk factor. For this reason, solutions aimed at enhancing clients’ security should focus on electronic communication channels, which is where remote banking services are initiated and where criminals usually attack.

In response to the question whether Polish banks are in a position to be leaders of responsible digital transformation in Europe, Emil Radaszewski indicated that they had all the necessary resources: they are modern, well capitalised, open to innovations and, at the same time, sensitive to risk. What is missing in the case of Polish banks, however, is outreach. Polish banks and the Polish banking market are of local nature, and they do not have a network in place to independently or jointly reach a critical mass to actively set trends at least at the regional level. He summed up his contribution by stating that Polish banks today had all predispositions to become at least a pioneer or a beacon in the area of digital transformation, whose experience could be used for the purpose of creating solutions at European scale.

As part of the panel titled ‘Digital euro: evolution or revolution of money in the EU’, Łukasz Hardt took the floor. In his speech, he underlined that the assessment of new forms of money, including central bank digital currencies (CBDC), must take into account, among other things, to what extent such new forms of money reduced transactional costs of market exchange. He also referred to the growing importance of stablecoins in the global financial system. In the context of plans to introduce digital euro, he emphasised that its impact on the financial system of the eurozone would be limited, i.a. due to limits on holdings thereof in private wallets and lack of interest rates. 

Dominika Waltz-Komierowskaspoke at the panel titled ‘From the anything-goes market to the regulated sector: the impact of MiCA on Polish users, crypto-asset service providers and financial institutions’.

She has emphasised that Komisja Nadzoru Finansowego is ready to exercise supervision of the markets in crypto-assets. The KNF have been supervising various sectors of the financial market for 20 years and has know-how on how to do that. Supervision of markets in crypto-assets is not considerably different from supervision of other sectors. MiCA is, in fact, a combination of what was included in MiFID, PSD2 and the Prospectus Regulation, adjusted to the reality of crypto-assets. 

The licensing process may seem difficult for new entities, i.a. due to detailed verification, including in terms of knowledge and experience of management board members, or other procedural requirements. A number of entities in a crypto-asset market, registered now as VASPs, may choose not to apply for a licence, also due to capital requirements. This is, however, aimed at protecting potential clients, and pursuing the vision and mission of the KNF, namely taking care of the stable and safe financial market.

In her speech, she also mentioned risks related to investments made through trading platforms operating in Poland on a cross-border basis. She has emphasised that financial education is very important to the UKNF: thanks to that education a client can distinguish between risks related to bank deposits and those related to financial instruments, such as shares, bonds or crypto-assets. Investors should be aware of risks related to investing and should understand what they invest their money in.

Krzysztof Dąbrowskitook part in the panel titled ‘From DORA to NIS 2: new cybersecurity requirements for banks’, during which he mentioned that with the current level of digitalisation of internal processes at financial entities and digitalisation of customer relations, ensuring appropriate investments in cybersecurity was not an option but necessity. Lack of proper ICT risk management may lead to the end of an organisation, e.g. as a result of a successful ransomware attack, which in the worst-case scenario may paralyse the organisation operationally and undermine clients’ trust. ‘Cybersecurity is a cyclic process and not a one-off campaign’, he emphasised. 

The best proof of high digital resilience of Polish financial entities is that criminals have diverted their attention to clients. It is a client who is targeted by criminals interested in financial gains, which is why it is so important to ensure education on cyber hygiene, and to report suspicious messages or advertisements, as it helps institutions of the national cybersecurity system combat such practices. 

He also mentioned that reports received in 2025 by CSIRT KNF showed that the majority of serious cybersecurity incidents affecting financial entities had their source at the entities’ providers. Such a snapshot confirms the adequacy of pressure exercised through DORA and its implementing acts on supply chains.

Due to the current geopolitical situation, one should be aware that not all cybercriminals are motivated by financial gain. Some of them embody hostile states which intend to use cyberspace to sow destabilisation and undermine public trust in the financial market and, consequently, in the state. Actions of such groups involve, among other things, intensive DDoS attacks aimed at interrupting access to banking applications, also in order to hamper users’ access to a number of public services.

Firms should invest, above all, in competencies of their teams and they should have a reasonable approach to AI-based tools, taking into account not only their functionalities, but also the manner in which those tools work and their vulnerabilities.