Broader regulatory scope
Loans, BNPL, deferred payments, and remote models. We will check whether your product needs to be adapted.
Loans / BNPL
We support consumer lenders and BNPL operators in implementing the new consumer credit requirements. Deadline: 20 November 2026.
fintech brands we have worked with
how can we help you?
Model qualification
We will assess whether your loan or BNPL product falls within the new CCD2 requirements and define the scope of your obligations. This is the starting point for every implementation.
Learn moreCCD2 implementation
We will prepare the documentation, creditworthiness assessment procedures, pre-contractual forms, and IT specifications. A full process and operational implementation of the new Consumer Credit Act.
Learn moreBNPL / Checkout
We will build the regulatory model for deferred payments: register entries, checkout process documentation, and UX compliance with the dark-patterns rules.
Learn moreScoring and AI
We will audit credit scoring, implement a decision-explainability model, and a human-intervention mechanism. Alignment with GDPR and the AI Act in a single process.
Learn moreDefence against the free-credit sanction
The free-credit sanction is a real financial risk. We will prepare a risk matrix, a standard response to claims, and a plan to limit disputed exposure.
Learn moreTraining
We will train the management board, sales, compliance, and IT on the new credit obligations. Dedicated workshops and a role-based e-learning platform.
Contact usOngoing support
We monitor legislative changes, update the documentation, and support you during inspections. A subscription-based cooperation model after the implementation is complete.
Contact usloans and BNPL team
We work with consumer lenders, BNPL operators, and credit institutions. We know the industry from the regulatory, operational, and disputes side.
Why trust us?
- Many years of experience advising consumer lenders and BNPL operators.
- Hands-on knowledge of KNF and UOKiK requirements and inspection procedures.
- Implementations that combine consumer credit law with GDPR, the AI Act, and AML in a single process.
- Support from qualifying the product model, through documentation, all the way to inspection readiness.
Contact
Tomasz Klecor
Managing Partner
FinTech navigator. Lawyer.
For 15 years he has helped Poland's largest and most ambitious fintechs grow safely and globally. Starting as a lawyer, he now combines law, strategy, and technology — advising founders and boards on key decisions: how to scale in compliance with regulations, how to correctly implement DORA, MiCA, or AML and prepare for PSD3/PSR, and how to avoid the regulatory killers that can stop growth in its tracks.
LinkedIn
what is changing in consumer credit
The proposed act is to enter into force on 20 November 2026. It covers loans, BNPL, and zero-cost products. Failing to prepare means KNF penalties of up to PLN 15 million and free-credit sanction claims.
New advertising requirements
Mandatory warnings, a ban on promising easy financial recovery, and three-year archiving of advertisements. We will help you align communications and marketing.
Creditworthiness assessment, the new way
An assessment in the consumer's interest, an obligation to explain refusal, and human intervention in scoring. We will implement a process that aligns with CCD2 and the AI Act at the same time.
Penalties and the free-credit sanction
The free-credit sanction, KNF penalties of up to PLN 15 million, and criminal liability. We will prepare evidentiary-proof documentation and a risk-mitigation plan.
who is affected
The new requirements cover a broad range of entities granting consumer credit and offering deferred payments. Establishing your regulatory role is the first step toward a proper implementation.
How we determine the scope of your obligations
1. Product
We map your products: loan, credit card, credit line, BNPL, deferred payment. Each model carries different obligations.
2. Role
We establish your role: creditor, credit intermediary, or ancillary credit activity. That determines the regulatory path.
3. Process
We review the entire funnel: marketing, onboarding, scoring, the contract, withdrawal, and early repayment. We pinpoint the gaps.
4. Supervision
We verify the required KNF register entries, reporting obligations, and inspection readiness. We design a compliance audit model.
one company, several regulations at once
A consumer lender has to meet credit, data protection, AI Act, and AML requirements all at once. We bring them together into one coherent implementation process so you do not have to run four separate projects.
GDPR + scoring
We will design a creditworthiness assessment process that simultaneously meets the requirements on profiling, data minimisation, and the right to an explanation of the decision.
AI Act + credit scoring
We will implement controls for high-risk systems: model documentation, a human-intervention mechanism, and monitoring of training-data quality.
Loans / BNPL
We will integrate KYC and transaction monitoring with the credit process so that AML requirements are met without losing sales conversion.
| Process | Consumer credit | GDPR | AI Act | AML | NIS2 |
|---|---|---|---|---|---|
| Registration and application | application form, disclosures, adequate explanations | data minimisation and legal basis | transparency of tooling | KYC and risk profiles | secure remote channel |
| Creditworthiness assessment | ban on uncontrolled automated decision-making | profiling and data subject rights | high-risk controls | financial risk signals | data integrity |
| Distance selling | 14/30-day right of withdrawal | disclosure obligation | clear communication | transaction monitoring | resilience of online services |
| UX and dark patterns | bans on manipulating consumers | fair processing | human oversight | no circumvention of controls | consistent incident handling path |
how the engagement works
We tailor the scope to the stage of your project. You can start with the assessment and decide on the next steps based on the results.
Assessment
We qualify the product model and determine whether and how your product falls within the new requirements — benchmarking current processes against CCD2 and pinpointing priorities.
The output: a product inventory, an applicability map, a gap-analysis report, and an implementation priorities plan.
Full CCD2 implementation
For consumer lenders, banks, and credit intermediaries: we run the entire implementation of the new act — documentation, procedures, IT specifications, training, register entries, and inspection readiness.
You receive a documentation package, operational procedures, an IT specification, a training matrix, a reporting model, and an inspection-readiness pack.
BNPL quick-track
A dedicated track for deferred-payment operators and merchants — BNPL regulatory model, KNF register entry analysis, checkout process documentation, and a UX audit for dark patterns.
The result: a BNPL regulatory model, checkout documentation, a UX audit, and a register-entries plan.
Ongoing support
Subscription-based cooperation after the implementation — we monitor legislative changes, update the documentation, and support you during KNF inspections and free-credit sanction claims handling.
We update documents on a regular cycle, run regulatory monitoring, support audits, and handle claims.
support packages
We tailor the scope to the project stage and the risk profile of your organisation.
Readiness assessment
The starting point for every project. We qualify the product model, benchmark current processes against CCD2 requirements, and deliver a gap-analysis report with a map of implementation priorities.
Order an assessmentBNPL implementation
For merchants and BNPL operators. We build the BNPL regulatory model, prepare the documentation for the checkout process, analyse registration with the KNF register, and audit UX for dark patterns.
Contact usFull CCD2 implementation
For banks, lending institutions, and credit intermediaries that need to go end-to-end: from documentation and procedures, through IT specifications and team training, all the way to KNF inspection readiness.
Contact usScoring and AI
We audit credit scoring against CCD2, GDPR, and the AI Act. We implement a decision-explainability mechanism, a human-intervention path, and training-data quality control.
Contact usDefence against the free-credit sanction
The free-credit sanction can wipe out interest and commission revenue. We will prepare a risk matrix, a standard response to claims, and a plan to limit disputed exposure.
Contact usOngoing support
Subscription-based cooperation after the implementation is complete. We monitor legislative changes, update the documentation, and support you during inspections and consumer claims handling.
Contact usfrequently asked questions
Answers to the questions we hear most often from boards and compliance teams.
Start by qualifying the product model and running a gap analysis. That lets you set priorities and avoid last-minute fixes. The assessment can be wrapped up in a few weeks.
No. The scope depends on the product design and on your role: creditor, credit intermediary, or ancillary credit activity. That is why we start by qualifying the model.
The free-credit sanction can strip out the cost of credit if disclosure or contractual obligations are breached. For a consumer lender, that is a direct loss of revenue. Documentation has to be evidentiary-proof from day one.
It depends on the size of the organisation and the number of products. The assessment takes a few weeks. A full implementation for a consumer lender typically takes several months. That is why it pays to start as soon as possible — the deadline is 20 November 2026.
Not necessarily — if you approach it in an integrated way. We bring CCD2, GDPR, and AI Act requirements together into one process: model transparency, human intervention, and data quality control.
You are exposed to KNF penalties of up to PLN 15 million, criminal liability, and free-credit sanction claims from consumers. The sooner we start, the less pressure on the end of the project.
Yes. We offer subscription-based support: monitoring of legislative changes, documentation updates, help during inspections, and handling consumer claims.
get in touch about Loans / BNPL
In the first conversation we identify the stage of your project: assessment, implementation, or ongoing compliance.