ROMANIA Law and Practice Contributed by: Sergiu-Traian Vasilescu, Luca Dejan, Bogdan Rotaru and Ana-Maria Bută, VD Law Group
has strict, legally defined competence over distinct activities, and a single entity may fall under multiple regulators if it engages in diverse services. • The ASF regulates activities like crowdfunding and capital markets. • The BNR oversees payment services, e-money institutions and other financial services such as card issuing and money transfers. • ANCOM supervises telecommunications and broadcasting, relevant for fintechs with telecom- based services. • The National Supervisory Authority for Personal Data Processing (ANSPDCP) enforces GDPR com - pliance, regulating data protection for companies handling personal data. For example, a fintech offering both crowdfunding and payment services would be regulated by the ASF for crowdfunding and by the BNR for payment services. This activity-based regulation ensures that each regu - lator supervises its specific area of expertise. 2.7 No-Action Letters Romanian regulators do not formally issue “no-action” letters as seen in other jurisdictions. They are general - ly reluctant to provide legal advice on the qualification of specific activities or whether certain activities fall under particular regulations. Instead, their responses typically reference general terms within the applica - ble laws, often providing extracts from the relevant regulations. However, during consultancy periods, it is possible to obtain clear guidance regarding the qualification of an activity or the applicable regulations and neces - sary licences. While these are not formal “no-action” letters, these informal consultations can lead to more specific and actionable answers regarding a compa - ny’s regulatory obligations. 2.8 Outsourcing of Regulated Functions Vendors must comply with specific obligations according to relevant laws and regulations when func - tions become regulated for outsourcing, for example, security and confidentiality of data, compliance with industry standards or enabling audit requests or oth - er information by regulatory authorities. Outsourcing
agreements usually entail due diligence, written con - tract and periodic performance evaluation for com - pliance purposes. Outsourcing does not take away liability from the contracting party concerning regula - tory compliance of the outsourced function even if subcontracted to a vendor. Outsourcing such func - tions to a vendor already subject to regulatory con - trol offers another layer of assurance that the vendor could understand and satisfy the legal framework – an action that may lead to reduced risk and simple com - pliance management. Again, it will require due dili - gence and defined contractual terms detailing what the vendor should do and be held accountable for, regardless of this qualifying status. 2.9 Gatekeeper Liability Fintech providers are increasingly recognised as “gatekeepers” under EU regulations, depending on their role, market influence and services offered. Under the Digital Markets Act (DMA), large platforms with significant market power (eg, dominant payment systems or crypto-exchanges) may be designated as gatekeepers, requiring them to ensure fair competi - tion, interoperability and transparency. While the DMA primarily targets tech giants, fintechs controlling criti - cal financial infrastructure (eg, major payment gate - ways) could fall under its scope. For crypto-asset services, MiCA imposes gatekeeper- like obligations on platforms, mandating transparency, custody safeguards and accountability for activities. Similarly, under the Digital Services Act (DSA), fintechs hosting third-party financial services (eg, P2P lending platforms) must monitor illegal content and comply with due diligence requirements. In Romania, fintech providers must align with these EU rules. While smaller firms may avoid “gatekeeper” status, larger platforms face heightened responsibili - ties, including AML compliance, data protection and operational resilience. 2.10 Significant Enforcement Actions Romanian regulators have taken significant enforce - ment actions in several key sectors. These include in respect of market manipulation and price regulation, for which large fines have been imposed in the ener - gy sector; non-compliance with consumer protection
677 CHAMBERS.COM
Powered by FlippingBook