ROMANIA Law and Practice Contributed by: Sergiu-Traian Vasilescu, Luca Dejan, Bogdan Rotaru and Ana-Maria Bută, VD Law Group
legislation and transparency requirements in banking practices, leading to sanctions in the financial sector; violations of data protection principles and the prac - tice of unfair competition in telecommunications and IT; and misleading advertising far in excess of accept - ed standards and other unfair commercial practices by the retail sector. These actions reflect the active efforts of the regulators, aimed at maintaining a solid regulatory framework and safeguarding integrity in the markets as well as consumer interests in the top busi - ness sectors in Romania. 2.11 Implications of Additional, Non- Financial Services Regulations The implementation of additional non-financial servic - es regulations related to privacy, cybersecurity, social media content and software development has signifi - cant implications for industry participants. Companies will need to adapt to stricter data protection laws and comply with enhanced cybersecurity requirements, imposing an additional burden on newer tech-driven companies to ensure robust security measures. Out - dated firms with existing systems may find it quite complicated to update to the changing standards, while new-age players may have an advantage in that they can design their systems in compliance with such requirements. In addition to this, increased legislation regarding social media content has resulted in many more compliance obligations for digital services in preventing the spread of harmful material. This makes the entire regulatory landscape for compliance more complex, especially for those businesses that either have to modernise their operations, or realign their practices with the increasing number of compliance laws. 2.12 Review of Industry Participants by Parties Other Than Regulators Besides regulators, the industry is also reviewed by accounting and auditing firms, vendors and industry bodies. Such firms make certain that a set of finan - cial reporting standards is followed, and independent audits are carried out to ascertain the truthfulness and integrity of financial statements. In particular, tech and supply chain vendors perform assessments to deter - mine compliance with contractual obligations and industry standards. Various industry bodies and trade associations monitor actions as well, setting ethical
standards and ensuring sector members adhere to sector-specific guidelines. Such requirements – while usually complementary to legal and regulatory frame - works – vary in practice within each industry, with a few companies, such as those dealing in cybersecuri - ty, data protection and corporate governance, adopt - ing higher standards than the minimum requirements. 2.13 Conjunction of Unregulated and Regulated Products and Services In Romania, industry participants – particularly fin - tech firms and crypto-platforms – frequently offer both regulated and unregulated products or services. For example, a single entity might provide regulated payment services (under Law 209/2019, transposing PSD2) alongside unregulated crypto-asset activities. These offerings are often structured through the same legal entity, with internal operational safeguards to segregate regulated and unregulated activities. How - ever, some firms establish separate subsidiaries for regulated services (eg, payment institutions or invest - ment firms) to isolate risks and comply with sector- specific rules under Law 126/2018 (capital markets) or Law 129/2019 (anti-money laundering). Romanian regulators, including the BNR and the ASF, scrutinise this practice to prevent consumer confu - sion, regulatory arbitrage and systemic risks. They emphasise strict governance, transparency and clear disclosure to ensure that unregulated activities (eg, non-custodial crypto-trading) do not undermine com - pliance in regulated areas. Recent guidance from the ASF aligns with EU expectations, warning against bundling products in ways that obscure risks or evade oversight. 2.14 Impact of AML and Sanctions Rules The application of AML and sanctions rules is pres - ently having a massive influence on both regulated and unregulated fintechs in Romania. To comply with national and EU-level regulations, regulated fintechs must develop full-scale AML systems for customer due diligence (CDD) and reporting on suspicious activities. Such regimes to prevent the laundering of money and terrorist financing, and violations of sanc - tions, have caused considerable increases in opera - tion costs for regulated fintechs that need to invest in systems for compliance and for the training of per -
678 CHAMBERS.COM
Powered by FlippingBook