Fintech 2025

ROMANIA Law and Practice Contributed by: Sergiu-Traian Vasilescu, Luca Dejan, Bogdan Rotaru and Ana-Maria Bută, VD Law Group

The classification determines the specific reg - ulatory regime, which could involve MiCA for crypto-asset issuance, or the EU Electronic Money Directive (EMD) for digital assets treated as e-money. Romania, like many EU countries, also applies AML/KYC regulations to cryptocurrency opera - tors, requiring exchanges and wallet providers to register with the national authorities. DeFi DeFi, which aims to replicate traditional finan - cial services using blockchain technology, faces uncertain regulatory treatment in both the EU and Romania. As of now, there is no specific DeFi regulation in the EU, but relevant laws, including MiCA and PSD2, may apply based on the specific services offered (eg, lending or exchange). National regulations, such as Roma - nia’s Electronic Payments Law, may also apply, especially for entities offering services that inter - sect with traditional finance. Open Banking Open banking in the EU is governed by PSD2, which mandates that banks provide third-party providers with access to customer payment account information (with customer consent). Romania implements PSD2, which facilitates a regulatory environment for open banking. In addition, open banking can involve data protec - tion and privacy laws (such as GDPR), which govern the processing of personal data, making compliance with both banking and data protec - tion laws necessary. Factoring Factoring, or the purchase of receivables, falls under the broader umbrella of financial services regulation. In the EU, factoring services must comply with the Consumer Credit Directive

(CCD) and the Directive on the Legal Frame - work for Electronic Payments. Romania enforces these EU regulations and may impose specific requirements for factoring companies, particu - larly regarding capital requirements and con - sumer protection in factoring agreements. Digital Operational Resilience Act (DORA) DORA, which came into effect in 2023, focuses on enhancing the operational resilience of finan - cial institutions and their service providers in the face of ICT (Information and Communication Technology) risks. DORA applies to a wide range of financial entities, including banks, insurance companies and payment service providers, and extends to third-party providers, such as cloud services. The act outlines requirements for risk management, incident reporting and business continuity plans, with specific attention to ICT service providers that offer critical services. In Romania, DORA is directly applicable due to its status as an EU regulation, and compliance will be monitored by the Romanian National Bank (BNR) and other relevant authorities, depending on the sector. Financial institutions must integrate operational resilience and ICT risk management into their day-to-day operations, ensuring they can withstand, respond to and recover from disruptions. Key Issues Between Local and Supra- National Law There are several points where local law may diverge from EU or international regulatory frameworks, particularly in the areas of enforce - ment and interpretation. While EU regulations, such as MiCA, PSD2, GDPR and DORA, provide harmonised rules across member states, indi - vidual countries like Romania may have nuances in their implementation and enforcement.

718 CHAMBERS.COM

Powered by