ROMANIA Law and Practice Contributed by: Sergiu-Traian Vasilescu, Luca Dejan, Bogdan Rotaru and Ana-Maria Bută, VD Law Group
legal and regulatory frameworks – vary in prac - tice within each industry, with a few companies, such as those dealing in cybersecurity, data protection and corporate governance, adopt - ing higher standards than those of the minimum requirements. 2.13 Conjunction of Unregulated and Regulated Products and Services In Romania, industry participants – particularly fintech firms and crypto platforms – frequently offer both regulated and unregulated products or services. For example, a single entity might provide regulated payment services (under Law 209/2019, transposing PSD2) alongside unregu - lated crypto-asset activities. These offerings are often structured through the same legal entity, with internal operational safeguards to segre - gate regulated and unregulated activities. How - ever, some firms establish separate subsidiaries for regulated services (eg, payment institutions or investment firms) to isolate risks and comply with sector-specific rules under Law 126/2018 (capital markets) or Law 129/2019 (anti-money laundering). Romanian regulators, including the BNR and the ASF, scrutinise this practice to prevent con - sumer confusion, regulatory arbitrage and sys - temic risks. They emphasise strict governance, transparency and clear disclosure to ensure unregulated activities (eg, non-custodial crypto trading) do not undermine compliance in regulat - ed areas. Recent guidance from the ASF aligns with EU expectations, warning against bundling products in ways that obscure risks or evade oversight. 2.14 Impact of AML and Sanctions Rules The application of anti-money laundering (AML) and sanctions rules is presently a massive influ - ence on both regulated and unregulated fin -
techs in Romania. To comply with national and EU-level regulations, regulated fintechs must develop full-scale AML systems for customer due diligence (CDD) and reporting on suspicious activities. Such regimes are precursors to the laundering of money and terrorist financing, and violations of sanctions, and have caused con - siderable increases in operation costs for the kind of fintechs that need to invest in systems for compliance and for the training of person - nel. Unregulated fintechs do not have to comply directly with AML requirements, but there is still reduced pressure from regulators and financial institutions on these companies, since if they did come up short on AML performance, this could well hamper their access to payment ser - vices or healthy banking relationships. Due to the character and tightening nature of regula - tion, both types of companies must seek a bal - ance between innovation and compliance, with the further premise that their operations would not unwittingly allow illicit activities, nor violate international sanctions. 2.15 Financial Action Task Force Standards AML rules and sanctions in Romania are in line with FATF standards. As a member of the EU, Romania is covered by the EU AML directives, which are mainly based on FATF recommenda - tions. The measures include CDD, suspicious transaction reports, and preventive measures on freezing the assets of persons subject to sanc - tions. The risk-based approaches prescribed by the FATF in a regulatory framework are to bind all financial institutions, including fintechs, in assessing and mitigating money laundering and terrorist financing risks for these institutions, to which Romania commits under the FATF’s Mutual Evaluation Process for AML and sanc - tions standards set by the country in line with best international standards.
724 CHAMBERS.COM
Powered by FlippingBook