Everything that businesses seeking to operate in Romania need to know about their AML obligations.
The Romanian fintech market has good potential. Fintechs are one of the highest earners in the country, with a 31.8% share in overall start-up turnover. Plus, Romania is seeing a rise in fintech funding.
In light of its thriving fintech sector, Romania has been strengthening its AML (Anti-Money Laundering) regulations. Accordingly, in 2019 and 2020, the country transposed the EU’s anti-money laundering directives into national legislation.
Sumsub prepared this article to help businesses operating in Romania (or seeking to enter the Romanian market) navigate the AML compliance process.
The businesses that fall under Romanian AML regulations include:
The full list of regulated entities is provided in Chapter II of Law no. 129/2019.
Branches of financial, credit, e-money, and payment institutions from other member states of the EEA are also subject to AML obligations if they operate in Romania.
In 2019, Romania transposed the Fourth European AML Directive into Law No. 129/2019. The law defined the crime of “money laundering” and set the list of regulated businesses and their obligations.
In 2020, some of the principles of the European Fifth AML Directive were implemented by Emergency Ordinance no. 111, which amended Law No. 129/2019 to subject Romanian crypto businesses to AML obligations.
Currently, the most notable Romanian AML regulations include:
Also, on March 9th, 2021, Romania issued the Norms for the application of the AML Law clarifying the obligations of regulated businesses.
According to the AML Law, a person acts unlawfully if they knowingly commit one of the following crimes:
The supervising authorities that mitigate the risks of money laundering in Romania are the National Office for Prevention and Control of Money Laundering (“the NOPCML”), the National Bank of Romania, the Financial Supervisory Authority, and the National Office for Gambling.
Customer Due Diligence (CDD) is the process of collecting and verifying information about a customer during onboarding. Under AML Law, businesses in Romania are required to conduct standard CDD for their clients when:
1. Establishing a business relationship;
2. Carrying out an occasional transaction equal to or exceeding:
3. Carrying out occasional cash transactions equal to or exceeding €10,000 (or equivalent in RON);
4. Receiving remittances or transfering funds equal to or exceeding €2,000 (or equivalent in RON) through a single operation.
For all above-mentioned cases (except in the case of electronic transfers), businesses must report to the NOPCML no later than within 3 working days.
Romanian AML Law also describes cases when businesses may not apply CDD measures, such as electronic money transfers occurring under the following conditions:
Also, CDD isn’t required when the issuer of the payment instrument performs transaction monitoring.
Businesses in Romania must apply Enhanced Due Diligence (EDD) in situations with a high risk of money laundering. This includes business relationships and transactions with:
Correspondent relations with financial institutions in other EEA member states or third states must also imply EDD measures.
The AML Law specifies the EDD measures to be applied in cases of correspondent relations as well as during the onboarding of persons on PEP lists.
EDD measures for PEPs
If there are occasional transactions or business relationships with PEPs or legal persons who have PEPs as their beneficial owners, businesses must apply the following measures in addition to standard CDD:
These measures must also apply to family members or persons known to be close associates of PEPs.
EDD measures for correspondent relations
In case of correspondent relations with financial institutions of other EU member states or third states, businesses must apply the following additional measures:
Businesses must ensure that the respondent institution applies KYC measures on an ongoing basis if the correspondent account is directly accessible to the customer.
Know Your Customer (KYC) is the process of identifying and verifying customers. Businesses need to follow KYC requirements when working with their customers.
For the identification of natural persons, Romanian businesses must obtain the following information:
Also, information on the purpose and nature of the business relationship with the customer must be obtained.
For the identification of legal entities, Romanian businesses must inquire for information about beneficial owners.
Determining the beneficial owner
Under Romanian AML Law, the beneficial owner of a company can be direct or indirect.
A direct beneficial owner is a natural person who exercises ownership or control over a company by one of the following criteria:
An indirect beneficial owner is a natural person who owns or controls a foreign company that holds 25% + one of shares* of a Romanian company or participates in more than 25% over a Romanian company’s capital.
If there are no persons matching above mentioned criteria, the beneficial owner is a natural person who holds a senior management position; for example, the director/directors or the members of the board of directors/supervisory board.
*meaning amount of shares must exceed, but not be equal to 25%
The minimum information obtained about the beneficial owner must include:
Businesses in Romania must implement ongoing verification of the accuracy of obtained KYC data. This is crucial to ensure that the client’s established risk profiles are correct and that the monitoring process is efficient.
If businesses fail to comply with the obligations prescribed by the AML Law, they may be subject to fines of up to 150,000 RON (app. €30,000) or imprisonment from 3 to 10 years.
Romania’s AML regulations have broad implications for traditional and crypto businesses, both domestic and foreign. We’ll continue to track AML changes in Romania and will update this article on an ongoing basis. Save it to your reading list so you don’t miss any important news.