03
Tue, Dec
29 New Articles

Romania to Introduce Stricter Compliance Rules for Crypto-Asset Service Providers

Romania
Tools
Typography
  • Smaller Small Medium Big Bigger
  • Default Helvetica Segoe Georgia Times

Romania’s National Office for the Prevention and Control of Money Laundering has recently published a draft of an Emergency Ordinance amending and supplementing Law no. 129/2019 on the prevention and control of money laundering and terrorist financing (the Emergency Ordinance) in order to harmonise domestic legislation with the provisions of Directive (EU) 2015/849 of the European Parliament and of the Council of 20 May 2015 on the prevention of the use of the financial system for the purpose of money laundering or terrorist financing (the Fifth AML Directive), as amended by Regulation (EU) 2023/113 of the European Parliament and of the Council of 31 May 2023 on information accompanying transfers of funds and certain crypto-assets (the MiCAR).

The Emergency Ordinance introduces legislative changes relating to crypto-assets and simplifies and standardises the terminology previously used. For example, the term "digital wallet provider" will be replaced by the more concise term "crypto-asset service provider", which means any legal person or other entity whose occupation or business is the provision of one or more crypto-asset services to customers on a professional basis and which is authorised to provide crypto-asset services. Such new terminology introduced by the Emergency Ordinance is aimed to better reflect technological developments and the diversity of services related to crypto assets. The new definitions will provide greater legal clarity and better regulation of the sector, creating a more adaptable framework for future innovation and more effective oversight of the cryptocurrency market.

Moreover, the Emergency Ordinance is intended to bring about significant changes for crypto-asset service providers, moving towards a concise and well-defined regulatory framework. This will require providers to meet more rigorous compliance requirements, for example, more intensive KYC, AML and CFT requirements, whereby crypto-asset service providers will be required to identify and measure the risk of money laundering and terrorist financing associated with the transfer of crypto-assets to or from an untrusted address by establishing clear internal risk management policies and procedures and implementing internal control mechanisms.

Crypto-asset service providers will be required to implement measures proportionate to identified risks by:

  • taking steps to identify and verify the originator/beneficiary of a transfer to/from an undisclosed address;
  • requesting additional information about the origin and destination of the crypto-assets transferred; and
  • carrying out enhanced ongoing monitoring of the transactions concerned.

Under the Emergency Ordinance, crypto-asset service providers will be subject to much closer supervision by the National Bank of Romania (the NBR) and the Financial Supervision Authority (the ASF) as the authorities responsible for the monitoring and implementation of the information that accompanies the transfers of funds designated for this purpose. These institutions will play a key role in monitoring and supervising crypto-asset service providers and will ensure that they comply with the new compliance and transparency rules. Essentially, the previous freedom to operate is transformed under the Emergency Ordinance into strict compliance, similar to the traditional financial sector. This regulation will bring about a deeper integration of the crypto-asset sector into the regulated economy as well as greater accountability for crypto-asset service providers.

Another important and mandatory change is the requirement to establish a single point of contact on the territory of Romania for crypto-asset service providers authorised in other Member States and carrying out certain activities on the territory of Romania under the right of establishment other than through a branch.

The responsibilities of the single point of contact will include the following:

  • monitoring and enforcing the rules on prevention of money laundering and terrorist financing for activities carried out in Romania;
  • facilitating the supervisory function exercised by the NBR and ASF;
  • providing documents and information at the request of the supervisory authorities, ensuring prompt and full access to the data needed to monitor compliance and investigate potential suspicious activities.

The provisions of the Emergency Ordinance also impose additional KYC measures on crypto-asset service providers, particularly in cross-border correspondent relationships involving entities outside of the European Union (EU). These measures are aimed at enhancing security and preventing risks related to money laundering and terrorist financing by applying more rigorous standards in assessing and monitoring relationships with external entities. Below is a list of the main obligations that crypto-asset service providers active in Romania must observe before entering into business relationships with entities providing crypto-assets services from outside the EU:

  • Verification of the respondent's authorisation or registration. This involves ensuring that the respondent is properly regulated in its jurisdiction and operates legally.
  • Gathering detailed information about the respondent entity. It is necessary to fully understand the nature of the respondent entity's business, including its reputation and the quality of oversight it enjoys, in order to assess whether it can be a reliable party in the correspondent relationship.
  • Assessment of controls to prevent money laundering and terrorist financing. The assessment should ensure that the respondent has effective measures in place to combat illicit activities.
  • Obtain senior management approval. In order to establish any new correspondent relationship, approval of the crypto-asset service provider entity's senior management is required, which adds an additional layer of scrutiny and accountability.
  • Clear documentation of each party's responsibilities. It is essential that the responsibilities of each party involved in the correspondent relationship are clearly documented.
  • Verification of the identity of customers with direct access to crypto-asset accounts. In the case of directly accessible crypto-asset accounts, crypto-asset service providers must ensure that the respondent entity has verified the identity of its customers and that it has anti-money laundering and counter-terrorist financing compliance measures in place.

These additional measures will contribute to tighter supervision and increased security in cross-border transactions involving crypto-assets, thereby reducing the risks of these services being exploited for illegal activities.

Finally, the Emergency Ordinance aims to repeal Article 301 of the Law on the authorisation and/or registration of providers of exchange services between virtual currencies and fiat currencies, as well as providers of digital wallets. By repealing Article 301, it appears that the Commission for the Authorisation of Foreign Exchange Activity (existing under the Ministry of Finance) and the Authority for the Digitalisation of Romania will no longer be involved in the authorisation process for crypto-asset service providers.

The Emergency Ordinance provides that its provisions will enter into force on 30 December 2024. However, the appointment of a single point of contact and the implementation of internal policies and procedures as per the new rules, as well as the internal control mechanisms, will come into force at the end of January 2025.

By Razvan Constantinescu, Managing Associate, and Horatiu Cretu, Junior Associate, Kinstellar