Legal Update

AML Insights

Legal Update | February 05, 2020



Alexandru Ambrozie - Partner, PNSA

The Romanian Office for Prevention and Control of Money Laundering („the AML Office”) published on February 3 the secondary norms („the Norms”) to the law transposing the 4th AML Directive that entered into force in July 2019 („AML Law”).

Until this moment,

  • the National Bank of Romania („NBR”) issued Regulation no. 2/2019(1) – detailing specific requirements for the AML compliance programs that should be applied by the institutions that are under its supervision, such as credit institutions, payment institutions or non-bank financial institutions registered with the NBR Special Registry; and
  • the Financial Supervisory Authority („FSA”) issued Regulation no. 13/2019(2) - laying down the necessary measures that should be applied by the entities supervised by the FSA in order to prevent and combat money laundering and the financing of terrorist acts through the regulated financial sectors supervised by the FSA.

Supplementing these regulations, the AML Office adopted the Norms which, in principle, are applicable to those entities which do not fall under the AML supervision of the NBR or the FSA.

The Norms are applicable to the following entities:

  • non-bank financial institutions exclusively registered with the NBR General Registry which are not payment institutions or e-money institutions; non-bank financial institutions registered with the NBR Entry Register such as pawnshops, or other non-profit institutions, account information service providers, foreign exchange offices authorised by the Minister of Public Finance or postal service providers, which provide payment services;
  • gambling services providers;
  • auditors, accountants, persons providing tax, financial, business or accounting advisory;
  • notaries, lawyers, bailiffs and other persons exercising legal professions, when they advise on the purchase or sale of immovable assets, shares or businesses; or on the management of client money, securities or other assets; or on the opening or management of bank, savings or securities accounts; on the organization of the process of underwriting the contributions required for the incorporation, operation or administration of companies; or on the establishment, administration or management of companies, collective investment undertakings in securities or other similar structures, and as well as if they participate on behalf of or for their clients in a financial or real estate transaction;
  • trust of other company service providers;
  • real estate agents;
  • other entities trading in good or services, insofar as the payments are made or received in cash in an amount of minimum the equivalent in RON of EUR 10,000.

The Norms cover the following main topics:

1. AML Compliance Officer and persons with responsibilities in the enforcement of AML provisions

  • the persons with AML responsibilities should be at least annually tested in order to ensure a high level of professionalism;
  • their specific duties should be laid down in the job description;
  • the reporting entity should conduct periodic internal training aimed to address suspicious transaction indicators or money laundering indicators tailored to its activity.

2. Independent audit function

The reporting entities should engage an independent auditor in order to test their AML policies, internal norms and procedures, in case at least two of the following criteria are met in the previous financial year:

  • Total assets: RON 5,000,000;
  • Total net turnover: RON 10,000,000;
  • Average number of employees: 30.

3. Risk-based approach

The principle of risk-based approach consists in adjusting the measures to be taken and the resources to be allocated to the risk level attached to (i) clients, (ii) products, services or transactions, (iii) delivery channels and (iv) countries or geographical areas.

The Norms clarify that, during the risk analysis, the obliged entities should take into consideration all risk factors indicated by the law, but also other factors relevant to the entity.

When accepting a client and initiating a transaction, the reporting entities should evaluate each associated risk factor within a range from „low ML/FT risk”, „moderate ML/FT risk” and „high ML/FT” or other similar criteria. Afterwards, the reporting entity should consider the overall risk profile of the transaction/Client.

4. Simplified due diligence measures

When applying simplified due diligence, the reporting entities may implement the following due diligence measures:

  • limit the volume, type or time allocated to the KYC measures;
  • obtain a smaller volume of information regarding the customer identification;
  • simplify the due diligence measures performed in order to verify the identity of the clients;
  • reduce the frequency for updating the information regarding the identification of the clients during the business relationship with the entity;
  • reduce the degree of monitoring and verification of the transactions carried out by the client.

5. Enhanced due diligence measures

When applying enhanced due diligence, the reporting entities should implement the following due diligence measures:

  • obtain additional information regarding: (i) the authorized person who acts in the name and/or behalf of the client; (ii) the beneficial owner; (iii) the headquarters; (iv) the occupation; (v) the source of income; (vi) the volume of assets and other information available from public databases;
  • conduct additional searches, such as internet searches using independent or other open sources;
  • obtain additional information and, as the case may be, justification through related documents regarding the nature of the business relationship and the source of the client's funds/assets;
  • obtain information regarding the reasons underlying the transaction;
  • lower the 25% threshold provided for the definition of the beneficial owner;
  • conduct additional monitoring of the business relationship - by increasing the number and duration of the checks carried out and selecting the transaction models that require additional checks;
  • raise awareness of all its employees dealing with high-risk transactions and clients.

Diana Dobra - Associate, PNSA

6. Suspicious transactions reports

In order to identify suspicious transactions, the reporting entities should consider to set parameters and patterns that delimitate ordinary transactions carried out by its clients, such as: value limits per customer type, product or transaction; categories of transactions carried out in relation to the different categories of customers; and client’s business.

* * *

As the Norms took effect on February 3, 2020, they left companies with little to actually no time to update the existing AML policies and be compliant on time.

Also, the financial institutions that fall under the supervision of the NBR or FSA and had to comply with the AML Law until January 17, 2020 should already start updating their AML policies.


(1) Regulation no. 2/2019 on preventing and combating money laundering and terrorism financing

(2) Regulation no. 13/2019 on the establishment of measures to prevent and fight against money laundering and terrorist financing through financial sectors supervised by the FSA


This document is intended for informational purposes only, does not represent legal advice and does not focus on particular cases.

For further information or analysis on specific matters, please contact Alexandru Ambrozie or Diana Dobra.

Download Document

AML Insights




Valid XHTML 1.0 Transitional