On 9 September 2019, the National Bank of Romania’s Regulation no. 2/2019 concerning antimoney laundering and counter terrorism financing entered into force and repealed the previous regulation, i.e., NBR Regulation no. 9/2008. 

Which are the subjects to the new requirements?

The regulatory aspects imposed by the new regulation are addressed to a significantly more extended category of entities, which are bound to its terms and therefore, are required to implement internal regulations in order to prevent money laundering practices and to counter financing of terrorism. The new rules are applicable to Romanian credit institutions and their branches, as well as to payment institutions, e-money institutions and non-banking financial institutions which are registered either in the NBR’s Special Register or in NBR’s General Register, in this latter case if they also have the status of payment institution or e-money institution. 

Furthermore, the legal provisions also apply to Romanian credit institutions, payment institutions and e-money institutions that perform their activities directly in other states members of the UE, based on passporting rules.

The new regulation extended the list of subject entities in the context of the continuous evolution of the technical and legal framework which facilitated recently the entry on the market of new players in the form of e-money institutions and payment institutions. Taking into consideration the fact that the usage of e-money is becoming a real substitute to traditional bank accounts, the NBR has extended to these institutions the same requirements applicable to banks in relation to know your customers practices.

Stricter KYC requirements

When establishing a business relationship with a new client, either an individual or a legal entity, the institutions targeted by the new regulation are under the obligation to implement certain KYC procedures. 

Among the new aspects introduced by Regulation no. 2/2019, there are additional requirements concerning the identification of the source of funds used to perform the operations, and to also provide further information about the ultimate beneficiary owner of the operations carried out. The reporting entities are under the obligation to obtain sufficient data about their clients and the respective UBOs in relation to any transaction having a value higher than EUR 15,000 or that implies a transfer of funds higher than EUR 1,000. 

Through this regulation, the NBR expressly prohibits institutions from initiating, continuing or carrying out any transaction or business relationship if it cannot apply sufficient measures of KYC or if they cannot properly manage the risk of money laundering and terrorist financing

Additional requirements regarding internal resources and organization

In order to comply with the obligations imposed by Law no. 129/2019 on anti-money laundering and counter terrorist financing, institutions must carry out risk assessments and must implement internal policies and norms. Considering this, the NBR Regulation no. 2/2019 creates a series of requirements and standard that must be taken into account by the reporting institution while preparing and implementing the risk evaluation strategy and internal policies in order to diminishing the risk of money laundering and financing of terrorism.  

The institutions subject to this new regulation have the obligation that, through their internal policies to manage and diminish the risk of money laundering and terrorism financing, and to establish certain client acceptance rules, depending on the products and services they intend to offer and to limit the level of risk considered acceptable in relation to each type of client, product and services. 

The reporting institutions have the obligation to impose adequate standards during the recruitment process, but also measures to ensure a program of preparation and verification of their implementation. In addition, the new NBR regulation requires credit institutions to designate a compliance officer from the members of the senior management and to notify to the National Bank of Romania the standards regarding the designation of such compliance officer as well as the documents regarding their experience in order to efficiently perform the tasks assigned to them.

Compliance deadline

Reporting institutions operating at the date of entry into force of NBR Regulation no. 2/2019 have a term of approximately 4 months, until 17 January 2020, to comply with the requirements imposed by it.