Law No. 129/2019 on the prevention and sanctioning of money laundering and terrorism financing transposing the 4th AML Directive finally adopted by the Parliament on 26 June 2019 was published on 18 July 2019
The Law No 129/2019 on the prevention of money laundering and terrorism financing (AML Law) was adopted by the Romanian Parliament on 26 June 2019, precisely with a 2 years term delay from the 4th AML Directive transposition deadline and was published in the Official Gazette of Romania No 589 of 18 July 2019. The AML Law will enter into force on 21 July 2019. It repels the former Law No 656/2002 on the prevention of money laundering and terrorism financing (Former AML Law).
The main provisions of the draft law are summarized below:
1. Extension of the scope of “reporting entities” subject to the AML requirements
New entities become subject to the AML Law, including (a) all gambling services providers (as opposed to just casinos under the Former AML Law); (b) service providers for trusts; and (c) distributors and agents of e-money institutions.
Moreover, the threshold for traders in goods performing cash transactions subject to anti-money laundering (AML) requirements has been lowered from the RON equivalent of EUR 15,000 to that of EUR 10,000.
2. Lowering the threshold of transactions triggering reporting obligations
The value of cash transactions triggering a reporting obligation (except where there is a suspicion of AML which requires immediate reporting irrespective of the value of a transaction) has decreased from the RON equivalent of EUR 15,000 to EUR 10,000. As a result, entities (Reporting Entities) subject to the AML Law are required to notify the Office for the Prevention of Money Laundering and Terrorism Financing of all cash transactions (in RON or foreign currency) which involve amounts of at least the RON equivalent of EUR 10,000 irrespective on whether the transaction is made via one (ie an occasional operation) or several operations which seem to be linked and where such transactions are not made via credit or financial institutions.
Also, a new reporting obligation is provided in case of money remittance operations with funds exceeding the RON equivalent of EUR 2,000.
3. Beneficial owner registries
The AML Law provides that central registries containing adequate, accurate and up-to-date information on the beneficial owners will be organized at the level of:
- the National Trade Register for commercial companies
- the Ministry of Justice for associations and foundations
- the National Agency for Fiscal Administration in the case of trusts (Romanian, fiducie).
Access must be guaranteed to the following: (a) the competent authorities and the Office for the Prevention of Money Laundering and Terrorism Financing; (b) Reporting Entities when applying customer identification measures; and (c) any person or organisation which can demonstrate a legitimate interest.
Legal entities registered with the National Office for the Trade Registry (except for autonomous state companies, national companies or companies wholly or majority owned by the Romanian State) have the obligation to declare annually or each time a change occurs on their own responsibility the identity of their beneficial owner including details on its first name and surname, birth date, personal identification number, series and number of identity card, citizenship, domicile or residence.
The own responsibility statement signed by the legal representative must be filed with the National Office for the Trade Registry within 15 days from the approval of the legal entity’s financial statements or within 15 days as of the occurrence of any changes. The statement may be made in front of the trade register officers or filed in authentic form after being signed in this form in front of a notary public.
The breach by the legal representative of the above obligation constitutes an administrative offence and he is sanctioned with fines amounting to RON5,000 (approximate EUR1,040) to RON10,000 (approximate EUR2,080). The fines are imposed by the competent controlling bodies within the National Agency for the Fiscal Administration or its territorial units. The failure of the legal representative to remedy the breach within the next 30 days, entitles the National Office for the Trade Registry to request the dissolution of the company.
4. Simplified due diligence measures
As opposed to the Former AML Law, the new AML framework no longer prescribe the categories of clients which qualify for simplified customer due diligence measure (SDD). As opposed to the approach under the Former AML Law, if a Reporting Entity finds, after conducting a risk assessment, that the risks associated with a particular business relationship or a particular occasional transaction is reduced, the respective Reporting Entities must apply the standard customer due diligence measures (CDD) measures tailored in a way that is proportionate to the risks actually identified.
The AML Law provides a non-exhaustive list of low risk factors which Reporting Entities should consider when assessing the risk associated with a business relationship or an occasional transaction.For any other cases where SDD measures could be applied in view of the low risk identified, it belongs to the Reporting Entities to determine and apply on a risk-based approach the actual SDD measures.
5. Enhances due diligence measures
Similarly as in the case of SDD measures, the AML Law provides for a non-exhaustive list of circumstances when EDD measures are required in addition to CDD measures.
The AML Law only prescribes the type of EDD measures that Reporting Entities must apply when dealing with politically exposed persons (either customers or their beneficial owners) or in case of correspondent relationship with credit institutions and financial institutions in countries which are not members of EU or EEA.
For any other cases where EDD measures must be applied in view of the high risks identified, it belongs to the Reporting Entities to determine and apply on a risk-based approach the actual EDD measures which must be proportionate to the risks effectively identified.
6. Internal norms and policies
Depending on the nature and size of their business, Reporting Entities must establish internal norms and policies, internal control mechanisms and risk management procedures to be approved at senior management level. Such internal norms and policies must contain:
- Customer due diligence measures
- Reporting, records keeping and procedures for prompt provision of data upon request by the competent authorities
- Internal control, risk assessment and management, conformity and communication management
- Protection measures for the employees involved in the implementation of the policy against discrimination and threat
- Employees screening and employees’ periodical evaluation
Depending on the size and nature of the business as well on the supervisory authorities’s requirements, Reporting Entities an independent audit function to test their internal norms, policies and procedures.
7. Data retention
Reporting Entities are required to keep within their records:
- for customer due diligence - a copy (either hard copy or electronic form admissible in judicial proceedings) of the documents and information, for a period of 5 years following the end of the business relationship / the date of an occasional transaction
- for the supporting evidence and records of transactions - original documents or copies admissible in judicial proceedings, for a period of 5 years after the end of a business relationship with their customer / after the date of an occasional transaction
8. AML rules for extraterritorial activities
Romanian Reporting Entities operating branches in other EU Member States must ensure that such branches observe the legislation of those EU Member States relating to the prevention of using the financial system for ML purposes.
Reporting Entities that are part of a group must implement group-wide policies, procedures and instructions, including data protection policies and policies and procedures for sharing information within the group for AML purposes. Those policies and procedures must be implemented effectively at the level of branches and majority-owned subsidiaries located in EU Member States and third countries.
Additional measures must be implemented to effectively handle the risk of ML / TF where a third country law does not permit the implementation of group-wide polices.
Romanian credit or financial institutions operating branches in third countries must ensure that they apply know your customer and records-keeping procedures at least equivalent to those provided under the AML Law.
9. Prohibition from issuing new bearer shares
Romanian companies are forbidden from issuing new bearer shares starting from 21 July 2019 as well to the trade on the existing ones. Existing bearer shares must be converted into nominative shares within the next 18 months.
Failure by concerned legal entity to convert the bearer shares into nominative shares may lead to the dissolution of the entity at the request of any interested party or of the National Trade Registry Office.
10. Significantly more severe administrative sanctions
The AML Law provides significantly more severe administrative sanctions in case of breaches of the legal provisions by the Reporting Entities as opposed to the Former AML Law.
For individuals: Administrative sanctions may consist of a warning or an administrative fine (ranging from minimum RON10,000 (approx. EUR2,300) to maximum RON150,000 (approx. EUR34,000)
For legal entities: Administrative sanctions may consist of a warning or fine of 10% of the total revenue declared for the previous fiscal period above the fines applicable for individuals. Separate sanctions may also be applied to the members of the management bodies or other individuals responsible for the breach.
For breaches by non-banking financial institutions (other than those supervised by the National Bank of Romania: In case of breaches by credit or financial institutions which are serious, repeated and/or systematic, administrative fines of up to RON 5,000,000 (approx. EUR 1,057,000) for legal entities and up to RON 50,000 (approx. EUR 11,000) for individuals.
Ancillary sanctions: In addition to fines, one or more additional ancillary administrative sanctions may be imposed, including, licence withdrawal (either temporary or definitive), freezing the bank account for a period of 10 days up to one month or closing down the unit, issuing an injunction, forfeiting of goods used or resulting from the breach.
For credit institutions or non-banking financial institutions (supervised by the National Bank of Romania), the following types of sanctions may be imposed: (i) supervision measures, (ii) administrative measures and (iii) sanctioning measures.
Supervisory measures to be imposed by the National Bank of Romania may consist in: (i) requesting the legal entity to improve the management framework, the policies, the procedures with a view to decrease the risks and remedy the deficiencies or causes of the breach; (ii) to request the legal entity to apply standard customer due diligence measures instead of simplified customer due diligence measures or enhanced due diligence measures instead of the standard customer due diligence measures; (iii) to restrict the activity, operations or delivery channels; (iv) to request the legal entity to decrease the risk related to its operations, services, IT systems; (v) to request the replacement of the persons appointed to ensure the management of the compartments and / or the branches with responsibilities for the AML Law enforcement.
Administrative sanctions to be applied by the National Bank of Romania may consist in: (i) written warning; (ii) public warning; (iii) fines of up to 10% of the total annual turnover according to the latest financial statements available or up to RON 23 million; and (iv) withdrawal of the approval for its directors and/or managers.
Sanctioning measures to be imposed by the National Bank of Romania may consist in: (i) order for termination of the illicit conduct; (ii) temporary restriction for individuals to occupy certain job positions; (iii) withdrawal of the authorization.
The National Bank of Romania ensures the publicity of the sanctions applied by it by posting on its official web-site information on the number and type of measures and sanctions applied, the type and nature of the breach, identity of the individuals responsible for the breach. The information is kept for a period of 5 years.
The National Bank of Romania also informs the European Supervisory Authorities on the supervision measures, administrative sanctions and sanctioning measures applied to credit / financial institutions.
11. AML Secondary legislation
According to AML Law, certain secondary legislation is to be adopted with a view to implementing the law, including:
- an implementing regulation to be adopted by the Romanian Government based on a draft to be proposed by the Office for the Prevention of Money Laundering and Terrorism Financing
- a regulation to be issued by the Office for the Prevention of Money Laundering and Terrorism Financing regarding the content and form of reports of transactions
- a guide to be issued by the Office for the Prevention of Money Laundering and Terrorism Financing providing criteria and rules for recognizing high or low AML risk situations
- sectorial regulations to be issued by supervisory authorities (including by the National Bank of Romania for credit and financial institutions and the National Agency for Fiscal Administration) and self-regulatory bodies.