It’s an overview of Romania’s AML superÂvision and obligÂaÂtions for cross-border groups, clariÂfying regulatory scope, reporting duties, and superÂvisory coordiÂnation to ensure compliance and effective oversight.
The Romanian Regulatory Framework and Legislative Alignment
Implementation of the 5th and 6th EU Anti-Money Laundering Directives
Romania has transÂposed the 5th and 6th AML DirecÂtives into national law, expanding obligÂaÂtions for crypto-asset providers, strengthÂening beneficial ownership transÂparency, enhancing risk-based due diligence, and increasing penalties for serious money laundering offenses.
The Mandate of the National Office for Prevention and Control of Money Laundering (ONPCSB)
ONPCSB serves as Romania’s Financial IntelÂliÂgence Unit, receiving and analyzing suspiÂcious transÂaction reports, coordiÂnating with law enforcement and EU partners, and issuing guidance to superÂvised entities to strengthen preventive controls.
Statutory responÂsiÂbilÂities include analyzing STRs, conducting on-site and off-site assessÂments of compliance among desigÂnated instiÂtuÂtions, coordiÂnating national AML/CFT strategy, sharing intelÂliÂgence with domestic and interÂnaÂtional counterÂparts, and proposing legislative or regulatory changes while cooperÂating closely with the NBR and ASF.
Sector-Specific Oversight by the National Bank of Romania (NBR) and the ASF
NBR superÂvises banks and payment instiÂtuÂtions for AML compliance, integrating AML checks into prudential exams and coordiÂnating cross-border superÂvision with home and host authorÂities.
National Bank of Romania embeds AML/CFT into consolÂiÂdated and on-site superÂvision, performs thematic inspecÂtions and can enforce remedial measures; the Financial SuperÂvisory Authority regulates insurers, capital markets and pension schemes, issues sector-specific AML rules, and engages in joint actions with ONPCSB and foreign superÂvisors on cross-border group oversight.
Supervisory Methodologies for Credit and Financial Institutions
The Transition to a Risk-Based Approach (RBA) in Inspections
Romanian superÂvisors have shifted inspection focus from checklist compliance to risk prioriÂtiÂsation, concenÂtrating resources on higher-risk activÂities, customers and controls, and tailoring scope, sampling and follow-up measures to instiÂtuÂtional risk profiles and cross-border exposures.
Off-site Monitoring and Electronic Reporting Requirements
SuperÂvisors require regular electronic reporting, standardized templates and automated alerts to support off-site trend analysis, anomaly detection and prompt escalation of suspiÂcious patterns across domestic entities and foreign branches.
Electronic systems integrate superÂvisory dashboards, automated risk scoring and interbank data feeds, allowing cross-border consolÂiÂdation, peer benchÂmarking and targeted inquiries; mandatory formats and secure portals reduce reporting delays while enabling superÂvisors to escalate onsite inspecÂtions where off-site indicators show elevated risk.
Governance Requirements for Cross-Border Groups
Implementation of Group-Wide AML/CFT Policies and Procedures
Groups must adopt standardized AML/CFT policies that set minimum controls, risk assessÂments, and reporting templates across jurisÂdicÂtions, with documented escalation routes to the group level and periodic testing to ensure consistent appliÂcation in Romania and abroad.
Appointment of Group Compliance Officers and Local Reporting Lines
Appointing a group compliance officer ensures centralized oversight while desigÂnated local officers maintain country-specific reporting lines to Romanian management and the group head, preserving clear accountÂability for suspiÂcious activity reporting and regulatory engagement.
Senior compliance officers should have direct board access, full visibility of local transÂaction monitoring and audit outputs, and authority to require remediÂation in Romanian entities; they must set reporting cadences, validate country risk assessÂments, coordinate cross-border invesÂtiÂgaÂtions, address data protection limits on inforÂmation sharing, and ensure local officers receive mandated training and resources to meet both group and Romanian superÂvisory expecÂtaÂtions.
Harmonizing Romanian Requirements with International Group Standards
HarmoÂnizing policies requires mapping Romanian legal obligÂaÂtions to group standards, resolving conflicts through formal escalation, and documenting deviaÂtions with superÂvisory notifiÂcation to ensure both compliance with local rules and consistent group risk management.
Practical harmoÂnization involves a formal gap analysis of Romanian legisÂlation, BNR and FIU guidance against group rules, followed by documented justiÂfiÂcaÂtions for any diverÂgence and legal opinions where needed; proactive engagement with Romanian superÂvisors, regular testing, and consolÂiÂdated reporting help manage enforcement risk and demonÂstrate that group-wide controls respect mandatory national proviÂsions.
Information Sharing and Data Privacy in Multinational Entities
Legal Framework for Internal Information Exchange Between Subsidiaries
Romanian AML law and EBA guidance permit inter-subsidiary data sharing for prevention and detection of money laundering, provided transfers rest on documented legal bases, defined purposes, internal protocols, DPIAs and strict access controls, while aligning with FIU reporting obligÂaÂtions and superÂvisory expecÂtaÂtions.
Navigating GDPR Constraints Within Cross-Border AML Investigations
Compliance must rest on approÂpriate legal bases under GDPR, justify processing of personal and special-category data under Articles 6 and 9, apply minimization and retention limits, and rely on transfer mechaÂnisms or derogaÂtions for cross-border exchanges while documenting decisions and maintaining strict access controls.
Practical steps include conducting a DPIA focused on cross-border AML processing, appointing or consulting the group DPO, impleÂmenting pseudoÂnymiÂsation and strict role-based access, and documenting legal bases and retention schedules; transfers outside the EEA should use SCCs, adequacy findings or narrow derogaÂtions, with prior consulÂtation of ANSPDCP and coordiÂnation with the FIU when reporting duties intersect with data protection obligÂaÂtions.
Cooperation with European and International Supervisory Bodies
Collaboration with the European Banking Authority (EBA) and AMLA
Romanian superÂvisors align with the EBA and AMLA on guideÂlines, joint risk assessÂments, and superÂvisory converÂgence, contributing to EU-wide policy, particÂiÂpating in peer reviews and technical working groups to harmonize AML practices and enforcement across cross-border banking groups.
Mutual Legal Assistance and FIU-to-FIU Information Exchange Protocols
Bilateral MLATs and EU judicial cooperÂation channels enable timely evidence-sharing, while Romania’s FIU exchanges intelÂliÂgence with foreign counterÂparts via secure protocols and the Egmont network to support proseÂcuÂtions and asset recovery, respecting confiÂdenÂtiality and data-protection rules.
InforÂmation exchanges proceed through formal MLAT requests for evidenÂtiary material and direct FIU-to-FIU case queries using encrypted channels, standardized templates and agreed timelines to speed cross-border invesÂtiÂgaÂtions; judicial authorÂities and Eurojust coordinate complex probes, and strict confiÂdenÂtiality, proporÂtionÂality and EU data-protection standards govern discloÂsures and any freezing or tracing measures.
Compliance Challenges and Enforcement Trends
Beneficial Ownership Transparency and the Central Register Challenges
Confusion over data quality in the central register hampers effective beneficial ownership checks, creating gaps for cross-border groups and compliÂcating compliance reporting for Romanian obliged entities.
Sanctions Screening and PEP Due Diligence in a Globalized Economy
Cross-border payment flows increase false negatives and false positives in sanctions screening, while PEP due diligence requires real-time intelÂliÂgence and coordiÂnated risk scoring across jurisÂdicÂtions.
Systems for sanctions screening and PEP identiÂfiÂcation frequently struggle with inconÂsistent data feeds and name variaÂtions, producing alert volumes that overwhelm compliance teams. CoordiÂnation failures across group entities raise questions about screening thresholds and responÂsiÂbility allocation, prompting Romanian superÂvisors to expect stricter controls, clear escalation paths, and detailed audit trails.
Analysis of Recent Fines and Administrative Sanctions in the Romanian Market
Recent fines highlight shortÂcomings in transÂaction monitoring, client due diligence, and failure to report suspiÂcious transÂacÂtions, signaling intenÂsified Romanian enforcement against cross-border non-compliance.
AuthorÂities have issued several multi-million lei fines and adminÂisÂtrative measures against banks and payment service providers for weak AML controls, poor beneficial ownership checks, and late suspiÂcious activity reports. Sanctions often combine monetary penalties with mandatory remediÂation plans, independent audits, and tighter reporting obligÂaÂtions that force groups to centralize oversight. SuperÂvisors increasÂingly hold head offices accountable and demand documented policies, technical controls, and periodic testing.
Summing up
Taking this into account, Romanian AML superÂvision requires coordiÂnated oversight, clear allocation of responÂsiÂbilÂities and effective inforÂmation-sharing across cross-border groups to ensure compliance with EU direcÂtives and reduce laundering risks through consistent enforcement and harmonised internal controls.
FAQ
Q: Which Romanian authorities supervise anti-money laundering (AML) and how do their responsibilities differ?
A: Oficiul NaÈ›ional de Prevenire È™i Combatere a Spălării Banilor (ONPCSB) functions as Romania’s Financial IntelÂliÂgence Unit (FIU) and the national AML/CFT coordiÂnator; ONPCSB receives suspiÂcious transÂaction reports, conducts financial analyses, and coordiÂnates inter-agency AML policies. Banca NaÈ›ională a României (NBR) superÂvises credit instiÂtuÂtions and certain payment entities for compliance with AML obligÂaÂtions, carrying out onsite inspecÂtions and imposing prudential and corrective measures where AML controls are weak. AutoriÂtatea de Supraveghere FinanÂciară (ASF) covers insurance, capital markets and private pension adminÂisÂtrators for AML compliance within those markets. Ministry of Finance and other desigÂnated national superÂvisors or profesÂsional bodies retain superÂvisory or disciÂplinary roles for specific obliged entities such as certain non-financial profesÂsions; those bodies cooperate with ONPCSB and the prudential superÂvisors on enforcement and inforÂmation exchange.
Q: How are cross-border banking groups with Romanian operations supervised for AML at group level?
A: EU and national frameÂworks require group-level AML/CFT programs that apply across all entities in a cross-border group, including coherent policies for customer due diligence, transÂaction monitoring, and beneficial ownership controls. Parent-company and host-country superÂvisors coordinate consolÂiÂdated risk assessÂments and superÂvisory activÂities; NBR and ONPCSB particÂipate in coordiÂnation for groups operating in Romania. European Anti-Money Laundering Authority (AMLA) now has a mandate to directly supervise certain high-risk cross-border entities and to coordinate complex cross-border cases, which creates an additional layer of oversight for groups desigÂnated as signifÂicant under EU rules. Internal audit, an independent group AML compliance function, and documented escalation channels to group senior management and local MLROs are expected under superÂvisory guidance.
Q: What differences apply to AML obligations for a Romanian branch versus a Romanian subsidiary of a foreign group?
A: A Romanian branch is not a separate legal entity and usually follows the parent firm’s policies, but Romanian law requires the branch to comply fully with national AML/CFT rules, register local beneficial ownership where applicable, and report suspiÂcious transÂacÂtions to ONPCSB. A Romanian subsidiary is a locally incorÂpoÂrated entity subject to Romania’s company law and bank or market licensing requireÂments, and must implement its own local AML controls consistent with group policies while remaining subject to consolÂiÂdated superÂvision. SuperÂvisors treat branches and subsidiaries differÂently for prudential requireÂments, licensing, and some reporting obligÂaÂtions, and both must maintain a desigÂnated local MLRO or compliance officer responÂsible for filings and liaison with ONPCSB.
Q: How should cross-border groups handle suspicious transaction reporting and information sharing involving Romanian operations?
A: SuspiÂcious transÂaction reports origiÂnating in Romania must be filed to ONPCSB in accorÂdance with national law and ONPCSB guidance. Cross-border groups should have documented proceÂdures for timely internal escalation to the group’s compliance function and for external reporting to the approÂpriate FIUs in each jurisÂdiction when required. ONPCSB exchanges operaÂtional inforÂmation with other EU FIUs via the EU FIU.net platform and cooperates with AMLA, EBA and law enforcement agencies under estabÂlished channels for complex cross-border invesÂtiÂgaÂtions. Data protection rules apply; lawful bases and secure channels must be used when sharing personal data across borders to support STR analysis and superÂvisory requests.
Q: What enforcement tools and penalties can Romanian supervisors apply to cross-border groups that breach AML requirements?
A: ONPCSB can issue adminÂisÂtrative sanctions, require remedial action plans, and refer matters to criminal authorÂities when STR analysis indicates criminal activity. NBR and ASF hold prudential enforcement powers that include fines, restricÂtions on business activÂities, appointment of proviÂsional adminÂisÂtrators, and in extreme cases withdrawal of licenses for entities under their remit. SuperÂvisors may also require enhanced monitoring, independent reviews, and replacement or strengthÂening of compliance personnel. Cross-border coordiÂnation enables home and host superÂvisors to apply measures consisÂtently across group entities and to exchange inforÂmation necessary for proporÂtional sanctions.