The increase in the complexity of transactions and the massive volume of operations carried out on the financial markets, as well as the use of electronic means for the remote conclusion and performance of contracts generated a context that caused an increase in the associated risks. In response, the level of regulatory control is increasing at both the European and national level, requiring the allocation of additional resources and additional costs in order to ensure conformity. The effort should, however, be equitably distributed between what is required from private companies and what is provided by the public institutions as support.
In July of this year, Law 129/2019 on the prevention and combating of money laundering and terrorism financing as well as for amending and supplementing certain normative acts (including, among others, Law 31/1990 regarding commercial companies, Law 26/1990 regarding associations and foundations and Law 207/2015 regarding the Fiscal Procedure Code), was adopted. Law 129/2019 transposes EU Directive 2015/849.
As a general commentary, the reporting entities (including the credit institutions and the financial institutions) have increased responsibilities in the area of prevention and combating of money laundering and their obligations are set more rigorously than in the prior legislation.
On the other hand, the new law regulates more thoroughly the duties of the supervisory authorities in this field (which, in principle, must maintain an active role of informing the reporting entities) and, very importantly, creates the framework for obtaining the relevant information regarding the real beneficiary.
Obtaining information regarding the real beneficiary has proven in practice a difficult and lengthy process, given that the legislation did not actually impose on companies a clear obligation to collect, keep and provide information regarding the real beneficiary. What is highly relevant now is that the new law requires all private legal entities and “fiducii” (the Romanian concept that corresponds to the concept of “trust” in common law) to obtain information regarding their real beneficiary and to provide this information to the reporting entities that apply know-your-customer measures.
The Law also designates the authorities responsible for the set-up and maintenance of the centralized registries for the real beneficiaries:
(i) The National Trade Registry will keep the central registry for the legal entities that register in the Trade Registry (the regies autonomes, national companies and enterprises do not have the obligation to provide information for the central registry);
(ii) The Ministry of Justice will keep the central registry for associations and foundations;
(iii) The National Agency for Fiscal Administration will keep the general registry for fiducii
The reporting entities will be granted access to these registries when they are applying know-your-customer measures.
The companies that will register with the Trade Registry will have the obligation to file a declaration regarding the real beneficiary (and such filing shall occur upon incorporation, as well as annually and whenever any changes occur). The companies that are already registered have the obligation to file this declaration within 12 months from the date when the law becomes effective.
The registries of the real beneficiaries should be operational within 120 days from the date when the law becomes effective (i.e., the end of November 2019).
Another novel element brought by Law 129/2019 that can facilitate the application of the know-your-customer measure is the possibility of using “third parties” in applying the know-your-customer measures and safekeeping the related documentation. These third parties may be reporting entities or other entities that apply the same standards as those imposed by the new legislation and are subject to similar supervision. The law also expressly allows, for know-your –customer purpose, the use of entities that belong to the same group as the reporting entity.
Further, in case of outsourcing, the companies to which the activities were outsourced may apply the relevant know-your-customer measures pursuant to the obligations assumed under the outsourcing contract.
In addition to the aspects above, Law 129/2019 sets the following:
(i) the obligation to report suspect transactions, as well as transactions reaching a certain thresholds with no indicators of suspicious activity (e.g., credit and financial institutions have the obligation to report the external transfers into and from accounts for amounts that exceed EUR 15,000; in case of money remittance, any transfer exceeding EUR 2,000 shall be reported);
(ii) compliance with the know-your-customer measures (as in the previous legislation, standard, simplified or additional know-your-customer measures may be applied, depending on the risk);
(iii) the obligation to identify and evaluate the risks associated with the activity carried out based on the risk criteria and the obligation to transpose it in internal procedures;
(iv) the obligation to provide documentary evidence for the verifications carried out pursuant to the legal requirements and keeping these documents for a 5-year period;
(v) the obligation to have a designated person for the application of Law 129/2019 and for ensuring employee training;
(vi) the obligation to ensure an independent audit function, depending on the scope and nature of the activity.
In conclusion, the field of prevention and combatting of money laundering is becoming increasingly complex and requires specialized knowledge and permanent access to relevant sources of information, as well as the consolidation and development of internal conformity functions, in parallel with the identification of external resources, which can provide the relevant expertise to ensure conformity.