In recent years, Romania has significantly strengthened its anti-money laundering (AML) regulatory framework in alignment with European Union directives. Financial crime is becoming more sophisticated, and enforcement is tightening across Europe. As a result, AML compliance in Romania is now essential—especially for businesses in high-risk sectors like finance, real estate, gambling, legal, and company formation services.
In 2025, compliance obligations are stricter, enforcement is more proactive, and the penalties for failure are more severe. This article outlines the latest AML regulatory requirements, how Romanian businesses can manage their exposure to risk, and the strategies they should adopt to remain fully compliant.
Romania’s AML legal framework in 2025
Romania’s AML regime is primarily governed by Law No. 129/2019, which transposes the EU’s 4th and 5th AML Directives into national legislation. Recent amendments align the law with the 6th AML Directive (6AMLD) and expand the scope of criminal liability and compliance controls.
The AML framework applies to many regulated entities. These include banks, financial institutions, gambling operators, real estate agents, legal professionals, auditors, accountants, and company formation service providers. The regulatory body in charge of monitoring compliance and receiving Suspicious Transaction Reports (STRs) is the National Office for the Prevention and Control of Money Laundering (ONPCSB).
KYC and customer due diligence requirements
In 2025, one of the cornerstones of AML compliance in Romania remains customer due diligence (CDD). Businesses are legally required to verify the identity of clients before initiating any business relationship. This includes identifying the beneficial owner (UBO), confirming the nature and purpose of the relationship, and monitoring transactions on an ongoing basis.
Businesses must apply enhanced due diligence (EDD) when dealing with high-risk clients. These include politically exposed persons (PEPs), clients from high-risk countries, or individuals making large cash transactions. These often involve more extensive verification processes, tighter scrutiny of financial flows, and increased documentation requirements.
Internal AML policies and procedures
Every entity subject to AML laws must implement a comprehensive internal compliance programme. Businesses must appoint a compliance officer, train staff regularly on AML risks, and set up a secure system for data retention and client information. The compliance officer is also responsible for managing incident reporting procedures and coordinating with the ONPCSB when suspicious activity is identified.
The company’s AML policies should be reviewed annually. They should be updated to reflect changes in national and EU regulations and new types of financial crime. Authorities may view failure to maintain documentation and controls as negligence during an investigation or audit.
Regulators expect businesses to adopt a risk-based compliance approach. This means assessing the specific risk level associated with their clients, services, sectors, delivery channels, and geographical exposure. The results must be formalised in a documented risk assessment, which is used to determine the intensity of due diligence and internal controls applied.
For example, a company providing services to clients in offshore jurisdictions or handling crypto assets must have enhanced monitoring protocols in place, including deeper background checks and transaction scrutiny. Companies must tailor these measures to the risk level and integrate them into their overall compliance strategy.
In addition to internal controls, businesses must establish clear procedures for reporting suspicious activity. When a potential financial crime is detected, it must be reported to the ONPCSB immediately, without alerting the client involved. These Suspicious Transaction Reports (STRs) are central to AML enforcement. Authorities may see delays or failure to file them as a compliance breach.
In addition to STRs, companies should cooperate fully with authorities during audits and investigations. This includes providing complete records of due diligence and risk assessments. Strong internal reporting procedures and staff awareness are key to meeting these obligations effectively.
Penalties for non-compliance with AML obligations
Romania has significantly increased penalties for AML breaches. Fines can reach 5 million RON or up to 10% of the company’s annual turnover, depending on the nature and size of the business. In serious cases, authorities may also suspend licences, restrict operations, or pursue criminal charges against directors or responsible officers.
Besides financial and legal consequences, non-compliance can also cause long-term reputational damage. Businesses listed in non-compliance registries may lose clients, partners, and access to financial services, which can be particularly damaging in highly regulated industries.
How to stay compliant in 2025
To ensure AML compliance this year and beyond, companies in Romania should take the following steps:
- Conduct a comprehensive internal AML audit and update policies to reflect current threats
- Provide regular training for all staff, especially those in client-facing or compliance roles
- Review and update client onboarding procedures and KYC documentation
- Maintain detailed risk assessments and apply enhanced due diligence where necessary
- Consult with legal advisors to address grey areas or interpret evolving regulatory standards
By building a culture of compliance and equipping teams with the right tools and legal support, companies can reduce the risk of financial penalties and enhance stakeholder confidence.
AML compliance in Romania has evolved into a high-priority legal and operational requirement. In 2025, regulators expect businesses not only to understand the risks but to take clear, documented action to prevent money laundering and financial crime.
Whether you operate in financial services, real estate, gambling, or any other regulated sector, staying ahead of legal requirements is essential. A proactive, risk-based approach—supported by strong internal controls and expert legal guidance—can protect your company from sanctions and preserve long-term business integrity.