Romania
This report analyses the implementation of the AEOI Standard in Romania with respect to the requirements of the AEOI Terms of Reference. It assesses both the legal frameworks put in place to implement the AEOI Standard and the effectiveness of the implementation of the AEOI Standard in practice.
The methodology used for the peer reviews and that therefore underpins this report is outlined in Chapter 2.
Overall findings
AEOI legal framework
Romania’s legal framework implementing the AEOI Standard is in place and is consistent with the requirements of the AEOI Terms of Reference. This includes Romania’s domestic legislative framework requiring Reporting Financial Institutions to conduct the due diligence and reporting procedures (CR1) and its international legal framework to exchange the information with all Romania’s Interested Appropriate Partners (CR2).
Effectiveness of AEOI in practice
Romania’s implementation of the AEOI Standard is partially compliant with the requirements of the AEOI Terms of Reference to ensure the effectiveness of the AEOI Standard in practice. While Romania is on track with respect to exchanging the information in an effective and timely manner (CR2), there are significant issues with respect to ensuring that Reporting Financial Institutions correctly conduct the due diligence and reporting procedures (CR1).
Overall rating in relation to the effectiveness in practice: Partially Compliant
General context
Romania commenced exchanges under the AEOI Standard in 2017.
In order to provide for Reporting Financial Institutions to collect and report the information to be exchanged, Romania:
amended Law No. 207/2015 on the Fiscal Procedure Code and further amended it in 2022; and
enacted Law No. 129/2019 for preventing and combating money laundering and terrorist financing as amended by Emergency Government Ordinance No. 111/2020, which came into effect on 15 July 2020.
Under this framework Reporting Financial Institutions were required to commence the due diligence procedures in relation to New Accounts from 1 January 2016. With respect to Preexisting Accounts, Reporting Financial Institutions were required to complete the due diligence procedures on High Value Individual Accounts by 31 December 2016 and on Lower Value Individual Accounts and Entity Accounts by 31 December 2017.
Following the initial Global Forum peer review, Romania amended its legislative framework to address issues identified, the last of which was effective from 30 June 2022.
With respect to the exchange of information under the AEOI Standard, Romania:
is a Party to the Convention on Mutual Administrative Assistance in Tax Matters and activated the associated CRS Multilateral Competent Authority Agreement in time for exchanges in 2017;
has in place European Directive 2011/16/EU on Administrative Cooperation in the Field of Taxation as amended by Directive 2014/107/EU; and
has in place European Union agreements with five European third countries.1
Table 1 sets out the number of Financial Institutions in Romania that reported information on Financial Accounts in 2021 as defined in the AEOI Standard (essentially because they maintained Financial Accounts for Account Holders, or that were related to Controlling Persons, resident in a Reportable Jurisdiction). It also sets out the number of Financial Accounts that they reported in 2021. In this regard, it should be noted that Romania requires the reporting of Financial Accounts based on a prescribed list of exchange partners and some accounts may be required to be reported more than once (e.g. jointly held accounts or accounts with multiple related Controlling Persons), which is reflected in the figures below. These figures provide key contextual information to the development and implementation of Romania’s administrative compliance strategy, which is analysed in the subsequent sections of this report.
Table 2 sets out the number of exchange partners to which information was successfully sent by Romania in the past few years (including where the necessary frameworks were in place, containing an obligation on Reporting Financial Institutions to report information, but no relevant Reportable Accounts were identified). These figures provide key contextual information in relation to Romania’s exchanges in practice, which is also analysed in subsequent sections of this report.
In order to provide for the effective implementation of the AEOI Standard, in Romania:
the National Agency for Fiscal Administration (NAFA) (the tax authority) has the responsibility to ensure the effective implementation of the due diligence and reporting obligations by Reporting Financial Institutions and for exchanging the information with Romania’s exchange partners;
technical solutions necessary to receive and validate the information reported by Reporting Financial Institutions were put in place by the National Financial Intelligence Centre, which ensure the validation of the data reported by Financial Institutions before it is exchanged with Romania’s exchange partners;
the Common Transmission System (CTS), and in the European Union (EU) the Common Communication Network (CCN), are used for the exchange of the information, along with the associated file preparation and encryption requirements.
It should be noted that the review of Romania’s legal frameworks implementing the AEOI Standard concluded with the determination that Romania’s domestic and international legal frameworks are In Place. This has been taken into account when reviewing the effectiveness of Romania’s implementation of the AEOI Standard in practice.
Findings and conclusions on the legal frameworks
The detailed findings and conclusions on the AEOI legal frameworks for Romania are below, organised per Core Requirement (CR) and sub-requirement (SR), as extracted from the AEOI Terms of Reference (see Annex C).
CR1 Domestic legal framework: Jurisdictions should have a domestic legislative framework in place that requires all Reporting Financial Institutions to conduct the due diligence and reporting procedures in the CRS, and that provides for the effective implementation of the CRS as set out therein.
Romania’s domestic legislative framework is in place and contains all of the key aspects of the CRS and its Commentary requiring Reporting Financial Institutions to conduct the due diligence and reporting procedures (SRs 1.1 – 1.3). It also provides for a framework to enforce the requirements (SR 1.4).
SR 1.1 Jurisdictions should define the scope of Reporting Financial Institutions consistently with the CRS.
Romania has defined the scope of Reporting Financial Institutions in its domestic legislative framework in accordance with the CRS and its Commentary.
SR 1.2 Jurisdictions should define the scope of Financial Accounts and Reportable Accounts consistently with the CRS and incorporate the due diligence procedures to identify them
Romania has defined the scope of the Financial Accounts that are required to be reported in its domestic legislative framework and incorporated the due diligence procedures that must be applied to identify them in accordance with the CRS and its Commentary.
SR 1.3 Jurisdictions should incorporate the reporting requirements contained in Section I of the CRS into their domestic legislative framework.
Romania has incorporated the reporting requirements in its domestic legislative framework in accordance with the CRS and its Commentary.
SR 1.4 Jurisdictions should have a legislative framework in place that allows for the enforcement of the requirements of the CRS in practice.
Romania has a legislative framework in place to enforce the requirements in accordance with the CRS and its Commentary.
CR2 International legal framework: Jurisdictions should have exchange relationships in effect with all Interested Appropriate Partners as committed to and that provide for the exchange of information in accordance with the Model CAA.
Romania’s international legal framework to exchange the information is in place, is consistent with the Model CAA and its Commentary and provides for exchange with all of Romania’s Interested Appropriate Partners (i.e. all jurisdictions that are interested in receiving information from Romania and that meet the required standard in relation to confidentiality and data safeguards) (SRs 2.1 – 2.3).
SR 2.1 Jurisdictions should have exchange agreements in effect with all Interested Appropriate Partners that permit the automatic exchange of CRS information.
Romania has exchange agreements that permit the automatic exchange of CRS information in effect with all its Interested Appropriate Partners.
SR 2.2 Such an exchange agreement should be put in place without undue delay, following the receipt of an expression of interest from an Interested Appropriate Partner.
Romania put in place its exchange agreements without undue delay.
SR 2.3 Jurisdictions should ensure that the exchange agreements in effect provide for the exchange of information in accordance with the requirements of the Model CAA.
Romania’s exchange agreements provide for the exchange of information in accordance with the requirements of the Model CAA.
Findings and conclusions in relation to effectiveness in practice
The detailed findings and conclusions in relation to effectiveness in practice of AEOI for Romania are below, organised per Core Requirement (CR) and then per sub-requirement (SR) as extracted from the AEOI Terms of Reference (see Annex C).
CR1 Effectiveness in practice: Jurisdictions should ensure that in practice Reporting Financial Institutions correctly implement the due diligence and reporting procedures, which includes a requirement for jurisdictions to have in place an administrative framework to ensure the effective implementation of the CRS.
Romania’s implementation of the AEOI Standard is partially compliant with respect to ensuring that Reporting Financial Institutions are correctly conducting the due diligence and reporting procedures. More specifically, while Romania is meeting expectations with respect to collaboration with its exchange partners to ensure effectiveness (SR 1.6), there are significant issues with respect to ensuring effectiveness in a domestic context, such as through having an effective administrative compliance framework and related procedures (SR 1.5). Romania should continue its implementation process to ensure its effectiveness, including by addressing the recommendations made.
SR 1.5 Jurisdictions should ensure that in practice Reporting Financial Institutions identify the Financial Accounts they maintain, identify the Reportable Accounts among those Financial Accounts, as well as their Account Holders, and where relevant Controlling Persons, by correctly conducting the due diligence procedures and collect and report the required information with respect to each Reportable Account. This includes having in place:
an effective administrative compliance framework to ensure the effective implementation of, and compliance with, the CRS. This framework should:
be based on a strategy that facilitates compliance by Reporting Financial Institutions and which is informed by a risk assessment in respect of the effective implementation of the CRS that takes into account relevant information sources (including third party sources);
include procedures to ensure that Financial Institutions correctly apply the definitions of Reporting Financial Institutions and Non-Reporting Financial Institutions;
include procedures to periodically verify Reporting Financial Institutions’ compliance, conducted by authorities that have adequate powers with respect to the reviewed Reporting Financial Institutions, with procedures to access the records they maintain; and
effective procedures to ensure that Financial Institutions, persons or intermediaries do not circumvent the due diligence and reporting procedures;
effective enforcement mechanisms to address non-compliance by Reporting Financial Institutions;
strong measures to ensure that valid self-certifications are always obtained for New Accounts;
effective procedures to ensure that each, or each type of, jurisdiction-specific Non-Reporting Financial Institution and Excluded Account continue to present a low risk of being used to evade tax; and
effective procedures to follow up with a Reporting Financial Institution when undocumented accounts are reported in order to establish the reasons why such information is being reported.
In order to ensure that Reporting Financial Institutions correctly conduct the due diligence and reporting procedures, Romania implemented many of the requirements in accordance with expectations. However, significant issues were identified. The key findings were as follows:
Romania commenced implementing a strategy aimed at ensuring compliance with the AEOI Standard and carried out a risk assessment that took into account a range of relevant information sources. Romania also pursued communication and outreach activities, such as responding to requests for information from Financial Institutions, providing technical support regarding the information reported through the domestic AEOI application and providing guidance to Reporting Financial Institutions on due diligence processes. Romania further established a specific risk analysis unit and data analysis measures to ensure data quality.
Romania has worked effectively to understand its population of Financial Institutions, including relevant non-regulated entities, utilising various relevant information sources, such as the Foreign Financial Institution list for FATCA purposes, public registers of regulated entities obtained from supervisory authorities, information from professional associations and information held by the tax authority. Romania is taking action to ensure that Reporting Financial Institutions are classifying themselves correctly under its domestic rules and reporting information as required. Romania intends to keep its understanding of its Financial Institution population up to date on a routine basis.
With respect to resourcing, Romania has assigned the equivalent of six full time staff to monitor and ensure compliance by Reporting Financial Institutions, which have access to IT systems and tools to conduct risk assessments.
Romania has conducted a significant number of desk-based monitoring and verification activities, including through analysis of the information reported, the reviews of the policies and procedures used by Reporting Financial Institutions and specific checks on self-certifications. Romania has not yet conducted in-depth audits, including onsite visits and the review of records of the due diligence undertaken. Furthermore, Romania’s enforcement framework is not yet fully developed in detail.
Romania is following up with Reporting Financial Institutions that report undocumented accounts and has successfully reduced the number reported significantly after clarifying earlier misunderstandings among Reporting Financial Institutions that led to high numbers of undocumented accounts being reported. However, Romania does not have procedures to take action to address circumvention of the requirements by Financial Institutions, persons or intermediaries if such circumvention is detected.
It is noted that Romania does not have a jurisdiction-specific list of Non-Reporting Financial Institutions or Excluded Accounts for ongoing monitoring purposes.
Table 3 provides a summary of the specific activities undertaken, or that are planned to be undertaken, in relation to each of the key parts of the framework described above.
With respect to the Financial Account information collected and sent by Romania, the presence of the key data points of the Tax Identification Numbers and dates of birth appeared to be in line with most other jurisdictions.
Information provided by Romania also showed a higher number of undocumented accounts reported by its Reporting Financial Institutions, when compared to other jurisdictions, which should only occur when it is not possible for the Reporting Financial Institutions to identify whether the accounts are held by Reportable Persons. However, the number of undocumented accounts has reduced significantly over time. As mentioned above, Romania is aware of this issue and is taking steps to address it.
Feedback from Romania’s exchange partners indicated that, compared to what they generally experience when seeking to match information received from their exchange partners with their taxpayer database, they achieved a much lower level of success when seeking to match information received from Romania. Furthermore, eight exchange partners highlighted issues with respect to the information received, such as invalid Tax Identification Numbers and inaccuracy of dates of birth. Additionally, one exchange partner highlighted particular issues related to variations in the amount of data sent between different reporting periods.
Based on these findings it was concluded that Romania is partially meeting expectations in ensuring that Reporting Financial Institutions correctly conduct the due diligence and reporting procedures, including by having in place the required administrative compliance framework and related procedures. More specifically, significant issues have been identified, including with respect to Romania’s compliance and enforcement strategy, its framework to prevent circumvention of the requirements, and addressing the issues raised by its exchange partners. Romania should therefore continue its implementation process accordingly, including by addressing the recommendations made.
Romania should further implement its plan to verify compliance, including through in-depth verification activities to ensure that the information reported is complete and accurate.
Romania should put in place a clearly defined policy to ensure that, where circumvention of the AEOI Standard is identified, action is taken to address it.
Romania should further develop and implement effective enforcement mechanisms to address non-compliance by Reporting Financial Institutions, including the application of dissuasive penalties and sanctions as appropriate, and routinely apply them where non-compliance is identified.
Romania should continue to address the issues raised by its exchange partners.
SR 1.6 Jurisdictions should collaborate on compliance and enforcement. This requires jurisdictions to:
use all appropriate measures available under the jurisdiction’s domestic law to address errors or non-compliance notified to the jurisdiction by an exchange partner; and
have in place effective procedures to notify an exchange partner of errors that may have led to incomplete or incorrect information reporting or non-compliance with the due diligence or reporting procedures by a Reporting Financial Institution in the jurisdiction of the exchange partner.
In order to collaborate on compliance and enforcement, it appears that Romania implemented all of the requirements in relation to issues notified to them (i.e. under Section 4 of the MCAA or equivalent) in accordance with expectations. While no such notifications have yet been received, Romania has the necessary systems and procedures to process them as required. It also appears that Romania will notify its partners effectively of errors or suspected non-compliance it identifies when utilising the information received.
Based on these findings it was concluded that Romania is fully meeting expectations in relation to collaborating with its exchange partners to ensure that Reporting Financial Institutions correctly conduct the due diligence and reporting procedures. Romania is encouraged to continue its implementation process accordingly, to ensure its ongoing effectiveness.
CR2 Effectiveness in practice: Jurisdictions should exchange the information effectively in practice, in a timely manner, including by sorting, preparing, validating, and transmitting it in accordance with the AEOI Standard.
Romania’s implementation of the AEOI Standard is on track with respect to exchanging the information effectively in practice, including in relation to sorting, preparing and validating the information (SR 2.4), correctly transmitting the information in a timely manner (SRs 2.5 – 2.8) and providing corrections, amendments or additions to the information (SR 2.9). Romania has shown improvement over time and is encouraged to continue its implementation process accordingly, to ensure its ongoing effectiveness.
SR 2.4 Jurisdictions should sort, prepare and validate the information in accordance with the CRS XML Schema and the associated requirements in the CRS XML Schema User Guide and the File Error and Correction-related validations in the Status Message User Guide (i.e. the 50000 and 80000 range).
Five exchange partners highlighted particular issues with respect to preparation and format of the information sent by Romania (representing 7% of its partners). These generally related to the use of old transmission certificates and file decryption problems. More generally, three (or 4%) of Romania’s exchange partners reported rejecting more than 25% of the files received, of which two (or 3%) reported rejecting more than 50% of files received, due to the technical requirements not being met. This is broadly in line with the general experience of other jurisdictions. It was noted that Romania has introduced a new system to sort, prepare, validate and transmit the information, and is in the process of addressing the issues.
Based on these findings it was concluded that, overall, Romania is meeting expectations in relation to sorting, preparing and validating the information. It was also noted that there is room for improvement with respect to sorting, preparing and validating the information. Romania is therefore encouraged to continue its implementation process accordingly, including by addressing the recommendation made.
Romania should continue to work with its exchange partners to address the issues raised.
SR 2.5 Jurisdictions should agree and use, with each exchange partner, transmission methods that meet appropriate minimum standards to ensure the confidentiality and integrity of the data throughout the transmission, including its encryption to a minimum secure standard.
In order to put in place an agreed transmission method that meets appropriate minimum standards in confidentiality, integrity of the data and encryption for use with each of its exchange partners, Romania linked to the CTS and the CCN, which is used for exchanges within the EU.
Based on these findings it was concluded that Romania is fully meeting expectations in relation to agreeing and using appropriate transmission methods with each of its partners. Romania is encouraged to continue to ensure the ongoing effectiveness of its implementation.
SR 2.6 Jurisdictions should carry out all exchanges annually within nine months of the end of the calendar year to which the information relates.
Three exchange partners highlighted delays in the sending of information by Romania (representing 4% of its partners). This represents a relatively high proportion of exchange partners. It was noted that Romania successfully addressed all of the issues and sent the information as soon as possible thereafter.
Based on these findings it was concluded that Romania is fully meeting expectations in relation to exchanging the information in a timely manner. Romania is encouraged to continue to ensure the ongoing effectiveness of its implementation.
SR 2.7 Jurisdictions should send the information in accordance with the agreed transmission methods and encryption standards.
Feedback from Romania’s exchange partners did not raise any concerns with respect to Romania’s use of the agreed transmission methods and therefore with Romania’s implementation of this requirement.
Based on these findings it was concluded that Romania is fully meeting expectations in relation to sending the information in accordance with the agreed transmission methods and encryption standards. Romania is encouraged to continue to ensure the ongoing effectiveness of its implementation.
SR 2.8 Jurisdictions should have the systems in place to receive information and, once it has been received, should send a status message to the sending jurisdictions in accordance with the CRS Status Message XML Schema and the related User Guide.
Feedback from Romania’s exchange partners did not raise any concerns with respect to Romania’s receipt of the information and therefore with Romania’s implementation of these requirements.
Based on these findings it was concluded that Romania is fully meeting expectations in relation to the receipt of the information. Romania is encouraged to continue to ensure the ongoing effectiveness of its implementation.
SR 2.9 Jurisdictions should respond to a notification from an exchange partner as referred to in Section 4 of the Model CAA (which may include Status Messages) in accordance with the timelines set out in the Commentary to Section 4 of the Model CAA. In all other cases, jurisdictions should send corrected, amended or additional information received from a Reporting Financial Institution as soon as possible after it has been received.
Romania appears ready to respond to notifications and to provide corrected, amended or additional information in a timely manner and no such concerns were raised by Romania’s exchange partners and therefore with respect to Romania’s implementation of these requirements.
Based on these findings it was concluded that Romania appears to be meeting expectations in relation to responding to notifications from exchange partners and the sending of corrected, amended or additional information. Romania is encouraged to continue to ensure the ongoing effectiveness of its implementation.
Assessed jurisdiction’s comments on the assessment of effectiveness in practice
The overall compliance strategy to ensure the effective implementation of the AEOI standard in Romania has clear objectives as mentioned, and they aim at the following: ensuring knowledge of the domestic and international legal framework by all stakeholders, verifying compliance with reporting obligations by reporting financial institutions, checking the quality of data in accordance with the CRS standard, ensuring the transmission of data to exchange partners. Also, the compliance activities carried out cover areas as following: identification of the RFIs population, RFI's compliance with implementation obligations, due diligence and reporting requirements, data quality checks, collaborating with exchange partners on compliance, analysis of feedback and notifications received from exchange partners.
RFIs are subject to the provisions of the Fiscal Procedure Code (Law 207/2015) on the obligations to provide documents and information requested by the tax authority. NAFA has the necessary powers to discharge its functions and to request from RFIs both supporting documents and information and clarifications on due diligence measures undertaken. Requesting supporting documents and information are actions that can be taken both in case of desk audit checks and for onsite verifications. Onsite visits are particularly foreseen for situations where the level of risk is assessed as high and the analysis shows a systematic non-compliance of a reporting financial institution, or for those cases where checks are required which by their nature can only be carried out on the spot (e.g. checks on systems used, databases). Such situations have not been encountered so far and as a result no onsite visits have been made. At the same time, NAFA has the authority to order measures to remedy the identified non-compliance. In addition, as of 1 July 2022, amendments to the national legislation on the CRS to implement the recommendations of the OECD have entered into force. The new provisions include comprehensive and dissuasive sanctions for RFI’s failure to comply with the reporting and due diligence requirements and as a result such measures can be applied when identifying non-compliance situations.
The Responsible Authority fully understands the importance of complying with the high standards imposed by the CRS and is therefore aware that it is necessary to continue to take action to ensure the implementation of the Standard as required.
Note
← 1. Andorra, Liechtenstein, Monaco, San Marino and Switzerland.