Lexters

Anti-Money Laundering and Countering the Financing of Terrorism (AML/CFT) Framework 

HomeUncategorizedAnti-Money Laundering and Countering the Financing of Terrorism (AML/CFT) Framework 
September 23, 2025
By admin

Building on our recently published chapter in the Chambers and Partners Blockchain Guide 2025 

This briefing launches our Blockchain Insight Series, which builds on the material we contributed to the newly released Chambers and Partners Blockchain Guide 2025. In this article we cover topics related to AML/CFT, such as crypto-asset service providers’ obligations, reporting obligations, as well as practical examples of suspicious transactions under ONPCSB guidelines an best practices for detecting them. 

AML/CFT Framework 

Recent amendments to Romania’s AML legislation made by GEO 10/2025, in line with the EU’s TFR, have designated the Financial Supervisory Authority (ASF) as the national competent authority for overseeing CASPs, including crypto exchanges. The ASF is empowered to request compliance information, conduct off‑site and on‑site inspections, order audits by an exchange’s auditors, make independent regulatory compliance decisions, and issue remedial actions or sanctions for non‑compliance. The National Bank of Romania (BNR), meanwhile, retains supervisory responsibility for credit institutions and electronic money institutions providing crypto‑asset services. 

Crypto-Asset Service Providers’ Obligations 

Providers must identify and manage risks associated with transfers involving unhosted addresses (private wallets not controlled by regulated entities) by: 

  1. implementing internal risk assessment and management procedures; 
  1. verifying customer identities during transfers involving unhosted addresses; 
  1. obtaining additional information about crypto transfers, such as source of funds or destination addresses; and 
  1. conducting enhanced and ongoing monitoring for high-risk transactions. 

For international correspondent relationships (especially outside the EU), additional due diligence is required, including

  1. confirming the authorisation status of partner entities; 
  1. making sure that partner entities verify customer identities consistently; and 
  1. documenting and maintaining comprehensive information on these correspondent relationships. 

CASPs authorised in other EU member states must

  1. appoint a local and unique Romanian contact for compliance and regulatory communication; 
  1. notify ASF or BNR within five days of beginning local operations; and 
  1. provide supervisory authorities with requested documents promptly. 

Reporting Obligations Under AML Law 

Suspicious transactions reporting 

CASPs must file a Suspicious Transaction Report (STR) whenever they know or have reasonable grounds to believe that: 

  1. funds stem from criminal activity or relate to terrorist financing; or 
  1. information held by the provider could help enforce AML/CFT rules. 

In addition, the ONPCSB may designate certain transaction types in advance as automatically suspicious. When notified, CASPs must treat every such transaction as suspicious and file an STR without delay. 

Identifying suspicious transaction indicators 

Ongoing transaction monitoring, thorough KYC procedures, and analysis against the customer’s established profile form the basis for identifying suspicious transactions. Each transaction’s circumstances should then be assessed against the red‑flag indicators set out in the AML Law and its implementing regulations, such as the following: 

  1. The volume or value of assets a client trades compared to their normal profile – transactions that are unusually large can raise a red flag, which is similar to breaking a large sum into multiple smaller trades (smurfing). 
  1. The pattern and length of a client’s relationship: a large transaction made immediately after account opening, particularly if it does not match the client’s profile, can raise concerns. Equally, sporadic high‑value transactions separated by long periods of inactivity may signal risk. Another scenario warranting analysis is when a client carries out a substantial one‑off trade followed by the immediate closure of their account on the platform. 
  1. Classification of clients by risk level – the following aspects may contribute to classifying a client as low risk: 
  1. publicly traded companies; 
  1. state-owned institutions or companies; and 
  1. clients based in jurisdictions with strong AML/CFT systems, such as EU member states or countries assessed by credible bodies (eg, FATF mutual evaluations) as effectively enforcing AML and CFT standards. 
  1. The company’s shareholding structure is unusual or excessively complex in relation to the nature of its activity. 
  1. Transactions or business relationships involving persons holding a public office, or clients whose beneficial owners are persons holding a public office, including during a period of at least 12 months following the loss of the public office, etc. 

Examples of suspicious transactions under ONPCSB guidelines 

Unlicensed or non‑compliant crypto‑asset trading venues often lack basic identity checks, allowing anonymous accounts and addresses to be created. Criminals take advantage of these gaps to move illicit crypto‑assets through licensed platforms and convert them into fiat currency. The indicators of suspicion include: 

  1. the platform used for transactions is unlicensed and does not comply with anti-money laundering policies and procedures; and 
  1. the individual opens an anonymous account on the platform without providing detailed information or undergoing proper verification. 

Also, NFTs can be used to launder money in several ways: 

  1. by minting and trading fake NFTs; 
  1. by buying genuine NFTs with illicit funds; 
  1. by moving value through NFT transfers; or 
  1. by linking NFTs to digital art to disguise the source of money. 

These tactics create a veneer of legitimate activity while hiding the true origin of the funds. The indicators of suspicion include: 

  1. creating NFTs using anonymous addresses; 
  1. executing NFT transactions at extremely high prices; and 
  1. trading NFTs in countries with weak compliance and regulatory standards. 

Best-practice for detecting suspicious transactions 

Based on Romania’s AML law and the ONPCSB’s guidelines, the authors have identified the following best practices for CASPs and issuers operating in Romania. 

Reporting entities must be proactive in identifying transactions and behaviours that raise suspicion. This involves continuously monitoring clients’ activity and commercial relationships (with the reporting entity), conducting transaction reviews, and flagging unusual trading patterns or other red flags that could signal illicit conduct. 

It is recommended to regularly train a dedicated team to be familiar with the various types of schemes of money laundering and terrorist financing. Also, CASPs are encouraged to constantly adapt to the latest and most advanced technologies for transaction monitoring and KYC implementation. For example, ONPCSB specifically recommends the use of blockchain transaction analysis software, as well as analytical and AI algorithms. 

It is also advisable to regularly consult public lists of national and international sanctions against specific entities, especially when those sanctions involve freezing assets and prohibition of transactions. For example, CASPs could refer to the United Nations sanctions list, the international sanctions list published by the ONPCSB, the Financial Act Task Force Blacklist, etc. 

The EU’s New AML Framework 

For the first time, AML obligations will be set out in an EU regulation (AMLR), which means they will apply directly in all member states (including Romania) without any national transposition. The AMLR broadens the scope of “obliged entities” subject to AML rules to cover emerging sectors. All types of CASPs are now included, placing them on equal level with traditional financial institutions for AML purposes. 

The AMLR was adopted in 2024, but its requirements take effect in stages. Most obligations apply from 10 July 2027, giving market participants time to prepare. There is a limited extension for a few newly covered sectors (such as certain professional football clubs and agents), which need to comply by 10 July 2029, by which point the regulation will be fully in force for all. In practical terms, by 2027 Romania’s current AML legislation will be superseded by the AMLR’s uniform framework. 

For more information on AML/CFT compliance, please contact the Lexters team through the Contact Section. 

This note is for general information only and does not constitute legal advice. 

Send us a comment

    Previous Service

    Next Service

    English, French, Italian, Spanish
    Linkedin-in Envelope

    Daniil Turturoiu

    Membership
    • New-York Bar Association
    • Bucharest Bar Association
    Daniil is a Paralegal with a Bachelor's degree from the University of Paris Nanterre and a Master's degree in International and European Business Law from Pantheon-Sorbonne University. Known for his quick adaptability and penchant for creative problem-solving, Daniil brings a wealth of international experience to the table, allowing him to approach legal matters from multiple perspectives. With a keen interest in the intersection of business and technology, he views it as a recipe for success. Fluent in Romanian, English, and French, with a good understanding of Italian, Daniil navigates legal complexities with ease across linguistic boundaries.
    His areas of practice cover:
    • Corporate and M&A
    • Legal technology
    • Blockchain & Digital Assets
    • Regulatory compliance
    Education
    • LL.B, Université Paris Nanterre
    • LL.M, Université Paris 1 Panthéon Sorbonne - Droit européen et international des affaires”
    English, French, Italian, Spanish
    Linkedin-in Envelope

    Ștefan Gheorghe

    Membership
    • Bucharest Bar Association
    Stefan is a dedicated and passionate young lawyer with a keen commitment to legal excellence. Actively involved in corporate law and litigation, Stefan demonstrates a remarkable balance of enthusiasm and diligence in his work. Despite his relative youth, Stefan brings a fresh perspective to the table and demonstrates a deep understanding of legal complexities. His consistent dedication to provide top solutions for his clients is matched only by his proactive approach to problem solving and his willingness to exceed expectations.
    His areas of practice cover:
    • Corporate and M&A
    • Legal technology
    • Regulatory compliance
    • litigation
    Education
    • LL. B in Law, University of Bucharest, Faculty of Law (2023)
    English, Romanian
    Linkedin-in Envelope

    Iulian Călinescu

    Membership
    • Bucharest Bar Association
    Iulian is a young, passionate legal professional whose expertise centers around dispute resolution, business litigation, commercial law, administrative law, and European law. Iulian embodies a calm resolve in the face of adversity, navigating legal challenges with poise and precision. Their passion for litigation is tempered by a sober understanding of its complexities, as they strive to uphold justice with dignity and humility. Iulian believes that patience, hard work, and a deep understanding of legal principles are essential in achieving favorable outcomes for their clients. Whether representing individuals or businesses, Iulian approaches every legal matter with a sense of purpose and professionalism.
    His areas of practice cover:
    • Dispute resolution
    • Commercial law
    • Business litigation
    • Adminsitrative law
    • European law
    Education
    • LL.B in Law, „Alexandru Ioan Cuza” University of Iași, Law Faculty, 2020.
    • LLM in Business Law, „Alexandru Ioan Cuza” University of Iași, Law Faculty, 2021