The Virtual Currency Regulation Review: Romania

Introduction to the legal and regulatory framework

Cryptoassets have benefited from a context that led to a global phenomenon, as the main core functionalities of a blockchain – immutability and decentralisation – enhanced transactions without regard for borders or institutional approvals. There is as yet no clear legal regime governing cryptocurrencies. In Romania, as in many EU jurisdictions, cryptocurrencies are considered to be neither legal tender nor electronic money, but rather digital assets with a limited role as currency or having a utility role in a determined cooperative system. They are often referred to as alternative payment instruments agreed between parties concluding a pecuniary transaction.

In anticipation of accelerating crypto development in Romania and the EU, this chapter aims to (1) describe the legal framework in Romania; and (2) provide clarity on potential operational and legal risks in the absence of guidance from relevant national authorities. Nevertheless, the long-term absence of a dedicated regulatory framework in Romania has not necessarily been a drawback for the entrepreneurs running companies that deal with cryptocurrencies, including crypto exchanges, crypto automated teller machines (ATMs) and crypto wallets. Initial coin offerings (ICOs) and initial exchange offers (IEOs) led by Romanian teams have been coordinated in various friendly jurisdictions, other than Romania, where there was more clarity on legal liability. In general, Romania boasts a lot of strong attributes in relation to crypto adoption, namely:

  1. Romanians ranked highly among consumers surveyed on positive attitudes towards cryptocurrencies (with 44 per cent of respondents positive about the future use of cryptocurrencies – second only to Turkey and followed by Poland and Spain).2
  2. Romania was ranked 33rd worldwide in a crypto-readiness index, with two notable mentions: it ranks first globally for the annual increase in Google searches for 'crypto', and also ranks in the top 10 countries by number of reported crypto ATMs.3
  3. Romania's major cities are growing as top information technology hubs in Europe, with Romanian coders well respected in the fintech and blockchain and crypto space. As more coders join projects in this area, the crypto community will continue to grow.
  4. In this context, various projects are being developed: there are a couple of local crypto exchanges – national leading payment processors that are bridging the gap between traditional electronic payments and cryptocurrency payments; a Layer-1 blockchain – Elrond (with transfer speeds among the fastest available) and the mobile application Maiar; various decentralised applications (known as Dapps), which are creating new ecosystems (such as for freelancing decentralised marketplaces, crypto trading bots), NFT online marketplaces and crypto asset managers; and blockchain applications in the supply-chain sector.
  5. The Romanian government has used blockchain as an underlying infrastructure in national elections.4

Securities and investment laws

i Financial market regulators

The growing popularity of cryptocurrencies has prompted increased regulatory scrutiny. In the EU, cryptocurrencies are currently mostly unregulated and Romania is no exception when it comes to cryptocurrency-specific regulations. Furthermore, in Romania, there are no specific securities regulations with respect to virtual currencies or their offering. The global financial market is regulated by the Financial Supervisory Authority (ASF)5 and the National Bank of Romania (BNR).6 ASF and BNR are in charge of supervising and monitoring banks and financial services companies operating in Romania. ASF protects the interests of actors in the financial markets and is responsible for supervising financial products, the information published by companies, and financial service providers, while BNR is responsible for overseeing individual financial institutions (e.g., credit institutions, investment firms, payment institutions, non-banking financial institutions and electronic money institutions) and the proper functioning of the financial system as a whole. ASF relies entirely on the guidelines issued by the European Securities and Markets Authority (ESMA) with respect to the risks inherent in ICOs. ASF does not offer any particular rules pertaining to prospectuses, transparency, market abuse and markets in financial instruments law, but rather, tacitly adopts EU law, including the EU Prospectus Regulation (PR),7 the EU Markets in Financial Instruments Directive (MiFID II) and the Alternative Investment Fund Managers Directive (AIFMD). ASF seems to apply the EU principles of transferable security and financial instruments as defined in MiFID II. As a consequence, depending on their qualities, virtual currencies could be classified as transferable securities, necessitating the publication of a prospectus prior to being offered to the public. According to MiFID II, a decentralised cryptocurrency will not be a transferable security, unlike a security token, which is similar to a share or bond. ESMA recognises that the virtual currency regulatory framework is not yet finalised and there is significant disagreement among regulators in the EU and EU Member States (which have all applied substantially the same EU financial law) regarding the qualification of certain token types: for example, depending on the country and regulator, stablecoins may be classified as financial instruments, transferable securities, derivatives, collective investment schemes, units of account, e-money or a combination of the above.8

ii PR

The PR requires that adequate information is provided when seeking to raise funds from investors in the EU. Before an ICO, the issuer must publish a prospectus that clearly outlines all information necessary for an investor to evaluate the potential investment. The information must be presented in a clear, concise and intelligent manner. The PR does not specify who has the responsibility to prepare the prospectus but requests that the party responsible for information (i.e., at least the issuer, the offeror, the party requesting admission to trading or the guarantor) is mentioned in the prospectus. Depending on the structure of the ICO, coins or tokens could fall within the definition of a transferable guarantee and could therefore require the publication of a prospectus, which must be submitted for approval by ASF.

iii AIFMD

ASF has implemented the AIFMD, which lays down the rules for the authorisation, operation and permanent transparency of alternative investment managers that manage or market alternative investment funds (AIFs) in the EU. Depending on its structure, an ICO scheme could qualify as an AIF, to the extent that it is used to raise capital from a number of investors to invest in accordance with a defined investment policy. The companies involved in the ICO must therefore comply with the AIFMD rules, in particular the rules relating to capital, operations and organisation and transparency requirements.

Banking and money transmission

The European Central Bank's first approach towards the market's advancements in the crypto field was to state that virtual currencies are 'not scriptural, electronic, digital or virtual forms of a particular currency. They are something else, different from known currencies,' and thus not subject to the first Payment Services Directive or the E-Money Directive9 (see also Sections III.ii and III.iii).

This position was reiterated by both the European Banking Authority (EBA) and ESMA, as well as by BNR, which acknowledged cryptocurrencies as 'highly volatile and extremely risky speculative assets' back in 2015 and 2018, although BNR subsequently tempered its view in a more optimistic note in April 2021.10 This latter opinion expressly stated:

The regulations administered by the National Bank of Romania do not prohibit credit institutions from offering account services to providers of exchange services between virtual currencies and fiat currencies and custodian wallet providers. Credit institutions have the obligation to comply with the provisions of Law No. 129/2019, namely to apply know-your-customer and risk management measures in the field of prevention of money laundering and terrorist financing, and taking into account the risks they are exposed to as a result of providing payment account services to these undertakings, by adjusting internal risk policies and risk management capacity on an objective and proportionate basis.

BNR's stated position includes an obligation for exchange and digital wallet service providers in this market to comply with the provisions of Law 129/2019 on preventing and combating money laundering and terrorist financing (the AML Law), which was first published in the Romanian Official Gazette on 18 July 2019 and updated last year by Government Emergency Ordinance No. 111/2020 (GEO 111/2020) with scope to provide a regulatory framework based on technical opinions and registration with the Ministry of Finance. Although GEO 111/2020 entered into force in early 2020, it has not been accompanied by implementing regulations and therefore does not yet provide a clear procedure for registration as a crypto exchange or a digital wallet service provider, nor for obtaining a technical approval for the operation of these platforms.

This legislative gap prevents crypto-related operators from opening bank accounts in Romania and from operating smoothly with both banks and customers, even though 'know your customer' (KYC) requirements and anti-money laundering (AML) measures have been implemented at high levels precisely to ensure compliance with banks' rigours. In the absence of implementing regulations for GEO 111/2020, operators in Romania go abroad to obtain crypto licences in Malta, Lithuania or Estonia.

Fast forwarding to 2021, we find that market practice has evolved far beyond the use cases originally acknowledged by the central regulators. Advertisements for mobile applications encouraging the everyday person to invest in cryptocurrencies and in related innovative projects can now be seen throughout underground stations and at bus stops.

i Decentralised finance

Decentralised finance (DeFi) projects aim to leverage distributed ledger technology to allow peer-to-peer finance. The majority of DeFi projects run on the Ethereum blockchain. Most common use cases are DeFi borrowing and lending, becoming a liquidity provider to a decentralised exchange, or providing options for yield farming.

Crypto deposit interest rates are typically more attractive than those offered by traditional banks and the barrier to entry to borrow is low compared with that of a traditional system, as no personal credit risk is associated with the lending decision. In most cases, the only requirement to receive a DeFi loan is the ability to provide collateral with other crypto assets you own. Users can sometimes offer their non-fungible tokens (NFTs), as collateral; for example, depending on the DeFi protocol used.

Centralised finance (CeFi) in which the lender is identifiable would come within the scope of the banking regulations provided that the nature of the activity concerned is very similar to that of a regulated banking activity. To our knowledge, there are no local CeFi participants providing lending services in Romania at present.

New DeFi projects will be at a competitive disadvantage compared with traditional financial services firms, which will not require separate authorisation to provide cryptoasset services as they will be able to do so on the basis of their existing licence.

Under the recently proposed EU regulation on markets in cryptoassets (MiCA),11 issuers of asset-referenced tokens seeking authorisation must submit an application to the relevant regulator. The application pack will have to include a set of information including, for example, a business plan, a legal opinion confirming that the asset-referenced tokens do not qualify as financial instruments, e-money, deposits or structured deposits (i.e., the tokens are not subject to other legislation), a detailed description of the governance structure, and the required white paper.

ii E-money

Electronic money (or e-money) is defined under the E-Money Directive12 and this definition can be broken down to provide the following main characteristics of e-money: (1) it stores monetary value electronically, including magnetically, (2) it represents a claim on the issuer, (3) it is issued on receipt of funds, (4) it has the purpose of making payment transactions, and (5) it is accepted by a natural or legal person other than the electronic money issuer. E-money services in Romania are provided by private entities under the Romanian licensing regime, (which mirrors the E-Money Directive) or by other EU-licensed e-money institutions through passporting.

In the legal sense used by EU legislators for e-money, virtual currencies differ from electronic currencies in that virtual currencies do not necessarily represent a claim on the issuer and are not necessarily used as payment instruments. Unlike electronic money, a virtual currency is not accompanied by a legal guarantee of redemption at any time and at face value.

However, the recent development of stablecoins (and in particular fiat-backed stablecoins) blurs the line between legal currencies and cryptocurrencies; some tokens might 'borrow' traits specific to e-money, raising licensing requirements across the value chain. For example, some tokens are issued in exchange for, and are redeemable for, fiat currency, therefore the fiat element of the transaction could fall within the scope of the E-Money Directive and trigger electronic money licensing requirements for some fiat-backed stablecoin issuers to be able to operate in Romania.

iii Payment services

The digital payments landscape has evolved significantly during the past decade. Romanian Law No. 209/2019 on payment services implements the second EU Payment Services Directive (PSD2)13 and creates an environment for open payment services in Romania. Romanian regulations of payment services revolve around the use of legal currency (i.e., a legal tender issued by a sovereign country) or of funds. Virtual currencies are generally not considered funds under PSD2, as they are not banknotes and coins, scriptural money or electronic money. However, there are two particular situations that might arise. First, integration of payment services provided by crypto exchanges to bank accounts or e-money institutions, or any other service of payment initiation or payment account information services, where both fiat and virtual currencies are being used; for example, by using virtual wallets for virtual currencies and fiat funds, in which case licence authorisation as a payment institution might be required. Second, holding e-money accounts (holding clients' funds) or dealing with e-money tokens (a very niche approach for tokens – those that represent a claim against the issuer), in which case specific authorisation would be required. Therefore, it seems that the question of whether receiving and sending cryptocurrencies on behalf of third-parties qualifies as a regulated service has to be assessed on a case-by-case basis.

Anti-money laundering

While the AML Law implemented certain AML measures in Romania, it did not fully transpose the EU's Fifth Anti-Money Laundering Directive (AMLD5), omitting categories of reporting entities, such as those in the field of cryptocurrencies. The non-transposition of AMLD5 led the Court of Justice of the European Union to find that Romania had 'failed to fulfil its obligations under Article 67 of Directive 2015/849' (i.e., failed to adopt AMLD5).14

To streamline the mechanism for preventing and combating money laundering to the level stipulated by AMLD5, and to avoid possible financial consequences from the infringement procedure, the Romanian government adopted GEO 111/2020. This Emergency Order amended and supplemented the AML and also transposed the rest of AMLD5 into Romanian legislation, which as a result now employs the following definitions:

(1) virtual currency means a digital representation of value that is not issued or guaranteed by a central bank or public authority, is not necessarily linked to a legally established currency and does not have the legal status of currency or money, but is accepted by natural or legal persons as a medium of exchange and may be transferred, stored and traded electronically
(2) digital wallet provider means an entity that provides services for the secure storage of private cryptographic key services on behalf of its customers, for the holding, storage and transfer of virtual currency.

In this regard, custodial wallets ('hot wallets') are the only digital wallet providers that fall within the scope of the AML Law.

The legislative developments regarding cryptoassets relate mainly to their continuing use for money laundering and terrorist financing, the massive growth of 'private tokens' used to raise funds and the emergence of stablecoins and central bank digital currencies. A lot of recent research has highlighted that both lawful and unlawful crypto markets exist, where legal and illegal users operate respectively.15

The list of obliged entities under the AML Law could be broadened and the following blind spots could be addressed: (1) crypto exchanges exchanging crypto into crypto; (2) financial service providers active in the provision of, and participation in, financial services related to an issuer's offer or sale of a cryptoasset; and (3) trading platforms, at least insofar as they are centrally operated. Further legal determination is needed on whether issuers or offerors of cryptoassets should be included or excluded from the list of obligated entities.16

On the other hand, non-custodial wallet providers only provide the technical tools for others to use and typically do not function as intermediaries so it does not make much sense to target them for AML purposes.

The main AML obligations of the entities concerned are (1) reporting obligations – suspicious transaction reports must be sent immediately to the Romanian Office for the Prevention and Control of Money Laundering (OPCSB); non-suspicious transactions equivalent in value to at least €10,000 must be reported to the OPCSB; (2) customer due diligence and KYC checks; (3) reporting of ultimate beneficial owners – entities must have the necessary technological infrastructure to support electronic identification and verification; and (4) information sharing obligations – entities must collate, store and synthesise the information internally to enable data to be retrieved in a timely manner when needed or requested by authorities. See also Section V for a brief analysis of AML and crypto exchanges, and Section VIII on criminal law.

Regulation of exchanges

i The landscape

Romanians have unrestricted access to global exchange platforms as well as to e-money institutions that provide a fiat gateway and account management for digital assets using their passporting rights under EU law. There are a couple of domestic exchanges that developed a local competitive advantage by providing crypto trading pairs linked to the Romanian national currency, the Romanian leu, and by setting up physical exchange points and ATMs for crypto exchanges across Romania. We have seen interest in the local market for merchant payment solutions in crypto from both EU-based companies that benefit from passporting and local leading payment processors in the market, who are taking the network of users and merchants in Romania to the next level.

ATMs represent a growing alternative, with more than 80 crypto ATMs17 currently active across the major cities of Romania (with the highest concentration found in Bucharest). Nevertheless, such ATMs need to ensure compliance with withdrawal limits in view of AML regulations, which in practice precludes their use for large transactions, but they are useful for quick access to crypto pairs linked to the leu.

The crypto community has been waiting for a regulatory framework for its activities, given that many local crypto exchanges have had operational difficulties stemming from their inability to open and maintain a local bank account (see Section XI).

ii AML regulations related to crypto exchanges

Crypto-to-crypto exchange is not currently included within the scope of the AML Law, as the current focus for concern is the risk of laundering fiat money from illicit sources through its conversion into virtual currency and, in turn, conversion back into fiat currency. However, the status of crypto-to-crypto exchange is expected to change given that the latest Financial Action Task Force (FATF) recommendations include within the definition of virtual asset services exchanges between different forms of virtual assets.18

Most legal activity in cryptoassets – and in particular in cryptocurrencies – takes place on crypto exchanges. Consumers typically buy and hold cryptocurrencies as a speculative investment, rather than using them as a means of payment for goods or services offered by a legal merchant. They also tend to hold larger balances than illegal users.

Apart from specific rules on accountability and the reporting of suspect transactions and institutional reporting to the OPCSB, there a couple of new rules directed towards crypto exchanges and custodial wallet providers, as follows:

  1. the authorisation and registration of crypto exchanges is undertaken by the Ministry of Finance through the committee responsible for authorisation of currency exchanges;
  2. the newly formed Authority for the Digitalisation of Romania must issue a technical opinion as a requisite for subsequent authorisation;
  3. the AML Law grants passporting rights to EU- and European Economic Area (EEA)-based crypto exchanges via the notification procedure, with two conditions:
    • Non-EU/EEA crypto exchanges must incorporate a Romanian entity to provide crypto exchange services; and
    • EU/EEA exchange services are obliged to have an authorised representative who must be domiciled in Romania and who is authorised to conclude contracts on behalf of the foreign person and to represent the client before the state authorities and the courts in Romania. This can therefore be interpreted in such a way that these European providers must meet the criterion of a registration–authorisation pursuant to Romanian legislation to verify that they comply with the legislation of the country of origin, as well as that of the country in which they provide their services. The imposition by the legislature of this double condition of registration and authorisation could be considered unnecessarily harsh, given that other financial services benefit from a passport without the need for an authorised agent.
  4. The AML Law explicitly emphasises that unauthorised or unregistered activities are unequivocally prohibited, and internet, radio and TV operators must restrict access to site providers of exchange services between and to service providers of unauthorised and unregistered digital wallets in Romania or in the EEA.19 Against this backdrop, we expect a sort of censorship of crypto trading services that are not authorised or registered with the Romanian authorities. However, crypto-to-crypto exchanges and DEXs should not be affected in principle.
  5. The timeline for registering and obtaining authorisation is to be 12 months from the enactment of a government decision detailing the authorisation–registration procedure and the conditions that an authorised representative must fulfil. GEO 111/2020 provided a deadline of 90 days for this government decision; however, at the time of writing, the decision has yet to be enacted, leaving a formalistic implementation gap. As a matter of legal principle, in a market economy, what is not forbidden is permitted, thus currently crypto exchanges with specific authorisation can operate freely as long as they comply with the AML Law rules and reporting requirements. OPCSB Rule 1/2021 provides an implementing regulation for the AML Law in the form of a regulation20 requiring suspicious activities to be registered on the OPCSB online platform.21
  6. As the AML Law contains no specific provision on territoriality and does not currently distinguish between Romanian and non-Romanian crypto exchanges, it is not very clear whether foreign exchanges (including EU-based exchanges) should report suspicious transactions that have a Romanian nexus. This is, therefore, both a matter of jurisdiction and a question of how crypto exchanges' marketing and promotional activities could be interpreted in context. This requires a case-by-case analysis on jurisdictional issues under Romanian and EU law.

iii Additional potential regulated activities

With the ever growing interest in virtual currencies and the increasing complexity of crypto services business models comes an additional layer of complexity for classifying tokens and coins as either financial instruments or outside the scope of financial instruments. A crypto exchange that exchanges virtual assets that might qualify as securities under MiFID II and the local transposition legislation would require a licence as a security service provider under MiFID II and MiFIR rules, given that buying securities amounts to making a regulated investment and this is a service that can be offered only by regulated investment service providers. Currently, there are no local crypto exchanges authorised to exchange securities.

iv Cybersecurity and consumer protection

As the crypto space grows exponentially, particular attention should be given to cybersecurity of crypto exchanges, and to consumer protection matters and privacy. Fortunately, no Romanian-based crypto exchanges have been subject to hacking to date, according to public knowledge. Nevertheless, participants should prepare for the worst and even if specific regulation on crypto exchange cybersecurity compliance has not been enacted, crypto exchanges should self-impose a strict compliance standard, especially protection of keys for custodial wallets (technical and governance measures), a risk-based approach for operational resilience and measures to avoid conflicts of interest and market abuse by insiders.22

v Crypto exchanges and non-fungible tokens

Another point of legal interpretation relates to trading platforms and online marketplaces for non-fungible tokens (NFTs) such as Opensea.io; this also applies to centralised DeFi providers of lending instruments where NFT tokens are used as collateral. In view of the virtual asset definition, NFTs are a special form of token. While, in practice, virtual currencies mostly have a fungible nature (which from a strict legalistic point of view might be a bit different), NFTs are not fungible. Apart from that one difference, NFTs have the same characteristics as virtual assets and would be classified as such, therefore if a trading platform offers NFTs for exchange against fiat currency (via sale or lending against NFT collateral), the rules for crypto-to-fiat exchanges would kick in as a matter of principle.

When a trading platform facilitates the exchange and/or transfer of virtual assets, or another financial activity involving virtual assets, including by purchasing virtual assets from a seller (when transactions or bids and offers are matched on the trading platform) and selling them to a buyer, then that trading platform qualifies as a virtual asset service provider conducting exchange and/or transfer activity as a business on behalf of its customers.23

In contrast, decentralised and peer-to-peer marketplaces and NFT-to-crypto exchanges and marketplaces are not currently regulated under the AML Law.

Regulation of miners

Virtual currency miners are not subject to any specific regulation or licensing requirements in Romania, although general business rules will apply to virtual currency miners for their business operations. Mining activities are typically not considered illegal in Romania as long as miners gain legal access to the power grid. Any person or legal entity that earns money from mining activities, such as sale or lease of mining rigs or mining services, may be subject to Romanian tax law and may be required to pay personal or corporate income taxes.

Regulation of issuers and sponsors

Romania has no specific laws with respect to cryptocurrency issuers or sponsors. Issuers will be subject to the existing rules and regulations with respect to securities. An issuer must submit a prospectus to ASF prior to offering a cryptocurrency if the offering is not exempt under the EU PR, but only if the cryptocurrency is considered to be a security.

i Security token issuers

The EU tends to classify security token offerings as securities, and regulations applicable to securities will typically apply to security token offerings (STOs) in addition to regulations specific to issuing tokens or other crypto assets. The digital representation of an asset on a blockchain can be created easily and rapidly. The asset is thus represented digitally by a set number of tokens that exist within a single blockchain such as Solana or Ethereum, or multiple blockchains. To create these digital tokens, a blockchain developer can create a smart contract that manages the desired number of tokens on each blockchain. Token holders need to be able to enforce the rights associated with their security token in the real world. To this effect the European Commission has adopted several legislative proposals as part of its digital finance strategy: MiCA, the pilot DLT market infrastructures regime, the digital operational resilience regulation and a directive to amend existing financial services legislation.

It is important to note that the European Commission delegated to each local authority the responsibility on how to regulate tokens. According to the proposed new legislation, security tokens issued using DLT will be subject to MiFID II and, as a consequence, other financial market regulations will also apply. Specific laws will apply depending on the country of each issuer and on the countries where the issuer intends to offer the tokenised contract. There are several types of security tokens, such as: tokenisation of a stock corporation, tokenised subordinated loans and tokenisation of real estate assets and precious metals. We expect STOs to continue to grow and it will become essential to establish a harmonised regulatory framework, particularly in the case of STOs, which are traded globally albeit with a lack of regulatory certainty.

ii NFT issuers

While the EU broadened the AML regulatory framework to include 'virtual currency exchanges' and 'custodian wallet providers' with the implementation of the AMLD5 in 2018,24 it failed to draft regulations specific to NFTs, most likely because NFTs, while well-known among crypto enthusiasts, were not widely used until recently.25 Under Title II of the proposed MiCa, NFTs would most likely fall into the catch-all category of 'other cryptoassets'. Notably, the proposed MiCA exempts issuers of 'cryptoassets [that] are unique and not fungible with other cryptoassets' from the requirement to publish a white paper for public offerings so we can reasonably expect that this exemption would be likely to extend to NFTs. It is important to note, however, that MiCA includes licensing and operating requirements for cryptoasset service providers (CASPs). Therefore companies that provide services related to NFTs would most likely fall under the general definition of cryptoassets in the MiCA proposal, and as such would need to meet the requirements for CASPs. The definition of a cryptoasset service under MiCA is broad and includes: the custody and administration of cryptoassets on behalf of third parties; the operation of a trading platform for cryptoassets; the exchange of cryptoassets for fiat currency that is legal tender or for other cryptoassets; the execution of orders for cryptoassets on behalf of third parties; the placement of cryptoassets; the reception and transmission of orders for cryptoassets on behalf of third parties; the provision of advice concerning the acquisition or the sale of one or more cryptoassets; or the use of cryptoasset services.26 In its recent draft guidance, issued in March 2021, FATF replaced a previous reference to 'assets that are fungible' with 'assets that are convertible and interchangeable', in defining the scope of virtual assets that in FATF's view warrant regulation, raising the possibility that NFTs could be included within this definition.

Criminal and civil fraud and enforcement

The use and transfer of virtual currencies are completely legal in Romania. The Romanian Criminal Code (RCC) protects crypto owners from theft, embezzlement and fraud as much as it protects owners of any movable goods or other victims of criminal breach of trust. Although the RCC does provide general rules in relation to fraud committed through computer systems and electronic means of payment, a debate on the nature of virtual currencies as movable goods has been trending in the Romanian legal world recently.

i The Non-Cash Payment Directive and the RCC

Notwithstanding the above, until the transposition of the EU Non-Cash Payment Directive,27 the theft of virtual currencies through electronic means was not specifically punishable by a specific criminal penalty. The Non-Cash Payment Directive is to be implemented via amendments to the RCC.28 The aim of these amendments is to criminalise actions and fraud involving non-cash payment instruments, with virtual currencies now expressly included. It is worth mentioning that the RCC did not punish per se specific acts of fraudulent transfers of virtual currency as Article 250 of the RCC included only instruments related to electronic money. The following are among the most salient provisions related to virtual currencies that are expected to be introduced in 2021:

  1. a provision on the (intentionally) fraudulent use of non-corporeal non-cash payment instruments such as: (1) the fraudulent counterfeiting or falsification of a non-corporeal non-cash payment instrument; (2) the holding of an unlawfully obtained, counterfeit or falsified non-corporeal non-cash payment instrument for fraudulent use, at least if the unlawful origin is known at the time of the holding of the instrument; and (3) the procurement for oneself or another, including the sale, transfer or distribution, or the making available, of an unlawfully obtained, counterfeit or falsified non-corporeal non-cash payment instrument for fraudulent use;29
  2. producing, procurement for oneself or another, including the import, export, sale, transport or distribution, or making available a device or an instrument, computer data or any other means designed or adapted for the purpose of falsifying non-cash payment instruments is to be punishable with imprisonment of two to seven years.30
  3. accepting the transfer of virtual currency knowing that this transfer is being done through a falsified non-cash instrument or used without the consent of the owner is to be punishable with imprisonment of one to five years.31
  4. the Prosecutor's Office attached to the High Court of Cassation and Justice is to be designated as an operational national point of contact, available 24 hours a day, seven days a week for urgent requests for assistance.

ii Other special laws with criminal penalties: securities law, the AML Law

As a matter of principle, any unregistered sale of securities breaches the securities laws (which are heavily influenced by MiFID II and the PR). As such, an ICO or an STO that does not respect financial market regulations will be subject to hefty fines and criminal penalties for both the natural persons leading the issuance and the entities that issue illegal funding through virtual currencies. Specific penalties and provisions in relation to market manipulation or fraudulent information dissemination via inaccurate or false statements in white papers apply as well.

The AML Law provides a plethora of sanctions, from administrative fines up to imprisonment and criminal fines. Inter alia, failure to report a suspicious transaction can be fined with up to 10 per cent of the annual turnover, forfeiture and other complementary measures such as withdrawal of licences. The transfer of property, knowing that the property is derived from criminal activities, for the purpose of concealing or disguising the illicit origin of that property or of assisting any personal who was involved in the criminal activity to avoid the legal consequences of his action, or the acquisition, possession or use of property knowing that the property is derived from criminal activities is punishable with imprisonment of three to 10 years. Attempted criminal activities are also punishable under Article 49 of the AML Law.

Notably, the anti-money laundering criminal sanction has nationality-based extraterritoriality, as the penalties apply to any Romanian citizen or company even if the crime has been committed outside Romania or the EU and even if in the third country concerned the alleged money laundering activity is not recognised as a crime against the laws of the third country.

In relation to extradition based on alleged money laundering activities involving virtual currencies, a recent case of note involved the chief executive officer (CEO) of a Romanian crypto exchange, a Romanian citizen, who was extradited to the United States for aiding and abetting a cyber-fraud ring that defrauded various US citizens. The ex-CEO and the company were accused of money laundering and are currently being charged under the Racketeer Influenced and Corrupt Organizations Act in Kentucky courts.32

iii Enforcement by the Romanian authorities

Both Romanian police special forces dealing with information systems types of fraud and the prosecutors, have a sound knowledge of the types of crimes where virtual currencies are involved for ransomware, fraud or money laundering. The exchange of information between the Romanian Directorate for Investigating Organised Crime and Terrorism (DIICOT), and Europol, Interpol and the US Federal Bureau of Investigation and Department of Justice has been praised in recent years by these agencies. In a recent DIICOT case, where funds were stolen from the seventh largest crypto exchange (based in the Cayman Islands), the DIICOT acted promptly, putting the suspect under arrest after approximately only one month.33

Romanian authorities can confiscate virtual currencies that have been illegally obtained in the course of criminal infractions, just as they can confiscate other illegally obtained assets. The National Agency for the Management of Seized Assets has previously conducted auctions for Bitcoin and Ethereum seized in criminal cases. These auctions are conducted online and anyone can register as bidders.

Tax

In Romania, transactions with virtual currencies were regulated for the first time in 2019, through Law 30/2019,34 which introduced into the Romanian Fiscal Code provisions regarding the taxation of income obtained from transacting with cryptocurrency.

i Tax treatment of individual investors

Revenues from the transfer of virtual currency fall into the category of revenues from 'alternative sources' and are subject to the specific tax regime reserved for this category. According to Article 116(1) of Law 227/2015 of the Fiscal Code, anyone deriving a profit from transactions with virtual currencies has the responsibility to determine the income tax as well as any applicable contributions and report the entirety of the profits made. The profits realised from virtual currency transactions are represented by the simple difference between the sale price and the purchase price, including the direct costs related to the transaction. Cryptocurrency capital gains for individual investors are taxed at a flat rate of 10 per cent in Romania. Earnings below the sum of 200 lei (approximately €40) per transaction are exempt from tax provided that the total earnings for the fiscal year do not exceed the sum of 600 lei (approximately €120). In the event that total profits realised from alternative sources amount to a sum equal to the equivalent of 12 minimum gross wages (approximately €5,500) the taxpayer will also have to pay the social security contribution of approximately €500. The payment of tax for cryptocurrency capital gains is set to be made on or around the month of March for each taxable year. It should be noted that conversions from cryptocurrency to a stablecoin without a transfer from the exchange platform to a bank account does not offer a real, tangible benefit to the beneficiary (as a rule, the funds can only be used for the acquisition of cryptocurrency units if they are under the management of the platform). Consequently, the mere conversion made within the platform does not constitute a taxable event. A taxable event occurs only when the funds are transferred from the platform to the bank accounts of the beneficiary holder.

ii Tax treatment for corporations

Corporate capital gains realised by Romanian companies are taxed as any other corporate profits. In the case of a small business or microenterprise, the profits will be taxed at a flat rate of 3 per cent or 1 per cent for companies with at least one employee together with a dividend tax in the amount of 5 per cent and any applicable social security contributions. A company should be very thorough in maintaining an accurate and proper record of all taxable cryptocurrency transactions (receiving payments in cryptocurrencies, exchanging, etc.) Tax audits have been carried out in the past targeting cryptocurrency transactions, with the parties involved having to engage in legal proceedings to ask courts to confirm or refute the tax obligations imposed by the fiscal authorities. One should expect that controls of this kind will occur more frequently in the not so distant future.

iii Value added tax regime

Under Romanian law there are no value added taxes applicable to any transfer of cryptocurrencies. Indeed, the exchange of a virtual currency with conventional currencies is considered to be a service pursuant to Article 271(1) of the Fiscal Code. These services are exempt from value added tax under Articles 268(9)(c) and 292(2)(a)-4 of the Fiscal Code. This policy takes account of the judgment rendered by the Court of Justice of the European Union in the Swedish Hedqvist case,35 which is applicable to Romania as a European Union Member State.

Other issues

i Access to banking services for crypto exchanges

An important point refers to the operational hurdles that crypto exchanges face in opening a bank account. Bank accounts that use cryptocurrencies were seen as the holy grail for businesses in the blockchain space, and especially for crypto exchanges.36 This is becoming a 'game of thrones' between various authorities in Romania as crypto exchanges complain about lack of transparency and discriminatory treatment by local banks. A crypto exchange that complies with the AML Law should be able to offer its services and establish residence in Romania while fully operational (paying for providers, salaries and transfers between bank accounts). This does not happen in practice. Although BNR does not have competence to monitor crypto exchanges, it has issued a recent warning statement on the speculative and risky nature of virtual currencies.37 However, BNR has also stated that 'the principles for managing the risk of illicit use of virtual currencies have been created' and that virtual currencies and their use 'do not currently pose a threat to financial stability in Romania'. Against this background, BNR highlights that BNR rules do not forbid credit institutions from offering operating accounts to crypto exchanges. While it is true that banks are at liberty to choose their customers, a commercial company from any economic sector (crypto exchanges included) cannot function without a bank account, for obvious reasons. To conclude on a personal note, banks are blocking unreasonably the legitimate operations of Romanian-based exchanges and crypto businesses because they do not understand the business model and they are hiding behind regulators' lack of trust in decentralisation and the modernisation of finance. As a result, institutional investors lack opportunities to take advantage of the window of opportunity for Romania to invest in the digitalisation of finance – as fintech is a growing sector in the Central and Eastern Europe region. The AML Law was eagerly awaited as it was expected to provide more clarity and to define the obligations for crypto exchanges, which would in turn provide banks with legal recognition of this nascent sector. In practice, not much has changed.38 From a macro perspective, the remaining burning issue for Romanian crypto businesses is that they may lose out in competition against other EU crypto businesses that are helped by their regulations, are well financed by domestic institutional investors, are backed by banks and, because of their rights to operate in Romania on the basis of passporting rights and liberty of services within the EU, cannot be blocked by Romanian authorities. This leads to a form of unfair competition that should be addressed before the entry into force of the EU's MiCA, as the pace of growth in the crypto ecosystem far exceeds the speed of the regulatory process.

ii Operational issues related to the classification of cryptoassets

Commercial companies that accept crypto payments have complained about the lack of clarity in relation to the classification of virtual currencies for accounting purposes. The same applies to exchanges and miners. There are also commercial companies that wish to make investments in virtual assets. Certified accountants include cryptocurrencies as intangible assets or as commodities or inventory.39 Moreover, the valuation of virtual assets and their reflection in a company's balance sheets gets complicated, as there is no defined methodology or guidance under Romanian law. This lack of clarity raises practical issues related to tax obligations and to corporate matters (e.g., payment of dividends, liquidation and insolvency, as well as extinguishment of obligations by accepting or making payments with virtual currencies). We expect practical problems to arise in relation to estates and wills related to cryptocurrencies. Despite this lack of clarity, practical solutions and innovative approaches have been found and grafted onto the principles of the Romanian domestic legal regime to cope with the increased use of virtual currencies in business transactions.

Looking ahead

We (optimistically) expect that the barriers to opening a bank account or e-money account will be solved within the next year. We anticipate that the authorisation process for crypto exchanges and custodians will be streamlined via a government decision as requested under the AML Law. On tax and corporate matters, tax authorities are expected to provide guidance on the classification of virtual currencies. By the same token, and from a business perspective, we expect to see more EU-based exchanges, payment and e-money institutions providing services related to virtual currencies taking advantage of their passporting rights. It is likely that we will see merchant payments being made with crypto, as well as an increased trend for DeFi services. We have also seen heightened interest in asset tokenisation and financing in Romania, especially from real estate developers. Although decentralised autonomous organisations (DAOs) are not currently protected, we have recently seen interest in cooperative entity formation with a view to acting as functional DAOs under Romanian civil law.

NFT technical solutions and local marketplaces are being developed as we speak. Last but not least, we expect to see growing interest from venture capitalists, incubators and accelerators in DLT and crypto start-ups who plan to scale up internationally, as the EU's agenda on innovation has started to focus more on virtual currencies and their economic use.

On 24 September 2020, the European Commission adopted a digital finance package that includes MiCA, the legislative proposal for a regulation on markets in cryptoassets mentioned above (see Section III.i). MiCA includes regulations that would apply to NFTs in certain cases and defines for the first time in the EU a cryptoasset as a 'digital representation of value or rights which may be transferred and stored electronically, using distributed ledger technology or similar technology'. The European Commission has not officially stated a specific timeline for MiCA implementation but expects it to be adopted in the next four years.40 As an EU regulation, it will apply directly in all EU Member States and will not require implementation in national laws. The proposed MiCA applies to (1) the public offering of cryptoassets, (2) the listing of cryptoasset trading platforms, (3) the licensing of CASPs, and (4) the implementation of market abuse rules for cryptoasset businesses. MiCA generally references three main categories of token (asset-referenced tokens, e-money tokens, and other cryptoassets), with different requirements for each regarding licensing and operations of issuers.

Footnotes

1 Tudor Velea and Alexandru Stanescu are partners at SLV Legal.

2 ING International Survey, From cash to crypto: the money revolution (September 2019), p. 7.

3 Crypto Head, The 2021 Crypto Ready Index: Which countries are most prepared for the widespread adoption of cryptocurrencies? available at: https://cryptohead.io/research/crypto-ready-index/.

7 Implemented in Romania by Law 24/2017 on issuers of financial instruments and market operations, subsequently modified by Law 158/2020.

8 See Vlad Burilov, Regulation of Crypto Tokens and Initial Coin Offerings in the EU (2019), Eur. J. Comp. L. & Gov. 6 (2019) 146–186 (finding the EU's need to clearly define the scope of tokenised financial instruments).

9 Directive 2009/110/EC of the European Parliament and of the Council of 16 September 2009 on the taking up, pursuit and prudential supervision of the business of electronic money institutions.

10 BNR press release of 16 April 2021 on its position concerning virtual currencies, available at: https://www.bnr.ro/page.aspx?prid=19236.

11 Proposal for a Regulation of the European Parliament and of the Council on Markets in Crypto-assets, and amending Directive (EU) 2019/193, COM/2020/593 final.

12 Directive 2009/110/EC of the European Parliament and of the Council of 16 September 2009 on the taking up, pursuit and prudential supervision of the business of electronic money institutions amending Directives 2005/60/EC and 2006/48/EC and repealing Directive 2000/46/EC.

13 Directive 2015/2366 of the European Parliament and of the Council on payment services in the internal market.

15 For more information on the lawfulness of the crypto market, see the European Parliament ECON Committee study: Houben, Snyers, Crypto-assets: Key developments,regulatory concerns and responses, Policy Department for Economic, Scientific and Quality of Life Policies Directorate-General for Internal Policies, PE 648.779 – April 2020, p. 27.

16 For more information on the adequacy of the regulatory framework, see the European Parliament TAX3 Committee study: Houben, Snyers, Cryptocurrencies and blockchain: Legal context and implications for financial crime, money laundering and tax evasion, Policy Department for Economic, Scientific and Quality of Life Policies Directorate-General for Internal Policies, PE 619.024 – July 2018, ch. 5.3 at p. 76.

17 See footnote 3.

18 FATF Recommendations, Guidance for a Risk-Based Approach to Virtual Assets and Virtual Asset Service Providers (June 2019), FATF, Paris; www.fatf-gafi.org/publications/fatfrecommendations/documents/Guidance-RBA-virtual-assets.html, point 33c, p. 13.

20 Enacted by OPCSB Order 47/2021 of 12 March 2021.

22 For more information on cybersecurity concerns, see the European Parliament ECON Committee study: Houben, Snyers, Crypto-assets: Key developments,regulatory concerns and responses, Policy Department for Economic, Scientific and Quality of Life Policies Directorate-General for Internal Policies, PE 648.779 – April 2020, pp. 60–64.

23 FATF Recommendations, Guidance for a Risk-Based Approach to Virtual Assets and Virtual Asset Service Providers (June 2019), FATF, Paris; www.fatf-gafi.org/publications/fatfrecommendations/documents/Guidance-RBA-virtual-assets.html. For a detailed policy analysis on trading platforms, see ibid. fn 9.

24 Directive (EU) 2018/843 of the European Parliament and of the Council of 30 May 2018 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing.

25 Cryptokitties being a notable exception.

26 See MiCA Recital (8).

27 Directive (EU) 2019/713 of the European Parliament and of the Council of 17 April 2019 on combating fraud and counterfeiting of non-cash means of payment and replacing Council Framework Decision 2001/413/JHA.

28 At the time of writing, Law Proposal PL-x No. 162/2021 has been adopted by Parliament and is awaiting final approval (promulgation) by the President of Romania.

29 RCC Articles 250, 250(1) and 251.

30 RCC Article 314.

31 RCC Article 251.

34 Law No. 30/2019 of 10 January 2019 approving Government Emergency Order No. 25/2018 regarding the modification and completion of some normative acts and the approval of budgetary measures, issued by the Parliament of Romania and published in Official Gazette No. 44 of 17 January 2019.

35 CJEU, 22 October 2015, C-264/14, Hedqvist.

37 BNR press release of 16 April 2021 on its position concerning virtual currencies, available at: https://www.bnr.ro/page.aspx?prid=19236.

38 Similar situations are also present in France; see The Virtual Currency Regulation Review (3rd edn), France chapter by Hubert de Vauplane and Victor Charpiat, 'Access to banking services'.

39 For more details on the accounting principles in Romania related to virtual currencies see: https://www.accountinghub.ro/cum-inregistram-in-contabilitate-tranzactiile-cu-criptomonede/.

40 Communication from the Commission to the European Parliament, the Council, The European Economic and Social Committee and the Committee of the Regions on a Digital Finance Strategy for the EU, 24 September 2020, COM(2020) 591 final.

Get unlimited access to all The Law Reviews content