Romania

Identity Verification & KYC For Romania

Shufti supports KYC, KYB, and AML compliance under Romanian law and ONPCSB reporting requirements, aligned to Law 129/2019 and National Bank of Romania supervisory standards.

Operational performance for Romania KYC

Our Numbers Speak Volumes

99.73%

Pass rates

100%

NFC
Verification

42%

EIDV
Coverage

Evidence-Ready Checks Across People & Businesses

Individual Documents We Verify

Shufti supports 10 Romanian document types.

View All Supported Documents

Romanian Identity Card

National identity document for citizens aged 14+; contains Cod Numeric Personal (CNP), a unique 13-digit identifier used in AML screening and KYC matching across all verification workflows.

Romanian Passport

Burgundy EU-standard passport with fourth-generation security design; contains CNP identifier and establishes citizenship for international travel and cross-border identity verification purposes.

Romanian Driver's Licence

Official driving permit and identity document recognised domestically and internationally; contains CNP identifier and serves as accepted identity proof for KYC verification processes.

Business Entity Identity

Certificate of Incorporation

Confirms legal existence and company registration with ONRC; establishes entity identity and official business status.

Registration Certificate

Provides entity details including CUI, company type, registered office, and business activity classification.

Business Tax Identity

CUI

Unique company tax identification number required for all registered Romanian businesses and essential for tax and regulatory compliance.

VAT Registration Certificate

Confirms tax registration status with ANAF and establishes entity obligation for Value Added Tax purposes.

Ownership & Control (UBO)

Beneficial Ownership Declaration

Mandatory filing under Law 129/2019; identifies individuals owning or controlling 25% or more of shares, voting rights, or exercising control through other means.

UBO Information Requirements

Required data includes UBO name, surname, date of birth, CNP (personal identification number), identity document series/number, citizenship, domicile/residence, and method of control exercised.

Languages We Cover

Romanian document handling with diacritical precision

Romanian diacritics (ș, ț, ă, â, î) must be preserved in digital systems to prevent document/name mismatch errors during KYC verification and AML screening processes.

Name matching across diacritic variations

Normalisation controls handle diacritical marks accurately, reducing false negatives in sanctions, PEP screening, and customer matching across systems and jurisdictions.

Evidence consistency in address and identity matching

Identity data is reconciled across documents, beneficial ownership disclosures, utility records, bank statements, and screening outputs in one case file for audit readiness.

GOVERNANCE & CONTROLS

Audit-Ready Decisions, Lower Operational Drag

Fewer avoidable re-submissions

Document capture workflows reduce failure rates in Carte de identitate and passport onboarding.

Cleaner audit trails

Case files retrievable for ONPCSB inspections, BNR supervisory reviews, and regulatory examinations.

Better name matching

Handles Romanian diacritics, patronymic patterns, and cross-border EU worker identity matching.

One workflow, one back office

KYC, KYB, and AML screening integrated with ONPCSB reporting in one unified back office system.

National ID-first flow design

Carte de identitate primary ID flows aligned with how identity is actually verified in Romania.

Enterprise-grade compliance infrastructure

Romania IDV/KYC Challenges

Diacritics in name matching

Name normalisation errors involving Romanian diacritical marks create false negatives in AML and PEP screening, increasing compliance review burden.

Card-not-present fraud

Non-face-to-face transactions present elevated impersonation and document fraud risk without biometric corroboration or in-person verification checks.

Cross-border EU workers

Dual-residency verification complexity arising from Romania as source and destination for EU labour mobility; compliance obligations vary by jurisdiction.

Limited digital ID uptake

Paper-based identity documents remain dominant despite EU digital identity frameworks. Low e-ID adoption slows automation and increases manual validation.

Shufti’s IDV/KYC Solutions for Romania

KYC Solutions

Face Verification

Reduces impersonation and synthetic identity risk. In Romania's card-not-present environment, biometric corroboration strengthens identity evidence and transaction compliance.

Age Verification

Selfie-based age estimation with document verification fallback for gaming, fintech, and regulated product sectors operating in Romania.

Address Verification

Verifies address documents against major utility providers (Electrica, E.ON, CEZ, Rețele Electrice) and bank statements from Banca Transilvania, BCR, BRD, ING, and other major Romanian banks.

Document Verification

Supports Carte de identitate, passport, and driver's licence with MRZ and barcode extraction for automated data capture and validation.

KYB Solutions

Business Verification

Validates entity status through ONRC registry data, corroborates CUI evidence, and captures beneficial ownership declarations consistent with Law 129/2019.

Enhanced Due Diligence (EDD)

Escalation workflows for high-risk entities, politically exposed persons (PEPs), and cross-border EU worker verification with audit trails aligned to ONPCSB standards.

AML Screening

Business AML Screening

Screens entities and controlling persons against ONPCSB watchlists, Romanian PEP datasets, EU sanctions, and UN Security Council sanctions lists.

Transaction Screening

Ongoing monitoring aligned to Law 129/2019 suspicious activity obligations and ONPCSB STR processes for cash and linked transaction reporting.

REGULATORY ALIGNMENT

Built to Fit Romania's Compliance Landscape

National Bank of Romania (BNR)

Central bank for monetary policy and banking sector supervision. Shufti aligns KYC and AML workflows to BNR supervisory standards for banking customer due diligence.

Financial Supervisory Authority (ASF)

Independent regulator overseeing capital markets, insurance, and private pensions. Shufti supports ASF compliance through entity and beneficial owner verification.

National Office for Prevention and Combating of Money Laundering (ONPCSB)

Romania's Financial Intelligence Unit for AML/CFT policy and reporting. Shufti automates STR reporting, screening, and customer due diligence workflows.

National Authority for Consumer Protection (ANPC)

Consumer protection and market surveillance authority for Romania. Shufti supports ANPC compliance through KYC verification, fraud prevention, and identity authentication.

National Supervisory Authority for Personal Data Processing (ANSPDCP)

National Data Protection Authority enforcing GDPR in Romania. Shufti supports ANSPDCP compliance through encryption, retention controls, and data protection measures.

National Trade Register Office (ONRC)

National business registry and trades register for entity verification. Shufti integrates ONRC validation for CUI verification, beneficial owner filing, and KYB onboarding.

National Agency for Fiscal Administration (ANAF)

Revenue service for tax administration, VAT registration, and fiscal compliance. Shufti supports ANAF compliance through CUI validation, VAT verification, and fiscal code matching.

Deployment Choice

No cloud hyperscaler operates data centres in Romania. AWS Ireland, Azure Netherlands and GCP European zones are nearest. On-premise options available.

Regulatory Alignment

GDPR and Law 190/2018 apply. ANSPDCP enforces Data Protection Impact Assessments, lawful processing basis, and controller/processor contracts for KYC data.

Retention controls

Law 129/2019 mandates 5-year retention for KYC documents, transaction records and AML files. Automatic purge protocols delete after 5 years unless held.

Encryption posture

GDPR Article 32 mandates encryption as technical control. AES-256 for data at rest and TLS 1.2+ for data in transit aligned to industry standards.

Data Controls & Privacy for Romania

BUILT FOR COMPLIANCE TEAMS

Romania AML Sources That Strengthen Decision

National Assembly of Romania

Romanian Radio Broadcasting Company (Radio Romania)

TThe National Supervisory Authority For Personal Data Processing

Generali Societate de Administrare a Fondurilor de Pensii Private S.A.

Romania Insider

Adevărul

Realitatea

National Assembly of Romania

Romanian Radio Broadcasting Company (Radio Romania)

TThe National Supervisory Authority For Personal Data Processing

Generali Societate de Administrare a Fondurilor de Pensii Private S.A.

Romania Insider

Adevărul

Realitatea

National Assembly of Romania

Romanian Radio Broadcasting Company (Radio Romania)

TThe National Supervisory Authority For Personal Data Processing

Frequently Asked Questions

What are the KYC requirements for individuals in Romania?

KYC requirements for individuals in Romania include name, surname, citizenship, and date of birth verified through Carte de identitate, passport, or driver's licence. Address verification using utility bills or bank statements is standard practice.

What documents are required for identity verification in Romania?

Primary identity documents include Carte de identitate, passport, and driver's licence. Address verification documents include utility bills from Electrica, E.ON, CEZ, or Rețele Electrice, and bank statements from major Romanian banks. All documents must contain the CNP identifier.

What is Law 129/2019 and what are the main compliance obligations?

Law 129/2019 is Romania's primary anti-money laundering statute, adopted July 2019, transposing the 4th AML Directive. Core obligations include customer due diligence on a risk-based approach (standard, simplified, or enhanced), beneficial owner identification filed with ONRC within 15 days, and ONPCSB reporting of suspicious transactions.

How does customer due diligence work under Romanian AML law?

Customer due diligence under Law 129/2019 applies on a risk-based approach: standard for low-risk, simplified for very low-risk, enhanced for high-risk entities and cross-border transactions. Measures include identity verification, beneficial owner identification, and relationship assessment.

What is beneficial owner verification and why is it required?

Beneficial owner verification identifies individuals owning or controlling 25% or more of shares, voting rights, or other control mechanisms. Law 129/2019 mandates filing with ONRC within 15 days of incorporation and updates within 15 days of change. Non-compliance incurs fines up to RON 10,000.

What are the reporting requirements to ONPCSB?

Reporting entities must file suspicious transaction reports (STRs) with ONPCSB, Romania's Financial Intelligence Unit, when suspicious activity is identified. Cash transaction reporting applies to transactions of EUR 10,000 or equivalent in RON including linked transactions. STR filing is mandatory upon identification of suspicious activity.

How do KYC and GDPR compliance intersect in Romania?

KYC data is personal data under GDPR and Law 190/2018. ANSPDCP enforces Data Protection Impact Assessments (DPIAs), encryption, breach notification within 72 hours, and lawful processing basis. KYC documents must be retained for 5 years under Law 129/2019, with automatic deletion after 5 years.

Build a Romania-ready KYC, KYB & AML programme with Shufti

Check Pricing Request Demo

INDEPENDENTLY AUDITED. GLOBALLY CERTIFIED.

Certified to Global Standards

PROVEN WORKFLOWS

Use Cases for Regulated Growth in Romania

Fintech

Forex

Banking

Gaming

Gig Economy

Crypto

Marketplace

Fintech

Forex

Banking

Gaming

Gig Economy

Crypto

Marketplace

Fintech

Forex

Banking

Gaming

Gig Economy

Crypto

Marketplace

Accelerate Growth, Eliminate Friction

Onboard users in seconds, not days. Deploy tiered address verification flows that maximise completion rates for genuine users while filtering out synthetic fraud.

Learn More Try Now

Onboard Global Traders in Real-Time

Verify investors across 250+ countries & territories. Ensure compliance with international financial regulations while preventing identity theft and high-risk chargebacks.

Learn More Try Now

Secure Trust at Every Transaction

Automate KYC and AML workflows to reduce manual onboarding costs. Strengthen residency checks while delivering the frictionless digital experience modern customers expect.

Learn More Try Now

Power a Fair & Secure Player Experience

Reduce bonus abuse and multi-accounting rings at the door. Enforce location rules and trigger step-up checks without disrupting the player journey.

Learn More Try Now

Build a Trusted, Verified Workforce

Screen freelancers and drivers at scale. Verify residency and reduce onboarding friction while maintaining trust between users.

Learn More Try Now

Scale Your Exchange with Confidence

Balance anonymity with compliance. Instantly verify user jurisdiction to meet Travel Rule obligations and help stop abuse without slowing down legitimate trading volume.

Learn More Try Now

Reduce fraud without blocking growth

Shufti supports marketplace integrity by verifying seller and buyer identities, enabling age-gated journeys where needed, and preserving evidence to support investigations, disputes and risk-led enforcement actions.

Learn More Try Now