Financial #1 Legislative focus

The Ministry of Finance has published for public consultation a draft law transposing into primary legislation the provisions of Directive (EU) 2024/1619 (CRD VI) and Directive (EU) 2024/2994, substantially strengthening the prudential supervision, governance, risk management and sanctions framework applicable to credit institutions and investment firms. The existing legal framework, represented by GEO no. 99/2006, is being amended.

For banks, the impact is mainly structural and operational, with effects that will be felt over the medium and long term. The integration of ESG risks requires adjustments to the internal risk management framework, with possible consequences on the structure of credit portfolios, the value and eligibility of collateral, as well as on the way borrowers are assessed.

Financial institutions should initiate an internal gap analysis of governance, ESG risk integration, and prudential compliance frameworks and prepare an implementation roadmap aligned with CRD VI requirements.

The Government has adopted an emergency ordinance amending Law no. 231/2015 and other related normative acts to ensure compliance with Regulation (EU) 2024/886, which introduces mandatory requirements for instant euro credit transfers.

The initiative strengthens the role of the National Bank as a competent authority in the payments field, extends monitoring powers over payment service providers, and reinforces the sanctions regime and governance requirements applicable to payment institutions.

The main impact is operational and technical, as instant euro transfers become a market standard, and requirements regarding availability, execution, and sanctions screening must be integrated into IT infrastructure and transaction monitoring processes. Adapting systems for real-time international sanctions screening in the context of instant payments involves relevant procedural and technological adjustments.

Financial institutions and other companies should assess and upgrade their payment systems, sanctions screening tools, and operational processes to ensure real-time instant euro transfer capability and compliance controls.

The European Commission has launched a Call for Evidence for the upcoming Communication on competitiveness in the Single Banking Market, scheduled for Q3 2026. The initiative is part of the broader Savings and Investments Union (SIU) agenda and aims to identify structural barriers that limit cross-border integration, efficiency, and competitiveness of the EU banking sector.

Although it does not introduce binding rules, the initiative signals a possible direction for structural reform at European level, through:

• Assessing the degree of fragmentation of the Single Banking Market and the effects of divergent national implementation of the European framework;
• Analysing the cumulative complexity generated by overlapping microprudential, macroprudential and resolution requirements;
• Examining obstacles that limit cross-border activity and banking consolidation at EU level;
• Evaluating the effectiveness of the current prudential and crisis management framework in relation to digitalisation and global competition; identifying potential elements of excessive complexity or regulatory inconsistency;
• Analysing the impact of an incomplete Banking Union (including the absence of a common deposit guarantee system).

At this stage, the impact is strategic and forward-looking, but potentially significant in the medium term:

• Possible revision of the framework for cross-border capital and liquidity mobilisation;
• Potential initiatives for simplification or reduction of administrative and reporting burdens;
• Pressure to reduce national application discrepancies and increase supervisory convergence;
• Possible adjustments regarding banking consolidation and cross-border operations regimes;
• Recalibration of the balance between resilience and competitiveness in the prudential framework.

Financial institutions should internally evaluate how cross-border operations, reporting burdens, and capital/liquidity structures could be affected and prepare a coordinated industry feedback or positioning paper.

The Ministry of Internal Affairs published a draft Government Decision for the approval of the National Strategy on the Resilience of Critical Entities together with its related Action Plan. The Strategy has a validity horizon through 2031 and targets sectors such as financial infrastructure, healthcare, energy, transport, water, digital infrastructure, public administration, space, and food. It sets out a formal governance structure based on CNCPIC coordination, designated sector authorities, and specific resilience duties for entities identified as critical.

The measure brings resilience supervision under a single national framework consistent with EU security objectives. Financial institutions could gradually be subject to enhanced coordination requirements, closer monitoring, and more formalized reporting obligations.

Operators within the targeted sectors should perform an internal review comparing their current resilience arrangements with the Strategy’s planning and reporting framework.

A new legislative proposal registered in Parliament aims to revise GEO 155/2024 on cybersecurity and to introduce complementary provisions in the Criminal Code.

The proposal creates an interinstitutional committee coordinated by the National Cyber Security Directorate (DNSC) and specifies that vulnerability research performed in good faith and without causing harm is not treated as a criminal act, provided strict safeguards are met and notification is made within 48 hours.

The initiative sharpens the governance framework and clarifies liability limits in the area of vulnerability disclosure. Financial institutions and other regulated organizations may have to update internal processes for vulnerability handling and collaboration with security researchers.

Entities subject to GEO 155/2024 should reassess their vulnerability disclosure workflows and track the legislative process for potential changes.