The provision of identification services will be subject to specific limitations imposed by the internal rules implemented by the financial institution which requires the externalization of its employees and clients’ identification services.
For the purposes of this section we have assumed that ”identification services” concept refer to ”authentication procedures” provided by IT service providers for the benefit of financial institutions to secure their employees and clients’ authentication.
In essence, the provision of ”authentication procedures” does not trigger specific authorisations/licences for the service providers in Romania.
Whereas the provision of ”identification services” may entail in certain cases the processing of personal data, FinTechs will be subject to the data protection rules .
An overview of the obligations incumbent on the service providers may not be accurately provided. Depending on the services envisaged to be performed by the service providers, a case by case analysis should be carried out in order to decide the particular regulatory framework incumbent on FinTechs (and specific obligations).
By way of background, providers of electronic signature may be subject to different rules depending on the territory they obtained the right to provide electronic signatures. The providers of electronic signatures established in the European Union may provide their services in line with the relevant bilateral EU Agreement concluded between Romanian, EU community and EU member states. On the contrary, providers of electronic signatures established in third countries (outside EU) may provide their services in Romania in limited circumstances (e.g. if such provider was accredited by the Romanian competent authority).
We have not identified relevant public official statistics regarding these subject matters.