Romania overhauls bank outsourcing rules
BUCHAREST, ROMANIA — The National Bank of Romania (NBR) recently released its proposed Draft Regulation to consolidate oversight of outsourcing by banks and other credit institutions.
The goal is to streamline the fragmented governance of outsourcing arrangements. The regulations would combine existing European Union (EU) directives with local Romanian requirements (Regulation No. 5/2013) under a single framework.
Key areas addressed include outsourcing policies, risk management, provider due diligence, contract terms, and oversight of cloud services.
Most provisions under the proposed Draft Regulation will take effect within three months if adopted. However, the NBR plans to implement stricter rules for cloud outsourcing, recognizing the higher risks associated with this practice.
The updated regulations come amid evolving EU-wide operational resilience standards for finance called the Digital Operational Resilience Act (DORA). The NBR initiative signals a push to modernize Romanian banking through more rigorous, harmonized outsourcing governance.
The final shape of the new rules awaits the conclusion of the public comment process. However, the reforms reflect the recognition that strong oversight is needed to enable stability as banks adapt to digital transformation.
The Draft Regulation is currently open for public consultation on the NBR’s website.
