Corporate Criminal Liability in Romania (2026): a Practical Playbook for Companies Facing White‑collar Investigations

Corporate criminal liability in Romania has moved from a theoretical risk to an operational reality for companies of every size. Romania’s Criminal Code holds legal entities directly accountable for offences committed by their organs, representatives, or employees when those acts serve the entity’s interest, and enforcement agencies, most notably the Direcția Națională Anticorupție (DNA) and the Oficiul Național de Prevenire și Combatere a Spălării Banilor (ONPCSB), have sharpened their focus on corporate targets since late 2025. Heightened AML scrutiny, expanded asset‑freezing powers, and closer cross‑border cooperation with EU and OECD counterparts mean that general counsel, compliance officers, and boards must treat any investigative contact as a potential crisis requiring immediate, structured action.

This playbook translates the legal framework into the practical steps companies need during the critical first hours of an investigation and beyond.

Executive Summary: The First 72‑Hour Decision Checklist

When prosecutors initiate a white‑collar investigation against a company in Romania, the actions taken, or not taken, within the first 72 hours largely determine the trajectory of the case. Delays in preserving evidence, securing privilege, or notifying the board can convert a manageable inquiry into a full‑blown corporate crisis. The checklist below distils the most critical early‑stage steps that every general counsel and compliance officer should be prepared to execute.

1. Activate the crisis‑response protocol. If one exists, convene the pre‑designated crisis team immediately. If none exists, assemble one comprising legal, compliance, finance, and communications leads.
2. Engage external criminal defence counsel. Appoint a Romanian‑qualified lawyer with white‑collar investigations experience before any substantive interaction with prosecutors.
3. Issue a legal hold notice. Instruct all relevant employees, departments, and IT administrators to preserve documents, emails, messaging records, and electronic data. Prohibit deletion or alteration of any files.
4. Identify the scope of the investigation. Obtain and carefully review the search warrant, subpoena, or information request to understand the offences under investigation and the evidence targeted.
5. Secure privileged communications. Segregate legal‑advice files from operational documents. Assert privilege over any materials seized that fall within attorney–client protection.
6. Brief the board selectively. Inform the chairperson or audit committee chair on a need‑to‑know basis. Avoid wide circulation of details until the scope is clearer.
7. Assess director and officer exposure. Determine which individuals may face personal liability and ensure they have separate legal representation where conflicts exist.
8. Map assets at risk of seizure. Identify bank accounts, real property, and movable assets that prosecutors may seek to freeze and begin preparing challenge submissions.
9. Impose internal communication controls. Restrict discussions about the investigation to privileged channels. Remind employees of confidentiality obligations.
10. Preserve whistleblower protections. Ensure that any internal reporter is protected from retaliation, in line with Romania’s transposition of the EU Whistleblower Directive.
11. Coordinate with regulators if necessary. If the company is in a regulated sector (banking, insurance, capital markets), assess notification obligations to the relevant supervisory authority.
12. Document every action. Maintain a privileged log of all steps taken, communications sent, and decisions made from the moment the investigation becomes known.

Corporate Criminal Liability Romania: Legal Basis and Who Can Be Held Liable

The statutory foundation for corporate liability Romania sits in Articles 135–151 of the Romanian Criminal Code (Codul Penal), as published on the official Portal Legislativ. Under Article 135, a legal entity, other than the State, public authorities, and public institutions carrying out activities that cannot be the subject of the private sector, can be held criminally liable for offences committed in the pursuit of the entity’s object of activity or in its interest or on its behalf. Liability attaches when the offence is committed by the entity’s organs or representatives, but it also extends to situations where the offence results from inadequate supervision or control.

Critically, corporate criminal liability does not exclude the individual criminal liability of the natural person who committed or participated in the offence. Prosecutors regularly pursue both tracks in parallel, a point that carries significant implications for director liability Romania, which is addressed in a dedicated section below.

The offences that most frequently trigger corporate exposure in Romania include bribery and corruption (Articles 289–294), fraud (Articles 244–248), money laundering under Law 129/2019, tax evasion under Law 241/2005, and false accounting or forgery of documents. The following table illustrates how exposure and enforcement outcomes vary by entity type.

Under Article 136 of the Criminal Code, penalties for legal entities include criminal fines calculated using the fine‑day system, dissolution of the entity, suspension of activity for up to three years, closure of work points, prohibition from participating in public procurement, placement under judicial supervision, and display or publication of the conviction. Courts may also order confiscation of assets linked to the offence.

How Do Prosecutors Investigate White‑Collar Crime in Romania?

Understanding the practical mechanics of a white‑collar investigation in Romania is essential for companies preparing a proportionate response. The Romanian Code of Criminal Procedure (Codul de Procedură Penală) grants prosecutors and criminal investigation bodies a broad toolkit. Industry observers expect these tools to be used with increasing frequency as enforcement agencies continue the institutional strengthening initiatives that accelerated in late 2025.

Search and Seizure

Prosecutors may request authorisation from a judge of rights and liberties to conduct searches of premises, vehicles, IT systems, and personal belongings. Search warrants are typically executed without prior notice. During a search, officers may seize documents, electronic storage devices, financial records, and any objects deemed relevant to the investigation. Companies should ensure that a representative, ideally in‑house counsel or an external lawyer, is present during the search to monitor the process, assert privilege over protected materials, and obtain a copy of the search report.

The seizure of electronic evidence is a growing area of enforcement activity. Prosecutors increasingly image entire servers and request access to cloud‑hosted data, raising complex questions about proportionality and privilege that must be addressed in real time.

Banking and Financial Information Requests

Prosecutors can compel banks and financial institutions to disclose account records, transaction histories, and beneficial ownership information. These requests often precede or accompany asset seizure Romania actions, as prosecutors build the evidentiary basis for freezing orders. Companies should proactively audit which financial records may be sought and ensure that banking relationships are documented and that privilege logs are current.

Interviews and Witness Approaches

Current and former employees, directors, and even business partners may be summoned for interviews as witnesses or suspects. The line between witness status and suspect status can shift rapidly. Companies should brief employees on their procedural rights, including the right to legal representation, without coaching or coordinating testimony, which could itself constitute an offence (obstruction of justice or influencing statements).

Cross‑Border Requests via Mutual Legal Assistance

For companies with multinational operations, prosecutors may issue mutual legal assistance (MLA) requests to obtain evidence held in other jurisdictions. Romania is a party to a range of bilateral and multilateral MLA treaties, as well as the European Investigation Order framework within the EU. MLA requests can result in searches, witness interviews, or data seizures being executed by foreign authorities on behalf of Romanian prosecutors. Companies facing cross‑border investigations Romania should coordinate defence strategy across all relevant jurisdictions from the outset.

A realistic timeline for the initial investigative phase typically runs as follows: days one through three involve search and seizure activity; days three through fourteen see banking disclosure requests and the scheduling of witness interviews; and within the first thirty days, prosecutors will often seek to impose precautionary measures such as asset freezing or travel bans on individuals. Companies that are prepared with checklists and pre‑identified counsel can respond meaningfully within these compressed windows.

Asset Preservation and Challenging Seizures in Romania

One of the most immediate threats a company faces during a white‑collar investigation is the freezing or seizure of its assets. Prosecutors may request, and judges may grant, precautionary measures including the seizure of bank accounts, immovable property, shares, and other valuable assets. The purpose is to secure potential confiscation or restitution orders. For a company, an ill‑timed or disproportionate freeze can cripple operations, trigger loan defaults, and destroy commercial relationships.

The procedural steps for challenging asset seizure Romania measures follow a defined, time‑sensitive path:

1. Receive and review the seizure order. Obtain the full text of the court order or prosecutor’s ordinance imposing the measure. Identify the legal basis, the assets targeted, and any stated justification for proportionality.
2. File a challenge (contestație). Under the Code of Criminal Procedure, the company may challenge the seizure before the judge of rights and liberties or, during trial, before the court. The challenge must argue disproportionality, lack of connection between the assets and the alleged offence, or procedural irregularities.
3. Request partial lifting. Where a blanket freeze threatens the company’s ability to continue lawful operations, paying employees, honouring contracts, meeting tax obligations, request that the court partially lift the measure to allow essential payments.
4. Secure privileged materials. If seized assets include legally privileged documents or correspondence, file a separate motion to have those materials segregated and returned.
5. Engage forensic accountants. Independent valuation may be needed to demonstrate that the value of frozen assets is disproportionate to the alleged criminal proceeds.

The following table summarises the key remedies available to companies.

Speed is critical. Delays in filing challenges can result in the seizure becoming entrenched, with courts less willing to revisit measures that have been in place without objection. Companies should have template challenge submissions prepared as part of their crisis‑response toolkit.

Director Liability Romania: Internal and External Risks for Executives

Corporate criminal liability in Romania does not shield individual directors, officers, or managers from personal criminal exposure. Under the dual‑track approach embedded in the Criminal Code, prosecutors routinely pursue charges against both the legal entity and the individuals whose acts or omissions gave rise to the offence. For boards, this creates a complex web of overlapping loyalties, conflicts of interest, and legal obligations that must be managed from the earliest moments of an investigation.

When Director Liability Arises

Directors face personal criminal liability when they directly commit, instigate, or aid the offence; when they knowingly permit employees to engage in criminal conduct; or when they fail to implement adequate supervision and control mechanisms. Common scenarios include signing off on fraudulent financial statements, approving bribes disguised as consultancy fees, and ignoring red flags in AML compliance. The consequences extend beyond criminal penalties to include civil liability for damages, professional disqualification, and reputational harm that effectively ends a career.

Individual Cooperation and Plea Considerations

Directors under investigation must secure separate legal representation where their interests diverge from those of the company. Early decisions about cooperation with prosecutors, including the possibility of providing evidence against the entity or other individuals, require careful strategic analysis. Any cooperation must be documented and structured through counsel to preserve both the individual’s rights and the company’s defence position. The likely practical effect of early, structured cooperation is often a significant reduction in penalties, but the decision must balance personal and corporate interests with precision.

Companies should establish clear governance protocols that anticipate these conflicts: pre‑arranged indemnification frameworks, D&O insurance reviews, and board‑level procedures for suspending or reassigning executives who become subjects of investigation.

AML Investigations Romania: The Interplay with Corporate Criminal Liability

Anti‑money laundering enforcement has become one of the most active vectors for corporate criminal liability Romania cases. The ONPCSB, Romania’s Financial Intelligence Unit, receives, analyses, and disseminates suspicious transaction reports (STRs) and serves as the gateway through which many corporate investigations begin. A referral from ONPCSB to criminal prosecutors can transform a compliance inquiry into a full criminal investigation within days.

Reporting Obligations

Under Law 129/2019 on preventing and combating money laundering, reporting entities, including banks, financial institutions, auditors, lawyers (in certain transactional contexts), real estate agents, and casinos, must file STRs with ONPCSB whenever they identify transactions that raise suspicion of money laundering or terrorist financing. Failure to report, or filing late, exposes the entity to both administrative sanctions and potential criminal liability for complicity in the underlying offence. Companies must ensure that their AML compliance programmes include clear escalation channels, trained compliance officers, and documented decision‑making processes for STR filings.

What to Do When Regulators Make Contact

When ONPCSB or another regulator contacts a company, the response must be measured and strategic. Companies should acknowledge receipt of any request, engage external AML counsel immediately, avoid volunteering information beyond the scope of the request, and conduct a rapid internal review to understand the transactions in question. Early indications suggest that regulators view prompt, transparent engagement favourably, while stonewalling or delayed responses tend to escalate matters toward criminal referral.

Cross‑Border Investigations and Mutual Legal Assistance

Romania’s deepening integration into EU and international enforcement networks means that cross‑border investigations Romania are no longer exceptional, they are routine for any company with multinational operations. The European Investigation Order (EIO) allows Romanian prosecutors to request investigative measures across the EU with relative speed and minimal formality compared to traditional MLA channels.

For companies, cross‑border dimensions introduce additional complexity around data preservation, GDPR compliance, and the coordination of defence strategies across jurisdictions. Key practical steps include:

• Appoint lead defence counsel in Romania and ensure they coordinate with lawyers in every jurisdiction where evidence may be sought or where the company has assets at risk.
• Issue cross‑border legal hold notices that comply with both Romanian procedural requirements and the data protection laws of each relevant jurisdiction.
• Assess data transfer constraints. Transferring personal data from Romania to non‑EU jurisdictions for defence purposes must comply with GDPR and any sector‑specific rules. Failure to manage this properly can create a secondary compliance exposure.
• Monitor foreign proceedings. Evidence gathered abroad under an EIO or MLA request will be used in the Romanian case. Understanding the procedural safeguards (or lack thereof) in the executing state is essential for mounting an effective challenge to admissibility.

Criminal Defence for Companies: Selecting Counsel and Building an Evidence Strategy

Choosing the right external criminal defence counsel is one of the highest‑impact decisions a company will make in the early stages of an investigation. The selection criteria should extend well beyond legal expertise to encompass practical considerations that affect the company’s ability to defend itself effectively.

• Specialisation in white‑collar investigations Romania. General commercial lawyers, however skilled, lack the procedural fluency and prosecutorial relationships that specialist criminal defence practitioners bring.
• Capacity to manage parallel proceedings. Investigations frequently involve simultaneous criminal, regulatory, civil, and sometimes tax proceedings. Counsel must be able to manage or coordinate across all tracks.
• Forensic accounting resources. The ability to retain and work alongside forensic accountants is essential for complex financial crime cases. Counsel should have established relationships with reputable forensic firms.
• Communication strategy capability. Managing communications with regulators, employees, business partners, and the press requires discipline and experience. External counsel should advise on, or directly manage, all outward communications related to the investigation.
• Conflict clearance. Verify that counsel has no conflicts with other parties in the investigation, including co‑suspects, witnesses, or opposing parties in related civil proceedings.

An effective evidence strategy begins with an internal investigation, conducted under privilege, to identify the facts, assess exposure, and prepare the company’s position before any substantive engagement with prosecutors. This internal review should be scoped carefully to avoid creating materials that could be adverse if privilege is later challenged.

Reducing Compliance Risk Romania: What Boards Must Implement Now

Prevention remains the most effective and least costly approach to corporate criminal liability in Romania. Boards that invest in robust compliance infrastructure not only reduce the probability of an offence occurring but also position the company for more favourable treatment if an investigation does arise. Courts and prosecutors increasingly consider the adequacy of compliance programmes when determining penalties.

• Formal compliance programme. Adopt a written compliance programme that addresses bribery, fraud, AML, tax compliance, and data protection. Ensure it is approved by the board and communicated to all employees.
• Regular risk assessments. Conduct annual compliance risk assessments tailored to the company’s sector, geography, and business model. Update the programme to reflect new risks identified.
• Third‑party due diligence. Implement know‑your‑counterparty procedures for agents, intermediaries, suppliers, and joint‑venture partners. Document all due diligence performed.
• Sanctions and PEP screening. Screen business partners and transactions against EU and national sanctions lists, and identify politically exposed persons in the business relationship chain.
• Internal reporting channels. Establish confidential whistleblowing channels that comply with Romania’s transposition of the EU Whistleblower Directive. Protect reporters from retaliation.
• Training and awareness. Deliver annual compliance training to all employees, with enhanced training for high‑risk roles (finance, procurement, sales, government relations).
• Internal audit function. Ensure that compliance controls are tested regularly by an independent internal audit function and that findings are reported to the board or audit committee.

Companies that can demonstrate a functioning, tested compliance programme at the time of an offence significantly improve their position in any subsequent enforcement proceeding. Industry observers expect Romanian courts to give increasing weight to such programmes as the corporate criminal liability framework matures.

Sources

1. Romanian Penal Code, Portal Legislativ
2. Codul Penal, English Translation (UNODC)
3. Direcția Națională Anticorupție (DNA)
4. ONPCSB, Romania Financial Intelligence Unit
5. ICLG, Romania Business Crime Laws and Regulations 2026
6. CMS, CEE Guide to Criminal Liability of Corporate Entities
7. Wolf Theiss, Criminal Liability of Companies Under Romanian Legislation
8. Iorgulescu Legal, Corporate Criminal Liability in Romania