From Paper to Platform: Digitalisation of the Credit Granting Process in Romania

By Bianca Nedelcu (associate) and Sandra Danciu (associate), with the review of Camelia Iantuc (senior associate) - Filip & Company

In the context of the accelerated transformation of the credit granting process and increasing consumer demand for fast and easily accessible financial services, financial institutions in Romania are adopting new technological solutions: from remote customer identification to fully digital conclusion of credit agreements.

However, with speed comes complexity. Each innovation must navigate a web of EU and national regulations: Regulation (EU) No. 910/2014 (the “eIDAS Regulation”) sets the standards for electronic identification and trust services, the 2021 norms issued by the Authority for the Digitalization of Romania (the “ADR Norms”) govern remote video-based identification in Romania, and additional rules issued by the National Bank of Romania and the legislator define requirements for secure ICT management and consumer protection.

Together, these instruments create a framework designed to make remote onboarding and contract conclusion both safe and legally enforceable.

1. Digital Onboarding: Beyond Technology

Digital onboarding has moved from being a convenience to a strategic imperative for financial institutions. Under Romanian law, the ADR Norms recognize two main methods for remote identification: (i) video-based identification (live or recorded) and (ii) digital identification leveraging AI, biometrics, or NFC-enabled electronic IDs.

This shift, however, raises both legal and operational challenges. While biometric and AI-based identification may improve efficiency, questions remain: how robust are the

algorithms? Are they defensible if the verification process is challenged in court? And perhaps most critically, do these methods satisfy both national regulations and EU-wide requirements simultaneously?

A comprehensive risk assessment is therefore essential. Financial institutions must consider the potential for falsified documents, insecure communication channels, and the preservation of evidence in formats admissible in judicial proceedings. According to the ADR Norms, remote identification must occur either in real time or through a recorded session verified within 24 hours, supported by additional authentication factors such as one-time passwords or secure links. Furthermore, in line with the Regulation No. 2022/2554 (DORA), this assessment must also cover digital operational resilience; for example, the ICT systems supporting digital onboarding, including those provided by third-party verification platforms, must be shielded against cyber threats and technical failures to ensure service continuity.

In this context, even small oversights, such as a delayed verification or an authentication error, may affect the legal certainty of the onboarding process and the enforceability of digitally signed agreements, highlighting the need for carefully designed workflows that integrate both technology and compliance.

2. From Click to Contract

Once a client’s identity is verified, the process naturally flows into the execution of the agreement. From the perspective of Romanian law, the formal requirements for loan agreements are relatively flexible and, as confirmed by the High Court of Cassation and Justice, distance contracts for financial services may be valid and enforceable even without a handwritten signature, unless the parties expressly stipulated that such a signature is required for validity. Accordingly, in practice, a borrower’s consent may be validly expressed electronically, for example, by accepting a financial services offer via a digital interface.

However, in remote consumer credit transactions, ensuring that the signature used is legally robust is essential, particularly if the agreement is later challenged. For this reason, qualified electronic signatures (QES) are the only option that carry the same legal effect as a handwritten signature and are recognized across all EU Member States. Importantly, the eIDAS regulation also provides a legal presumption of the integrity and authenticity of a qualified electronic signature. In practice, this means that when a document signed with a QES is challenged, the signature is presumed valid unless proven otherwise, effectively shifting the burden of proof to the party contesting it.

By contrast, although advanced electronic signatures (AdES) are widely used in digital services and offer a meaningful level of technical security, they do not benefit from the same evidentiary presumption under the eIDAS framework. If a dispute arises, FinTechs relying on an AdES may need to provide additional evidence (such as technical logs or authentication records) to show that the signature belongs to the signatory and that the document has not been altered.

3. Distance Contracts: Clarity Meets Complexity

Once onboarding is complete, concluding contracts remotely introduces another layer of legal considerations. Romanian law requires that consumers receive clear and timely pre-contractual information, including the provider’s identity, the features and costs of the financial service, and the main contractual terms. Delivering this information on a durable medium, whether digital or paper, ensures both transparency and regulatory compliance.

While these requirements may seem straightforward, practical implementation can be more nuanced. Too little detail could expose institutions to disputes or regulatory scrutiny; too much could overwhelm clients, undermining the user experience. Structuring pre-contractual information effectively is therefore critical, balancing compliance obligations with customer-centric design.

4. Integrating Legal, Operational, and Strategic Considerations

Digital credit offers speed, efficiency, and improved customer experience, but these benefits come with complex regulatory and operational responsibilities. Every design choice, from onboarding technologies to signature workflows and technical infrastructure, carries potential legal implications.

The challenge for FinTechs is to design processes that are both innovative and fully compliant, integrating national and EU regulations into a coherent operational framework.

In this environment, compliance is not simply a checklist, it is a strategic asset.

Financial institutions that align technological innovation with regulatory expectations not only mitigate risk but also create a competitive advantage, demonstrating reliability, transparency, and legal robustness to both consumers and regulators.