logo ListaFirme 0372552307
Support

Chat with Ania

Registry of beneficial owners
API solution for ASF entities

ASF, AML & KYC

The Register of Beneficial Owners and ASF Regulation No. 3/2025

ASF Regulation No. 3/2025 and the updates to the AML framework require you not only to know the customer's real beneficiary, but to be able to demonstrate, at any time, that you have verified it in independent, updated sources and that you can reconstruct the trail of compliance decisions.

In addition to the obligations of Law No. 129/2019 on the prevention and combating of money laundering, ASF Regulation No. 3/2025 strengthens the requirements regarding internal mechanisms, screening systems and documentation of risk assessments, including from the perspective of the beneficial owner.

If you are an ASF regulated entity (SSIF, SAI, insurance company, broker, pension administrator, etc.) or another institution with AML and publicly exposed persons (PEP) screening obligations, you need a practical way to:

  • quickly identify the real beneficiary and the customer's chain of custody
  • correlate the beneficial owner with international sanctions lists and PEP lists, in your system
  • document the source of the data and the time of verification, for the compliance file and for the OCSI/AML officer
  • update information periodically, without manually re-opening each file

The ListaFirme API is built exactly for this type of need: it provides you, in a structured format, with data about the company, real beneficiaries, associates, administrators and connections, based on which you can automate screening and demonstrate that the checks were made in independent sources.

The register of beneficial owners, seen from the perspective of compliance

The Beneficial Owners Register (BOR) identifies the individuals who ultimately own or control your client – the company or structure with which you have a business relationship. For you, it is not just a legal register, but the starting point for assessing the risk of international sanctions and money laundering.

Law 129/2019 requires the identification and verification of the beneficial owner, and ASF Regulation No. 3/2025 requires you to be able to demonstrate that you have tools, procedures and systems through which you verify whether the beneficial owner and the control structure appear on sanctions lists or pose additional risks.

This means that it is not enough to have an internal form; you need official, up-to-date, technically accessible (API) data that is easy to integrate into your KYC/AML and international sanctions screening flows.

Who is required to verify the beneficial owner and exposure to sanctions/PEP?

ASF Regulation No. 3/2025 applies to entities supervised by ASF, but the logic is the same for all entities with AML and Publicly Exposed Persons (PEP) verification obligations: you must know who actually controls the customer and demonstrate that you have verified this person in appropriate sources.

Financial entities supervised by the ASF

  • SSIF, SAI, fund managers and depositories
  • insurance and reinsurance companies, brokers
  • private pension administrators and other ASF regulated entities

Other entities with AML/PEP obligations

  • credit institutions, NFIs, fintech
  • notaries, lawyers, consultants, auditors
  • companies with internal KYC policies for partners and supply chains

Compliance Officer & OCSI

The person responsible for AML and, where applicable, the international sanctions officer (OCSI) need structured, repeatable and documentable data, not hard-to-follow printscreens in the audit.

KYC, risk & internal audit teams

ListaFirme API data can simultaneously feed KYC applications, risk scoring, reports to management and documentation for ASF and ONPCSB audits.

Why the ListaFirme API is exactly what you are looking for for real beneficiaries and ASF compliance

If you've reached this point, you're probably already clear that you need to verify the real beneficiaries and control structures in independent sources. Your question is no longer "if I have to do this", but "with what, specifically, do I do it in an automated and auditable way?"

Types of relevant information available through the API

  • Beneficiary – the real beneficiaries of the company, in a structured format
  • Shareholders – list of associates/shareholders, with ownership percentages
  • Administrators – list of administrators and representatives
  • LegalForm – legal form and type of entity
  • FiscalActivity – ANAF activity status, essential indicator in risk assessment
  • Obligations – information on outstanding obligations, where available
  • Turnover, Profit, Employees – financial indicators relevant to the risk profile
  • Links – direct links with other firms, useful for identifying the group and consolidated exposure

The result is a JSON response, easy to read by your internal systems: you connect it to your international sanctions and PEP screening engine, KYC applications or risk scoring modules. Instead of looking up manually, your systems know who the real beneficiary is and can run checks on every data update.

In addition, you can keep a copy of the API response for each check in your archive – this way you can demonstrate, punctually, the source, date and content of the information consulted, exactly what ASF Regulation No. 3/2025 and AML legislation require.

How does the ListaFirme API help you in the logic of ASF Regulation no. 3/2025?

  1. Appropriate systems for knowing the customer and identifying the beneficial owner – The API automatically provides you with beneficial owners, associates, administrators, and connections to other companies, based on the CUI. This data can be used directly in screening against sanctions and PEP lists, in your system or that of specialized providers.
  2. Periodic assessment and update of risk at client level – You can schedule automatic re-queries (for example, quarterly or when official data changes) so that the risk profile is updated without manually restarting the file from scratch.
  3. Traceability and proof of data source – Every API call can be logged: who, when, what CUI you checked, what fields you requested, what response you received. In the audit, you can show the exact trail of information used in your compliance decision.
  4. Integration with internal AML & international sanctions policies – You can connect the ListaFirme API to your front-office, middle-office, and back-office applications, so that verification of real beneficiaries becomes a standardized step in onboarding, periodic reviews, and ad-hoc analyses.
  5. Support for the role of OCSI and AML officer – The international sanctions compliance officer and the AML officer can define clear work scenarios: when to call the API, which fields are mandatory for analysis, and how to archive the response for control situations from the ASF or other authorities.

Example API query for real beneficiaries and control structure

Queries are made, recommended, via HTTP POST to the info-v2 endpoint, using your API key and a JSON object in which you indicate exactly what information you need for KYC/AML and international sanctions. 

POST https://www.listafirme.ro/api/info-v2.asp
Content-Type: application/x-www-form-urlencoded

key=CHEIA_TA_API&data={
  "TaxCode": "12345678",
  "Name": "",
  "Status": "",
  "Beneficiary": "info",
  "Shareholders": "info",
  "Administrators": "info",
  "Links": "info"
}

The response contains only the requested fields and can be sent directly to the screening engine or to your internal applications. Depending on the architecture, you can run additional checks at onboarding, when company data is modified, or at intervals set by internal policies.

The complete API documentation, with the list of all available fields, costs in credits, and implementation examples, is detailed in the ListaFirme API specifications page.

Integrating the ListaFirme API into your internal AML, KYC and international sanctions policies

  1. Define the workflow – at what times do you check the real beneficiary and the control structure: onboarding, periodic review, alerts, structure changes, market events or new sanctions list.
  2. Integrate the ListaFirme API into existing applications – CRM, underwriting applications, digital onboarding, risk scoring, reporting modules to management or the risk committee.
  3. Standardize documentation and auditing – Define together with the OCSI/AML officer how logs are kept, what is archived in the client file and how to respond quickly to information requests from the ASF or other authorities.
  4. Extend the model to PEP and other lists – data on beneficial owners and administrators can be correlated with PEP lists and other external databases, so as to fully cover obligations regarding publicly exposed persons.
  5. Continuous monitoring and policy adjustment – As legislative changes or new guidelines emerge, you only update the logic in your applications, you don't manually recreate thousands of forms: the API continues to provide the data, in a standardized way.

In conclusion, the ListaFirme API is not just a data source, but an essential piece of your compliance infrastructure, which helps you put into practice the requirements of Law 129/2019 and ASF Regulation no. 3/2025, in a controllable, repeatable and easily demonstrable way in the audit.

Folosim cookies pentru analitice și publicitate. Ești de acord?