Romania has set in place a relatively comprehensive anti-fraud framework for the Recovery and Resilience Facility (RRF), with fraud-detection measures largely aligned with those used for EU structural funds. However, shortcomings remain, particularly regarding the timing of risk assessments and the systematic use of data analysis, Lucian Romascanu, a member of the European Court of Auditors since July 2025, told AGERPRES.
"Romania has established a fairly comprehensive anti-fraud framework for the RRF, with an active coordinating body, structured fraud-risk assessments and detection measures broadly aligned with EU structural-fund practices. Still, several key elements were introduced late, often following Commission audits, and deficiencies persist in the timing of risk assessments, the systematic use of data analysis and the monitoring of data uploaded to Arachne (an integrated IT tool for automated data search and analysis designed to identify projects, beneficiaries, contracts, and contractors that may be vulnerable to fraud, conflicts of interest, or irregularities - ed. note)," he said.
Romascanu's remarks follow the publication on Wednesday of a European Court of Auditors report assessing the effectiveness of anti-fraud systems put in place by the European Commission and four member states - Denmark, Spain, Italy and Romania -to protect EU financial interests under the RRF.
Romascanu noted that Romania's coordinating body (the NRRP Interministerial Coordination Committee) plays an active role in designing and implementing the RRF anti-fraud framework. It sets requirements and provides guidance to implementing bodies, including on reporting suspected fraud, conducting self-assessments and using detection tools. It has also developed checklists to monitor compliance.
"Following Commission financial-interests audits, both the coordinating body and implementing bodies updated several procedures, including fraud-risk assessment templates, whistleblowing channels, codes of ethics and anti-fraud policies. These improvements show the positive impact of Commission audits on Romania's system," he added.
Romania was selected for the audit based on several risk indicators, including the number of EPPO cases linked to the RRF, critical findings from Commission audits, the size of its RRF allocation and the volume of payments made by July 2024.
The audit examined the anti-fraud systems of the coordinating body, the audit authority and two implementing bodies selected based on previous risk profiles.
"Romania has a structured anti-fraud framework, with strong involvement from the coordinating body and audit practices aligned with EU structural funds. Commission audits were a key driver of improvements, though some were introduced late," Romascanu said, noting that implementing bodies use the Commission's fraud-risk model.
Romanian implementing bodies apply a fraud-control approach similar to that used for EU structural funds, combining regular administrative checks with risk-based controls. Anti-fraud checks cover all major risk areas, and specific checklists target fraud indicators in public-procurement contracts.
"RRF bodies in Romania have clear whistleblowing channels that allow individuals to report misconduct while protecting their identity. Anonymous reporting is available in most implementing bodies; one introduced it only after the audit. Romania is also cited as a best-practice example for external communication and whistleblowing mechanisms," Lucian Romascanu added.
In Romania, the coordinating body recommends that implementing bodies use Arachne only when there are indications of possible fraud. One implementing body defined from the start when Arachne should be used during a project's lifecycle; the other did so only in 2025, after the Court's audit.
"By May 2025, Romania had uploaded almost 8,000 RRF projects to Arachne, far fewer than other member states. Unlike Italy, Romania lacks a comprehensive overview of all RRF project uploads, which reduces the effectiveness of data-based fraud detection," the ECA member said.
All of Romania's selected implementing bodies had anti-fraud policies, but, as in several other member states, some were adopted only after the first payment request was submitted to the Commission, reducing assurance that adequate safeguards were in place from the start.
According to the European Court of Auditors report, the EU's post-pandemic Recovery and Resilience Facility still shows significant weaknesses in detecting, reporting and correcting fraud. Another vulnerability stems from the fact that member states must recover fraudulently used funds from final beneficiaries, but are not required to return them to the EU budget, meaning EU finances are not as well protected as they could be, the auditors noted.
Comentează