CESOP – An EU-wide VAT transactional reporting obligation for payment service providers

If your business provides payment services in scope of the EU PSD2 legislation, you may be required to report transactional data related to cross-border payments to CESOP, the EU’s new “Central Electronic System of Payment” information. Reporting starts in January 2024 on a quarterly basis. That date may seem far off. But depending on the number of EU Members states where you have reporting obligations, and the size of the gap between the required data fields and their availability within your own source data, you might want to start looking at building the right tools and processes now.

Discourse into the requirements

Why does the EU need more data, but this time from PSPs?

The EU Commission is tackling the VAT gap (i.e. the gap between VAT it should have collected, and the VAT revenue it actually received) in multiple ways. One solution is to look a little more closely and in a more structured manner at certain cross-border payment transactions processed by EU PSPs. This data will be analysed by Member States to identify bad eggs in the basket. In its core, CESOP reporting is a mandatory administrative obligation on EU PSPs, which will require the right governance framework (source data review, reporting tool, documentation around processes, dealing with queries, etc.) and will need to be embedded in the overall compliance reporting structure.

Who exactly is impacted?

CESOP applies to “payment service providers”, as defined in the Payment Services Directive (EU) 2015/2366 (“PSD2”). Hence, electronic money institutions, payment institutions, and even those who benefit from the small payment institutions exemption (SPIs) are impacted. In practice, card schemes, banks, payment processors, merchant acquirers and collecting service payment providers (CPSPs) will need to assess the impact of this new reporting regime. And let’s not forget marketplace or retailers with their inhouse, PSD2-regulated PSP. Please check with your legal advisor if your entity is in scope. It is important you comply.

What transactions are in scope?

In a nutshell: All cross-border (XB) payments with a payer based in the EU, where you process 25 individual payments to one single payee in a single calendar quarter.

There are some reliefs available to those transactions where the payee’s PSP is also in the EU. Payment intermediaries may also be in scope.

What data points must you report?

Depending on a few technical details, the following data points must be included in your quarterly reports:

1. BIC/ID of the reporting PSP
2. Payee name
3. Payee VAT ID/TIN
4. Payee account ID
5. Payee PSP BIC/ID
6. Payee Address
7. Refund Y/N
8. Date/time
9. Amount
10. Currency
11. MS of payment origin
12. MS of refund destination
13. Payer location information (payment origin)
14. Transaction ID (internal)
15. Physical presence:  Y/N reference

Where will you need to report?

This is an interesting one: In-scope EU PSPs must report their data to all EU tax offices where they have an establishment AND where they provide their services (so called home and host-Member States). This means a Luxembourg established and regulated PSP that has passported their payments license to all other 26 EU Member States may need to file 27 individual reports. Home and host Member are both defined by the PSD2.  Payee and payer location will be determined on the basis of the recorded BIC/IBAN.

Each tax office will perform certain data quality checks, and will then forward the data sets it received into the central CESOP data base.

What is the reporting format?

A standardized XML format can be used across all Member States. The schema is available on the EU Commission’s CESOP website.

What to do now?

If you are a PSP based in the EU that performs XB payment transactions, do start with an impact assessment that considers four dimensions: Human and technology resources, operations and governance framework.

Particularly, think about the following:

Impact assessment
Determine level of impact: Entities / countries / human and technology resources, operational impacts, impact on overall governance framework.

Technology and implementation
Working backwards from 1 January 2024, build a detailed roadmap and if possible work with a dedicated project manager that will help bring this project over the line.

Governance Framework
Integrate CESOP reporting within your organization’s existing governance framework. You may need to work with multiple tax authorities, develop detailed operational guidelines that address the ongoing compliance process (e.g. dealing with tax authority queries, monitoring technical issues, data quality assurance, etc.), and assign and communicate appropriate process owners (functions, e.g. customer tax data reporting team).

You should also plan for ongoing monitoring exercises should any of the legal or technical requirements change in any country.

Policies and procedures
Don’t forget to work with your legal and data governance teams to update impacted customer facing agreements, procedures or help pages.

Train and communicate
Sharing customer data externally is a sensitive topic. Work with internal stakeholders to train them on the new requirements. Is it likely your CS teams may receive calls? You may also need to update client-facing documents or help pages.

Please find the EU Commission’s CESOP Resources Central Electronic System of Payment information (CESOP) (europa.eu)

---------------------------------------------------------------------------------------------------------------------------------------------

Disclaimer: The above is not considered tax advice. It is a summary of the general CESOP related facts and information available as of today. Please confirm with your legal or tax advisor whether you are an in-scope payment service provider.