CESOP: Update on EU payment service providers reporting and record-keeping requirements

On 12 September, the Official Journal of the European Union published an Implementing Regulation (EUR-Lex - 32022R1504 - EN - EUR-Lex (europa.eu) regarding the application of the central electronic payment information system (CESOP) to combat VAT fraud and cross-border payments reporting that will be imposed on EU payment services providers (PSP) in transactions they made for their clients.

This regulation provides useful information about the electronic format that will be required for data transmission, and it reminds that these reporting obligations will be applicable from 1 January 2024. EU PSPs have about one year to become compliant.

In a nutshell, the new rules will require EU PSPs to report to CESOP cross-borders payments when a EU or non-EU payee receives more than 25 cross-border payments during a quarter. The reporting aims to combat VAT fraud, linked to transactions – supply of goods and services – facilitated by electronic platforms. The threshold of 25 was selected because the average online purchase is around €90. When multiplied by 100 (approximating 25 payments during each quarter of the year), this results in an amount close to €10,000, which is already the threshold that activates other tax obligations. As an example of such tax obligations, since 1 July 2021, if €10,000 of electronic services and distance sale of goods (intracommunity supply of goods for which the seller is responsible for the transport) are made to non VAT registered clients established, domiciled or resident in another Member State, the supplier cannot charge his local VAT but must charge the VAT of the client’s Member State. The CESOP legislation and the new VAT rules introduced from 1 July 2021 are aligned. For further details on the CESOP rules, we refer to our 8 April 2020 newsletter.

For concerned parties, the most important element of the regulation is probably the XML format that PSPs must use in their reporting. Reporting should include information about:

• The payee: name, BIC number, VAT number of TIN (tax identification number), account ID, address, BIC of the payee PSP;
• The transaction: date/time, amount and currency;
• The payer’s location and the member state where the payment originated (or is destined in cases of refund).

At first glance, collecting this information may not seem too complex, as all information above is typically collected by PSPs to execute a payment. However, PSPs will also be required to report information which unambiguously links the information to a specific transaction, and, if applicable, a reference to the presence of the payer in the physical premises of the merchant when initiating the payment. PSPs should thus ensure that their clients include such information in their payment order.

Even if most of the information should be already available, our experience indicates that it is not always that easy to collect because information might be collected or disseminated in different systems within a single organization. Impacted PSPs should consider the huge potential impacts of this new volume of reporting.

The regulation foresees that tasks will be shared between the European Commission and the Member States; PSPs should transmit the information to their national authorities which then feed it to CESOP.

The main responsibilities for each is summarized as follows:

The European Commission (EC) will develop the technical measures to establish and maintain CESOP, pursuant defined requirements. These requirements include the aggregation of the data in relation to each payee to prevent payees from escaping the consequences of reporting by multiplying accounts; payment crosschecks; suspicious payee flagging; performance of non-automatic controls; etc. The EC will also ensure the interoperability of systems across Member States.

Member States will designate specific agents who will act as “Eurofisc liaison agents” and have access to CESOP. Not all tax agents will have access to the information. Member States will have to ensure their national electronic systems are properly collecting payment information and preventing transmission of incomplete information.

If you and your organization are impacted by this topic, we can help. Our Deloitte Luxembourg VAT and Regulatory teams are at your disposal.