Multi-country reporting under CESOP | Deloitte Netherlands


Multi-country reporting under CESOP

The new CESOP regulations will have far-reaching effects for all EU PSPs, but especially those who provide services in more than one EU Member State. Although CESOP is an EU system, the data is collected on a Member State by Member State level, and no “One-Stop-Shop” is foreseen. EU PSPs will have to file reports in all Member States where they provide qualifying services and deal with all local regulators to ensure compliance.

28 September 2022

In the fight against VAT fraud and money laundering an amendment to the VAT directive has been proposed, introducing the Central Electronic System of Payment information (CESOP). The CESOP will be a new instrument to detect potential VAT fraud carried out by taxable persons with customers in the EU. The regulation focusses on EU payment service providers (“PSPs”) under the scope of the Payment Services Directive (“PSD2”), including exempt small payment institutions (SPIs). CESOP includes the obligation for PSPs to record and report cross-border payments to payees who receive more than 25 cross-border payments per quarter to the administrations of the Member States. For general information we refer to our dedicated CESOP page. In this article we will briefly discuss in which Member States CESOP reports are due by PSPs with clients in multiple countries.

Where to report: determining the reporting countries

Although centralized reporting in the Home Member State under PSD2 was part of earlier drafts of the regulations, it has not been maintained in the enacted directive and regulations. Therefore, PSPs subject to the CESOP regulations will need to report to their respective Home Member State and to any Host Member States if the PSP provides payment services in Member States other than the Home Member State.

Home Member State:

  • the Member State in which the registered office of the payment service provider is situated; or
  • if the payment service provider has, under its national law, no registered office, the Member State in which its head office is situated.

Host Member State:

  • the Member State other than the Home Member State in which a payment service provider has an agent or a branch or provides payment services.

In other words: the PSP will have to file the CESOP report with the local tax authorities in all Member States where it provides payment services under their PSD2 license. In each of these Member States they will only report the transactions which are allocated to that jurisdiction (every payment should in principle only be reportable to one Member State).

No “One-Stop-Shop” is foreseen in the regulations, so a PSP operating in all Member States needs to file 27 separate CESOP reports to 27 different local Tax Authorities. Each of the local tax authorities will validate their respective reports, so any errors made in multiple reports (e.g. configuration errors or faulty master data) will be picked up by all Members States. If the file is accepted, the Member States in turn will forward the data to the central database which is to be developed, maintained, hosted and technically managed at EU level.

In addition to this, the way in which any potential corrections need to be made forms part of the submission and therefore will also be a matter of national competence. Although the Commission has expressed the wish to streamline as much as possible, and has proposed some best practices around the submission and re-submission of data by taxpayers. However, it is not obligatory for Member States to apply these best practices in full.

From a practical perspective this set up is clearly not ideal. It leads to complexities in reporting and practical issues in dealing with many different regulators. One error in the set-up of the CESOP report can lead to questions, potential fines, in all Member States where a report is due. The amount of these fines and penalties is up to the discretion of the Member States and can be material. As an example: the proposed legislation in the Netherlands foresees fines of up to EUR 900.000 per offence. This underscores the need to set up and test the reporting system and the monitoring process in time.

How we can help

Deloitte can support in designing, implementing and maintaining the entire CESOP reporting life cycle. Interested to find out how our tooling can automate data validation or reconciliation? Get in touch with your regular Deloitte advisor or reach out to any of the contact persons below.

Did you find this useful?