From 1 January 2024, Payment Service Providers operating in EU member states must comply with CESOP reporting requirements. Learn more about the legislation and what it means for PSPs in its scope.
What is CESOP?
In February 2020, the European Commission adopted a legislative package which requires payment service providers (PSPs) to transmit information on cross-border payments originating from EU member states, and on the “payee” of these cross-border payments.
Under the regulation, PSPs in its scope will have to submit information on payees who receive more than 25 cross-border payments per quarter. The information will be submitted and stored in the Central Electronic System of Payment Information database, shortened to CESOP. CESOP reporting will be effective from 1 January 2024.
The aim of CESOP is to help EU tax authorities to detect possible e-commerce VAT fraud in the EU and non-EU countries. To comply with data protection rules, personal data will have to be removed from reported transactions.
To help with the development and implementation of CESOP, an expert group has been formed by tax administrations and PSPs. The group is working with the EU Commission both on the reporting framework, and on developing the CESOP system itself. The group is helping the Commission to:
- create the electronic standard format that PSPs will use to transmit data
- establish how to maintan and technically manage CESOP
- draft reporting guidelines
- engage with both member states and the payment sector
The Commission has outlined reporting obligations on CESOP in the Guidelines for Reporting of Payment Data, and the XSD User Guide (and corresponding XSD package). Both are available here.
Things for PSPs to consider
- Other stakeholders will be invested in the outcomes of CESOP: in addition to the member state tax authorities, other external stakeholders will be interested in how organisations comply with CESOP. These include data protection authorities, given that reportable transactions contain personal data which should be removed, and financial supervisors interested in identifying fraudulent transactions and efforts to help combat fraud.
- Quality of data submitted: PSPs will need to make sure data is accepted by the tax authorities first time by identifying and preventing errors.
- Impact of reporting in more than one country: PSPs should identify early the countries where CESOP reports will be required. They will also need to ensure that all relevant transactions are reported, and only reported once.
- Readiness and capabilities of existing systems: systems and data sources need to be assessed for their readiness and ability to comply with CESOP reporting requirements.
- The national collection process may vary according to each supervisor in the EU.
Steps to compliance
PSPs in the scope of CESOP reporting should perform an impact assessment to identify how systems, processes and resources will be affected. Following this, a roadmap for implementation and compliance, including appropriate governance, should be created and communicated to relevant internal and external stakeholders.
With processes in place, PSPs can then provide necessary training and continue to manage and monitor the guidance and reporting requirements for ongoing compliance.
How Invoke can help
There are still nine months to go before CESOP becomes effective, but PSPs should start preparing now given the volume of data that’s likely to be involved, and the intricacies of reporting in more than one country.
Invoke’s software supports CESOP reporting requirements and enables PSPs to gather, process and submit data to the relevant European tax authorities in the required XML format.
Contact us to find out more and begin your journey to CESOP compliance.