The CESOP system and its aims

The CESOP system and its aims

CESOP, or to be exact, the Central Electronic System of Payment Information imposes new reporting obligations on payment service providers, including banks and credit institutions. Each country subject to the directive and regulation of the Council of the European Union establishes its own law regarding CESOP on their basis.

The aim of the system is:

• Combatting cross-border VAT fraud caused by unfair behaviour of certain companies in the area of cross-border e-commerce;
• Detection of dishonest companies and control of VAT liabilities; and
• Enabling the competent authorities of Member States to control the supply and provision of services.

Method of implementation and conditions of CESOP

To achieve the set goals, a Central Electronic Payment Information System will be created, to which obliged entities will submit data defined by the regulation, which will be made available to tax authorities. Additionally, payment service providers will be required to maintain and report records of certain cross-border payments based on the location of the payer and the location of the payee. The supervisor emphasizes that keeping records will only apply to cross-border payments that may indicate running a business. A payment is considered to be a cross-border payment where the payer is located in one Member State and the payee is located in another Member State, third territory or third country.

The obligation to keep records and report obligations will be imposed on the payment service provider when it exceeds the ceiling of more than 25 cross-border payments to the same payee during a calendar quarter.

Entities subject to new obligations

Entities subject to the reporting obligation are payment service providers belonging to four categories:

1. Credit institutions, which mainly include banks established in Europe and European branches of credit institutions established outside the EU.
2. Electronic money, which may include a wide range of institutions providing electronic payment services, such as e-wallet providers or e-voucher/card providers.
3. A payment institution, which may cover a wide range of payment services, including issuing credit/debit cards, acquiring payment transactions, processing payments, initiating payments, etc.
4. GIRO post (a non-banking product offered by lending companies), which provides payment services.

Reporting

Article 243d of the Directive defines the range of reporting as:

1. BIC (SWIFT) or any other company identification code that uniquely identifies the payment service provider;
2. name and surname or name of the payee as held by the payment service provider;
3. if available, the VAT identification number or other national tax number of the payee;
4. IBAN, and if IBAN is not available, another available identifier that uniquely identifies and recognizes the payee’s location;
5. BIC or other institution identification code that uniquely identifies and provides the location of the payment service provider acting on behalf of the payee, in the event that the payee receives funds without a payment account;
6. if available, the address of the payee held by the payment service provider; and
7. data on cross-border payments and refunds identified as relating to cross-border payments.

A detailed description of the required data is described in the Commission Implementing Regulation (EU) 2022/1504 of 6 April 2022 in the Annex.

Technical side of the report

The report should be prepared in XML format, based on the XSD schema. The scheme is in accordance with Council Regulation (EU) 2020/283 and Council Directive (EU) 2020/284 and is the same for all Member States. The XSD schema for payment data is consistent with the approach used in other trans-European systems and will be used to exchange payment data between the following stakeholders:

• payment service providers and national tax administrations,
• and then between national tax administrations and the CESOP system.

In the Member States the aforementioned exchange will take place as follows:

‍

The generated XML report, consistent with the international schema, should be sent to the National Supervisor using the portal it has designated.

The iON application is dedicated to handling list and hierarchical reports, such as CRS, FATCA and CESOP. In this application it is possible to fulfil the reporting obligation in an automated and efficient way. The application guarantees the correctness of the report thanks to two-stage validation relative to the rules and against the XSD schema. This means that the report will always be accepted by the supervisor’s portal.

The report lifecycle adapted to the requirements of specific reporting has been implemented in the iON application. For CESOP, the application enables you to create a report, automatically feed it with data from the database, verify errors, generate the report, sign and encrypt the XML file, send and receive a message with the validation result in the CESOP system.

Reporting schedule

Statutory provisions in the Member States should be adopted and published no later than 31 December 2023. And the application of the provisions should start from 1 January 2024. This means that the first transfer of data will take place for the period January-March 2024 and is to be submitted to the supervisor by the end of April 2024. Subsequent data will be provided quarterly by the end of the month following the end of the quarter. The reporting deadlines for 2024 are as follows:

‍

By 10 May, the National Supervisor will be obliged to submit data for the first time at the European Union level. Subsequent transfers will take place for a quarterly period no later than the tenth day of the second month following the end of the quarter to which the information relates.

CESOP

Pursuant to Art. 24a of the regulation, a central electronic payment information system will be created. Its task is:

• enable Member States to transfer payment information at the national level;
• aggregate and visualize all relevant VAT-related payment information;
• enable a complete picture of payments received by recipients from payers in the EU;
• detecting and eliminating irregularities and errors; and
• conducting automatic analysis and flagging suspicious payees.

Access to data collected in CESOP will be available to EUROFISC officials working for Member States to investigate VAT fraud.

Data storage

Due to the fact that the records and the report will contain sensitive data, a period of three calendar years has been set for storing the data.

Data in CESOP are to be kept for a period of five years from the end of the calendar year in which Member States submitted the information to the system.

Legal basis

1. Council Directive (EU) 2020/284 of 18 February 2020 amending Directive 2006/112/EC as regards the introduction of certain requirements for payment service providers.
2. Council Regulation (EU) 2020/283 of 18 February 2020 amending Regulation (EU) No 904/2010 as regards measures to strengthen administrative cooperation in the fight against VAT fraud.
3. Commission Implementing Regulation (EU) 2022/1504 of 6 April 2022 laying down detailed rules for the application of Council Regulation (EU) No 904/2010 as regards the establishment of a central electronic payment information system (CESOP) to combat VAT fraud.