What is CESOP?
Robin Prince · December 6th 2023 · read
New CESOP reporting guidance for Payment Service Providers (PSPs)
The European Commission has created a Central Electronic System of Payment Information (CESOP) to help detect and combat VAT fraud on cross-border e-commerce.
From 1 January 2024, new European regulations will require all EU payment service providers (PSP) to collect and report data relating to certain cross-border payments.
Who is subject to CESOP?
The CESOP obligations relate to PSPs as defined in the Payment Services Directive 2015/2366 “PSD2”, which includes Credit, Electronic money and Payment Institutions. Also included are institutions that benefit from the Small Payment Institutions exemption (SPIs). Therefore, almost all PSPs that provide payment services to EU customers will be in scope.
PSPs will be required to report transactional data on cross border payments where the payer is located in the EU. All types of payments are in scope, including credit transfers, direct debits and e-money transactions.
PSPs will be required to transmit data on a calendar quarterly basis to their local member state tax authority. Reporting should be made in a standardised XML format.
Latest CESOP guidance and updates
On 24 November 2023, the Commission issued an updated version of its CESOP guidance and FAQ documents.
These documents expanded on previously provided guidance. In particular, it develops on how PSPs should determine the location of payer and payees. These changes are made following the Commission’s workshop on 15 September 2023 and makes clearer previous guidance that PSP’s should not solely rely on the IBAN to determine a parties location but must consider if alternative data is available.
The revised guidance also gives further guidance on how PSPs should apply aggregation when determining whether more than 25 payments have been made to single payee. This has been an area of concern since CESOP was first discussed and the new guidance still leaves some questions unanswered on how this will apply in practice.
All PSPs with activity in the EU should review the amended guidance and assess the impact on their organisations approach to CESOP.
Managing cyber risks and operational resilience for banks and financial services organisations
Get in touch
To discuss the issue further, please contact the VAT team using the button below.