Central Electronic System of Payments

Last updated March 02, 2024

The Central Electronic System of Payments (CESOP) regime is an automatic exchange of information regime being introduced in the European Union from 1 January 2024. The rules were introduced by Council Directive 2020/284,^[1] amending the EU's Value-added tax Directive.

The rules were introduced to tackle VAT fraud by requiring all payment service providers (PSPs) as defined under the EU Payment Services Directive (PSD2) to report on cross-border payments which originate in the EU. To separate business payments from personal transfers, PSPs are only required to report on payments where they know that the recipient has received more than 25 payments in a quarter.^[1]

The reporting is expected to result in data sharing on 8 billion payment transactions per year,^[2] covering credit transfers, direct debit, credit and debit cards, as well as e-money and transactions by digital platforms actings as PSPs. The information shared includes transaction level detail, as well as information related to the identification of the recipient.

The regime has similarities to Australia's business transactions through payment systems,^[3] reporting and the United States' Form 1099-K reporting obligations, although unlike other exchange of information regimes there is no current OECD initiative to allow for information to be shared between those countries or others with similar regimes.

Background

The rules were first proposed by the European Commission in 2018,^[4] to tackle the perceived growth in tax evasion resulting from the growth of the digital economy and e-commerce. In their proposal, the Commission estimated that the cost of VAT lost annually to fraud to be €5 billion,^[5] and noted that:

"Suppliers have changed their business models to benefit from e-commerce and sell their products to consumers globally without the need for a physical retail presence. However, this opportunity is also exploited by fraudulent businesses to gain an unfair market advantage by not fulfilling their VAT obligations."^[6]

A BBC report which was referred to by the EU Commission indicated that the UK alone was losing £1 billion a year to cross-border VAT fraud.^[7]

In the impact assessment accompanying the Directive, the Commission estimated that they would receive reports on 8 billion payment transactions annually, and the resultant file would be around 10 terabytes of data for each calendar year.^[2] A European Banking Authority report issued in 2022 indicated that there are around 46 billion cross-border transactions within the EU each year.^[8]

The Directive was approved by the Council of the European Union in 2020, with an effective date of 1 January 2024. The final Directive noted the overall purpose of the Directive:

"VAT fraud is a common problem for all Member States, but individual Member States do not have the information necessary to ensure that VAT rules regarding cross-border e-commerce are correctly applied or to combat VAT fraud in cross-border e-commerce."

As an EU Directive, the requirements must be transposed into domestic law in order to become effective. Member State have until 31 December 2023 to transpose the Directive, and may choose to issue additional guidance to industry at the same time (for example, Irish Revenue Commissioners,^[9] Netherlands Belastingdienst ^[10] and Germany's Federal Central Tax Office ^[11] have all chosen to do so).

Scope

All Payment service providers under the EU's PSD2 are in scope for CESOP, with the exception of PSPs that only provide account information or payment initiation services.

PSPs are required to report all recipients who receive more than 25 payments in a quarter from EU payers.

Examples

A shop in Ireland receives payments via cards (both at the point of sale and online payments) and uses a service (merchant acquirer) in Luxembourg to process the payments. The Luxembourg business will be required to report the transactions to the Irish Revenue Commissioners on a quarterly basis.^[12]
On the website of a merchant in France, paying to the e-wallet of the merchant is offered to customers when buying a product. Customers from across the EU use this option to buy goods. The e-wallet provider will be required to report the payments received to the French Tax Authorities.^[13]
EU citizens routinely buy small items from a seller in China which are shipped into the EU, for example through drop shipping. The Chinese seller accepts card payments and e-money transfers through a EU based card processor and ships the good to the EU citizens. The EU based card processor will be required to report the payments to its own tax authority. (the EU impact assessment estimated that there were 115 million such transaction in 2020.^[2]
An EU-based online marketplace collects and processes payments on behalf of the owners of property which is rented to users for homestays under its own PSD2 license. The marketplace is required to report on each user who receives more than 25 payments in a quarter, and must report separately to each country in which sellers operate.^[14]

Once information is reported to domestic tax authorities, it will be shared with the EU CESOP database, and the information will be available to all tax parties to determine whether the correct VAT has been paid.

Format of reporting

Reports must be submitted within 30 days of a quarter end, in a defined XML format^[15] which is defined by an XML schema issued by the EU Commission.

The information required is generally consistent with data available through payment systems such as ISO 20022. and Card Transaction Data used by payment card services.

Related Research Articles

An invoice, bill or tab is a commercial document issued by a seller to a buyer relating to a sale transaction and indicating the products, quantities, and agreed-upon prices for products or services the seller had provided the buyer.

A payment gateway is a merchant service provided by an e-commerce application service provider that authorizes credit card or direct payments processing for e-businesses, online retailers, bricks and clicks, or traditional brick and mortar. The payment gateway may be provided by a bank to its customers, but can be provided by a specialised financial service provider as a separate service, such as a payment service provider.

Chargeback fraud, also known as friendly fraud, cyber shoplifting, or liar-buyer fraud, occurs when a consumer makes an online shopping purchase with their own credit card, and then requests a chargeback from the issuing bank after receiving the purchased goods or services. Once approved, the chargeback cancels the financial transaction, and the consumer receives a refund of the money they spent. Dependent on the payment method used, the merchant can be accountable when a chargeback occurs.

A payment service provider (PSP) is a third-party company that allows businesses to accept electronic payments, such as credit cards and debit cards payments. PSPs act as intermediaries between those who make payments, i.e. consumers, and those who accept them, i.e. retailers.

The budget of the European Union is used to finance EU funding programmes and other expenditure at the European level.

<span class="mw-page-title-main">Missing trader fraud</span> Type of Value Added Tax fraud

Missing trader fraud involves the theft of Value Added Tax (VAT) from a government by fraudsters who exploit VAT rules, most commonly the European Union VAT rules which provide that the movement of goods between member states is VAT-free. There are different variations of the fraud but they generally involve a trader charging VAT on the sale of goods and absconding with the VAT. The term "missing trader" is used because the fraudster has gone missing with the VAT.

Exchange of Information is an umbrella term which refers to international co-operation in the field of taxation through the exchange of information on taxpayers between tax authorities.

Credit card fraud is an inclusive term for fraud committed using a payment card, such as a credit card or debit card. The purpose may be to obtain goods or services or to make payment to another account, which is controlled by a criminal. The Payment Card Industry Data Security Standard is the data security standard created to help financial institutions process card payments securely and reduce card fraud.

The European Union value-added tax is a value added tax on goods and services within the European Union (EU). The EU's institutions do not collect the tax, but EU member states are each required to adopt in national legislation a value added tax that complies with the EU VAT code. Different rates of VAT apply in different EU member states, ranging from 17% in Luxembourg to 27% in Hungary. The total VAT collected by member states is used as part of the calculation to determine what each state contributes to the EU's budget.

The Revised Payment Services Directive (PSD2, Directive (EU) 2015/2366, which replaced the Payment Services Directive (PSD), Directive 2007/64/EC) is an EU Directive, administered by the European Commission (Directorate General Internal Market) to regulate payment services and payment service providers throughout the European Union (EU) and European Economic Area (EEA). The PSD's purpose was to increase pan-European competition and participation in the payments industry also from non-banks, and to provide for a level playing field by harmonizing consumer protection and the rights and obligations for payment providers and users. The key objectives of the PSD2 directive are creating a more integrated European payments market, making payments more secure and protecting consumers.

The XBRL Global Ledger Taxonomy Framework is a holistic and generic XML and XBRL-based representation of the detailed data that can be found in accounting and operational systems, and is meant to be the bridge from transactional standards to reporting standards, integrating the Business Reporting Supply Chain.

Payoneer Global Inc. is an American financial services company that provides online money transfer, digital payment services and provides customers with working capital.

Electronic invoicing is a form of electronic billing. E-invoicing includes a number of different technologies and entry options, and is usually used as an umbrella term to describe any method by which a document is electronically presented from one party to another, either for payment or to present and monitor transactional documents between trade partners to ensure the terms of their trading agreements are being met. These documents can include invoices, purchase orders, debit notes, credit notes, payment terms, payment instructions, and remittance slips.

Strong customer authentication (SCA) is a requirement of the EU Revised Directive on Payment Services (PSD2) on payment service providers within the European Economic Area. The requirement ensures that electronic payments are performed with multi-factor authentication, to increase the security of electronic payments. Physical card transactions already commonly have what could be termed strong customer authentication in the EU, but this has not generally been true for Internet transactions across the EU prior to the implementation of the requirement, and many contactless card payments do not use a second authentication factor.

On 6 May 2015, the European Commission, led at the time by Jean-Claude Juncker, established the Digital Single Market strategy, intended to remove virtual borders, boost digital connectivity, and make it easier for consumers to access cross-border online content across the European Union. The Digital Single Market, which is one of the Commission's 10 political priorities, aims to fit the EU's single market for the digital age, moving from 28 national digital markets to a single one, and then opening up digital services to all citizens and strengthen business competitiveness in the digital economy. In other words, the Digital Single Market is a market characterized by ensuring the free movement of people, services and capital and allowing individuals and businesses to seamlessly access and engage in online activities irrespective of their nationality or place of residence. Fair competition conditions and a high level of protection of personal and consumer data are applied.

A value-added tax (VAT), known in some countries as a goods and services tax (GST), is a type of tax that is assessed incrementally. It is levied on the price of a product or service at each stage of production, distribution, or sale to the end consumer. If the ultimate consumer is a business that collects and pays to the government VAT on its products or services, it can reclaim the tax paid. It is similar to, and is often compared with, a sales tax. VAT is an indirect tax because the person who ultimately bears the burden of the tax is not necessarily the same person as the one who pays the tax to the tax authorities.

<span class="mw-page-title-main">Import One-Stop Shop</span> Electronic portal in the European Union

Import One-Stop Shop is an electronic one-stop shop (OSS) portal in the European Union (EU) which serves as a point of contact for the import of goods from third countries into the European Union. The scheme aims to simplify the declaration and payment of value-added tax when importing goods into the European Union.

The Directive on Administrative Co-operation in the field of taxation is a Directive which sets rules for the Automatic Exchange of Information (AEOI) which apply to members of the European Union (EU).

The Crypto-Asset Reporting Framework is a global initiative led by the OECD Global Forum on Transparency and Exchange of Information for Tax Purposes which is intended to promoted the automatic exchange of information between countries to tackle emerging tax evasion risks related to cryptocurrency and digital assets.

References

1 2 "Council Directive (EU) 2020/284 of 18 February 2020 amending Directive 2006/112/EC as regards introducing certain requirements for payment service providers". europa.eu. Retrieved 5 October 2023.
1 2 3 "COMMISSION STAFF WORKING DOCUMENT IMPACT ASSESSMENT Accompanying the document Proposal for a Council Directive amending Directive 2006/112/EC". EU Commission. Annex 6.
↑ Office, Australian Taxation. "Business transactions through payment systems". www.ato.gov.au.
↑ "Procedure File 2018/412". EU Commission.
↑ "Executive Summary to the Impact Assessment". EU Commission.
↑ "Proposal for a Council Directive amending Directive 2006/112/EC as regards introducing certain requirements for payment service providers". EU Commission.
↑ "BBC Panorama: The fraud costing the UK £1bn a year". BBC . 27 November 2017.
↑ "Discussion Paper on the EBA's preliminary observations on selected payment fraud data under PSD2, as reported by the industry" (PDF). European Banking Authority .
↑ "CESOP – EU cross-border payments reporting". Irish Revenue Commissioners.
↑ "Data Delivery by Payment Service Providers (PSP) Manual" (PDF). Belastingdienst.
↑ "Central Electronic System of Payment Information (CESOP)". BZSt.
↑ "CESOP Frequently Asked Questions" (PDF). EU Commission. Section 2.3.2.
↑ "CESOP Frequently Asked Questions" (PDF). EU Commission. Section 2.4.
↑ "CESOP Guidance" (PDF). EU Commission. Section 2.3.2.
↑ "XML Schema Guide". EU Commission.

External links

information on CESOP, European Commission

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.

[direc-1] 1 2 "Council Directive (EU) 2020/284 of 18 February 2020 amending Directive 2006/112/EC as regards introducing certain requirements for payment service providers". europa.eu. Retrieved 5 October 2023.

[:0-2] 1 2 3 "COMMISSION STAFF WORKING DOCUMENT IMPACT ASSESSMENT Accompanying the document Proposal for a Council Directive amending Directive 2006/112/EC". EU Commission. Annex 6.

[3] Office, Australian Taxation. "Business transactions through payment systems". www.ato.gov.au.

[4] "Procedure File 2018/412". EU Commission.

[5] "Executive Summary to the Impact Assessment". EU Commission.

[6] "Proposal for a Council Directive amending Directive 2006/112/EC as regards introducing certain requirements for payment service providers". EU Commission.

[7] "BBC Panorama: The fraud costing the UK £1bn a year". BBC . 27 November 2017.

[8] "Discussion Paper on the EBA's preliminary observations on selected payment fraud data under PSD2, as reported by the industry" (PDF). European Banking Authority .

[9] "CESOP – EU cross-border payments reporting". Irish Revenue Commissioners.

[10] "Data Delivery by Payment Service Providers (PSP) Manual" (PDF). Belastingdienst.

[11] "Central Electronic System of Payment Information (CESOP)". BZSt.

[12] "CESOP Frequently Asked Questions" (PDF). EU Commission. Section 2.3.2.

[13] "CESOP Frequently Asked Questions" (PDF). EU Commission. Section 2.4.

[14] "CESOP Guidance" (PDF). EU Commission. Section 2.3.2.

[15] "XML Schema Guide". EU Commission.

[1]

[2]

[3]

[4]

[5]

[6]

[7]

[8]

[9]

[10]

[11]

[12]

[13]

[14]

[15]