CESOP reporting
Starting 1 January 2024, the PSPs (payment service providers) located in the EU need to report information on cross-border payment transactions. PSPs include banks, credit institutions, and other comparable operators. The goal is to reduce VAT fraud in international e-commerce, and to secure a fair competition between business enterprises. The obligation to provide information is based the revised PSP Directive (EU 2020/284).
PSPs must collect data concerning cross-border payments, and once in every calendar quarter, report the data to the Tax Administration. The Tax Administration will send the it on to CESOP, the Central Electronic System of Payment information in which payment data on cross-border payments reported by PSPs is collected. The data on payment transactions can be utilised for purposes of tax control.
Payment service provider refers to a payment institution or a credit institution that usually needs an authorisation to operate. Payment service providers (PSPs) include banks and other organisations. In addition, ‘payment service provider’ may refer to an issuer of electronic money and to a postal company that has a universal service obligation.
Payment service refers to credit transfer (= bank transfer), direct debiting, card payment by a credit card or debit card, money remittances, electronic wallet services and to other comparable services.
Payment refers to an action where funds are transferred, withdrawn or made available, or to a money transmission service where funds received from the payer are transferred directly to the payee.
The information-reporting requirement concerns cross-border payment transactions when the payer is in one EU country and the payee is either in another EU country or in a non-EU country. The locations of the payer and payee are identified by their IBAN numbers or by other useful identifiers.
Submitting the required data, keeping data in storage
PSPs are required to submit reports to the Tax Administration concerning the payment services they offer in Finland. The PSP must retain the data in an electronic format for three calendar years after the end of the calendar year in which the payment was dated.
The payee’s PSP needs to report information concerning the payment transaction when the payee’s PSP is located in the territory of the EU. If the payee’s PSP is located outside the EU, responsibility for reporting lies with the PSP of the payer.
As an example, PSP must report and store the following data:
- The name or business name of the payee, as it appears in the records of the PSP
- The payee's IBAN account number or other unique identifier
- The BIC code of the PSP acting on behalf of the payee
- Payment details, such as the amount, date and time of payment
In addition, the PSP must provide its BIC or other unique identifier, such as a Business ID. Some PSPs use a shared BIC due to multiple PSPs’ participation in a consortium, group or other joint venture. In these circumstances, every PSP in scope must be identified by another identifier instead of the BIC.
Read more about how to submit an application for a Finnish Business ID.
How to submit the CESOP report
Reports are submitted as a software file based on the CESOP XML Schema, in the Ilmoitin.fi website or through the API interface.
The Ilmoitin.fi website’s live environment will be available for use as of 1 April 2024. The test environment for Ilmoitin.fi is open, and users are welcome to perform tests with regard to structures, elements, check processes run by Ilmoitin, and data transmission routines.
Login or other e-authentication is required before any submittals. Read more about identifications and logging in. To submit reports through the API, the PSP must also have a certificate. Read more about requesting a certificate.
When a report has been submitted, the payment service provider receives a response indicating whether the report complies with the requirements. If the report was insufficient, it must be resubmitted. The response indicates what part of the report needs to be corrected. The Tax Administration may also contact the payment service provider directly about the corrections needed.
Read more about the technical specification.
What are the due dates for reporting?
Data on cross-border payments is submitted once for every calendar quarter. Normally, within 1 month after the end of the previous quarter. No extensions of time can be granted. The due dates are:
January – March: by 30 April
April – June: by 31 July
July – September: by 31 October
October – December: by 31 January
Reporting is only required if more than 25 cross-border payments are made to the same payee in Finland during the calendar quarter.
Read more in the guidelines released by the EU Commission: Guidelines for the reporting of payment data from payment service providers and transmission to the Electronic Central System of Payment information (CESOP) (europa.eu)
Negligence penalty
If a PSP neglects its information-reporting requirement, a third-party filer's negligence penalty charge may be imposed. The penalty charge can be imposed on the PSP if no report is submitted at all, or if the PSP neglects the requirement in some other way. The amount of penalty depends on how severe the negligence is, and the maximum amount is €15,000.
In addition, a negligence penalty may be imposed if the obligation to retain data is neglected.
Read more: Detailed guidance on the negligence penalty for a third-party submitter of cross-border payment data (available in Finnish and Swedish)
Testing
Testing is still possible on testi.ilmoitin.fi or via ApitamoPKI. The CESOP reports submitted in the testing environment are not processed in the Tax Administration systems because the reports do not include the valid name (PSPNimi) and ID (PSPId) information. The reports will not get transferred to CESOP, which means that no validation messages will be received. However, you can use the check features in the Ilmoitin.fi testing environment to make sure that the software you use produces CESOP reports in the correct format for Ilmoitin.fi.
Any questions?
If you have any questions, please send email to:
cesop(a)vero.fi