Scam messages have been sent in the Finnish Tax Administration’s name. Read more about scams

Payment service providers have an obligation to provide information about cross-border payments as of 1 January 2024

Starting 1 January 2024, payment service providers in the EU will have a new obligation to provide information about cross-border payments. Payment service providers include banks and credit institutions, for example. The obligation to provide information is based on the amendment under the payment information directive (EU 2020/284). The objective of the amendment is to reduce VAT fraud in international e-commerce and to ensure fair competition between companies.

Payment service providers must retain information on cross-border payments and report it to the Tax Administration for each calendar quarter. The Tax Administration forwards the information to the Central Electronic System of Payment information (CESOP) maintained by the Commission. Payment transaction information can be utilised in tax control.

What does a payment service provider mean?

Payment service provider refers to a payment institution or a credit institution that usually needs an authorisation to operate. Payment service providers include banks, for example. In addition, “payment service provider” may refer to an issuer of electronic money and to a postal company that has a universal service obligation.

Payment service refers to bank transfer, direct debiting, card payment by a bank or credit card, transmission of money and electronic wallet services, for example.

What payments does the obligation to provide information apply to?

The obligation to provide information concerns cross-border payments, i.e. payments where the payer is located in an EU Member State and the recipient is either in another EU Member State or outside the EU. The locations of the payer and the recipient are identified based on the IBAN account number or another such identifier.

Payment refers to an action where funds are transferred, withdrawn or made available, or to a money transmission service where funds received from the payer are transferred directly to the payment recipient.

Reporting and retaining information

Payment service providers must report electronically on the payment services they provide in Finland. The information must also be retained in electronic format for a period of 3 years after the year when the payment was dated.

The payment recipient's payment service provider must report information on the payment when the payment is made between EU Member States. When the payment is made to a non-EU country, the obligation to provide information is carried by the payer's payment service provider.

Reports on cross-border payments are filed quarterly. Normally, a report must be filed within 1 month from the end of the previous quarter. No extension is granted for filing the report. The due dates are:

  • January–March: by 30 April
  • April–June: by 31 July
  • July–September: by 31 October
  • October–December: by 31 January

Information must be reported only if more than 25 cross-border payments are made to the same payment recipient in Finland during the calendar quarter.

Read more in the guidelines published by the Commission: Guidelines for the reporting of payment data from payment service providers and transmission to the Electronic Central System of Payment information (CESOP) (europa.eu)

What information needs to be reported?

The payment service provider must report and retain the following information on payment transactions:

  • name or business name of the payment recipient
  • payment recipient's IBAN account number or other unique identifier
  • BIC code of the payment service provider acting on behalf of the payment recipient
  • payment details, such as the amount and time of payment.

In addition, the payment service provider must report its BIC or other unique identifier, such as a Business ID. For example, if banks belonging to a consortium share the BIC code, the service provider must use another code as identifier.

Read more about the Business ID and how to get it in the YTJ service (Business information system).

How to report the information

Reports are submitted as a file based on the CESOP XML schema in the Ilmoitin.fi service or through the API. More information about how to submit a report will be provided in the technical guidance to be published at a later date.

For submittal of records, e-identification is required. Read more about identification. To submit reports through the API, the payment service provider also needs a certificate. Read more about applying for a certificate.

When a report has been submitted, the payment service provider receives a response indicating whether the report complies with the requirements. If the report was insufficient, it must be resubmitted. The response indicates what part of the report needs to be corrected. The Tax Administration may also contact the payment service provider directly about the corrections needed.

If the obligation to provide information is neglected

If a payment service provider neglects the obligation to provide information, a third-party filer's negligence penalty may be imposed. A negligence penalty may be imposed on the payment service provider if no report is submitted at all or if the service provider otherwise neglects the obligation to provide information. The amount of penalty depends on how severe the negligence is, and the maximum amount is €15,000.

In addition, a negligence penalty may be imposed if the obligation to retain data is neglected.

Schedules

  • Finnish national legislation enters into force on 1 January 2024
  • Legislation applied as of 1 January 2024
  • First report for January–March 2024 to be filed by 30 April 2024

Schedules for software developers

Further information

If you have any questions, please send email to:

cesop(a)vero.fi

Page last updated 6/2/2023