2024 is here, which means CESOP – a new set of European Union (EU) payment regulations designed to combat cross-border fraud – has come into play.
To get you up to speed, we’re summarizing everything your business needs to know about these new rules. What is CESOP? Does it affect your organization? And, if so, how can you not only comply – but prepare your business to meet CESOP guidelines head on?
Let’s find out.
What is CESOP?
All the way back in February 2020, the European Commission came up with a legislative package that would, eventually, evolve into a set of regulations called CESOP (Central Electronic System of Payment Information).
From 1 January 2024, CESOP came into force. It requires all payment service providers facilitating the cross-border movement of money from within the EU to collect and report on these transactions. (As a term, CESOP denotes both the name of the legislation, and the database in which the information it collects will be stored in.)
Under CESOP regulations, payment service providers in EU countries are required to report quarterly transactional data relating to cross-border payments (along with the payer and payee involved in the transaction). However, reporting is only required where the payer is located in one of the EU’s 27 member states, and when the payee has been the recipient of more than 25 cross-border payments in a calendar quarter.
Which types of payments areaffected?
Providing those reporting thresholds we just outlined are met, all types of payment methods fall under CESOP’s scope: including direct debits (both SEPA payments and non-SEPA payments), credit transfers, and e-money transactions.
Why has CESOP been introduced?
CESOP arose out of the European Commission’s aim to clamp down on cross-border ecommerce and VAT fraud: particularly cases in which merchants are based in a non-EU country, or a different Member State from which the payment is initiated.
By aggregating this cross-border transaction data in a centralized European database – and, via the Eurofisc network, it becomes accessible to each Member States’ tax and anti-fraud experts – CESOP regulations aim to reduce the volume of malicious financial activity found throughout the card payment lifecycle.
Which institutions are affected?
CESOP’s introduction affects payment service providers that facilitate cross-border payments originating in an EU Member State. These include:
- Credit institutions (like banks)
- Payment institutions (such as Checkout.com)
- Post-office giro institutions (such as Deutsche Postbank)
- E-money institutions (such as Skrill)
This all begs the question – who’s responsible for reporting the in-scope payment?
Well, that depends on where the payer’s and payee’s respective PSPs are based:
- If the payee does not have an EU-based PSP – so, one based in a country outside of the European Union – the payer’s PSP reports the transaction.
- If the payee does have an EU-based PSP, the payee’s PSP reports the transaction.
- If the payee has multiple PSPs involved in the chain of transactions, all the payee’s PSPs must report.
But what, exactly, does that data include?
What are the CESOP guidelines?
CESOP guidelines mandate that payment service providers involved in a cross-border transaction initiated in the EU must report the following data about the payee:
- The payee’s personal details, including name and address
- The payee’s IBAN, BIC, or any other unique identifier
- The payee’s national tax number or VAT number
PSPs must also report on the payer’s information, which includes:
- The payer’s BIC, or any relevant business identifier
On top of this, PSPs are required to collect transaction information: which includes the payment currency, date, amount, and references, as well as whether it was a card-present or card-not-present transaction.
How to prepare for CESOP
If you’re a business that accepts or sends cross-border payments – whether that’s selling goods and services, paying suppliers, or issuing refunds – you’ll want to know how CESOP affects you, and your customers.
The good news is that CESOP won’t have an impact on how you do business. CESOP data collection and transmission is firmly in line with EU data protection rules; information about your customers – and what they’re buying – isn’t part of the equation. So you can rest easy knowing CESOP won’t compromise your customers’ privacy when they shop with you online.
If you are a PSP, though – or represent a credit or e-money institution – CESOP will affect how you do business.
Be prepared for CESOP with Checkout.com
As an EU-based payment service provider, Checkout.com is among the PSPs required to monitor and transmit in-scope transaction information to local tax authorities.
We’ve prepared for CESOP, and comply – which means we can help your business do the same. Whether you’re a financial institution looking to understand CESOP’s impact and impositions, or a business keen to learn more about CESOP’s effects, we can help.
The contents of this blog post do not constitute legal advice and are provided for general information purposes only.