How are CESOP and VAT law related to cross-border payments?

Let’s be honest – when we hear the word tax law in our industry, we do not assume that anything relevant for payment transactions will follow. Of course, payment methods are used by all parties to settle tax liabilities, but this does not make them a subject of regulation under tax law. The bad news, however, is that in future we will always have to look a little closer when it comes to the EU VAT directive.

Overstrain as a background 

In the course of the action plan to create a single VAT area, the EU Commission inevitably encounters the issue of VAT evasion. The increasing use of e-commerce for the cross-border sale of goods and services in the member states particularly reinforces this situation. 

The investigating authorities are struggling with deficient information and limited information gathering possibilities. The required information is often held by third parties (such as payment service providers), usually located in another state. This is compounded by insufficient administrative capacity to cope with the high volume of data required to detect VAT fraud. This concerns both the exchange and the processing of corresponding amounts of data. 

The EU Commission speaks of a three-digit billion loss of tax revenue ( In order to counteract this situation from the perspective of the European legislator, the previously existing regulations were amended accordingly on 18/02/2020.

Council Regulation (EU) 2020/283 of 18 February 2020 amending Regulation (EU) No 904/2010 as regards measures to strengthen administrative cooperation in order to combat VAT fraud.

  • Establishing cooperation between national tax authorities to detect VAT fraud and ensure compliance with VAT obligations.

Council Directive (EU) 2020/284 of 18 February 2020 amending Directive 2006/112/EC as regards introducing certain requirements for payment service providers.
Amendments to the VAT directive:

  • Payment service providers will be required to keep records of cross-border payments related to e-commerce.
  • Data must be made available to the national tax authorities. Strict conditions (among others for data protection) have to be taken into account.

Council Directive (EU) 2020/285 of 18 February 2020 amending Directive 2006/112/EC on the common system of value added tax as regards the special scheme for small enterprises and Regulation (EU) No 904/2010 as regards the administrative cooperation and exchange of information for the purpose of monitoring the correct application of the special scheme for small enterprises.
In addition to further regulations on administrative cooperation, there were new EU-wide special regulations for small businesses:

  • Small businesses based in other member states (MS) may benefit from the small business regulation in the future.
  • This applies provided that their annual turnover does not exceed a maximum of 85,000 euros (limit set by MS).
  • If certain conditions apply, this can even be up to 100,000 euros, provided that this turnover was achieved throughout the EU.

As of 1 January 2024, Directive 2020/284/EU will oblige payment service providers to share their information with the tax authorities, i.e. to improve information accessibility from the authorities' point of view. To this end, it prescribes a central reporting of certain payments data by payment service providers, which authorities are to use in cases of suspicion to carry out their investigation without obstacles.

CESOP – payments data in data retention  

The keyword for the storage of this supplied data is CESOP (Central Electronic System of Payment Information). A central system of the EU which is supervised by EUROFISC. It shall not only record the supplied data, but also make it searchable, intelligently search for redundant data records, make correlations visible etc.

Only the tax authorities of the member states will have access – all in accordance with other rights, of course. The general interest in avoiding damage from tax evasion amounting to billions outweighs the individual's right to data confidentiality here.

Which payments have to be reported by whom? 

Whenever payment service providers provide payment services for more than 25 cross-border payments within a calendar quarter to the same payment recipient, regardless of the amount of the transaction, these must be reported. The data must be kept for at least three calendar years.

European payment service providers

If the payment is made to a payment recipient in the EU, the recording obligation lies with the payment recipient's payment service provider.

If the payment is made by a payer in the EU to a payment recipient in a non-EU country, the recording obligation lies with the payment recipient's payment service provider.

Supplying, but how? 

The by now hopefully inclined readers will surely now ask themselves: "Okay, we have a new reporting obligation. But how do we get the data into CESOP?". The good news is that you as a PSP do not have to do this at all, because CESOP is "fed" via the national authorities. It is also already clear what the interface and format for supply and the data format look like. What is unclear, however, and this is the bad news, is how payment service providers for their part will have to hand over the information to the national authorities after they have compiled it from their systems (if they even have this data already). 

Directives require implementation by national legislators. They therefore differ (indirectly) from regulations in their mode of effect. The latter are effective immediately and must be applied directly. The German legislators have not yet dealt with the amendments to the VAT directive; in other words, they have not even begun to implement them. After all, they still have until 31/12/2023 (as a reminder: the start is on 01/01/2024) and are currently still waiting for further developments at EU level (which is not necessarily wrong). 

In the course of implementation, however, the German legislators are free to decide whether to implement 1:1 or to adopt stricter rules. A deviation from the wording of the directive would also be legitimate. The finer details could therefore still depend on the implementation by the German legislators.


European VAT law is now very much related to payments and makes payment service providers responsible for providing information to the tax authorities of the member states. 

The legal situation at national level and the manner of implementation remain unclear. It is also still uncertain which technical means will be used to transfer the information to the responsible national authority. However, this does not mean that payment service providers can now sit back and relax, because data aggregation, orchestration and the implementation for reporting are not to be underestimated.

Author: Benjamin Schreck

Project possible in cross-border payments

Have you ever tried to convince your international network of 11,000 participants to climb Mount Everest together? An impossible project, you say. To be honest, for most of us it would probably already fail on account of the network. But the Society for Worldwide Interbank Financial Telecommunication (SWIFT) has managed to build up a correspondingly large network since its foundation in 1973 and has started such a "project (im)possible" – except that the aim is not actually to climb Mount Everest, but to renew the messaging interface in international payments.

Showdown in November 2022

So if you look into the payments offices of global financial institutions these days, you will find this project (im)possible everywhere. Let me briefly summarise what it is all about:
SWIFT will change the current communication basis as of 2022. While MT transactions in accordance with ISO 15022 are currently used for communication in international payments, a migration to MX transactions will take place as of 2022. The MX transactions were defined by an international working group Cross-Border Payments and Reporting (CBPR+) and are based on the ISO 20022 standard. This is why we often speak of CBPR+ transactions or MX transactions. The scope includes the transaction formats from payments, reporting and investigation. In the "old MT world", this corresponds to the categories MT1xx, MT2xx and MT9xx.  

The new transactions are also sent via a new interface. The InterAct (FIN+) channel will be opened for payments as of November 2022. A complete changeover from the FIN to the InterAct (FIN+) channel is forced as of November 2025. SWIFT refers to the period between November 2022 and November 2025 as the "co-existence phase" and speaks of a "user-driven" migration. Each financial institution in the SWIFT network may decide for itself when to switch to outgoing MX. However, incoming MX messages must be expected as of November 2022.
A supposedly small migration project that has turned into one of the biggest challenges in payments in recent years. Old host systems, the processing of new data fields, the coordination with partner banks and the constantly changing conditions keep bringing new challenges and questions that need to be solved:
As a financial institution, when exactly should one make the switch? What happens to rich data elements? Should all sub-elements be saved or can we perhaps do without Garnishment Remittance after all? What exactly happens between November 2022 and November 2025? What is the minimum required in November 2022?
SWIFT has set November 2022 as the first possible go-live date. The first-mover banks still have three months to answer the last urgent questions, fix the last defects and inform the last customers. The first-mover banks, which SWIFT says account for more than 50% of the total cross-border transaction volume, are ready to go – and yet there are still changes and recommendations that may jeopardise a go-live.

Too late to turn back

The postponement of SWIFT's Transaction Manager to the end of Q1 2023 instead of November 2022 was one of the major shock moments. For a long time, the Transaction Manager was presented as the "redeeming SWIFT application" that was supposed to ensure a truncation-free transaction exchange across the entire payments chain by storing a so-called golden copy. Regardless of whether information-rich MX transactions or rudimentary MT transactions are sent or further processed, the Transaction Manager was to expand the transactions with the respective data variety originally sent and thus to ensure the consistent forwarding of all information. Now, with the delay, comes the fear that important information will be lost.
In order to get a grip on the problem, the PMPG (Payment Market Practice Group) published a recommendation in July to dispense with rich data by November 2023 ( The term rich data refers to the information that is newly provided with the MX transactions. A financial institution can rightly ask itself whether it makes sense to carry on with the project if such uncertainty continues to prevail.
But it is too late to turn back. The project budget has been allocated, the development teams are in the middle of development, the first releases have already been made, the internal go-live plan is in place, the communication campaigns are running hot and the project timeline for the next few months is already set. No matter how agile a financial institution wants to be, a migration project that occupies the entire bank, from e-banking to core processing to account reconciliation, cannot simply be stopped.

We have reached base camp – the ascent is yet to come

With regulatory and market-driven rigour, SWIFT is pushing its participants up Mount Everest and, as is usual on any hike, some are further ahead and some are slightly behind. What is certain is that a number of financial institutions will be sending MX transactions starting November 2022. But have they already reached the summit they were aiming for? If one takes a look at what has been achieved and the scope intended by SWIFT, one can only speak of reaching the base camp – the ascent itself is yet to come. Monitoring of production, additional operation efforts, conversion of reporting messages, conversion of investigation messages, processing of rich data elements and any changes and suggestions by SWIFT are likely to keep project (im)possible a fixed part of the project agenda at many financial institutions.
In conclusion, it must be said: the SWIFT community is currently transforming cross-border payments and, with the migration to ISO 20022, is building a basis that should improve and optimise payments in the long term. Even if the promised benefits of structured and granular data, higher data quality, better analysis options and international interoperability will not yet materialise in 2022 or 2023, the foundation for more is being laid. We can be curious about what else will happen in international payments in the next few years.
Where do you currently stand with your SWIFT MX migration project and how do you perceive the current situation? Let us know or leave a comment.

Author: Florian Stade

Will financial institutions play a role in the implementation of the digital euro?

The European Central Bank's (ECB) two-year analysis phase on the digital euro is not yet over and many questions are still unanswered. However, there are already initial tendencies on some issues, such as the implementation model or the distribution of roles.

Considering the basic prerequisites of a central bank digital currency (CBDC), such as cash-like security, privacy protection, user-friendly peer-to-peer payments and widespread distribution, various implementation scenarios are currently being discussed.

In this article we will look at two common implementation scenarios:

1. Direct CBDC

In the direct approach, the European Central Bank would develop the digital euro on its own and be the interface to the users.

Consequently, the ECB is responsible for setting up the infrastructure, operating the system, performing the customer onboarding and processing the payments.
All of these issues result in enormous efforts on the part of the ECB, since in addition to the development of the back and front end, the subsequent administration and management also await the ECB. For example, customers need to be guided through processes such as KYC and AML checks. Furthermore, it remains open whether users in this model would receive a separate account at the ECB for payment activities.

In addition to the effort and time factors, the current ecosystem would be undermined, as neither commercial banks nor financial service providers would act as distributors at the customer-bank interface.

The indirect CBDC scenario is therefore far more likely:

2. Indirect CBDC

In this model, the digital euro is issued by the ECB and distributed to the end consumer via verified intermediaries, for example financial institutions and payment service providers. The distribution would be similar to the current cash system but in digital form. Consequently, the user has no direct contact with the central bank, but has a direct legal claim against it.

The model would strengthen the existing ecosystem by securing the role of intermediaries and involving them in the provision of the digital euro.
In addition to the administration, intermediaries would be able to build on established processes (including KYC and AML checks), onboarding mechanisms and front-end developments.
In this model it must also be considered that the further development of value-added services can arise in connection with existing use cases of the financial institutions and the digital euro. The ability to innovate is increased and consumers can hope for an optimised user experience.

For the reasons mentioned, we currently assume that the commercial banks will be involved in the distribution of the digital euro in order to use established processes and strengthen the direct customer contact. However, the question remains open as to whether other providers besides classic commercial banks can also take on the role of an intermediary.

At PPI, we are following this topic with great enthusiasm and consider the innovative capacity of the payments system as indispensable for the economy. To keep you up to date on current developments, we will use this blog to regularly inform you about news on the digital euro.