Ramzi Dziri, Head of Product at LUXHUB, tells us more about the upcoming CESOP framework (Central Electronic System of Payment) which will impact Payment Services Providers, starting January 1st, 2024. The deadline for this new regulatory challenge is approaching rapidly. Here is more information on who it will impact, and how, but also how LUXHUB can support these players, as a recognized compliance and payments expert.

On the eve of a new turning point in the fight against VAT fraud, what can you tell us about the new developments that are about to take hold?

The financial sector will face new challenges in 2024. From January 1, PSPs (Payment Services Providers) will have to report certain cross-border transactions data to their NTAs (National Tax Administrations). They will have to transmit a standardized file message at the end of each quarter. The first report is therefore due in April 2024.

This upcoming European framework is called CESOP standing for Central Electronic System of Payment Information. Its aim is to detect potential VAT fraud in cross-border transactions. In the European Union, VAT fraud accounted for around 5 billion eurosin 2015, making it a key topic to tackle for the European Commission.

The information – cross-border transaction data – collected will be stored in a European database, CESOP, where it will be aggregated and cross-checked with other European Databases. All the information in CESOP will be made available to anti-fraud experts in the Member States via a network called Eurofisc.

What are the main challenges that PSPs will then face?

Here, we’re talking about all PSPs in scope, namely all Credit institutions, EMIs (E-Money Institutions), Payment Institutions and Post office giro institutions. Several challenges are ahead for PSPs who have already started to investigate how they could efficiently report the transactions in scope.

First things first: they need to identify what sets of data must be collected and from where (within their internal systems) in order to make sure that all required information is at hand to create the CESOP quarterly report.

Second, finding out in which EU states they will need to report to also represents an important challenge for PSPs. It is key to understand that depending on the PSP business and the type of processed transactions, there are different applicable rules to define the location of the payee and/or payer and thus the reporting country.

Last, comes the main technical challenge, related to the production of the report following the specified aggregation rules and its conversion into the requested XML format according to both NTA and CESOP specifications in terms of data structure, file size or file naming conventions. Any validation mistakes, even minor, would lead to negative feedback (i.e. rejection) by the NTA and/or CESOP and therefore having to start over by correcting and submitting again the report.

What are the different steps of the CESOP reporting? Where can LUXHUB actually play a role in?

Basically, there are three stages for each quarterly report in this new framework:

First, PSPs will have to report their data to their local NTA every three months (and potentially to several NTAs). Some players might therefore have to report to up to 27 different NTAs, making it a significant task for the concerned teams.

Then, NTAs will check the report and, if valid, transfer the report to the CESOP system within 10 days.

Finally, the CESOP will send feedback on the report's content with actions that may be needed to correct the file structure or its content.

In this respect, to smoothen the processing of the requested file and enable a flawless compliance to this regulation, LUXHUB is launching LUXHUB CESOP. At the centre of this new solution is a reporting engine that will first check and pre-process input data to ensure that the needed data is comprehensive and valid. Then, it will filter and convert the transaction data in scope into XML report files, following the technical specification provided by CESOP and pre-validate these files using the CESOP official validation tool. Finally, after receiving feedback from the NTA and/or CESOP system, our reporting solution will also process the returned error messages to help generate the corrected reports.

To accommodate potentially different needs of PSPs, this solution is available in two deployment models, either on-premises or as managed services. With the first, the reporting engine is deployed by the PSP's IT team, making sure that the transactions’ data always stay within its premises. While with the second, the managed services model, data is exchanged between the PSP and LUXHUB through a secured server; a web interface is provided to enable the PSP to directly edit or correct input and reporting files before their submission to NTAs. Also, for the countries where the NTA will make available a machine-to-machine channel to exchange CESOP related fields, this second option will support such automated reports and feedback files transfers.

How can LUXHUB become the PSPs’ preferred partner on this specific topic?

As a compliance solutions and payments expert, LUXHUB is well equipped to successfully support different profiles of PSPs and help them comply with this regulation. With the trust of 60+ customers from 10 different countries for PSD2 XS2A (Access to Account) and CEDR (Central Electronic Data Retrieval system) compliance products and a two-time award winning REGTECH100 Company, LUXHUB has all the knowledge and expertise to provide its clients with a robust CESOP compliance solution.

We also have a unique market position, being a support PFS (Professional of the Financial Sector), regulated entity in Luxembourg and having a European AISP/PISP license. Our experience as a Payment Initiation Service Provider solidifies our position as we are accustomed to dealing with payments data.

Finally, as explained earlier, we provide PSPs with flexible deployment options to better accommodate their needs, aware that some companies would prefer an on-premises solution while others would go for managed services instead.

Besides CESOP, what is there to expect in the upcoming months in terms of compliance?

As Open Banking continues to gain traction notably by enabling value added Account Information and Payment Initiation Services, it is also adapting to new regulation. One can notably name the recent PSD3 & PSR proposals, as well as Open Finance Framework which is now officially called FiDA (Financial Data Access).

More generally, the European Commission is still pushing for more innovation and security in the payments sector. For instance, the upcoming Instant Payment regulation in Europe is also about to reshuffle the game for the financial services industry. To anticipate it, LUXHUB is putting together the pieces to build its “Account Verification Platform” service offer. This future piece of legislation establishes an obligation for credit institutions (among other PSPs) offering the service of sending of Euro Instant Payments “to provide their PSUs (Payment Service Users) with a service checking that the payee’s IBAN matches the payee’s name and notifying the PSU of any detected discrepancy”.