Law firm Allen & Overy and open banking platform Luxhub hosted an event at the law firm’s office in Kirchberg on 18 April 2024, covering payment services regulation in the EU, Central Electronic System of Payment information reporting, instant payments and the Financial Data Access framework. Photo: Marie Russillo/Maison Moderne

Law firm Allen & Overy and open banking platform Luxhub hosted an event at the law firm’s office in Kirchberg on 18 April 2024, covering payment services regulation in the EU, Central Electronic System of Payment information reporting, instant payments and the Financial Data Access framework. Photo: Marie Russillo/Maison Moderne

With the first deadline for the Central Electronic System of Payment information (Cesop) reporting fast approaching, financial industry experts during an Allen & Overy and Luxhub event in Luxembourg talked about major challenges and things to keep in mind when it comes to this new regulation.

New transparency rules are now in place to help EU countries crack down on VAT fraud, with payment service providers now obligated to monitor the beneficiaries of cross-border payments. The reported information will be centralised in a European database----where it will be “stored, aggregated and cross-checked with other European databases,” said the European Commission.

With the deadline for the first round of reporting on 30 April 2024, payments regulation experts at an Allen & Overy and Luxhub event on 18 April discussed key challenges and points to consider when preparing for Cesop.

Lack of clarity of the regulation

For panellist Jean-Luc Barbier from the Banque Internationale à Luxembourg, Cesop preparation came in the midst of a major transformation of the bank’s IT systems, making their first challenge “a lack of resources,” said Barbier. In October of last year, for instance, Bil experienced several issues with payments, making it “quite difficult to mobilise payment experts.”

“The second challenge was the complexity to extract data,” continued Barbier, while a third challenge was something facing many entities in Luxembourg: “a lack of clarity of regulation, especially at the beginning.” There were many outstanding questions, like whether to report to all national tax authorities (NTAs) or just to Luxembourg.

Location, location, location

Indeed, the lack of clarity was a key question for many players, added Adam Obadia, a banking associate at Allen & Overy and moderator of the panel. Following discussion with stakeholders, “we realised that one of the main issues is the location,” whether that was the “location of the payment service user or the location of where the payment service is provided.” This information is important when it comes to submitting data to the relevant tax authorities.

At first, it was thought that the international bank account number (Iban) would be a sufficient way to identify users. But after discussion, Obadia said, “we realised that if we just use the Iban, we can virtually be anywhere.” A person can, for instance, have a bank account in France, Spain or Luxembourg while being based here in the grand duchy. And if a user uses the bank account located in France while here in Luxembourg, they’re not really located in France. “That was an issue.”

The best approach here, I would say, would be to document the approach adopted, and to have the means necessary to justify the decision taken
Adam Obadia

Adam ObadiaassociateAllen & Overy

Another issue related to the location of the payment service provider, which is needed to determine the tax authority that will be “competent” for collecting the data. And the guidelines, said Obadia, are not very useful. “They just say: ‘you should follow your licence.’ Okay, thank you, but this is not the criteria in order to determine where the service is provided.” This can be very complex for entities here in Luxembourg that have branches in other countries and provide cross-border services, for example.

“The best approach here, I would say, would be to document the approach adopted, and to have the means necessary to justify the decision taken in case this is challenged by a tax authority.”

Define certain requirements while remaining flexible

The lack of clarity was a challenge for open banking platform Luxhub as well. “As a software IT provider, our main challenge--as has already been talked about--is clarity,” said head of product Ramzi Dziri. When you build a software solution, you have to have facts.

“So our main challenge from an IT perspective was actually to be able to define certain requirements, but then keep certain requirements flexible enough to be defined along the way, as things were clarified in the respective FAQs and so on.”

“Step zero”: getting ready to report

For Nenad Ilic, member of the European Commission’s Cesop expert group and tax partner at PWC Luxembourg, dealing with cross-border reporting requirements can be “very difficult.” There are sometimes many steps that need to be completed before one can actually submit a file, “and what is really complex” is that in many states, “there is no step-by-step guidance” explaining how non-domestic payment service providers can complete these steps.

“The biggest challenge is actually this ‘step zero’ in the process: getting ready to be able to report,” said Ilic. To tackle this, the firm has a multi-lingual team that works to “harass” the tax authorities, calling and sending emails in local languages to obtain the necessary information. “It’s not the case in every member state, but in roughly half of the member states, we really need to have this kind of very ‘painful’ approach to getting the right info and to be able to help our clients.”

Grace period, good examples and glitches

When it comes to compliance, some tolerance may be granted--though this varies amongst EU member states, said Ilic, referring to discussions held during the EU commission’s Cesop expert group the week before. In Germany, for example, there will be a six-month grace period without penalties, he noted. “Finland issued a recent guidance saying that they understand the Cesop is a new reporting requirement--for them and for the PSPs [payment service providers] as well--so therefore they will be kind of tolerant during the first year. They said that they will take into account the good faith efforts that PSPs did to comply.”

Echoing a previous comment from the panel, Ilic added, “it is important to document whatever you do, whichever choices you make in terms of ‘where do I need to report? How do I need to report?’” It’s key to be able to “demonstrate that you did these good faith efforts to comply, which is very important in case you get questions from the tax authorities at a later stage.”

The sooner you start, the better prepared you are
Ramzi Dziri

Ramzi Dzirihead of productLuxhub

A second point that Ilic brought up from the expert group meeting touched on registration procedures. A list of issues will be compiled, as well as good (and less good) examples of practice and guidance. Ireland and Malta, for instance, have quite clear guidance. “We’re going to use those ‘good examples’ to convince the ‘bad countries’ to kind of streamline this procedure.”

Finally, the commission also announced that there are some “glitches” with the current XML schema definitions (XSD), said Ilic. “For instance, it is currently not possible to report the same payee with multiple accounts,” even though this is not a terribly rare case. “If you do that today, that will generate error messages.” The issue of a “known error list” is expected, as well as at least two updates to the schema (planned for end of this year and beginning of next year).

“Try to be proactive in terms of timing for this kind of regulatory topic,” Luxhub’s Dziri said to conclude the panel. “The sooner you start, the better prepared you are.”

Related articles