• 1000

Since 1 January 2024, banks and payment service providers that provide payment services in an EU member state in accordance with the Payment Services Directive2 (PSD2) have been subject to new recording and reporting obligations that are due on a quarterly basis. The EU directive was also implemented by the German legislator with Section 22g UStG and aims to make it easier to detect VAT fraud in e-commerce. To this end, the reported information is stored in the Central Electronic System of Payment Information (CESOP), a centralised database.

The requirement expands the scope of compliance requirements for financial companies and the processes in an effective tax compliance management system (Tax CMS).

Quarterly reporting obligation for almost all payment service providers

Banks and payment service providers, i.e. so-called regulated companies, are required to report. This means that almost all payment service providers that provide payment services (in accordance with PSD2) in an EU member state are affected, including banks, e-money institutions and payment service providers as well as postal banks that are authorised to provide payment services. Companies with a financing function may also be affected.

The notifications are due at the end of each quarter since 1 January 2024.

Fines of up to 5,000 euros can be imposed for incorrect, incomplete or late reporting.

Detailed reporting at transaction level

All payments, i.e. credit transfers, direct debits, money transfers, cards and e-money payments made by payers from an EU member state (IBAN, BIC, IIN, BIN) to a payee in another country within or outside the EU must be reported. Example: A German florist makes a purchase at the flower exchange in the Netherlands and pays electronically. Payments in cash or cryptocurrencies do not have to be reported.  

If the payment service provider makes more than 25 payments to be taken into account within a calendar quarter that are made to the same payee, all of these payments must be reported on a transaction basis. If 25 or fewer cross-border payments are made to the same payee, there is the option of a blank report - the recording and reporting obligation does not apply in this case.

The cross-system collection of the intersection of "Know Your Customer" and transaction data is required if the specified criteria for cross-border payments are met.

The report must be submitted via an interface created by the Federal Central Tax Office (BZSt); the required format is XML. An upload option via the office's own online portal (BOP) is - as of 2024 - not available. Alternatively, a report can be submitted to the BZSt via KPMG's own tried-and-tested interface.

The following data must be reported (§ 22g para. 1 UstG):

  1. Information on the payee that is available to the payment service providers:
    a. Name or the name of the payee's company
    b. each VAT identification number
    c. any other tax number
    d. Address of the payee and
    e. IBAN of the payee's payment account or, if the IBAN is not available, any other identifier that uniquely identifies the payee and indicates its location

  2. The BIC or any other business identifier that uniquely identifies the payment service provider acting on behalf of the payee and indicates its location if the payee receives funds but does not hold a payment account with the payee

  3. Details of all cross-border payments made in the relevant calendar quarter and any related payment refunds recognised:
    a. Date and time of the payment or refund
    b. The amount and currency of the payment or refund
    c. the Member State of the European Union from which the payment originates or the Member State of the European Union in which the refund is made and the information used to determine the origin of the payment or the destination of the refund
    d. any reference that clearly identifies the payment or reimbursement
    e. where applicable, an indication that the payment is initiated on the premises of the supplier

The BZSt carries out an automated validation. The catalogue clearly shows how extensive the data records to be reported are. Data procurement and data management involve a considerable amount of effort for companies.

KPMG supports with technical and process expertise

Affected financial service providers must regularly analyse their payment flows as part of CESOP. In addition to identifying affected payment channels and transactions, data must be collected, aggregated and prepared for reporting.

We will be happy to support you in all the necessary steps - from analysing who is affected to submitting the data to the BZSt via KPMG's own interface. We also offer innovative solutions through our network in the event of a Europe-wide reporting obligation.