Payment service providers face new EU cross-border tax information reporting requirements

Entities in scope

The new rules will impact the following four categories of EU PSPs, as defined under Directive (EU) 2015/2366 (PSD II):

1. Credit institutions, including fully licensed banks established in Europe and European branches of credit institutions that have their head office outside the EU and provide payment services.
2. E-money institutions, which covers all PSPs providing payment services via electronic money (e-money).
3. Payment institutions, including companies providing payment services such as issuing credit/debit cards, acquiring payment transactions, processing payments and initiating payments. This also includes platforms that provide payment services and act on behalf of both the payer and payee.
4. Post-office giro institutions that provide payment services.

Central banks and public bodies are not affected by the CESOP reporting obligation, as they typically do not provide the payment services in scope.

Payments within scope include:

• card payments (debit and credit cards)
• credit or bank transfers
• direct debit payments
• e-money payments
• money remittances

When is reporting triggered?

Where the PSP will be deemed to be within the scope of reporting, the reporting obligation will become effective when the payment services meet the following conditions:

• They qualify as ‘cross-border payments’.
• A threshold of 25 cross-border payments to the same payee is met per quarter.

A payment is considered cross-border when it is made by a payer in an EU Member State to a payee in another jurisdiction (irrespective of whether this is within or outside the EU).

Where the PSP of the payee is located in the EU, they will be subject to the reporting requirement. If the payee’s PSP is not located in the EU, the obligation to report falls on the PSP of the payer.

Making a return

PSPs must file a return with their Member States each quarter. The return should be made electronically and in a specified XML format.

PSPs must file a return with every Member State where they provide services that are within the scope of the reporting obligation. For example, a PSP established in Ireland may provide payment services to payees in Ireland, France and the Netherlands. In this case, the PSP will need to submit returns in these three countries.

Information to be reported

The following data will need to be submitted:

• BIC, or any other unique identifier of the reporting PSP transmitting the data
• Name of the payee
• VAT number or national tax number of the payee, if available
• IBAN, or any other identifier of the payee
• BIC, or any other business identifier for the payee PSP
• Address of the payee
• Individual payment transaction details 
• Payment refunds

The three key actions to take now

If you will be affected by these new requirements, consider this three-step process:

1. Determine the application of the rules

Now is the time to identify if your company is within the scope of the reporting obligations for the new PSP rules. If so, you must identify the scope of transactions that will meet the conditions of a “cross-border payment” and will breach the threshold of 25 payments.

2. Collect information 

If you are within the scope of PSP reporting obligations, it is important that you establish appropriate systems to collect the relevant data on payments within the scope of PSP. Consider which information is currently being collected and what procedures need to be put in place to gather the additional information required. Also consider the necessary data verification procedures for PSP reporting. Similarly, safeguards should be established to ensure that only the required data is collected for reporting purposes in line with your GDPR responsibilities.

3. Report

Affected PSPs must collect the relevant data and report to the tax authorities in the relevant Member States by 30 April 2024 in respect of the first reporting period (1 January 2024 to 31 March 2024).