In the spring of this year, DPS partner Carsten Lange appealed to the financial industry in a blog post to deal with prevailing regulatory challenges against the backdrop of the Central Electronic System of Payment Information (CESOP). As one of the initial providers, DPS has now designed a complete solution for the implementation of the EU Directive to combat VAT fraud with the CESOP Compliance Service, and is currently implementing it with a “first mover customer”.
We caught up with project manager, Tobias Münsterberg, to talk about the potential pitfalls of CESOP in practice, and the new CESOP Compliance Service from DPS.
How do you rate the degree of preparation by local banks in the face of CESOP?
Tobias Münsterberg: The picture here is somewhat ambivalent. Large banks, along with the IT service providers of financial groups, are already working on solutions. For many smaller banks, specialised banks and e-money institutions, however, the topic is not yet on the agenda. The complexity of CESOP is being underestimated. You have to bear in mind: in payment traffic, there have been no reporting obligations on an individual transaction basis to date. Accordingly, the architectures of the payment traffic systems are not designed for this.
Where do you see the main challenges?
There are two points here: Firstly, data from systems that actually have nothing to do with each other must be merged. The interplay between the obligation to report and to ensure compliance with data protection regulations must also be taken into account. For the analysis of the transactions, certain data records must be merged – for the report itself, on the other hand, merging is not permitted under data protection law.
Secondly, reporting alone is not enough. By the end of the first quarter of 2024 at the latest, institutions must also be in a position to answer queries from the Federal Central Tax Office (BZSt) promptly, and correct reports.
How exactly do you go about implementing the CESOP Compliance Service?
We import the relevant transaction data from all relevant payment transaction systems. Given that the data is available in different formats, mapping to a standardised data model is performed. The transaction data is enriched with that customer master data that is necessary to determine the reporting obligation – here, it especially concerns the identification of the recipient. At the end of the quarter, the data stock is analysed, and reportable transactions are identified. On this basis, we prepare the notification. It is important to note that data from different systems must not be merged for reporting purposes, even if they are addressed to the same recipient. After sending the notification, we await the reply from the Federal Central Tax Office. In the event of an error, our system offers a simple way to correct and resend the notification.
Tobias, what pitfalls have you already encountered in the practical implementation of the EU Directive to combat VAT fraud?
With our combination of expertise and technical knowledge, we are actually well-prepared. But one challenging point should be mentioned: virtual accounts. Different account numbers are linked to a physical main account. For example, companies can assign their own virtual account numbers to all subsidiaries, but the main account remains with the parent company. The real challenge here is that the allocation can change during the reference period. Ensuring correct processing for these special cases also requires special attention.
Which financial institutions are targeted by DPS’s CESOP Compliance Service?
Here, I can answer quite confidently: to all institutions that are reportable under CESOP. And this concerns numerous institutions – ultimately, the existence of cross-border incoming or outgoing payments is sufficient. In addition to traditional banks, savings banks and credit unions, these also include specialised and development banks or e-money institutions, as well as marketplaces and intermediaries that collect funds in their own name.
Many thanks for the interview!
Further details on the CESOP Compliance Service from DPS can be found in our German-language product brochure. Below you will also find a way to contact us directly.