CESOP and card payments – What should every entrepreneur know?
Exposed to an increasing number of cross-border transactions, businesses are faced with new legal obligations related to the reporting of payment operations. The Central Electronic System for Reporting Operations (CESOP) is one of the latest tools that have been introduced to monitor financial flows in the European Union. Knowledge of the CESOP rules and their impact on card payments is crucial for any business that operates in the European market.
Basic rules for reporting under CESOP
Under CESOP, there are specific principles for reporting payment transactions, which are derived from the location of the payment service provider. The law provides for two main reporting schemes:
- The recipient’s payment service provider is located in a third country or territory: In this case, the obligation to report the transaction lies with the payer’s payment service provider, which operates in a Member State. This means that it is the payer’s responsibility to ensure that the transaction complies with CESOP regulations, even if the payee is located outside the EU.
- The payee’s payment service provider is located in a Member State: When both parties to a transaction (payer and payee) use providers located in the EU, the payee’s payment service provider assumes responsibility for notifying the transaction.
What is the situation of specific providers in a card payment system?
In three-party card payment systems, such as those in which banks participate, a key role is played by various entities, each of which has its own legal duties and responsibilities. In this context, banks perform two main tasks:
- Financing the credit card line: banks finance transactions made by cardholders. From the point of view of CESOP, payment to the card issuer is treated as a separate operation that is subject to reporting.
- Receipt of funds from a commercial acquirer: Banks also act as recipients of funds from acquirers that manage card transactions. These types of transactions are different from standard payments between payer and payee and also fall under the reporting obligation as a payment from a commercial acquirer.
It is worth noting that these operations, although they may appear to be typical financial activities, fall within the scope of the reporting obligation. Therefore, in fact, they do not fall under the exemption provided by Article 3(m) of the Second Payment Services Directive (PSD2).
This means that banks and other payment service providers must ensure that these transactions are fully compliant with the CESOP rules, even if they are not directly related to the provider’s internal operations, but result from agreements between the payer, payee, card issuer and commercial acquirer.
Location rules in CESOP – How to apply them?
Under CESOP, correctly determining the location of the payer and payee is crucial for proper transaction reporting. There are three main schemes:
- Different MS, local providers: When the payer and payee are in different member states, the payer’s location is determined by the card’s BIN, and the payee’s location by the address or merchant ID. Such a transaction is considered cross-border.
- Same country, different providers: If the payer and the payee are in the same Member State, but the payee uses a provider from another country, the transaction is not considered cross-border because the BIN and the payee ID indicate the same country.
- Different countries, same providers: When the payer and the payee are in different member states, but their providers are in the same country, the location of the payer will be determined by the BIN for the card issuance location data, not the card issuer location data. The transaction is considered cross-border because the BIN will indicate a different country than the one where the payee is located.
With different location identifiers, the payment service provider must choose the one that best reflects the actual location of the parties. Such a solution may seem particularly complicated when dealing with virtual payments. If you are in doubt, you can use the account data indicated when identifying the client during a KYC/AML verification.
If you are in doubt about how to properly apply the location rules under CESOP, consult with our specialists to avoid potential sanctions. Remember, proper transaction reporting is not only an obligation, but also key to maintaining compliance and protecting your business.