European Commission takes aim at VAT fraud with CESOP
The European Commission (EC) has clamped down on VAT-based fraud by introducing a new set of rules for EU member states, effective 1 January.
The rules seek to harness the power of aggregated payment information from the e-commerce sector specifically as a means to patch up the holes created in tax revenues as a result of VAT fraud.
In Europe, the difference between the amount of VAT that could be collected and the amount that is actually collected is referred to as the ‘VAT gap’. This gap can grow for any number of reasons, such as malpractice and fraudulent behaviour, less than optimal systems, administrative errors, bankruptcies and financial insolvencies.
According to the EC’s latest EU VAT Gap report, which was published in October 2023 and is based on figures from 2021, €61 billion in VAT was lost by EU member states in 2021, 5.3% of the expected VAT Total Tax Liability (VTTL).
However, data both from 2020, which recorded a €99 billion loss, and the preceding years, which experienced highs of €140 billion in losses, indicates that this gap is slowly showing signs of convergence, aided by the evolution of digital tax and invoicing systems.
The biggest movers in closing this gap, as highlighted by 2021’s figures, were Italy with a year-on-year decease of -10.7% and Poland with a decrease of -7.8%. Meanwhile, Finland, Spain, Estonia and the Netherlands were all among the countries with the narrowest gaps.
Despite the positive movement, VAT fraud still remains a prevalent and costly issue for the continent’s regulators. Latest efforts to tackle the problem include Operation Admiral which, led by the European Public Prosecutor’s Office (EPPO), filed charges against 12 individuals and 15 companies in December.
The EPPO says in a release: “The defendants – ten Portuguese and two French nationals – are accused of setting up and operating a criminal organisation, based on the sale of electronic goods, which is understood to have committed several crimes of aggravated tax fraud, money laundering and active and passive corruption in the private sector, between 2016 and November 2022.”
It adds: “The defendants are alleged to have used a network of companies to evade the payment of VAT while trading in electronic devices, by using fraudulent invoices and tax declarations. The fraudulent scheme took advantage of EU rules on cross-border transactions between its Member States – as these are exempt from value-added tax – by using a chain of traders that did not fulfil their tax obligations.”
Prosecutors estimate that the amount of damage to Portugal alone totals over €80 million. However, it’s thought that the wider impact on the EU and the national budgets of affected countries could top €2.2 billion.
While the EPPO continues with Operation Admiral, regulatory forces in Europe have been eagerly implementing new measures to combat the VAT gap, namely the Central Electronic System of Payment information (CESOP).
Borderless crime meets borderless data
“A problem shared is a problem halved” has become an increasingly common mantra in the world of fighting financial fraud, and appears to be a central theme in the EC’s latest initiative.
Mirroring the collaborative approach to tackling fraud that’s actively being explored by some of the continent’s largest financial institutions, including the Banco Santander, BBVA and CaixaBank alliance in Spain, the arrival of CESOP hopes to unite transactional data to catch those evading VAT.
The latest regulatory amendment to the EU VAT directive will create a centralised database with a focus on cross-border e-commerce transactions made by online sellers with no physical presence in a member state specifically.
As of 1 January, payment service providers (PSPs), as defined by the Payment Services Directive 2 (PSD2), across all member states were ordered to begin monitoring payees of cross-border payments.
This will be followed by the implementation of a reporting deadline on 30 April, at which point PSPs will have to start transmitting data on payees who receive 25 or more cross-border transactions per quarter, submitted via their national tax authorities to CESOP.
The information will include the locations and identities of the payer and payee, the VAT and transactional IDs, and payee PSP bank identifier code (BIC), among other insights.
The database is designed to aggregate and analyse this information, and will distribute it through the Eurofisc network to aid the efforts of network liaisons actively fighting fraud.
Paolo Gentiloni, commissioner for economy at the EC, anticipates CESOP playing “a crucial role in the fight against VAT fraud”, using the data harvested by PSPs to “more easily and accurately pinpoint and crack down on fraudulent behaviour in the e-commerce sector”.
Reacting to the new legislation, the Federal Central Tax Office (BZSt) in Germany tells FinTech Futures that it will provide tax authorities with “information that was previously not accessible”, and says that it will help fraud fighters “to identify fraudulent businesses and to determine where goods and services have been supplied or rendered”.
Speaking with FinTech Futures, Lex Neijtzell de Wilde, director of the indirect tax team at Deloitte, identifies cross-border commercial transactions as “the main source of the VAT gap”, and explains that CESOP will “limit the additional investment and efforts for involved PSPs”.
Neijtzell de Wilde says that the initiative “fits within a trend to collect and exchange data from third parties to lower the VAT gap”, citing the DAC7 reporting directive instated on digital platforms last year as an example.
He adds that reporting the specific data requirements outlined by CESOP could become “more complex” if the affected PSP operates in multiple countries. “Depending on these complexities, PSPs will either try to build an in-house solution or choose to outsource CESOP reporting to a third-party provider.”
One such provider with a CESOP reporting solution is Luxembourg-based fintech LuxHub, an open banking API platform founded by banks BCEE, BGL BNP Paribas, Banque Raiffeisen and Post Luxembourg in 2018.
Speaking with FinTech Futures, Ramzi Dziri, head of product at LuxHub, recognises time as one of the main, immediate hurdles being faced by PSPs.
“All the reports that will be submitted by PSPs will be centralised on a European level,” Dziri explains. “If some countries’ reports are missing, then it doesn’t make sense because you’re missing part of the picture. It seems in this case, it’s quite strict, so there will be no delaying, there will be no postponing.”
One of the most unique elements of CESOP’s style of compliance reporting is that it requires PSPs to report on multiple jurisdictions, another element of complexity highlighted by Dziri.
“You’re not supposed to report to your own country, but to other countries where you’re providing your payment services,” he says. “And therefore we have a lot of our customers for the solution that will need to report in 20-plus jurisdictions.”
The EC, like many active crime fighters in the financial industry, has championed the power of data aggregation with its new CESOP legislation. Although it will provide efforts to mitigate VAT fraud with a more holistic view of market-wide activity, efforts will also have to ensure that once the data arrives in April, it has the technology, expertise and know-how to produce effective results.