The information-reporting requirement of payment service providers concerning cross-border payments

This is an unofficial translation. The official instruction is drafted in Finnish (Maksupalveluntarjoajien tiedonantovelvollisuus rajat ylittävistä maksuista, record number VH/7126/00.01.00/2023) and Swedish (Betaltjänstleverantörers skyldighet att lämna uppgifter om gränsöverskridande betalningar, record number VH/7126/00.01.00/2023) languages.

This guidance discusses the information-reporting requirement that concerns payment service providers (PSPs) with regard to cross-border payments. The guidance describes the reportable data, the extent of the information-requirement among the distinct types of PSPs, and other relevant concepts and topics.

1 Backround information

1.1 Objectives of this guidance

This is the Tax Administration’s guideline on how to apply and interpret the provisions of the following Council Directive and legal acts:

• Council Directive (EU) 2020/284 amending Directive 2006/112/EC as regards introducing certain requirements for payment service providers, hereinafter “the PSP Directive”.
• 29 and § 31, Act on assessment procedure for self-assessed taxes (Laki oma-aloitteisten verojen verotusmenettelystä (768/2016)).
• The Act governing the information-reporting requirement, literal translation: “Act on payment service providers liable for collecting and reporting cross-border payment data” (Laki rajat ylittäviä maksuja koskevasta maksupalveluntarjoajien tiedonantovelvollisuudesta (659/2023)).

This guidance addresses the following issues: who the PSPs within the meaning of the legal norms are, what the payments subjected to the information-reporting requirement are, what the extent of the PSP-collected data reportable on a quarterly basis to the Tax Administration is, and which PSP   is in scope for the information-reporting requirement in different circumstances.

1.1.1 The PSP Directive and the implementation of the Regulation

The PSP directive imposes an obligation on PSPs to keep record on specific cross-border payments and report the information on to the tax authorities of EU member states. The tax authorities are expected to deliver the collected information to the European Commission’s Central Electronic System of Payments, (CESOP system). The Finnish Act governing the information-reporting requirement (659/2023) and the changes made to the Act on assessment procedure for self-assessed taxes transpose the Directive’s provisions here. Furthermore, under the provisions of the Council Regulation, the concerned member states have the obligation, within the meaning of the Directive, to both collect data and deliver the data to the CESOP system. The Council Regulation 2020/283 (in finnish) imposes direct obligations on the parties concerned, and the member states need to implement the Council Regulation’s provisions as they are.

According to the Council Regulation’s provisions, member states can store the payment data collected in accordance with the PSP Directive in their national electronic systems to exercise tax control at a national level.

The Commission’s DG TAXUD, i.e. the Taxation and Customs Union released a memorandum – Guidelines – containing recommendations for interpretation of relevant EU legislation in force.  The Guidelines for the reporting of payment data from payment service providers and transmission to the Central Electronic System of Payment information (CESOP) can be downloaded on Central Electronic System of Payment information (CESOP). This guidance embraces the recommendations of the Guidelines.  In addition, it contains precise instructions to be applied in Finland, including the Åland Islands, and other circumstances that may prevail in Finland. The legal act that transposes and implements the Directive’s provisions contains detailed rules regarding inclusion of the Åland Islands in the provisions of the act that refer to Finland.

A PSP needs to report information on cross-border payments connected with the payment services that the PSP offers in Finland. Submittal must be carried out as set out in § 29, subsection 7 of the Act on assessment procedure for self-assessed taxes.

The Finnish Tax Administration will verify that PSPs comply with the requirements of the Directive in matters related to data storage and reporting.

1.2 Brief overview of the information-reporting requirement

Under § 29, subsection 7 of the Act on assessment procedure for self-assessed taxes, the PSPs in scope must report data on cross-border payments to the Tax Administration, concerning the payment services offered by the PSP in Finland.

In accordance with the provisions of the Act governing the information-reporting requirement (Laki rajat ylittäviä maksuja koskevasta maksupalveluntarjoajien tiedonantovelvollisuudesta (659/2023)), the requirement concerns the PSPs defined in the Act.  ‘PSP’ refers to a payment service provider, i.e. to a payment institution or to a credit institution, that normally needs an authorisation to operate. In addition, ‘PSP’ also refers to an issuer of e-money and to a postal organisation that has a universal service obligation.

Under provisions of the Act, the PSPs in scope have a primary information-reporting requirement with regard to cross-border payment transactions if they offer payment services in Finland.

These PSPs are required to report information to the Tax Administration concerning the payment services they offer in Finland. ‘Payment service’ refers to credit transfer (= bank transfer), direct debiting, card payment by a credit card or debit card, money remittances, electronic wallet services, and to other comparable services.

The information-reporting requirement only concerns cross-border payments in situations where the payer is in one member state and the payee is either in another member state or in a non-EU country. Accordingly, for transactions in which both the payer and the payee are in Finland, no reporting is needed.

The requirement in accordance with the Act only concerns situations where a PSP offers payment services, within one calendar quarter, to one payee and for more than 25 cross-border transactions. The due date for submittal of the information is the end of the calendar month following the month when the calendar quarter ended. Information returns must be submitted electronically through the Ilmoitin.fi website. 

2 Definitions

2.1 Definition of PSP, payment service provider

Party conducting activities referred to in the Act on Payment Institutions

According to the Act governing the information-reporting requirement the meaning of a ‘PSP’ is primarily an entity that needs to have an authorisation referred to in the Act on Payment Institutions (Maksulaitoslaki (297/2010)). Typically, a payment institution is such an entity.

‘Payment institution’ refers to a limited-liability company, co-operative enterprise, limited partnership and general partnership, societas europae and European co-operative entity, as referred to in the Acts governing these forms of incorporated entity, which have an authorisation as defined in this Act to offer payment services (§ 5 of the Act on Payment Institutions).

No payment services can be provided unless an authorisation is issued in one of the EEA countries, as referred to in the Act (§ 6, subsection 1 of the Act on Payment Institutions).  The public authority that issues the authorisations is the Financial Supervisory Authority of Finland (FIN-FSA). In the same way, a payment institution having an authorisation issued by an EEA country is able to offer payment services in Finland if the other relevant requirements defined by law are fulfilled.

The Act on the Operation of Foreign Payment Institutions in Finland (Laki ulkomaisen maksulaitoksen toiminnasta Suomessa (198/2010)) is the Finnish legal statute that contains detailed rules controlling the rights of payment institutions to offer payment services in Finland (§ 6, subsection 2 of the Act on Payment Institutions). Under § 2 of the Act on the Operation of Foreign Payment Institution, a foreign payment institution means a legal person active in the field of payment services to which a similar license, authorisation or permit (§ 6 of the Act) is issued in another country of the European Economic Area. These foreign payment institutions are entitled to offer payment services in Finland with no specific Finnish authorisation as they already have a permit issued by an EEA country.

The Act on Payment Institutions provides for an exemption from authorisation and, under certain conditions, a PSP may offer payment services to its customers without authorisation (§ 7 of the Act on Payment Institutions).  Among the conditions that concern a legal person, it is required that it has conducted payment transactions over the course of the latest 12 months, which do not exceed 3 million euros in average monthly volume, and in the case of a natural person, it is required that he or she has conducted payment transactions over the course of the 12 months not exceeding €50,000 in average monthly volume.  These non-authorised persons are required to submit a notice to the Financial Supervisory Authority (FIN-FSA) in order to be issued an official decision on whether the person is deemed to satisfy the relevant requirements.  However, under the provisions of the Act governing the information-reporting requirement, non-authorised PSPs are in scope of the information-reporting requirement, if the other relevant conditions are also met.

E-money providers referred to in the Act on Payment Institutions

Under § 1 of the Act on Payment Institutions , its provisions on payment services and payment institutions also apply to the issuance of e-money and to the legal person issuing e-money, unless otherwise provided.

The “E-money institution” means a payment institution whose authorisation includes an authorisation to issue e-money (§ 5 of the Act). The issuers of e-money are treated as PSPs and so are their branches, when such branches are located in the EU and their head offices are located outside of the EU, to the extent that the payment services provided by those branches are linked to the issuance of e-money. The reference to “issuers of e-money” covers all PSPs providing payment services through electronic money, such as online e-wallet providers or electronic voucher providers and card providers.

The Act on Payment Institutions lays down several exemptions from authorisation requirements and, under certain conditions, e-money can thus be issued without an authorisation (§ 7a of the Act). The conditions for this include a limitation: the issued amount in circulation cannot exceed €5 million. Examples of relevant operators include PSPs providing e-wallet or e-money services. These non-authorised persons (natural or legal persons) are required to submit a notice to the Financial Supervisory Authority (FIN-FSA) in order to be issued an official decision on whether the person is deemed to satisfy the relevant requirements.  These PSPs, too, are in scope for the information-reporting requirement provided that the other legal requirements are also met.

Party conducting activities referred to in the Act on Credit institutions

In accordance with the Act governing the information-reporting requirement, the meaning of a PSP’ also extends to an entity that needs to have an authorisation referred to in the Act on Credit Institutions (Luottolaitoslaki (610/2014)).

The Finnish legal act that contains detailed rules on the activities of credit institutions is the Act on Credit Institutions. In accordance with the provisions of the Act on Credit Institutions (chapter 2, § 1), credit operations cannot be conducted without an authorisation as set out in the Act. Applicants for an authorisation must submit a request to the Financial Supervisory Authority. After the authorisation is issued, the Financial Supervisory Authority will control the credit institution’s operation. Such operation, as defined by the Act, means a business conducted under appropriate authorisation to receive deposits of money from members of the public, and to issue loans or other financing (chapter 1, § 5 of the Act).

In accordance with the Act on Credit Institutions, an EEA credit institution and a subsidiary of an EEA credit institution can set up a branch in Finland, or otherwise offer its services referred to in Chapter 5, § 1, which are included in its authorisation (Chapter 16, § 1, subsection 1 of the Act on Credit Institutions). Payment services is one of the services referred to in Chapter 5, § 1.

In the same way, credit institutions from non-EEA countries can set up a branch in Finland if the institution is issued an authorisation referred to in the Act on Credit Institutions (chapter 17, § 1 of the Act).

Postal undertaking under the universal service obligation

In reference to the provisions of § 2 of the Act governing the information-reporting requirement, also a postal undertaking subject to an obligation of “universal service” is a PSP.

Under § 2(8) of the Postal Act, a provider of “universal service” means a postal undertaking that is subject to the universal service obligation referred to in the Postal Act. 

2.2 Definition of ‘payment services’

Under the Act governing the information-reporting requirement, recordkeeping and reporting are limited to the payment services defined by law.

According to the Act governing the information-reporting requirement the Payment Services Act (Maksupalvelulaki (290/2010)) lays down that the following business operations are payment services

1. To execute a payment transaction in the form of a credit transfer, a transfer of funds into the service provider’s payment account using direct debit, using a card, or using another instrument or means;
2. To issue payment instruments;
3. To approve a payment transaction, based on an agreement made with the payee, and to process the transaction in such a way that the payee will receive the amount of money;
4. To pursue activities of money remittance (often called ‘money transfer service’).

The Business operations listed in point 1also include execution of transactions where coverage for the transferable funds is based on a credit agreement, where the client is the user of the payment service.

Recordkeeping and information-reporting obligations apply also in cases where the PSP receives funds or payment transactions on behalf of the payee and not only when the PSP transfers funds or issues payment instruments to the payee.

In accordance with the Act governing the information-reporting requirement (Laki rajat ylittäviä maksuja koskevasta maksupalveluntarjoajien tiedonanto­velvollisuudesta (659/2023)), payment transactions in scope include credit transfers, direct debits, card payments by credit and debit cards, money remittances i.e. transfers, and electronic wallet services.

In contrast, the PSPs that provide services linked to operating a payment account, to carrying out cash deposits and withdrawals, linked to bank-statement data concerning various accounts, are outside of the reporting requirement’s scope.

Legal interpretations should be conducted in parallel: when interpreting how ‘payment services’ are defined the interpretation should be combined with how ‘PSP’ is defined. The definition of PSP (in 2.1 above) covers an extensive area and the major part of the payments market. However, it is still necessary to examine this definition in parallel with the definition of ‘payment services’.

Because the information-reporting requirement does not cover all payment services, an institution, company, or corporate entity may be a PSP as defined by the Act but at the same time, it may offer services that fall outside of ‘payment services’ according to the definition found in the Act. These PSPs are out of scope from the information-reporting requirement’s perspective.

Appendix 1 (pdf) contains more detailed descriptions of the participants and the relevant functions, including examples of the information flows connected to the payments for which participants need to report information.

2.3 Definition of ‘payment’

2.3.1 Payments in scope

In accordance with the Act governing the information-reporting requirement (659/2023), definition of ‘payment’ is closely related to the concepts of the Payment Services Act, namely ‘payment transaction’ and ‘money remittance’.

‘Payment transaction’ refers to an action where funds are transferred, withdrawn or made available (§ 8 (3) of the Payment Services Act).

‘Money remittance’, also called money transfer, is a money transmission service where the service provider directly sends on the funds received from the payer, without opening an account for either the payer or the payee, to the payment recipient, and this is the sole purpose of the service. Alternatively, ‘money remittance/transfer’ may be directed to another service provider representing the payee (§ 8 (8) of the Payment Services Act). 

In simple terms, a payment is a transfer of funds from a payer (the initiator) to a payee (the beneficiary). Several PSPs often participate in the execution of payments between a payer and a payee. These PSPs are active in both the sending and the receiving ends of the payment, and they often exchange data and carry out transfers of funds in order to finalise the payment.

2.3.2 What the concept of ‘payment’ does not include

In accordance with the Act governing the information-reporting requirement (659/2023), the actions within the meaning of § 2 and § 3 of the Payment Services Act are not payments. 

Services out of scope, not treated as ‘payments’

Under § 2 of the Payment Services Act, the following services are out of the Act’s scope:

1. Services relating to physical transportation of money;
2. Services where cash is provided by the payee to the payer as part of a payment transaction for the purchase of goods, services, commodities;
3. Services based on specific payment instruments that can be used only in a limited way and meet one of the following conditions:

1. Payment instruments may be used to acquire a good, service or other commodity only in the premises used by the issuer or in a limited network of suppliers of that good pursuant to a contract with the issuer;
2. The payment instruments may only be used for the purchase of highly limited assets; or
3. The payment instruments are offered at the request of an undertaking or body governed by public law, and are valid only in one country of the EEA, European Economic Area, and these instruments are regulated for specific social or tax reasons for the acquisition of certain assets from suppliers who have concluded contracts with the issuer.

The methods listed in (3) are restricted either to specific locations or to specific goods.  Among payment methods with limited use, the most common ones would be “gift vouchers” or “gift cards”, which are bought for a given amount and then allow the holder of the voucher or card to buy the goods and services offered by the issuer of the card/voucher or by the issuer’s partners.  

Consequently, when the payer relies on such a voucher or card in order to make the payment to the payee, the related payment are payments outside of the Act’s scope. However, the payment made by the payer to buy the voucher would be reported if the other relevant requirements are also met, because this is a payment executed by a PSP.

The first payment from the payer to the marketplace (using an in-scope payment method) is a reportable transaction. If the payer returns the purchased good, this results in a refund which is in scope, and a reportable transaction.

The PSP is not to report the issuance of the gift card to the payer, nor the following transactions done by the payer who, using the gift card, now buys goods from a seller.

Other payment transactions out of scope

Under § 3 of the Payment Services Act, the provisions of the Act do not apply on the following transactions:

1. Intermediation of a payment relating to a contract on sale or purchase of goods, services or other commodities negotiated or concluded on behalf of a principal by a commercial representative referred to in the Act on Commercial Representatives and Salesmen (417/1992), when the representative only acts on the behalf of the payer or the payee;
2. Transactions based on paper cheques, paper-based drafts, traveller's cheques, promissory notes or postal money orders drawn on the service provider, with a view to arrange funds for the payee’s disposal;
3. Transactions carried out within a payment or securities settlement system between the service providers and settlement agents, central counterparties, clearing houses or central banks, as well as between other participants of the system;
4. Transactions relating to asset management or redemption/sale of securities, conducted by investment firms, credit institutions, UCITS, fund management companies, alternative investment fund managers that provide an investment service referred in chapter 1, § 15 of the Act on Investment Services (747/2012) as well as persons referred to in (3), or by other undertakings allowed to have the custody of securities; (28 Dec 2017/1087)
5. Various payment transactions and related services between a parent company and its subsidiary, or between subsidiaries of the same parent, if the intermediary belongs to the same group, as referred to in § 5 (8) of the Act on Payment Institutions (297/2010).
6. Transactions charged to the user by a telecommunications operator, referred to in the Information Society Code (917/2014), in the context of its invoicing, based on the use of a communication service when the payment transactions have a value of no more than €50 per single transaction and a cumulative monthly value of no more than €300 per user, when the following are concerned:

1. payment transactions for the purchase of digital content or voice‑based services; or
2. payment transactions performed from or via an electronic device and charged to the related invoice within the framework of a charitable activity, to pay for parking of motor vehicles, or to buy travel tickets, entry tickets, or other similar tickets.

Under (1) above, when one or more than one commercial representatives or salesmen execute payments in their capacity of an intermediary, acting exclusively on the payer’s/payee’s behalf, the transaction is not included in the concept of ‘payment’. In contradistinction with this, when commercial representatives who execute payments are acting on the behalf of both the payer and the payee, the transactions are in scope. This rule is especially important in e-commerce because it implies that online platforms and marketplaces, who hold funds on behalf of their clients, must register as PSPs (either as payment institution or other categories based on the service they provide) and will be in scope of the information-reporting requirement. As such, marketplaces which collect funds from the payer, hold them, and then distribute them to the payee will be having the information-reporting requirement.

Nevertheless, transactions are not included in the scope and are not reportable if they are conducted directly in cash and banknotes from the payer to the payee, if they are deposit and withdrawal transactions of cash, and if cheques and paper-printed vouchers are used.

2.4 Payers

The Act governing the information-reporting requirement references the definition of ‘payer’ in the PSD2, the Payment Services Directive.

The payer is “a natural or legal person who holds a payment account and allows a payment order from that payment account, or, where there is no payment account, a natural or legal person who gives a payment order” (Article 4 (8) of the Directive).

The payer is thus the one whose funds are being transferred in execution of the payment. Although for most of the time, the payer will also be the initiator of the payment, in the case of direct debit, the payee (instead of the payer) initiates the payment, following the authorisation given by the payer in the direct debit mandate.

2.5 Payees

The Act governing the information-reporting requirement references the definition in the PSD2, the Payment Services Directive.

The payee is “a natural or legal person who is the intended recipient of funds which have been the subject of a payment transaction” (Article 4 (9) of the Directive).

The payee is thus the beneficiary of the funds transferred in execution of the payment.

Payment processing often involves a multitude of actors and business models, and it is not uncommon that when funds are being transferred, they are first passed among various PSPs who can retain these funds for a certain period of time before passing the funds on to the payee. These PSPs must not be confused with the payee, because they are not the intended recipient of the payment from the payer but mere intermediaries.

2.6 Definitions of other concepts

Payment accounts

Under the Act governing the information-reporting requirement, a ‘payment account’ is one referred to in the Payment Services Act (Maksupalvelulaki (290/2010)) into which accounting entries can be made in order to execute payment transactions. It may be that a payment account is opened in one single user’s name only, or also in the name of several users of the payment service.

The IBAN 

The provisions of the Act governing the information-reporting requirement refer to the SEPA Regulation and its definition of the International Bank Account Number.

It is an international “payment account number identifier, which unambiguously identifies an individual payment account in a Member State, the elements of which are specified by the International Organisation for Standardisation (ISO)”.

The BIC

As with the IBAN, reference to the SEPA Regulation and its definition is made in the Act’s provisions concerning the BIC.

Accordingly, “BIC means a business identifier code that unambiguously identifies a PSP, the elements of which are specified by the ISO”.

Member state, Finland, third countries

Under the Act governing the information-reporting requirement, ‘member state’ means the territories that belong to the European Union being their member states and where the Union’s law is applicable.

The VAT territory of Finland plus the Province of Åland are included in the definition of ‘Finland’.

Countries, sovereign states and territories where the EU legislation is not applicable are ‘third countries’.

3 Submittal of the information, rules on recordkeeping

Under § 3 of the Act governing the information-reporting requirement, PSPs must submit in electronic format the information regarding the payment services offered in Finland.Reports are submitted as a software file based on the CESOP XML Schema, in the Ilmoitin.fi webservice or through the provided API interface. For more information on the Tax Administration’s e-Service, visit E-file – Take care of your tax matters in MyTax.

The due date for submittal of the information is by the end of the month following the calendar quarter to which the information relates. The reporting obligation is reviewed every quarter. This way, if the PSP executes payment transactions for the same payee during one calendar quarter, and the number of cross-border transactions within the meaning of the Act is higher than 25, the PSP needs to fulfil its information-reporting requirement as determined by the Act. If the PSP executes payment transactions for the same payee during the next calendar quarter, and the quantity 25 at the most, the PSP will have no information-reporting requirement for that calendar quarter. If payments to the same payee exceed the threshold of 25 cross-border transactions during the next quarter, the PSP must again report the information within the meaning of the Act.

No payment transactions are reportable for quarters for which not all the requirements are fullfilled.

The reporting periods are:

• 1st Period (January–March): information must be reported by 30 April.
• 2nd Period (April–June): information must be reported by 31 July.
• 3rd Period (July–September): information must be reported by 31 October.
• 4th Period (October–December): information must be reported by 31 January.

The PSP is expected to store the submitted reports in electronic format for a period of three calendar years from the end of the calendar year of the recorded date of the payment transaction. The requirement to store the records is an additional requirement which means that the Directive does not remove the periods or methods for storage of information laid down in the Finnish Accounting Act or other legislation or rules.

The three-year storage in electronic format, under the Directive’s provisions concerns the data which the PSP has to include in its reporting. Accordingly, if for example the payer’s PSP is relieved from the information-reporting requirement because the payee’s PSP is based in a member state and has the obligation to report the information, no storage obligation is imposed on the payer’s PSP as the purpose of use of the information is only to calculate the threshold of 25 cross-border payments. However, if needed, the PSP being under the information-reporting requirement must be able to prove that it had no reportable information.

4 Obligations related to reporting and storage of data

The information-reporting requirement and the obligation to store the collected data concerns the cross border payment services offered in Finland by the PSP’s (§ 1 and § 3 of the Act governing the information-reporting requirement).

4.1 Limitations to the obligations to report and store the information

In accordance with § 29, subsection 7 of the Act on assessment procedure of self-assessed taxes, and with § 1 of the Act governing the information-reporting requirement, the obligations of reporting and storage only concern cross-border payments.

Under the Act governing the information-reporting requirement, reporting and storage obligations are only relevant if the PSP, executes in Finland for one payer or for one payee, more than 25 cross-border payments per quarter, to a given payee.

The payer’s PSP is relieved from the obligations of reporting and storage relating to a payment transaction that the PSP has offered, in which at least one payee’s PSP, based in a member state, participates (§ 4 of the Act governing the information-reporting requirement). This way, the payer’s PSP is relieved from the information-reporting requirement for a payment transaction that becomes covered by the payee’s PSP’s reporting.

4.1.1 Cross-border payment

4.1.1.1 Payer´s and payee´s location

The information-reporting requirement only concerns cross-border payments/payment transactions. Payment is considered a cross-border payment when the payer is located in a member state and the payee is located in another member state, in a third territory or in a third country. If the payer and the payee are located in the same member state, the payment is not a cross-border payment.

The location of the payer is considered to be in the member state corresponding to the IBAN of the payer’s payment account or any other identifier which unambiguously identifies, and gives the location of the payer. In the absence of such identifiers, the location is considered to be in a member state corresponding the BIC or any other business identifier code that unambiguously identifies, and gives the location of, the payment service provider acting on behalf of the payer.(§ 1 of the Act governing the information-reporting requirement).

The location of the payee is considered to be in the member state, third territory or third country corresponding to the IBAN of the payee’s payment account or any other identifier which unambiguously identifies, and gives the location of the payee. In the absence of such identifiers, the payee’s location is deemed to be the member state indicated by the BIC or by any other business identifier code that unambiguously identifies, and gives the location of, the PSP acting on behalf of the payee (§ 1 of the Act governing the information-reporting requirement).

In other words, the payer and the payee are considered to be located in a member state corresponding to the IBAN of the payment account or if no IBAN is available, other identifier. If the payment account number in the IBAN format does not match another identifier in this respect, the PSP is free to use an identifier that indicates the location most reliably.  For example, there may be an account number in the IBAN format that contradicts with a payee’s street address. If for example the IBAN account number and the address in the country of residence would indicate to different locations, the PSP must use the location corresponding the address to be a better reflection of location and use that identifier instead.

4.1.1.2 Practical examples

Example – Credit transfer/Direct debit – Payer, payee and the PSPs of both are in different member states

If the payer and payee are located in 2 different member states, and both of them use the services of a PSP located in their own member state in order to execute a credit transfer/direct debit, the payer’s and payee’s IBAN account numbers constitute the most important identification information for purposes of determining the locations involved. This way, if the payer’s and payee’s IBANs indicate member states that are different from one another, the payment transaction is treated as being a cross-border payment.

Example – Credit transfer/Direct debit – Payer and payee in one member state

If the payer, payer’s PSP and the payee are in the same member state but the payee has engaged the services of a PSP located in another member state, the location information indicated by the payee’s IBAN would point toward the PSP’s location, not the payee’s location. In that case, the payment transaction between the payer and payee is treated as being a cross-border payment, i.e. in scope.  However, if the PSP has another identifier available for the payee, and this identifier provides reliable proof of the payee being located in the same member state as the payer, the transaction is not cross-border.

Example – Card payment – Payer and payee and both their PSPs are located in different member states

If the payer and payee are located in 2 different member states, and both of them use the services of a PSP located in their respective member state, in order to execute a card payment, the BIN of the payer’s card, and the merchant’s (the payee’s) address constitute the most important identification information for purposes of determining the differing member states of location. For card payments, the BIN and the address information are the most important identifiers. The BIN (Bank Identification Number) is an identifier composed of the 6 leading digits of credit card numbers, also applicable to bank cards, debit cards, and prepaid cards.  The transaction in this example is a cross-border payment.

Example – Card payment – Payer and payee in one member state

In this situation, the payer and the payee are both located in one member state, but the payee has engaged the services of a PSP in another member state to execute a card payment.

Given that both the BIN range and the merchant identifier or address will refer to the actual position of the payee, the payment will be considered as a national payment and will not be reported.

Example – Card payment – Issuer and payer in different member states

In this situation, the payer and the payee are located in different member states while both the payer and the payee’s PSPs are located in the same member state. If the payer uses the services of a card issuer in the member state of the payee, in order to execute a card payment, the location should be determined on the basis of the BIN – indicating where the card was issued – instead of determining the location on the basis of the issuer’s location. Because the BIN range indicates that the payer is located in member state different from the payee’s member state, the transaction is treated as being a cross-border payment.

Example – e-money/marketplace – Payer and payee in different member states

In a situation where the payer and payee are located in different member states, the party that looks into the relevant identifiers to determine the payer’s and payee’s locations is the issuer of e-money or the marketplace. Because it is revealed that the payer’s and the payee’s member states are different, the payment is a cross-border payment. The various institutions that issue e-money, as well as marketplaces, can have a multitude of identifiers and data to locate the payer and payee (account number in the IBAN format, card BIN, own identifier and address taken during registration). They can freely choose to use the identifier, which most reliably reflects the actual location of the payer or payee.

Example – e-money/marketplace – Payer and payee in one member state

When the payer and payee are in the same member state and they have engaged the services of an issuer of e-money or of a marketplace for executing a payment transaction, the PSP will locate the payer and the payee using the identifiers at his disposal, which should indicate the real location of the payer and the payee. The payment in this example is a national payment, as the identifiers will indicate.

Example – Money remittance – Payer and payee in one member state

In this situation, the payer and the payee are located in the same member state but are using money remittance institutions in different member states to perform a money remittance.

Because money remittance (=money transfer) is a form of payment facilitating the transfer of funds without the payee having to hold a payment account, the way to locate the payer and the payee is to look into the BIC codes of the money remittance institutions, of both the payer and the payee. Because in this example, both institutions are located in different member states, this payment should be considered cross-border, even though the payer and the payee are located in the same member state.

4.2 More than 25 cross-border payments in a calendar quarter

4.2.1 How to determine whether the threshold is reached

The information-reporting requirement will only be relevant if the PSP executes in Finland for a payer or for a payee more than 25 cross-border payments per quarter to the same payee.

Every PSP needs to determine whether the threshold is reached. Accordingly, in the case group of companies, every company of the group is expected to calculate whether the threshold is reached regarding the cross-border payment services it has offered.

If a PSP did not execute more than 25 cross-border payments to the same payee in one quarter, it will not have to report any data on that payee. On the other hand, if the threshold is reached, the PSP will have to report all transactions to the payee, and not only the transactions exceeding the threshold.

The number of cross-border payments is calculated per payee, per PSP and per member state. This way, the calculation has to be done regarding the payment services provided per member state. If the PSP is located in multiple member states, every branch office will need to perform a separate calculation. The payment transactions must not be aggregated for example regarding the group of companies If there are more than 25 reportable cross-border payments, it means that all the payee-received payments are to be reported to the Tax Administration. This way, if 200 separate payment transactions, for example, have been made to the payee’s IBAN account over the course of a calendar quarter, the count exceeds 25 per quarter i.e. the threshold, so all the 200 transactions are to be reported to the Tax Administration.

If the PSP knows that a transaction is a refund, it must not be included in the calculation of the threshold. No importance is attached to whether the refund is related to the same quarter as the original payment or to the quarter following the quarter when original payment was made.

4.2.2 Counting the cross-border payments per identifier

The basic rule is that the number of cross-border payments for a payee should be calculated using the identifier of the payee referred to in Act. This means that , PSPs of both the payer and the payee will, have to take into consideration all cross-border payments made for example to a single IBAN to calculate the total. If there are more than 25 cross-border payments, then all the payments executed to that IBAN over the quarter will have to be reported.

4.2.3 Counting the cross-border payments per payee

If it is known to the PSP that several identifiers refer to the same payee, the cross-border payments have to be aggregated i.e. counted per payee.

It is not uncommon that payers use for example many different payment methods, which can be linked to different identifiers (for example an IBAN for credit transfer, a merchant ID for card payment and an e-money account). In this case, the PSPs must consider the two payment accounts as one for the purpose of comparison to the threshold and include all payments to both the accounts in their calculation.

PSPs must, using the information available to them, always try to identify whether two payment accounts are actually linked to the same payee.

Payment accounts must be aggregated for calculation in situations where an individual or a company has several accounts. On the opposite, no aggregation should take place when the owners of the payment accounts are different entities, even if linked between themselves, e.g in a group pf companies.

In the specific case where an account is held by two or more holders, the payee shall be considered as being all the holders put together. This implies that if one of the holders also has another payment account, the aggregation should not take place unless all the holders of both accounts are the same.

In general, PSPs are expected to make use of all the information available to them in order to determine whether a set of payment accounts actually is held by the same payee.

Examples of the information being available include the reportable information itself. Accordingly, PSPs should look into the following facts and information they have collected:

1. The VAT Number: This data element can be a strong hint that the payees between two payment accounts are actually a single entity. Consequently, when PSPs can determine that the payees of two payment accounts share the same VAT number, it is very likely that these payees are a single entity.
2. Name: The name of the payee can also help identify that it is the same entity. Although it can be subject to mistake, and companies could switch between their legal and business name, it remains an indicator that two payees might be a single entity. Especially if coupled with the address or other information available to the PSP.
3. Address: The address is often an important data element when payment accounts are aggregated, especially when address information is combined with other available information.
4. Other information: In general, the PSPs are free to use any facts and information at their disposal in order to aggregate payment accounts. Examples include business identification numbers, IP addresses, e-mail addresses, contracts.

4.3 PSPs in scope of the information-reporting requirement

4.3.1 The basic rule

The PSPs having the information-reporting requirement must report to the Tax Administration the required information on cross-border payments that are related to the PSP’s payment services offered in Finland.

The Directive does not create a limit regarding the number of PSPs that should report the transaction, meaning that if, based on their business model, more than one PSP participates in the payment from the payee’s side, then all the PSPs of the payee will be responsible to report the same payment.

4.3.2 Payee’s PSP is located in another member state

Certain limitations are set out for the PSPs’ recordkeeping and reporting requirements under the provisions of § 4 of the Act governing the information-reporting requirement.  If at least one of the payee’s PSPs is located in an EU member state, the payer’s PSP's information-reporting requirement is limited. When the payee’s PSP is located in an EU member state, that PSP will be solely responsible for reporting. In these circumstances, the payer’s PSP is relieved from the information-reporting requirement for a payment transaction that becomes covered by the payee’s PSP’s reporting.

The country of location of a PSP is the country indicated by the PSP’s BIC code or comparable identification code (§ 4 of the Act).

Although the Act sets out a limit to the payer’s PSP’s recordkeeping and information-reporting requirements when the payee’s PSP is located in an EU member state, it is still necessary for the payer’s PSP to include these transactions in the counting toward the threshold (25) of cross-border payments.

The payer’s PSP does not have to keep and report data regarding the payee if at least one PSP of the payee is located in a member state. Instead, it is only when there are no PSPs of the payee located in a Member State that the payer’s PSP will have to keep and report data.

4.3.3 Payee's PSP is located in a third country

In the specific situation where the payer’s PSP offers payment services in an EU member state while the payee’s PSP is located in a third country or territory, outside of the European Union, the party responsible for reporting will be the payer’s PSP.

5 Data to be submitted, data subjected to recordkeeping.

PSPs are required to submit and keep the data that can be used for identifying PSPs concerned by the information-reporting requirement. Moreover, PSPs are required to submit data to identify the payee and data concerning the payment transactions the payee has received.

Under § 5 of the Act governing the information-reporting requirement, PSPs need to submit and keep records of the following data:

1. The BIC or other identifier that unambiguously identifies the reporting PSP;
2. Name or business name of the payee, as it appears in the PSP’s records;
3. If available, any VAT identification number or other national tax number of the payee;
4. The IBAN or, if the IBAN is not available, any other identifier which unambiguously identifies, and gives the location of, the payee;
5. The BIC or any other business identifier code that unambiguously identifies and gives the location of the PSP acting on behalf of the payee where the payee receives funds without having any payment account;
6. If available, the address of the payee as it appears in the PSP’s records;
7. The details of cross-border payments referred to in § 1;
8. The details of any payment refunds identified as relating to the cross-border payments referred to in § 1.

“Details” in (7) and (8) above are:

1. Date and time of the payment, or the date and time of the payment refund;
2. The amount and the currency of the payment or of the payment refund;
3. The Member State of origin of the payment received by or on behalf of the payee, the Member State of destination of the refund, as appropriate, and the information used to determine the origin or the destination of the payment or of the payment refund in accordance with § 1, subsections 3 and 4;
4. Any reference which unambiguously identifies the payment;
5. Where applicable, information that the payment is initiated at the physical premises of the merchant.

One of the details to be submitted and kept is the BIC or other identifier that unambiguously identifies the PSP, as laid down in § 1(1). This identifier must give the Finnish Tax Administration the facility to identify the PSP unambiguously and accurately. Some PSPs use a shared BIC due to multiple PSPs’ participation in a corporation, consortium or other joint venture. In these circumstances, every PSP in scope must be identified by their specific business identification code (Business ID), not by the shared BIC.

As for the items referred to above in (3) and (6), the PSP is always expected to provide them if the PSP has knowledge of them.

6 Neglecting recordkeeping or neglecting the information-reporting requirement

The negligence penalty charge under § 22a of the Act on assessment procedure can be imposed if the requirements are neglected. If it appears evident that a PSP neglects its legal obligation to keep the data and to submit reports, it is possible to impose a penalty charge for negligence on the PSP. For more information, see the Tax Administration’s guide  Penalty charges for neglect of a third-party in the case of cross-border payments reportable by a PSP.

Under § 26, subsection 2 of the Prepayment Act (Ennakkoperintälaki (1118/1996)), the Tax Administration can remove a taxpayer from the prepayment register or refuse the registration due to non-payment of taxes, failure to file tax returns, or negligence of accounting, recordkeeping or other obligations.

7 Administrative processes to verify PSPs’ compliance with recordkeeping and reporting rules

On request of the Tax Administration, the PSPs in scope must give further details, necessary for the fulfilment of the legally required administrative mission that concerns the Tax Administration (§ 19, Act on assessment procedure and § 30, Act on assessment procedure for self-assessed taxes), and additionally present all documents that are needed  to verify that the reporting and processes of the PSP are correct (§ 23, Act on assessment procedure; § 8 and § 31, Act on assessment procedure for self-assessed taxes, § 3, Decree on Assessment Procedure). It is required of the PSPs that they provide information  to the Tax Administration notwithstanding confidentiality rules and other restrictions that may concern the provision of information (§ 22, Act on Assessment Procedure).