Trade over the internet, or e-commerce, has become an integral part of our daily lives. The supply of products on the Internet continues to grow as does the group of people who know their way around the Internet. Technical innovations contribute to this as it becomes easier and easier for suppliers and consumers to find each other on the World Wide Web and to pay faster and more securely online.[1] The internet itself hardly allows itself to be limited by physical national borders and it is therefore also obvious that the number of cross-border transactions over the internet will continue to increase.

In cross-border transactions, the question does still arise in which country and to whom value added tax (VAT) should be levied. In the case of e-commerce, which falls under the category of 'distance sales' within the meaning of Section 5a of the Turnover Tax Act 1968 (Wet OB), among others, this is no different. For even though, according to the Treaty on the Functioning of the European Union (TFEU), an 'internal market' means an area without internal borders, the 'fiscal borders' are still there.[2]

With the increase in distance selling, which includes cross-border e-commerce, the likelihood of VAT fraud also increases. VAT fraud occurs when the taxpayer deliberately fails to remit the VAT due to the Member State to which it belongs. Fraud is made easier by, among other things, the lack of border controls and the lack of enforcement powers of investigating authorities in Member States other than one's own.

The damage caused to EU member states by VAT fraud is still substantial. The annual report of the European Public Prosecutor's Office (EPPO), published on 1 March 2024, found that last year there were 339 investigations into serious, cross-border VAT fraud, with an estimated damage to the EU budget of €11.5 billion.[3]

According to the State Secretary for Finance, the risk of damage to the Netherlands is still limited. In his letter to the House of Representatives dated 14 March 2024[4] he wrote that the VAT compliance gap was estimated at €100 million in 2021 in the Netherlands. The VAT compliance gap refers to the difference between the tax revenues that would be generated in full compliance with laws and regulations and the actual revenues. Despite this gap being low in the Netherlands, relatively the lowest in Europe, the State Secretary recognises that it remains a joint EU task to reduce this gap back.[5]

Reducing the VAT compliance gap is no easy task. One of the causes of the VAT compliance gap is VAT fraud. VAT fraud results in VAT due not being remitted but instead being pushed back and channelled to other (foreign) accounts or withdrawn, making it difficult for the authorities to get their hands on it in time. VAT fraudsters acting for profit always know how to adapt to changing circumstances. For example, when it comes to regulation and supervision. As with other forms of (international) VAT fraud, it is time-consuming to match invoices (falsified or not) with the underlying goods (delivered or not). Once fraud is uncovered, either the perpetrators have flown or no assets can be found.

• 1.2. Main question & subquestions

To better combat VAT fraud in the case of e-commerce, authorities therefore want to monitor actual payment transactions more intensively. This is why PSP-CESOP was created. PSP-CESOP is another name of a European Union Directive[6] and is an abbreviation of Payment Service Providers-Central Electronic System of Payment information. This directive has been implemented since 1 January 2024 in section 39a and onwards of the Turnover Tax Act.

Under PSP-CESOP, payment service providers are required to share payment data of cross-border transactions with the tax authorities under certain conditions. The idea behind this is to track actual cash flows and identify mismatches with invoices and movements of goods.

The data collected is recorded in a central database managed by the European Union (EU) (CESOP). The EU (through Eurofisc[7], see below under §2.3) conducts analyses on these data and, on that basis, provides signals for further assessment to national tax authorities.

Under Section 39b(3) of the OB Act, the obligation applies when a payment service provider provides payment services involving more than 25 cross-border payments to the same payee during a calendar quarter. It is a strict regime. If a payment service provider fails to comply with this obligation, it risks a fine of the sixth category referred to in section 23(4) of the Criminal Code (Sr), or a maximum of €1,030,000, -, quarterly. Moreover, that fine can also be imposed if a payment service provider provides data relating to fewer than 26 cross-border payments to the same payee during a calendar quarter.

According to the explanatory memorandum (MoU) to the legislative amendment to the Turnover Tax Act in connection with the implementation of the Directive, the rationale behind this threshold is that the registration obligation aims to establish economic activity.[8] After all, VAT is an indirect user tax levied on entrepreneurs and businesses. Cross-border transfers of payments made for private (non-commercial) reasons should -on pain of a fine- be excluded from this registration requirement, and this would be achieved by setting the condition of a minimum of 25 cross-border payments to the same beneficiary.

The threshold is partly designed to monitor the economic activities of entrepreneurs who are subject to turnover tax under the tax legislation. It is assumed that consumers generally do not make or receive 25 cross-border payments per quarter, so their privacy, including payment behaviour, should be protected as much as possible. The question arises as to what this threshold means for combating VAT fraud. In the following sections, I will attempt to answer the following main question:

 

Does the CESOP directive leave no more room for VAT fraudsters?

 

Before coming to an answer to the main question and a conclusion, I will formulate in it an answer to the following sub-questions:

1. What can be understood as VAT fraud?
2. Why is cross-border e-commerce prone to VAT fraud?
3. What is the role of payment service provider in the case of e-commerce?
4. What is the thinking behind CESOP and how does it work?
5. What does the threshold of Section 39b(3) of the OB Act mean?

• 1.3. Relevance and objective

Social relevance

The topic is socially relevant because e-commerce is increasing and with it the risk of VAT fraud. It is simply more difficult to check whether the entrepreneur has fulfilled his tax obligations when making cross-border payments than when making national payments. Whether or not a country has a large VAT compliance gap, it is in everyone's interest to make it as small as possible. Not only to increase revenue for the exchequer, but also to counter unfair competition and reduce money laundering risks. Fighting fraud is also important to keep tax morale as high as possible.

Another relevant point is that non-entrepreneurs are also affected by the law. If private consumers receive more than 25 cross-border payments per quarter through a payment service provider, or make more than 25 payments to a single payee, their data may be registered, which may call into question the fundamental right to respect for private life and protection of personal data as referred to in Articles 7 and 8 of the Charter of Fundamental Rights of the European Union. Other questions that arise in this context relate, for example, to the retention obligation of this data and the question of what exactly happens to the data that see less than 25 cross-border payments per quarter.

Scientific relevance

If the intention of the scheme is to combat VAT fraud, an examination of whether the scheme leaves room for VAT fraudsters, or efficiency, due to privacy safeguards is in order. Especially since PSPs are saddled with huge administrative obligations under penalty of high fines.

• 1.4. Delimitation and assessment framework

VAT fraud is a broad concept and can take place in many ways. Most well-known is VAT carousel fraud involving the abuse of zero-rating transactions and in services of reverse charge schemes for B2B transactions. Other forms are also conceivable such as import fraud, which involves incorrect goods descriptions or undervaluation of the shipment. VAT fraud in its most basic form is perhaps achieving 'black sales'.

In what follows, however, I will limit myself to VAT fraud in e-commerce and more specifically in relation to distance sales. This is in light of the CESOP Directive, which seeks to combat precisely this type of fraud by imposing registration obligations on payment service providers.

CESOP has only come into force since 1 January last and PSPs are required to have shared their registers with EU officials for the first time by the end of April 2024. Whether this obligation will actually lead to a narrowing of the VAT compliance gap cannot be said at present. To answer the aforementioned main question, the following will examine whether the now-implemented directive leaves room for VAT fraud that is not reported because of the threshold mentioned in Section 39b of the Turnover Tax Act.

• 1.5. Methodological justification

This is a qualitative study in the form of legal-dogmatic literature review. As sources I mainly used: the VAT Act, EU Directives, parliamentary documents, annual reports, opinions, explanatory notes and literature. The search terms used were mainly: VAT fraud, distance sales and CESOP. In all these documents, I searched for answers to the question whether the current wordings do not leave too much room for VAT fraudsters. As the directive was only implemented in January and the first quarterly investigations are still ongoing, there is no case law on this point yet. A search within the literature on the main question did not yield any results.

• 1.6. Reading guide

In the second chapter, I will explain what is meant by VAT fraud (§ 2.1.) and why the current charging system for distance sales is susceptible to fraud (§ 2.2). I will then address the role of payment service providers in the case of distance sales (§ 2.3) and the thrust of the new (CESOP) directive (§ 2.4). I then turn to the threshold of Section 39b(3) of the OB Act, which imposes a registration obligation on payment service providers from 26 payments per payee per quarter (§ 2.5). In chapter 3, I will try to answer the main question whether the threshold referred to in section 39b(3) Ob Act still leaves room for VAT fraudsters. Following this, I will conclude with a conclusion.

 Chapter 2

• 2.1. What is meant by VAT fraud

Europol defines VAT fraud as follows:

"VAT fraud is a highly complex form of tax fraud that relies on the abuse of the VAT rules for cross-border transactions. VAT fraudsters generate billions of euros in profits by avoiding the payment of VAT or by fraudulently claiming repayments of VAT from national authorities."[9]

VAT fraud as such is not in the criminal code. Fraud is also a catch-all term that can include all kinds of criminal acts. Examples include fraud, forgery and embezzlement. In the case of VAT fraud, it will specifically involve submitting incorrect tax returns, preparing false invoices or not providing requested information to the tax authorities. This is also referred to as 'vertical fraud'. Unlike 'horizontal fraud', when citizens defraud each other, vertical fraud involves deliberately harming the government through criminal conduct. The result of VAT fraud is that too much VAT is recovered or too little is remitted. The resulting financial benefit is often unrecoverable by the authorities because it has been siphoned off or converted into other assets. These acts usually qualify as acts of embezzlement or money laundering.

For there to be fraud, however, it is important that the fraudster acted intentionally. Not every form of non-compliant behaviour is punishable. If, for example due to the complexity of the legislation, an incorrect return was unintentionally filed, resulting in underpayment of VAT or recovery of too much, this does not constitute fraud. Section 69 of the General Act on State Taxes (AWR) therefore mentions the component 'intentionally' in so many words.

In the following, VAT fraud refers to deliberate deception of the tax authorities through which a financial benefit is obtained by the fraudster.

• 2.2. Why is cross-border e-commerce prone to VAT fraud?

To understand its susceptibility to fraud, I first outline the main features of VAT regulations in the case of e-commerce (distance sales).

Unlike more traditional trade in which the consumer himself takes care of the transport of an object or service purchased abroad, e-commerce is partly characterised by the supplier taking care of the transport (or mail) and bearing the cost of transport. The purchased good is, as it were, delivered to the destination country where usually the use or consumption will also take place.

European e-commerce rules have been adapted accordingly, by making the supply taxable only in the country where the goods arrive. Not only does this do justice to the principle that VAT is levied in the country where the goods are consumed, it also prevents unfair competition by removing the temptation for consumers to shop over the internet in the country with the lowest VAT rate. [10]

In the case of an EU distance sale, the supplier can then fulfil its VAT obligations in several ways. He can register as a trader in the destination country or appoint a tax representative there to fulfil his obligations in his place. As a rule, the supplier will use the 'union scheme' referred to in sections 28s to 28sh of the Act. This concerns the so-called 'one-stop shop' system' (OSS, or one-stop shop) for EU distance sales, among other things. To this end, a supplier can then register as such in its home country, file the OSS declaration in the portal of its local tax authority and pay the foreign VAT due to its local tax authority. The latter will pass on the VAT paid to the tax authority of the private customer's country.

To qualify for the application of the EU distance selling scheme, the following conditions must be met (since 1 July 2021) under Art. 2a(1)(w) and Art. 5a of the Act in conjunction with Art. 14(4)(1) and Art. 33(a) of the VAT Directive:

• The buyer is an individual or its equivalent (B2C);
• The goods are transported and are not new vehicles, antiques, etc;
• Transport shall be at the supplier's expense;
• The annual turnover (in current or previous calendar year) achieved by the supplier from cross-border services and supplies exceeds a threshold amount of €10,000, -.[11]

These conditions are cumulative. If any of the conditions are not met, the supplies remain taxable in the country of departure. Since VAT rates are still different in Europe, fraudsters could target this. If the VAT rate in the country of departure is lower than in the country of arrival, there may be advantages in keeping the turnover below the €10,000, - limit. A supplier from, say, Malta would prefer to sell its products to a Hungarian customer at the local 18% rate rather than the Hungarian 27% rate for competitive reasons alone. If the turnover is actually below €10,000, there is no fraud. It becomes different if papers or figures are tampered with.

In my estimation, it will just not be that easy for a slightly well-run business to stay under the €10,000 threshold, as the threshold applies to all EU distance sales throughout the EU. Moreover, the money that would then be saved will not outweigh the cost of setting up a new legal entity for every €10,000 the entrepreneur turns over including intra-community supplies and services, or the impact of the possible penalties.

VAT fraud is more likely to be committed if a deliberate failure to file a tax return or, for example, a tax representative is not appointed. It is also possible that incorrect OSS returns are filed or that a national return is deliberately filed only applying the (lower) local rate, whereas an OSS return should have been filed stating the VAT rate of the buyer's country. Sometimes, OSS declaration is even omitted altogether.[12] This always results in no or an incorrect amount being declared to OSS, resulting in no or too little VAT being paid through OSS and therefore no or too little VAT being passed on to the Member State where the consumer made the purchase. This even though the consumer has paid his VAT to the in internet seller. Once the fraud is discovered, the unredeemed VAT is usually not in the account and the company is otherwise also an empty shell. Partly because the transactions were entered into with private individuals, it is very difficult to check the accuracy of the VAT return. Internet sellers, for example, are not obliged to issue an invoice to consumers, who in turn have no accounting obligations. The lack of border controls also already makes it impossible to track the physical movement of goods. If the ''paper trail' and the 'goods trail' offer insufficient relief, the 'money trail' left as an alternative. The money trail in internet commerce is largely through payment service providers, or Payment Service Providers (PSPs).

The current system is therefore susceptible to fraud because VAT fraud in the form of incorrect returns in OSS, partly because of its cross-border nature, comes to light too late for tax authorities before they can take adequate action. As OSS is mainly used by suppliers who want to be compliant, non-registration poses the biggest threat. This explains the need to track payment flows.

• 2.3. What is the role of payment service provider in the case of e-commerce?

First, the question to be answered is what exactly a payment service provider or a PSP is. According to Article 39a, the term 'payment service provider' is defined in Article 1(1)(a) to (d) of Directive 2015/2366/EU (PSD2). Briefly, it includes the following institutions:

• Credit institutions, or companies whose business is to collect deposits or other repayable funds from the public and grant credit for their own account, or banks and credit card companies.
• Electronic money institutions, or a legal entity licensed to issue electronic money (a monetary value stored electronically or magnetically), e.g. e-wallets and e-vouchers (pre-paid cards)
• Postal cheque and giro services authorised under national law to provide payment services.
• Payment institutions, or a non-banking party that can independently offer payment services to end users without being a bank. For example

To get funds from the payer to the payee, the following flows can be distinguished in all payments:[13]

• Service flow: This flow refers to the various services offered to securitise payments. An example is the service from the bank to the payer, but also from the clearing house (which performs a buffer function) to the PSPs.
• Money flow: In payments, money does not go directly from payer to payee, but is first transferred to intermediaries (e.g. banks among themselves).
• Information flow: This refers to the exchange of information to authorise, process and execute the transaction. This flow contains the (most) information relevant to CESOP about the payer and payee.
• Settlement information flow: This flow is not part of the payment between the payer and the payee and only relates to the flow between PSPs and or clearing houses for settlement of (balance) payments between PSPs.

For the definition of a payment, the Directive follows the definition of a 'payment transaction' under the PSD2.[14] In the European Commission's guidance[15] distinguish six categories of payments covered by CESOP obligations:

1. Credit transfers
2. Direct debits
3. Money transfer (transferring amounts without direct consideration)
4. Card Payment
5. Electronic money (electronic Money)
6. Market places and intermediaries collecting funds in their own names (Market places and intermediaries collecting funds in their own names)

Payment service providers thus enable electronic payments (over the internet). This therefore does not involve cash. A growing part of this is cross-border.

According to the state finance minister, it is impossible to estimate how many payments are made through Payment Service Providers.

"Across the EU, we are talking about billions of transactions per year. To illustrate: based on figures from the Dutch Payments Association, there will have been 1.14 billion iDeal and 129 million credit card transactions in the Netherlands in 2021."[16]

Within the EU, PSPs must have a licence issued by the regulator in the PSP's EU country of establishment. For PSPs based in the Netherlands, the regulator is De Nederlandsche Bank (DNB). As of mid-October 2023, 68 PSPs had a DNB licence and nine PSPs also had a foreign licence.[17] Well-known(er) examples of PSPs are: Adyen, Mollie, Buckaroo and Paypal.

For a clean and incorruptible financial sector, a banking licence is essential. Electronic payments also have a downside. In the first and second National Risk Assessments, which the Netherlands also has to prepare under the Prevention of Money Laundering and Terrorist Financing Act, 'money laundering via payment service providers' was one of the biggest threats.[18]

Despite the monitoring of PSPs, these risks will remain. These risks will not lead to abandoning the use of PSPs. Quite the contrary. As it is described in the preamble to PSD2 under point 5:

"The continued development of an integrated single market for secure electronic payments is essential to support the growth of the Union's economy and to ensure that consumers, merchants and businesses enjoy choice and transparency with regard to payment services so that they can take full advantage of the single market."

Thus, the benefits of the single market and smooth payment systems outweigh the risks of fraud and money laundering. However, the European Council did come to the realisation that payments made through PSPs should be better monitored. This has led to the implementation of CESOP.

• 2.4. The idea behind the CESOP and how it works

CESOP is not the first Directive that deals with the monitoring of electronic payments by tax authorities. Since 1 January 2024, a reporting obligation is also in force that applies to platform operators, such as Airbnb, marketplace or Booking. The reporting obligation stems from Directive (EU) 2021/514 (DAC7), which amends Directive 2011/16/EU on administrative cooperation in the field of taxation.

DAC7 requires platform operators to pass on information to the tax authorities about (legal) persons who use the platform and perform activities there. This includes, for example, individuals who sell a lot via www.marktplaats.nl. From last January, in this case Marktplaats is obliged to pass on identifying data as well as the number of transactions carried out and turnover to the tax authorities.

A seller on marketplaces is not necessarily subject to VAT, for example because he is not an entrepreneur within the meaning of the OB Act. In this context, it is important to note that very many transactions are carried out off platforms and take place directly between buyer and supplier. Currently, no system with suitable data exists to effectively identify fraud signals for e-commerce and distance sales at an early stage.[19] Even though the OSS is mainly used by entrepreneurs who are in the picture with the tax authorities and want to be compliant, the OSS system also leaves unaffected the possibility of VAT not being remitted and the tax authorities being late on this.

The CESOP system is intended to track the 'money trail' for the purpose of combating VAT fraud. Section 39b(1) of the VAT Act therefore requires payment service providers to keep sufficiently accurate records of payees and payments relating to payment services they provide for each calendar quarter. In particular, this involves keeping records of cross-border payments (paragraph 2). Under Section 39d of the OB Act, the records must contain the following information:

1. the BIC or any other business identifier that unambiguously identifies the payment service provider;
2. the name or business name of the payee as it appears in the records of the payment service provider;
3. if available, a VAT identification number or other national tax number of the beneficiary;
4. the IBAN or, if no IBAN is available, any other identifier that unambiguously identifies the payee and gives the location of the payee;
5. the BIC or other business identifier that unambiguously identifies the payment service provider acting on behalf of the payee and gives the location of the payee's payment service provider, if the payee receives funds without having a payment account;
6. if available, the address of the payee as it appears in the records of the payment service provider;
7. the details of any cross-border payments;
8. the details of any refunds identified as related to the cross-border payments.

Paragraph 2 of Section 39d of the OB Act reads:

The information referred to in paragraph 1(g) and (h) shall include the following details:

1. the date and time of the payment or refund;
2. The amount and currency of the payment or refund;
3. the Member State of origin of the payment received by the beneficiary or on his behalf, the Member State of destination of the reimbursement, as appropriate, and the information used to determine the origin of the destination of the payment or reimbursement in accordance witharticle 39c adopt;
4. all references that unambiguously identify the payment;
5. where applicable, information showing that the payment was initiated at the merchant's physical location.

These data thus serve to identify the payee of these payments. As mentioned above, the payment service provider can distil this information from the exchange of information when authorising, processing and executing payment orders.[20] This information shared with the Central Electronic System of Payement information (CESOP) will be accessible to officials in charge of administrative tax supervision through the Eurofisc network.

Eurofisc has been around for some time and is legally regulated by a revision of EU Regulation 904/2010, ch. X. It is a successor to the European Carousel Network (Eurocanet), a network in which fraud units of member states mainly exchanged data on carousel fraud.[21] As some member states had doubts about the legal basis for Eurocanet, it was decided to regulate this form of information exchange in a European regulation. This led to the creation of Eurofisc. Participation is on a voluntary basis, where, based on the regulation, the rule of reciprocity does apply. This means that member states using Eurofisc information are expected to also provide relevant information to other member states.[22]

Before CESOP, an administrative system had already been set up at European level in which intra-Community supplies were entered by VAT number between VAT traders. In order to make checks of VAT returns conclusive, one of the requirements is what is known as matching VAT returns and declarations of intra-Community supplies in the VAT Information Exchange System (VIES). The matching produces many discrepancies and, as a result, matching contributes little to fraud detection.[23]

CESOP enables Eurofisc to record actual payment flows and identifying data such as name, address, account number and VAT identification number[24], so that they can be compared by fraud experts with the VAT quarterly returns. If it turns out that more money crossed the border than was declared to the tax authorities, it may be an indication that the shipment was undervalued or that turnover and VAT due on it were not declared. It is also easier to find out whether the recipient of an amount of money actually paid VAT

• 2.5. What does the restriction of Section 39b(3) of the OB Act mean?

According to Section 39b of the OB Act, the registration obligation applies from the moment the number of 25 cross-border payments to the same beneficiary is exceeded. According to the explanatory memorandum (MoU), the rationale behind this threshold is that the registration obligation aims to establish economic activity. Cross-border transfers of funds made for private (non-commercial) reasons are not relevant for the OB Act and should be excluded from this registration requirement. This would be achieved by setting a minimum of 25 payments. If a payment service provider makes more than 25 cross-border payments to the same payee in the quarter, the payment service provider should include all payments to that payee in the register.[25]

According to Article 39(4) of the Turnover Tax Act ((Art. 243b(2) Directive (EU) 2020/284)), these are payment services provided by Member State and by identification code. This can also be an IBAN of the payment account but also another identifier as long as it unambiguously identifies the payee and gives the location of the payee. Thus, if the payment service provider has information that the payee has multiple identification codes, the calculation of the number of payments is made per payee. So it does not necessarily help the payee to make transactions with multiple identification codes in order to stay below the threshold and thus under the radar of the tax authorities. This will depend on the information on the payee available to the payment service provider.

Article 7 of the preamble to Directive (EU) 2020/284 amending Directive 2006/112/EC reiterates that these are payments per payee and therefore there should be no double counting if one payment results in multiple transfers of funds between payment service providers. The article phrased it as follows:

"A single payment from a payer to a payee may involve multiple payment service providers. That single payment may result in multiple transfers of funds between different payment service providers. It is necessary that all payment service providers involved in a given payment, subject to specific exclusions, have a record keeping and reporting obligation. These records and reports should include information on the payment from the initial payer to the final payee, and not on intermediate transfers of funds between payment service providers."

The (EU) legislator has thus elaborated that there is absolutely no intention to keep records of beneficiaries who receive less than 26 cross-border payments per quarter through payment service providers. These beneficiaries are deemed not to be liable for VAT. Indeed, Under Section 41 of the VAT Act, the payment service provider risks a high fine if it provides data relating to fewer than 26 cross-border payments to the same beneficiary.

The EU legislator is so careful with this because it also needs to safeguard other fundamental rights. Under the principles of subsidiarity and proportionality set out in Art 5 European Union Treaty, the measures should not go beyond what is necessary to achieve the law's objective of combating VAT fraud.[26]Article 13 of the preamble therefore reads as follows:

"This Directive respects fundamental rights and observes the principles recognised by the Charter of Fundamental Rights of the European Union, in particular the right to the protection of personal data. Information on payments retained and provided in accordance with this Directive may only be used by anti-fraud specialists of tax authorities within the limits of what is proportionate and necessary to achieve the objective of this Directive, namely the fight against VAT fraud. This directive also respects the requirements of Regulation (EU) 2016/679 and Regulation (EU) 2018/1725 of the European Parliament and the Council. "

Before implementing the directive, the Council of State (RvS) considered the bill[27]. The RvS does not object to the threshold of 25 payments.

However, the RvS does raise some questions, including on privacy risks and data retention, partly in relation to the principles of data minimisation and storage limitation. After all, the Personal Data Authority (AP) oversees data protection law, even if it is implementing a European Directive.

The state finance minister replied:

"In line with the AVG, it is important that information is only retained and provided by payment service providers to the extent that it is proportionate and limited to what is necessary to prevent VAT fraud. Payment service providers are therefore not allowed to provide payment information below the threshold of (more than) 25 payments to the Tax Authorities. In case payment service providers do so anyway, this is finable under the new provision in the Turnover Tax Act 1968."[28]

The above shows that there is a tension between the desire to combat VAT fraud, while the data of non-taxpayers should be protected as much as possible for privacy reasons.

Of course, this is fodder for all sorts of privacy issues, which I will not go into now. My question concerns whether this desire to protect the data of non-taxpayers does not go so far that VAT fraudsters can too easily remain under the radar with the result that the law is not effective enough.

• 2.5 Does the CESOP directive leave no more room for VAT fraudsters?

The effects of the law will become apparent in a few years when new figures regarding the development of the VAT compliance gap in the European context are presented. In my view, whether the law will be effective depends on the presence of 'loopholes'. In the above, I noted that VAT fraudsters are always looking for these loopholes. The new CESOP Directive is patently not watertight; the spaces left open are dictated by the aforementioned principle of proportionality, which aims to prevent the storage/recording of data of non-taxable persons as much as possible.

But for a VAT fraudster who does not want his transaction to be registered and thus checked and detected more quickly and easily, the directive/legislation still offers room.

To cite just a few examples: the payee allows the consumer to transfer amounts to specially created companies that receive fewer than 26 payments per quarter; deliveries can be invoiced and paid for together, for example at the end of the quarter, so that fewer but higher amounts cross the border; several payment service providers can be used by the payee on a quarterly basis; with the consumer's cooperation, amounts due can be spread over several quarters. Criminal collusion with the consumer is not necessary in the first two examples in any case. The beneficiary is the one who can set the terms and give the payment instructions to the consumer.

But even if the fraud were detected, the CESOP system is also inherently behind the times. This gives the fraudster time and therefore space. In Poland, this is overcome by the introduction of the split payment method. This is a method where the VAT charged by the supplier to its customer is paid by the customer into a separate account, preventing the supplier from freely disposing of it. This method can be designed in different variants. The purpose of this split payment is to secure the VAT owed by the supplier for the benefit of the treasury.[29]In my opinion, this is an effective method not only to combat fraud but also to reduce the VAT gap in general. For example, a company in payment difficulties can no longer be tempted to pay debts with VAT received. As a result, the tax authorities do not have to fall behind the net in the event of bankruptcy either. After all, the VAT has already been paid. In practice, it appears that the VAT gap has decreased significantly in Poland. [30],[31]

Chapter 3:             Conclusion:

 Does the CESOP Directive leave no more room for VAT fraudsters? As mentioned in §2.1, VAT fraud is defined as the deliberate deception of the tax authorities through which a financial advantage is obtained by the fraudster. In §2.2, we explained why cross-border e-commerce is susceptible to VAT fraud. With different rates and ever-increasing trade over the internet, CESOP does not change the vulnerability of e-commerce to fraud. In §2.3, the role of the payment service provider was highlighted, which is only increasing now that the EU has also expressed its desire for consumers, traders and businesses to take full advantage of the free market. In §2.4, it was explained that CESOP is designed to match actual cross-border payment traffic with any declarations more quickly. In §2.5, I addressed the threshold of section 39(3) and described that the threshold of 39b of the OB Act provides opportunities for fraudsters to stay under the radar. At best, CESOP detects fraud faster, but not fast enough to secure the withheld amounts in time. Based on the above, it can be concluded that CESOP leaves room for VAT fraudsters.

Nevertheless, it is a step in the right direction in the fight against VAT fraud that is a joint EU obligation for Member States. But it does ask a lot of economic operators. Consider the heavy administrative burden demanded from payment service providers as well as the privacy risks for consumers, such as the possibility of recording the data of non-taxable persons making more than 25 cross-border payments per quarter to the same payee.

In my opinion, a directive or law should be worked on that would mandate payment service providers, in the case of a cross-border payment to a taxpayer, to transfer the VAT amount due directly to the tax authority of the destination country or an escrow account. Either application of the aforementioned split payment method. If the payment service provider cannot provide that function, the payment should be made impossible. Given innovations so far, it occurs to me that this should be technically possible for payment service providers. Not only would then only the details of taxpayers be recorded, fraud would be made virtually impossible.

[1] Preamble Directive (EU) 2015/2366 of the European Parliament and of the Council of 25 November 2015, at 3

[2] See also; van Doesum. & Van Norden, Sales tax 2023, 3.3.2.3

[3] EPPO annual report 2023, p. 12

[4] Parliamentary paper 32140, no 181

[5] Parliamentary paper 32140, no 181

[6] 2020/284 adopted on 18 February 2020 and has been in force since 1 January 2024

[7] Multilateral decentralised network for voluntary information exchange, reciprocal exchanges and strengthening cooperation between member states

[8] Draft explanatory memorandum implementing Directive (EU) 2020/284, p. 8

[9] https://www.europol.europa.eu/crime-areas/economic-crime/mtic-missing-trader-intra-community-fraud

[10] See, for example: Online platforms: marketplace for tax fraud, Prof E.C.J.M. van der Hel-van Dijk RA and M.A. Griffioen, WFR 2018/120

[11] Van Doesum & Van Norden, Turnover Tax 2023, 14.9.1.1.

[12] For the risks, see: Online platforms: marketplace for tax fraud, table 1, Prof E.C.J.M. van der Hel-van Dijk RA and M.A. Griffioen, WFR 2018/120

 

[13] Guidance on reporting payment data from payment service providers and transmission to the central electronic payment information system (CESOP)

[14] CESOP: data delivery by payment service providers, Mr L. Neutzell de Wilde and Mr O Smeets §  3.2

[15] European Commission, Guidance on reporting payment data from payment service providers and transmission to the Central Electronic System of Payment Information (CESOP), version 1.00, 3 August 2022

[16] Note to Response to Report, Lower House, session 2022-2023, 36 231, no. 6, p. 3

[17] Cahier 2024-1 National Risk Assessment Money Laundering 2023, WODC, p. 49

[18] Cahier 2024-1 National Risk Assessment Money Laundering 2023, WODC, p. 72 citing the Anti-Money Landlord Institute (AMLC) report: Money laundering vulnerabilities at PSPs

 

[19] House of Representatives, session 2022-2023,36,231, no 6

[20] See also: Guidance on reporting payment data from payment service providers and transmission to the Central Electronic Payment Information System (CESOP)

[21] https://publications.parliament.uk/pa/ld200607/ldselect/ldeucom/101/7020615.htm

[22] Parliamentary paper 31 880 Intra-community VAT fraud, retrospective report, 2.3.2

[23] Parliamentary paper, 31 880 Intra-Community VAT fraud, 3.2.1.

[24] CESOP: data submissions by payment service providers, Mr L. Neijtzell de Wilde and O. Smeets, 2.1.

[25] House of Representatives, session 2022-2023,36 231, no. 3, p. 8

[26] of the preamble to Directive (EU) 2020/284 amending Directive 2006/112/EC, art. 12

[27] Payment Service Providers Directive Implementation Act, RvS opinion dated 17 August 2022, W06.22.0108/III

[28] Further report (response to opinion) of 20 October 2022, 3b, non-mandatory registration

[29] Letter from finance minister, dated 13 May 2019, reference 2019-0000076897

[30] Can digitalisation and technology secure VAT revenues and close the VAT gap? Prof.dr.mr.E.C.J.M. van der Hel-van Dijk RA and mr. M..A. Griffioen, NLFiscaal, TaxTech 2022/2

[31] European Commission, CASE, Poniatoowski, G. Bonch-Osmolovskiy, M. Smietanka, A., Sojka.A, Barrel gap in the EU-report 2023, PublicationsOffice of the European Union, Luxembourg 2023