The OECD Crypto-Asset Reporting Framework (CARF) is an international regulatory standard designed to address tax evasion risks associated with digital assets by establishing a global system for the automatic exchange of tax-relevant information on digital asset transactions between participating jurisdictions’ tax authorities.
Purpose and Background
CARF was developed by the OECD Global Forum on Transparency and Exchange of Information for Tax Purposes to bring digital asset transactions within the same level of information reporting as traditional financial assets (currently through the OECD Common Reporting Standard (CRS)[1]) and provide tax authorities with access to information needed to assess and enforce tax compliance.
Scope
CARF covers cryptocurrencies (e.g., Bitcoin, Ethereum), stablecoins, certain NFTs, and crypto derivatives. It excludes central bank digital currencies (CBDCs) and closed-loop assets like loyalty points. The scope includes exchanges between crypto-assets and fiat, crypto-to-crypto trades, and transfers involving DeFi platforms.
Application
The requirements under CARF apply to Reporting Crypto-Asset Service Providers (CASPs or RCASPs), defined as any individual or entity that, as a business, provides services effectuating exchange transactions for or on behalf of customers, including acting as counterparty, intermediary, or platform operator. CASPs include exchanges, wallet providers, NFT marketplaces, and certain DeFi protocol operators if they exercise sufficient control. A CASP is withinthescope of CARF if:
- There is a person or entity with sufficient control, influence, or knowledge to comply with reporting and due diligence obligations (e.g., a DAO with identifiable leadership, a developer team, or a business entity running the front end).
- The platform is subject to AML/KYC obligations or can otherwise identify users and transactions.
Regarding DeFi, the OECD is developing further guidance for decentralized and non-custodial services. Under current rules, a DeFi platform is not in scope if it is fully autonomous, with no controlling party and no practical way for any person to comply with CARF obligations.
Reporting and Compliance Requirements
CASPs must collect and report:
- User identification information: Name, address, tax identification number, and tax residency.
- Transaction data: Details of crypto-to-fiat, crypto-to-crypto, and certain cross-border transactions, including the type and value of assets transferred.
CASPs must submit user identification information and aggregated data by transaction type and asset to domestic tax authorities for onward exchange with other CARF jurisdictions.
Implementation Timeline and Global Adoption
CARF was finalized in October 2022 and adopted by the OECD in June 2023. Over 60 jurisdictions[2] have committed to implementing CARF, aiming for exchanges of information to begin in 2027 or 2028. The European Union will begin implementing CARF rules on January 1, 2026, via the DAC8 directive, with reporting to begin on January 31, 2027.The UK will begin implementing CARF on January 1, 2026 with reporting covering the 2026 calendar year due to HM Revenue & Customs (HMRC) by May 31, 2027.
CARF Implementation Guide
The OECD published a step-by-step guide summarizing the due diligence and reporting rules required to comply with CARF.
- CASP Identification: Entities must determine if they qualify as CASPs, defined as any individual or entity that, as a business, provides services effectuating exchange transactions for or on behalf of customers, including acting as counterparty, intermediary, or platform operator.
- Nexus Determination: CASPs must identify the jurisdictions to which they are required to report, based on criteria such as tax residency, incorporation, management location, or regular place of business.
- Due Diligence: CASPs must collect and verify user identity and tax residency, similar to KYC/AML requirements.
- Reporting: CASPs must annually report aggregated transaction data (crypto-to-fiat, crypto-to-crypto, and relevant transfers) to tax authorities, who then exchange this information with other jurisdictions.
Impact on DeFi
CARF’s approach to decentralized finance (DeFi) focuses on the concept of “control” or “influence” over a platform. CARF applies to DeFi platforms only if an individual or entity exercises sufficient control or influence over the platform—for example, if they can develop, amend, or enforce the software or protocol, or if they are otherwise able to comply with due diligence and reporting requirements. If a DeFi protocol operates purely autonomously (i.e., no person or entity can control or update it, and no one has the ability to comply with reporting obligations), it is generally outside the scope of CARF. However, under CARF, regulators may determine platforms called decentralized have a core team, developer group, or DAO that exercises significant control, which could bring them within CARF’s scope.
Peer-to-peer transactions between self-hosted wallets remain outside direct CARF reporting. CARF targets intermediaries, not individuals transacting directly without a service provider.
Impact on the U.S.
The United States is preparing to implement CARF alongside new IRS digital asset broker reporting regulations.
The final regulations on information reporting by U.S. digital asset brokers, Gross Proceeds and Basis Reporting by Brokers and Determination of Amount Realized and Basis for Digital Asset Transactions, were published in the Federal Register on July 9, 2024. These regulations require U.S. digital asset brokers to identify U.S. customers by collecting a certified Tax Information Number (TIN) from a valid Form W-9.
Under the July 2024 final regulations, non-U.S. customers are exempt from information reporting. Brokers must identify those exempt non-U.S. customers using a Form W-8. The regulations’ preamble specified that the IRS would issue updated regulations implementing CARF that detail requirements for U.S. digital asset brokers to report information for non-U.S. customers.
The IRS’s final regulations on digital asset broker information reporting attempted to minimize differences with CARF, but some discrepancies remain, particularly in areas like aggregate reporting, treatment of stablecoins, and NFTs.
It remains to be seen how the IRS will harmonize its information reporting framework with CARF. While both frameworks require brokers to collect and report detailed information on digital asset users and transactions, CARF requires additional information such as reporting on transactions of non-U.S. persons, self-certification at onboarding, and DeFi information reporting.
On DeFi, for example, Treasury and the IRS will have to determine whether and how non-custodial and decentralized platforms considered CASPs would implement CARF, given Congress passed Congressional Review Act legislation disapproving of IRS’s final regulations requiring information reporting by DeFi front end service providers and prohibiting the IRS from promulgating rules in substantially the same form.
CARF vs. CRS
CARF was designed to reflect the OECD Common Reporting Standard (CRS) for information reporting in traditional finance. Under the CRS, financial institutions share information about financial accounts (cash, securities, and traditional assets). While the CRS applies to information about accounts (balances, payments, and proceeds), CARF applies to transactions.
The United States is not among the countries that participate in the CRS. Instead, the U.S. implements the Foreign Account Tax Compliance Act (FATCA).
Resources
OECD (2023), International Standards for Automatic Exchange of Information in Tax Matters: Crypto-Asset Reporting Framework and 2023 update to the Common Reporting Standard, OECD Publishing, Paris, https://doi.org/10.1787/896d79d1-en.
OECD (2024), Delivering tax transparency to Crypto-Assets: A step-by-step guide to understanding and implementing the Crypto-Asset Reporting Framework, Global Forum on Transparency and Exchange of Information for Tax Purposes, OECD, Paris, https://web-archive.oecd.org/tax/transparency/documents/step-by-step-guide-understanding-implementing-crypto-asset-reporting-framework.pdf.
OECD (2024), Crypto-Asset Reporting Framework: Frequently Asked Questions, OECD, Paris, https://www.oecd.org/content/dam/oecd/en/topics/policy-issues/tax-transparency-and-international-co-operation/faqs-crypto-asset-reporting-framework.pdf.
OECD (2024), Crypto-Asset Reporting Framework XML Schema: User Guide for Tax Administrations, OECD Publishing, Paris, https://doi.org/10.1787/578052ec-en.
[1] As discussed below, the U.S. does not participate in the CRS.
[2] Jurisdictions undertaking first exchanges by 2027 (52): Austria, Azerbaijan, Belgium, Bermuda, Brazil, Bulgaria, Canada, Cayman Islands, Colombia, Croatia, Cyprus, Czechia, Denmark, Estonia, Faroe Islands, Finland, France, Germany, Gibraltar, Greece, Guernsey, Iceland, Indonesia, Ireland, Isle of Man, Israel, Italy, Japan, Jersey, Kazakhstan, Korea, Latvia, Liechtenstein, Lithuania, Luxembourg, Malta, Mexico, Netherlands, New Zealand, Norway, Poland, Portugal, Romania, San Marino, Slovak Republic, Slovenia, South Africa, Spain, Sweden, Switzerland, Uganda, United Kingdom.
Jurisdictions undertaking first exchanges by 2028 (17): Bahamas, Barbados, British Virgin Islands, Costa Rica, Hong Kong (China), Kenya, Malaysia, Mongolia, Nigeria, the Philippines, Saint Vincent and the Grenadines, the Seychelles, Singapore, Thailand, Türkiye, United Arab Emirates, United States.
Jurisdictions identified by the Global Forum as relevant that have not yet committed to implement the CARF (6): Argentina, Australia, El Salvador, India, Panama, and Vietnam (OECD)
