Bringing ‘offshore’ digital asset transaction information onshore: The OECD’s proposed crypto asset reporting framework

May 24, 2022 12 MIN READ
Matias Milet

Partner, Tax, Toronto

Emily Gilmour

Associate, Tax, Toronto

The rapid rise and mainstream adoption of crypto-assets has created opportunities for intrepid entrepreneurs and investors to create a new vision for money, markets and the internet at-large that is decentralized, democratized and trustless. However, as with any period of significant disruption, the legal landscape has trailed the pace of innovation, creating significant risks for abuse and illicit activity. When it comes to crypto-assets, one area of particular concern for governments is the difficulty in ensuring that all applicable taxes with respect to crypto-asset transactions are being correctly reported (and paid) due to the inherent decentralized design of blockchain technology.

Current tax reporting regimes, such as the Common Reporting Standard (CRS), do not generally apply to most participants in the digital asset industry. Thus, intermediaries in the digital asset industry, such as cryptocurrency exchanges, are generally not required to report on their customers’ digital asset holdings or transactions. To address these shortcomings, the Organization for Economic Cooperation and Development (OECD) released a public consultation document [PDF] on March 22, 2022 concerning the Crypto-Asset Reporting Framework (CARF), a proposed new global tax transparency framework that is intended to provide for the reporting and exchange of information with respect to crypto-assets. The public consultation document also discusses proposed amendments to the Common Reporting Standard (CRS) for the automatic exchange of financial information between countries.

The proposed measures would, among other things, exponentially increase the visibility that a country’s tax authorities have over its residents’ transactions on foreign cryptocurrency exchanges. While the United States has recently adopted its own measures requiring tax information reporting by businesses that receive over US$10,000 in digital assets, the powerful jurisdictional reach of U.S. law does have limits. In contrast, the CARF would be expected to be adopted by most, if not all, of the more than 100 countries that currently participate in CRS.     

Crypto-Asset Reporting Framework (CARF)

The OECD’s public consultation document contains rules and commentary relating to the collection of information from resident crypto-asset intermediaries that can be transposed into domestic law (the Draft Rules). It is anticipated that the corollary framework of bilateral or multilateral treaties will be further developed once the work relating to the rules and commentary has been completed.

Generally speaking, the Draft Rules describe (i) the types of crypto-assets that are subject to reporting, (ii) which intermediaries are required to collect and report information relating to crypto-assets, (iii) the types of transactions that are subject to reporting, and (iv) the information required to be reported for each such transaction, and the due diligence procedures required to be implemented by a reporting intermediary.

Which crypto-assets are subject to CARF?

The CARF rules are based upon the definition of the term “Crypto-Asset” which means any digital representation of value that relies on a cryptographically secured distributed ledger, or a similar technology to validate and secure transactions. This broad definition extends beyond cryptocurrencies and is intended to include any asset that can be held and transferred in a decentralized manner, including stablecoins, derivatives issued in the form of a Crypto-Asset, and certain NFTs. This definition is meant to ensure that all assets covered under the new tax reporting framework also fall within the scope of the Financial Action Task Force recommendations, ensuring intermediaries’ due diligence requirements can build on existing anti-money laundering (AML) and know-your-client (KYC) obligations.

Although Crypto-Asset is defined broadly, the Draft Rules provide that only a “Relevant Crypto-Asset” is subject to data collection and reporting. A Relevant Crypto-Asset is defined to mean any Crypto-Asset other than:

  • A “Closed Loop Crypto-Asset”, which is generally a Crypto-Asset that is intended to be redeemed against goods or services within a clearly defined, limited setting, and
  • A “Central Bank Digital Currency” which is generally a digital fiat currency issued by a central bank that functions similar to money held in a traditional bank account.

The OECD views Closed Loop Crypto-Assets as posing limited tax compliance risks, and notes that Central Bank Digital Currencies, as a form of fiat currency, are already subject to reporting under the CRS.

Which intermediaries will be subject to CARF?

The Draft Rules provide that a “Reporting Crypto-Asset Service Provider” will be subject to the data collection and reporting requirements of the CARF. A Relevant Crypto-Asset Service Provider generally refers to any individual or entity that, as a business, provides the service of exchanging one Crypto-Asset for another, or exchanging fiat currency for Crypto-Assets (or vice versa) for or on behalf of its customers. The definition also includes any individual or entity that acts as a counterparty or intermediary for such exchange transactions or that makes available a trading platform with respect to such exchange transactions. Similar to the definition of Crypto-Asset, the definition of Reporting Crypto-Asset Service Provider is drafted broadly and intended to capture not just cryptocurrency exchanges, but a number of other intermediaries such as:

  • dealers acting for their own account to buy and sell Relevant Crypto-Assets to customers
  • operators of Crypto-Asset ATMs, permitting the exchange of Relevant Crypto-Assets for fiat currencies or other Relevant Crypto-Assets through such ATMs
  • Crypto-Asset exchanges that act as a market maker and take a bid-ask spread as a transaction commission for their services
  • brokers in Relevant Crypto-Assets where they act on behalf of clients to complete orders to buy or sell an interest in Relevant Crypto-Assets, and
  • intermediaries subscribing for one or more Relevant Crypto-Assets. While the sole creation and issuance of a Relevant Crypto-Asset would not be considered a service effectuating an exchange transaction as a counterparty or intermediary, the direct purchase of Relevant Crypto-Assets from an issuer, to resell and distribute such Relevant Crypto-Assets to customers (i.e., performing a role akin to that of a securities underwriter in an IPO or private placement) would be considered effectuating an exchange transaction.

Once it has been decided that a person is a Reporting Crypto-Asset Service Provider, it must then be decided in what country it has to do tax information reporting on relevant transactions in Crypto-Assets. Generally speaking, that would be determined based on the Service Provider’s jurisdiction of (i) tax residency, (ii) incorporation or organization (provided that the Service Provider has legal personality in such jurisdiction or has an obligation to file tax returns in such jurisdiction) (iii) management or (iv) its regular place of business. A series of “tiebreaker” rules exist to ensure that a Reporting Crypto-Asset Service Provider only need to report to the jurisdiction in which it has the strongest nexus.

The list of jurisdictional connecting factors under CARF stands in notable contrast to CRS, which has only one such connecting factor: residence. The financial institutions that report under CRS, such as banks, insurers, custodians and broker-dealers, tend to have a strong jurisdictional nexus to a country where they are subject to considerable regulation. Some of the intermediaries that deal in Crypto-Assets may lack such connections and thus the OECD seems to have felt it necessary to provide for a broader list of connecting factors.  

Who will have their information reported to the tax authorities under CARF?

If based on the above jurisdictional connecting factors, a Reporting Crypto-Asset Service Provider is required to collect and report information on Crypto-Asset transactions to the tax authority in a given country (for example, the country where its regular place of business is located). Such reporting will identify and provide transaction details regarding “Reportable Users”.  A user of a Reporting Crypto-Asset Service Provider is a Reportable User if it is a customer of such service provider for purposes of carrying out the “Relevant Transactions” listed below (a Crypto-Asset User) and is a tax resident of another CARF-participating country (the user’s ‘residence jurisdiction’). 

The tax authority to which the Reporting Crypto-Asset Service Provider provides information regarding a Reportable User will then provide that information to the user’s residence jurisdiction.  

What types of transactions will be subject to CARF?

The Draft Rules provide that a Reporting Crypto-Asset Service Provider is required to collect and report information relating to “Relevant Transactions”. Generally speaking, the following types of Crypto-Asset transactions are Relevant Transactions for purposes of the CARF:

  1. exchanges between Relevant Crypto-Assets and fiat currencies
  2. exchanges between one or more forms of Relevant Crypto-Assets
  3. exchanges of Relevant Crypto-Assets in consideration for goods and services (a “Reportable Retail Payment Transaction”), and
  4. certain transfers of Relevant Crypto-Assets in which the Reporting Crypto-Asset Service Provider can only “see” one side of the transfer (i.e., the Reporting Crypto-Asset Service Provider is aware of a transfer of a Relevant Crypto-Asset but cannot determine whether the transaction is an exchange of a Relevant Crypto-Asset for fiat currency or another Relevant Crypto-Asset).

What are the due diligence requirements?

To determine its reporting requirements, and in particular to determine if a Crypto-Asset User is a Reportable User, a Reporting Crypto-Asset Service Provider must comply with certain due diligence requirements. The due diligence requirements are designed to allow Reporting Crypto-Asset Service Providers to efficiently and reliably determine the identity and tax residence of their individual and entity Crypto-Asset User, as well as of the natural persons controlling certain entity Crypto-Asset Users.

Due diligence requirements vary based on whether a Crypto-Asset User is an individual or entity.

  • From Crypto-Asset Users that are individuals, the Reporting Crypto-Asset Service Provider must obtain a self-certification which includes the individual’s first and last name, date of birth, address of residency, jurisdiction of tax residency, and taxpayer identification number(s). The Service Provider must also confirm the reasonableness of such self-certification based on the information otherwise obtained by the Service Provider, including any documentation collected pursuant to relevant AML/KYC procedures.
  • From Crypto-Asset Users that are entities, the Reporting Crypto-Asset Service Provider must obtain a self-certification which includes the entity’s legal name, address, jurisdiction of tax residency and taxpayer identification number(s). In addition, the Reporting Crypto-Asset Service Provider must also generally determine whether the entity has any “Controlling Person(s)” (generally any natural person(s) that exercise control over the entity) and, if so, it must obtain a self-certification from such Controlling Persons that contains the same information as the self-certification applicable to individuals. The obligation to determine whether an entity has Controlling Persons does not apply in the case of certain categories of exempted entities.

If a Reporting Crypto-Asset Service Provider is unable to obtain the required self-certification upon establishment of a new relationship with a Crypto-Asset User or, in the case of a pre-existing relationship, within 12 months after the effective date of the CARF, the Reporting Crypto-Asset Service Provider must refuse to intermediate any further Relevant Transactions for such user until a self-certification can be obtained.

What information must be collected and reported?

A Reporting Crypto-Asset Service Provider is required to collect and report, for each calendar year, the following information relating to all Relevant Transactions:

  • the name, address, jurisdiction of residence, taxpayer identification number, and date and place of birth (in the case of an individual and with respect to the place of birth, only if required under domestic law) of each Reportable User, including the name, address, jurisdiction of residence, taxpayer identification number, and date and place of birth of each Controlling Person of an entity (if applicable).
  • The name, address and identifying number of the particular Reporting Crypto-Asset Service Provider;
  • For each Reportable User and each Relevant Crypto-Asset in which the Reporting Crypto-Asset Service Provider has effectuated a Relevant Transaction:
    • The full name of the Relevant Crypto-Asset (an abbreviation or ticker symbol is not sufficient)
    • The wallet addresses to which the Reporting Crypto-Asset Service Provider has effectuated a transfer of Relevant Crypto-Assets for the Reportable User and that are not associated with such Reporting Crypto-Asset Service Provider or with an individual or entity that such Reporting Crypto-Asset Service provider knows, or has reason to know, is also a Reporting Crypto-Asset Service Provider (e.g., transfers to private wallets)
    • The aggregate gross amount paid, the aggregate number of units and the number of Relevant Transactions with respect to acquisitions or dispositions of the Relevant Crypto-Asset(s) against fiat currency
    • The aggregate fair market value, the aggregate number of units and the number of Relevant Transactions with respect to exchanges between one type of Relevant Crypto-Asset against other Relevant Crypto-Assets
    • The aggregate fair market value, the aggregate number of units and the number of Reportable Retail Payment Transactions, and
    • The aggregate fair market value, the aggregate number of units and the number of Relevant Transactions and subdivided by transfer type where known by the Reporting Crypto-Asset Service Provider in respect of “one-sided” transfers to or by the Reportable User not otherwise covered by the above.

Amendments to the Common Reporting Standard (CRS)

In addition to introducing the CARF, the OECD proposed changes to the CRS, its existing regime for cross-border exchange of financial information among tax authorities, which has been adopted into domestic law of many countries. Crypto-assets often fall outside the scope of the CRS, as it currently applies to traditional financial assets and fiat currencies. Even where crypto-assets arguably may fall within the definition of financial assets, they are often owned either directly by individuals in cold wallets or via crypto-asset exchanges that do not have reporting obligations under the CRS.

The OECD has developed proposals as part of the first comprehensive review of the CRS, which will extend the scope of the CRS to cover certain electronic money products used for making payments to entities other than the issuer and central bank digital currencies, as well as indirect investments in crypto-assets through investment entities and derivatives. The proposal contains new provisions to ensure an efficient interaction between the CRS and the CARF to limit instances of duplicative reporting.

Of particular note is the introduction of the term “Specified Electronic Money Product”, which aims to cover products that do not give rise to gain or loss by reference to the underlying fiat currency. This inclusion of these products under CRS will likely impose new compliance requirements on individuals and entities that previously may not have been required to report under the CRS; for example, unitholders of crypto asset funds and certain money services businesses or money transfer services, whose platforms also facilitate the exchange of crypto-assets.


The CARF and proposed CRS amendments are not yet law. The OECD must first finalize them and then they will have to go through the process of being enacted into the domestic law of each participating country. Thus, these changes are not expected to come into effect this year. However, affected persons should prepare for their impact as the implementation of these rules is on the horizon.

For users of crypto-assets, the CARF will result in a significant loss of anonymity with respect to crypto transactions. In particular, taxation authorities will be provided with extensive information regarding a user’s crypto-asset transactions, which can include the user’s wallet addresses. This can result in taxation authorities monitoring wallet addresses and identifying other transactions of interest that may not have otherwise been reported under the CARF (i.e., peer-to-peer transactions that do not include a Reporting Crypto-Asset Service Provider). While the CARF does not directly provide taxation authorities information regarding a user’s crypto-assets that are currently held in private cold storage, users should be aware that post-CARF, the likelihood of any transaction involving crypto-assets being reported to taxation authorities will substantially increase.  

For cryptocurrency exchanges and other entities required to report, the CARF, and related changes to the CRS, will result in an additional compliance burden with respect to crypto-assets. This may prove frustrating given that these entities may already be required to collect identity verification pursuant to anti money laundering legislation, or KYC requirements, or in other cases may have customer bases that will not welcome the incursion of government reporting requirements, upsetting their (whether justified or not) expectations of anonymity in an ecosystem built on decentralized technology.