The OECD's Crypto-Asset Reporting Framework ('CARF') is intended to provide tax authorities worldwide with the information they need to monitor crypto-asset revenues on a cross-border basis and ensure taxes are paid on crypto-asset transactions. Reporting crypto-asset service providers ('RCASPs') will be required to collect detailed information about customers and transactions and report to their national tax authorities annually, which will then exchange that information with other tax authorities. As of 17 June 2025, 69 jurisdictions committed to implement CARF. Many will require RCASPs to make their first annual reports in relation to the calendar year starting 1 January 2026. Please see jurisdictions listed at the end of this advisory.
CARF will result in additional compliance requirements for the global crypto-assets sector, much like those in place for the traditional financial sector, where similar rules for banks, insurers, investment funds and managers were introduced in 2010 (in the case of the United States Foreign Account Tax Compliance Act ('FATCA') and 2014 (in the case of the OECD's Common Reporting Standard ('CRS')). Alongside CARF, the OECD also introduced a set of amendments to the CRS to bring new financial assets into scope and avoid duplication with CARF. This advisory summarises the key points of CARF and deals with some practical questions.
What do RCASPs have to do to comply with CARF?
A RCASP must obtain a self-certification from each of its customers that allows it to determine their tax residence and conduct due diligence to identify customers which are reportable or have reportable controlling persons. The RCASP must then report detailed information annually to its national tax authority with respect to such customers and their transactions, with penalties for non-compliance.
Will your entity be a RCASP?
The key question is whether your entity, as a business, provides a service effectuating exchange transactions for or on behalf of customers, including by acting as a counterparty or intermediary or by making available a trading platform. The phrase 'as a business' excludes 'individuals or entities who carry out a service on a very infrequent basis for non-commercial reasons'. However, a service provided for no fees or commission could still be carried out 'as a business'.
What constitutes a 'service effectuating exchange transactions'?
A service effectuating exchange transactions includes any service through which a customer can exchange crypto-assets for fiat currencies, or vice versa, or for other crypto-assets. The most obvious example is an exchange, including any software program or app that allows users to make exchanges, with or without offering custodial services, but other examples include:
- dealers acting for their own account to buy and sell crypto-assets from and to customers;
- brokers acting on behalf of clients to complete orders to buy or sell an interest in crypto-assets;
- market makers taking a bid-ask spread as a transaction commission for their services;
- persons subscribing to crypto-assets for onwards sale or distribution; and
- operators of crypto-asset ATMs.
How does the definition of 'service effectuating exchange transactions' apply to some other businesses in the crypto space?
Investment funds: Activities of an investment fund investing in crypto-assets do not constitute a service effectuating exchange transactions since such activities do not permit the investors in the fund to effectuate exchange transactions. The question of whether tokenised investment funds (or tokenised debt issuers) are RCASPs will depend on local law but in most cases shares, partnership interests or units issued by investment funds or tokenised notes issued by special purpose vehicles will be regarded as securities, not crypto-assets. As such, investment funds and debt issuers will not be RCASPs and will instead continue to be reported under FATCA and CRS. See also below in relation to token issuers more generally.
Token issuers and token distributors: Creation and issuance of a crypto-asset would not be considered a service effectuating exchange transactions. However, the direct purchase of crypto-assets from an issuer, to resell and distribute such crypto-assets to customers, would be considered effectuating an exchange transaction.
Bulletin boards: An individual or entity that is making available a platform that solely includes a bulletin board functionality for posting buy, sell or conversion prices of crypto-assets would not be a RCASP as it would not provide a service allowing users to effectuate exchange transactions.
Software providers: An individual or entity that solely creates or sells software or an app is not a RCASP, as long as it is not using such software or app for the provision of a service effectuating exchange transactions for or on behalf of customers (in other words, operating an exchange).
DAOs and wrappers such as foundation companies: A DAO is not an individual or entity and cannot be a RCASP (although see below in relation to decentralised exchanges). Whether a foundation company or similar wrapper is regarded as a RCASP will depend on its activities in practice. Typical activities of a foundation company such as making grants and treasury management are unlikely to amount to effectuating exchange transactions as a service.
Decentralised exchanges: CARF could apply to individuals or entities which make available decentralised exchanges if they exercise control or sufficient influence over the exchange. In practice, this turns on whether creators, owners, operators or others have control or sufficient influence over assets or over aspects of the service’s protocol and the existence of an ongoing business relationship between themselves and users, even if this is exercised through a smart contract or in some cases voting protocols. Whether any party profits from the service or has the ability to set or change parameters are also factors to determine the identify of the owner/operator of a decentralised arrangement. The question of whether a decentralised exchange will be a RCASP therefore depends on the facts and where the exchange sits on the decentralisation scale. It is difficult to see how a truly decentralised exchange could be a RCASP or, indeed, whether it would be subject to the rules of any jurisdiction under the test below.
In which jurisdiction must a RCASP report?
With respect to the reporting nexus, RCASPs will be subject to a jurisdiction's rules implementing CARF if they are:
(i) tax resident in that jurisdiction;
(ii) both incorporated in, or organised under the laws of, and have legal personality or are subject to tax reporting requirements in, that jurisdiction;
(iii) managed from that jurisdiction; or
(iv) have a regular place of business in that jurisdiction.
A RCASP will also be subject to a jurisdiction's rules implementing CARF in respect of exchanges or transfers effectuated through a branch in that jurisdiction. CARF contains rules to avoid duplicative reporting, in case a RCASP has nexus with more than one jurisdiction.
Who is a customer?
The term 'customer' is interpreted broadly to mean any user of a RCASP's services. It could include some counterparties not typically regarded as customers. An individual or entity (other than a Financial Institution or another RCASP) acting for the benefit or account of another person as agent, custodian, nominee, signatory, investment advisor, or intermediary, is not treated as a customer, and such other person is treated as the customer.
Which of a RCASP's customers will it have to report on?
RCASPs must determine whether their customers are reportable. Customers are reportable if they are resident in a reportable jurisdiction (meaning one which is listed as, or has agreed to, reporting pursuant to CARF) unless they are excluded from being reportable by reason of being (i) publicly traded on an established securities markets (or a related entity thereof); (ii) a governmental entity; (iii) an international organisation; (iv) a central bank; or (v) a financial institution other than a managed investment entity (such as an investment fund). RCASPs must also determine whether an entity customer has any reportable controlling persons unless it determines that the entity customer is an 'Active Entity'. An entity customer may be an Active Entity by reason of (i) its income and assets not being passive;(ii) being a holding entity which is part of a non-financial group; (iii) being a start-up; (iv) liquidating or emerging from bankruptcy; or (v) a treasury centre for a non-financial group; or (vi) a non-profit entity. All terms referred to in this section are as defined more fully in CARF. They will be familiar to some readers from the CRS.
What transactions must be reported by a RCASP?
An individual or entity will be a RCASP if it provides a service effectuating exchange transactions for or on behalf of customers. Once in scope an RCASP must report not only exchange transactions but also transfers.
- Exchange transactions: Are any exchange between crypto-assets and fiat currencies or between one or more forms of crypto-assets.
- Transfers: Are any transaction (including certain retail payments, discussed below) that moves a crypto-asset from or to the crypto-asset address or account of a customer, other than one maintained by the RCASP on behalf of the same customer, where the RCASP cannot determine that the transaction is an exchange transaction.
It is worth flagging how the OECD envisages certain transactions be categorised for reporting purposes.
- Payments for high value goods and services: RCASPs which process payments on behalf of a merchant accepting crypto-assets as payment for goods or services exceeding USD 50,000 are required to report such transfers including, in certain cases, the merchant’s underlying customer. This information is expected to provide tax administrations with information on cases where crypto-assets are used to purchase goods or services.
- Self-hosted wallets: A RCASP which transfers crypto-assets on behalf of a customer to a self-hosted wallet must report the number of units and the total value of the transfer. Tax authorities could then request more detailed information on the wallet addresses associated with a customer through existing exchange of information channels.
- Collateralised loans: Where crypto-assets are transferred as a loan or as collateral, they are not transferred as compensation for the acquisition of other crypto-assets and should therefore be reported as a transfer rather than an exchange transaction. The transfers for the borrowing and the return of the borrowed crypto-assets must be reported as 'Crypto loan', while the transfers of crypto-assets in connection with the deposit and return of the collateral must be reported as 'Collateral'.
- Wrapping and bridging services: Certain transactions involve the exchange of crypto-assets for a token representing the exchanged crypto-assets. This includes instances where a crypto-asset on one blockchain represents a crypto-asset from another blockchain or the creation of a crypto-asset on the same blockchain that can be used in an automatically executing transaction that the original crypto-asset cannot be used in. The new crypto-asset is supposed to match the asset value it is representing, and it can normally be redeemed at any time. According to the OECD, such transactions are exchange transactions, irrespective of whether they give rise to a taxable disposition under applicable tax rules.
- Liquid staking services: Similarly, a customer may transfer crypto-assets into an automatically executing contract for the purpose of being used as part of a proof-of-stake consensus mechanism to validate transactions on a distributed ledger. In exchange, the customer may then be issued a tokenised version of their crypto-assets, which carries the same value and is transferable or tradable. The OECD considers these transactions to be exchange transactions.
What crypto-assets are in scope of CARF?
The term 'crypto-asset' means a digital representation of value that relies on a cryptographically secured distributed ledger or a similar technology to validate and secure transactions. This definition is intended to target those assets that can be held and transferred in a decentralised manner, without the intervention of traditional financial intermediaries, including stablecoins, derivatives issued in the form of a crypto-asset and certain NFTs. However, CARF does not apply to crypto-assets that cannot be used for payment or investment purposes, central bank digital currencies and certain electronic money products that represent a single fiat currency and are redeemable at any time in the same fiat currency at par value. However, reporting on central bank digital currencies and certain electronic money products will be included within the scope of the CRS.
What is the timing?
The first international exchanges are due to take place by 2027, which means that domestic reporting will need to have taken place beforehand in relation to the calendar year starting 1 January 2026. Jurisdictions which have committed to implement CARF in time to commence exchanges in 2027 will be introducing the necessary domestic legislation soon, to the extent they have not already done so.
What can businesses do to prepare?
Entities in the crypto-asset sector should take the following actions:
- Determine jurisdictional exposure: Whether the jurisdiction in which the entity is resident will be implementing CARF and if so when. Keep this under review, as jurisdictions are continuing to sign up.
- Determine business exposure: Those entities in jurisdictions implementing CARF will need to assess whether they will be RCASPs and, if so, identify the scope of customers and transactions reportable under CARF.
- Plan and implement resources: Determination of business exposure will help entities determine the resources, internal processes and infrastructure required to implement CARF. This will include putting written policies and procedures in place, training staff responsible for onboarding and customer relations, compliance and IT and briefing senior management.
- Stay tuned to developments: Publications from the OECD and national competent authorities need to be kept under review.
Next steps: Walkers has a global team of dedicated regulatory lawyers who can classify your entity for the purposes of CARF and advise on which types of users and transactions are reportable, as well as providing CARF policies and procedures, training and briefing boards and senior management. We have long experience of advising on CRS and FATCA and facilitating streamlined and efficient compliance.
