April 12, 2022
OECD releases Consultation document | Crypto-Asset Reporting Framework and Amendments to the Common Reporting Standard
On 22 March 2022, the Organisation for Economic Co-operation and Development (OECD) published a Public Consultation Document which proposes new and amended reporting requirements covering reporting of crypto-assets and e-money as well as containing broader revisions to the existing Common Reporting Standard (CRS).
The consultation contains two main proposals:
The public consultation will run until 29 April 2022, with the OECD planning to release proposals for new rules in October 2022. There would need to be a new Multilateral Competent Authority Agreement (MCAA) to implement the CARF on a global basis which is likely to be published together with the proposals in October 2022.
The consultation does not indicate the proposed timeline for adoption. However, given the recent adoption timelines for other exchange of information regimes, there could be early adopting jurisdictions that put rules in place from 1 January 2024.
The OECD first introduced the CRS in 2014, building on the United States Foreign Account Tax Compliance Act (FATCA) regime. In overview, those rules require banks and other financial institutions to report on assets that they hold for clients who are resident outside of the country. The information is reported to their local tax authority, which then exchanges that information with other participating jurisdictions.
Since 2016, more than 100 countries have signed up to participate in the CRS. In the European Union (EU), those rules were adopted through an amendment to the Directive on Administrative Co-operation in the field of taxation (DAC), commonly referred to as DAC2.
Those rules have recently been repurposed to require reporting by digital platforms on their sellers, with the digital platform rules expected to be adopted first in the EU (through the 6th amendment to the DAC (DAC7)) and the United Kingdom from 2023.
Like the CRS before it, the CARF would require an MCAA to implement, signed by adopting jurisdictions. That would make it the fourth such agreement – after CRS, Mandatory Disclosure and the new rules for reporting by digital platforms. To implement the CARF, jurisdictions would need to transpose the rules into domestic law which means, as with the CRS, we are likely to see nuances in interpretation and requirements across adopting jurisdictions.
The updates to the CRS do not appear to require re-signing of the MCAA – although they would need to be implemented into local law in over 100 jurisdictions (as would the CARF).
The Crypto-Asset Reporting Framework
The proposed CARF is substantially based on the model of the CRS. However, rather than requiring reporting on assets that are held, it would require reporting on certain transactions. The consultation document indicates that this step was intended to ensure that assets that are transferred to cold-wallets or decentralized applications, and therefore away from institutions with reporting obligations, would not disappear from the reporting net.
The rules have a wide scope of both transactions and providers. The aim appears to be to capture all businesses operating within the crypto-space, including those that are currently only subject to limited regulatory oversight, although some decentralized finance (DeFi) applications may not be covered even if this is the intention.
The obligations under the Framework apply to "Reporting Crypto-Asset Service Providers" (CASPs) which includes any individual or entity which as a business provides a service to "effectuate" for or on behalf of customers a Reportable Transaction including making available a trading platform. It is noted that these providers are expected to also fall within the scope of obligated entities for FATF1 purposes (i.e., virtual asset service providers), so they should be in a position to collect and review documentation from their customers, including AML/KYC2 documentation.
This appears to be deliberately wide to cover a wide range of services – although as set out above there are likely to be questions about organizations that provide access to DeFi transactions.
Software solutions which allow you to interact with the blockchain appear to be out of scope since it is not the business which effectuates the transaction, although there are likely to be cases where it is unclear whether a business effectuates a transaction and further guidance would be welcome.
There are no specific rules for Decentralized Autonomous Organizations (DAOs), which would mean that the application of the rules may depend on the underlying legal interpretation of the DAO's structure; again, in the case of DAOs with no legal personality there may be some debate about whether individuals involved are effectuating transactions.
CASPs are required to report four categories of Relevant Transactions:
There are similarities here to the evolving approach under anti-money laundering rules which initially targeted the point of exchange between fiat and crypto and increasingly are targeting the point of transactions.
Particular Crypto-Asset considerations
Requirements for Crypto-Asset Service Providers
Beyond the scoping provisions above, the rules would provide a familiar landscape for the obligations of service providers based on the CRS which includes:
As a departure from the CRS, self-certifications would expire after three years and would need to be reviewed and the information re-confirmed by the customer. In addition, accounts which do not have a valid self-certification would be required to be frozen (either post expiry of a self-certification or following a change of circumstances with respect to the self-certification obtained). CASPs would not be permitted to conduct Relevant Transactions without a valid certification. These rules are similar to the rules for digital platforms.
One notable addition to the rules is the potential inclusion of wallet addresses when reporting the transfers of crypto. A number of tax authorities have debated and explored the potential for de-anonymizing blockchains, and the exchange of wallet addresses would be a substantial step toward this. There are likely to be a significant data privacy concerns around this requirement.
The digital platform rules (DAC7 and the OECD Framework) require reporting on all sellers regardless of jurisdiction, and therefore also remove the need to obtain a self-certification of tax residence. CASPs may want to consider the relative merits of following either the rules for financial institutions or the rules for digital platforms when considering how to respond to the OECD consultation.
The Framework does not provide any details on potential enforcement. Like the new rules for digital platforms, there is likely to be a substantial burden on tax authorities to ensure that all CASPs are complying with the obligations. Unlike the CRS, where most financial institutions are required to be regulated, CASPs may not necessarily be regulated under existing rules. In addition, unlike the CRS, transactions with other CASPs are reportable under the proposed rules. The OECD has specifically invited comment on whether CASPs should be excluded.
Proposed Amendments to the Common Reporting Standard
There are three main groups of proposed amendments to the CRS:
Interactions with the CARF
The proposed amendments to the CRS to manage the interaction with the CARF include:
Changes to bring e-money into scope
E-money products and CBDCs would be brought into scope with the aim of ensuring a level-playing field between digital money products and traditional bank accounts and to ensure consistent reporting outcomes.
The definition of depository institution would be amended to include in addition to entities that "accept deposits in the ordinary course of a banking or similar business," any entity "that holds Specified Electronic Money Products or Central Bank Digital Currencies for the benefit of customers." This means that any organization that holds cash on deposit would potentially be in scope as a financial institution – and is likely to have an impact on organizations beyond e-money. There is a potential, unspecific de minimis rule that could apply here.
The rules also introduce the concept of 'Specified Electronic Money Products' which seems to mirror e-money definitions in other regulations.
The rules would be amended so that any institutions/accounts that are brought into scope as a result of this change (or any other change) would be pre-existing accounts if they opened before the future implementation date, giving two years from that date to complete reviews, self-certifications, etc.
Two new categories of Excluded Accounts would be added for products considered to be low-risk:
Changes to improve compliance
The proposed amendments to the CRS include:
The consultation also requests clarification on rules applicable to non-profit entities and the application of the Investment Entity definition to charities to ease the burden on charitable entities who are inadvertently caught within the scope of CRS without creating an opportunity for avoidance behaviors.
While the CARF follows DAC7 in requiring a refresh of customer data every three years, and in requiring freezing of accounts where information is not provided, neither of those proposals have been included in the CRS amendments.
The proposed CARF seeks to create an extensive reporting regime that would require most Crypto-Asset transactions to be reported, together with reporting of Crypto-Assets held in more traditional custody or deposit accounts.
With the inclusion of e-money in the CRS, and in addition to the OECD and EU rules for digital platforms, the adoption of the CARF would see a substantial proportion of the digital economy brought into the automatic exchange of information net.
More immediately, CASPs and financial institutions will wish to review the proposals closely and consider responding to the OECD consultation to highlight places where they believe the proposed rules need to be amended in order to make the proposals practicable and workable.
For additional information with respect to this Alert, please contact the following:
Ernst & Young GmbH Wirtschaftsprüfungsgesellschaft, Hamburg
Ernst & Young Belastingadviseurs LLP, Amsterdam
Ernst & Young Belastingadviseurs LLP, Rotterdam
Ernst & Young LLP, Oslo
Ernst & Young LLP (United Kingdom), London
Ernst & Young LLP (United States), Washington, DC
1 FATF: Financial Action Task Force.
2 AML/KYC: Anti Money Laundering/Know Your Customer.