Tax News Update    Email this document    Print this document  

October 17, 2022

OECD publishes final Crypto-Assets Reporting Framework and amendments to Common Reporting Standard

  • The report published by the OECD covers two main areas: Introduction of a Crypto-Asset Reporting Framework and revisions to the existing CRS.
  • This Alert outlines the key provisions under both areas.

Executive summary

On 10 October 2022, the Organisation for Economic Co-operation and Development (OECD) published their final report which details new and amended reporting requirements covering the reporting of crypto-assets and e-money. The report also contains broader revisions to the existing Common Reporting Standard (CRS).

The document covers two main areas:

  • Introduction of a Crypto-Asset Reporting Framework (CARF) that would bring crypto-currency and other crypto-assets into scope for reporting. The obligation would fall on intermediaries or other service providers which allow or make a platform available for the exchange of crypto-assets into currency or other assets, facilitate certain reportable payments or allow for the transfer of crypto-assets.

    Not all industry feedback has resulted in changes. FIs in particular, will note that the proposed expansion of the reportable data fields has remained, despite comments that adding these requirements to existing CRS reporting will be onerous. For the CARF, a number of suggestions to phase in implementation, or focus initially on established cryptocurrency exchanges, have not been adopted, with the result that the scope of CARF remains widely drawn.
  • Revisions to the existing CRS to include e-money providers, bring central bank digital currencies and some stablecoins into scope as depository accounts, and include crypto-assets as financial assets, as well as revisions to the rules that are intended to improve compliance and reflect developments since the introduction of the CRS in 2014.

Detailed discussion

The OECD first introduced the CRS in 2014, building on the United States Foreign Account Tax Compliance Act (FATCA) regime. In overview, those rules require banks and other Financial Institutions (FIs) to report on assets that they hold for clients who are resident outside of the country. The information is reported to their local tax authority, which then exchanges that information with other participating jurisdictions.

Since 2016, more than 100 countries have signed up to participate in the CRS. In the European Union (EU), those rules were adopted through an amendment to the Directive on Administrative Co-operation in the field of taxation (DAC), commonly referred to as DAC2.

Those rules have recently been repurposed to require reporting by digital platforms on their sellers, with the digital platform rules expected to be adopted first in the EU (through the 6th amendment to the DAC (DAC7) from 2023.

The OECD released the initial draft of these rules as a consultation document in March 2022.1 Written comments were requested by 29 April 2022, and the OECD received a large number of comment submissions from industry and professional bodies, which are posted on the OECD website.

What has changed since the consultation?

The final rules are largely the same as those proposed in March, which is unsurprising given the close alignment to the already in force CRS.

However, a number of key changes have been made, which address comments received on the initial draft:

Under CARF

  • Closer alignment of assets in scope to those assets treated as virtual assets under the Financial Action Task Force (FATF) guidance for anti-money laundering. This restricts the assets in scope to only those used for investment or payment services. This had been included in the preamble to the initial draft of CARF but was not reflected in the detailed rules; the final rules are now aligned to that approach. The CARF notes that differences may still occur, and that detailed consideration will be needed for any assets not treated as in scope for FATF.
  • Clarifications on which service providers are in scope, in particular clarifying that a service provider that makes a trading platform available is only in scope to the extent that it exercises sufficient control that it could comply with due diligence and reporting obligations. This is likely to be of particular interest to software providers and decentralized exchanges.
  • Removal of the requirement to report the receiving wallet address for all transfers to unhosted wallet addresses. This had raised the largest concerns from a data privacy and proportionality perspective and will be welcomed by many stakeholders. However, crypto-asset service providers will still be required to report transfers to external wallets and will now be required to hold those details for five years, suggesting that tax authorities may expand the use of Exchange of Information on Request processes under tax treaties.
  • Payment transactions in crypto-currency will only be reportable where they exceed US$50,000 and are subject to anti-money laundering controls.
  • The requirement to refresh self-certifications every three years has been removed, with ongoing review requirements aligned to CRS.

E-money and amendments to the CRS

  • E-money accounts will only be reportable where they exceed US$10,000 on a 90-day rolling average. For many e-money providers, the rolling average basis for calculation will be more welcomed than the threshold itself as the likelihood the threshold is breached due to a one-off receipt is reduced, but the required monitoring will be more complex.
  • An indication that stablecoins may be treated as fiat money in some cases, requiring reporting under CRS but not under CARF. This likely reflects the evolving sentiments and regulatory landscape around stablecoins as a possible alternative to central bank digital currencies.
  • Rules are introduced for "genuine" charities that remove them from the definition of investment entities and allow them to be treated as active entities, not subject to their own reporting obligations. This is subject to there being "adequate verification procedures" in their host country to avoid abuse. This is likely to be welcomed by all institutions that have struggled to on-board charity clients due to uncertainties around their tax status.

Global adoption

The OECD has indicated that further work is required, including:

  • An international framework which is likely to include a multilateral competent authority agreement
  • An IT specification, in particular an xml schema for exchange of information
  • An effective implementation guide, which takes the form of guidance to tax authorities
  • Co-ordinated implementation of a timeline for adoption

The OECD has also indicated that it is working to a "ensure a broad implementation of the CARF as the single global reporting framework for Relevant Crypto-Assets."

The list of jurisdictions that plan to adopt CARF will be of considerable interest to affected institutions. Many comments noted the risk that a jurisdiction that did not adopt the CARF could gain an unfair competitive advantage over adopting jurisdictions. To a lesser extent, the same can also be said for decentralized exchanges, where there may be no one who exercises sufficient control to enforce documentation and reporting requirements.

At the same time, CARF should not be viewed in isolation, but as part of a rapidly growing body of regulation applying to the crypto-assets industry. Developments like the EU's Markets in Crypto-Assets Regulation (MiCA), which will likely be implemented as of 2024, will narrow the circumstances in which non-adopting jurisdictions for CARF gain an advantage, by increasingly requiring a local presence for regulatory purposes which will likely lead to a reporting requirement under CARF.

Review of the Rules: The Crypto-Asset Reporting Framework

The CARF is substantially based on the model of the CRS. However, rather than requiring reporting on assets that are held, it would require reporting on certain transactions.

The rules have a wide scope of both transactions and providers. The aim appears to be to capture all businesses operating within the crypto-space, including those that are currently only subject to limited regulatory oversight.

The OECD notes that some key aspects required for CARF adoption are still to be agreed and published, including:

  • A framework of bilateral or multilateral competent authority agreements or other arrangements for exchanging information
  • IT solutions to support the exchange of information, in particular a dedicated xml schema
  • An effective implementation handbook – essentially guidance to tax authorities
  • A timeline for adoption of the CARF globally

Separately, the OECD notes that work is ongoing to ensure a broad implementation of the CARF as the single global reporting framework for Relevant Crypto-Assets.

The OECD also notes that it will continue developing guidance to support the consistent application of the CARF, including on the definition of Relevant Crypto-Assets and in particular the criteria for adequately determining that a Crypto-Asset can or cannot be used for payment or investment purposes, as well as paying particular attention to the development of decentralized finance.


The obligations under the Framework apply to "Reporting Crypto-Asset Service Providers" (CASPs) which includes any individual or entity that as a business provides a service to "effectuate" for or on behalf of customers a Reportable Transaction including making available a trading platform.

The final package notes that service providers who make a trading platform available will be in scope to the extent that an entity or individual exercises sufficient control over the platform that they could comply with the due diligence and reporting requirements under CARF. That definition is likely to exclude software providers, although many solutions package both software and access to services, which will need to be assessed separately. The analysis for decentralized exchanges and other decentralized finance may be more nuanced, particularly where the decentralized application is overseen by a Decentralized Autonomous Organization or DAO.

It is noted that these providers are expected to also fall within the scope of obligated entities for FATF purposes (i.e., virtual asset service providers), so they should be able to collect and review documentation from their customers, including anti-money laundering or know-your-client documentation.

CASPs are required to report three categories of Relevant Transactions:

  • Exchanges between Relevant Crypto-Assets and fiat currency
  • Exchanges between one or more forms of Relevant Crypto-Assets
  • Transfers of Relevant Crypto-Assets, which includes reportable "Retail Payment Transactions"

There are similarities here to the evolving approach under anti-money laundering rules, which initially targeted the point of exchange between fiat and crypto and increasingly are targeting the point of transactions.

Relevant Crypto-Assets

The final rules align assets in scope to those assets treated as virtual assets under FATF guidance for anti-money laundering purposes.

This restricts the assets in scope to only those used for investment or payment services. This intention had been included in the preamble to the initial draft of the CARF but was not reflected in the detailed rules; the final rules are now aligned to that approach.

The Commentary to the CARF goes into further detail, and proposes two questions for CASPs to consider:

  1. If the asset already has been assessed and is it treated as a virtual asset for FATF? If it is, then it should be treated as a crypto-asset for CARF purposes?
  2. Otherwise the CASP will be required to determine that the virtual asset cannot be used for investment or payment purposes, which should include consideration of the following factors:
    1. If the asset represents a financial asset, or is subject to financial regulation, it is in scope of the CARF.
    2. Non-fungible Tokens (NFTs) may be more complex to analyze but where they are traded on a marketplace, they are considered in scope of the CARF. Otherwise, a CASP is required to consider NFTs on a case-by-case basis.
    3. Tokens that can only be exchanged or redeemed within a limited market should be out of scope, but this should be determined holistically by continuing to consider if the asset could be held for investment or payment purposes.

The OECD notes that in the case of doubt about whether the asset could be used for payment or investment purposes, the CASP should assume the asset is a relevant crypto-asset.

Particular Crypto-Asset considerations

  • NFTs – The Framework explicitly applies to NFTs where they can be used for investment or payments purposes. The OECD notes that further guidance will be needed on NFTs, although the Commentary does note that NFTs that can be traded on a marketplace are viewed as being used for investment purposes. This will likely bring certain tokens into reporting even where the underlying asset would not be reportable under the CRS (e.g., works of art).
  • Utility tokens – The Framework removes the earlier concept of "Closed Loop Crypto-Assets," which covered a portion of tokens that are commonly referred to as utility tokens. Instead, the updated Commentary indicates that assets that can only be redeemed or exchanged within a limited network are unlikely to be held for investment or payment purposes, although it notes that this needs to be considered on a case-by-case basis.
  • Central Bank Digital Currencies (CBDCs) – CBDCs would be specifically excluded, and instead are included within the definition of a depository account that is reportable by a "traditional" financial institution. The updated package specifically excludes central banks from the definition of CASPs.
  • Stablecoins – The final rules note that in some circumstances stablecoins will fulfil the criteria set out for specific electronic money products and will therefore be treated as fiat currency in their own right. In practice, stablecoins would need to be redeemable on demand and at par value, which will likely exclude many current stablecoins from this treatment.
  • Tokenization of assets – Interestingly, the CARF notes that financial assets (for the purposes of the CRS) retain their status as financial assets even when issued in crypto form. There are rules to avoid duplicative reporting, but the CARF takes precedence over the CRS. That means that where a tokenized asset is held directly by the investor it would be reported under the CARF. Where it is held through an intermediary such as a bank, it would be reported under the CRS for as long as it is held, and under the CARF when it is disposed of.

    This differs slightly from regulatory positions, for example, the EU's MICA suggests that coins that otherwise qualify as financial instruments should be regulated in the same way as those underlying financial instruments.
  • Centralized Finance (CeFi) – Many institutions who will be in scope of the CARF offer hybrid services to crypto-asset investors, which may mean that investors do not hold assets directly on the blockchain but rather hold them through omnibus wallets of CASPs. It should be noted that nothing in the CARF requires that a reportable transaction is reflected on the blockchain itself, just that there is a transaction in a crypto-asset. Accordingly, a CASP cannot take the view that they do not have a reporting obligation simply because a transaction over a relevant crypto-asset did not result in a transaction on the blockchain.
  • Decentralized Finance (DeFi) – While the rules do not make any specific reference to decentralized finance applications, the OECD notes in the introduction that they will be paying particular attention to the evolution of DeFi and may amend the CARF where needed. As noted above, a provider who makes available a trading platform will be in scope where they exercise sufficient control over the platform that they could comply with the due diligence and reporting requirements under the CARF
  • DAOs - There are no specific rules for DAOs, which would mean that the application of the rules may depend on the underlying legal interpretation of the DAO's structure; again, in the case of DAOs with no legal personality there may be some debate about whether individuals involved are effectuating transactions. Governance tokens could in principle be excluded from the definition of relevant crypto-assets, although in many cases tokens are traded on exchanges in a way that makes them indistinguishable from other tokens.

Requirements for Crypto-Asset Service Providers

Beyond the scoping provisions above, the rules would provide a familiar landscape for the obligations of service providers based on the CRS, which includes:

  • Collection of self-certifications of tax residence and TIN(s) from all customers and/or the natural persons controlling certain entity customers
  • Checks of reasonableness of those self-certifications against other information held
  • Monitoring for change of circumstances
  • Reporting in an xml format to the domestic tax authority who will exchange with other tax authorities

The final CARF includes additional detailed Commentary on due diligence and how to treat particular scenarios. It also includes detailed rules for valuing crypto-assets in the absence of an active market on the day of the transaction. The rules create a waterfall for valuation that includes:

  • Trading value (i.e., fair market value at time of transfer)
  • Book value
  • Value derived from third-party reference data
  • Most recent valuation
  • Reasonable estimate

Reporting of wallet addresses

The OECD's initial draft indicated the potential inclusion of wallet addresses when reporting the transfers of crypto-assets outside of the control of a CASP. Many stakeholder comment submissions raised concerns about this approach.

The OECD has removed that requirement. Instead, CASPs are required to report aggregate transfers to wallet addresses not known to be associated with a virtual asset service provider or financial institution (i.e., wallet addresses that are not subject to reporting by other CASPs).

In addition, CASPs are required to hold those external wallet addresses for a period of five years. This requirement suggests that tax authorities may still request this data, albeit on a one-to-one basis with CASPs rather than the bulk data collection envisaged in the earlier draft. This in turn suggests that tax authorities may be planning to use Exchange of Information on Request measures contained in tax treaties and tax information exchange agreements.

Review of the Rules: Amendments to the Common Reporting Standard

There are three main groups of amendments to the CRS:

  1. Changes to manage the interaction with the CARF
  2. Changes to bring e-money and CBDCs into scope of the CRS
  3. Changes to improve compliance by organizations already in scope of the CRS

Interactions with the CARF

The amendments to the CRS to manage the interaction with the CARF include:

  • Rules which state that CBDCs and potentially stablecoins are depository accounts and would therefore be reportable by the customer's bank not the central bank.
  • Clarification that Crypto-Assets are also financial assets, and that safekeeping of those assets includes services to hold private keys, etc. However, the rules are not amended to specifically state that a digital wallet holding crypto-currency is equivalent to a financial account, which may leave uncertainty on the scope of reporting.
  • Financial institutions which offer crypto-currency services to clients are likely to be faced with a duplicate reporting obligation under the CARF and the CRS. For example, where a bank offers crypto-currency trading, derivatives or other products to clients, it will likely need to report transactions with clients under the CARF, and then to treat related custody services as a custodial account in scope for the CRS, reporting on balances and income.
  • The rules do provide that where transactions are reported under the CARF, by election they do not need to be included in gross proceeds reporting.
  • Addition of Crypto-Assets to the definitions of investment entities, passive entities etc.
  • Changes in the definition of financial assets to include derivatives of Crypto-Assets.

Changes to bring e-money into scope

E-money products and CBDCs are brought into scope with the aim of ensuring a level-playing field between digital money products and traditional bank accounts and to ensure consistent reporting outcomes.

The definition of depository institution is amended to include in addition to entities that "accept deposits in the ordinary course of a banking or similar business," any entity "that holds Specified Electronic Money Products or Central Bank Digital Currencies for the benefit of customers." This means that any organization that holds cash on deposit will potentially be in scope as an FI – and is likely to have an impact on organizations beyond e-money.

The rules also introduce the concept of "Specified Electronic Money Products," which mirrors e-money definitions in other regulations.

The rules are amended so that any institutions/accounts that are brought into scope as a result of this change (or any other change) would be pre-existing accounts if they opened before the future implementation date, giving two years from that date to complete reviews, self-certifications, etc.

Two new categories of Excluded Accounts are added for products considered to be low-risk:

  • Specified Electronic Money Products whose value does not exceed US$10,000 on a rolling 90-day average
  • Specified Electronic Money Products that are created solely to facilitate a funds transfer pursuant to instructions of a customer and that cannot be used to store value for more than 60 days

Changes to improve compliance

The amendments to the CRS include:

  • Incorporation of the existing Frequently Asked Questions issued by the OECD
  • Incorporation of rules for "golden passports" based on the OECD's Residence by Investment/Citizenship by Investment lists
  • Updates to Know Your Client rules to allow the use of Government Verification Services and related IDs in place of TINs (which mirror provisions introduced in DAC7)
  • Updates to align anti-money laundering rules for controlling persons with FATF requirements
  • Updates to language related to self-certifications stating that jurisdictions should have "strong measures" in place to ensure that self-certifications are collected from all customers. Recent developments as a result of the ongoing OECD peer reviews suggest that strong measures may include freezing orders, or penalties for customers who do not provide information when requested
  • Extension of reporting to include:
    • Flags for new and pre-existing accounts
    • A flag for accounts without a self-certification - introduction of this may overlap with new reporting obligations introduced by jurisdictions such as France, Germany and Guernsey for holders without self-certifications
    • Reporting of the role of Controlling Persons - there will be a two-year transitional period to allow time to collect and maintain this information in a readily available, electronic manner
    • A flag for joint accounts and the number of account holders (this information can be derived from a financial institution's return, but where the account holders are resident in different jurisdictions it cannot be determined by the receiving tax authority)
    • The type of Financial Account (Depository, Custodial, etc.) being reported


Much of the Framework remains the same as the draft rules published for consultation in March, which were viewed by many as requiring substantial changes to customer onboarding, data capture and reporting capabilities.

Following the introduction of the CRS, the global benchmark for implementation projects of this scale and scope is estimated at around 18 months. These will require changes to customer experience as well as legal terms and conditions, communications, customer support and public documents. While many service providers might expect to have better data capture and transformation capabilities than traditional financial institutions, the CARF will present other implementation challenges, including the imposition of data collection within a new decentralized environment.

Affected Crypto-Asset Service Providers should start to assess the scale of changes that will be required and begin implementation efforts as soon as possible, in order to be ready to respond to any early adopting jurisdictions.

Many financial institutions will need to consider both the CARF and the CRS changes across their organizations. While some of the CRS changes have been anticipated, there are likely to be substantial data uplift requirements to comply with reporting changes and the addition of new data elements. At the same time, many financial institutions may expect to be offering crypto-currency or digital assets by the time that CARF is introduced and should engage with the rules and tax authorities now in preparation for future years.



For additional information with respect to this Alert, please contact the following:

Ernst & Young GmbH Wirtschaftsprüfungsgesellschaft, Hamburg

Ernst & Young Belastingadviseurs LLP, Amsterdam

Ernst & Young LLP, Oslo

Ernst & Young, Singapore

Ernst & Young LLP (United Kingdom), London

Ernst & Young LLP (United States)



  1. See EY Global Tax Alert, OECD releases Consultation document: Crypto-Asset Reporting Framework and Amendments to the Common Reporting Standard, dated 12 April 2022.