The crypto market has grown rapidly, passing the US$4 trillion mark in July 2025. With it, a new set of risks is arising, as users of cryptos can hold these assets and transfer them without using traditional financial institutions and without any centralised authority – and outside the scrutiny of tax authorities.
To address the concern that crypto assets are being used for tax-evasion purposes and to facilitate tax collection by local authorities, the OECD has developed its Crypto Asset Reporting Framework (CARF) in collaboration with the G20. CARF comes into effect from 1 January 2026.
CARF is based on the same principles as the OECD’s Common Reporting Standard (CRS), which was launched in 2014 to help tackle tax evasion and promote international transparency. The CRS has been adopted by more than 100 countries to report information about financial accounts held by tax residents of other jurisdictions.
The framework will bring into scope a new set of intermediaries and asset types
CARF consists of rules and commentary around crypto assets, setting out the transactions and information that are subject to reporting, the obligations of financial institutions, and due diligence process and other controls.
It was considered necessary to establish a framework in addition to CRS, as the standard applies only to traditional financial institutions; the framework, however, will bring into scope a new set of intermediaries, business models and asset types offered by crypto assets service providers. Until now, such institutions have not been required to report the relevant accounts or assets held by their clients.
Participating jurisdictions will sign a multilateral competent authority agreement on the automatic exchange of information. They will then have to adopt the requirements into domestic law and oversee compliance.
What’s in scope
The framework sets out what is considered a relevant crypto asset – ie the assets and transactions that will give rise to the reporting requirements.
The definition focuses on the use of cryptographically secured distributed ledger technology, but also uses the term ‘similar technology’ to cover the evolving landscape. It therefore includes the assets that can be transferred using distributed ledger technology and without the use of traditional intermediaries.
Reporting requirements
Reporting entities must disclose the following:
- ‘Know your customer’ details (name, address, date of birth etc) and taxpayer identification number (TIN) of each reportable user
- each type of crypto asset for which it has executed transactions during the reporting period
- aggregate gross amount paid/received – the aggregate number of units and the number of transactions in respect of acquisitions/disposals against fiat currency
- aggregate fair market value of the aggregate number of units and the number of transactions in respect of acquisitions/disposals against other crypto assets
- aggregate fair market value of the aggregate number of units and the number of reportable retail payment transactions, subdivided by transfer
- the aggregate fair market value, as well as the aggregate number of units, in respect of transfers by the reportable crypto asset user effectuated by the reporting crypto-asset service provider to wallet addresses not known.
Examples of crypto assets include stable coins, derivatives issued in crypto asset form and non-fungible tokens (NFTs). There are also some crypto assets that will not have to be reported by the relevant entities. These exclusions are:
- crypto assets that cannot be used for payment or investment purposes
- central bank-issued digital currencies that represent a claim in fiat currencies
- specified electronic money products that represent a single fiat currency redeemable at any time in the same currency at par value.
The framework’s scope, as mentioned, includes intermediaries and service providers that facilitate exchange between relevant crypto assets and play a role within the market. This includes crypto exchanges, brokers and dealers in relevant crypto assets, custodians, asset managers and other relevant intermediaries. CARF terms these entities ‘reporting crypto asset service providers’ (RCASPs).
Purely decentralised platforms (such as decentralised wallet software, for example) that operate without an entity exercising influence or control will most likely fall outside the definition, as will entities that only provide data transfer services and do not act as an intermediary, and those that only engage in validating transactions (such as crypto miners).
CARF requires RCASPs to report:
- exchanges between relevant crypto assets and fiat currencies
- exchanges between different relevant crypto assets
- transfers of relevant crypto assets, including reportable retail payment transactions subject to a certain threshold.
See the panel for what the reporting crypto asset service providers will be required to report to the respective authorities.
Obligations
Financial institutions will need to ascertain if they qualify as a reporting crypto asset service provider or not. If they do, they need to establish a compliance programme for the implementation of CARF. This should include:
- setting policies and procedures
- identifying relevant crypto assets
- designing self-certification documents to obtain the required information
- checking the reasonableness and validity of self-certification documents
- implementing due diligence of their existing customer base (both individuals and entities); these procedures are based on the same framework as CRS and rely on self-certification
- submitting annual reports to the relevant authorities
- providing training and awareness to relevant team members
- appointing independent auditors to provide assurance on the implementation of CARF.
Way forward
According to the OECD’s November 2025 update on CARF, 50 jurisdictions have committed to implementing the framework to commence exchanges in 2027, and 23 jurisdictions have committed to doing so in 2028. Most of these countries have initiated a consultation process with the relevant stakeholders to start designing the local framework.
In order to remain ahead of the curve, entities associated with crypto assets should start to evaluate the impact of CARF on their operations, as it is going to impact their front-end systems (obtaining the required information) as well as the back-end systems (reporting and monitoring). Once impact assessments have been carried out, entities should formulate a compliance programme to implement the framework.
