OECD releases Consultation document: Crypto-Asset Reporting Framework and Amendments to the Common Reporting Standard

Local contact

EY Global

Executive summary

On 22 March 2022, the Organisation for Economic Co-operation and Development (OECD) published a Public Consultation Document (pdf) which proposes new and amended reporting requirements covering reporting of crypto-assets and e-money as well as containing broader revisions to the existing Common Reporting Standard (CRS).

The consultation contains two main proposals:

  • Introduction of a Crypto-Asset Reporting Framework (CARF) that would bring cryptocurrency and other crypto-assets into scope for reporting. The obligation would largely fall on intermediaries which allow the exchange of crypto-assets into currency or other assets, facilitate reportable payments or allow for the transfer of crypto-assets.
  • Revision of the existing CRS to include e-money providers, as well as revisions to the rules that are intended to improve compliance and reflect developments since the introduction of the CRS in 2014.

The public consultation will run until 29 April 2022, with the OECD planning to release proposals for new rules in October 2022. There would need to be a new Multilateral Competent Authority Agreement (MCAA) to implement the CARF on a global basis which is likely to be published together with the proposals in October 2022.

The consultation does not indicate the proposed timeline for adoption. However, given the recent adoption timelines for other exchange of information regimes, there could be early adopting jurisdictions that put rules in place from 1 January 2024.

Detailed discussion

The OECD first introduced the CRS in 2014, building on the United States Foreign Account Tax Compliance Act (FATCA) regime. In overview, those rules require banks and other financial institutions to report on assets that they hold for clients who are resident outside of the country. The information is reported to their local tax authority, which then exchanges that information with other participating jurisdictions.

Since 2016, more than 100 countries have signed up to participate in the CRS. In the European Union (EU), those rules were adopted through an amendment to the Directive on Administrative Co-operation in the field of taxation (DAC), commonly referred to as DAC2.

Those rules have recently been repurposed to require reporting by digital platforms on their sellers, with the digital platform rules expected to be adopted first in the EU (through the 6th amendment to the DAC (DAC7)) and the United Kingdom from 2023.

Like the CRS before it, the CARF would require an MCAA to implement, signed by adopting jurisdictions. That would make it the fourth such agreement – after CRS, Mandatory Disclosure and the new rules for reporting by digital platforms. To implement the CARF, jurisdictions would need to transpose the rules into domestic law which means, as with the CRS, we are likely to see nuances in interpretation and requirements across adopting jurisdictions.

The updates to the CRS do not appear to require re-signing of the MCAA – although they would need to be implemented into local law in over 100 jurisdictions (as would the CARF).

The Crypto-Asset Reporting Framework

The proposed CARF is substantially based on the model of the CRS. However, rather than requiring reporting on assets that are held, it would require reporting on certain transactions. The consultation document indicates that this step was intended to ensure that assets that are transferred to cold-wallets or decentralized applications, and therefore away from institutions with reporting obligations, would not disappear from the reporting net.

The rules have a wide scope of both transactions and providers. The aim appears to be to capture all businesses operating within the crypto-space, including those that are currently only subject to limited regulatory oversight, although some decentralized finance (DeFi) applications may not be covered even if this is the intention.


The obligations under the Framework apply to “Reporting Crypto-Asset Service Providers” (CASPs) which includes any individual or entity which as a business provides a service to “effectuate” for or on behalf of customers a Reportable Transaction including making available a trading platform. It is noted that these providers are expected to also fall within the scope of obligated entities for FATF1 purposes (i.e., virtual asset service providers), so they should be in a position to collect and review documentation from their customers, including AML/KYC2 documentation.

This appears to be deliberately wide to cover a wide range of services – although as set out above there are likely to be questions about organizations that provide access to DeFi transactions.

Software solutions which allow you to interact with the blockchain appear to be out of scope since it is not the business which effectuates the transaction, although there are likely to be cases where it is unclear whether a business effectuates a transaction and further guidance would be welcome.

There are no specific rules for Decentralized Autonomous Organizations (DAOs), which would mean that the application of the rules may depend on the underlying legal interpretation of the DAO’s structure; again, in the case of DAOs with no legal personality there may be some debate about whether individuals involved are effectuating transactions.

CASPs are required to report four categories of Relevant Transactions:

  • Exchanges between Crypto-Assets and fiat currency
  • Exchanges between one or more forms of Crypto-Assets
  • Reportable “Retail Payment Transactions” – which covers the use of Crypto-Assets as payments for goods and services and requires such payment processors to treat the customer of the merchant as its own customer. This requirement is potentially subject to an unspecified de minimis amount which is included as a point for consultation
  • Transfers of Crypto-Assets

There are similarities here to the evolving approach under anti-money laundering rules which initially targeted the point of exchange between fiat and crypto and increasingly are targeting the point of transactions.

Particular Crypto-Asset considerations
  • Non-fungible Tokens (NFT) – The Framework explicitly applies to NFTs, which notably may bring a token into reporting even where the underlying asset would not be reportable under CRS (e.g., works of art). Given the definitions of CASP and the Relevant Transactions, NFT marketplaces are expected to be in scope of the rules.
  • Utility tokens – The Framework introduces the idea of “Closed Loop Crypto-Assets,” which covers a portion of tokens which are commonly referred to as utility tokens – which are excluded from reporting where they can only be converted to fiat currency by a Participating Merchant redeeming the token, and not by the holder.
  • “Gas” and smart contracts - There are exemptions for “other uses of cryptographic technology that are not digital representations of value,” i.e, reporting is not required just because blockchain technology is being used. However, the construction of the rules means smart contracts and “gas” written on a blockchain that also is a store of value would likely be reportable. As an example, the Ethereum blockchain doesn’t just represent a value-store but can also be used to build smart contracts or other networks on the platform. In such cases, Ether transactions may represent the transfer of information rather than value, and arguably don’t represent a meaningful transfer of value. They also require “gas," a small amount of Ether which is used to pay the miners for each operation of the system – this could result in very large volumes of reporting of small transactions.

    The use of blockchains which are not value stores are excluded – but it appears that exclusion must apply to the entirety of the blockchain, not a specific use case.
  • Tokenization of assets – Interestingly, the CARF notes that financial assets (for the purposes of the CRS) retain their status as financial assets even when issued in crypto form. There are rules to avoid duplicative reporting, but the CARF takes precedence over the CRS. That means that where a tokenized asset is held directly by the investor it would be reported under the CARF. Where it is held through an intermediary such as a bank, it would be reported under CRS for as long as it is held, and under CARF when it is disposed of.

    This differs slightly from regulatory positions, for example, the proposed EU Financial Markets in Crypto-Assets Regulations (MICA) suggest that coins that otherwise qualify as financial instruments should be regulated in the same way as those underlying financial instruments.
  • Central Bank Digital Currencies – CBDCs would be specifically excluded, and instead are included within the definition of a depository account which is reportable by a “traditional” financial institution. There’s a need to consider whether this encompasses all models for CBDCs, although arguably if there were to be a non-intermediated CBDC then the central bank would have direct access to ownership records.
  • DeFI - The rules do not make a clear reference to DeFi – but aim to bring into scope a wide range of providers that “effectuate” transactions.
Requirements for Crypto-Asset Service Providers

Beyond the scoping provisions above, the rules would provide a familiar landscape for the obligations of service providers based on the CRS which includes:

  1. Collection of self-certifications of tax residence and TIN(s) from all customers and/or the natural persons controlling certain entity customers
  2. Checks of reasonableness of those self-certifications against other information held
  3. Monitoring for change of circumstances
  4. Reporting in an xml format to the domestic tax authority who will exchange with other tax authorities

As a departure from the CRS, self-certifications would expire after three years and would need to be reviewed and the information re-confirmed by the customer. In addition, accounts which do not have a valid self-certification would be required to be frozen (either post expiry of a self-certification or following a change of circumstances with respect to the self-certification obtained). CASPs would not be permitted to conduct Relevant Transactions without a valid certification. These rules are similar to the rules for digital platforms.

One notable addition to the rules is the potential inclusion of wallet addresses when reporting the transfers of crypto. A number of tax authorities have debated and explored the potential for de-anonymizing blockchains, and the exchange of wallet addresses would be a substantial step toward this. There are likely to be a significant data privacy concerns around this requirement.

Notable exclusions

The digital platform rules (DAC7 and the OECD Framework) require reporting on all sellers regardless of jurisdiction, and therefore also remove the need to obtain a self-certification of tax residence. CASPs may want to consider the relative merits of following either the rules for financial institutions or the rules for digital platforms when considering how to respond to the OECD consultation.

The Framework does not provide any details on potential enforcement. Like the new rules for digital platforms, there is likely to be a substantial burden on tax authorities to ensure that all CASPs are complying with the obligations. Unlike the CRS, where most financial institutions are required to be regulated, CASPs may not necessarily be regulated under existing rules. In addition, unlike the CRS, transactions with other CASPs are reportable under the proposed rules. The OECD has specifically invited comment on whether CASPs should be excluded.

Proposed Amendments to the Common Reporting Standard

There are three main groups of proposed amendments to the CRS:

  1. Changes to manage the interaction with the CARF
  2. Changes to bring e-money and CBDCs into scope of the CRS
  3. Changes to improve compliance by organizations already in scope of the CRS
Interactions with the CARF

The proposed amendments to the CRS to manage the interaction with the CARF include:

  • Rules which state that CBDCs are depository accounts and would therefore be reportable by the customer’s bank not the central bank.
  • Clarification that Crypto-Assets can also be financial assets, and that safekeeping of those assets includes services to hold private keys, etc. This would potentially require CASPs and existing financial institutions to report on the value of Crypto-Assets held by a customer at year end, as well as reporting on transactions under the CARF. However, the rules are not amended to specifically state that a digital wallet holding cryptocurrency is equivalent to a financial account, which may leave uncertainty on the scope of reporting.
  • Providing that where reporting of tokenized assets takes place under the CARF they do not need to be included in gross proceeds reporting.
  • Addition of Crypto-Assets to the definitions of investment entities, passive NFEs, etc.
  • Changes in the definition of financial assets to include derivatives of Crypto-Assets.
Changes to bring e-money into scope

E-money products and CBDCs would be brought into scope with the aim of ensuring a level-playing field between digital money products and traditional bank accounts and to ensure consistent reporting outcomes.

The definition of depository institution would be amended to include in addition to entities that “accept deposits in the ordinary course of a banking or similar business,” any entity “that holds Specified Electronic Money Products or Central Bank Digital Currencies for the benefit of customers.” This means that any organization that holds cash on deposit would potentially be in scope as a financial institution – and is likely to have an impact on organizations beyond e-money. There is a potential, unspecific de minimis rule that could apply here.

The rules also introduce the concept of ‘Specified Electronic Money Products’ which seems to mirror e-money definitions in other regulations.

The rules would be amended so that any institutions/accounts that are brought into scope as a result of this change (or any other change) would be pre-existing accounts if they opened before the future implementation date, giving two years from that date to complete reviews, self-certifications, etc.

Two new categories of Excluded Accounts would be added for products considered to be low-risk:

  • Specified Electronic Money Products whose value does not exceed a certain de-minimis amount
  • Specified Electronic Money Products that are created solely to facilitate a funds transfer pursuant to instructions of a customer and that cannot be used to store value
Changes to improve compliance

The proposed amendments to the CRS include:

  • Incorporation of the existing Frequently Asked Questions issued by the OECD
  • Incorporation of rules for “golden passports” based on the OECD’s Residence by Investment/Citizenship by Investment lists
  • Updates to Know Your Client rules to allow the use of Government Verification Services and related IDs in place of TINs (this mirrors provisions introduced in DAC7)
  • Updates to align anti-money laundering rules for controlling persons with FATF requirements
  • Updates to language related to self-certifications stating that jurisdictions should have “strong measures” in place to ensure that self-certifications are collected from all customers. Recent developments as a result of the ongoing OECD peer reviews suggest that strong measures may include freezing orders, or penalties for customers who do not provide information when requested.
  • Extension of reporting to include:
    • Flags for new and pre-existing accounts
    • A flag for accounts without a self-certification - introduction of this may overlap with new reporting obligations introduced by jurisdictions such as France, Germany and Guernsey of holders without self-certifications
    • Reporting of the role of Controlling Persons there will be a two-year transitional period to allow time to collect and maintain this in a readily available, electronic manner
    • A flag for joint accounts and the number of account holders (this information can be derived from a financial institution’s return, but where the account holders are resident in different jurisdictions it cannot be derived by the receiving tax authority)
    • The type of Financial Account (Depository, Custodial etc.) being reported

The consultation also requests clarification on rules applicable to non-profit entities and the application of the Investment Entity definition to charities to ease the burden on charitable entities who are inadvertently caught within the scope of CRS without creating an opportunity for avoidance behaviors.

While the CARF follows DAC7 in requiring a refresh of customer data every three years, and in requiring freezing of accounts where information is not provided, neither of those proposals have been included in the CRS amendments.


The proposed CARF seeks to create an extensive reporting regime that would require most Crypto-Asset transactions to be reported, together with reporting of Crypto-Assets held in more traditional custody or deposit accounts.

With the inclusion of e-money in the CRS, and in addition to the OECD and EU rules for digital platforms, the adoption of the CARF would see a substantial proportion of the digital economy brought into the automatic exchange of information net.

More immediately, CASPs and financial institutions will wish to review the proposals closely and consider responding to the OECD consultation to highlight places where they believe the proposed rules need to be amended in order to make the proposals practicable and workable.

For additional information with respect to this Alert, please contact the following:

Ernst & Young GmbH Wirtschaftsprüfungsgesellschaft, Hamburg
  • Matthias Luther
  • Florian Zawodsky
Ernst & Young Belastingadviseurs LLP, Amsterdam
  • Dennis Post
  • Konstantina Tsilimigka
Ernst & Young Belastingadviseurs LLP, Rotterdam
  • Marlies de Ruiter
  • Maikel Evers
Ernst & Young LLP, Oslo
  • Magnus Jones
  • Linn Anker-Sørensen
Ernst & Young LLP (United Kingdom), London
  • David Wren
  • Abi Jeffreys
Ernst & Young LLP (United States), Washington, DC
  • Barbara M. Angus

For a full listing of contacts and email addresses, please click on the Tax News Update: Global Edition (GTNU) version of this Alert.