On 10 October 2022, the organisation for Economic Co-operation and Development (OECD) published the final rules and commentary of the crypto-asset Reporting Framework (CARF) as well as enhancements to the Common Reporting Standard (CRS).
Since the publication of the CRS, seven years ago, the ﬁnancial landscape has evolved, in particular with the rapid emergence of crypto-assets. The continuing commitment of the OECD, together with G20 countries, in combating tax evasion has led to the review of the initial CRS, resulting in a document covering two main aspects:
Firstly, the CARF: a new Automatic Exchange of Information framework. Widely inspired by the CRS, the aim of the CARF is to capture all transactions involving crypto-assets. Therefore, rather than reporting held assets as done under the CRS, the CARF requires reporting at transaction level.
Secondly, the existing CRS has been amended. Similar to the CARF, the new CRS now covers digital ﬁnancial products, and changes have been made to deﬁnitions such as “Financial Account” and “Investment Entity” (among others), to allow a broader scope of reporting, while avoiding duplicate reporting with the CARF. Revisions of the CRS also include enhancement of the due diligence procedures and additional ﬁelds of reporting, that will require ﬁnancial institutions to review their procedures and processes.
Which products and actors are in scope?
Relevant crypto-assets in scope of the CARF include native cryptocurrencies (such as mined cryptocurrencies), fungible tokens (such as utility tokens, stablecoins and security tokens) and non-fungible tokens. The deﬁnition used by the CARF is aligned with the deﬁnition of “Virtual Assets” given by the Financial Action Task Force (FATF). Consequently, and for tax transparency purposes, the assets that could be used for investment or payment services are in scope.
The deﬁnition of “relevant cryptoasset” mentions the use of cryptographically secured distributed ledger but also “similar technologies”, thus ensuring the inclusion of technologies that may emerge in the future.
The actors impacted by the application of the CARF, named Reporting Crypto-assets Service Providers (CASPs), include any individual or entity that, as a business, provides a service to realize a relevant transaction for or on behalf of customers, or makes a trading platform available.
What are the requirements for crypto-asset Service Providers?
The deﬁnition of CASPs is aligned with the deﬁnition of “Virtual Assets Service Providers” as provided by the FATF. Like any ﬁnancial institution under CRS, these actors need to collect and review the documentation related to CRS due diligence and reporting from their customers. Therefore, the requirements applicable to CASPs are very similar to the framework established by the CRS, and can be summarized as follows:
- Collection of self-certiﬁcation forms from all customers and/or the natural persons controlling certain entity customers. These self-certiﬁcations must include tax residences and relevant Tax Identiﬁcation Numbers (TINs)
- Checks of reasonableness of those self-certiﬁcations against information held by the CASP for other purposes (e.g., AML/KYC) and monitoring for change of circumstances
- Yearly reporting of the Reportable Users, in an XML format, to the national competent authorities (NCAs) who will then exchange with other authorities
It is not yet fully clariﬁed, but it could be expected that compliance with additional local requirements may be considered. This could include the production and maintenance of a record of steps in Luxembourg or certiﬁcations as required in other jurisdictions.
What events must be reported?
Due to the nature and functioning of a crypto-asset blockchain, reporting includes most transaction types. Reportable events under the CARF combine acquisitions and disposals; a new concept compared to the CRS which mainly focused on disposals and end-of-year asset positions.
CASPs must therefore report three main categories of transactions, each of them aggregated by type of cryptoasset, and make the distinction between incoming and outgoing transactions:
1. Exchanges between crypto-assets against ﬁat currency (acquisitions and disposals)
2. Exchanges between one or more forms of crypto-assets (crypto-to-crypto acquisitions and disposals)
3. Transfers of crypto-assets. This third category includes “Retail Payment Transactions” above a certain threshold:
- Crypto-assets used for payments (above a certain threshold)
- Any other acquisitions (e.g., drops, forks, etc.)
- Any other disposals
- Any transfers to unhosted wallets
What are the amendments to the CRS?
In addition to the inclusion of the crypto-asset universe, the publication of the OECD mainly amends CRS on the following three items:
1. Addition of digital ﬁnancial products into the scope: e-money products and Central Bank Digital Currencies (CBDCs) are now in scope of the CRS reporting. Clariﬁcations are also made to manage the interactions between the CARF and the CRS, aiming to harmonize the reporting burdens for Financial Institutions also considered as CASPs.
2. Changes to improve compliance for actors already in scope of the CRS: these changes include precisions to the existing requirements, conﬁrmation of self-certiﬁcation through a reasonableness test, especially about the due diligence and alignment with AML rules as well as any information known and related to the accountholder. Another addition to be noted is the integration of the rules of due diligence linked to the Residence/Citizenship by Investment, as recommended by an OECD guidance issued in 2018.
3. Extension of reportable information: new ﬁelds are mandatory in the yearly reports. It includes a ﬂag for new and pre-existing accounts, a ﬂag for accounts without a valid self-certiﬁcation, the obligation to report the role of controlling persons and the type of ﬁnancial account.
What are the upcoming regulatory developments?
Global adoption of the CARF is expected as from 2024 or 2025. By then, some key elements must be published and agreed, at the OECD level as well as the EU and domestic levels. From the OECD, similar to the implementation package of the CRS, we can expect the subsequent guidance and templates regarding the agreements between jurisdictions to deﬁne the framework for the exchange of information, but also a dedicated template in the speciﬁc document format being an XML schema, and related user guide, to support the exchange of information between the NCAs from an IT point of view. An implementation handbook can also be expected, to assist local authorities with the implementation of the CARF.
At the EU level, the next step is the amendment of the Directive on Administrative Cooperation (DAC) to cover the requirements set by the CARF and the amendments of CRS.
The incrementally amended Directive, also known as DAC8, will be followed by the transposition into domestic law by each Member State.
From a Luxembourg point of view, in addition to the new laws and guidance linked to the CARF that will need to be published, an amendment of the CRS law and of the technical Circular of the Administration des Contributions Directes (ECHA4) that deﬁnes the local CRS XML schema can also be expected.
Financial institutions and other CASPs in Luxembourg may already anticipate starting their implementation projects for these upcoming requirements. This preparation may include an impact analysis, implementation of procedures, adaptation of documentation, training of knowledgeable employees, update of IT systems, additional controls, and other operational changes. A reliable service provider is key in ensuring a smooth transition.