Approval of the Cryptoasset Reporting Framework Is a Step in the Right Direction

Over the years, cryptoassets have been steadily moving into the mainstream, as witnessed by a market cap close to $3 trillion at the end of 2021, followed by a crypto winter in 2022.

Success and volatility bring attention, which in turn brings accountability. Regulators worldwide have been focusing on the relevant aspects of cryptoassets for several years now. The World Bank Group issued a report in 2017,¹ followed by the European Central Bank,² the Federal Reserve,³ the Financial Action Task Force,⁴ and several others.⁵ In 2021 the U.S. Infrastructure Investment and Jobs Act added digital assets to the U.S. tax reporting framework, including broker-to-broker reporting and broker-to-non-broker reporting, and on October 5 the EU Permanent Representatives’ Committee endorsed a compromise text of a proposal to regulate markets for cryptoassets (COM(2020) 593 final), which should soon be approved by the EU Council.

On March 22 the OECD released for public consultation the cryptoasset reporting framework (CARF) to introduce a framework for collecting and exchanging tax-relevant information on cryptoassets. Comments on the discussion draft were due by April 29, and a public consultation meeting was held on May 23 in Paris. On October 10 the OECD released the final version of the CARF, which was endorsed by the G-20 finance ministers at their meeting on October 12-13.

This article outlines the contents of the final CARF, the main differences from the discussion draft, and the next steps and key issues for implementation.

The CARF Model Rules

The CARF model rules will be implemented at the national level. Those rules have been designed around four building blocks: cryptoassets covered, in-scope intermediaries, transactions and information to be reported, and due diligence requirements.

Cryptoassets Covered

The final CARF definition of cryptoasset is more aligned with the definition of virtual asset developed by the Financial Action Task Force (FATF) and implemented for anti-money-laundering and know-your-customer (AML/KYC) purposes in several countries. The model rules refer to “a digital representation of value that relies on a cryptographically secured distributed ledger or a similar technology to validate and secure transactions” that is not a “Central Bank Digital Currency, a Specified Electronic Money Product or any Crypto-Asset for which the Reporting Crypto-Asset Service Provider has adequately determined that it cannot be used for payment or investment purposes.”

The definition in the discussion draft referred to a “digital representation of value that relies on a cryptographically secured distributed ledger or a similar technology to validate and secure transactions” that is not a “Closed-Loop Crypto-Asset or a Central Bank Digital Currency.” That did not align with the FATF AML/KYC definition of virtual asset, which refers to “a digital representation of value that can be digitally traded, or transferred, and can be used for payment or investment purposes.” Many commentators noted that the draft’s definition was too broad because it would have included cryptoassets that are not used for payment or investment purposes. Departing from the FATF definition would have increased compliance costs and could have led to mismatches between the AML and tax reporting framework. The lack of reference to the phrase “payment or investment purpose” would have broadened the range of covered cryptoassets with potentially little benefit to tax administrations. For example, tokens acquired for neither investment nor payment purposes, such as governance tokens, sports fan tokens, gaming tokens, and several others that should not pose any tax compliance problems, would have been within the scope of the CARF.

In determining whether a cryptoasset can be used for payment or investment purposes, the commentary to the final rules clarifies that covered intermediaries may first rely on the FATF classification for determining whether a cryptoasset is a virtual asset. If it meets that definition, the cryptoasset will be considered within the scope of the CARF; otherwise, the intermediary must determine whether the cryptoasset can be used for payment or investment purposes. The commentary clarifies that cryptoassets that represent financial assets or are subject to financial regulation are covered by the CARF. The same applies to non-fungible tokens (NFTs) traded on a marketplace, while NFTs not traded on a marketplace must be assessed case by case based on their nature and function. NFTs allowing a holder to visualize virtual objects, such as pets, avatars, and images, should not be covered because they cannot be used for payment or investment purposes. Similarly, an NFT that embodies digital access credentials granting the holders exclusive benefits should not be covered under the CARF definition. Overall, it seems that the reference to the fact that an asset is traded on a marketplace should not always determine that the asset is for investment or payment purposes. We believe that the term “traded” used in the commentary should be understood in the sense that it is actually “actively” traded: indeed, it does not seem conceivable that an NFT simply put on a marketplace, and not actively traded, may qualify for investment or payment purposes. In addition, the expected implementing guidance should give consideration to the fact that reporting should be due only if the intermediary is so required under the applicable AML rules. Otherwise, the risk of a broad interpretation of the term is to render the reference to “payment or investment use” meaningless in practice. Clarifications on that would be welcome.

The final version of the model rules retains the exclusion of central bank digital currencies from the CARF and carves out specified electronic money products. Reporting on those assets is ensured under the OECD common reporting standard.

The discussion draft also excluded from scope so-called closed-loop cryptoassets. The final rules deleted that express exclusion because the reference to “payment or investment purposes” makes it redundant. The commentary states that cryptoassets operating in a limited fixed network or environment beyond which they cannot be transferred or exchanged in a secondary market outside the closed-loop system, and cannot be sold or exchanged at a market rate inside or outside the closed loop would be outside CARF’s scope. It might be useful to clarify the meaning of “market rate” in this respect and to provide examples of assets that are and that are not in scope. For example, we would struggle to understand the interest in obtaining information regarding in-game NFTs that players of a gaming community can exchange among themselves.

Overall, the changes made to the definition of cryptoassets are welcome and, in our view, have the potential to strike the right balance between the need for information at the level of tax administrations and the efforts that intermediaries must undertake to comply with the model rules. As indicated above, clarifications are needed to align the interpretation contained in the commentary with the objective of the updated definition — that is, to ensure that covered cryptoassets will also fall within the scope of the FATF recommendations, ensuring that intermediaries’ CARF due diligence requirements can build on existing AML/KYC obligations.

In-Scope Intermediaries

The new rules’ definition of intermediaries in scope is largely unchanged from the one in the discussion draft. Specifically, intermediaries that “as a business provide services effectuating Exchange Transactions in Relevant Crypto-Assets, for or on behalf of customers, including by acting as a counterparty, or as an intermediary, to such Exchange Transactions, or by making available a trading platform” fall within scope of the CARF. In other words, custodians and pure wallet providers are not included unless they also act as crypto exchanges or brokers/dealers or as operators of cryptoasset ATMs.

The commentary also includes important clarifications regarding the rules’ application to decentralized finance (DeFi) — that is, when an intermediary makes available a trading platform through which exchanges of cryptoassets are effectuated in a decentralized manner. The commentary explains that an intermediary is considered to make available a trading platform if it exercises control or sufficient influence over the platform. Those concepts should be assessed based on the FATF guidance, which provides that factors to be taken into account include whether any party profits from the service or has the ability to set or change the guidelines for identifying the owner/operator of a DeFi arrangement.⁶

Regarding nexus, intermediaries are subject to the due diligence and reporting requirements in a jurisdiction if they:

• are resident for tax purposes in the jurisdiction;

• are incorporated or organized under the laws of the jurisdiction and have either legal personality or an obligation to file tax returns or tax information returns to the tax authorities there;

• are managed from the jurisdiction; or

• have a regular place of business in the jurisdiction.

The nexus criteria are built in hierarchical form so that if the intermediary has nexus in more than one jurisdiction, there is no duplicative reporting, with reporting taking place in the jurisdiction where the nexus is deemed stronger.

Transactions and Information to Be Reported

The CARF model rules provide that information on the following transactions must be reported:

• crypto-to-fiat exchanges;

• crypto-to-crypto exchanges; and

• transfers of cryptoassets, including reportable retail payment transactions.

Crypto-to-fiat exchanges refer to the exchanges between cryptoassets and fiat currencies, while crypto-to-crypto exchanges involve exchanges between forms of cryptoassets. Transfers of cryptoassets involve a transfer of a cryptoasset to or from one cryptoasset user’s address or account that cannot be confirmed by an intermediary as a crypto-to-crypto or crypto-to-fiat exchange. They also include reportable retail payment transactions, meaning transfers of relevant cryptoassets in consideration of goods or services for a value exceeding $50,000.

For reportable retail payment transactions, the new framework provides that when an in-scope intermediary accepts payments on behalf of a merchant, it must treat the merchant’s customer as a reportable user if the intermediary must verify the customer’s identity under the AML/KYC rules. That is a welcome change that focuses on high-value transactions: The discussion draft envisaged reporting information on all reportable retail payment transactions. Clearly, that would have posed significant reporting difficulties for intermediaries that do not have a business relationship with merchants’ customers and would have flooded tax authorities with less-than-useful information about low-value transactions. The final CARF rules say that topic will be monitored and further technical work will be carried out to ensure adequate tax reporting on cryptoassets used for the purchase of goods or services.

Covered intermediaries must report the following information on an aggregate basis, subdivided by type of cryptoasset involved:

• for crypto-to-fiat exchanges, the gross amount paid (received) and the number of units and transactions;

• for crypto-to-crypto exchanges, the fair market value and the number of units and transactions; and

• for transfers of cryptoassets, including reportable retail payment transactions, the FMV and the number of units and transactions.

For transfers of cryptoassets to wallet addresses not known to be associated with covered intermediaries (so-called unhosted wallets), CARF requires reporting of the aggregate FMV, as well as the aggregate number of units. The final version removed the obligation to report the addresses of external wallets that do not represent accounts held with covered intermediaries. More detailed information will be accessible to tax authorities under information exchange on request. For that reason, covered intermediaries must collect and keep for at least five years any external wallet address involved in a transfer of cryptoassets that is not known to be associated with a covered intermediary. That is a positive development, given that full reporting of all external wallet addresses would have gone much further than the CRS, creating privacy concerns. Indeed, providing wallet addresses would have amounted to obtaining transactional details of a person’s credit or debit card payments. The guidance in the final CARF version allows access to that granular information only when actually needed — for example, in the context of an investigation.

Due Diligence Requirements

Due diligence under CARF is now aligned with the CRS process. It requires covered intermediaries to obtain a self-certification for determining cryptoasset users’ tax residence and confirm the reasonableness of that certification given the information obtained by users and the documentation collected for AML/KYC purposes.⁷ Further, if a covered intermediary has performed due diligence under CRS, it may rely on that due diligence to fulfill its obligations under CARF. It may also rely on the documentation collected either for other tax purposes⁸ or by a third party with whom it has appropriate contractual arrangements.

The discussion draft’s due diligence procedures were not fully aligned with those of the CRS. Had that remained the case, it would have created practical issues regarding, for instance, the validity of users’ self-certification, which for CARF lasted 36 months but was indefinite under the CRS. Consistency between the CARF and CRS requirements is pivotal to ensure that covered intermediaries can run due diligence procedures efficiently and consistently for both regimes. It is therefore helpful that their rules are now aligned.

Next Steps

While CARF approval is a major step forward, technical issues will have to be monitored, implementing guidance will have to be issued, and IT systems and the appropriate legal framework will have to be designed. Details will have to be provided on how to ensure a level playing field within an appropriate time, and countries will have to address issues closely linked to the introduction of the tax reporting framework.

Remaining Items

Following the approval of the model rules, work is underway to develop the framework of bilateral or multilateral competent authority agreements for exchanging information, together with relevant IT solutions, which will have a huge impact on the cost of compliance for intermediaries, as well as on the effective use of information received by tax authorities. Experience with the CRS will certainly be of help: Coupled with the use of other technologies, it has the potential to make everyone’s (tax) life easier.

The OECD has also committed to monitor developments and provide further guidance on topics such as the criteria for adequately determining when a cryptoasset can be used for payment or investment purposes and the application of the model rules in the context of DeFi and retail transactions.

Implementation Timeline and Level Playing Field

The CARF model rules do not contain details on the timing of implementation, which will likely be left to domestic law. Intermediaries’ IT systems by which data are collected, stored, and transmitted will need major modifications. It is essential that countries enact CARF-consistent legislation with substantial lead time. Experience (with the CRS and the U.S. Foreign Account Tax Compliance Act) shows that a minimum of 18-24 months is needed between approval of the rules and an update of internal systems to ensure compliance. That is not a way to derail the process: It is just a realistic timeline. One option may be to introduce a simplified reporting regime for the first three years of operation — for example, by requiring the reporting of a cryptoasset user’s name, taxpayer identification number, account number, and value maintained by the covered intermediaries.

The new framework provides that jurisdictions must have rules and administrative procedures in place to ensure effective implementation of and compliance with CARF reporting and due diligence procedures. It is therefore likely that the regime will also be subject to peer review, with the identification of potential defensive measures to be used against jurisdictions that do not comply with the rules. A level playing field is key to ensuring a fair framework and avoiding putting those that comply with the rules at a competitive disadvantage with those that do not. Establishing how to identify jurisdictions of relevance will be particularly important because the CARF criteria might not coincide with those applied for the CRS. That depends strictly on the domestic legal framework and is particularly relevant for countries that have banned cryptoassets.

Other Considerations

It is imperative that countries introduce rules or publish comprehensive guidance regarding the substantive tax treatment of the acquisition, holding, and disposal of cryptoassets. Given the various technical issues at stake, it would seem logical to clarify the tax treatment of cryptoassets while also introducing information reporting obligations. That should preferably be done via legislation, taking into account developments in other areas to ensure coherence among different fields. It is therefore a welcome development that the OECD has announced that work will be carried out in this area, possibly updating the 2020 report on taxing virtual currencies to include cryptoassets such as NFTs.

More coordination of the domestic tax treatment of cryptoassets would be beneficial. On October 4 the European Parliament adopted a resolution (2021/2201(INI)) recommending coordination, calling on the European Commission to assess how EU states tax cryptoassets and attempt to avoid tax fraud and evasion using those assets and underlining best practices and potential loopholes for doing so.

As the tax treatment for cryptoassets becomes clearer and a reporting framework is put in place, voluntary disclosure initiatives should be considered using hindsight. Tax rules have been unclear, and intermediaries have been neither reporting relevant information nor applying any withholding, so it is likely that income or assets might have not been reported or taxed. If voluntary disclosure programs sprouted in the wake of the CRS to rectify obligations connected to offshore assets, voluntary disclosure initiatives for cryptoassets appear even more likely — and likely to offer a clean slate — given the uncertainty often surrounding the treatment of crypto. That would also ensure that as many taxpayers as possible become part of the new reporting framework. Amounts involved may be substantial — an issue particularly relevant given many jurisdictions’ financial conditions.

Finally, attention could be paid to the possible use of blockchain for implementing CARF (and potentially the CRS). The underlying technology offers many opportunities for tax administrations, as recognized in the above-mentioned EP resolution, which invites the European Commission to continue evaluating the operational impact and tax governance aspects of blockchain and other distributed ledger technologies. Cryptography and distributed ledgers could power CARF and eventually the CRS, as well as pillars 1 and 2 of BEPS 2.0, once implemented. All those initiatives could benefit from a permissioned blockchain in which all actors contribute to make the infrastructure secure and efficient.