The OECD’s Crypto Asset Reporting Framework (CARF) was published earlier this week. Whilst the Framework itself remains mostly intact from the initial proposal, there have been some changes since the first draft was consulted on back in April, addressing certain aspects of data security concerns and administrative burden on the Crypto Asset Service Providers (CASPs).
What’s happening?
For those of you just hearing about it now, the CARF is, as the name suggests, a regulatory reporting framework for firms providing services in the Crypto space. It follows the Automatic Exchange of Information (AEOI) model, which may ring a bell for those Crypto providers with backgrounds in Financial Institutions, bearing many similarities to the Common Reporting Standard (CRS). It is a standalone framework, but for firms providing Crypto services that also have an existing CRS requirement, the due diligence work will not need to be duplicated. That will be a huge relief to some whilst others are just starting to appreciate the significance of these requirements and the impact on processes, procedures an controls.
In a nutshell, CASPs will now be required to collect Self-Certifications (Self-Cert) that are declarations of person/entity type and tax residency from all users on their platforms. They will be required to validate that data collected, monitor for ongoing changes in circumstance that may invalidate the data they have on file, and also submit an annual return of information back to their tax authority. The reporting is at transaction level and may be complicated to implement for some firms. If you want to understand the detail of this data collection, validation and transaction reporting better, and how to achieve it efficiently and effectively with minimal impact on your client experience , EFI can assist.
What’s New?
As expected, there’s a lot more clarity on certain definitions and activity, including much appreciated detail on the valuation of Crypto Assets, especially if there is no fiat currency involved in the transaction. But generally, if you read the original proposal, the question is “what’s missing?” rather than “what’s new?”
Wallet Addresses
In the original proposal, transfers to external wallet addresses would need to be reported alongside the wallet address itself. There was some pushback over this requirement with regard to data privacy during the consultation, and the OECD have recognised that. The wallet addresses have not made it onto the final list of reportable information, however CASPs will be expected to retain the information for at least 5 years, and potentially share it with tax authorities as part of “follow-up information” requests.
Self-Certifications
Another item CASPs will be glad to see on the cutting room floor is the 36-month renewal of Self-Cert clause. This originally would have meant that a new Self-Cert was required for every account every 3 years, regardless of any change in circumstance. The CARF now states that a Self-Cert will be valid until there is a significant change in circumstance, at which point a new Self-Cert should be requested. As per CRS, all new accounts opened from the implementation date will have to provide a Self-Cert at onboarding stages, and all accounts already on the books will have 12 months to provide the information. If, following an event of change, the user does not supply a new Self-Cert within 90 days, then the account should be reported to both the original residence declared and the suspected new residence not yet declared. It has also been clarified that a Self-Cert that does not pass initial reasonableness checks does not necessarily need a brand new Self-Cert, as with the CRS, reasonable explanations and supporting documentation are also acceptable ways to remediate the Self-Cert.
What happens now?
The OECD are working on the implementation package, which will support all adopting countries in taking a consistent approach. International cooperation is going to be vital in order for the CARF to work, and the OECD have also stated that they are doing a lot of work to ensure that as many jurisdictions as possible pick up this framework and remain aligned. No formal timelines are currently in place, but we should expect to see draft legislation being consulted on at domestic level next year – many countries will want this framework up and running as soon as 2024.
Until we see local rules landing, there’s no need for panic. But there are definitely reviews and pre-work that Crypto firms can be doing in preparation for this. If you have any questions about the CARF, or would like to discuss the potential impact on your firm and customers, please do get in touch for an informal chat. EFI is keeping a close eye on both the development of the CARF internationally and locally, we’ll keep you updated along the way.
Regulatory Expertise Manager, EFI
Ready to transform your operational compliance?