Accidental CARF: How Financial Institutions Can Fall into Scope Without Realising

There are many compliance and tax teams in the financial industry hoping that CARF, the OECD’s new crypto-asset reporting regime, won’t affect them. I understand why: It relates to crypto, not traditional financial assets, and they would know if they are trading in crypto. But it can be surprisingly easy to accidentally fall into the CARF net, and not so easy to get back out of it.

What is in scope?

As a reminder, CARF is being implemented into domestic law across many different participating jurisdictions starting in 2026, with the first exchanges of information between tax authorities occurring in 2027 (several jurisdictions have delayed this a year). It requires crypto-asset service providers (CASPs) to report to the local tax authorities, mostly annually, on crypto-asset users and their relevant crypto-asset transactions.

Relevant crypto-asset transactions include:

• Crypto to fiat exchanges,

• Crypto to crypto exchanges,

• Transfers of crypto (e.g. between wallets), and

• Reportable retail payment transactions over a threshold

A CASP is someone, including individuals, who provides a service effectuating Exchange Transactions for, or on behalf of, customers. This includes acting as a counterparty, or as an intermediary, to such Exchange Transactions, or by making available a trading platform.

This is quite a broad definition. And, although CRS has been amended to pick up on a number of services that are considered more traditional financial products, there are still a number of ways a financial institution could “accidentally” become a CASP and fall within the scope of CARF.

Offering custody or safekeeping for crypto-assets

Traditional financial institutions are increasingly holding digitized tokens, tokenized assets, or NFTs held as collateral, to mention only a few ways crypto-assets can hit the traditional financial market. But in doing so, they are often accidentally effectuating exchanges or transfers in those crypto-assets and so acting as a CASP.

Custody by itself does not automatically make you a CASP, but if you effectuate transfers or exchanges, you may be in scope. What matters here is the ability to control the transfer of the asset or act as an intermediary. Once you are in the chain of the movement of the asset, you can get caught by CARF and be required to not only report, but to perform the due diligence on reportable persons also.

Facilitating transfers

Many banks operate payment services, trading systems, or OTC desks that may have started to occasionally process crypto-assets through their systems. Before CARF was introduced, there would be no issue in combining crypto into these services; in fact, it would have been efficient to do so. But, as CARF begins to be implemented from 2026, it is more important to know what is being processed and put sufficient guardrails in place to ensure that services provided are compliant with the relevant FI’s policies and procedures.

Investments in tokenized or crypto-linked products

Although CRS has made it so that certain crypto-asset products fall under its regulation instead of CARF, it is still possible for some FIs to fall foul of those differentiators.

Tokenized money-market funds shares are typically within the scope of CRS (as a financial account or security), not CARF. CARF can apply where the instrument is a relevant crypto-asset outside of CRS, e.g. not a Central Bank Digital Currency nor a Specified Electronic Money Product, and not otherwise treated as a CRS financial account. Classification of investment products will always be based on an entity’s facts and circumstances and will be dependent on the jurisdiction in which it is resident.

What can you do to stop this from happening?

If falling into the net of CARF is not something your organization wants to do, then, as with so many things, knowledge and control are power:

• Know the rules

• Educate your staff

• Put safeguards in place to stop relevant transactions from occurring

• Segregate crypto and non-crypto businesses in separate legal entities

• Document everything

What if you are caught?

As noted above, CASPs are required to submit regular reports to their local tax authority disclosing user and transaction information, and it is your responsibility to be compliant. If your regulator is asking why you have not done it, it’s too late.

In order to know who to report, you must first know who your customer is. And it is here that TAINA can help.

TAINA’s CARF solution, soon to be released will assist CASPs in:

• Gathering self-certification documents from crypto-asset users

• Validating those forms against regulatory requirements and your own books and records

• Monitoring for changes in circumstances

• Preparing exports to make reporting as easy as possible

In short, TAINA can help ensure your compliance. If you’d like to discuss TAINA’s upcoming solution for CARF, get in touch or request a demo to see it in action.

To stay up to date with our latest insights on tax compliance, automation and regulatory change, sign up for our industry newsletter.