This is what it's known about John Smith.
During fiscal year 2026, John bought 35 Bitcoin for $2,500,000 and sold 25 Bitcoin for $1,700,000. That's it. That's all there is.
His net gain is unknown, and so is his loss. No idea about his acquisition cost from three years ago. No idea what he did with the remaining 10 BTC. But those two facts are known — and they are more useful than most people think.
This is CARF: the OECD's Crypto-Asset Reporting Framework. It has been designed not to calculate your taxes for you, but to give tax authorities the transaction intelligence they need to ask better questions. Here's what that actually means in practice — for the exchanges that will report to them, and for the users whose data they'll receive.
CARF is not a gains-and-losses calculator. It does not say whether John made a profit or a loss. It does not net his purchases against his sales. The framework requires reporting of aggregated transaction information — consideration paid and volumes traded — not a running tax ledger.
So, what do regulators do with the John Smith data? They use it alongside other available information to assess his overall tax position under domestic rules. In some jurisdictions, that means cross-referencing income declarations. In others, like Jersey, there is no capital gains tax — but they will still use the data for wider risk assessments and exchange it with partner jurisdictions under the CARF agreement. The data does not compute John's liability. It gives the evidence to start asking questions — especially for new accounts where no pre-CARF baseline exists.
That distinction matters enormously for Reporting Crypto-Asset Service Providers (RCASPs). You are not being asked to do tax authority work. You are being asked to report facts.
This is where most RCASPs misread the requirement — and where the answer will significantly affect reporting volume.
Imagine John bought those 35 Bitcoin in nine separate transactions across three months, each matched against a different seller on your platform. Do you report nine records?
No. Under Section II of the CARF Model Rules and the associated XML Schema, you report on an aggregated basis per Reportable User, per Crypto-Asset, and per transaction type for the reporting period. One aggregated acquisition record. One aggregated disposal record. You retain the full transaction-level detail in your own systems — but what reaches me is the consolidated picture.
This is a deliberate design choice. The OECD is not asking exchanges to dump raw order books into the schema. The schema does permit multiple entries to accommodate different transaction categories and groupings — but the intent is aggregation, not atomization.
For compliance teams designing reporting pipelines: build for aggregation. Your underlying data must be granular enough to support it, but the output should be clean, consolidated reporting per user.
This is the question keeping compliance teams up at night — and the honest answer is that classification requires careful analysis of each asset's specific features.
Here is the framework: under Section IV of the CARF Model Rules, Crypto-Assets include stablecoins, and most are within scope of CARF. However, CRS 2.0 introduced the concept of Specified Electronic Money Products (SEMPs) — a category that covers digital representations of a single fiat currency, issued for payment purposes, redeemable at par by the issuer.
Take Tether ($184 billion market cap) and USDC ($79 billion). Both are pegged to the US dollar, backed by dollars and US Treasuries, and redeemable for USD. On their face, they appear SEMP-adjacent. But the OECD Commentary indicates that most stablecoins will be reportable under CARF — with classification depending on whether each asset meets the precise SEMP criteria under CRS.
The practical implication: don't assume. Conduct asset-by-asset classification analysis, document your reasoning, and apply the framework accordingly. If your exchange holds USD cash balances alongside crypto holdings, the reporting treatment of that fiat balance will follow standard CRS rules for Financial Accounts — a separate question from the crypto reporting under CARF.
This is a complex area. Seek professional advice. But do not wait for perfect clarity before beginning your implementation work — because the deadlines will not wait.
This one trips up almost every financial institution entering the crypto space.
If a user's account on your exchange is denominated in cryptocurrency — and both the purchase and sale of Bitcoin were funded using crypto already held on that account — there is no reportable account for CRS purposes. Your exchange is not a Reporting Financial Institution in that scenario. It is, however, an RCASP for CARF.
The CARF reporting in that case covers: (a) the aggregated value of Bitcoin acquisitions (35 BTC for $2,461,500), and (b) the aggregated value of disposals. There are no account balances reported under CARF — only transaction activity.
The picture changes if your exchange holds fiat currency balances. USD cash held on a Binance, Coinbase, or Kraken account may constitute a Financial Account under CRS, with the associated account balance reporting obligations running in parallel to CARF. These two frameworks are not mutually exclusive — the nature of each transaction and how it is funded determines which regime applies.
Here is where CARF departs most clearly from how many exchanges currently handle due diligence.
If a user is acting as an agent, custodian, nominee, or trustee for another party, you do not treat the intermediary as the Crypto-Asset User. Instead, you identify and report the individual or entity on whose behalf the relationship is maintained. A trustee holding Bitcoin for the benefit of a trust structure is not the reportable user — the trust, and its beneficial owners, are.
Under Section III of the CARF Model Rules, where the reportable user is an entity, you apply due diligence procedures broadly aligned with CRS to determine whether it is an Active or Passive Entity. Where it is a Passive Entity, you identify its Controlling Persons — the UBOs — and report those that are resident in a Reportable Jurisdiction.
In practice, this means: a UK entity with a Spanish and German controlling person gets reported to the UK (entity only), to Spain (entity and Spanish UBO), and to Germany (entity and German UBO). Active Entities and exempt entities are not reported under CARF. But for passive structures — trusts, holding companies, nominee arrangements — the look-through requirement is real, and the due diligence must be done at onboarding, not at year-end.
What is CARF and who does it apply to? CARF (Crypto-Asset Reporting Framework) is an OECD standard that requires Reporting Crypto-Asset Service Providers (RCASPs) — such as crypto exchanges and wallet providers — to report transaction data on their users to tax authorities. It applies to any platform facilitating the exchange, transfer, or custody of crypto-assets on behalf of customers.
How does CARF reporting differ from CRS reporting? CRS applies to Financial Accounts held at Reporting Financial Institutions and requires account balance reporting. CARF applies to RCASPs and requires aggregated transaction reporting — acquisitions and disposals — with no account balance element. If an exchange account is denominated entirely in cryptocurrency, CRS does not apply; CARF does. Both frameworks can apply simultaneously where fiat currency balances are also held.
Do crypto exchanges report every individual transaction under CARF? No. RCASPs report on an aggregated basis per Reportable User, per Crypto-Asset, and per transaction type for the reporting period. Individual matched trades do not need to be reported separately — only the consolidated acquisition and disposal totals for each user.
Are stablecoins reportable under CARF or CRS? Most stablecoins are reportable under CARF. However, certain stablecoins may qualify as Specified Electronic Money Products (SEMPs) under CRS 2.0 if they meet the relevant criteria — specifically, if they represent a redeemable claim on an issuer in a single fiat currency. Classification must be determined on an asset-by-asset basis.
How are trusts and nominee arrangements handled under CARF? Where a Crypto-Asset User is acting as an agent, custodian, nominee, or trustee for another party, the RCASP must look through the intermediary and identify the underlying individual or entity on whose behalf the relationship is maintained. Trustees acting in a custodial capacity are not treated as the reportable user but may be identified as Controlling Persons where they meet the relevant definition.
Are controlling persons of entities reportable under CARF? Yes, where the entity is a Passive Entity. RCASPs must apply due diligence procedures to determine whether an entity user is Active or Passive. For Passive Entities, Controlling Persons resident in a Reportable Jurisdiction must be identified and reported alongside the entity itself. Active Entities and exempt entities are generally not reportable.
When does CARF reporting begin? Jurisdictions are implementing CARF on varying timelines, with many early adopter countries targeting first exchanges in 2027. RCASPs should begin infrastructure and due diligence preparation now — waiting for a final domestic implementation date before acting creates significant operational risk.