CryptoUK and members respond to HMRC Consultation: UK implementation of the OECD Crypto asset Reporting Framework (CARF) and Amendments to the Common Reporting Standard (CRS2)
Regulatory Engagement & Advocacy
  • Natalie Hall
  • 30 May, 2024

His Majesty’s Revenue and Customs (HMRC) consultation document (condoc) consults on the UK’s implementation of the OECD’s Cryptoasset Reporting Framework (CARF) and Amendments to the Common Reporting Standard (CRS) package, as announced by the government in an International Joint Statement on 10 November 2023. The condoc also seeks views on extending the CARF/CRS standards to require UK reporting entities to include information on UK residents.

CryptoUK (CUK) welcomes the opportunity to comment on the consultation, and to consult further on any issues, as needed. We recognise that, as noted in the Scope section of the condoc, the consultation on specifics of the CARF and amendments to the CRS has already been conducted via the OECD, and that the rules and commentary have already been agreed at the international level. The condoc further notes that the current HMRC consultation process seeks to gather views on the optional elements in the OECD’s final package, along with the UK’s proposed implementation. Below, we focus on the condoc questions most important to our membership and to the industry as a whole. 

We would like to draw attention at the onset to the fact that the initial indications of the costs of compliance are significant, and that it is important for HMRC to take these into consideration for its implementation and guidance planning. We further believe time is of the essence, as the longer the discussion takes to provide requested clarity or to apply a phased-in approach, the less time the Relevant Cryptoasset Service Providers (RCASPs) will have to manage their implementation costs effectively.

About CryptoUK

Crypto UK is the United Kingdom’s (UK) trade body for the cryptoasset industry. We believe in the transformative potential of digital and crypto assets and the underlying blockchain technology. We promote accountable self-governance while advocating for fit-for-purpose legislation and regulatory frameworks for crypto and digital assets in the UK. We achieve our vision by establishing and fostering productive partnerships between digital and crypto asset industry participants and legislatures, policymakers, and regulatory agencies to educate and nurture an environment that fosters innovation, job creation, and investment. 

Over our seven-year history, we have grown our membership to over 160 firms in the crypto and blockchain sector. 

Q1: Do you consider the scope of, and definitions contained within, the OECD CARF rules to be sufficiently clear? Are there any areas where additional guidance would be helpful?

We broadly support the scope and definitions, with a few notes on areas where additional guidance would be helpful. In particular, we would like to suggest:

Better labelling and definitions of transactions or types of crypto assets where there can be confusion or dual meanings. Some prominent examples include:

  • Staking – we observe that this term is being used interchangeably for protocol staking activities and other activities that may be more similar to lending, for example. In the UK, protocol staking and DeFi staking have different tax reporting consequences, so the labelling should be precise enough to enable correct reporting. 
  • Stablecoins – we observe that this term could be used interchangeably for cryptoassets that are deemed e-money equivalents and those that are not. More clarity would be helpful for how to appropriately decide on the categories (for CARF purposes) of the differing cryptoassets that call themselves ‘stablecoins’. 

CryptoUK would welcome the opportunity to convene the industry to provide additional, more detailed input because the issue is more complicated than it may first appear. In particular, it would be important for the HMRC to hear in more detail from those who can offer specialised and important insight into the definitions and labelling issues.

Q2: Are there any areas where additional guidance would be helpful on the nexus criteria?

We suggest the following areas for additional guidance related to nexus:

Decentralised Finance

We acknowledge that the HMRC understands that the decentralised nature of many crypto native entities and transactions raises challenges. With that in mind, we further believe that additional guidance will be necessary that more clearly addresses some of the more complex aspects of decentralisation and compliance with the CARF. Related to this, we encourage the HMRC to develop guidance that allows it to continue to work with the industry to update its guidance as necessary due to new developments or simply due to an improved understanding of how DeFi is affected by the CARF requirements.

Some specific, more complex, aspects that HMRC must address in guidance include: who is required to report, determining the reporting location for the taxpayer or RCASP and the elimination of duplicative reporting. We will cover each in turn below. 

When considering who is required to report we suggest that HMRC be careful to ensure that the substance of defining the ‘who’ is clearly favoured over the form. Definitions of management and control are important in this and should be carefully laid out.

Some examples of entities or individuals who generally should not be included the RCASP definition include:

  • Those whose role is only as advice providers or portfolio managers.
  • Those whose role is only as developers of open source code or software and who would not have a fiduciary duty toward users of their software, as per Tulip Trading Ltd v Bitcoin Association.

Determining the reporting-related location of taxpayer or RCASP

The decentralised nature and widespread globalisation of those engaged in crypto transactions mean that all tax authorities must take additional care to provide guidance that makes the location determination easy to establish and simple to confirm. Please see our comments in Q5 for related input. As the adoption of digital assets grows, there are likely to be a number of use cases involving decentralised offerings, tokenisation, and other developments not envisaged in the OECD or HMRC CARF guidance.

To aid compliance, where there is genuine uncertainty, we suggest that HMRC consider innovative approaches to increase clarity. For example, during the recent implementation of digital platform reporting in Germany (DAC7), the German tax authority allowed platforms not covered in existing guidance to request a ruling on whether they were in scope.

We appreciate that HMRC is not empowered to give binding rulings on status. However, it would be of significant benefit to the UK’s crypto industry to offer support for unclear or borderline use cases as to whether a) the institution is a CASP, b) whether a digital asset is a Relevant Crypto-Asset, and c) whether reporting is expected in the UK.

We recognise that this has not been the approach for previous AEOI regimes, but we believe there are good reasons for this approach to be adopted for CARF given the rapidly evolving industry and emerging use cases, the broad governmental ambition to grow the UK’s crypto-industry and the fact that many CASPs are by their nature newer entities which will not have access to the same level of technical knowledge and compliance experience internally

Elimination of duplicate reporting

We believe that in a number of use cases, there may be more than one RCASP which effectuates a transaction for a Reportable User. This may happen where there are multiple parts to a transaction, where one CASP provides access or a gateway to another RCASPs services, and in a range of group scenarios.

It would therefore be helpful if any guidance on nexus could address scenarios in which there is genuine duplicate reporting – where two RCASPs would be required to report the same transaction because of their business structure. In such cases, it would be preferable for the same nexus hierarchy to apply as in CARF, applying the rules in Section I A to H, with particular reference to paragraph H which allows an entity with substantially similar nexus to two jurisdictions to ‘nominate’ where it reports. In practice, we recognise that HMRC may only be able to apply such rules for UK RCASPs.

We also note that there is likely to be ‘duplicate’ reporting where an institution is both an RCASP effectuating transactions and a financial institution for the purposes of CRS holding a custodial account containing digital assets. This is perhaps better termed ‘double reporting’ and is likely to be commonplace given the emerging use cases for tokenising financial assets. However, since this requirement appears to be by design in the CARF rules, the comments above are not intended to apply to this scenario. [Based on the current market structure we do not anticipate that a significant number of RCASPs will be required to provide duplicative reporting, however, this may increase in the future.]

Q3: Are there any areas where additional guidance would be helpful on reportable information?

We would like to point out that categorisation matters deeply in the CARF guidance – beginning with who must report and ending with what must be reported. Two key areas where additional guidance would be useful include:

Relevant assets

The CARF specifies that these should be limited to those with investment or payment purposes. We would like to make the following suggestions:

HMRC acknowledges that a given cryptoasset may have multiple purposes over its life cycle or within different transactions, so it may not permanently have a specific purpose that makes it within or outside this scope. At the same time, we would not want RCASPs to have to try to understand the minds of cryptoasset investors or users to determine their purpose.  

We would suggest the following for HMRC consideration:

  • “Minimum reasonable market value”
    • This MRMV is an arbitrary, notional amount established by the HMRC to provide an attributable value for specific cases where the cryptoasset is not otherwise readily valued.
  • Defining boundaries or asset traits that can serve as meaningful exclusions allows RCASPs to eliminate specific assets within a safe harbour. 
    • For example, exclude cryptoassets that also have a separate utility other than simply an increase in value or as a means of payment. 
  • Refraining from adding any additional reporting obligations for a specified period of time, say 2 years.

Relevant transactions

The CARF specifies that these must be aggregated by type of transaction when reported:

  • The exact types of transactions need to be clearly defined and well understood by RCASPs prior to aggregation and reporting. 
  • We would like to refer to Q1 as an example of why clear labelling and categorisation are crucial. For example, if what is determined to be a ‘staking’ transaction varies by RCASP or by local jurisdictions, then taxing authorities locally and globally will receive information that is potentially inaccurate or incomparable and thus may not be meaningful for the intended purposes of the CARF.

We have provided some examples of how additional clarity might be achieved:

  • Identify loan principal receipts and repayments (which often are treated as non-taxable events by tax authorities);
  • Separate protocol staking from DeFi staking (see Q1, and the CUK submission to the HMRC’s DeFi taxation consultation); and
  • We should seek to simplify reporting obligations with low tax risk and within the framework’s scope, thereby not necessitating a renegotiation of CARF. For example, NFT reporting could be simplified by using a notional peppercorn amount (eg $1) where no value is listed on the RCASP and/or enabling listing by collection rather than each token individually. For example, some of the top NFT collections have over 10,000 NFTs and if each were to be reported separately it would increase the volume of information required to be reported. Where the value of an NFT might generally be understood as more than a peppercorn amount, but that value is not readily obvious because of a lack of liquidity for that given NFT, an RCASP could rely on a minimum reasonable market value.
  • Similarly, where a token representing a real world or financial asset is exchanged where the open market value cannot be determined further guidance on how to determine a suitable alternative would be useful. We suggest that the valuation that could be applied is based on the acquisition cost, book cost or the value most recently reported to the counterparty of the cryptoasset. 

Q4: Do you agree with the government’s proposal to align the timeframe with CRS reporting requirements? 


Q5: Are there any areas where additional guidance would be helpful on the due diligence rules?

We believe that due diligence in verifying taxpayers’ self-certifications is particularly important. However, it will also be challenging, and additional guidance will be useful and necessary to aid RCASPs who wish to be compliant. 

Problems will arise, similar to those for taxpayers engaging in traditional, non-cryptoasset transactions particularly how to verify UK tax residence (or not). For example, National Insurance Numbers (NINOs) do not establish a point-in-time tax reporting requirement and are not necessarily available at all times, e.g., for students studying away from their tax home. 

The HMRC may consider encouraging or providing:

For taxpayers:

  • Further education for industry participants to provide on the setting up and using the Government Gateway UK personal or business online tax accounts. In addition, HMRC should consult on how to simplify online tax accounts. 
  • If a NINO or SA UTR is unavailable, HMRC should streamline the process of granting taxpayers a certificate of residence. This process is complex, and streamlining it would benefit taxpayers and agents generally. 
  • Well-staffed helplines from HMRC


  • Presumption rules that permit RCASPs to forego the self-certification requirements if all of the following specific and narrow circumstances for pre-existing customers and accounts are met:
    • Pre-existing accounts below a specific threshold;
    • If all data collected for the client indicates a specific country of residence; and
    • The RCASP already has data needed to report under current CARF requirements.

An alternative approach to reduce the burden of acquiring TINs from existing account holders could be from some clearly defined ‘reasonable’ steps that RCASPs can take including:

  • No outreach is required until the User takes an active step on the platform (eg, placing a buy or sell order).
  • Electronic-only solicitation of self-certifications is permitted, so a CASP should seek a self-certification through its platform but is not required to solicit the document by physical post if that is unsuccessful.
  • Clear guidance on the number of times that a CASP should request a self-certification and that they should not be required to block trades for pre-existing customers who do not provide that information

Q6: Do you agree that, in principle, penalties relating to CARF obligations should be consistent with structure set out above?

Q7: Do you think that the penalty amounts in the MRDP are appropriate for the CARF?

We are answering Q6 and Q7 together. 

While we agree with penalties to encourage compliance, we do not agree with a fixed penalty rate. Instead, we strongly suggest penalties that are jointly determined by both of the following:

  • UK-based turnover of the RCASP and then
  • Behaviours of the individual RCASP with respect to attempting to comply.

A size-based component ensures that small or start-up entities are not penalised the same as larger entities with the means to employ a large compliance team. The behavioural component ensures that those who are trying to play by the rules are not overly penalised compared to those who are not. Intent to deceive should be penalised differently than applying best endeavours that fell short. 

However, if HMRC were not to take this considered and pragmatic approach, we think there should be statutory limits on the amount of a penalty that can be levied in response to any particular issue that may arise. For example, an error that results in addresses being reported incorrectly may affect thousands of account holders. It should be noted that a penalty of £100,000+ for that error does not seem proportionate to the error involved. 

Furthermore, we recognise that HMRC guidance will set out the scenarios in which penalties may be reduced. It would be beneficial to have statutory upper limits on penalties that may apply as well e.g., no more than £X in respect of non-compliance that may be attributed to a single issue that was caused inadvertently. 

Q8: What additional strong measures would be appropriate to ensure valid self-certifications are always collected for Crypto-Users and Controlling Persons?

Please see our answers to Q5-Q7. Q5 addresses some of the challenges for RCASPs regarding verifying self-certification information provided by taxpayers. Q5 also provides some suggestions to the HMRC for supporting RCASPs and taxpayers in providing required self-certification information. Q6-Q7 conveys the need for proportional penalties that consider the RCASP’s behaviour. In short, RCASPs that are appropriately supported by HMRC guidance and tools and engage in best endeavours to comply should be treated differently than those that are willingly negligent or deceptive about compliance. 

There is a concern that customers of RCASP will not understand why they are required to provide this information or that it may be part of a phishing attack. By informing the public of the new requirements, and continuing to be proactive in communications, HMRC can create an environment where providing the required information is a more straightforward exercise for taxpayers and CASP. This might also help to avoid some of the issues with negative media which arose in early 2024 for digital platform reporting. In general, there is scope for HMRC to be more vocal about the information they collect across a range of AEOI regimes. In many jurisdictions, the fact that this information is collected is common knowledge – and that applies in both the ‘best-in-class’ data users like the Scandinavian and Baltic states, as well as countries that have similar issues with data collection to the UK, like the U.S. It will also greatly assist tax and compliance teams in helping raise the profile of AEOI internally to be on a level with other key regulatory compliance. 

That said, we at CryptoUK firmly believe that communication and education are essential and understand that this is not only a matter for HMRC. To extend the reach of any communication CryptoUK is keen to work with HMRC in association with professional bodies like the ICAEW, and the crypto industry to ensure that any educational message is widely communicated. 

In addition, for any relevant and critical ‘additional strong measures’ that HMRC needs to implement, please see our answer to Q17. 

Q9: What additional one-off or regular costs do you expect to incur to comply with the requirements of the CARF? Please provide any information, such as costs, staff time or number of reportable persons/RCASPs affected which would help HMRC to quantify the impacts of this measure more precisely.

Whilst we welcome HMRC’s consultation to increase clarity on the introduction of CARF, the cost aspects of implementation must be given greater prominence in any ongoing discussions with the industry. We have worked with our members to highlight the costs associated with it.  

Established vendors have provided estimates of widely varying amounts based on the current OECD framework. Estimates for CARF compliance for an RCASP with 100,000 – 500,000 accounts ranged from $1,000,000 to $2,900,000 for Year 1 and $500,000 to $1,300,000 for years after that (continuing account documentation and reporting obligations). 

These cost estimates include collecting the relevant CARF self-certifications for the enumerated customer population, error follow-ups for invalid documents, portal registration, annual filing submissions, and staff to coordinate the outsourced efforts. However, the estimates do not include any significant updates that would need to be made to internal systems to store and maintain CARF data which will be an additional cost.

The financial obligation for RCASPs cannot be underestimated and will be a significant challenge for the community. The estimated costs demonstrate why pragmatic approaches are not only welcome but necessary. We would welcome further discussion with HMRC to discuss how costs can be considered and reduced if possible. CryptoUK is also willing to facilitate direct 1:1 conversations between the HMRC and our members who could provide these services in order to provide more extended discussions about these costs to RCASPs, what drives them, and potential cost reduction opportunities in how the implementation is prescribed.

Q10 – Q15 n/a


Q16: What additional strong measures would be appropriate to ensure valid self-certifications are always collected where required? 

Please see our answers to Q5-Q8.

Q17: Do respondents have any comments on the assessment of impacts of these proposals?

We note that this is not directly relevant to the assessment of impacts, however, for the implementation of CARF to be effective the public must be educated on the framework. We believe it is critical that more, and better, publicity and education of CARF is provided by HMRC and through cooperation with professional bodies, trade groups and, of course, RCASPs to taxpayers about the upcoming reporting and self-certification requirements. 

Our members noted, among other things, that without this, those RCASPs that are ‘first movers’ concerning self-certification due diligence may be inadvertently penalised by losing customers to those RCASPs that have not begun the process or that do not plan to comply promptly. This customer loss for being well-prepared for compliance would be an unintended but potentially severe consequence of the regulations for some RCASPs. 

CryptoUK is willing to work with professional bodies and our members to provide an education note to the crypto community to assist HMRC’s education efforts. 

Q18-Q19: What are your views on extending CARF by including the UK as a reportable jurisdiction? What impacts would this have on RCASPs in scope? Are there other issues, regulatory or legal, that will need further discussion?

We support this proposal, with an important caveat that the objective of including the UK as a reportable jurisdiction is ultimately to lower the compliance burden for RCASPs and taxpayers. We consider this when compared either using existing information powers or the alternative which will be the introduction of new regulations. Therefore, we support such an extension, provided that no further regimes are introduced under which the same information is collected.

CryptoUK is willing to discuss this important matter further with HMRC and our members. 

Q19 n/a

Q20: If the UK were to decide to introduce domestic CARF and CRS reporting, what are your views on implementing to the same timeline as the international CARF/CRS2 package (information collected in 2026, exchange in 2027)?

We generally support this, but some of our members would prefer a phased-in approach that allows them to manage best and govern their added time and costs required for robust information and tax compliance implementation. 

Finally, we wish to reiterate that the CryptoUK and its CARF Working Group would be happy to support the HMRC by consulting on any of the above or additional matters that arise as the UK implementation and guidance around the CARF develops.