Is DAC8 sufficiently aligned with CARF?

How the OECD’s Crypto-Asset Reporting Framework (CARF) interacts with the Directive on Administrative Cooperation

The last ten years have seen the use of alternative methods of payment and investments such as crypto-assets and e-money grow rapidly. This growth has resulted in a lot of attention from global regulators and prompted the publication of various proposals and frameworks to ensure that the recent progress on tax transparency keeps up with the changing financial landscape and that due taxes are paid on crypto-assets and e-money.

The biggest of these new frameworks is the OECD’s Crypto-Asset Reporting Framework (CARF) and Amendments to the Common Reporting Standard (CRS) which was published in October 2022.

Leveraging existing tax and regulatory frameworks, such as the OECD’s CRS from 2014 and the Financial Action Tax Force (FATF), the CARF is a global tax transparency framework that provides for the automatic exchange of tax information on crypto-asset transactions. CARF applies CRS style due diligence requirements to Reporting Crypto Asset Service Providers (RCASPs) along with detailed reporting requirements on crypto-asset transactions. In addition to CARF, the proposed CRS amendments include crypto-assets into the definition of financial assets meaning that custodial institutions and investment entities will need to report and document all crypto-asset users under CRS. Central Bank Digital Currencies and Specified Electronic Money Products are included in the definition of a depository institution under the proposed amendments to CRS and are out of scope for CARF.

The CARF is a standalone framework and consists of rules and commentary that can be transposed into domestic law, and in December 2022, the EU Commission became the first group to try to transpose CARF and the CRS amendments into law. This was done by publishing the proposed seventh amendment to the Directive on Administrative Cooperation (Directive 2011/16/EU or DAC), known as DAC8. Whilst using definitions from the Regulation on Markets in Crypto-Assets (MICA) rather than CARF, DAC8 is generally aligned with CARF and includes the OECD’s proposed amendments to the CRS.

However, there are some significant differences between CARF and DAC8, which we will explore below.

1. Start dates: Whilst the CARF has no current start date, the proposed DAC8 regulations are due to go live for RCASPs on 1/1/2026 (with the exception of the identification service which applies from January 2025, and the verification of TINs which applies from January 2027). FI’s/RCASPs will need to update their processes and systems to correctly capture the required information on crypto-assets.
2. Extraterritorial reach: DAC8 requires non-EU RCASPs providing a crypto service to the EU to register with an EU member state and adhere to the due diligence and reporting requirements of the member state it registered with. Whilst this does not apply to RCASPs in non-EU jurisdictions that adopt CARF (as they will be considered to be in a Qualified Non-Union jurisdiction), non-EU RCASPs in a country that does not adopt CARF will likely need to put processes and controls in place to ensure that their EU clientele is documented and reported as per the DAC8 regulations.
3. Transaction blocking: Under DAC8 if an RCASP has not obtained the required information within 60 days and after 2 chasers, they must prevent the crypto-asset user (CAU) from performing exchange transactions. This means that the RCASPs will need to have robust controls in place to track their documentation requests and then block future exchange transactions if the valid information is not received. This could be operationally challenging and could also conflict with RCASPs legal and contractual agreements. In contrast, under CARF RCASPs who have not obtained the required information within 60 days are required to report the CAU as a reportable person and ascertain if there are any controlling persons (if entity). Whilst this will also require RCASPs to implement new controls and processes, it is unlikely to have the same impact on RCASPs and CAUs as the DAC8 requirement to block future transactions.
4. Notifying individual clients of reportable data: DAC8 requires RCASPs to advise individuals that the data they provide will be used for reporting purposes and then send the individual all the reporting information before the data is submitted to the tax authority. The RCASPs must also provide all information that data controllers are required to provide under the General Data Protection Regulation (GDPR), which is similar to the current CRS client notification requirement applied by various jurisdictions. CARF has no requirement in this area.
5. Penalties: The proposal mandates that a minimum financial penalty is to apply in cases of non-reporting after two valid administrative reminders or when the provided information contains incomplete, incorrect, or false data, amounting to more than 25 % of the information that should be reported. These minimum penalties range from EUR 50,000 (EUR 20,000 for natural persons) to EUR 500,000, with the EU Commission to evaluate the penalties provided every 5 years. Therefore, RCASPs will have to ensure that they have controls and processes in place to obtain, store, and report all relevant information as well as confirming its accuracy.

The European Commission asked for interested parties to provide feedback and raise any concerns to the proposed DAC8 text by 30 March 2023, and are currently reviewing the feedback received.

Both CARF and DAC8 could require significant system and process development for FIs/RCASPS to implement. This is particularly relevant for entities that have not previously been captured by FATCA and CRS as they will not have the due diligence and system infrastructure in place. Some FIs may also be RCASPs and potentially need to report accounts under CARF and CRS. This means that FI’s/RCASPs will not only have to work out which of their clients’ assets are reportable, but also which regime to report under and configure their systems to select the relevant information for each regime.

That said, RCASPs and FIs that fall under DAC8 will most likely have a harder time implementing and complying with the Directive that those that fall under CARF (as it stands). As stated above, the EU are the first country or group or countries that have tried to transpose CARF and the amendments to CRS into law and the consultation period is still open, so we anticipate some changes to the DAC8 Directive when the EU Council receive feedback from the industry. Similarly, it is very possible that other nations may transpose CARF and the amendments to CRS into law with new or similar nuances that could have a significant impact on the requirements of FIs and RCASPs in those jurisdictions. Therefore, at the moment it is advisable for entities that meet the definitions of an RCASP or FI under CARF to start to prepare for the control, process, and system enhancements they would need implement in order to comply with the proposed Directive and to ensure they have budgeted enough to implement these enhancements.