Time is running out to get digital asset reporting ready

In summary

• New OECD reporting standards for both digital assets and crypto transactions introduce new requirements for a wide range of financial services firms
• Organisations must start collecting the required data from January 2026 or open themselves to the risk of penalties up to £300 for each customer.  
• Crypto exchanges, dealers and e-money providers face reporting for the first time, while established players must provide more detailed information on their international customers 

For something so distinctly a product of the 21st Century, it’s surprising how frequently cryptocurrencies and other digital assets are likened to the Wild West. If the lack of regulation has invited the comparison, though, it will soon be even more out of date.   

The Cryptoasset Reporting Framework (CARF) comes into effect in January and applies to “reporting cryptoasset service providers”, defined as entities and individuals “effectuating exchange transactions as a business”. In practice, that includes any financial services businesses (or others) transferring money from one crypto asset to another or changing crypto currencies into fiat money and vice versa. 

When it’s combined with changes to the OECD’s Common Reporting Standard (CRS), which bring emoney into scope, it’s a revolution in digital asset regulation. 

For all involved, CARF is a significant change. For crypto exchanges, brokers and dealers, the duty to report transactions is entirely new for them and their customers. They must collect information on the activities and tax residency of their users and send this to HMRC. The information on non-UK customers will then be shared with other jurisdictions that have also implemented the CARF. 

For organisations that have never had any reporting obligations other than their profit and loss on the balance sheet, dealing with the large, systemic dataset involved is a considerable change. For other financial services organisations already under the scope of the Common Reporting Standards (CRS), however, such requirements will be more familiar. CARF extends similar requirements to crypto transactions.  

These organisations, from banks to asset managers and potentially even insurers, face a different challenge: They must implement systems to meet CARF at the same time as coming to grips with CRS 2.0 – the updated Common Reporting Standard, which comes into force on the same date.  

CRS 2.0 may be a revision rather than a revolution in reporting, but it’s a significant hike in requirements.  

First, it expands the scope of the Common Reporting Standard to include digital money, such as e-money products and central bank digital currencies, as well as investments in crypto assets. This is designed to complement CARF, which will track crypto transactions, while CRS requires firms to report holdings. Both are designed to increase transparency for tax authorities to tackle evasion, with HMRC estimating that CARF alone will increase tax revenues by £315m over the four years to 2029/30. 

Second, it increases the information financial institutions must collect and their due diligence requirements. These include obtaining and validating self-certifications for account holders and for controlling persons. They’re also required to report more detailed information, including the type of account, details of joint account holders, the role of controlling persons and whether accounts are new or pre-existing.  

Third, CRS 2.0 hikes the potential penalties. From a single fine for a bad return under the old regime, firms face fines of up to £100 for each account holder or controlling person for failing to apply due diligence procedures, rising to up to £300 if the failure involves not obtaining a valid self-certification. There’s also the possibility of daily additional penalties for ongoing failures to comply. Similarly, CARF introduces fines of up to £300 per reportable customer.  

Finally – and crucially – CRS 2.0 expands the scope of organisations to which it applies. It now also covers e-money providers, who will need to register and apply CRS due diligence requirements for the first time.  

All UK reporting financial institutions and specified non-reporting financial institutions must register with HMRC by 31 December 2025. 

Whether they’re new to reporting or not, firms face significant work ahead. While crypto platforms, e-money providers and others must get to grips with unfamiliar requirements, they at least have the benefit of starting with a blank slate. They are in an enviable position of being able to build systems for collecting and reporting this data from scratch, designing it to meet the requirements of the relevant regulations.  

Many banks and other financial institutions are not so fortunate. They have mountains of data, legacy systems and remediation backlogs to work through. Incorrect or incomplete returns mean their static data (names, addresses, country codes and identification numbers) is likely to cause problems at the year-end.  

For all organisations, this is a key issue. The first reporting deadline under CARF and CRS 2.0 is 31 May 2027, but it is 2026’s transactions and customer data organisations need to collect for these reports. Every minute you delay ensuring you have accurate and complete records and appropriate verification past the New Year adds to the backlog – and your potential penalty exposures.  

Consequently, organisations have only a couple of months to prepare, and now is the time for systems reviews to establish if organisations are ready for the new regime. With the end of the Wild West, financial services businesses need to ensure they have tamed their data.  

Approval code: NTEH7102552