What is the Crypto-Asset Reporting Framework (CARF)?

By Lightning Pay
Updated Jan 20, 2026

The Crypto-Asset Reporting Framework (CARF) is a global tax transparency standard developed by the Organisation for Economic Co-operation and Development (OECD). It sets common rules for how crypto-asset service providers collect, verify, and report information about their users and certain crypto transactions to tax authorities. These tax authorities can then share that information automatically with other countries.

CARF is part of the broader international effort to make crypto-asset activity more transparent for tax compliance, similar in purpose to the Common Reporting Standard (CRS) used for traditional financial accounts.

 

When does CARF take effect?

Many jurisdictions are adopting CARF into domestic law with reporting obligations starting soon. 

  • In New Zealand, CARF is being introduced with obligations for reporting crypto-asset service providers from 1 April 2026. Annual reports must be filed the following tax year.

Although the precise requirements and timelines can vary by jurisdiction, most participating countries will begin collecting information from 2026 and exchange records internationally starting with reporting periods ending in 2027.

 

Who must comply?

CARF applies to entities that act as Reporting Crypto-Asset Service Providers (RCASPs) — businesses that provide services enabling crypto-asset transactions for clients. This can include, for example:

  • Exchanges and brokers

  • Wallet providers that facilitate transactions

  • Other intermediaries that handle crypto-asset transfers on behalf of users

These providers are required to follow CARF rules if they fall under domestic legislation implementing the OECD standard.

 

What information must be collected?

Under CARF, a reporting service must collect and verify certain data about its users, including:

  • Client identity details — name, address, date of birth (for individuals)

  • Tax residency information — jurisdiction(s) where the client is tax resident

  • Tax Identification Number (TIN) from each tax residency jurisdiction

  • Self-certification from clients confirming the accuracy of this information

Clients must provide an official self-certification that their tax residence and TIN details are correct. This self-certification is required:

  • For all new customers by 1 April 2026 (or the jurisdiction’s effective date)

  • For all existing customers by 1 April 2027 (or as specified in local rules)

This ensures the service provider has accurate information for reporting and due diligence purposes.

 

What transactions are reported?

CARF reporting generally includes a summary of all relevant crypto-asset transactions involving clients during a reporting period. This typically covers:

  • Acquisitions — crypto assets bought or received

  • Disposals — crypto assets sold, exchanged, or spent

  • Annual NZD (or local currency) values of these totals

The exact fields and format for reports depend on the jurisdiction’s implementation and XML schemas adopted for data exchange.

 

What happens with the reported information?

Once collected, reporting providers submit CARF data to their domestic tax authority. Participating tax authorities automatically exchange relevant information with other jurisdictions where clients are tax residents. This helps tax authorities ensure crypto-related income and gains are properly reported and taxed in the correct jurisdiction.

 

Why CARF matters

CARF represents a significant shift in how crypto-asset activity is treated for tax transparency:

  • It brings crypto reporting in line with global standards for financial accounts.

  • It helps combat tax evasion and ensures tax compliance in cross-border crypto activity.

  • It requires more comprehensive client information and stronger due diligence from service providers.

By aligning crypto reporting with established international frameworks, CARF aims to standardise compliance and promote trust in crypto markets.

Our approach

We know that additional questions about tax residency and identification can feel unexpected. These requirements come from new international reporting standards that apply across the crypto industry, not just to Lightning Pay.

Our focus is on implementing these changes carefully and transparently, while continuing to respect our customers and keep Lightning Pay simple to use. Wherever possible, we’ll make these updates part of the normal onboarding and account-management experience, without adding unnecessary friction.

Respect for user privacy is a core part of how we design our products. The Lightning Pay Wallet is one example of this — built to give users strong control over their bitcoin, while complying with the regulatory obligations that apply to us as a New Zealand reporting entity.

We’ll continue to take a considered, responsible approach to these requirements, and to build tools that give our customers meaningful choice and clarity about how they use bitcoin.

If anything is unclear, or you’d like help understanding what’s required, we’re always happy to help — just email

support@lightningpay.nz.