The OECD just dropped updated CARF FAQs, and they’re worth your attention. Let’s break down what actually matters.
DeFi: The COSI Test Everyone’s Talking About
Non-custodial = safe from CARF?
Not quite.
The FAQs confirm what we’ve suspected: custody isn’t the dividing line. It’s about Control or Sufficient Influence (COSI) over platforms that effectuate transactions.
Where does COSI come from?
MLD5. Problem: it’s largely untested in most jurisdictions. Tax authorities don’t have clear playbooks for applying this to DeFi.
What might trigger COSI?
- Holding administrative keys
- Governance participation (DAOs, tokens)
- Managing frontend interfaces
- Protocol updates and maintenance
- Fee collection mechanisms
The pragmatic move: The OECD gives jurisdictions room to defer COSI implementation until FATF provides more guidance. Smart. It prevents regulatory overreach while keeping tax aligned with AML developments.
NFTs: The Four-Point Test
NFTs escape CARF reporting if ALL apply:
- Not financial assets or fungible crypto-assets
- Not marketed as investments or regulated
- Not “virtual assets” under FATF rules
- Low value (e.g., <$200) and minimal trading
Translation: The OECD wants to exclude “fun” NFTs – loyalty points, tickets, art collectibles – unless they’re functioning like financial products.
The $200 threshold gives concrete guidance, though jurisdictions can set their own definitions.
Branch Nexus: Global Reporting Required
Key clarification: If your only CARF nexus is through a branch, you report all transactions globally, not just local ones.
This significantly expands compliance for international crypto businesses.
Retail Payments: Agent Role Matters
The $50,000 threshold for reportable retail payments now has clarity:
- Agent for customer: Must report as retail payment transaction
- Agent for merchant: Different rules, but still potential obligations
Wrapping & Liquid Staking: Exchange Transactions
Finally settled: Both are Exchange Transactions under CARF, regardless of tax treatment.
WETH, stETH, and similar tokens trigger reporting because they involve exchanging one crypto-asset for another.
The Reality Check
These FAQs show the OECD understands crypto’s complexity. The DeFi implementation deferral and NFT thresholds demonstrate regulatory pragmatism.
For crypto service providers: This isn’t the end. The OECD continues engaging with its Business Advisory Group. More clarifications are coming.
Bottom line: CARF is evolving, but the direction is clear. Better to prepare now than scramble later.
The industry broadly supports this cautious, coordinated approach. It beats regulatory chaos.
Georg Brameshuber is an Austrian tax expert, legal scholar, and entrepreneur specializing in crypto taxation, regulation, and wealth management. As the co-founder of Validvent, he leads the Validvent team, delivering crypto tax accounting, strategic advisory services, and crypto wealth management.
Previously, Georg worked in audit and financial compliance at KPMG Austria and ERBER Group, specializing in risk management, regulatory compliance, and corporate governance for multinational firms.
Beyond his corporate roles, Georg has significantly contributed to blockchain policy and regulation, holding Board positions at Blockchain for Europe (BC4EU), the Digital Asset Association Austria (DAAA) and the European Crypto Initiative (EUCI).
Georg is also active in academia and is a thought leader in the blockchain space. He is regularly speaking at conferences and has taught at institutions. Previously held a teaching and research position in law at the University of Vienna (equivalent to Assistant Professor in the U.S.).