CARF Compliance Explained: A Complete Guide & Checklist

Introduction: What is CARF Compliance 

The Crypto-Asset Reporting Framework is a global tax transparency standard developed by the OECD, modeled on the Common Reporting Standard that has governed traditional financial institutions for over a decade. Where CRS brought banks and asset managers into a regime of automatic cross-border tax information exchange, CARF extends that same logic to crypto – closing the transparency gap that left crypto transactions largely outside the international tax reporting system. The framework covers a broad range of crypto assets, including fungible tokens, stablecoins, and NFTs, with the explicit goal of preventing tax evasion through crypto.

Under CARF, Relevant Crypto-Asset Service Providers (RCASPs) are required to collect, verify, and report customer transaction data to their local tax authority, which then shares that information with other participating jurisdictions automatically. The scope covers exchanges, brokers, and custodians. On the wallet side, CARF applies to custodial providers where a central entity holds assets on behalf of customers. Non-custodial or unhosted wallets fall outside the reporting scope for that same reason, though transactions routed through custodial gateways may still be captured. RCASPs are also expected to update their KYC and due diligence procedures to collect tax residency status for all users.

Reportable activity covers crypto-to-crypto trades, crypto-to-fiat conversions, transfers between accounts, and the customer identity information tied to each transaction. This is transaction-level reporting, not a summary disclosure. The granularity is intentional, and it has direct consequences for how data must be structured and stored. Most jurisdictions are targeting 2026 for data collection, with first reporting exchanges expected in 2027.

Key implementation notes by jurisdiction: 

• EU member states are implementing CARF through DAC8, which aligns with the OECD standard but adds EU-specific requirements

• The UAE was among the first 61 signatories, though implementation carries additional complexity given its jurisdictional structure

• The United States, a late-committing signatory, is pursuing its crypto tax reporting through a parallel domestic framework – specifically form 1099-DA, authorized by the Infrastructure Investment and Jobs Act and subsequent Treasury regulations.  

The US position is worth noting beyond the signatory count. As other major markets converge on CARF as a baseline standard, the infrastructure exchanges built to meet it are increasingly likely to serve as a reference architecture in jurisdictions that arrive at similar requirements through different regulatory paths.

Why CARF Is Different From Traditional Tax Reporting Frameworks

Traditional tax reporting was built around institutions that already held structured, standardized data—banks report interest income, brokers report securities transactions. The assets are well-defined, the pricing sources are established, and the reporting infrastructure has been refined over decades. 

CARF operates in a different environment. Crypto markets involve thousands of assets across multiple chains, many without standardized identifiers or consistent classifications. Transactions frequently involve non-fiat swaps where fair market value must be determined at the moment of exchange – but unlike equities, where a single exchange sets the reference price, the same asset may trade simultaneously across dozens of venues at slightly different prices. CARF requires service providers to use a consistent and verifiable method for that valuation, which introduces a new layer of compliance overhead that has no real precedent in traditional reporting. 

Transfers complicate this further. When a customer moves assets from an external wallet into an exchange, the receiving platform has no cost basis for those assets. CARF requires these inbound transfers to be reported, which means exchanges must now track and attribute data they have historically had no obligation to retain. 

The jurisdictional dimension adds another layer. The same transaction may be subject to different reporting obligations depending on where the customer is resident, and the burden of accurate customer classification sits with the service provider. 

The result is that CARF compliance is not an extension of existing reporting infrastructure. For most Crypto-Asset Service Providers, it requires building data capabilities that do not yet exist in their current stack. 

The Hidden Data Requirements Behind CARF

The reporting requirements under CARF are relatively well understood. The data work required to meet them is less so. 

Asset metadata and classification

Before a transaction can be reported, the asset involved must be accurately identified and classified. This sounds straightforward until it is done at scale. A single exchange may list hundreds of tokens, many of which exist across multiple chains, trade under inconsistent identifiers across venues, and carry no universally accepted classification for tax purposes.

CARF requires service providers to report what type of crypto asset was involved in each transaction. Whether an asset is treated as a fungible token, a stablecoin, or falls into another category can affect how it is reported and how tax authorities interpret that report. Maintaining accurate, up-to-date asset metadata across a large and constantly changing token universe is an operational challenge that manual processes cannot reliably solve.

Reference pricing for crypto transactions

For every reportable transaction, CARF requires a fair market value denominated in fiat currency. For crypto-to-fiat conversions, the price is relatively straightforward. For crypto-to-crypto swaps, the exchange must determine the fiat value of both sides of the trade at the moment it occurred. 

Crypto assets trade across multiple venues simultaneously, often at slightly different prices. CARF does not prescribe a single pricing source, but it does require that the method used is consistent and verifiable. An exchange relying on its own internal order book data to derive reference prices may find that approach difficult to defend under regulatory scrutiny. Independently aggregated market data, sourced from across multiple exchanges and methodologically transparent, provides a more defensible foundation.

Historical data and audit trails

CARF reporting is not just a forward-looking obligation. Tax authorities receiving reports will ask questions, and those questions will often reach back in time. Service providers need to be able to reconstruct transaction history, demonstrate how reference prices were derived, and show that asset classifications were applied consistently over time.

This requires more than transaction logs. It requires queryable historical data across assets, prices, account activity, etc., all retained in a form that supports regulatory review. 

Building a CARF-Ready Crypto Data Stack

CARF compliance is not something that can be bolted onto existing systems at the reporting stage. The underlying data needs to be structured, sourced, and retained correctly well before a report is generated.  

Many exchanges operate with asset information and pricing data maintained separately across different teams and systems. Under CARF, inconsistencies between those systems become a direct compliance risk. A defensible reporting architecture requires a single authoritative source feeding downstream systems, not multiple parallel pipelines that need to be reconciled at reporting time. 

Centralization alone is not sufficient, however. Internal order book data and independently sourced market data serve different purposes and need to remain architecturally distinct. Reference prices used for fair market value calculations should be clearly attributable to an external, methodologically transparent source. Mixing the two without clear separation creates ambiguity that is difficult to resolve under audit.

The deeper shift is treating auditability as a design requirement rather than a retrofit. Systems built for operational efficiency were not designed with regulatory reconstruction in mind. CARF requires that historical data be retained in a form that supports not just reporting but explanation – storing methodology snapshots alongside data points, applying consistent formatting standards from the point of capture, and ensuring that gaps in the record are documented rather than silently omitted.

Firms that leverage CoinGecko's API as part of their data infrastructure benefit from an independently maintained and methodologically transparent source of asset metadata and historical market data, reducing the internal overhead of building and auditing those pipelines from scratch.

CARF Compliance Checklist for Exchanges, Brokers and Custodians

For exchanges working through their CARF readiness, the following covers the core areas regulators will examine.

The checklist above covers the structural requirements, but the harder question for most firms is sequencing. Data architecture decisions made early determine how much remediation work is required closer to the deadline. Firms that treat this as an infrastructure project now will be in a materially different position to those that treat it as a reporting problem later.

Market data as infrastructure

The data requirements that CARF surfaces are not unique to tax reporting. Reference pricing, asset metadata, and historical reconstruction are the same capabilities that regulated exchanges need for market surveillance, disclosure accuracy, and supervisory oversight more broadly. What CARF does is make the absence of those capabilities consequential in a new way.

An exchange cannot easily separate how it prices assets for trading from how it prices assets for reporting. The two draw from the same underlying infrastructure. When regulators examine one, they are effectively examining the other.

For exchanges that have historically sourced market data on an ad hoc basis, that shared dependency is worth examining carefully. The question is not just whether data exists, but whether it is sourced, documented, and retained in a way that holds up when scrutiny arrives from a direction that was not anticipated.

Data providers with transparent aggregation methodologies and long-term historical coverage, such as CoinGecko's API, are increasingly part of how regulated exchanges address that requirement without building and maintaining the equivalent infrastructure internally.

Conclusion

CARF is the first global framework to impose transaction-level tax reporting obligations on crypto at scale. The jurisdictions that have committed to it represent the majority of the world's regulated financial activity, and the standard they are converging on is not going away.

For exchanges and custodians, the operational reality is that data infrastructure built for efficiency was not designed with this kind of reporting in mind. The firms that recognize that gap early and address it at the architecture level will be better positioned than those that discover it at the reporting stage.

The question worth asking now is not whether current systems can produce a CARF report. It is whether they can produce one that a tax authority in three different jurisdictions would find consistent, complete, and explainable.

Building Exchange-Grade Data Pipelines with CoinGecko API

Meeting CARF requirements isn’t just about accessing data — it’s about ensuring that data is consistent, auditable, and defensible across jurisdictions.

CoinGecko’s Enterprise API provides a standardized and independent data layer across asset metadata, pricing, supply metrics, and historical records — enabling exchanges to build compliant, scalable data pipelines without stitching together fragmented sources.

In practice, this supports:

• A single source of truth for asset classification across listings and disclosures
• Independent, methodology-driven price benchmarks for fair market valuation
• Queryable historical data for audit trails and regulatory review
• Simplified, scalable data architecture across markets and jurisdictions

Rather than building and maintaining complex in-house pipelines, exchanges can leverage CoinGecko’s infrastructure to align data systems with both operational needs and evolving regulatory standards like CARF and MiCA.

Speak to Our Enterprise Team

CoinGecko powers market data infrastructure for leading exchanges, financial institutions, and Web3 platforms—including Coinbase, Kraken, and Crypto.com—supporting everything from pricing and listings to compliance and audit workflows.

If you’re evaluating how to strengthen your data architecture for CARF, MiCA or broader regulatory requirements, our Enterprise team can walk you through how CoinGecko fits into your stack—from reference pricing to historical reconstruction. Get in touch to explore how CoinGecko Enterprise API can support your compliance-ready data infrastructure: