Does CARF apply to individual crypto investors in Australia?

CARF does not impose direct reporting duties on individual investors. It applies to crypto-asset service providers (exchanges, brokers and certain wallet, ATM and payment operators), who report customer transactions to the ATO. Investors are affected indirectly because their activity is reported.

When does CARF reporting start in Australia?

Australia has committed to implementing CARF, with reporting obligations to be phased in and international exchange of information following once a reporting period has run. Exact commencement and first-exchange dates depend on the enacting legislation, so verify the current dates with the ATO before building compliance calendars.

What information do crypto providers have to report under CARF?

Providers generally report user identity (name, address, tax residence, tax identification number, date of birth), the type of crypto-asset, and transaction details such as crypto-to-fiat and crypto-to-crypto exchanges and certain transfers, typically as aggregate values. The final field list follows the OECD schema as adopted into Australian law.

How is CARF different from the CRS?

CRS covers information held by banks and traditional financial institutions; CARF extends automatic exchange to crypto-asset transactions that previously fell outside that perimeter. The OECD also amended CRS to capture some crypto and e-money products, so some providers face obligations under both, with rules to avoid duplicate reporting.

Is CARF the same as AML obligations for crypto businesses?

No. CARF is a tax-transparency framework focused on reporting and exchanging information with tax authorities. AML/CTF obligations are separate, though the customer-identification and due-diligence work overlaps significantly, so providers can reuse much of that capability.

CARF: the Crypto-Asset Reporting Framework comes to Australia

CARF crypto reporting explained for Australian crypto-asset service providers: who must report, what data is collected, timing, and how to prepare for the OECD framework.

The Crypto-Asset Reporting Framework (CARF) is an OECD tax-transparency standard that will require crypto exchanges, brokers and certain wallet and payment providers to collect detailed information about their customers and report it to the tax authority. In Australia, the Government has committed to implementing CARF: it confirmed the commitment as part of the 2025–26 Mid-Year Economic and Fiscal Outlook and through the Australian Taxation Office, following a Treasury consultation on the design. The short answer for anyone searching "CARF crypto reporting": if you operate a crypto-asset service in Australia, you should expect annual reporting obligations to the ATO, with the data ultimately shared between tax authorities internationally.

This explainer sets out who is caught, what gets reported, the expected timing, and the practical steps providers should take. Details remain subject to the legislation that gives CARF effect in Australian law, so confirm specifics against the ATO's CARF guidance and the final rules. The underlying obligation is tracked at /obligations/carf-crypto-reporting, and CARF sits within the broader fintech, payments and crypto compliance landscape.

What CARF is and where Australia stands

CARF was developed by the OECD to close a transparency gap. The existing Common Reporting Standard (CRS) captures information held by banks and traditional financial institutions, but crypto assets often sit outside that perimeter. CARF extends automatic exchange of information to crypto-asset transactions, so that tax authorities can see activity that previously moved across borders unreported.

Australia is one of a large group of jurisdictions that have publicly committed to implementing the framework. The mechanism mirrors CRS: domestic law requires providers to report; the ATO then exchanges the relevant data with partner jurisdictions where the customer is tax-resident. Australia's commitment was reflected in MYEFO and in a subsequent Treasury statement on collective engagement.

Who CARF applies to

CARF is aimed at intermediaries the OECD calls Reporting Crypto-Asset Service Providers (RCASPs) — broadly, businesses that, as a business, provide services effectuating exchange transactions in crypto-assets for or on behalf of customers. In practice this is expected to include:

Centralised crypto exchanges and trading platforms
Crypto brokers and dealers
Certain wallet providers that facilitate exchanges or transfers
Some operators of crypto ATMs and payment/transfer services that handle relevant transactions

The framework focuses on intermediaries rather than individual investors. If you are a retail holder, CARF does not impose a direct reporting duty on you — but the platforms you use will report your transactions, so the information feeds back to the ATO regardless.

Whether a particular business is in scope can be nuanced, especially for decentralised or hybrid models and for businesses with a nexus to more than one jurisdiction. The final Australian rules will determine the precise scoping test, so borderline operators should obtain advice rather than assume they are excluded.

What must be reported

CARF is built around three layers of information: identifying the customer, classifying the assets, and reporting the transactions. Reporting providers are generally expected to apply due-diligence procedures (collecting self-certifications of tax residence, similar in spirit to CRS) and then report on an annual basis.

The reportable data set is expected to cover:

Category	Examples of information
User identity	Name, address, jurisdiction(s) of tax residence, tax identification number, date of birth
Asset details	Type of relevant crypto-asset
Transactions	Exchanges between crypto and fiat, crypto-to-crypto exchanges, and certain transfers, typically with aggregate values and unit counts

Entity customers may require look-through to controlling persons, again echoing CRS. The exact fields and formats will follow the OECD schema as adopted into Australian law — do not hard-code a field list until the final rules and ATO technical specifications are published.

Timing and the path to first exchange

This is the area where searchers most often see conflicting dates, so treat all timing as indicative until the legislation passes. The Government's stated intent is to bring CARF reporting obligations into effect and to align with the international timetable so that the ATO can begin exchanging information with partner jurisdictions in the years that follow. Reporting commencement and the first international exchange are sequenced: domestic data collection comes first, with cross-border exchange following once a full reporting period has run.

Because the precise commencement and first-exchange dates depend on the enacting legislation and instruments, verify the current dates with the ATO before building them into compliance calendars. The safe planning assumption for providers is that systems should be ready to capture compliant data from the start of the first applicable reporting period — which means building now, not at the reporting deadline.

How CARF interacts with CRS and domestic reporting

CARF does not replace CRS. The OECD also amended CRS to capture certain crypto and e-money products, so some providers may have obligations under both regimes, with coordination rules to avoid duplicate reporting of the same information. Australian businesses already managing CRS due diligence should treat CARF as an extension of existing capability rather than a wholly separate build.

Separately, Treasury's consultation paired CARF with a domestic crypto reporting framework to improve the ATO's visibility of transactions by Australian residents. CARF principally concerns the international exchange of information about non-residents; the domestic measure is about resident compliance at home. Many providers will, in effect, report both resident and non-resident customer activity.

This also sits alongside Australia's evolving regulation of crypto under financial services and AML/CTF regimes. CARF is a tax-transparency obligation and is distinct from licensing and anti-money-laundering duties, though the customer-identification work overlaps considerably.

What reporting providers should do now

Even before the legislation is finalised, in-scope businesses can take low-regret steps:

Confirm scope. Map your products and entities against the RCASP definition; flag decentralised, custodial and cross-border edge cases for advice.
Audit customer data. Check that you can capture tax residence, TIN and entity controlling-person details — gaps here are the hardest to fix retrospectively.
Plan self-certification. Design onboarding to collect and validate residence self-certifications, leveraging CRS processes where they exist.
Build the data pipeline. Ensure transaction systems can classify and aggregate reportable events in the OECD schema once published.
Assign ownership. Nominate accountable owners for tax reporting, AML and onboarding so CARF does not fall between teams.

Common pitfalls

Assuming you are out of scope. Wallet, ATM and payment operators are often surprised to be caught; test the definition, do not guess.
Treating CARF as only an IT project. Due diligence, governance and record-keeping matter as much as the reporting file.
Hard-coding dates and fields prematurely. Commencement dates and the data schema are set by the final rules — verify current figures and dates with the ATO before committing them to systems.
Ignoring legacy customers. Existing customers, not just new ones, are likely to require remediation of residence and identity data.
Forgetting CRS overlap. Coordinate CARF and CRS to avoid both gaps and duplicate reporting.

For the structured obligation summary and source links, see /obligations/carf-crypto-reporting.