Will HMRC’s Cryptoasset Reporting Framework Reduce Tax Avoidance Without Overburdening Platforms?

Introduction

The United Kingdom’s adoption of the OECD Cryptoasset Reporting Framework (CARF), operationalised through the Cryptoasset Service Providers (Due Diligence and Reporting Requirements) Regulations 2025 and supporting HMRC guidance, represents the most significant extension of automatic exchange of information into the digital asset economy since the Common Reporting Standard (CRS). HMRC’s framework will require reporting cryptoasset service providers (RCASPs) to collect detailed user and transaction data from 1 January 2026, with first reports due by 31 May 2027. The policy ambition is straightforward: to close what HMRC has described as a “tax gap” attributable to the pseudonymity, cross-border mobility and intermediation gaps of cryptoasset markets (HMRC, 2024a). The regulatory means, however, are not.

This essay argues that HMRC’s cryptoasset reporting framework will meaningfully reduce detectable non-compliance, particularly in the form of non-disclosure of disposals and staking rewards by domestic taxpayers, but will be far less effective against the more sophisticated avoidance structures that the framework’s drafters appear to have in mind. At the same time, the proportionality of the compliance burden imposed on platforms is contingent on three variables that HMRC has not adequately resolved: the definitional perimeter of an RCASP, the treatment of decentralised finance (DeFi) and self-custody, and the interaction between CARF and existing CRS and DAC8 obligations. The framework is therefore better understood as a tool against evasion through opacity than as a tool against avoidance properly so called; conflating the two has produced a regulatory design that is doctrinally over-inclusive at the platform level and under-inclusive at the substantive level.

The argument proceeds in five stages. First, it identifies the precise behaviours the framework targets and disentangles tax avoidance from evasion in the cryptoasset context. Second, it analyses the legal architecture of CARF and its UK implementation, including the relationship with the Finance (No 2) Act 2023, Schedule 23 of the Finance Act 2011, and the International Tax Compliance Regulations 2015. Third, it evaluates the framework’s likely effectiveness in reducing the detectable tax gap, drawing on the analogous experience of the CRS and the Foreign Account Tax Compliance Act (FATCA). Fourth, it assesses the proportionality of the burden imposed on RCASPs, focusing on the DeFi perimeter problem, dual-reporting overlap with DAC8, and penalty structure. Finally, it considers whether the framework’s design choices are defensible against the alternatives, concluding that the better view is one of qualified endorsement: the framework is necessary, broadly proportionate for centralised intermediaries, but requires recalibration before it can credibly extend to decentralised arrangements.

Disentangling Avoidance, Evasion and Non-Compliance in the Cryptoasset Context

The question posed assumes that “tax avoidance” is the relevant target. This requires interrogation. In UK tax doctrine, the distinction between evasion (criminal concealment of liabilities), avoidance (the use of lawful but artificial arrangements to reduce tax, now substantially constrained by the General Anti-Abuse Rule in Part 5 of the Finance Act 2013) and legitimate tax planning is well established (HMRC, 2023). The cryptoasset reporting framework is, on closer analysis, primarily a response to the first category masquerading as a response to the second.

HMRC’s published research suggests that between 55% and 95% of UK cryptoasset holders are unaware of, or non-compliant with, their reporting obligations under the capital gains tax regime in the Taxation of Chargeable Gains Act 1992 and, where relevant, the income tax treatment of staking and mining rewards under the Income Tax (Trading and Other Income) Act 2005 (HMRC, 2024b). This is not avoidance in the doctrinal sense; it is non-disclosure of liabilities that have already crystallised on a correct application of existing law, which the Court of Appeal’s reasoning in HMRC v Bayonet Ventures LLP and the broader principles in WT Ramsay v IRC [1982] AC 300 would treat as straightforward evasion or negligent non-compliance rather than avoidance.

True cryptoasset-based avoidance, by contrast, tends to involve structural devices: the use of offshore non-domiciled status (now substantially reformed by the Finance Act 2025 following the abolition of the remittance basis); the routing of trading activity through corporate vehicles in low-tax jurisdictions; the artificial generation of losses through wash trades; or the exploitation of mismatches between the UK’s treatment of cryptoassets as property (per HMRC’s Cryptoassets Manual at CRYPTO22000) and other jurisdictions’ treatment of the same assets as currency or financial instruments. These structures are not, in the main, defeated by transactional reporting. They are defeated, if at all, by the GAAR, by the Diverted Profits Tax in Part 3 of the Finance Act 2015, by hybrid mismatch rules in Part 6A of the Taxation (International and Other Provisions) Act 2010, and by judicial techniques of purposive construction.

The conflation matters because it shapes how one should evaluate the framework. If CARF is judged against its capacity to deter sophisticated international avoidance, it will appear modestly effective at best. If it is judged against its capacity to surface previously undetected gains and income at the retail and high-net-worth individual level, it is likely to be transformative. The question, properly framed, is whether the latter benefit justifies the cost imposed on platforms; the rhetoric of “avoidance” obscures rather than illuminates that calculus.

The Legal Architecture of the UK Cryptoasset Reporting Framework

The OECD CARF and its UK transposition

The CARF, published by the OECD in its final form in June 2023, establishes a multilateral standard for the automatic exchange of information on cryptoasset transactions between participating jurisdictions (OECD, 2023). Its structure mirrors the CRS: it imposes due diligence obligations on “Reporting Cryptoasset Service Providers” to identify the tax residence of users (whether individuals or controlling persons of entities), and reporting obligations covering relevant transactions in “Relevant Cryptoassets”. The categories of reportable transactions include exchanges between cryptoassets and fiat, exchanges between different cryptoassets, and transfers of cryptoassets (including those effected as payment for goods or services exceeding USD 50,000).

The UK signalled its commitment to CARF implementation in the November 2023 Joint Statement and confirmed adoption through HMRC’s consultation response in March 2024 (HMRC, 2024a). The implementing instrument, the Cryptoasset Service Providers (Due Diligence and Reporting Requirements) Regulations 2025, is made under the enabling powers in section 349 of the Finance (No 2) Act 2023, which itself extended the automatic exchange of information regime to cryptoassets. Reporting commences for the 2026 calendar year, with returns due to HMRC by 31 May 2027.

The framework sits alongside, rather than replacing, the existing International Tax Compliance Regulations 2015 (SI 2015/878), which give domestic effect to the CRS and previously to FATCA. Where a cryptoasset is held within a “Financial Account” maintained by a Reporting Financial Institution under the CRS amendments adopted in parallel with CARF, both frameworks may apply, with rules to avoid duplicative reporting set out in the CRS Commentary’s Section II revisions.

The reporting perimeter: who is an RCASP?

The definitional perimeter is the framework’s most contested feature. An RCASP is defined as an entity or individual that, “as a business, provides a service effectuating Exchange Transactions for or on behalf of customers” (OECD, 2023, Section IV(B)(2)). This formulation captures centralised exchanges (Coinbase, Kraken, the UK operations of Binance), brokerage services and certain wallet providers that facilitate exchanges. The contested category is DeFi: the OECD’s Commentary at paragraphs 25–32 of Section IV indicates that persons exercising “sufficient control or sufficient influence” over a DeFi protocol may be treated as RCASPs, but the operational meaning of “sufficient control” in genuinely decentralised arrangements is unclear (OECD, 2023).

HMRC’s guidance, published in stages through 2024 and 2025, has not resolved this ambiguity decisively. The Cryptoassets Manual at CRYPTO48000 onwards adopts the OECD language without significantly developing it. The practical consequence is that protocol developers, front-end interface providers and governance token holders cannot determine ex ante whether they fall within the regime. This is a Rule of Law concern of the kind articulated by Lord Bingham in R (Purdy) v DPP [2009] UKHL 45 and developed in R (Gallaher Group Ltd) v Competition and Markets Authority [2018] UKSC 25: where legal obligations carry penal consequences, the legislative scheme must be sufficiently clear to allow regulated persons to order their conduct.

The substantive obligations

The substantive obligations are extensive. RCASPs must (i) collect self-certifications of tax residence from existing users by 1 January 2027 and from new users at onboarding; (ii) verify the reasonableness of self-certifications against AML/KYC data already held under the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017; (iii) record gross proceeds and units transacted for each reportable transaction category; (iv) report annually to HMRC in the prescribed XML schema; and (v) retain underlying records for five years. The penalty structure, drawing on Schedule 23 of the Finance Act 2011 and analogous provisions in the International Tax Compliance Regulations 2015, includes fixed penalties of £300 per inaccurate or omitted record, with daily penalties for continuing failures and tax-geared penalties for deliberate non-compliance.

Effectiveness Against Non-Compliance: The CRS and FATCA Analogues

The empirical base from CRS

The most reliable evidence on the likely effectiveness of automatic information exchange comes from CRS. Studies of offshore deposits following CRS adoption have found substantial reductions in undisclosed offshore wealth: Casi, Spengel and Stage (2020) estimate a reduction of approximately 11.5% in cross-border deposits in CRS-compliant jurisdictions, with corresponding increases in deposits in non-CRS jurisdictions consistent with displacement rather than full compliance. O’Reilly, Parra Ramírez and Stemmer (2021), in OECD-affiliated work, find similar patterns. These figures are instructive: they suggest that automatic exchange produces meaningful but not complete compliance gains, and that a substantial share of the effect is displacement to non-participating jurisdictions or asset classes.

The cryptoasset equivalent of “displacement” is particularly worrying. A user wishing to evade reporting can, in principle, (i) move to a non-CARF jurisdiction’s exchange, (ii) self-custody assets and transact peer-to-peer, (iii) use DeFi protocols that fall outside the RCASP definition, or (iv) use privacy-enhancing technologies (mixers, privacy coins). The first option is constrained as CARF adoption broadens: 48 jurisdictions committed to implementation by 2027 in the November 2023 Joint Statement, with further jurisdictions following (OECD, 2024). The second and third are not effectively addressed by the framework. The fourth is partially addressed by the AML regime under the 2017 Regulations as amended, but the integration between AML obligations and tax reporting is incomplete.

The retail compliance effect

The framework’s principal contribution is likely to be at the retail level, where the empirical baseline of non-compliance is highest. HMRC’s 2024 research suggests that the median UK cryptoasset holder has between £1,000 and £5,000 in holdings, is largely unaware of their tax obligations, and has not declared gains (HMRC, 2024b). For this population, the dominant compliance mechanism will be the “nudge” effect of receiving data from RCASPs combined with HMRC’s data-matching capabilities. The CRS experience strongly suggests that the mere awareness that HMRC has independent transactional data substantially shifts compliance behaviour, even before any enforcement action. Bø, Slemrod and Thoresen (2015), in the Norwegian context, document analogous effects from third-party reporting on dividends and capital gains; their work supports the proposition that the visibility of the information channel, rather than the probability of audit, drives compliance gains.

This effect is plausible because of the structure of UK self-assessment under section 8 of the Taxes Management Act 1970. Once HMRC holds RCASP data, discrepancies between filed returns and reported transactions can be identified through automated risk-scoring, generating “nudge letters” or formal enquiries under section 9A. The marginal cost of enforcement falls sharply, and the perceived probability of detection rises correspondingly. The effect on retail non-compliance should accordingly be substantial.

The high-net-worth and structural avoidance gap

For sophisticated avoidance, the picture is different. The reporting framework provides HMRC with transactional data, but transactional data alone does not defeat structural arrangements. A UK-resident individual who transfers cryptoassets to a non-resident company in a low-tax jurisdiction, with the company then transacting on a non-CARF exchange, will not appear in UK RCASP reports for those subsequent transactions. The transfer-on may be reportable, but the subsequent activity is not. Defeating this structure requires the application of the transfer of assets abroad code in Part 13, Chapter 2 of the Income Tax Act 2007, the settlements legislation in Chapter 5 of Part 5 of the Income Tax (Trading and Other Income) Act 2005, or the controlled foreign companies regime in Part 9A of the Taxation (International and Other Provisions) Act 2010. These regimes operate independently of CARF.

The framework therefore complements, but does not substitute for, the existing anti-avoidance architecture. To present CARF as “reducing tax avoidance” without specifying which kinds of avoidance is to overstate its function. The honest claim is narrower: CARF will substantially reduce the information asymmetry that has allowed non-compliance at the retail and mid-market level to persist, and will provide HMRC with the raw material for more effective enforcement of existing anti-avoidance rules at the higher end. Whether HMRC has the analytical and investigative capacity to convert that raw material into enforcement outcomes is a separate question, and one that the National Audit Office’s repeated criticisms of HMRC’s compliance yield suggest should not be assumed (NAO, 2022).

The Burden on Platforms: A Proportionality Analysis

Compliance costs and the structure of the market

HMRC’s impact assessment estimates one-off implementation costs of approximately £20 million across the UK cryptoasset industry, with ongoing annual compliance costs of £15–25 million (HMRC, 2024c). These figures are best understood as lower bounds. Industry submissions to the 2024 consultation, including those from CryptoUK and the Investment Association, suggested significantly higher figures, particularly for smaller exchanges and for entities whose existing AML systems are not configured to capture the granular transactional data required (CryptoUK, 2024). The Financial Conduct Authority’s parallel regime for cryptoasset registration under the 2017 Money Laundering Regulations has already generated significant compliance investment; CARF is incremental rather than foundational, but the incremental cost is non-trivial.

The proportionality of these costs depends on three considerations. First, are the costs distributed in a way that reflects regulatory benefit? Second, are they avoidable through better regulatory design? Third, are they offset by reductions in other regulatory burdens?

The distributional concern: small RCASPs and market concentration

Compliance costs in information-reporting regimes typically exhibit strong economies of scale. A large exchange with millions of users can spread fixed implementation costs across a large revenue base; a smaller platform cannot. The CRS experience in the banking sector saw measurable consolidation effects, with smaller correspondent banking relationships in particular being terminated post-2017 (FATF, 2021). Analogous consolidation in cryptoasset markets would reduce competition and innovation, with second-order effects on consumer welfare.

The framework partially mitigates this through the de minimis thresholds for individual transactions (the USD 50,000 threshold for reportable retail transfers of cryptoassets in payment for goods or services) and through the use of self-certifications rather than independent verification for tax residence. However, no general de minimis applies to small RCASPs themselves: an exchange with a thousand users faces the same per-user reporting obligation as one with a million. This is a defensible design choice on equity grounds (avoiding “compliance arbitrage” through small platform structures) but a questionable one on proportionality grounds. The Law Commission, in its 2023 report on digital assets, raised analogous concerns about the disproportionate impact of regulatory obligations on smaller market participants (Law Commission, 2023).

The DAC8 and CRS overlap

The most avoidable element of the platform burden arises from the lack of clean integration between CARF, the EU’s Directive on Administrative Cooperation 8 (Directive (EU) 2023/2226), and the revised CRS. UK-based RCASPs serving EU customers will face DAC8 reporting through the EU exchange channel; the same transactions may also fall within CRS where they are held through Financial Accounts. The OECD has published common reporting modules and the EU has aligned DAC8 substantially with CARF, but the alignment is not perfect: definitions of “controlling person”, treatment of NFTs, and the scope of “Excluded Persons” diverge in detail.

Post-Brexit, the UK is not bound by DAC8 directly, but UK RCASPs operating in the EU will face it through their EU establishments. The result is that a UK-based RCASP with EU customers must operate two reporting pipelines with overlapping but non-identical specifications. This is a paradigm case of regulatory burden produced by institutional fragmentation rather than substantive necessity. The framework would be significantly improved by HMRC committing to a single integrated reporting standard that satisfies both CARF and DAC8 simultaneously, and by reciprocal recognition of compliance with the equivalent regime. HMRC’s published guidance acknowledges the issue but does not yet resolve it (HMRC, 2025).

The DeFi perimeter and the over-inclusion problem

The DeFi perimeter problem cuts in the opposite direction from the small-platform concern. By extending the RCASP definition to those exercising “sufficient control or influence” over a protocol, the framework potentially captures persons whose ability to comply is structurally limited. A protocol developer who has renounced administrative keys, or a DAO whose governance is distributed across thousands of token holders, cannot in any meaningful sense “collect self-certifications” or “report transactions”. The obligation, applied literally, would either compel a centralisation of the protocol contrary to its design, or expose the developer to penalties for non-compliance with an impossible obligation.

The doctrinal response, drawing on the principle that legislation should be construed to avoid absurdity (R v Secretary of State for the Environment, ex p Spath Holme Ltd [2001] 2 AC 349), is presumably that “sufficient control” must be read so as to exclude genuinely decentralised arrangements. HMRC has not, however, committed to that construction in published guidance. The result is regulatory chilling: protocol developers may relocate outside the UK, structure their activities to fall clearly outside the perimeter even where compliance would in fact be feasible, or simply abandon UK users. None of these outcomes serves the framework’s objectives.

The better design would adopt a clearer functional test: does the entity in fact have access to the information necessary to comply, and the operational capacity to do so? Where the answer is no, the obligation should not arise. Where the answer is yes, the obligation should arise regardless of the entity’s nominal classification as “centralised” or “decentralised”. This functional approach would also better align the framework with the FCA’s parallel work on cryptoasset regulation under HM Treasury’s October 2023 policy paper and the subsequent draft legislation under section 71K of the Financial Services and Markets Act 2000 (HM Treasury, 2023).

The Penalty Structure and Procedural Fairness

The penalty structure under the 2025 Regulations, drawing on Schedule 23 of the Finance Act 2011, raises distinct concerns. The fixed penalty of £300 per inaccurate record can compound rapidly: an RCASP with 100,000 users, 5% of whom provide inaccurate self-certifications that are not caught by the “reasonableness” check, faces gross penalty exposure of £1.5 million before any reasonable excuse defence. The reasonable excuse defence under paragraph 17 of Schedule 23, as interpreted in Perrin v HMRC [2018] UKUT 156 (TCC), is fact-sensitive and provides limited prospective certainty.

The framework’s penalty design assumes that RCASPs can verify the accuracy of user-provided information at low marginal cost. For tax residence in particular, this assumption is questionable. A user may provide a self-certification that is accurate at the date of onboarding but inaccurate two years later; the RCASP has no continuous duty of investigation but bears penalty exposure if the inaccuracy is detected on audit. The CRS equivalent under the International Tax Compliance Regulations 2015 has been the subject of analogous criticism, and HMRC’s published guidance in the International Exchange of Information Manual at IEIM402040 acknowledges the limits of self-certification but does not relieve the regulated entity of its primary obligation.

From a procedural fairness perspective, the better view is that penalties should be calibrated to the entity’s ability to control the relevant outcome. Where the inaccuracy arises from user dishonesty that no reasonable due diligence would have detected, the appropriate response is enforcement against the user (under the existing TMA 1970 framework) rather than the platform. The current structure inverts this allocation by making the platform the principal target of penalty exposure, on the implicit ground that the platform is the more easily enforceable party. This is administratively rational but doctrinally suspect; it imposes strict liability on an intermediary for the conduct of a third party in a manner that R (Reilly) v Secretary of State for Work and Pensions (No 2) [2016] EWCA Civ 413 and the broader jurisprudence on regulatory penalties would suggest requires particular justification.

The Counterfactual: What Would Happen Without CARF?

Any evaluation of the framework’s effectiveness must consider the counterfactual. Without CARF, HMRC’s options for accessing cryptoasset transactional data are limited but not non-existent. Schedule 36 of the Finance Act 2008 confers powers to obtain information from third parties, and HMRC has used these powers against UK-based exchanges, most prominently in the 2020–2021 information notices issued to Coinbase UK. The “bulk information notice” power under paragraph 5 of Schedule 36 has been used to obtain data on customers with holdings above defined thresholds.

The limitation of this counterfactual approach is its episodic and reactive character. Schedule 36 notices require judicial or tribunal approval (in most cases), are resource-intensive, and produce data only on identified targets or threshold-defined cohorts. They cannot generate the continuous, comprehensive, internationally exchanged data flow that CARF establishes. The choice, in other words, is not between CARF and nothing, but between CARF and a piecemeal regime that is administratively burdensome on HMRC, intrusive on specific platforms, and ineffective against international structures.

On this view, CARF is best understood as a substitution: it replaces episodic, high-intrusiveness enforcement against specific platforms with continuous, lower-intensity reporting across all platforms. Whether this is a net reduction in platform burden depends on the platform: those previously targeted by Schedule 36 notices are likely to find CARF an improvement, while those that escaped such notices will experience CARF as a new burden. The aggregate effect on the industry is probably negative in the short term but may be neutral or positive in the medium term as enforcement intensity stabilises.

The Constitutional and Privacy Dimension

A complete evaluation must address the framework’s interaction with privacy and data protection law. The framework requires the collection and transmission of detailed personal financial data, including for taxpayers whose conduct gives no specific basis for suspicion. The lawful basis under Article 6(1)(c) of the UK GDPR (compliance with a legal obligation) is established by the 2025 Regulations, but the proportionality of the data processing under Article 5(1)(c) (data minimisation) remains contestable.

The Court of Justice of the European Union’s decision in Case C-694/20 Orde van Vlaamse Balies on DAC6, and the subsequent UK case law on information notices under Schedule 36 (notably Jiminez v HMRC [2019] EWCA Civ 51), suggest that information-gathering powers of broad scope can be justified by the compelling public interest in tax compliance, but require procedural safeguards proportionate to the intrusion. The framework’s safeguards are relatively thin: there is no notification to the taxpayer that their data has been reported (in contrast to the position under Schedule 36, where the subject is generally notified), and no specific right of challenge to the inclusion of a particular transaction in a report.

The European Court of Human Rights’ jurisprudence under Article 8 ECHR, particularly M.N. v San Marino (2015) and Bernh Larsen Holding AS v Norway (2013), accepts that bulk financial reporting to tax authorities can be Article 8-compatible where the legal basis is sufficiently clear and accessible and where procedural safeguards exist. The UK framework is likely to satisfy these requirements at the macro level, but the absence of taxpayer notification and the breadth of reportable transactions create a non-trivial risk of challenge under section 6 of the Human Rights Act 1998. The framework’s privacy posture is defensible but not above scrutiny; HMRC’s published Data Protection Impact Assessment acknowledges the issue but resolves it largely by reference to the legitimacy of the underlying policy objective rather than by specific minimisation measures.

Synthesis: A Qualified Endorsement

Returning to the question with which this essay began: will the framework reduce tax avoidance without overburdening platforms? The answer is a qualified yes, but the qualifications materially reshape the conclusion.

First, the framework will reduce detectable non-compliance at the retail and mid-market level substantially. The CRS analogue suggests compliance gains of the order of 10–15% in declared liabilities, with the largest effects on previously undisclosed gains. This is the framework’s principal achievement, and it is significant.

Second, the framework will have a more modest effect on sophisticated avoidance involving offshore structures, DeFi protocols and privacy-enhancing technologies. The framework was not designed to defeat these structures, and to evaluate it by reference to its effectiveness against them is to misunderstand its function. The avoidance gap, in the strict doctrinal sense, will require continued reliance on the GAAR, the transfer of assets abroad code, the CFC rules and the diverted profits tax.

Third, the burden on centralised platforms is significant but broadly proportionate, particularly when set against the counterfactual of episodic Schedule 36 enforcement. The principal avoidable element of the burden arises from the failure to integrate CARF, DAC8 and CRS reporting into a single pipeline; this is a remediable design failure rather than a fundamental defect.

Fourth, the burden on decentralised arrangements is potentially disproportionate and is the framework’s most significant design failure. The “sufficient control or influence” test should be replaced by, or interpreted as, a functional capacity test that excludes entities lacking the operational ability to comply. Without this clarification, the framework risks either being unenforceable against the targets it nominally captures, or producing regulatory flight that defeats its purpose.

Fifth, the penalty structure imposes a degree of strict liability on platforms for user-provided information that is doctrinally questionable and operationally harsh. A clearer reasonable excuse safe harbour, tied to documented compliance with prescribed due diligence procedures, would substantially improve the proportionality of the regime.

The framework, in short, is a well-designed instrument for its primary purpose (closing the retail information asymmetry) but is presented in policy discourse as something more ambitious than it is. The honest defence of CARF is not that it will eliminate cryptoasset tax avoidance; it is that it will narrow the information gap that has allowed cryptoasset markets to operate at lower de facto tax compliance than analogous financial markets. That is a worthwhile achievement, but it is one that should be accompanied by greater candour about what the framework does not do, and by targeted design improvements to address the perimeter and proportionality concerns identified above.

Conclusion

HMRC’s cryptoasset reporting framework will reduce the detectable element of cryptoasset-related non-compliance, principally at the retail level, through the well-attested information-asymmetry mechanism that has driven compliance gains under CRS. It will not, on its own, materially reduce sophisticated international avoidance, and presenting it as an “avoidance” measure rather than an “evasion and non-compliance” measure obscures the analytical structure of the policy. The compliance burden imposed on centralised platforms is broadly proportionate, provided that DAC8 and CRS integration is achieved and that the penalty regime is calibrated to the platform’s ability to control the relevant outcome. The burden on decentralised arrangements, by contrast, is currently disproportionate because the perimeter is doctrinally unclear; without the substitution of a functional capacity test for the present “sufficient control or influence” formulation, the framework will produce regulatory flight without compliance gains in the DeFi sector.

The framework therefore deserves qualified endorsement. Its core mechanism is sound, its alignment with international standards is welcome, and its likely retail compliance effect is substantial. Its weaknesses are remediable through targeted clarification of the RCASP perimeter, integration with parallel reporting regimes, and calibration of penalties. The danger is that those weaknesses are obscured by the political attractiveness of the “tax avoidance” framing, with the result that necessary refinements are deferred. The better view is that HMRC should now publish detailed guidance addressing the DeFi perimeter, commit to a single integrated reporting pipeline with the EU and other CARF jurisdictions, and revisit the penalty structure to introduce a clearer due-diligence safe harbour. With these refinements, the framework will achieve a sustainable balance between effectiveness and proportionality. Without them, it will achieve the first at the cost of the second, and risk becoming an example of regulatory ambition outrunning regulatory design.

References

• Bø, E.E., Slemrod, J. and Thoresen, T.O. (2015) ‘Taxes on the internet: deterrence effects of public disclosure’, American Economic Journal: Economic Policy, 7(1), pp. 36–62.
• Casi, E., Spengel, C. and Stage, B.M.B. (2020) ‘Cross-border tax evasion after the Common Reporting Standard: game over?’, Journal of Public Economics, 190, 104240.
• CryptoUK (2024) Response to HMRC Consultation on the Cryptoasset Reporting Framework. London: CryptoUK.
• Financial Action Task Force (2021) Second 12-Month Review of the Revised FATF Standards on Virtual Assets and Virtual Asset Service Providers. Paris: FATF.
• HM Revenue and Customs (2023) HMRC Internal Manual: Cryptoassets Manual. London: HMRC.
• HM Revenue and Customs (2024a) Cryptoasset Reporting Framework and Common Reporting Standard: Summary of Responses. London: HMRC.
• HM Revenue and Customs (2024b) Individuals’ Holding of Cryptoassets: Uptake and Understanding. HMRC Research Report. London: HMRC.
• HM Revenue and Customs (2024c) Cryptoasset Reporting Framework: Tax Information and Impact Note. London: HMRC.
• HM Revenue and Customs (2025) International Exchange of Information Manual. London: HMRC.
• HM Treasury (2023) Future Financial Services Regulatory Regime for Cryptoassets: Response to the Consultation and Call for Evidence. London: HM Treasury.
• Law Commission (2023) Digital Assets: Final Report. Law Com No 412. London: Law Commission.
• National Audit Office (2022) Managing Tax Compliance Following the Pandemic. HC 957. London: NAO.
• OECD (2023) International Standards for Automatic Exchange of Information in Tax Matters: Crypto-Asset Reporting Framework and 2023 Update to the Common Reporting Standard. Paris: OECD Publishing.
• OECD (2024) Crypto-Asset Reporting Framework: Implementation Status. Paris: OECD Publishing.
• O’Reilly, P., Parra Ramírez, K. and Stemmer, M.A. (2021) ‘Exchange of information and bank deposits in international financial centres’, Hacienda Pública Española/Review of Public Economics, 239(4), pp. 27–69.