In this bonus Cayman Islands Regulatory 15/15 episode, Anthony Mourginos and Daniel Moore discuss the implementation of the OECD's Crypto Asset Reporting Framework (CARF).

To read the 2026 Cayman Islands Regulatory Calendar, visit https://maples.com/regulatory-round-up/2026-cayman-islands-regulatory-calendar.

SPEAKERS:

Anthony Mourginos, Partner | +1 345 814 5666 | anthony.mourginos@maples.com | View bio

Daniel Moore, Associate | +852 5729 3584 | daniel.moore@maples.com | View bio

Visit our Regulatory Round-Up Blog for the latest developments and insights in the regulatory landscape

RELATED SERVICES:

Maples Group Regulatory and Financial Services Advisory

With a depth of experience across all regulated sectors, the Maples Group Regulatory and Financial Services team is positioned to address client needs and sensitivities. We have the largest dedicated Cayman Islands Regulatory and Financial Services team in the offshore market.

Follow Us:

LinkedIn: https://www.linkedin.com/company/maplesgroup/

Instagram: https://www.instagram.com/maplesgroup/

Twitter: https://twitter.com/maplesgroup

Facebook: https://www.facebook.com/maplesgroup/

Website: https://maples.com/podcasts/15-15

Blog: https://maples.com/regulatory-round-up

Good morning.

2

Good afternoon, everyone, and thank you

3

My name is Anthony Mourginos.

4

I'm a partner in the Cayman Islands

Regulatory and Financial services team,

5

and I'm joined today

6

by my colleague Dan Moore from our Maples

Group Hong Kong office.

7

Today we're going to walk

through the implementation of the OECD's

8

Crypto Asset Reporting Framework,

or CARF in the Cayman Islands.

9

We'll broadly cover five topics.

10

What CARF is and why it matters.

11

Who's in scope in the Cayman Islands?

12

What businesses generally need to do

and buy when?

13

How CARF differs from the CRS or the common reporting standard

14

and how Cayman is implemented

15

CARF domestically, including key days

and compliance touchpoints.

16

We'll then wrap up at the end

with some practical takeaways.

17

Now, before we get into the meat of it,

18

I just, it goes

without saying that today's session,

19

is intended as high level information

only and not legal advice.

20

Obviously, if our listeners would like

more information or formal advice

21

on the cough regime

or any other regulatory aspect,

22

please do feel free

to reach out to a usual Maples contact

23

or Dan and myself,

and we'd be more than happy to advise.

24

Thanks, Anthony.

25

So CARF represents

a significant new international

26

tax transparency framework

across the digital assets ecosystem.

27

The Cayman Islands has now published

its legislative implementation,

28

with the framework having gone

29

So today's session is designed

to be practical,

30

deadline focused and aligned to what

the rules require.

31

That's right. Thanks, Dan.

32

So let's kick it off with some,

a high level

33

understanding of CARF

and the OS, OECD's framework.

34

At a high level.

35

So as I said before, CARF is the OECD's

36

dedicated global transparency

framework for crypto assets.

37

It requires annual automatic exchange of

tax relevant information on transactions

38

in what are called relevant crypto assets,

which are to be reported by

39

what are called reporting crypto assets

service providers or RCASP.

40

It doesn't quite roll off the tongue.

41

So, for today's session,

I'll try to refer them,

42

refer to them as service providers

or crypto asset service providers.

43

And those types of service

providers, need to report

44

where they have a nexus in the,

participating jurisdiction.

45

CARF was developed

with a close visibility to the gaps

46

that arise because, crypto assets can,

in some instances,

47

be issued, held and transferred outside

of traditional financial intermediaries.

48

So the framework is built around,

the following general, building blocks.

49

So what are the assets covered?

50

As I mentioned before.

Crypto assets in the name.

51

So crypto assets are,

I'm sure most of our listeners know

52

digital representations of value

that rely on, cryptographically secured

53

distribution, distributed ledger

and or similar technology.

54

So relevant crypto assets.

55

So for the purposes of the CARF regime.

56

So crypto assets that give rise

to reporting or certain relevant

57

transactions that need to be reported

58

on the cuff, generally excludes

or to start with what's out.

59

Then we'll go to what's in generally

exclude central bank digital currencies.

60

Certain specified e-money products

or assets that are providers

61

generally determined can't be used

for payment or investments set purposes.

62

So a report a relevant

crypto asset, in practice generally means

63

most mainstream tokens, stablecoins,

unless they qualify as specified e-money,

64

many NFTs that are used for investment,

and derivatives

65

that are issued in the form of crypto

assets will generally be in scope.

66

So who's, required to report?

67

So as I mentioned before,

reporting crypto asset service providers,

68

those those types of entities

69

are in scope of the regime.

70

Service providers that are incorporated,

71

registered, established

or regulated in the relevant jurisdiction.

72

In our case, obviously the Cayman Islands,

or have an effective

73

management into a regular place

of business in that jurisdiction,

74

which as a business provide

75

a service effectuating

what's called exchange transactions for.

76

And we'll go into what

that means, later on in the session

77

for or on behalf of customers.

78

Including acting as a counterparty

or intermediary

79

or by making available a trading platform.

80

So this includes any service provider,

through which a customer can exchange

81

crypto assets.

82

Whether that's, crypto for fiat

83

or vice versa,

or for crypto to other crypto assets.

84

For example,

it can include certain brokers or dealers,

85

dealing in crypto assets, market

makers, operators of crypto asset ATMs,

86

and depending on the control and influence

factors, certain types of decentralized

87

exchange platforms,

88

whether or not these exchange platforms

are going to be, in scope or the operate

89

is basically depends on a factual analysis

of their control influence over it.

90

Don't have time to get into it

today, but, there's an interesting,

91

analysis

to be done for those types of exchanges.

92

What type of transactions

need to be reported on the cuff?

93

So there are, as I mentioned before,

there's generally three types

94

of transactions

involving relevant crypto assets

95

that, are relevant to transactions

that need to be reported under CARF.

96

Crypto to

97

fiat exchanges, crypto

to crypto exchanges,

98

and certain types of transfers

including high value retail payments.

99

So I think that the limit there is or the

the the threshold there is 50,000 USD.

100

What needs to be reported?

101

Reporting crypto asset service

providers have to report specified

102

identification data

with respect to their users

103

or the customers,

which can be individuals or entities.

104

And if, if there are entities relevant,

controlling persons with respect

105

to those entities,

as well as the aggregated

106

transaction values with respect

to those reportable transactions, service

107

providers have to, collect, certain due

diligence on reportable customers.

108

So the providers have to collect

and validate self-certification

109

for new customers as of 1st January 2026,

and for preexisting customers.

110

So customers, that were in place,

111

as at 31st of December 2025,

112

within 12 months of the rules

taking effect.

113

It's also the case that, as with the CRS

regime, service providers

114

can validate and certify the information

provided with respect to customers

115

using their already collected

AML or KYC, information.

116

And I think that brings us to a

an interesting point

117

is that this framework, the CARF

framework, is designed to interact

118

efficiently with the CRS

in recognition of the fact that really

119

this regime is extending AEOI to crypto,

but there will be institutions

120

that are subject to both.

121

So we'll get into a little bit

more detail.

122

But certain assets remain under the CRS.

123

Even crypto assets like the central bank

digital currencies like specified e-money,

124

if they're held in a financial account.

125

Whereas CARF operates a little bit

more broadly with respect to crypto. So

126

we will discuss that in a little bit

more detail.

127

We were just mentioned at this point

that the regimes are calibrated

128

to reduce double reporting

129

or eliminated where an institution

is subject to both CRS and CARF,

130

and I think that's something

that market participants will be,

131

will be getting to grips with as, as this,

as familiarity with CARF develops.

132

So I think that brings us on to the Cayman

Islands implementation of CARF.

133

There are implementing regulations,

134

from 2025, which came into force

135

So CARF in the Cayman Islands

with respect to relevant

136

reporting crypto assets

service providers is in force now.

137

And what those regulations do similar

to CRS, is they adopt the OECD definitions

138

from the overall CARF framework,

and they embed them into Cayman law.

139

And then also on top

you have the Cayman specific

140

mechanics on operational matters

like the registration,

141

the filing, the monitoring and of course

the penalties for noncompliance.

142

So the regulations broadly

do kind of those, those important things.

143

The key and scope concept,

as Anthony mentioned,

144

is the Cayman report

and crypto asset service provider.

145

So to the extent that the Cayman regs

are implementing CARF, they do apply

146

only to those Cayman connected report

and crypto assets service providers.

147

And again that that's been discussed.

148

But it broadly will capture

reporting crypto assets, service providers

149

that are resident

in the Cayman Islands or, or a branch.

150

And there are various,

there are various meanings,

151

that are attached to resident

in the islands and, and the branch aspect.

152

And so, yeah, it's interesting point,

about that, the scope of the regime.

153

I think now that we

have the regulations out there, it's it's,

154

one point to kind of get out there

and clarify with listeners is that,

155

the definition of a reporting crypto

asset service provider,

156

a can include obviously entities,

157

as well as individuals

that are acting as a business.

158

And it's not limited to virtual asset

service providers.

159

Our listeners will, I'm sure, be familiar

with the virtual asset service providers,

160

act in the VASP

regime in the Cayman Islands,

161

of a reportable crypto asset.

162

Oh, sorry.

163

A relevant crypto asset service

provider is not limited to VASPs.

164

So it is possible

that a VASP could as Dan mentioned,

165

could also be in scope of CARF.

166

But certain VASPs

will probably most likely

167

find themselves out of scope of CARF

due to the way that the definition of a,

168

service provider

for CARF purposes, works.

169

Likewise with CRS,

170

just because you're

a financial institution,

171

certainly doesn't mean

that you're automatically going to be

172

in scope of CARF.

173

So the standalone regime,

it ties in with some of the other regimes.

174

But, there's some crossover, as well.

175

Okay.

176

So as I mentioned,

our regime in the Cayman Islands is live.

177

If you are in scope,

if you are a relevant crypto asset

178

reporting service provider,

what do you need to do?

179

So there are a few key workstreams

that in scope entities

180

will need to bear in mind.

181

First of all, is registration with the

DITC, again, similar to the CRS regime,

182

all Cayman Islands

reporting crypto asset service providers

183

other than certain exempted

bodies are government entities and,

184

certain types of pension funds

and so forth.

185

Need to register with the DITC.

186

There are some deadlines now out there

posted for the CARF regime.

187

So existing service providers,

that are in scope,

188

before the 1st of January 2026, they need

to register by 30th April of this year.

189

So 30th April 2026.

190

And providers that become in scope,

191

need to register on or before that date,

31st of January of the following year.

192

So they're in

193

The registration again, just like,

194

series is completed by the DITC

electronic portal.

195

And that includes

or the registration application

196

will include information

about the service provider and details

197

of its principal point of contact

in the Cayman Islands.

198

What else need to do?

199

As I mentioned before, there's due

diligence and self-certification.

200

So a reporting crypto asset service

provider has to obtain

201

a self-certification

from each of its customers.

202

That self-certification will allow it

to determine tax residents, conduct

203

due diligence and identify customers

that have that are reportable.

204

And where the entities identified,

they're reportable controlling persons.

205

So from 1st January 2026,

a new customer for reporting crypto

206

asset service provider has to provide

a valid self-certification at onboarding.

207

Covering the

208

customer's name,

209

address, jurisdiction of tax residence,

their tax identification number,

210

if there is one, date of birth

for individuals.

211

And like I mentioned before,

just like under the CRS regime,

212

there are obligations on the service

provider

213

to cross-check and validate

this information against existing KYC

214

or AML data that that they hold

with respect to that customer.

215

For preexisting customers

of a service provider.

216

So customers that were in place

217

the CARF does provide for

for a generous grace period,

218

until 31st of December of this year.

219

So 31st December 2026, in order to obtain

and validate the self-certification,

220

for those preexisting users or customers,

again, just like with Chris,

221

where we have

those certifications in place,

222

there are obligations

to update that material.

223

If there is a significant change.

224

So there are obligations on the,

customer

225

to provide that data,

updated data to the service provider.

226

So the

whole purpose, as I mentioned, of the CARF

227

regime, is reporting and automatic

exchange of this, crypto related data.

228

So there are reporting obligations on in

scope service providers for CARF.

229

So what do you need to report?

230

What does the entity need to report?

231

Broadly two things, details of reportable

232

customers

and details of reportable transactions.

233

So with respect to customers

that are in a reportable jurisdiction.

234

So basically one of the jurisdictions

that has

235

been listed or agreed,

236

to reporting under the CARF regime,

237

unless those individuals are excluded,

238

either because they're publicly traded,

there are government entity,

239

they're an international organization,

240

a central bank, certain

types of financial institutions.

241

So reportable

customers, need to be reported,

242

if the

243

customer is an entity or need to identify

reportable controlling persons.

244

And if the, customer need to determine

if the customer is either active

245

or passive, in this case,

if the customer is an active entity,

246

then it's not necessary to identify

controlling persons.

247

Now, our listeners will be very familiar

with these people, familiar

248

in some way

with these, with this terminology,

249

because it borrows heavily

from the CRS regime.

250

We don't have time in this podcast

to get into the nitty gritty of all

251

the details, but,

thankfully there is some, crossover,

252

familiarity

with some of those definitions.

253

The other thing to report is transactions.

254

So a reporting crypto asset service

provider has to report on exchange

255

transactions and transfers, exchange

transactions, as I mentioned before.

256

Any exchanges

between crypto assets and fiat currencies

257

or between one or more forms

of crypto assets and then transfers.

258

So any transaction

which isn't an exchange transaction,

259

including certain types of retail

payments, that moves a crypto asset,

260

from or to the crypto asset address

or account of another customer.

261

As I mentioned

before, the deadlines are up.

262

So the first report is due

263

So 30th June, 20th June 2027.

264

And that report

will cover the 1st of January

265

through to the 31st of December, 2026.

266

And thereafter.

267

There's annual

reporting from 30th June onwards.

268

Another thing to keep in

mind is recordkeeping.

269

So, we, we encourage,

270

in scope entities, in scope, service

providers to maintain documentation

271

for at least five years,

after the end of the period

272

in which the information

has to be reported to the DITC. Why?

273

Because the DITC might require

and has powers to request this information

274

or require certain records

be provided to it with respect to CARF.

275

And that and just so you are aware,

that does include information

276

which is stored

outside of the Cayman Islands.

277

Another thing to keep in

278

mind, governance training IT solutions.

279

So if you are an in scope

service provider, what should you do?

280

Firstly, determine if you're in scope.

281

If you are, establish and maintain

282

written policies and procedures

in order to comply with CARF.

283

Including the due diligence obligations

that reporting requirements

284

and then implement

those policies, procedures

285

and keep evidence of the steps

and the measures that you've taken.

286

Training, ensure that all the relevant

staff, that are responsible for customer

287

onboarding or reporting for CARF

purposes are trained on the new regime.

288

Ensure that any of your IT

systems are updated accordingly

289

to ensure that you can capture

the relevant data points.

290

And of course, senior management

need to be briefed and,

291

up to up to speed

with the new requirements

292

in order to understand

the measures that are being taken.

293

Now, it wouldn't be a regulatory 1515

if we didn't at least mentioned,

294

the opportunity for enforcement,

of course, just like,

295

CRS and most of the other regimes

in the Cayman Islands,

296

regulators do have the power to,

297

enforce the obligations

298

and requirements under the regime.

299

Under the regulations,

there are specific offense provisions,

300

including offenses for,

providing false certifications,

301

tampering with the information, hindering

the authority in its obligations.

302

And the DITC can also choose

to impose certain administrative fines

303

up to about 50,000

Cayman Islands dollars.

304

There's also the ability for the

for the authority to impose daily charges,

305

interest and further penalties,

with certain caps.

306

It's also important to be aware

that directors and other senior

307

senior managers can also be made

personally liable

308

for certain types of breaches of the act,

in certain circumstances.

309

Again,

this is not a new concept that it applies

310

in most of the other regimes

that we deal with day to day.

311

But, very important

for directors and managers to be aware,

312

like with other

313

regimes, there is also a structured

procedure,

314

for breaches, issuance of penalty

notices, appeals.

315

With respect to the CARF regime.

316

Thank you. Anthony.

317

So I guess just to briefly

bring that all together, the first,

318

aspect of this regime is to determine

whether whether you're in scope of it.

319

So there will be some maybe legal

advice required if you are a business

320

and that has crypto related activities

and you do have a connection

321

to the Cayman Islands,

the first thing to do is to determine

322

whether or not you're in scope

of this regime, whether you do fall within

323

that definition of Cayman, reporting

how crypto asset service provider.

324

And then if you are, that's really

when the obligations kick in.

325

So you will need to register with the DITC

and start obtaining and validating

326

those certifications and related due

diligence from your clients.

327

With a view to being able

328

to report this information

329

And obviously maintaining those records

for that five year period thereafter.

330

So really, it'll be a matter,

for those entities

331

that are in scope of CARF in Cayman,

the build CARF into your compliance

332

risk framework alongside potentially CRS

if you're already in scope

333

and other compliance workflows

like AML and so on.

334

And I think that's just to wrap it up,

because what we are noticing

335

is that there is a little bit of confusion

in the market between CARF and CRS.

336

They are related,

but they are also different.

337

So we thought it would be helpful

to just briefly summarize some key

338

similarities and differences

between the new crypto assets reporting

339

framework

and existing AEOI in the form of CRS

340

and the handful of differences

there to be discussed.

341

One is that the scope of assets covered by

CRS and CARF for a little bit different.

342

So CRS is focused

on historically financial accounts

343

containing traditional money

and traditional financial assets.

344

Recently CRS has been updated.

345

So it will now

cover kind of electronic money equivalents

346

such as central bank digital currencies,

start and specified e-money.

347

But it is a more narrow scope in terms

of the crypto assets that might be called.

348

Whereas carve is a lot more broad

with respect to crypto assets.

349

So most as we said, most, most mainstream

crypto will be in scope of this.

350

And even some other crypto assets

like crypto derivatives,

351

certain NFTs, if they're tradable, could

could potentially be in scope as well.

352

The other

a differences in who has to report.

353

So CRS is based around

kind of reporting financial institutions

354

in the traditional sense.

355

So you were kind of investment funds,

356

your custodial entities, your

depositories, certain insurance companies.

357

Whereas again, because CARF is designed

358

to bring the broader crypto universe

within scope of AEOI.

359

You've got for CARF,

you have this concept of reporting

360

crypto assets service providers,

and as Anthony mentioned, that's not just

361

Cayman VASPs it will probably include

the vast majority of Cayman VASPs.

362

But again, when you're determining

if you're in scope, it can cover entities

363

or individuals providing these crypto

exchange services or platforms

364

with a connection to Cayman Islands,

even if they're not necessarily

365

registered

in the Cayman Islands as a VASP.

366

And there's also a little bit

of difference in terms of the mechanics

367

of reporting.

368

So under CRS, it's

kind of account based reporting.

369

So you've got account balances

values and certain proceeds and so on.

370

Whereas while it's

out of scope of a short podcast,

371

there is an aggregated transaction

based reporting by asset type.

372

So it's kind of netted off,

across the crypto to fiat, crypto

373

to crypto transfers on certain reportable

retail payments made using crypto.

374

So that's that's a little bit

of a difference as well.

375

But in terms of the practical takeaways

and in terms of our clients

376

and friends listening to this podcast,

377

what people really need to do, again,

just to reiterate

378

the immediate action points is to assess

whether you're business number one,

379

meet the functional definition of a report

in crypto asset service providers.

380

And if you have this Cayman connection,

381

that might bring you an scope of the

of the Cayman rules.

382

If you are, you've got to register with

383

If you're already an up

and running crypto asset service provider,

384

and if you're a new crypto asset

service provider,

385

you know, coming into being after

the implementation of the regulations,

386

you do have an extended deadline for

for doing so,

387

you would also need, if you are in scope

to implement the required written

388

policies and procedures,

which is something that we can help with.

389

And then finally, you will need to update

your onboarding system to collect and

390

validate the car certifications from users

according to the relevant deadlines.

391

I think that, wraps it up from my side.

392

Yeah. Thanks, Dan.

393

Well, hopefully,

our listeners have, found that a useful

394

summary of the new CARF regime, as Dan

mentioned, of course, Maples is able

395

to advise and provide more information

on the application of the regime.

396

So if you,

397

are a client or existing client

or potential client,

398

dealing with crypto assets

and want more information on cough, and

399

we want to know whether it applies to you

and if it does, what do you need to do?

400

Please do feel free

to reach out to a usual Maples contact.

401

Or of course, Dan and myself

are really able and willing to advise.

402

So I think that closes it off for today's

403

Please do, like and subscribe to the

podcast on your, favorite podcast app.

404

And, we look forward

to, speaking with you again next month.

405

Cheers!