Globally, CARF requires certain crypto-asset service providers to collect detailed information about their users and report crypto-asset transactions to local tax authorities, who then share this data with partner jurisdictions where the users are tax resident. By the end of 2025, more than 60 jurisdictions, including the Cayman Islands, have committed to implementing the CARF, with the first exchanges of information planned for 2027.
Implementation in the Cayman Islands
The Cayman Islands, a leading offshore financial center, has aligned itself with international standards by promulgating the International Tax Information Authority (Crypto-Asset Reporting Framework) Regulations 2025 (the “Crypto-Asset Reporting Framework”).CARF Regulations“. These regulations come into force on January 1, 2026, demonstrating the jurisdiction’s commitment to global tax transparency while maintaining its position as a cooperative financial hub.
The framework applies from the calendar year 2026, with the first reporting deadline set at 30 June 2027. The information collected will be exchanged automatically with partner jurisdictions from 2027.
Who is subject to reporting obligations?
In the Cayman Islands, reporting obligations lie with Cayman Islands cryptoasset reporting service providers (“Cayman RCASP“). These are natural or legal persons who, as part of their activity, provide services carrying out “Exchange Operations” or “Transfers” of “Relevant Crypto-Assets” for or on behalf of clients.
Relevant crypto-assets include digital representations of value based on distributed ledger technology (e.g. Bitcoin, stablecoins, NFTs, utility tokens), excluding central bank digital currencies (CBDCs), specified electronic money products or assets deemed unusable for payment or investment.
Affected services generally include:
- Operating cryptocurrency trading platforms or exchanges
- Act as brokers, dealers or intermediaries in crypto transactions
- Providing counterparty services or operating crypto ATMs
A Cayman RCASP includes entities resident in the Cayman Islands (incorporated, managed or financially regulated there) or Cayman branches of non-resident suppliers. Purely investment activities of funds (without providing foreign exchange services) are generally excluded.
Although the CARF regulations only apply to a fairly narrow set of crypto-related intermediaries, the OECD has published frequently asked questions (“Frequently Asked Questions”).FAQss”) providing interpretive guidance on the CARF to ensure consistent implementation across jurisdictions. In particular, these FAQs clarify that, generally speaking, non-custodial service providers relating to crypto-assets, including those operating in a decentralized manner, may meet the definition of a reporting crypto-asset service provider. This addresses previous uncertainties around decentralized finance (DeFi) platforms and non-custodial wallets or exchanges. Further updates FAQs have introduced a “Check or Test Sufficient Influence” (COSI) to determine whether decentralized platforms fall within the scope, in line with approaches to anti-money laundering standards.
We are awaiting clarification from the International Tax Compliance Department (theDITC“), which is part of the Tax Information Authority (the “AIT” as to whether FAQs are part of the CARF Regulation. The general wording of Regulation 3 suggests that yes, although the OECD itself makes a distinction between the FAQs, as guidelines, and its commentaries, which are an integral part of the CARF. The DITC’s CARF “Quick Guide” appears to make this same distinction.
The OECD noted that purely decentralized protocols without any entity exercising control may be excluded, but platforms facilitating transactions (even non-custodial) are often eligible if they allow users to trade. Additional detailed guidance on non-custodial and decentralized services is being developed by the OECD.
Cayman RCASPs must register with the DITC:
- Pre-existing suppliers by April 30, 2026
- New providers before January 31 of the following year
Changes to registration details must be notified within 30 days.
What information should be collected and reported?
Cayman Islands RCASPs must use due diligence to identify “reportable users”: users of cryptoassets (individuals or entities) or their controlling persons who are tax residents in a reportable jurisdiction (i.e. jurisdictions with which the Cayman Islands has an exchange agreement).
Due diligence relies heavily on self-certifications, similar to CRS and supplemented by AML/KYC procedures:
- For new users (starting January 1, 2026): collect a valid self-certification when establishing the relationship
- For pre-existing users: Collect before December 31, 2026
Self-certifications must include tax residency and tax identification numbers (“TIN), and for entities, the contact details of the controlling persons.
The information reported includes:
- User identification: name, address, jurisdiction(s) of tax residence, TIN, date/place of birth (for individuals) and confirmation of valid self-certification.
- Transaction details (aggregated by relevant cryptoasset type)
- Acquisitions and disposals (exchanges with fiat or other crypto-assets)
- Transfers (including retail payments, airdrops, staking rewards or loans)
- Number of units, total values, number of transactions and details of transfers to non-custodial wallets
Void declarations are required if no reportable activity takes place.
Declaration deadlines and recipients
Reports are annual and electronic, using the OECD CARF XML schema.
- Deadline: June 30 of the year following the reporting period (first submission: June 30, 2027 for 2026 data)
- RECIPIENT: Reports are submitted directly to the Cayman Islands DITC/TIA
- Exchange: The TIA then automatically exchanges the information with the tax authorities of the reporting partner jurisdictions.
RCASPs must avoid duplicate reporting by taking into account nexus rules if they operate in multiple jurisdictions.
Records must be kept for at least six years.
Penalties for non-compliance
The CARF Regulations include robust enforcement provisions. Non-compliance, such as failure to register, exercise due diligence, file accurate returns, or respond to TIA’s requests, constitutes an offense.
Penalties include:
- Fixed fines of up to CI$50,000 (approximately US$61,000)
- Continuing daily penalties for non-payment
- Personal liability of directors, officers or other officers of entities, unless they can prove that they exercised reasonable care to prevent the violation
Other offenses include providing false self-certifications or obstructing TIA functions.
Conclusion
The introduction of CARF in the Cayman Islands strengthens the jurisdiction’s reputation for regulatory cooperation while imposing new compliance burdens on crypto-asset service providers. Entities operating in or from the Cayman Islands must quickly assess their status, implement compliance policies and prepare for registration and due diligence obligations beginning in 2026. Early preparation will be essential to avoid significant sanctions in this evolving regulatory landscape.
