Cryptoassets Manual

CRYPTO49000 - Cryptoassets for businesses: The Cryptoasset Reporting Framework

The Cryptoasset Reporting Framework (CARF) requires reporting cryptoasset service providers (RCASPs) to undertake due diligence and report transactional information on cryptoassets to HMRC annually.

From 1 January 2026, UK RCASPs are required to undertake due diligence on their customers. RCASPs are also required to report aggregate transactional data relating to their customers’ cryptoasset activity. The reporting obligation applies in relation to customers resident in the UK and customers resident in one of the countries in the list provided by HMRC.

UK cryptoasset exchanges and other cryptoasset service providers will need to evaluate whether they are required to report information under the CARF. This includes establishing:

• Whether they are a RCASP as defined by the CARF
• Whether they are under an obligation to report in the UK

Detailed technical guidance on the scope of the CARF, due diligence obligations, reporting obligations and penalties for non-compliance can be found in the International Exchange of Information Manual from IEIM800001.

 

Business Customers of a RCASP

Businesses that undertake cryptoassets activity through cryptoasset services providers will be required to provide certain details to their service provider. If a business is an entity (for example, a corporation), rather than an individual (for example, a sole trader), the CARF also requires due diligence information relating to the controlling persons of that entity (IEIM8000400). Failure to provide the required information to the cryptoasset service provider may result in a penalty. The cryptoasset service provider may also refuse to provide further services to the customer (IEIM8000600).