Cross-border Bitcoin payments are growing, but they come with complex reporting rules. Governments and organizations like the IRS, OECD, and FATF are tightening regulations to ensure transparency and compliance. Here's what you need to know:
- Bitcoin is classified as property in the U.S., requiring reporting for every transaction, similar to stocks or real estate.
- OECD's Crypto-Asset Reporting Framework (CARF) and the Travel Rule set global standards for tax transparency and transaction data sharing.
- Starting January 1, 2025, new IRS rules will require detailed reporting of gross proceeds and cost basis for digital assets.
- Key compliance tools include tracking fair market values, verifying wallet ownership, and maintaining accurate records.
- Non-compliance can lead to penalties, interest, or blocked transactions under frameworks like the EU's DAC8 and FATF guidelines.
Businesses must stay updated on evolving rules and use reliable systems to simplify compliance. This includes adopting tools that provide real-time analytics, automate reporting, and ensure adherence to local and international standards.
Crypto Reporting Is Changing: CARF 2027–2028
Reporting Standards for Cross-Border Bitcoin Payments
Travel Rule Thresholds by Jurisdiction for Cross-Border Bitcoin Payments
Businesses handling cross-border Bitcoin transactions must navigate a complex landscape of international and local regulations, including the OECD's CARF, the Travel Rule, and individual country-specific rules.
OECD Crypto-Asset Reporting Framework (CARF)
CARF introduces a standardized system for tax authorities to share information about crypto-asset transactions. By early 2025, 63 jurisdictions have committed to adopting this framework, with the first data exchanges projected for 2027.
CARF consists of domestic legal rules, international data exchange facilitated by the Multilateral Competent Authority Agreement (MCAA), and a universal XML schema for data transmission. In October 2024, the OECD released this XML schema, enabling tax authorities worldwide to share crypto transaction data.
Reporting Crypto-Asset Service Providers (RCASPs) include entities like crypto exchanges, wallet providers, brokers, and financial institutions. The scope also extends to non-custodial service providers and some decentralized finance (DeFi) platforms. These providers must report various activities, including:
- Crypto-to-fiat transactions
- Crypto-to-crypto exchanges
- Retail payments exceeding $50,000
- Transfers to self-hosted wallets
Notably, Central Bank Digital Currencies (CBDCs) and certain electronic money products are excluded from CARF, as they fall under the amended Common Reporting Standard (CRS). However, cryptocurrencies, NFTs, and stablecoins are included in CARF's scope.
RCASPs are required to track asset values in real time to ensure accurate reporting of acquisition costs and proceeds. They must also implement systems to identify whether transfers are directed to regulated service providers or self-hosted wallets, as each requires specific reporting. Under frameworks like the EU's DAC8, service providers must block users from completing reportable transactions if they fail to submit self-certification after two reminders within a 60-day period. Non-compliance under DAC8 can result in penalties ranging from €20,000 to €500,000.
Travel Rule Requirements
While CARF focuses on tax data exchange, the Travel Rule ensures that transactional details are shared between service providers. Known formally as FATF Recommendation 16, the Travel Rule requires Virtual Asset Service Providers (VASPs) to collect and share originator and beneficiary information for transactions exceeding certain thresholds. In June 2025, the Financial Action Task Force expanded the rule to include fraud prevention measures, introducing Confirmation of Payee (CoP) verification and ISO 20022 messaging standards.
For qualifying transactions, VASPs must transmit details such as the originator's name, account number, physical address, date of birth, and unique identifiers like LEI or BIC. Identifying whether a recipient wallet is hosted by a VASP or unhosted remains a key challenge.
Thresholds for compliance vary significantly across jurisdictions:
- The European Union has implemented a zero threshold, meaning all crypto transactions must comply with the Travel Rule as of December 30, 2024.
- In the United States, the threshold remains at $3,000 for cross-border transfers, though FinCEN has proposed lowering this to $250 for international crypto transactions.
- Singapore enforces a threshold of SGD 1,500.
| Jurisdiction | Threshold | Key Regulation |
|---|---|---|
| European Union | €0 (Zero) | Transfer of Funds Regulation (TFR) / MiCA |
| United States | $3,000 (Proposed $250) | Bank Secrecy Act (BSA) |
| Singapore | SGD 1,500 | Payment Services Act |
| United Kingdom | No specific minimum | Money Laundering Regulations 2017 |
This uneven implementation has led to what experts call the "Sunrise Problem." As Elliptic explains:
The patchwork implementation of the Travel Rule around the world [is] the 'sunrise problem.' This regulatory inconsistency reduces incentives for universal adoption.
For transactions originating from jurisdictions without Travel Rule enforcement, businesses should conduct risk-based assessments before releasing funds.
To securely share required data, businesses can use open protocols like OpenVASP, TRISA, or alliances such as TRUST. Additionally, maintaining audit trails of collected data and verification steps is essential for compliance. In jurisdictions like Hong Kong, regulators are moving toward requiring technical proof of wallet ownership, such as cryptographic signature testing, for transactions involving unhosted wallets.
Country-Specific Reporting Regulations
Although CARF provides a global framework, individual jurisdictions have introduced tailored requirements. For instance, the European Union's DAC8 mandates the automatic exchange of crypto-asset transaction data among EU member states. While DAC8 aligns with CARF in many ways, it includes specific provisions for operations within the EU.
Under DAC8, crypto service providers must collect and report transaction data. Businesses operating in the EU without authorization under the Markets in Crypto-Assets Regulation (MiCA) must register in a single Member State to comply. Data collection begins January 1, 2026, with the first reporting deadline set for September 30, 2027.
National tax authorities must receive information within the calendar year following the reporting year and exchange it with other Member States within nine months. Member States are required to store this data for at least five years. Although DAC8 ensures a unified standard, penalties for non-compliance are determined by individual Member States, as long as they are deemed "effective, proportionate and dissuasive".
The scope of reporting has expanded to include stablecoins, e-money tokens, certain NFTs, and decentralized assets. Beyond taxation, reported crypto data is increasingly used for anti-money laundering (AML), counter-terrorism financing, and monitoring sanctions compliance.
For cross-border tax rulings involving individuals, DAC8 sets an automatic exchange threshold of €1,500,000. By July 2024, 58 jurisdictions had announced plans to begin automatic information exchange under CARF by 2027, compared to the 100+ jurisdictions already using the original Common Reporting Standard (CRS) for traditional financial accounts.
Businesses should closely monitor the transposition of DAC8 into national laws by December 31, 2025, ensuring compliance with specific local requirements, including reporting formats and deadlines. Verifying user Tax Identification Numbers (TINs) using government-provided tools will also be critical, as this is a core requirement under both DAC8 and CARF.
Using Bitcoin Payment Solutions for Compliance
As regulations around Bitcoin payments become more complex, having the right tools in place is essential for staying compliant. Cross-border transactions, in particular, require a solid payment infrastructure to handle the intricacies of reporting and adherence to standards like the OECD Crypto-Asset Reporting Framework (CARF) and the FATF Travel Rule. A well-designed payment gateway can ease these challenges by simplifying reporting, reducing administrative overhead, and ensuring transactions meet the required standards.
How Flash Simplifies Global Bitcoin Payments
Flash offers a range of tools - payment links, paywalls, subscriptions, widgets, point-of-sale systems, and custom integrations - all designed to facilitate global Bitcoin payments while staying in line with evolving compliance standards.
Starting January 1, 2025, PDAPs will need to report gross proceeds on Form 1099-DA, with cost basis reporting becoming mandatory a year later on January 1, 2026. Flash is built to support these requirements by providing transaction data in IRS-compliant formats. To avoid penalties and backup withholding, businesses can validate customer TINs through the IRS TIN-matching program.
For companies operating across various jurisdictions, Flash's tools are adaptable to differing regulatory needs under the Travel Rule. Its infrastructure tracks transaction values in real time, helping businesses determine when they need to share originator and beneficiary information as per FATF guidelines.
Non-Custodial Wallet-to-Wallet Transactions
Flash uses a non-custodial model, meaning Bitcoin transactions move directly between customer and business wallets without any intermediary holding the funds. Under current rules, non-custodial brokers - those who don't take possession of digital assets - are exempt from specific IRS reporting requirements, though separate regulations are expected. However, businesses must still monitor and report outbound transactions to unhosted wallets, as required by CARF. Flash's system helps businesses identify wallet types, ensuring accurate record-keeping for transactions that fall under reporting obligations.
Real-Time Analytics for Reporting
Flash provides real-time analytics that track key metrics like transaction volumes, customer locations, and payment amounts. This feature helps businesses comply with CARF and Travel Rule requirements. For example, RCASPs can use Flash's tools to monitor asset values in real time, ensuring accurate reporting of acquisition costs and proceeds. The dashboard also allows businesses to export compliant reports in universal XML and other formats, aligning with regulatory timelines such as the EU's DAC8.
Additionally, Flash's analytics support the implementation of de minimis thresholds, which can simplify reporting for smaller transactions. These capabilities help businesses build stronger internal compliance systems, setting the stage for the processes discussed in the next section.
sbb-itb-f81ab9b
Best Practices for Maintaining Compliance
Setting Up Internal Reporting Processes
To stay on top of compliance, you need a solid system to track every transaction. The IRS requires all taxpayers - including corporations filing Form 1120, partnerships filing Form 1065, and S corporations filing Form 1120-S - to answer specific questions about digital asset activity. A well-organized reporting system can help you distinguish between taxable events (like receiving Bitcoin for services, selling it for fiat, or trading it for another cryptocurrency) and non-taxable ones (such as transferring Bitcoin between your own wallets).
For taxable events, it's critical to report Bitcoin payments for services at their USD value at the time of receipt. Keep a detailed log of each transaction, including the fair market value, type of transaction, and the date it occurred. This level of documentation ensures you're meeting compliance standards.
You can also create an internal checklist to determine whether you need to answer "Yes" to the digital asset question on your tax return. Scenarios that trigger a "Yes" include receiving Bitcoin through mining, staking, hard forks, or as payment for services. However, simply buying Bitcoin with fiat or transferring it between wallets you control usually doesn’t require disclosure.
To make this process smoother, consider automating the aggregation of data for IRS forms, especially for reporting capital gains. The IRS has made it clear: "Failing to accurately report income may result in accrued interest and penalties", so precision in record-keeping is non-negotiable - especially for cross-border transactions.
These steps ensure your internal processes are ready to support collaboration with trusted providers.
Working with Trusted Bitcoin Payment Providers
A reliable Bitcoin payment provider can take much of the reporting stress off your plate. For example, Flash’s platform automatically tracks transaction values and categorizes them as taxable or non-taxable. It even exports this data in formats that align with tax reporting forms, minimizing manual work and reducing the chances of errors that could lead to penalties or audits.
Monitoring Regulatory Changes
After setting up internal systems and partnering with dependable providers, staying informed about regulatory updates is crucial.
Bitcoin payment regulations, particularly for cross-border transactions, are constantly evolving. Reporting requirements now cover a broader range of entities, including estates, trusts, partnerships, and corporations, as tax authorities push for standardized disclosures.
To stay compliant, keep an eye on updates from the IRS, FATF, and other local tax authorities. Be aware of new thresholds, deadlines, and changes to reporting forms. Regularly reviewing and adjusting your internal processes ensures you remain aligned with the latest standards. A flexible payment system also makes it easier to adapt to new requirements without overhauling your entire setup.
Conclusion: Managing Compliance for Cross-Border Bitcoin Payments
Handling compliance for cross-border Bitcoin payments requires a solid approach built on accurate recordkeeping, reliable tools, and staying informed about regulatory changes. Since digital assets are considered property for tax purposes, every transaction - whether it's a sale, exchange, or receipt - can lead to reporting obligations.
The foundation of compliance lies in three key areas: detailed recordkeeping, dependable payment systems, and proactive monitoring of regulations. For example, custodial platforms will soon face new reporting rules on gross proceeds and cost basis. The IRS has emphasized that failing to report income accurately could result in penalties and interest charges. For those using self-custody wallets, the responsibility is even greater, as users must manually track timestamps, fees, and fair market values for each transaction. Keeping detailed and organized records ensures smooth management of these obligations.
Using a strong payment infrastructure can make compliance less of a headache. Take Flash’s non-custodial wallet-to-wallet payment system, for instance. It provides real-time analytics and automated tracking, reducing manual errors and simplifying documentation. These tools not only address current compliance needs but also position businesses to handle future regulatory updates with ease.
As global regulations continue to shift, staying informed about new requirements - such as updated thresholds and forms - is critical. By making compliance a core part of operations, businesses can adapt quickly to these changes and maintain smooth cross-border payment processes.
FAQs
What tools help ensure compliance for cross-border Bitcoin transactions?
To stay compliant with cross-border Bitcoin transactions, businesses need to follow international regulations aimed at curbing money laundering, tax evasion, and other financial crimes. A cornerstone of this effort is adhering to the Financial Action Task Force (FATF) guidelines, which focus on key practices like customer due diligence, monitoring transactions, and reporting any suspicious activities.
The OECD's Crypto-Asset Reporting Framework (CARF), along with updates to the Common Reporting Standard (CRS), plays a crucial role in enabling the automatic exchange of tax-related data for crypto transactions. This framework enhances transparency across borders. Compliance also requires verifying counterparties, adopting standardized reporting protocols, and using messaging standards such as IVMS101 to ensure secure data exchange.
In the U.S., agencies like FinCEN mandate that businesses register, maintain detailed records, and report specific virtual currency transactions. These regulations aim to create a secure and transparent system for global Bitcoin payments.
How will the OECD’s Crypto-Asset Reporting Framework (CARF) affect businesses handling Bitcoin payments?
The OECD's Crypto-Asset Reporting Framework (CARF) is set to change how businesses handle reporting for crypto-assets like Bitcoin. Starting January 1, 2026, many crypto service providers will be required to collect detailed information about their customers and transactions. This includes data such as tax residency certifications, which must be reported annually to national tax authorities. These authorities will then exchange this information across borders to improve tax compliance worldwide.
For businesses in the crypto space, it's essential to assess whether they fall within CARF's scope. If they do, they’ll need to implement systems capable of meeting these reporting obligations. Failure to comply could lead to penalties or heightened scrutiny. Adapting to these new global standards is key for crypto-related businesses to avoid potential risks and align with international tax regulations.
What are the consequences of not following cross-border Bitcoin payment regulations?
Failing to meet cross-border Bitcoin payment regulations can have severe repercussions. These include substantial fines, frozen assets, and a tarnished business reputation. Ignoring essential requirements like Anti-Money Laundering (AML), Know Your Customer (KYC), and proper reporting standards could also lead to legal troubles or restricted access to financial services.
To steer clear of these issues, make sure your Bitcoin transactions comply with all relevant laws and regulations. Additionally, keep detailed and accurate records for tax and reporting purposes to ensure you're always on the right side of compliance.