The Treasury Department is preparing regulations to implement the Organization for Economic Cooperation and Development’s new Crypto-Asset Reporting Framework. So far, the effort has been portrayed as just another routine tax-compliance measure — harmless good governance. It is none of these things.

The framework is a global surveillance infrastructure that would force crypto exchanges and wallet providers to collect and share detailed personal and transaction data on their users with the goal of curbing tax evasion in digital assets. If Treasury proceeds, acting at the behest of global bureaucrats instead of Congress, the U.S. would soon automatically share Americans’ private financial and tax data with more than 80 foreign governments, many of them authoritarian, corrupt, or lacking basic cybersecurity protections.

Congress has begun considering crypto-tax legislation, but has not requested Treasury to adopt the OECD regime. Despite that, Treasury appears ready to move ahead, mirroring its 2016 decision to unilaterally implement OECD’s Protocol amending the Multilateral Convention on Mutual Administrative Assistance in Tax Matters on country-by-country reporting. It transferred an unprecedented amount of sensitive corporate tax data to foreign governments, despite the Senate refusing to ratify the treaty protocol. 

The OECD admits the CARF is significant enough to necessitate a treaty, requiring approval by two-thirds of the Senate. Neither the Biden nor Trump administration has signed it. Nonetheless, implementing CARF would elevate the policy preferences of unelected bureaucrats over the constitutional prerogative of Congress.

If Treasury unilaterally imposes the OECD’s new dragnet reporting and automatic information exchange, Washington would begin sending sensitive data on Americans’ digital-asset transactions to foreign tax authorities by default, not by request, and not based on targeted, case-specific suspicions of wrongdoing. China, Kazakhstan, Nigeria, Turkey, Kenya, and Malaysia, among others, will have access to everyone’s crypto transactions.

International tax bureaucrats insist these systems are merely “tax transparency.” But the risks are not theoretical. Extensive reporting on transnational repression documents how governments from China and Turkey to Iran and Russia use financial intelligence, leaked data, and existing U.S. financial reporting regimes to intimidate and punish political dissidents at home and abroad.

The idea that authoritarian governments won’t share detailed financial information with their intelligence agencies is, at best, naïve. And once shared, the United States would have no ability to detect or prevent misuse. Global crypto reporting would hand these authoritarians detailed information about their expatriates’ assets and the digital breadcrumbs needed to target their families, monitor their networks, or identify who has the resources to flee.

For more than 50 years, the United States has operated an increasingly unwieldy financial-surveillance regime that is already too fragmented, and, by the government’s own numbers, ineffective. From more than 27 million Bank Secrecy Act reports in 2023, the IRS initiated only 372 investigations. The Crypto-Asset Reporting Framework would connect another firehose of data to a system that is even less accountable than the domestic one.

Crypto markets are already subject to extensive domestic reporting requirements. Every major crypto exchange in the U.S. is treated as a full Bank Secrecy Act financial institution, complying with know-your-customer rules, suspicious activity reports and currency transaction reports. The IRS has also won the legal fight to compel crypto-tax reporting of extensive data from major exchanges. And Congress imposed new Form 1099-DA reporting rules for large crypto brokers, mirroring the reporting regime for securities.

Treasury hasn’t even finished fully implementing these new rules yet and is considering layering on a parallel OECD framework with even weaker privacy safeguards.

The OECD’s crypto framework is not a harmless technical standard for transparency. It exposes the OECD’s decades-long effort to remake its mission from advancing economic development and publishing data to a de facto global tax authority. Its push for a global minimum tax already shows its appetite for overriding national tax sovereignty. The CARF is in the same mold; a new global financial surveillance network, in which unelected bureaucrats, not Congress, determine what data the United States collects, shares and stores.

Financial privacy is a cornerstone of a free society, something the Trump administration’s White Paper on cryptocurrency emphasizes, mentioning privacy more than 30 times. The automatic exchange of Americans’ crypto data would further erode that privacy and threaten vulnerable communities at home and abroad.

The Trump administration should withdraw the plan to adopt the OECD’s automatic information exchange for crypto assets. Congress should be the one to balance the interests of addressing tax fraud and financing of illicit activities against the privacy concerns that are especially acute in financial data.

To do that, it must restore the basic constitutional principles that U.S. tax law is made by Congress, not foreign powers or the executive branch, and the government must have a reason before rifling through someone’s financial life.