The Commissioner has published a gazette notice setting out the record keeping requirements for cryptocurrency owners and traders. The ATO advises that it is undertaking a data matching program for 2014-15 to 2019-20 for such entities.
The ATO states that the ''source entities for this data matching program include cryptocurrency designated service providers through whom individuals and businesses are able to buy, sell or transfer cryptocurrency holdings''. Inclusion in the hit list will be based on the principle that the ''data owner or its subsidiary operates a business in Australia that is governed by Australian law'' and that the data owner provides cryptocurrency designated services for individuals. This does not shine a lot of light on the issue. The ATO documents themselves concede that cryptocurrency exchange platforms are generally not regulated. It seems to the writer that a major issue with internet-based activities is working out who does what, where it is done and at what point it is done, as well as working out under which jurisdiction a particular activity falls but presumably the ATO is well versed in this.
The gazette notice sets out the data that is to be provided cryptocurrency designated service providers (DSPs). There are two broad areas:
- digital currency owner details – involving names, addresses, ABNs, contact numbers and email addresses/social media accounts; and
- account and transaction details – focusing on individual transactions. This involves transaction dates and times, the type of cryptocurrency, amount, type of transfer etc. Other required information includes status of accounts (eg closed, suspended, open etc), total account balances, wallet addresses associated with accounts and unique identifiers.
The data obtained from DSPs is being (and will continue to be) used to identify the buyers and sellers of crypto-assets and quantify the related transactions. Data will be matched against ATO records to identify individuals who may not be meeting their registration, reporting, lodgment and/or payment obligations.
The ATO will be working with other regulators, in particular, the Australian Transaction Reports and Analysis Centre (AUSTRAC) and the Australian Securities and Investments Commission (ASIC) to ensure that tax law requirements align with a whole of system approach.
The ATO has advised that people may be contacted by the ATO and given the opportunity to verify the information collected, before any compliance action is undertaken, with at least 28 days to clarify any information that has been obtained from the data provider. One statistic that jumps out of the page is that the Government estimates that records relating to between 500,000 and 1 million individuals will be obtained ? each financial year. Those numbers appear quite staggering. If the actual matches the estimate, it's possible that a lot of people could be given 28 days to explain themselves.
The ATO is requesting permission (from the Privacy Commissioner) that it be able to keep data for seven years from the receipt of the final instalment of verified data files, rather than the standard period of review (generally four years). Much space is devoted in explaining its reasons for requesting this, in terms of privacy and so on. Clearly, the ATO sees this as an ongoing major project, which presumably will pay dividends in terms of collecting additional tax.
Finally, the dark net. The ATO notes that the "pseudonymous nature of cryptocurrencies may make it attractive to those seeking to avoid their taxation obligations". Hopefully the ATO's program gives rise to the uncovering significant commercial activity that has been designed to operate beyond the reach of the revenue net, rather than snaring a multitude of ignorant and/or forgetful amateur speculators.