The Canada Revenue Agency recently won its first cryptocurrency-related customer data request — a request involving Coinsquare, the country’s largest cryptocurrency exchange.
Under the order, Coinsquare must turn over personal and transactional information about its largest users, which captures about 5 to 10% of its customer base. In many ways, the CRA is following in the footsteps of the IRS, which in 2016 was the first taxing authority to file a cryptocurrency-related customer data request when it sought a John Doe summons against the U.S.-based exchange Coinbase.
But there are differences in the legal standards supporting the CRA requests and IRS John Doe summonses. The CRA filed its third-party request to get information about whether Coinsquare users are complying with their income tax and excise tax obligations.
This is a more relaxed standard than that of the IRS, which may only seek a summons on a reasonable belief that taxpayers have failed or may have failed to comply with their tax obligations.
In the years since the Coinbase summons, U.S. federal district courts and Congress have made it clear that the rapidly evolving and often opaque nature of cryptocurrency doesn’t give the IRS carte blanche to obtain taxpayer information without some suspicion of tax violations. Although the CRA is just getting started in the cryptocurrency space, the standard, based on court cases in Canada, is not as clear.
Canada v. Coinsquare
The CRA is several years into a crackdown on the underground economy and has focused much of its attention on tax evasion within the residential construction, retail trade, and accommodation and food industries.
But in 2017-2018, the CRA added cryptocurrencies to the list and joined the Joint Chiefs of Global Tax Enforcement (J5), a group tackling cybercrime via international collaboration.
Since then, the CRA has been quietly auditing and sending questionnaires to cryptocurrency investors.
In September 2020 it raised the stakes when it filed an information and document request in Canada’s Federal Court ordering Coinsquare to turn over a massive trove of customer information dating to January 1, 2013. The CRA requested:
- a list of all active and inactive customer accounts;
- a list of all cryptocurrency and fiat currency transfers and detailed supporting information, including the source and destination of those deposits and withdrawals, date and time of the transactions, cryptocurrency address and bank accounts, and transaction ID; and
- a list of all customer trading activity, including over-the-counter and off-exchange trades, and detailed supporting information including the date, time, amount, and transaction identifier of those trades.
Those requests were filed under section 289 of the Excise Tax Act and section 231 of the Income Tax Act, each of which gives broad information-seeking power to the Minister of National Revenue.
Both authorize the minister to serve information and document notices and allows the minister, or any authorized person, to request taxpayer documents and records from third parties.
Both of these provisions contain a so-called unnamed persons requirement, which allows the Minister of National Revenue to collect information, subject to court approval, from third parties on unnamed persons, provided two conditions are met.
First, the taxpayer or group of taxpayers must be ascertainable. Second, the CRA can request the information to verify whether the taxpayers in question are complying with their tax obligations.
Both sides negotiated the scope of the request, and in a March 19 order, the Federal Court determined that the CRA’s request was legitimate and ordered Coinsquare to hand over a truncated list of information, including information for its most active customers and those with large account balances under three categories:
- customers between 2014 and 2020 with account values of C $20,000 or more;
- customers whose cumulative deposits are C $20,000 or more; and
- the 16,500 largest customer accounts by trading volume between 2014 and 2020, and the 16,500 largest customer accounts by number of trades between 2014 and 2020, if those accounts are not already included in the trading volume group.
According to Coinsquare, the slimmed-down order will only affect 5 to 10 percent of its customers. In that light, it called the resolution a “partial but significant” victory for the company and Canada’s digital asset industry. In a statement, Coinsquare said it hoped its outcome would set a precedent for other cryptocurrency companies to limit client disclosures to only what is “absolutely required” under law.
If that statement sounds familiar, it’s because Coinbase spoke similarly after it managed to pare down the IRS John Doe summons, which initially sought information such as transaction records, user profiles, and statements on all U.S. customers who had used Coinbase between 2013 and 2015.
The request for all users was excessive, but the IRS maintains strong summons power under IRC section 7609(f), which requires a three-part test showing:
- the summons relates to the investigation of a particular person or ascertainable group of persons;
- there is a reasonable basis for believing that the person or group of persons may fail or may have failed to comply with any provision of any internal revenue law; and
- the information sought and the identity of the person or persons regarding whose liability the summons is issued isn’t readily available from other sources.
At the time, the IRS argued that Coinbase was serving millions of customers and had exchanged $6 billion in virtual currency, yet it lacked information about many of those customers. Nevertheless, the agency’s initial request for all customer information undermined the reasonable basis prong of the three-part test.
After some back and forth, the IRS filed a narrower summons request covering Coinbase customers who had generated at least $20,000 worth of transactions during any one year between 2013 and 2015.
The U.S. District Court for the Northern District of California ultimately approved that summons request but narrowed the scope of information to be collected.
In the years since Coinbase, Congress has tightened the section 7609(f) standard via the 2019 Taxpayer First Act, which added new flush language to 7609(f) requiring that summonses be “narrowly tailored to information that pertains to the failure (or potential failure)” to comply with one or more “identified” provisions of the internal revenue law.
Essentially, Congress wanted to ensure that summonses wouldn’t be used for fishing expeditions.
The impact of that legislation has played out in subsequent John Doe summonses, including one pending before the Northern District of California on crypto exchange Kraken. The summons follows the post-Coinbase playbook — it seeks information on U.S. customers whose transactions added up to at least $20,000 in any year between 2016 and 2020.
The government wants the information because Kraken allegedly lacks third-party reporting to the IRS. It anticipates that the information could provide useful leads, citing the success of audits and amended returns from the Coinbase summons.
But that failed to move U.S. Chief Magistrate Judge Joseph C. Spero, who has since ordered the IRS to specifically address why the information it is requesting is narrowly tailored to IRS needs and whether some of its more invasive requests can be delayed until the Service has reviewed basic user information and transaction histories and has a better idea of what it needs, according to a court order.
Contrast that with a third, successful John Doe summons for Boston-based Circle Internet Financial Inc. and Poloniex LLC. This summons seeks information about Circle users, applying the same $20,000 threshold and 2016 through 2020 period.
The U.S. Federal District Court for the District of Massachusetts approved the request on April 2 after finding the request was narrowly tailored because there was a reasonable basis to suspect some users weren’t complying with their tax obligations.
Further, the government’s document requests directly related to identifying members of the John Doe class and obtaining transactional information to determine whether there was tax compliance.
These cases strike at the heart of taxpayer rights and privacy concerns, which are still evolving in the cryptocurrency context.
IRS guidance states that the Service should be beyond the information-gathering or research stage when it decides to seek a John Doe summons, because it should be able to identify a specific compliance problem and be prepared to investigate specific taxpayers based on the information it receives.
“A John Doe summons cannot be used to conduct a ‘fishing expedition,’” according to guidance (IRM 188.8.131.52, “Statutory Requirements for a Valid John Doe Summons”).
In Canada, the presumption of privacy is seemingly not as strong, considering that there’s no statutory “reasonable basis” requirement or equivalent. Given that the CRA has the power to seek information just to verify compliance, cryptocurrency users should expect that their data could wind up in the hands of tax authorities without a suspicion of wrongdoing. The Coinsquare outcome reinforces this.
Unnamed persons requests weren’t always this vague. An earlier version of section 231.2 included two other subsections:
- c) it is reasonable to expect that the ascertainable persons or group may have failed (or may be likely to fail) to provide the information that is sought or to comply with the ITA; and
- d) the information or documents is not otherwise more readily available.
Those provisions were repealed in 1996, and Canada’s Court of Appeal, which has weighed in on unnamed persons requests, believes Parliament meant to allow some forms of fishing expedition when it repealed those two requirements (Canada (National Revenue) v. The Greater Montréal Real Estate Board, 2007 FCA 346).
While the Federal Court generally sides with the CRA on unnamed persons requests, that is not always the case.
In 2018 the Federal Court notably rejected a CRA request targeting public utility Hydro-Québec (Canada (National Revenue) v. Hydro-Québec (2018 FC 62)).
The CRA had sought customer information about a large but unspecified number of Hydro-Québec business customers to determine if they were following their return-filing obligations.
The Federal Court found that the request failed both prongs of the unnamed persons requirement test because the group of customers the CRA targeted was not ascertainable, and there was no tax audit in question.
On the first prong, the court noted that the CRA failed to specifically identify business customers and said the lack of specificity could envelop a high number of customers who may not be business customers in the traditional sense (for example, they may be individuals running a business from their home).
On the second prong, the court highlighted the fact that there was no audit happening at the time.
The Federal Court wrote that the CRA essentially wanted to make a correlation between its database and that of Hydro-Québec, and was stretching the language of section 231, which the court admitted is vague.
“The applicant is claiming that for essentially an entire group that it labels in one manner or another, with no limit as to its size, composition or characteristics, it can request information from a third party only insofar as it decides to potentially begin an unspecified tax audit,” the court said. “It will then be able to use the information requested as it sees fit, passing it along to various sections of the CRA. The applicant can therefore obtain judicial authorization on the sole basis that it may request information, of any kind as it were, whenever it might decide to conduct a large-scale tax audit. This . . . seems to be the very definition of a fishing expedition.”
That’s a very different outcome from a previous Federal Court ruling in Canada v. PayPal Canada Co. ( GSTC 93 (FC)), in which the CRA requested information for all of PayPal Canada’s business customers to verify whether they were following their tax obligations under the ITA and the Excise Tax Act, just like it had for Hydro-Québec.
Like Hydro-Québec, there was no transaction threshold. Here, too, the potential group was large and there was no indication of wrongdoing, but the Federal Court came to a different conclusion: It found that the group was still ascertainable.
It was also persuaded by the CRA’s argument that it needed the information to combat the underground economy.
What does this tell us? In Canada’s case, CRA access to taxpayer data may be more dependent on the sectors involved. While the CRA’s investigations into the underground economy are universal, some areas carry more weight than others.
This matters for Canadian cryptocurrency users and for international cryptocurrency standards. Examples set by the IRS or CRA are important in two different ways:
- taxing authorities are still cutting their teeth on cryptocurrency compliance, and they are studying how other countries respond; and
- the IRS and CRA are leaders in this area via the J5.
But just because fishing expeditions are allowed doesn’t necessarily mean they’re ideal, and it’s possible they could lead to taxpayer challenges.
But for now, the decision — and Canada’s approach to third-party requests — adds to the complex and sometimes contradictory patchwork of global cryptocurrency standards that cryptocurrency exchanges are navigating.