The Global Tightening — Enforcement, Obligation, and the Assets Nobody Is Watching

The New Audit Attachment

The IRS Small Business/Self-Employed Division is now attaching a deeply invasive questionnaire to standard audit notices — stapled to Form 4564, the Information Document Request. It is titled "List of Digital Asset Platforms, Wallets, Services, and Products Used" and it changes the game for anyone who receives it.

"If you forget a platform you used once in 2017 and check 'No,' you have just submitted a sworn, false statement to a federal agent."

— Kugelman Law, March 2026

Why the IRS Built This

The IRS is not asking for information it does not already have. Subject Matter Experts within the IRS use Chainalysis and other blockchain analytics tools to map on-chain activity before the audit notice is even sent. The yes/no checklist is not an information-gathering exercise. It is a trap for inconsistency — designed to create a sworn record that can be compared against blockchain data the IRS already holds.

If a taxpayer's memory-based "no" contradicts the immutable on-chain record the IRS SME has already mapped, the taxpayer's credibility is destroyed and severe penalties follow. If the taxpayer discloses too many platforms out of caution, they hand the auditor a roadmap to expand the audit into additional years.

Form 1099-DA: The Automation Layer

Underneath the audit activity, the automated enforcement mechanism is already running. For 2025 transactions — returns being filed right now — custodial brokers including Coinbase, Kraken, and Gemini issued Form 1099-DA reporting gross proceeds directly to the IRS. Where a taxpayer's Form 8949 does not reconcile with the 1099-DA, an automated CP2000 notice is generated. The mismatch does not require human review to trigger. It is structural and automatic.

The Circular 230 Obligation

For accountants, the framework governing professional conduct — Treasury Circular 230 — has always required reasonable inquiry when client information appears inconsistent with known facts. Wilful blindness is explicitly a violation, not a defence. In December 2024, proposed updates to Circular 230 added a new requirement: practitioners must maintain technological competency as part of their practice before the IRS. Not knowing how digital assets work is no longer a basis for not asking about them.

"This is the year everyone has to get it right. But I still don't know what I'm looking for. I can only rely on what the client tells me. I need something that covers me if they're wrong."

— Forensic accountant (anonymous), Michigan, April 2026

That is not a gap in knowledge. That is a gap in infrastructure. The Form 1040 digital asset question — answered under penalty of perjury, sitting at the top of every US tax return — means every practitioner who signs a return has already implicitly confirmed their client's answer is consistent with the facts they know. In a world where the IRS holds 1099-DA data before the return is filed, that confirmation carries more weight than it has ever carried. The practitioner who relies only on client disclosure is not just taking a professional risk. They are taking a personal one.

Ask yourself: if your client's memory-based answer contradicts what the IRS already holds, whose name is on the return?

What the Law Now Says

Tenancy reform has swept every Australian state and territory. Queensland's Stage 2 reforms commenced May 2025. South Australia introduced mandatory application form regulations from January 2026. NSW is finalising its own standardisation. The direction is consistent across every jurisdiction: property managers can collect information genuinely required for tenancy assessment, but cannot request detailed bank statements showing daily spending patterns or other sensitive financial information without lawful justification.

What Practitioners Are Actually Seeing

The Market Context

The vacancy rate environment makes this more acute, not less. Australia's national residential vacancy rate fell to 1.0% in March 2026 — approaching critically low levels across several capital cities. Properties are renting within days of listing. Tenants are submitting applications within hours of a property going live, and in many areas competing in informal bidding situations.

In that environment, a property manager receiving fifty applications has no standardised way to assess financial reliability. References can be manufactured. Payslips can be altered. Employment letters can be fabricated — and with generative AI now producing synthetic documents that pass visual inspection, the risk of relying on submitted paperwork is higher than it has ever been.

"The manager cannot ask. The tenant can volunteer. That distinction is the entire design space."

The ATO Enforcement Picture

Separately, Australia's crypto tax enforcement posture is hardening quietly. The ATO has been receiving exchange data through data-matching programs since 2019 and participates in CARF from 2026. The Tax Agent Services Act — TASA — now imposes obligations on registered tax agents to report clients making false or misleading statements, changing the practitioner relationship with non-compliant clients fundamentally. ASIC's position on crypto as a financial product continues to evolve, with several enforcement actions in 2025 signalling a more active regulatory stance.

The Australian RWA tokenised property market remains essentially unregulated by comparison. No specific framework governs token-based property ownership. Investor protection that applies to listed REITs does not extend to SPV-backed token structures. And the pricing disconnect — where a token's market price has no mechanism tethering it to the underlying asset's actual value — remains an unaddressed structural problem that this briefing has covered and that no Australian regulator is yet writing about.

The Enforcement Infrastructure

The United Kingdom now operates the most operationalised crypto enforcement posture in the Commonwealth. The 61,000 Bitcoin seizure — worth more than £5 billion — demonstrated that large-scale digital asset recovery is operationally achievable when the forensic and legal infrastructure is in place. Project Winterproof, funded by the UK Home Office, targets overseas scam networks and tracks fund flows through INTERPOL's I-GRIP mechanism. The National Crime Agency's partnership with Chainalysis is not experimental — it is running on live investigations.

For UK practitioners, DAC8 entering operational implementation on 1 January 2026 means HMRC is now a recipient of crypto asset reporting from across EU member states. A UK client who used a European exchange — pre or post-Brexit — may be generating DAC8 reports that flow to HMRC through existing information-sharing arrangements. Capital Gains Tax on crypto disposals has been reportable since 2019. HMRC has been accumulating data-matching capability for seven years. That data is now cross-referenced against DAC8 inflows.

Builder.ai: The Document Fraud Lesson

London-based Builder.ai raised over $500 million from investors including Microsoft and the Qatar Investment Authority. It presented itself as an AI-powered software development platform. It reached unicorn valuation. It collapsed into insolvency in 2025.

This is not an isolated case. It is a pattern. iLearningEngines in the United States fabricated at least 90% of its reported $421 million in 2023 revenue using forged contracts and round-trip fund transfers. It went public via SPAC at a $1.5 billion valuation. The fraud survived due diligence entirely — because the documents looked real.

Generative AI has made this problem structurally worse. Detected AI-generated document fraud increased nearly five times between April and December 2025. Approximately one in sixteen documents processed across major financial institutions in 2025 showed signs of manipulation or fabrication. Synthetic bank statements now pass visual inspection. The data room is no longer a safe starting point.

MiCA: The Compliance Floor

The Markets in Crypto-Assets Regulation entered full force for most asset categories by end-2024. For the first time, crypto asset service providers operating in the EU require authorisation, must meet capital and governance requirements, and are subject to conduct of business obligations equivalent to those applied to traditional financial services firms. Stablecoins — previously operating in a regulatory gap — are now classified and regulated as either e-money tokens or asset-referenced tokens depending on their structure.

The practical implication for practitioners advising EU-based clients: any crypto asset activity that occurred pre-MiCA through unregulated providers — offshore exchanges, DeFi protocols, non-custodial arrangements — now sits in a compliance assessment context that did not exist at the time. The activity was not illegal under the framework that applied then. Whether it generates reporting obligations under the framework that applies now is a question that requires professional assessment.

DAC8: The Reporting Ceiling

DAC8 — the EU's eighth directive on administrative cooperation in the field of taxation — entered operational implementation on 1 January 2026. Crypto asset service providers across EU member states are now required to report customer transaction data to their national tax authority, which then shares it automatically with the tax authorities of other member states and participating partner countries.

The Pre-MiCA Exposure Window

The most significant near-term risk for EU-based clients is not future compliance — it is historical exposure. The years between 2019 and 2024 represent a period of substantial crypto activity conducted through providers that either no longer exist, are not MiCA-authorised, or operated in regulatory grey areas that DAC8 is now illuminating retroactively. Courts across EU member states are converging on a single evidentiary standard: ownership requires proof of control, and control must be demonstrated through verifiable linkage between the individual and the wallet or exchange account.

What the Numbers Show

The FTX bankruptcy estate liquidated its most valuable positions between 2023 and 2024 — selling into markets that, in hindsight, were nowhere near their eventual peaks. The Anthropic stake, acquired for $500 million, was sold in two stages for approximately $1.3 billion to $1.4 billion. At Anthropic's current valuation, that 8% stake would be worth over $82 billion — a 165x return on the original investment. Solana holdings were sold between $20 and $60 per token. SOL trades significantly higher today. A seed-stage position in AI coding tool Cursor — now the parent of Anysphere — was sold for approximately $200,000. Anysphere is now valued at $9 billion.

The Decision the Administrators Actually Faced

In November 2022, FTX collapsed with billions in customer funds missing, a CEO facing criminal charges, and a crypto market in freefall. Bitcoin was trading at approximately $16,000. The new CEO, John Ray III — the restructuring professional brought in to manage the Enron collapse — faced creditors who had lost everything and needed certainty, not speculation.

The administrators sold assets to lock in value for creditors in an environment where those same assets could have continued declining. In the six months following FTX's collapse, the crypto market did not immediately recover — it remained deeply uncertain. The decision to sell was not wrong given what was known at the time. It was the forensically appropriate response to the information available.

What the Argument Actually Reveals

The SBF hindsight argument is not really about the bankruptcy administrators. It is about what forensic intelligence looks like at the point of maximum pressure. The FTX estate was making sell or hold decisions on complex positions — AI equity, locked token tranches, venture bets across multiple sectors — without a structured framework for assessing what each asset was actually worth at that specific moment, what the realistic exit looked like given actual market depth, and what the risk-adjusted case for holding was in a high-uncertainty environment.

Those are not questions that standard bankruptcy asset realisation processes are designed to answer. They are forensic intelligence questions. And they are exactly the questions that arise every time a liquidator, administrator, or trustee finds significant crypto or digital asset positions in an estate.

The Authorisation Gap Nobody Talks About

There is a detail from the FTX collapse that gets less attention than it deserves. John Ray III — the restructuring professional who managed Enron and described FTX as the most complete failure of corporate controls he had ever seen — found that payment authorisations at FTX were conducted via WhatsApp. The emoji was the paperwork. A thumbs-up in a chat was how billions of dollars moved.

The bank statement shows every payment that was made. It cannot show that the only authorisation for that payment was a reaction in a messaging app. That gap — between the transaction that is visible and the authorisation trail that does not exist — is where forensic due diligence lives. And it is exactly the gap that standard M&A processes are not designed to find.

What This Means for Practitioners Today

Crypto and digital asset positions are appearing in estates, litigation matters, and family law proceedings with increasing frequency. The standard approaches to asset realisation were built for traditional asset classes. They were not designed to read token unlock schedules, assess on-chain versus reported treasury positions, evaluate exit liquidity at realistic market depth, or document the hold/sell decision in a way that is defensible under subsequent legal scrutiny.

The SBF social media post went viral this week. Within twelve months, it will be cited in creditor disputes, administration challenges, and professional liability claims. The question "why did you sell when you could have held?" is coming for administrators who made decisions in 2024 and 2025 without a forensic framework underneath those decisions.