Structure

The Privacy Edge, Part 3: Structuring for Privacy — Trusts, Foundations, and Entity Layers

1 August 2025 Steffen Feike

CARF and the Travel Rule define what gets reported. Legal structuring determines who is visible when it is. This is the practical conclusion the Privacy Edge series has been building toward.

The Privacy Edge, Part 3: Structuring for Privacy — Trusts, Foundations, and Entity Layers

Parts 1 and 2 of this series established the architecture of the problem. CARF extends the automatic information exchange regime to crypto-assets, requiring service providers to report transaction data to tax authorities across participating jurisdictions. The FATF Travel Rule requires virtual asset service providers to collect and transmit identifying information on both parties to any transaction above the threshold. The UAE has implemented both, with an eight-year data retention period that exceeds the international baseline.

The regulatory direction is clear and consistent: the information asymmetry that existed when value could move through blockchain networks without identifying data is being systematically closed.

What neither part addressed in full is what individuals with significant digital asset holdings can actually do about it — not to avoid legitimate reporting obligations, but to control who is visible in reported data, reduce exposure to the risks that reporting creates, and build structures that are both legally compliant and appropriately private. That is what this part addresses.

The Distinction That Matters

Before examining the tools, the distinction that underlies the entire analysis needs to be stated precisely.

Reporting frameworks report on transactions conducted by identified individuals through regulated intermediaries. They do not report on legal entities in the same way, in the same jurisdictions, or with the same consequences for the underlying beneficial owner — provided the entity structure is genuine, properly documented, and compliant with the beneficial ownership disclosure rules that apply to it.

The goal of privacy-oriented structuring is not to disappear from the reporting architecture. It is to ensure that what is reported is accurate, legally structured, and does not create the secondary exposures — data breach risk, physical security risk, opportunistic litigation — that unstructured individual visibility creates.

These objectives are compatible with full legal compliance. The failure mode is attempting to achieve privacy through concealment rather than through structure, which produces arrangements that collapse under scrutiny and create the legal exposure they were meant to avoid.

The Entity Layer: What It Does

When a legal entity — a trust, a foundation, or a company — holds digital assets rather than an individual holding them directly, the reporting picture changes in several significant ways.

The entity is the account holder for CARF purposes, not the individual. Transaction data reported by a CASP identifies the entity as the transacting party. The beneficial owner behind the entity is a separate question, governed by beneficial ownership registers, CRS entity reporting rules, and the domestic law of the jurisdiction in which the entity is constituted. These are not secret — beneficial ownership disclosure is a compliance requirement in most serious jurisdictions — but they operate differently from direct individual reporting, with different audiences, different triggers, and different data retention rules.

The entity is also the legal owner of the assets for purposes of creditor claims, inheritance disputes, and enforcement actions. A court order directed at an individual cannot directly reach assets held by a separate legal entity in a different jurisdiction. This is the same property that makes entity structuring useful for asset protection, applied to the privacy dimension.

The practical effect is a layer of legal distance between the individual and the transaction record — not invisibility, but a structured separation that is legally sound and operationally meaningful.

Trusts

An offshore trust is the most widely used vehicle for combining asset protection with privacy in the context of digital asset holdings. When properly constituted, the trust is the legal owner of the assets. The settlor has transferred ownership to the trustee, to be held for the benefit of named or described beneficiaries according to the trust instrument.

For CARF and Travel Rule purposes, the trust — acting through its trustee — is the transacting entity. The trustee’s identity and the trust’s registration details may be reportable depending on jurisdiction and structure, but the beneficiaries are not necessarily visible in transaction data at the CASP level.

The jurisdictions that provide the strongest privacy properties for trust structures are those that combine creditor-resistant trust law, limited public disclosure requirements for trust instruments and beneficiaries, and a track record of resisting foreign court orders that would require disclosure of trust details. The Cook Islands, Cayman Islands, and Nevis are established examples. Each has been tested in adversarial litigation and has demonstrated that properly constituted trusts in those jurisdictions provide genuine legal protection rather than nominal protection that dissolves under pressure.

For Bitcoin specifically, the trust instrument should address the custody model directly — specifying the multisig architecture, the keyholder roles, and the conditions under which transactions are authorised. A trust that holds Bitcoin without specifying how the Bitcoin is to be controlled operationally is legally constituted but operationally incomplete.

Foundations

Foundations serve a similar function in civil law jurisdictions. Unlike trusts, which are relationships between persons rather than legal entities, foundations have legal personality — they exist as entities in their own right, capable of holding assets, entering contracts, and being sued.

This distinction matters for several reasons. A foundation’s asset ownership is cleaner in civil law jurisdictions that do not recognise the trust concept. A foundation can hold a broader range of assets — corporate shares, real estate, operating business interests, and digital assets — within a single legal entity with a defined governance structure. And foundations are more familiar instruments in jurisdictions whose legal systems derive from Roman law, which includes most of continental Europe, Latin America, and parts of the Middle East.

For digital asset holders with connections to civil law jurisdictions — through residence, business operations, family, or existing asset portfolios — a foundation may be the more natural primary vehicle than a trust, or the two may be combined: a trust holding the shares of a foundation, or a foundation holding the shares of a company that in turn holds the digital assets.

The LLC and Holding Company Layer

Between the trust or foundation and the actual digital asset custody, an intermediate entity — typically a limited liability company — often provides an additional layer of legal separation and operational flexibility.

The LLC holds the digital assets directly and conducts the transactions that attract CARF and Travel Rule reporting. The trust or foundation holds the LLC’s shares. This structure means that reported transaction data identifies the LLC, not the trust, and certainly not the individual. Beneficial ownership disclosure requirements will trace back through the chain, but through a structured and documented process rather than through direct individual visibility in transaction records.

The LLC jurisdiction should be selected for its statutory asset protection provisions, its confidentiality protections for ownership information, and its compatibility with the trust or foundation jurisdiction above it in the structure. Wyoming, the Cayman Islands, and certain other jurisdictions have developed LLC statutes that combine these properties effectively.

What the Structure Does Not Do

Three things this structure does not provide, and should not be expected to:

It does not eliminate beneficial ownership disclosure. Serious jurisdictions require it, and structures built around concealing beneficial ownership rather than managing its disclosure are legally fragile and increasingly targeted by enforcement. The goal is structured, compliant disclosure — not concealment.

It does not protect against on-chain analytics. Blockchain transactions are permanently public. The entity layer manages who is visible in custodial reporting; it does not affect the on-chain record. For holdings where on-chain privacy is a concern, that is a separate technical question addressed by custody architecture, not entity structure.

It does not protect assets transferred into the structure after a claim has arisen. Fraudulent conveyance law in most jurisdictions allows courts to unwind transfers made with intent to defeat creditors. The protection that offshore structures provide is strongest when established well before any adverse event — and weakest, or absent entirely, when established in response to one.

The Synthesis

The three parts of this series describe the same problem from different angles. CARF and the Travel Rule define the reporting architecture and its reach. Self-custody reduces but does not eliminate exposure at the points where on-chain and custodial systems intersect. Legal structuring — trusts, foundations, entity layers — addresses the dimension that neither technical custody nor regulatory knowledge alone can resolve: who is legally visible, in what data, to whom, and under what circumstances.

None of these tools is a substitute for the others. The holder who has built a sophisticated multisig custody arrangement but holds assets in their own name remains exposed to the legal and reporting risks that entity structuring addresses. The holder who has constituted an offshore trust but kept assets on a centralised exchange has legal structure without operational privacy. The holder who relies on privacy-enhancing transaction tools without legal documentation has technical measures without legal defensibility.

The combination — legal structure, custody architecture, and informed engagement with the reporting environment — is what produces a position that is resilient across the full range of threats. Designing that combination requires treating privacy not as an afterthought but as a design objective, addressed from the beginning alongside compliance, succession, and asset protection.


This article is for informational purposes only and does not constitute legal advice. The legal treatment of offshore structures, beneficial ownership disclosure, and digital asset reporting varies significantly by jurisdiction. Consult a qualified legal professional before making decisions about structuring digital asset holdings.