Kraken compliance, gross negligence by everyone in handling confidential documents, and general systems collapse

 I'm a full-time compliance officer, proving my own innocence.  At any time there are usually four or so open compliance cases with various firms.  It's the limiting factor in my life.  There is no upper limit on the amount of time, which is to say, life, it can consume.

Today, the new compliance case opened is from Kraken:


Date: Fri, 06 May 2022 09:42:34 +0000
From: "REMOVED (Kraken Support)" <support@kraken.com>
To: Kraken User <REMOVED>
Subject: Kraken Support: Regarding your recent transaction(s)
Reply-To: Kraken Support <support@kraken.com>
 
----------------------------------------------
 
Vincent, May 6, 2022, 2:42 PDT
 
Hello Tom,
 
REMOVED here from the Kraken funding team.
 
As part of the normal compliance routine on transactional activities, our
banking partner is requesting a Proof of Source of Funds of your income.
 
Please provide the following information:
 
1) Your current employment/income situation, if possible please include the name
and website of the (employer) company or business.
 
2) A document that shows your income/how the transacted funds have been
generated; this can be a tax document/statement, bank statement, sales contracts
or invoices, or any other official document that shows your income (e.g. salary,
benefits, inheritance, etc.).
 
If the funds have been generated by **crypto currency holdings** over a longer
period of time, point 2) can be replaced by a signed wallet address(es) and/or
exchange statements proving the early purchases of your coins or tokens, if
available.
 
How to sign a Bitcoin wallet address is explained on this page (note that the
specific instructions may differ based on your wallet software):
https://coinguides.org/sign-verify-bitcoin-address/
 
**The source of funds documentation should (at a minimum) cover the full amount
of your transactions.**
 
If you're planning to send additional higher transfers in the near future, these
amounts should also be  covered by your provided documentation.
 
Please attach your Proof of Source of Funds in a response to this email. Once we
receive this document, we will pass it along to our banking partner for their
review.
 
Thanks for your cooperation.
 
Please let us know if you have any questions, and we look forward to your reply.
 
Regards,
REMOVED

Like most source-of-funds requests, there are assumptions that this has to be recent income.  The idea of someone holding assets over a period of time is so alien to most people, including compliance teams, that their presumed interrogations barely allow for such a possibility.  Employment status, income slips, these things are just not relevant, and often do not exist, for holders of assets.

And like almost every tax advisor, accountant, lawyer, estate agent, and everyone else required to request such documents, they have no clue how to handle them, except grossly negligently.  They request I send the documents by plain-text email.  That leaks them, guaranteed.  Everyone knows that.  If they were previously confidential, they are not confidential after doing that.

Even if the customer arranges a communication channel that's less likely to leak, like post, the firm will just turn around and leak them elsewhere.  They will scan them in and store them on their outsourced cloud document store (this just means: on someone else's computers), they will back everything up to their outsourced / cloud (someone else's computers) backup service, and so on.  They will email them in plain-text to their partners, in this case a banking partner of Kraken's, leaking them some more, and the partner will upload them to some other cloud providers, and probably email them around lackadaisically some more.

Every single participant is determined to systematically leak, and guarantee to leak, every confidential document they are "trusted" with.  There is nothing a customer can do about any of this.  I could work full time giving remedial IT lessons to every entity handling my documents, but they would still turn around and leak them behind my back, immediately.  Gross negligence is the norm, not an exception. 

Say buying a house involves source-of-funds requests from: two exchanges, two banks, the conveyancer, and the estate agent.  The source-of-funds process has to be gone through with six different firms, for one house purchase.  Every single one of those six firms will systematically leak every single document they are "trusted" with, via clouds and emails.  The situation is so far gone, it seems strange to object to the reckless behaviour.  The firms have a pretence that their actions do not systematically leak all documents they're given.  As a simple matter of common sense, storing stuff in the cloud, or emailing it in plain-text, leaks it.  But someone trying to point out this simple fact to a law firm, or an exchange, is made to feel like a lunatic.

None of these firms should have the licenses to do the things they do, because they are all engaged in gross negligence.

This is my initial response to Kraken:

 

Date: Tue, 17 May 2022 09:14:53 +0200
From: Tom Jones <REMOVED>
To: Kraken Support <support@kraken.com>
Subject: Re: Kraken Support: Regarding your recent transaction(s)
 
It is unacceptable to request these confidential documents by
plain-text email.
 
Failing a secure upload facility on your web site, please give
me a postal address, and I will send the documents in the post.
 
The assumptions underlying the "questions" are quite ridiculous,
but I can indeed provide proof of source documents.
 
I am travelling for the next several weeks, and I am not going
to be bullied into dropping everything for this.  So you can
be patient, and I will attend to this administrative imposition
in due course, when I am back at the office.
 
  kind regards, Tom Jones.
 
 
On Fri, May 13, 2022 at 03:24:43AM +0000, Mikara (Kraken Support) wrote:
 [...]

but it's futile.  Ultimately, I have to supply the documents, or my assets will be frozen.  And they will act with gross negligence, systematically leaking all documents they are given, no matter what noises I make at them in the mean-time.

No one, including lawyers, tax advisors, accountants, estate agents, banks, brokers, and exchanges, who is required to handle confidential documents for source-of-funds queries, has the capability, competence or honesty to handle confidential documents at all.  That is the situation now.  It was not the situation 15 years ago.  If anyone thinks the system can work like this, well, that is still to be demonstrated.  Any radical changes introduced in the last 15 years must be presumed to be contributing to the general systems collapse. 

Comments

Post a Comment

Popular posts from this blog

the persistent idiocy of "privileged ports" on Unix

TCP and UDP have ports.  These are 16 bit; there are 65535 or so per IP address. These protocols don't care to differentiate between the ports.  Elsewhere, IANA presumes to operate a process to allocate "well-known" ports in the range 1-1023, "registered ports" in the range 1024-49151, and to reserve the remainder, 49152–65535, for "ephemeral" ports.  The caller end has to have a port, which is how replies get back within the virtual connection, and these are conventionally picked from the ephemeral range by the OS's networking stack. The whole idea of ports is ridiculous, because it allows ISPs to arse around presuming to decide which services they will "not allow".  Anything that allows IPSs to do anything other than shift opaque packets will allow ISPs to meddle and break things, and due to the Law of Meddling, if they can, they will.  I am currently working around an issue with Claro, a pretend ISP, blocking port 5060, allocated to SI
Read more

google is giving more and more 500 errors

Image
Total state capture and moral bankruptcy are not the only problems facing Google.  They are also giving an increasing rate of 500 Internal Server errors.  This is the sort that means they've messed up, but not in a way that they should have messed up.  On the other hand, they have drawn a lovely picture of a robot falling apart. Today's example is from Google Calendar under calendar.google.com.  I was trying to make an appointment, and now I'm doing this. I remember, in 2018, a friend trying to convince me that 500 Internal Server Errors no longer happened, or if they did it was my fault, and that they hadn't seen any for years, and some other things.  They assured me that they would love to see screenshots of such a rare specimen, which I bored them with for a while.  That friend happens to be a Google employee. Well, there are plenty of others posting about Google Calendar on twitter today, including screenshots of 500 Internal Server errors, so I doubt this one is en
Read more

7 minute workout: a straightforward audio recording (and two broken google web sites)

Image
 Last year I had a simple rendition of the 7 minute workout routine recorded by a voice artist . I wanted a simple audio track to help get the timings right.  I used to have a good "app" that did it, but that handset died.  Subsequent "app"s have got rubbisher and rubbisher, by having mega-configurable exercise order and making it complicated, with intrusive advertising, by synthesizing unpleasant robot voices instead of simply recording a human voice, and by making everything sound so pumped. Youtube video mmq5zZfmIws is not bad, but they have not been able to resist having ads, and a quick part of the morning routine can not have ads, it's just too tacky.  But one can watch someone doing each exercise and see how to do it properly.  Incidentally, they are at 30M views, also because daily routine.  The track I got recorded, in m4a format, is: https://drive.google.com/uc?export=download&id=1c91iH6XJrfCiItTJErJAmIbNdGuHN0tr (direct download link) https://dr
Read more