Kodex

FATF's asset recovery guidance highlights something many people overlook: seizing crypto from an exchange is more complex than it appears. But when the seizure infrastructure runs on email, recovery suffers. As 🔌Stephen Sargeant points out, this can lead to cumbersome processes that are anything but easy. The bottleneck sits in the underlying infrastructure. Email wasn't designed to handle seizure requests that require audit trails, chain-of-custody tracking, and coordination across multiple jurisdictions. What’s missing is speed and standardization. https://bit.ly/4rpDvEX

A siloed fraud defense allows attackers to operate at the ecosystem level. Even large companies that may have an in-house verification solution are still operating in a dark silo, with limited contextual information about the investigator, the agency, and the legal justification for the request. This information vacuum is fertile ground for social engineering attacks, including AI-generated fraudulent warrants and identities. When a company flags a compromised law-enforcement email, that credential may already have compromised a dozen other platforms. Shared visibility at an infrastructure level flips this by providing herd immunity. When one organization identifies a compromised credential, all organizations in the network are protected immediately. However, this only works at scale. You need global coverage across thousands of law enforcement agencies and tens of thousands of investigators. You need continuous monitoring because a verified email today can become a compromised credential tomorrow through phishing, credential stuffing, or insider access. Since the attackers have already mastered ecosystem-level operations, defense tactics must keep pace.

We're a proud sponsor of the Digital Investigation Conference Brazil, taking place at the Instituto Caldeira from February 26 - 27. 🇧🇷 We'll be on-site to discuss why data request response is one of the most undervalued problems in digital investigation. When law enforcement needs data to locate a missing person, investigate fraud, or stop an active threat, the speed and accuracy of that exchange can mean the difference between catching a criminal and losing the trail. The infrastructure that facilitates exchanges among companies, law enforcement, and across jurisdictions is critical to preventing real-world harm. https://bit.ly/3NKIFg8

💡 Great insights into which trends will likely matter most in the crypto compliance industry during 2026 from 🔌Stephen Sargeant. A common issue happening in the industry right now: When law enforcement needs data from multiple companies, each request goes through separate manual processes. Days turn into weeks. Trails go cold. Assets move. As our own AJ Iafrate breaks down companies that streamline this process; everyone, from compliance teams to law enforcement to victims, comes out ahead. https://bit.ly/3Z9JUbb

Recent EU e-evidence laws have just compressed response timelines for emergency requests from weeks to 8 hours. ⏱️ This legislation improves agencies' access to electronic evidence via legal process and is an important step forward for public safety in the EU. Previously, cross-border law enforcement requests moved through diplomatic channels between member states. Multi-week timelines gave companies room to coordinate internally, verify through known government contacts, and tailor responses by jurisdiction. Now agencies can send direct requests across all EU member states. More than 50% of EU criminal investigations involve cross-border elements. Meaning companies can face hundreds of potential requesting jurisdictions with 8-hour emergency deadlines and 10-day non-emergency timelines. Manual verification doesn't compress that far. Routing across teams, verifying legitimacy, and coordinating responses takes structured systems, not just faster effort. Speed requires different infrastructure. The regulation created the requirement. Now, companies need to build the capability.

Chief Privacy Officers face an impossible choice: protect user privacy or enable law enforcement investigations. 🔥 Hot take: this framing is broken. The real issue isn't privacy vs. public safety. It's that most companies can't reliably verify legitimate law enforcement requests from fraudulent ones. When the only verification check is whether it's from a .gov email address, you're gambling. So CPOs get stuck: either delay a legitimate investigation that could save lives or hand over data to an impersonator and face millions in fines. The issue happens because email data requests force an artificial trade-off between speed and verification.

Legal teams process countless data requests every year through email and spreadsheets. Most assume they're legitimate. But the reality is that thousands of law enforcement impersonators have been identified attempting to steal user data. This reality goes beyond email spoofing. Bad actors are registering domains that look legitimate and building complete personas to request sensitive data at scale. It works because the standard of care hasn't evolved in response to the threat. Most companies still rely on manual verification processes. Meaning there's no systematic way to catch patterns or share visibility across platforms. So when the same attacker targets multiple companies, each platform sees only its own request in isolation. It's about ensuring legitimate investigations can proceed while blocking the fraudulent ones. Fraud operates at the ecosystem level; meanwhile, companies defend at the platform level. Until that changes, the advantage stays with the attackers.

Great to see our own AJ Iafrate and Tyler Steele representing Kodex at the Operation Shamrock / Crypto Coalition conference! We love the momentum behind cross-sector collaboration to disrupt scam networks and protect vulnerable communities. Events like this show what’s possible when intelligence, infrastructure, and cooperation come together around a shared goal: making it harder for scam networks to operate and easier for victims to get help. Kudos to the organizers and partners driving this critical work forward. The impact is real and growing. BIG thank you to Erin West for inviting the Kodex team! https://bit.ly/4aooWLS

Email is the least secure way for companies to receive law enforcement requests. Yet 80% of companies still rely on it. The critical issue: email can't verify who's actually sending a request. Stolen credentials allow attackers to bypass protections, exploit trust signals, and appear authentic. Even worse, once you send data via email, you lose all control over it. You can't revoke it, track it, or limit who sees it downstream. Bad actors know this. They've systematically learned to exploit every gap in email-based verification. Kodex Head of Government Relations, AJ Iafrate, discusses why email workflows can't protect against modern threats and what organizations need instead. ▶️

Unfortunately for FinTech companies, data request processes often create the security risks they're meant to prevent. You might say, "How does this happen?!" It's pretty simple: Most companies still handle law enforcement requests through email and manual checks. This leaves gaps that impersonators exploit, stalls multi-agency investigations, and makes regulatory compliance harder to demonstrate. Learn how leading companies like Stripe, Fidelity Investments, and OnePay are protecting their platforms: https://bit.ly/49e3yHC