The missing bit is that compliance is for governments and business partners, not for any end-users. For the purposes of KYC/AML process, end-users are objects, not subjects.

Your coins frozen with no reason given even internally except for "machine said no" - no one gets any slap on the wrist unless you sue real hard, happen to win, and most likely that'll be just a scratch that won't be noticed enough to change any attitudes.

The Man sees that someone they don't like transferring their coins through the fintech company - that's what those companies are really concerned about, because it would be a punch in the gut the company will feel.

Thus, the incentives. Current social design doesn't punish for false positives (until they hit really high levels), only false negatives.

Coinbase gave my confidential "AML" information to criminal extortionists-- I hadn't even had an account with them for a decade because I realized they were bad eggs long ago.

What licenses of theirs were terminated? Seems to me that the regulatory oversight is a joke.

No I'm not joking. That is the bullshit answer they (note: crypto/fintech space in general, not necessarily Coinbase) give. But when pushed on the occasions I've had my funds frozen they are never able to provide any evidence or what specific reason they have for triggering KYC/AML, just vague bullshit handwaving and AI customer service agents that lie about them "being on it" or some such and then your money gets returned when they're done squeezing it for interest (yes no one cares about your $50 but they do when it's some fractional percent of millions of accounts getting triggered at any particular point in time.) You can check something like the customer support reddits of a variety of crytpo and fintech companies, it is always filled with people have their money frozen for some long period while conveniently no one is looking at it while it is sitting there drawing interest, then maybe after a month someone tells them they need to hop on one leg while reciting Deuteronomy chapter 1 with a passport booklet in their hand and blink their eye 3 times while turning their head and that is all they were waiting for all along (I'm embellishing a bit here but that seems to be what KYC checks are like nowadays when they pop up).

Just a vague nonsense about compliance, that magickly aligns with padding their float. In reality they are using compliance and regulatory language as a shield to prop up their numbers. They are using KYC/AML to hold your funds hostage, as it's the most plausible explanation that also allows them to legally seize it under a legal sounding explanation. The fact that they do have to perform KYC/AML and there are penalties for not doing so just happen to make it a valid enough sounding excuse for when it's used overly aggressively because it lines up with other goals.

If they move the hair trigger to freeze funds 2x as often as they need to against the innocent false-positives to pass compliance checks, due to a hair trigger, then it falls under plausible deniability and even better when the regulator comes they can say some insane bullshit about how good their KYC/AML is. If they freeze it less often but instead just steal some for a little while and then return it, then it's more obvious a crime has been committed. It's obvious what they're up to.

Of course the KYC/AML/ regulatory officers are probably just pawns in this. The executives in the crypto and fintech space tell these people they need to set the sensitivity up to the 9s which does increase KYC/AML 'true positives' but the unspoken part is that money is now locked up into the company's accounts which creates a moral hazard in their fiduciary duty. They know damn well what that actually does is inflate their float, at the cost of a bunch of false positives. In theory that's satisfying AML because a function of doing so is you trigger more true positives, but in reality it's merely stealing money to increase floats not actually optimizing to meet the cutoffs to keep your license. But no one is actually going to come out and say this. It will probably take a class action suite, which I have little doubt will eventually happen when someone comes out and admits one day that these regulatory compliance triggers were intentionally set on the sensitive side for non-regulatory reasons.