The Codex · Financial Security · Protocol FSP-001

Financial Privacy Fundamentals

Financial targeting begins with financial visibility. Before an attacker can defraud you, impersonate you to a lender, or build a credible social engineering profile around your assets, they need to know what you have. This protocol defines the structural measures that limit that visibility — not as an emergency response, but as a permanent baseline.

Protocol FSP-001
Classification Open
Compliance Sentinels and above — required · Knights — strongly advised

Requirements

  1. Financial accounts must be separated by purpose. Personal living expenses, business operations, and investment or savings holdings must be held in separate accounts. Commingling funds in a single account creates a single point of exposure and a single point of failure.
  2. A credit freeze must be placed with all major credit bureaux — in the UK: Experian, Equifax, and TransUnion; in the US add Innovis. This is a permanent structural measure, not a response to a suspected incident. It prevents new credit being opened in your name without your active participation.
  3. Significant asset holdings and property ownership must be structured through appropriate legal entities — limited companies, holding companies, trusts, or their jurisdictional equivalents — wherever this is legally and practically feasible. The goal is to prevent direct association between your personal identity and asset ownership in searchable public records.
  4. Transaction alerts must be enabled on all financial accounts and set to trigger on every transaction, or at the lowest available threshold. Alerts must be delivered to a channel you monitor daily. Unauthorised transactions identified within hours are recoverable. Those identified weeks later rarely are.
  5. Financial account authentication must meet the standards defined in CSP-002: unique passwords stored in a password manager, hardware security keys or TOTP authenticators as the second factor. SMS-based authentication on any financial account is prohibited.
  6. Physical financial documents — bank statements, correspondence containing account details, tax documents — must be shredded before disposal. They are not to be placed in recycling or general waste.

Why Your Financial Position Is More Visible Than You Believe

Most people assume their financial affairs are private by default. They are not. Property ownership registers are publicly searchable in most jurisdictions and return your name, address, and asset values. Company filings list directors and shareholders and are publicly accessible. Divorce and probate proceedings create court records that may include detailed asset schedules. Electoral rolls, in some jurisdictions, list home addresses linked to your name.

For individuals with significant holdings, this information is aggregated by data brokers, due diligence firms, and, eventually, by anyone who decides to look. The result is that a motivated attacker can often establish a credible picture of your net worth, your asset structure, and your financial relationships from open-source research alone — before any technical attack has begun. The structural measures in this protocol make that research harder and less complete.

You cannot hide from public records that already exist. You can ensure that future registrations and filings do not add to your direct exposure, and that what currently exists is not supplemented by what you voluntarily share.

Account Separation

Holding personal and business funds in the same account is a liability. A single fraudulent transaction, a successfully targeted social engineering call, or a compromised online banking session can affect everything simultaneously. Separation limits the blast radius: a compromise of your personal account does not expose business funds, and vice versa.

Separation also provides operational clarity. When accounts are mixed, identifying anomalous transactions requires reviewing everything. When accounts are separated by purpose, any transaction that does not fit the expected pattern for that account is immediately visible.

The Credit Freeze

A credit freeze instructs credit reference agencies to block any new credit application made in your name unless you explicitly lift the freeze. It does not affect your existing credit facilities. It does not affect your credit score. It simply prevents an attacker who holds your personal information from opening new credit accounts under your identity.

The freeze must be placed with all bureaux, not just the most prominent one. Lenders use different agencies, and a freeze at one does not protect you at another. The process takes minutes per bureau and can be lifted temporarily when you legitimately need new credit. There is no reasonable argument against maintaining a permanent freeze.

Legal Structures and Public Records

When an individual purchases property directly, their name appears in the land register. When they incorporate a company directly, their name appears in the company register as director and shareholder. Both are publicly searchable without restriction. For individuals who prefer that their asset holdings not be directly searchable by name, the use of holding companies, nominee arrangements, or trust structures can reduce this exposure.

The appropriate structure depends on jurisdiction, the nature of the assets, and legal and tax considerations that vary by individual circumstance. The principle is consistent: where a legal entity can stand between your personal identity and a public record, that separation is worth considering. Consult qualified legal and tax advisers before establishing any such structure.

A credit freeze is permanent, not precautionary. A financial account structure that separates by purpose is permanent, not provisional. These measures are not responses to incidents. They are the conditions under which an incident is less likely to occur and less damaging when it does.
← Back to The Codex FSP-002: Asset Protection →