<?xml version="1.0" encoding="UTF-8"?>
<rss version="2.0" xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:atom="http://www.w3.org/2005/Atom">
  <channel>
    <title>Kerem Albayrak</title>
    <link>https://keremalbayrak.com/</link>
    <atom:link href="https://keremalbayrak.com/feed.xml" rel="self" type="application/rss+xml"/>
    <description>Short notes on private-client research and counterparty work, written alongside a small group at Anieres.</description>
    <language>en</language>
    <lastBuildDate>Sun, 05 Jul 2026 00:13:53 GMT</lastBuildDate>
    <item>
      <title>Exposure as a network property, not a per-subject fact</title>
      <link>https://keremalbayrak.com/writing/network-effects-in-exposure</link>
      <guid isPermaLink="true">https://keremalbayrak.com/writing/network-effects-in-exposure</guid>
      <pubDate>Sat, 30 May 2026 12:49:25 GMT</pubDate>
      <dc:creator>Kerem Albayrak</dc:creator>
      <dc:date>2026-05-30T12:49:25.000Z</dc:date>
      <category>Exposure</category>
      <category>Kerem Albayrak</category>
      <category>Anieres</category>
      <description>A person&apos;s exposure is largely a function of who else&apos;s exposure they sit next to. The single-subject report was always a convenient fiction.</description>
      <content:encoded><![CDATA[<p>Exposure is a network property before it is a per-subject fact. A single-subject file is a view on that network, not an object of its own, and it reads honestly only when the subject and the neighbours sit on the same graph. Firms that build one report at a time end up recomputing the graph from scratch every time they open a file. That is expensive, and the expense hides the wrong-shaped answers it also produces.</p><p>Once exposure is read as a network property, the shape of the work changes. We stop building one report at a time and start maintaining a small graph that the reports are views on. Adding a subject is cheaper if the graph already contains their neighbours. Answering a question about one subject often requires only a new query against a graph we have already built.</p><p>The cost is discipline. A graph that grows without pruning becomes a graph of everything, which is a graph of nothing. Every node has to be there for a reason a client would recognise. Every edge has to be dated. Every merge has to be reversible. When the discipline slips, the graph starts inventing connections, and an invented connection is worse than a missing one.</p><p>The upside, when it holds, is that a signal on any node moves confidence on every node connected to it. A debanking on one shared service provider moves the risk read on every subject who used them, in proportion to how much of their footprint sat there. That kind of update is invisible to a per-subject workflow.</p><p>The useful output now is a view on the graph rather than a standalone document. A reader who wants a single file still gets one. What sits behind that file is the graph, and the graph is what keeps the file useful the week after it is delivered.</p>]]></content:encoded>
      <source url="https://keremalbayrak.com/feed.xml">Kerem Albayrak</source>
    </item>
    <item>
      <title>Wholesale rails and retail rails carry different signals</title>
      <link>https://keremalbayrak.com/writing/wholesale-vs-retail-cbdc-signals</link>
      <guid isPermaLink="true">https://keremalbayrak.com/writing/wholesale-vs-retail-cbdc-signals</guid>
      <pubDate>Sat, 18 Apr 2026 14:00:04 GMT</pubDate>
      <dc:creator>Kerem Albayrak</dc:creator>
      <dc:date>2026-04-18T14:00:04.000Z</dc:date>
      <category>Digital currency</category>
      <category>Kerem Albayrak</category>
      <category>Anieres</category>
      <description>The interbank pilot and the consumer wallet are two different data sources. Reading them as one flattens the useful distinctions.</description>
      <content:encoded><![CDATA[<p>A monitoring queue configuration we finalised last week separates wholesale-rail signals from retail-rail signals for the same jurisdiction; conflating them had been quietly poisoning a standing report for a client with exposure to both. The interbank pilot and the consumer wallet are two data sources, and reading them as one flattens exactly the distinctions the reader is paying for.</p><p>Wholesale changes what banks reveal to one another, and by extension what shows up in supervisory disclosures and participation lists. We rarely read the settlements themselves; we read the perimeter, which counterparties joined, which corridors went live, which correspondents quietly stepped back. For a private client the signal is usually second order. A bank's decision to participate or abstain says something about its posture, and posture is what monitoring is built to notice.</p><p>Retail changes what a household leaves behind. Wallet identifiers, device attestations, merchant acceptance records. For a person inside a country with a live retail rail, the payment footprint thickens in ways the ordinary card network never produced. For a person outside it who transacts inside occasionally, the footprint is small but distinctive, which is often more useful.</p><p>The two workstreams belong separate because a change in a wholesale corridor and a change in retail adoption do not combine cleanly. Analysts who try to combine them tend to overweight whichever they saw first. The practical output is two watch lists that live next to each other, not on top of each other.</p>]]></content:encoded>
      <source url="https://keremalbayrak.com/feed.xml">Kerem Albayrak</source>
    </item>
    <item>
      <title>Reading central-bank digital rails as a public dataset</title>
      <link>https://keremalbayrak.com/writing/cbdc-as-a-data-source</link>
      <guid isPermaLink="true">https://keremalbayrak.com/writing/cbdc-as-a-data-source</guid>
      <pubDate>Wed, 04 Mar 2026 17:29:16 GMT</pubDate>
      <dc:creator>Kerem Albayrak</dc:creator>
      <dc:date>2026-03-04T17:29:16.000Z</dc:date>
      <category>Digital currency</category>
      <category>Kerem Albayrak</category>
      <category>Anieres</category>
      <description>Whatever the political argument, the pilots are producing structured records. Reading the records is a different exercise from having an opinion on them.</description>
      <content:encoded><![CDATA[<p>The politics of central bank digital currency is one conversation. The structured records the pilots are producing quietly, on the way to that conversation, are a completely different one. A private-client file does not need an opinion on the first to make use of the second, and the two are worth keeping in separate rooms until the reader has decided which one they came for.</p><p>A retail design and a wholesale design are not the same instrument for a monitoring desk. Retail leaves marks at the wallet and merchant layer. Wholesale leaves marks in the plumbing between institutions. The two produce different footprints and answer different questions, and treating them as one topic is the first mistake we watched other people make.</p><p>The pattern we watch for first is not the transaction. It is enrolment; who signs up for the pilot. Which merchants accept it; which corporate treasuries put their name on a proof of concept. Enrolment is public far more often than settlement, and enrolment quietly tells you who is already thinking in this shape.</p><p>The working assumption for most of the subjects a desk of this shape covers is simple. Within a few years, at least one currency they touch will run on a rail a standing report has to read. The desks getting ready for that now are not doing policy work. They are getting the connectors ready, one country at a time.</p>]]></content:encoded>
      <source url="https://keremalbayrak.com/feed.xml">Kerem Albayrak</source>
    </item>
    <item>
      <title>Programmable payments change what a monitor is watching for</title>
      <link>https://keremalbayrak.com/writing/programmable-money-and-standing-reports</link>
      <guid isPermaLink="true">https://keremalbayrak.com/writing/programmable-money-and-standing-reports</guid>
      <pubDate>Thu, 15 Jan 2026 08:52:55 GMT</pubDate>
      <dc:creator>Kerem Albayrak</dc:creator>
      <dc:date>2026-01-15T08:52:55.000Z</dc:date>
      <category>Digital currency</category>
      <category>Kerem Albayrak</category>
      <category>Anieres</category>
      <description>Conditions attached at the settlement layer are metadata. Denser metadata makes standing reports easier to write and harder to bluff.</description>
      <content:encoded><![CDATA[<p>A conditional settlement inside a counterparty file this month carried the condition itself as readable metadata; the monitor could log the rule the payment obeyed, not just the payment. Programmable money makes the standing report harder to bluff and easier to write, and the reason is not the money moving, it is the rule alongside it that the reader can now see.</p><p>The obvious concern is privacy, and it is a real concern for the policy conversation. Our concern is different; we do not read raw payment traffic. We read what surfaces through the ordinary disclosure surface, participation lists, aggregate statistics, filings, counterparty statements. Programmable payments make more of that surface exist, because institutions that touch the rail have more to disclose about how they use it.</p><p>For a person likely to transact on a programmable rail, the report widens. A field for the rails in use. A field for the programmatic conditions the person accepts or imposes. A field for the countries that appear in those conditions. None of this exists on most templates today, and for most people it never will. For the small share who touch these rails first, we want the template ready.</p><p>The pace changes before the product does. More small events per month means the weekly review has more to sort, which means the calibration work has to be sharper. That discipline is not new; programmable rails just move it to the front of the queue.</p><p>Those fields belong on the template now. Most sit empty on most reports and will keep sitting empty for a while. The ones that fill in first are usually corporate. Households come later; the order is worth planning for.</p>]]></content:encoded>
      <source url="https://keremalbayrak.com/feed.xml">Kerem Albayrak</source>
    </item>
    <item>
      <title>The upgrade nobody noticed that changed what a payment carries</title>
      <link>https://keremalbayrak.com/writing/iso-20022-as-metadata</link>
      <guid isPermaLink="true">https://keremalbayrak.com/writing/iso-20022-as-metadata</guid>
      <pubDate>Thu, 27 Nov 2025 16:39:57 GMT</pubDate>
      <dc:creator>Kerem Albayrak</dc:creator>
      <dc:date>2025-11-27T16:39:57.000Z</dc:date>
      <category>Digital currency</category>
      <category>Kerem Albayrak</category>
      <category>Anieres</category>
      <description>A payment used to be an amount and two account numbers. Now it is a small structured object. Structured objects are exactly what our work reads.</description>
      <content:encoded><![CDATA[<p>A rails read on a routine payment last week returned a structured object where, two years ago, we would have seen an amount and two account numbers; the ownership graph updated accordingly. Denser payment metadata is the quietest useful shift of the last five years for this work, and the standing report is one of the tools most obviously reshaped by it.</p><p>We do not read raw payment traffic. What reaches us is the second-order effect. Institutions that touch the new format have to describe how they use it. Supervisors publish how they read it. Vendors publish integration notes that describe which fields survive which hop. Aggregated, that public surface tells us a lot about how a payment is annotated by the time it settles.</p><p>The practical consequence is that the templates for counterparty reads get more slots. Purpose codes cluster. Chain participants become fields. Corridors that used to look like a single flow resolve into two or three, each with its own annotation profile. None of this changes what we can pull. It changes what we can compare, and comparison is where cross-reference lives.</p><p>The failure mode is treating structured fields as truth. A purpose code is a claim by the party that populated it. Structured claims are still claims. The value of the format is not that it is honest, but that it is legible enough to disagree with other structured claims about the same party.</p><p>We rebuilt our payment-side templates around the new field set eighteen months before we had clients whose exposures relied on it. Most weeks the new fields sit empty on most reports. The ones where they fill in are usually the ones worth reading closely.</p>]]></content:encoded>
      <source url="https://keremalbayrak.com/feed.xml">Kerem Albayrak</source>
    </item>
    <item>
      <title>Stablecoin activity read as counterparty exposure</title>
      <link>https://keremalbayrak.com/writing/stablecoin-flows-as-exposure</link>
      <guid isPermaLink="true">https://keremalbayrak.com/writing/stablecoin-flows-as-exposure</guid>
      <pubDate>Wed, 22 Oct 2025 16:51:59 GMT</pubDate>
      <dc:creator>Kerem Albayrak</dc:creator>
      <dc:date>2025-10-22T16:51:59.000Z</dc:date>
      <category>Digital currency</category>
      <category>Kerem Albayrak</category>
      <category>Anieres</category>
      <description>A wallet is not a person. A pattern of settlement across chains, exchanges, and off-ramps is closer to one than any single record we would otherwise pull.</description>
      <content:encoded><![CDATA[<p>A stablecoin flow inside an exposure map we shipped last week pulled cleaner counterparty structure out of three months of settlement than the same subject's declared bank statements had in a year. A wallet is not a person, but a pattern of settlement across chains, exchanges and off-ramps starts to behave like one, and treating it as counterparty exposure rather than as trading data changes what the report can say.</p><p>For counterparty work, the useful read is rarely who a wallet is. It is what the wallet's behaviour shares with the person we already know. Timing overlap; counterparties that also show up in records we hold. Exchange choices that match a country the person already sits in. When four or five of these agree, the wallet is part of the person's surface whether or not it is formally attributed.</p><p>The failure mode is the same one we see in every graph-heavy discipline. An analyst finds a link, gets attached to it, and starts writing the report around it. The discipline is to hold the link at a specific confidence and let it move with the next update, not to promote it to a fact because the picture reads better that way.</p><p>The output that matters is not attribution. It is exposure. A person who settles with a counterparty through a stablecoin rail carries exposure to that counterparty, to the issuer, to the on-ramp bank, and to the country of the exchange that off-ramped the value. For a reader considering a transaction, those four exposures usually matter more than whoever the wallet turned out to belong to.</p><p>Stablecoin flows sit inside the standing report, not next to it. A cluster that stops moving is a signal. A new off-ramp is a signal; a shift from one issuer to another is a signal. Read week over week, alongside bank transfers, ownership changes, and press, they fit the same monitoring pace as everything else.</p>]]></content:encoded>
      <source url="https://keremalbayrak.com/feed.xml">Kerem Albayrak</source>
    </item>
    <item>
      <title>Where digital value leaves the network is the part worth reading</title>
      <link>https://keremalbayrak.com/writing/offramp-geography</link>
      <guid isPermaLink="true">https://keremalbayrak.com/writing/offramp-geography</guid>
      <pubDate>Thu, 11 Sep 2025 11:00:59 GMT</pubDate>
      <dc:creator>Kerem Albayrak</dc:creator>
      <dc:date>2025-09-11T11:00:59.000Z</dc:date>
      <category>Digital currency</category>
      <category>Kerem Albayrak</category>
      <category>Anieres</category>
      <description>On-chain analytics gets most of the attention. The off-ramp, the exchange, the bank, the country, the hour, is usually the more useful record.</description>
      <content:encoded><![CDATA[<p>A crypto-desk file this month spent one hour on the chain and six on the off-ramp: the exchange, the fiat rail, the country of settlement and the hour of day. On-chain analytics gets the attention; the off-ramp is where the wallet becomes a person, and that is the record the counterparty file is actually built on.</p><p>A person can route through five chains and three mixers and still, at the end, need a bank account in a currency they can spend. That bank account is the part we read. Off-ramp geography is more stable than wallet behaviour because it is bounded by real-world constraints. Licences, correspondent relationships, currency access; wallets are cheap. Fiat exits are not.</p><p>The pattern that appears again and again is not exotic. People with real cross-border exposure keep a small number of preferred off-ramps and stay with them. New off-ramps appear at specific moments; a country change, a debanking, a new counterparty, a rule change in the previous exit. The change is the signal; the steady state is the baseline.</p><p>For a standing report of any depth, the off-ramp set gets tracked the way banking relationships do. A new one is a note; an old one going quiet is a note. Both together is a paragraph; most weeks there is nothing to add, which is the point.</p><p>Clients who ask about crypto exposure usually expect a wallet-focused answer. What they get instead is a map of the fiat perimeter around the crypto activity, because that is the part that generalises and the part that holds up over time.</p>]]></content:encoded>
      <source url="https://keremalbayrak.com/feed.xml">Kerem Albayrak</source>
    </item>
    <item>
      <title>The correspondent network read as a working map</title>
      <link>https://keremalbayrak.com/writing/correspondent-banking-as-a-map</link>
      <guid isPermaLink="true">https://keremalbayrak.com/writing/correspondent-banking-as-a-map</guid>
      <pubDate>Wed, 30 Jul 2025 08:40:12 GMT</pubDate>
      <dc:creator>Kerem Albayrak</dc:creator>
      <dc:date>2025-07-30T08:40:12.000Z</dc:date>
      <category>Payments</category>
      <category>Kerem Albayrak</category>
      <category>Anieres</category>
      <description>Who clears for whom, in which currency, through which hub. The map is older than most compliance stacks and reads better than any of them.</description>
      <content:encoded><![CDATA[<p>Correspondent banking is a plumbing diagram, and plumbing diagrams are analysis-grade inputs. Who clears for whom, in which currency, through which hub, is a map older than most compliance products and quietly better at answering the kind of question a private-client file actually asks. Most of the industry treats it as background. It is not background.</p><p>The map matters because a person or company with cross-border exposure is only as reachable as the corridor their money moves through. A counterparty whose stated business runs in three currencies but whose bank keeps only one active correspondent in one of them is a counterparty operating on a narrower rail than they describe. That narrowness is usually not a lie. It is a constraint the counterparty has decided to accept, and constraints are read.</p><p>The drift is the interesting part. A bank exiting a corridor is a slow event. It shows up first as a change in a disclosed relationship, then as a change in the currencies a correspondent supports, then as a change in the counterparties a downstream client can actually settle with. Each step is small and legible. Read together across a year, they redraw the shape of who can transact with whom without any single headline.</p><p>A rolling read of these shifts belongs on any corridor a serious file depends on. It is not a product on its own. It sits inside the standing report as a paragraph that either says nothing changed or names the one thing that did. When the paragraph is empty for three months, that is also a finding.</p><p>The mistake is to treat correspondent banking as plumbing. It is a plumbing diagram, and diagrams are analysis-grade inputs. Half of this work is reading plumbing diagrams the industry that draws them does not read as such.</p>]]></content:encoded>
      <source url="https://keremalbayrak.com/feed.xml">Kerem Albayrak</source>
    </item>
    <item>
      <title>Regulation as an unintended data-generation program</title>
      <link>https://keremalbayrak.com/writing/mica-travel-rule-visibility</link>
      <guid isPermaLink="true">https://keremalbayrak.com/writing/mica-travel-rule-visibility</guid>
      <pubDate>Fri, 20 Jun 2025 08:09:37 GMT</pubDate>
      <dc:creator>Kerem Albayrak</dc:creator>
      <dc:date>2025-06-20T08:09:37.000Z</dc:date>
      <category>Digital currency</category>
      <category>Kerem Albayrak</category>
      <category>Anieres</category>
      <description>Rules aimed at institutions produce records. The records outlive the argument that created them and quietly become part of the standing picture.</description>
      <content:encoded><![CDATA[<p>A rails read inside a counterparty file this month pulled originator and beneficiary fields on a stablecoin transfer that, two years ago, would have been three characters and a hash. The rule was written to move institutions, not to hand us records; that it now hands us records is the more useful second-order effect, and the standing report has started reading them.</p><p>The immediate effect is that virtual-asset service providers now hold more structured information about their customers and counterparties than they did five years ago. Little of that reaches a private monitoring desk directly. What reaches us is second order; how providers publicly describe their screening stack. Which countries they serve and which they leave. Which counterparties they will and will not settle with. These choices become filterable, and filters are what we read.</p><p>The travel rule specifically forces a data element to move alongside a transfer above a threshold. The transfer is opaque to us. The choice by a provider to support a specific protocol, to interoperate with a specific counterpart, or to withdraw from a corridor rather than comply, is not. Aggregated across the market, those choices become a map of where digital-asset settlement can and cannot happen at institutional scale.</p><p>For a standing report on a person with cross-border exposure, that map matters. A counterparty exchange that quietly drops interoperability with a specific country is a signal about that country. A provider that adds a new corridor is a signal about that corridor. Neither event is dramatic in isolation; both are the kind of thing a monitor is built to catch.</p><p>The pattern we expect to continue is that policy aimed at institutions produces records that private analysis learns to read. The records outlive the debate that created them. The desks that treat regulation as reading material end up with a better picture of the world their clients actually operate in.</p>]]></content:encoded>
      <source url="https://keremalbayrak.com/feed.xml">Kerem Albayrak</source>
    </item>
    <item>
      <title>A digital-currency wallet, read as an identity artifact</title>
      <link>https://keremalbayrak.com/writing/wallet-as-identity-artifact</link>
      <guid isPermaLink="true">https://keremalbayrak.com/writing/wallet-as-identity-artifact</guid>
      <pubDate>Wed, 11 Jun 2025 17:34:05 GMT</pubDate>
      <dc:creator>Kerem Albayrak</dc:creator>
      <dc:date>2025-06-11T17:34:05.000Z</dc:date>
      <category>Identity</category>
      <category>Kerem Albayrak</category>
      <category>Anieres</category>
      <description>A wallet is not a person. It is a short biography of one, written in settlement times, chain choices, and the two exchanges it keeps coming back to.</description>
      <content:encoded><![CDATA[<p>A crypto-desk file this month spent most of its hours not on the chain but on what the wallet, read as an artifact, said about the person behind it. The chain gives you addresses and amounts. The artifact, which is a longer object made of settlement times, chain choices, exchange preferences, gas habits, and the two off-ramps the wallet keeps coming back to, gives you something closer to a short biography. Wallets are not people, but the ones attached to a subject we already know a fair amount about tend to say something the subject did not intend to say out loud.</p><p>The identity read starts with the boring fields. Which chains the wallet actually settles on, not which chains it has ever touched. Which exchanges it withdraws to, at which cadence, in which fiat. Which time of day the recurring activity clusters in, which reveals a timezone more reliably than most stated addresses do. Which bridges it uses when it moves between chains, which is often the field that separates a wallet operated by the subject from one operated by an advisor on their behalf. None of these are dramatic on their own. Read across a year they draw a shape the subject would not have volunteered.</p><p>The protection angle is that most of what a wallet leaks about its owner leaks through a small handful of habits that were never chosen deliberately. A subject who consolidates all off-ramp activity into one exchange has, in effect, chosen that exchange's KYC file as their public biography on the chain. A subject who reuses the same funding wallet across three unrelated ventures has stapled the three ventures together in a public ledger. Both are fixable at the moment they are noticed. Neither is fixable retroactively.</p><p>The failure mode on the analytical side is to over-read the chain and under-read the off-ramp. On-chain analytics is the layer everyone shows in the deck. The off-ramp is where the wallet becomes a person, and the counterparty file is built almost entirely on the second layer. Any read that stops at the on-chain view is answering a narrower question than the client actually asked.</p><p>The pattern we expect to hold is the one payment rails followed. Quiet for a while, then suddenly one of the more concentrated exposures on the map, then a slow diversification back out as the subjects who care about the leakage learn which habits to change. The desks that are already reading wallets as artifacts, rather than as addresses, are the ones that will still be useful in the middle of that curve.</p>]]></content:encoded>
      <source url="https://keremalbayrak.com/feed.xml">Kerem Albayrak</source>
    </item>
    <item>
      <title>Digital-ID rollouts, watched from the private-client seat</title>
      <link>https://keremalbayrak.com/writing/digital-id-rollouts-private-client</link>
      <guid isPermaLink="true">https://keremalbayrak.com/writing/digital-id-rollouts-private-client</guid>
      <pubDate>Wed, 21 May 2025 16:52:25 GMT</pubDate>
      <dc:creator>Kerem Albayrak</dc:creator>
      <dc:date>2025-05-21T16:52:25.000Z</dc:date>
      <category>Aviation &amp; maritime</category>
      <category>Kerem Albayrak</category>
      <category>Anieres</category>
      <description>The framework debate is loud. The rollouts produce quiet, structured records the counterparty file starts carrying almost immediately.</description>
      <content:encoded><![CDATA[<p>A counterparty file this quarter, on a subject with holdings in a jurisdiction that rolled out a national digital-identity scheme this year, resolved differently than the same file would have resolved a year earlier. Some fields tightened; a few loosened. The framework debate was noisy for years and produced nothing our system could read. The rollout has been quiet for a quarter and has already added structure to two or three fields per subject in that jurisdiction.</p><p>Our read on rollouts is deliberately narrow. We do not have a view on which scheme is better designed. We do have a view on which schemes are producing attestations a counterparty is willing to accept and which are producing paperwork a counterparty is quietly routing around. The second is the more interesting field for private-client work, because the routing shows up in bank onboarding, in service-provider selection, and eventually in which corridors a subject can still open a new account inside without an in-person visit.</p><p>The identity-protection angle follows from this. A subject who enrolls early in a scheme that turns out to be under-adopted has volunteered a set of attestations into a registry that no counterparty is asking for and that no framework yet governs cleanly. A subject who enrolls late in a scheme that turns out to be widely adopted spends a year explaining why routine onboarding takes them three weeks. Neither position is fatal. Both are avoidable if the rollout is watched from outside the room the framework is being argued in.</p><p>What we keep on file for each jurisdiction is small. Which scheme is live, which counterparty categories are accepting it, which are not, and where the interoperability lines are drawn this quarter. The document is dry. It is also the reason the standing report can answer, on a specific subject in a specific corridor, whether their identity layer is quietly widening the surface of what a counterparty can see about them or quietly narrowing it.</p><p>None of this replaces the interview or the graph. It adds a slot to both. The slot is worth having ready before the subject needs it filled.</p>]]></content:encoded>
      <source url="https://keremalbayrak.com/feed.xml">Kerem Albayrak</source>
    </item>
    <item>
      <title>Protecting an identity footprint before it needs protecting</title>
      <link>https://keremalbayrak.com/writing/protecting-a-footprint-before-it-needs-it</link>
      <guid isPermaLink="true">https://keremalbayrak.com/writing/protecting-a-footprint-before-it-needs-it</guid>
      <pubDate>Tue, 29 Apr 2025 10:29:29 GMT</pubDate>
      <dc:creator>Kerem Albayrak</dc:creator>
      <dc:date>2025-04-29T10:29:29.000Z</dc:date>
      <category>Registries</category>
      <category>Kerem Albayrak</category>
      <category>Anieres</category>
      <description>The cheap moves happen years before the expensive ones. Most of the work is deciding which fields to close now while nobody is looking.</description>
      <content:encoded><![CDATA[<p>Most of the private work on an identity footprint is done years before anyone has a reason to look. By the time a subject has a reason, the cheap moves are gone; the fields that could have been closed quietly at renewal are now closed loudly, in front of a counterparty who is already asking why. The standing report tends to catch the same handful of preventable exposures on file after file, and the pattern is boring enough to be worth writing down.</p><p>The routine we recommend is small. A registered address that resolves to a residence gets rerouted to a service address at the next filing cycle. A director appointment in a jurisdiction the subject no longer operates in gets resigned rather than left dormant. A domain registered in a personal name a decade ago gets moved to a holding entity. A social profile from an earlier career gets closed, not deleted, so the handle cannot be re-registered by someone else. None of these are dramatic. All of them cost more the day a counterparty is already reading.</p><p>The failure mode is treating this as reputation work. It is not. Reputation work argues with what is on the record. Footprint work changes what is on the record next, without touching what is on it now. The line is whether the underlying facts move. They do not.</p><p>The second failure mode is doing it all at once. A footprint that closes ten fields in the same month reads, to anyone paying attention, as a subject preparing for something. The whole point is that the closures look like maintenance. Spread across the ordinary renewal calendar, they are indistinguishable from the housekeeping every filing has.</p><p>The clients who get the most out of this are the ones who ask for the review before there is a mandate on the table. The review runs quietly, the calendar of small closures runs over two or three years, and the file the next counterparty pulls is a file that was tidied on its own timetable rather than under someone else's.</p>]]></content:encoded>
      <source url="https://keremalbayrak.com/feed.xml">Kerem Albayrak</source>
    </item>
    <item>
      <title>When a base rate stops being a base rate</title>
      <link>https://keremalbayrak.com/writing/base-rate-drift</link>
      <guid isPermaLink="true">https://keremalbayrak.com/writing/base-rate-drift</guid>
      <pubDate>Sat, 05 Apr 2025 17:01:21 GMT</pubDate>
      <dc:creator>Kerem Albayrak</dc:creator>
      <dc:date>2025-04-05T17:01:21.000Z</dc:date>
      <category>Systems research</category>
      <category>Kerem Albayrak</category>
      <category>Anieres</category>
      <description>The prior you set six months ago is not the prior for today. Half the calibration work is noticing the ground moved.</description>
      <content:encoded><![CDATA[<p>The prior you set six months ago is not the prior for today. Registers tighten, capital-account regimes soften, entire categories of counterparty quietly move from ordinary to interesting or the reverse. Half the calibration work in this discipline is noticing that the ground underneath a base rate has moved, and re-anchoring before the reports built on the old anchor start being wrong in a way nobody catches for a quarter.</p><p>We revisit the base rates on a fixed schedule. Not because we expect them to change every quarter, but because we do not want the review to be triggered by drama. Drama drives over-correction; a scheduled review drives small adjustments.</p><p>The revision is boring; most base rates move a percent or two. Occasionally one moves more, and when it does, it is usually because the underlying category has quietly changed shape. That is the signal worth surfacing to clients, not the number itself.</p><p>The team that owns base rates is small and the work is slow. Both are on purpose; a large, fast base-rate team would produce more revisions than the calibration actually warrants, and the churn would degrade the anchor rather than improve it.</p><p>A base rate is not a permanent feature of the world. It is a measurement of how often something happened over some window, and the window matters. A prior set six months ago in one country may already be wrong because the underlying rate has moved, not because the analysis was flawed.</p><p>For anyone trying to reason about probabilities in daily life, the discipline is the same: check whether the ground you are standing on is the ground you assumed. A lot of confident forecasting fails not at the arithmetic but at the assumption that the base rate is still the base rate.</p>]]></content:encoded>
      <source url="https://keremalbayrak.com/feed.xml">Kerem Albayrak</source>
    </item>
    <item>
      <title>Confidence that moves in small steps</title>
      <link>https://keremalbayrak.com/writing/update-in-small-steps</link>
      <guid isPermaLink="true">https://keremalbayrak.com/writing/update-in-small-steps</guid>
      <pubDate>Sat, 08 Feb 2025 14:01:26 GMT</pubDate>
      <dc:creator>Kerem Albayrak</dc:creator>
      <dc:date>2025-02-08T14:01:26.000Z</dc:date>
      <category>Systems</category>
      <category>Kerem Albayrak</category>
      <category>Anieres</category>
      <description>Confidence should move a few percent at a time. When it jumps, something in the process broke.</description>
      <content:encoded><![CDATA[<p>Confidence about a subject should move a few points at a time, in step with the evidence. When it jumps, something in the process broke. Usually a source has been overweighted without a note, or two sources that share an upstream got counted as independent, or an old finding was allowed to update at full weight instead of the fraction its age deserves. Jumps in confidence are almost always a diagnostic about the reader, not a discovery about the subject.</p><p>We instrument for it. Every confidence change of more than a set threshold triggers a short review: what changed, which sources drove it, whether the change is a real update or a correction of an earlier miscalibration. Half the flagged jumps are miscalibrations; that is the point of flagging them.</p><p>The discipline sounds academic and pays back operationally. Reports that describe steady updates read differently than reports that describe reversals. Clients trust the first shape; the second shape trains them not to.</p><p>The failure mode we still have to watch for is the opposite: confidence that never moves at all because the analyst has stopped looking. Monitoring for that is harder and mostly qualitative. It is one of the things a good desk lead spends time on.</p><p>Confidence should move in small increments as evidence arrives, not in one dramatic swing when a single piece of information looks convincing. A model or an analyst whose reading jumps from thirty per cent to ninety on one document is usually reacting to the emotional weight of the document, not to how much it should actually update the picture.</p><p>The general-purpose version is Bayesian in spirit and simple in practice: notice the size of the moves you make in your own head after each new piece of information. The interesting question is not what you now believe, but how much you moved and whether the movement was proportionate.</p>]]></content:encoded>
      <source url="https://keremalbayrak.com/feed.xml">Kerem Albayrak</source>
    </item>
    <item>
      <title>Weighting by what a wrong answer costs</title>
      <link>https://keremalbayrak.com/writing/weighted-consequence</link>
      <guid isPermaLink="true">https://keremalbayrak.com/writing/weighted-consequence</guid>
      <pubDate>Sat, 14 Dec 2024 16:35:47 GMT</pubDate>
      <dc:creator>Kerem Albayrak</dc:creator>
      <dc:date>2024-12-14T16:35:47.000Z</dc:date>
      <category>Systems research</category>
      <category>Kerem Albayrak</category>
      <category>Anieres</category>
      <description>Probability alone isn&apos;t enough. Some errors are cheap and some end the engagement.</description>
      <content:encoded><![CDATA[<p>Not every risk can be treated as a statistical bet. A small class of outcomes, seizure, debanking, lost custody, a rail turning off, live in a category where a single bad realisation ends the ability to play the game again. Those get separate rules, chosen calmly, ahead of time. The mistake is to treat them as high-probability findings among a portfolio of others, because the arithmetic that works for the portfolio does not work for the class.</p><p>We score both; every signal carries a probability estimate and a consequence class. The action band is derived from both. A modest-probability signal on a ruin-class risk lands at a higher band than a high-probability signal on a paperwork risk.</p><p>The framing changes conversations with clients. It stops being "how sure are you" and starts being "what does acting on this cost, and what does not acting on it cost." Those two numbers do most of the deciding on their own.</p><p>The consequence classes are short and stable. We do not add a new class because a particular case would benefit from one. We fit the case into the existing classes and revisit the taxonomy only when the same misfit keeps appearing across quarters.</p><p>Most decision systems, private and institutional, treat every finding as if its cost were the same. It never is. Some errors are absorbed by a phone call and a re-review; others end a relationship, a mandate, or a residency plan that took two years to build. The weight is the part the model has to carry, not the analyst on the day.</p><p>The reason to build this in early is that under time pressure people default to whichever risk is easiest to describe. Weighting by consequence forces the harder conversation about what a wrong answer actually costs, before there is a wrong answer to defend.</p>]]></content:encoded>
      <source url="https://keremalbayrak.com/feed.xml">Kerem Albayrak</source>
    </item>
    <item>
      <title>Treating correlated sources as independent</title>
      <link>https://keremalbayrak.com/writing/false-independence</link>
      <guid isPermaLink="true">https://keremalbayrak.com/writing/false-independence</guid>
      <pubDate>Sat, 19 Oct 2024 17:25:01 GMT</pubDate>
      <dc:creator>Kerem Albayrak</dc:creator>
      <dc:date>2024-10-19T17:25:01.000Z</dc:date>
      <category>Exposure</category>
      <category>Kerem Albayrak</category>
      <category>Anieres</category>
      <description>Two sources agreeing feels like confidence. If they share a pipe, it&apos;s the same source twice.</description>
      <content:encoded><![CDATA[<p>Independence is not a property of a source's brand. It is a property of the pipe the source is drawing from, and the pipes in this industry are shared far more than the vendors on top of them admit. Two feeds that resolve, on inspection, to the same upstream data licence are one source counted twice, and weighting them as independent is a quiet, expensive way to be wrong with confidence.</p><p>We map lineage on every source; where does this feed originate. Who sells it downstream; which vendors we already use are secretly this feed under a different label. When two of the sources in a corroboration turn out to share a parent, they collapse into one for scoring purposes.</p><p>The lineage map is the least glamorous artifact we maintain and the one that changes our numbers most. It is also the one no vendor will help us build, because the incentive runs the other way. We maintain it internally, quietly, and update it every time a new source comes into the stack.</p><p>The lesson generalises past monitoring; any system that combines opinions has to know which opinions were formed independently. Skipping the check is fast; paying for the skip is slow and expensive later.</p><p>Two sources agreeing feels like confirmation. It only is if they arrived at the same answer independently. If both drew from the same feed, the agreement adds no information; it is the same source counted twice. Systems that don't track upstream lineage overstate their own certainty by exactly this margin.</p><p>The habit worth borrowing, outside any analytical setting, is asking of any consensus how many genuinely separate paths of reasoning it rests on. Most consensuses look sturdier than they are because the same input reaches many outlets and each one is read as a separate voice.</p>]]></content:encoded>
      <source url="https://keremalbayrak.com/feed.xml">Kerem Albayrak</source>
    </item>
    <item>
      <title>How one risk pulls its neighbours along</title>
      <link>https://keremalbayrak.com/writing/contagion-matrix</link>
      <guid isPermaLink="true">https://keremalbayrak.com/writing/contagion-matrix</guid>
      <pubDate>Sat, 24 Aug 2024 11:18:25 GMT</pubDate>
      <dc:creator>Kerem Albayrak</dc:creator>
      <dc:date>2024-08-24T11:18:25.000Z</dc:date>
      <category>Exposure</category>
      <category>Kerem Albayrak</category>
      <category>Anieres</category>
      <description>A debanking rarely arrives alone. Mapping which risks travel together changes what you watch in the days after.</description>
      <content:encoded><![CDATA[<p>A contagion matrix in the monitoring queue picked up a debanking event on one counterparty and pre-flagged three neighbours in the client's book before any of them had public consequences. A single risk almost never travels alone; mapping which risks pull which neighbours along changes what the standing report is watching in the days after a first event.</p><p>We keep a matrix of which risks pull which. When the primary signal fires, the matrix tells the analyst which secondary signals to look at next, on which people, on what timeline. The matrix is calibrated from prior cases; it is not a theory.</p><p>The point is not to widen the alert set. It is to narrow the follow-up. When a client asks what else we should be looking at now, the matrix gives an answer that is specific and well-supported, rather than the whole map of monitoring.</p><p>Contagion works both ways; some risks predict quieter neighbours, because a resolved case removes pressure from adjacent ones. The matrix carries both directions; half of monitoring is knowing where to stop looking.</p><p>The practical read is that risk to a private client rarely arrives as one event. It arrives as a small cluster. A frozen account is followed within weeks by a supplier who quietly stops accepting new instructions, a filing that reopens under a different heading, a piece of press that resurfaces from an archive. None of those, on its own, would prompt action. Read together, they change the plan for the quarter.</p><p>A useful contagion map does two things at once. It tells you which of the neighbouring risks are worth monitoring after a first signal, and it tells you which ones can be safely ignored so attention does not get spread thin. The second half of that is the harder discipline, and the one that separates a standing view from a noisy one.</p>]]></content:encoded>
      <source url="https://keremalbayrak.com/feed.xml">Kerem Albayrak</source>
    </item>
    <item>
      <title>When the automation stops and someone opens a file</title>
      <link>https://keremalbayrak.com/writing/investigation-desk</link>
      <guid isPermaLink="true">https://keremalbayrak.com/writing/investigation-desk</guid>
      <pubDate>Sat, 15 Jun 2024 15:52:11 GMT</pubDate>
      <dc:creator>Kerem Albayrak</dc:creator>
      <dc:date>2024-06-15T15:52:11.000Z</dc:date>
      <category>Digital currency</category>
      <category>Kerem Albayrak</category>
      <category>Anieres</category>
      <description>The most useful thing the system does is decide, honestly, which cases it cannot answer on its own.</description>
      <content:encoded><![CDATA[<p>An investigation-desk case opened last week only because the automated stack correctly refused to close it; the honesty of that hand-off is the most valuable thing the system does. Most files resolve inside the automation; the cases that reach a human are the ones the system has said, in writing, that it cannot answer alone, and the investigation notes start from that admission.</p><p>This is where the case stops being a query and starts being a file. Documents get read end to end; people get called. Records get requested from primary sources; the tools support the record; they do not replace it.</p><p>The output looks similar to an automated reports and reads differently. Confidence numbers stop hedging; reasoning shows work. Recommendations sound like a person made them, because a person did, on the record.</p><p>A firm that never opens projects-desk files is a firm whose automation is over-confident, whose queue is too full, or whose clients are too easy. All three catch up.</p><p>Automation carries a case to a threshold. Past that threshold the tools stop being useful, and someone opens a file and starts asking the specific questions that the general system was never going to reach. Knowing where that line sits, for a given class of question, is most of what our side is for.</p><p>The most useful thing the automation does is decide, honestly, which cases it cannot answer on its own. A system that pretends to cover every case is a system whose reader eventually stops trusting the confident answers along with the uncertain ones. Calibration at the machine layer is what makes the human layer worth the money.</p><p>For a general audience the takeaway is that automation and human judgement work best when the boundary between them is explicit. Blurring it produces the worst of both: slow decisions that feel machine-made, or fast ones that turn out to have needed a person.</p>]]></content:encoded>
      <source url="https://keremalbayrak.com/feed.xml">Kerem Albayrak</source>
    </item>
    <item>
      <title>The review layer behind an automated screen</title>
      <link>https://keremalbayrak.com/writing/screening-desk-throughput</link>
      <guid isPermaLink="true">https://keremalbayrak.com/writing/screening-desk-throughput</guid>
      <pubDate>Sat, 06 Apr 2024 10:50:57 GMT</pubDate>
      <dc:creator>Kerem Albayrak</dc:creator>
      <dc:date>2024-04-06T10:50:57.000Z</dc:date>
      <category>Monitoring</category>
      <category>Kerem Albayrak</category>
      <category>Anieres</category>
      <description>A tool that returns a list is not the same as a decision. Someone has to be paid to close the loop.</description>
      <content:encoded><![CDATA[<p>The screening desk closed thirty-one alerts on Tuesday; automation opened them and a human closed every single one. A tool that returns a list is not a decision and never has been, and the throughput number the vendor quotes is the arrival rate, not the resolution rate, which is the number the client is actually paying for.</p><p>This is where a hit becomes a decision. Is this the same person; if not, why not, in writing, on file, so the same question does not have to be re-answered the next quarter. If yes, at what tier, and what does that mean for the specific relationship in front of us.</p><p>Throughput is the trap; a tool can screen thousands of names an hour. A desk can honestly review a few dozen. Building a queue that respects our side's actual capacity, rather than the tool's marketing number, is most of the operational work.</p><p>A screening desk that runs alone eventually starts approving to keep the queue moving. The system is designed to make that failure mode visible early: unusually fast approval rates, dropping average review times, and thin file notes all trigger their own review before the client ever sees the output.</p><p>A tool that returns a list is not the same as a decision. Someone has to look at the list, understand what it means, and close the loop. The throughput of the screening layer is not set by the software; it is set by the human review capacity behind the software.</p><p>The general version is that automation moves the bottleneck rather than removing it. Anywhere you install a tool that returns candidates, the next scarce resource becomes the attention needed to sort them. Systems that don't budget for that attention fail without warning.</p>]]></content:encoded>
      <source url="https://keremalbayrak.com/feed.xml">Kerem Albayrak</source>
    </item>
    <item>
      <title>Chain analysis for a subject who isn&apos;t a wallet</title>
      <link>https://keremalbayrak.com/writing/crypto-desk</link>
      <guid isPermaLink="true">https://keremalbayrak.com/writing/crypto-desk</guid>
      <pubDate>Sat, 10 Feb 2024 14:26:08 GMT</pubDate>
      <dc:creator>Kerem Albayrak</dc:creator>
      <dc:date>2024-02-10T14:26:08.000Z</dc:date>
      <category>Payments</category>
      <category>Kerem Albayrak</category>
      <category>Anieres</category>
      <description>Most subjects don&apos;t have one address. They have a cluster the exchanges already know and a habit of moving between two of them.</description>
      <content:encoded><![CDATA[<p>A crypto-desk read on a private client this month made most of its findings off-chain: exchanges, off-ramp banks, custodians and one advisor who had put three unrelated clients through the same address cluster. Chain analytics is the easy layer; the useful layer is where digital value meets a name, a jurisdiction and a time-of-day pattern, and the counterparty file lives on the second layer.</p><p>We work at the cluster level. Individual transactions are noise; clusters that consolidate before a specific date, split after a specific date, or route through a specific bridge on a specific week are events. Most of the work is deciding which patterns are the person's operational habit and which are unusual for the person specifically.</p><p>Off-ramp exposure is where the real risk lives. Which exchanges, in which countries, under which licensing regime. A cluster whose entire off-ramp sits in a single venue is a cluster whose risk moves the day that venue's market does.</p><p>Chain analysis is easy to run and hard to read. The tooling returns confident-looking numbers on relationships that a human reader would qualify heavily. Our job is the qualification, not the query.</p><p>The public conversation about digital-asset tracing has skewed toward images of coloured graphs and clustered wallets. Most real subjects don't behave like that. They have accounts at two exchanges, a habit of moving between them, and a small number of self-custody addresses used inconsistently. That is a very different analytical problem from tracing a single fund flow across an anonymous network.</p><p>The general-audience version: on-chain data is public and imperfect. The exchanges are where the network meets the ordinary financial system, and where identity is quietly reattached. Anyone thinking about how digital money actually gets read from the outside should spend more time thinking about the exchanges and less time thinking about the chain.</p>]]></content:encoded>
      <source url="https://keremalbayrak.com/feed.xml">Kerem Albayrak</source>
    </item>
    <item>
      <title>What the flight-tracking stream doesn&apos;t show</title>
      <link>https://keremalbayrak.com/writing/aviation-desk</link>
      <guid isPermaLink="true">https://keremalbayrak.com/writing/aviation-desk</guid>
      <pubDate>Sat, 16 Dec 2023 08:48:09 GMT</pubDate>
      <dc:creator>Kerem Albayrak</dc:creator>
      <dc:date>2023-12-16T08:48:09.000Z</dc:date>
      <category>Aviation &amp; maritime</category>
      <category>Kerem Albayrak</category>
      <category>Anieres</category>
      <description>Blocked tail numbers, chartered legs, and the operator layer that quietly reshapes what the map looks like.</description>
      <content:encoded><![CDATA[<p>An aviation-desk cross-reference we ran last quarter had to reconstruct three charter legs and one blocked tail before the flight-tracking stream started to resemble the subject's actual movement. The public map is not the operator's map, and the operator layer, quietly reshaping what shows up on any given day, is what most of the aviation work is really reading.</p><p>What the stream misses is the operator layer. Almost every business jet at the level we look at is run by a management company. The company is public; its fleet is public. The charter listings are public; cross-referencing an aircraft against its manager's other aircraft usually explains the pattern the tail alone will not.</p><p>Blocked tails are a signal, not a wall. The blocking process is public; the aircraft is still visible on the ground, in maintenance records, in insurance filings, in the manager's roster. The block reduces the surface; it does not remove it.</p><p>Our job is to hold four fields together on every aircraft: owner-of-record, operator, manager, and based-airport pattern. Reading them together answers questions the tail alone cannot.</p><p>The public tracking layer has trained people to think a plane is a legible object. It is legible up to a point, and then, quite deliberately, it stops. Blocked tail numbers, chartered legs, operator swaps mid-journey, and management companies that hold half a dozen aircraft on paper all reshape what an outside observer can actually see.</p><p>For a general reader, the useful takeaway is that the map is not the territory. When a tool tells you where every plane in the sky is, it is really telling you where every plane whose operator did not opt out of the feed is. The gap between those two sets is where the more interesting movement tends to sit.</p>]]></content:encoded>
      <source url="https://keremalbayrak.com/feed.xml">Kerem Albayrak</source>
    </item>
    <item>
      <title>Reading a fleet as one subject</title>
      <link>https://keremalbayrak.com/writing/maritime-desk</link>
      <guid isPermaLink="true">https://keremalbayrak.com/writing/maritime-desk</guid>
      <pubDate>Sat, 14 Oct 2023 15:27:08 GMT</pubDate>
      <dc:creator>Kerem Albayrak</dc:creator>
      <dc:date>2023-10-14T15:27:08.000Z</dc:date>
      <category>Aviation &amp; maritime</category>
      <category>Kerem Albayrak</category>
      <category>Anieres</category>
      <description>One vessel is a filing. A fleet is a company. The signal you want is almost never on the ship you started with.</description>
      <content:encoded><![CDATA[<p>A maritime desk file we closed this month started on a single vessel and ended, correctly, on a fleet of eleven; the signal the client cared about was nowhere on the ship the original tip named. One vessel is a filing and a fleet is a company, and running our side as if the two are the same category is how a report ends up two hops short of the answer.</p><p>The maritime desk starts by resolving a vessel into its fleet. Same manager, same beneficial owner, same insurance broker, same class society. The fleet is the person; individual vessels are its behaviour, and the interesting behaviour is almost never on the ship you started with.</p><p>Periods with no transponder signal, flag hops, and management changes carry more information than positions. A vessel that stops broadcasting for three weeks and reappears with a new name and a new flag is a paperwork event. A fleet where three vessels do the same in the same quarter is a decision that came from an office, not a bridge.</p><p>We watch the office; vessel-tracking data is the surface. The interesting work is on the other side of the surface: who manages, who insures, who classes, and who moves between all three when the fleet reshuffles.</p><p>A single vessel, on paper, looks like a piece of registered property with a flag and an owner. A fleet, treated as one subject, looks like a company. The interesting movements, reflagging events, changes of management company, quiet swaps between beneficial owners, only become visible when the fleet is read as a whole rather than one vessel at a time.</p><p>For a general audience, the readable version is that the shipping industry is more transparent than most people assume and more opaque than any single database suggests. Meaning lives in the pattern across vessels, not in any single filing.</p>]]></content:encoded>
      <source url="https://keremalbayrak.com/feed.xml">Kerem Albayrak</source>
    </item>
    <item>
      <title>The first standing report, in review</title>
      <link>https://keremalbayrak.com/writing/standing-report-first-draft</link>
      <guid isPermaLink="true">https://keremalbayrak.com/writing/standing-report-first-draft</guid>
      <pubDate>Sat, 19 Aug 2023 17:19:33 GMT</pubDate>
      <dc:creator>Kerem Albayrak</dc:creator>
      <dc:date>2023-08-19T17:19:33.000Z</dc:date>
      <category>Monitoring</category>
      <category>Kerem Albayrak</category>
      <category>Anieres</category>
      <description>A standing report is a change log, not a periodical. The client is reading for what moved since last week, not for the world since forever.</description>
      <content:encoded><![CDATA[<p>The first standing report we shipped, in month three, was rejected by the client and rightly so: it read like a newsletter about the world when what she wanted was a change log about her subjects. That review is why the standing report today opens with what moved since last week and stops there, and why we no longer sell a standing product to clients who want a periodical.</p><p>The client was already the world's expert on their own situation. They did not need context; they needed the delta since last week, in language that let them decide whether to do anything. The context was noise they had to skim past to find the change.</p><p>We rewrote the template as a change log. Two paragraphs at the top: what moved, what it likely means. A small table of items with confidence and suggested action. Everything else, including the reasoning trail and the underlying sources, sat in appendices for the readers who wanted them.</p><p>Reading time dropped by a factor of four. The number of clients who actually read the report every week went up by more than that. The lesson has not stopped mattering; a standing report is not a document. It is a habit, and the habit only survives if the document is short enough to fit inside it.</p><p>The first draft of anything intended to run on a pace tends to overshoot. It reads like a monthly newspaper: comprehensive, chronological, and unusable to a busy reader who only wants to know what has changed since last week. The rewrite is almost always in the direction of less.</p><p>A useful standing report is closer to a differential than a summary. What moved, why it moved, and what to keep watching next. Everything else, including the temptation to demonstrate coverage by including everything, gets in the way of the reader making a decision.</p>]]></content:encoded>
      <source url="https://keremalbayrak.com/feed.xml">Kerem Albayrak</source>
    </item>
    <item>
      <title>The class of risk that doesn&apos;t wait for a second pass</title>
      <link>https://keremalbayrak.com/writing/ruin-class-risks</link>
      <guid isPermaLink="true">https://keremalbayrak.com/writing/ruin-class-risks</guid>
      <pubDate>Sat, 24 Jun 2023 09:36:29 GMT</pubDate>
      <dc:creator>Kerem Albayrak</dc:creator>
      <dc:date>2023-06-24T09:36:29.000Z</dc:date>
      <category>Payments</category>
      <category>Kerem Albayrak</category>
      <category>Anieres</category>
      <description>Most findings can wait. A few can&apos;t, because acting after the fact isn&apos;t acting.</description>
      <content:encoded><![CDATA[<p>A serious monitoring queue separates a small class of alerts from everything else and routes them straight to a human within the hour; most findings can wait a week, a few cannot wait a day. A ruin-class risk is not the largest risk in the file, it is the one whose realisation ends the relationship the reader is trying to protect, and the report treats it that way from the first line.</p><p>A small set of findings cannot wait. Anything that ends in seizure, debanking, lost custody, or a rail turning off is a class where the second pass happens after the fact and the fact is irreversible. Treating those the same as an address correction is the wrong shape.</p><p>We act one band earlier on ruin-class risks. If the calibrated confidence would normally get a client a heads-up at "elevated," on this class it moves at "monitor." The client would rather be told twice about a false alarm than told once about a real one after it closed.</p><p>The list of ruin-class risks is short and stable. It does not grow with the roadmap. It stays short on purpose, because everything on it distorts the pace of the review, and adding a fifth thing means the first four get less attention.</p><p>Most findings can wait a review cycle. A small class cannot, because acting after the fact is not a form of acting. The discipline is knowing in advance which category any given signal belongs to, so the response is set before the pressure of the moment is added.</p><p>The general form of this idea, useful well beyond private work, is that not all risks can be treated as statistical bets. A few live in a class where a single bad outcome removes the ability to play the game again. Those get separate rules, chosen calmly, ahead of time.</p>]]></content:encoded>
      <source url="https://keremalbayrak.com/feed.xml">Kerem Albayrak</source>
    </item>
    <item>
      <title>Reading the country before reading the subject</title>
      <link>https://keremalbayrak.com/writing/country-multiplier</link>
      <guid isPermaLink="true">https://keremalbayrak.com/writing/country-multiplier</guid>
      <pubDate>Sat, 15 Apr 2023 11:42:12 GMT</pubDate>
      <dc:creator>Kerem Albayrak</dc:creator>
      <dc:date>2023-04-15T11:42:12.000Z</dc:date>
      <category>Sanctions</category>
      <category>Kerem Albayrak</category>
      <category>Anieres</category>
      <description>A signal in a jurisdiction on a bad trajectory means something different from the same signal in a stable one.</description>
      <content:encoded><![CDATA[<p>A single-signal finding inside a counterparty file last month meant something very different once we read the trajectory of the jurisdiction it sat in; the signal was ordinary, the country was not. A finding without a country multiplier is a number without units, and half of the standing report's job is holding the two together so the reader is not misled by either.</p><p>We keep a country layer that carries its own trajectory: registers tightening or loosening, reserves moving, capital-account changes, political-risk pressure. It updates on a slower pace than the person layer. When a person signal fires, the country multiplier is applied before the number reaches the analyst.</p><p>The multiplier is not a verdict on the country. Plenty of people in difficult countries are boring and safe. The multiplier is a statement about how quickly a benign signal can become a costly one when the ground underneath is moving. Speed changes the math.</p><p>The practical effect is that clients get warned earlier on assets in countries where the exits are narrowing. The signal is the same; the urgency is not. That is the whole point of separating the two layers.</p><p>The same finding means different things in different countries, and treating that as an inconvenience is a form of naiveté. A registry entry in a country whose institutions are strengthening is not the same fact as the identical entry in a country whose institutions are being hollowed out. The record has not changed; the ground under it has.</p><p>For a reader without any professional stake, the practical version is: before drawing a conclusion from a fact you read about somewhere, ask what direction the country reporting it has been moving. A lot of confident writing about the world gets this wrong by treating the label as fixed.</p>]]></content:encoded>
      <source url="https://keremalbayrak.com/feed.xml">Kerem Albayrak</source>
    </item>
    <item>
      <title>The cases a name check was not built to catch</title>
      <link>https://keremalbayrak.com/writing/ofac-fifty-percent-rule</link>
      <guid isPermaLink="true">https://keremalbayrak.com/writing/ofac-fifty-percent-rule</guid>
      <pubDate>Sat, 04 Feb 2023 12:54:31 GMT</pubDate>
      <dc:creator>Kerem Albayrak</dc:creator>
      <dc:date>2023-02-04T12:54:31.000Z</dc:date>
      <category>Sanctions</category>
      <category>Kerem Albayrak</category>
      <category>Anieres</category>
      <description>A lot of what we&apos;re building is for the cases the name check was never going to catch.</description>
      <content:encoded><![CDATA[<p>A clean name-hit report is not the same as a clean file. The class of cases a name check was never built to catch is larger than most buyers assume: entities not themselves listed but majority-owned by parties who are, structures that reach a listed party through two or three ownership hops, control relationships that do not show up as ownership at all. All of these sit deliberately outside the perimeter of a standard screening product, and none of them stop existing when the product returns green.</p><p>A serious system spends most of its time in that under-layer. Who owns what, through what, with whom, since when. Structures are designed to make that question harder. Reading them is part research, part software, part patience. None of it is a single query.</p><p>What the model side is for is joining things up at a scale a person cannot. A holding company in one place, a shareholder filing in another, a director change in a third, an old archive that mentions both. Each piece is small; the point is the joint reading.</p><p>The honest version, for a private client, is that a clean name is not the same as a clean counterparty. It shows up regularly: the check comes back fine, the structure does not. That gap is where the actual work lives.</p><p>A name is the easy part; the structure underneath is the part most reports do not really read.</p><p>The class of cases a name check was never going to catch is larger than most buyers assume. Entities that are not themselves listed but are majority-owned by parties who are, structures that reach a listed party through two or three ownership hops, and control relationships that don't show up as ownership at all; all of these sit outside the shape of a standard screening product.</p><p>The general point is that a tool designed for one question will confidently return an answer to a different question if you ask it. The answer will look correct. Knowing what a tool was actually built to catch, and what sits deliberately outside its perimeter, is a lot of what expertise in any field turns out to be.</p>]]></content:encoded>
      <source url="https://keremalbayrak.com/feed.xml">Kerem Albayrak</source>
    </item>
    <item>
      <title>Reading political exposure in tiers, not labels</title>
      <link>https://keremalbayrak.com/writing/pep-tiers-no-list-tells-you</link>
      <guid isPermaLink="true">https://keremalbayrak.com/writing/pep-tiers-no-list-tells-you</guid>
      <pubDate>Sat, 10 Dec 2022 10:23:53 GMT</pubDate>
      <dc:creator>Kerem Albayrak</dc:creator>
      <dc:date>2022-12-10T10:23:53.000Z</dc:date>
      <category>Sanctions</category>
      <category>Kerem Albayrak</category>
      <category>Anieres</category>
      <description>Building a system that reads tier, not just label, is most of what we&apos;ve been working on.</description>
      <content:encoded><![CDATA[<p>PEP lists are snapshots of decisions other people have made, on their own schedule, with their own tolerance for error. They are useful the way a phone book is useful, and misused the way a phone book is misused: as a substitute for actually knowing who is on the other end of the line. A tier you can stand behind is the answer this question deserves; a list is where the question starts.</p><p>Most of the useful work sits in the layer underneath that flag. A serious system reads things like how current a role is, whether the surrounding network is still active or has drifted, whether the public footprint matches the headline. It is software work and research work at the same time, and a lot of it is just getting the inputs to talk to each other in a useful order.</p><p>Family and staff is where the time goes; the subject themselves is usually the easy part. The people around them, in different countries, in different languages, sometimes in industries that look unrelated, are where the read actually sits. That is the part the off-the-shelf flag cannot do, and it is one of the reasons the standard product falls short here.</p><p>Where model work comes in is mostly in the cross-reference. Reading a thousand small signals at once and asking whether they line up with what the public version of someone says about themselves. That is not magic; it is just a lot of careful joining, done at a pace no analyst can hold by hand.</p><p>a flag is the start of the question. A tier you can stand behind is the answer, and that answer comes out of the system, not the list.</p>]]></content:encoded>
      <source url="https://keremalbayrak.com/feed.xml">Kerem Albayrak</source>
    </item>
    <item>
      <title>Reading a yacht from the flag up</title>
      <link>https://keremalbayrak.com/writing/yacht-ownership-structures</link>
      <guid isPermaLink="true">https://keremalbayrak.com/writing/yacht-ownership-structures</guid>
      <pubDate>Sat, 22 Oct 2022 17:24:14 GMT</pubDate>
      <dc:creator>Kerem Albayrak</dc:creator>
      <dc:date>2022-10-22T17:24:14.000Z</dc:date>
      <category>Aviation &amp; maritime</category>
      <category>Kerem Albayrak</category>
      <category>Anieres</category>
      <description>A flag, a management company, a charter listing. Three fields, three countries, one owner who is none of them.</description>
      <content:encoded><![CDATA[<p>A yacht is registered under one flag, managed out of a second country, chartered through a listing in a third, and beneficially owned by nobody who resembles any of the paperwork. The fields are chosen precisely because they resolve to no single person. Reading them one at a time gets you nowhere; reading them against each other is the whole exercise, and it is the reason a serious file on a vessel takes longer than a serious file on the person behind it.</p><p>A small group of flag countries dominate this space for reasons that are tax, liability, and crew-law shaped. The flag tells you which registry holds the title and which set of safety rules apply. It does not tell you who owns the boat. The registered owner is almost always a single-purpose company in the flag country, named something forgettable, with a corporate director sitting on top.</p><p>The useful layer is the management company. A handful of firms based around the main yachting ports handle the actual operation of most large yachts. They are publicly listed on the vessel's documentation, in charter brochures, and in crew listings. They will not disclose ownership, but the choice of manager is a strong prior on the owner's region and advisor cluster.</p><p>Charter listings are the underused source; a yacht offered for charter publishes a rate, a base port, a season schedule, and a central agent. Cross-referencing the charter calendar against the public vessel-tracking signal and against the client's public calendar tells you whether the yacht is genuinely commercial, genuinely private, or the hybrid most large yachts actually are. The hybrid pattern is the one worth understanding before any counterparty conversation that touches the asset.</p><p>One thing to take from this note: the flag is the least interesting field on a yacht. The management company and the charter calendar are where the read lives.</p>]]></content:encoded>
      <source url="https://keremalbayrak.com/feed.xml">Kerem Albayrak</source>
    </item>
    <item>
      <title>Reading a privately held aircraft</title>
      <link>https://keremalbayrak.com/writing/tail-numbers-and-trusts</link>
      <guid isPermaLink="true">https://keremalbayrak.com/writing/tail-numbers-and-trusts</guid>
      <pubDate>Sat, 13 Aug 2022 14:37:08 GMT</pubDate>
      <dc:creator>Kerem Albayrak</dc:creator>
      <dc:date>2022-08-13T14:37:08.000Z</dc:date>
      <category>Aviation &amp; maritime</category>
      <category>Kerem Albayrak</category>
      <category>Anieres</category>
      <description>The name on an aircraft is rarely the person who flies on it. The structure around it is the part worth reading.</description>
      <content:encoded><![CDATA[<p>The name on a privately held aircraft is almost never the person who flies on it. The trust that holds the airframe is usually a workaround for a citizenship requirement on registration, chosen for insurance and resale reasons rather than secrecy. Reading the trust as a smoking gun is wrong. Reading it as a prompt to look at the operator, the management company, and the based airport is right, and the four fields together are the read.</p><p>The point of the trust is not secrecy in the criminal sense. It is a workaround for a citizenship requirement on aircraft registration, used routinely by foreign clients who want a particular registration for resale, insurance, and access reasons. Reading it as a hidden ownership signal, on its own, is wrong. Reading it as a flag to look at the operator and the management company is right.</p><p>The operator is the more useful field. A privately managed aircraft will have a management company on file with the aviation market and, separately, in trade databases. The management company knows who flies; they will not tell you. But the pattern of the aircraft; based airport, frequent destinations, charter availability windows. Is in the public flight-tracking archives, and those archives are not hidden.</p><p>Match the based airport against the client's stated residence. Match the frequent-destination cluster against their stated business footprint. Match the charter blackout windows against their public calendar. When the three agree, the aircraft is being used as advertised. When they disagree, there is a second user or a second purpose, and that is the question to take into the room.</p><p>One thing to take from this note: never read an aircraft owner field alone. Read owner, operator, management company, based airport, and movement pattern as a single object. The owner field is the least informative of the five.</p>]]></content:encoded>
      <source url="https://keremalbayrak.com/feed.xml">Kerem Albayrak</source>
    </item>
    <item>
      <title>Scoring every signal against a base rate, first</title>
      <link>https://keremalbayrak.com/writing/calibrated-confidence</link>
      <guid isPermaLink="true">https://keremalbayrak.com/writing/calibrated-confidence</guid>
      <pubDate>Sat, 02 Jul 2022 13:01:43 GMT</pubDate>
      <dc:creator>Kerem Albayrak</dc:creator>
      <dc:date>2022-07-02T13:01:43.000Z</dc:date>
      <category>Systems research</category>
      <category>Kerem Albayrak</category>
      <category>Anieres</category>
      <description>The first honest thing a monitor can do is admit how often it would be wrong by default. That number is the anchor everything else corrects.</description>
      <content:encoded><![CDATA[<p>The first thing a new monitor should log is its base rate: how often it would flag by pure chance on a random subject with the same shape. Everything the monitor says afterwards is a correction to that number, and the reason the standing report reads honestly is that the anchor is written down before any signal is scored against it.</p><p>We anchor every signal on a base rate first. How often, in general, does a director change presage a filing problem. How often, in general, does a new address in a given country presage a residency issue. How often, in general, does a name land near a sanctioned entity by pure coincidence. The number is usually humbler than the analyst's first instinct.</p><p>From that anchor, the system updates; independent corroboration nudges the number up. A source with a known weakness in the country nudges it down. A prior finding on the same person in the same direction nudges it up, but less than the raw count would suggest, because the priors are not independent of the new signal.</p><p>The whole thing is boring; it is also the difference between a report a client can act on and a report a client has to relitigate. When confidence is anchored honestly, the report can say the number out loud without either team wincing.</p><p>The most honest thing an analytical system can do at the start of any question is state how often it would be wrong by default, if it did no work at all. That number is the base rate, and every subsequent piece of evidence should nudge the estimate away from it in proportion to how much information the evidence actually carries.</p><p>For a general reader, this is the whole of calibration in one sentence: start from the base rate, move a little for each new fact, and be suspicious of any process that jumps to certainty from a small number of inputs. Well-calibrated confidence is unglamorous and reliably better than the confident-sounding alternative.</p>]]></content:encoded>
      <source url="https://keremalbayrak.com/feed.xml">Kerem Albayrak</source>
    </item>
    <item>
      <title>Structures that don&apos;t survive a timeline</title>
      <link>https://keremalbayrak.com/writing/corporate-veils-and-timelines</link>
      <guid isPermaLink="true">https://keremalbayrak.com/writing/corporate-veils-and-timelines</guid>
      <pubDate>Sat, 14 May 2022 17:01:23 GMT</pubDate>
      <dc:creator>Kerem Albayrak</dc:creator>
      <dc:date>2022-05-14T17:01:23.000Z</dc:date>
      <category>Registries</category>
      <category>Kerem Albayrak</category>
      <category>Anieres</category>
      <description>Layers are designed to obscure ownership. Timelines are designed to recover it.</description>
      <content:encoded><![CDATA[<p>Corporate structures are designed to hold up in a snapshot. A neat organisation chart, a clean set of current filings, a defensible answer to the standard due diligence question. What structures do not survive is a timeline. Lay every incorporation date, director change, and address move on one line, and the layers that were added to obscure a specific event dissolve into the shape of the event itself.</p><p>Timelines unwind the same structures; the asset existed before the structure was built. The person existed before the asset was acquired. The advisors who built the structure existed before that. Every layer was added on a date, by a hand, with a paper trail somewhere. The trail is rarely in one country and never in one document, which is why most projects stop before they reach it.</p><p>We build the timeline by treating it as the primary reports. Every entity in the structure is dated. Every role is dated; every share transfer is dated. Every change of registered office is dated. The timeline gets cross-checked against external events: the asset acquisition, the public filing, the press article, the disputes, the divorce, the sale of a parent business. When dates align, the alignment is the finding. The structure is just the mechanism.</p><p>This is slow work; the payoff is that a timeline-based analysis is hard to argue with. A respondent can dispute a single finding. They cannot dispute a sequence of dated public records that, in aggregate, describe a path from person to asset.</p><p>Most people we look at in this way have never had their structures reviewed timeline-first. They have had each layer reviewed in isolation, which always confirms the layer and never confirms the path. The path is the point.</p>]]></content:encoded>
      <source url="https://keremalbayrak.com/feed.xml">Kerem Albayrak</source>
    </item>
    <item>
      <title>What happens to documents after a relationship ends</title>
      <link>https://keremalbayrak.com/writing/kyc-artifacts-after-relationship-ends</link>
      <guid isPermaLink="true">https://keremalbayrak.com/writing/kyc-artifacts-after-relationship-ends</guid>
      <pubDate>Sat, 26 Feb 2022 13:35:32 GMT</pubDate>
      <dc:creator>Kerem Albayrak</dc:creator>
      <dc:date>2022-02-26T13:35:32.000Z</dc:date>
      <category>Systems research</category>
      <category>Kerem Albayrak</category>
      <category>Anieres</category>
      <description>The papers a subject handed to a bank years ago don&apos;t vanish. They become a quiet part of the footprint.</description>
      <content:encoded><![CDATA[<p>The papers handed to a bank at the start of a relationship do not evaporate when the relationship ends. They sit in retention systems, get referenced in inherited files, occasionally surface in filings when the bank itself is acquired or sued. Years later, that trailing paper is often the sharpest part of a subject's footprint, and it names things the subject has long since edited out of their own story.</p><p>Documents persist past the relationship; they sit in the institution's records for retention periods that are often longer than the person realizes. They are referenced in audits, reviewed in later refreshes, and sometimes circulated within institutional groups under intercompany sharing arrangements. They occasionally surface in public actions against the institution, where the person's submission becomes part of a public filing.</p><p>They also leak. Not often, and not in the way breach headlines suggest, but the cumulative effect over a decade of relationships is that a person's identity documents have lived in many systems. Some of those systems were compromised; some were inherited by acquirers with looser controls. Some were exposed by employees with access they should not have had.</p><p>We do not pursue leaked documents; working with them would be ethically and off-limits. What we do is map the relationships in which they were submitted. A person who has brought in with twenty financial institutions has twenty copies of their passport in twenty systems with twenty different retention and security postures. The exposure surface is the count of those relationships, not any specific leak.</p><p>The useful question for a person worried about historical exposure is not "has my data leaked" but "how many places does my data live, in how many forms, and which of those places do I have any leverage over." The answer is usually surprising and usually not actionable in one move. It is the start of a longer conversation about which relationships to consolidate, which to formally close, and which to leave alone.</p>]]></content:encoded>
      <source url="https://keremalbayrak.com/feed.xml">Kerem Albayrak</source>
    </item>
    <item>
      <title>The limits of a single-address field</title>
      <link>https://keremalbayrak.com/writing/address-graphs</link>
      <guid isPermaLink="true">https://keremalbayrak.com/writing/address-graphs</guid>
      <pubDate>Sat, 04 Dec 2021 11:35:01 GMT</pubDate>
      <dc:creator>Kerem Albayrak</dc:creator>
      <dc:date>2021-12-04T11:35:01.000Z</dc:date>
      <category>Identity</category>
      <category>Kerem Albayrak</category>
      <category>Anieres</category>
      <description>Subjects rarely live in one place. The one-address field encourages everyone to pretend they do.</description>
      <content:encoded><![CDATA[<p>The single-address field on almost every form is a fiction the paperwork inherits from an earlier century. People at the level this work sits at rarely have one address, and the one they choose to declare is almost always the least interesting of the set. The interesting question is which addresses they do not declare, held under which vehicle, receiving which post, and used how often.</p><p>We build addresses as a graph: every address the person has been associated with, with the source of the association, the date range, the role (residence, registered office, correspondence, mail-forwarding service, family member's home, business premises). The graph rarely resolves to one node. It usually resolves to a small cluster of nodes with overlapping date ranges.</p><p>The cluster tells you something the single address cannot. A person whose residences shift between three cities over six years, with roles filed against each in rotation, is operating a portable residency. A person whose addresses are all mail-forwarding services is not findable at any of them. A person whose registered office addresses cluster around two firms is using corporate service providers, and the providers are the connecting fact, not the addresses.</p><p>Addresses also resolve identities; two people who share a residential address are usually related or living together. Two people who share a registered office and a corporate service provider are co-clients of a firm, not necessarily connected. Two people who share a residential address and a series of roles together are something more specific.</p><p>We surface the graph in reports when it matters and suppress it when it does not. Address history is sensitive; we do not include it because we can. We include it when the analysis depends on it and we say plainly why.</p>]]></content:encoded>
      <source url="https://keremalbayrak.com/feed.xml">Kerem Albayrak</source>
    </item>
    <item>
      <title>What payment rails reveal that statements don&apos;t</title>
      <link>https://keremalbayrak.com/writing/payment-rails-as-biography</link>
      <guid isPermaLink="true">https://keremalbayrak.com/writing/payment-rails-as-biography</guid>
      <pubDate>Sat, 11 Sep 2021 16:31:35 GMT</pubDate>
      <dc:creator>Kerem Albayrak</dc:creator>
      <dc:date>2021-09-11T16:31:35.000Z</dc:date>
      <category>Payments</category>
      <category>Kerem Albayrak</category>
      <category>Anieres</category>
      <description>Where money moves tells you more, faster, than where someone says they live.</description>
      <content:encoded><![CDATA[<p>Where somebody's money moves is a better biography than where they say they live. Not the amounts, which are boring and private, but the choices: which processor, which currency on which leg, which route through which hub, and where the recurring debits actually land. Read as biography, the payment layer is one of the few surfaces a person cannot really groom without changing how their life works.</p><p>A person who tells you they live in one country and whose card use clusters in another is not necessarily lying. They might travel. But a person whose recurring direct debits, utilities, school fees, and small in-person retail all sit in a country they have publicly minimized for two years is telling you something about the gap between their story and their footprint.</p><p>Processors carry signal even without amounts; a person who pays through three different acquirers, each pinned to a different company, each company sitting in a different country, is operating a structure. The structure has reasons; some reasons are dull and operational. Some are not; determining which is the analytical task.</p><p>The most useful read from rails is not where money goes, it is where it does not. A wealthy person with no card footprint in their stated home market is unusual. A founder who pays themselves from one entity but settles personal bills through an unrelated trust account is unusual. A counterparty who insists on settling through one rail when their stated business needs three is unusual. None of these are conclusive; each warrants further inquiry.</p><p>Amounts are the market's domain; they have access private work does not. The relevant read is the shape of the activity, which is usually enough to indicate where additional scrutiny is warranted.</p>]]></content:encoded>
      <source url="https://keremalbayrak.com/feed.xml">Kerem Albayrak</source>
    </item>
    <item>
      <title>What a payment processor quietly tells you</title>
      <link>https://keremalbayrak.com/writing/reading-payment-processors</link>
      <guid isPermaLink="true">https://keremalbayrak.com/writing/reading-payment-processors</guid>
      <pubDate>Sat, 19 Jun 2021 16:12:19 GMT</pubDate>
      <dc:creator>Kerem Albayrak</dc:creator>
      <dc:date>2021-06-19T16:12:19.000Z</dc:date>
      <category>Payments</category>
      <category>Kerem Albayrak</category>
      <category>Anieres</category>
      <description>Who handles a counterparty&apos;s money is part of their pitch deck, whether they intend it to be or not.</description>
      <content:encoded><![CDATA[<p>Who handles a counterparty's money is part of their pitch deck, whether they intend it to be or not. The choice of acquirer names the countries they can reach, the currencies they can accept, and the categories of business the processor above them has decided to serve. Read carefully, the payment layer often contradicts the marketing layer, and the contradictions are more honest than either party.</p><p>Neither is a verdict; plenty of legitimate businesses use higher-risk acquirers because their industry is mislabeled by default. Plenty of lower-risk businesses use them because their advisor put them there years ago and nobody moved. But the choice is data.</p><p>More revealing is the choice across multiple processors. A counterparty whose primary business runs on one acquirer and whose secondary business runs on another, where the second acquirer's profile does not match the second business's stated category, is a counterparty whose secondary business is being categorized in a way they did not advertise.</p><p>We also look at processor changes over time. A counterparty that switched acquirers three times in two years either has an operational reason, a pricing reason, or a risk reason. The third is the one worth investigating, and the public traces of the switch are usually enough to triangulate.</p><p>None of this requires looking at amounts or transactions. The processor relationships are surfaceable through receipts, terms of service, refund flows, payment-page metadata, and disclosures. It is a layer of research that almost nobody runs and that takes very little time once you know what to look at.</p>]]></content:encoded>
      <source url="https://keremalbayrak.com/feed.xml">Kerem Albayrak</source>
    </item>
    <item>
      <title>When a name match isn&apos;t really a match</title>
      <link>https://keremalbayrak.com/writing/sanctions-adjacency-vs-exposure</link>
      <guid isPermaLink="true">https://keremalbayrak.com/writing/sanctions-adjacency-vs-exposure</guid>
      <pubDate>Sat, 06 Mar 2021 14:23:08 GMT</pubDate>
      <dc:creator>Kerem Albayrak</dc:creator>
      <dc:date>2021-03-06T14:23:08.000Z</dc:date>
      <category>Sanctions</category>
      <category>Kerem Albayrak</category>
      <category>Anieres</category>
      <description>Most of the work is teaching the system to tell the difference between sitting near something and being it.</description>
      <content:encoded><![CDATA[<p>Sitting near a sanctioned thing is not the same as being it. That sentence is the whole of adjacency screening, and the reason so much of the market gets it wrong is that treating the two as equivalent is faster, cheaper, and looks the same on a dashboard. Teaching a system to insist on the difference is slow work with almost no visible product, which is why almost nobody bothers.</p><p>So a big part of the system is the part that does the unmatching. It looks at dates, places, identifiers, who someone has shown up with before, what shape their life has online. None of those fields on their own are enough. The work is in how they line up.</p><p>We started building this because the off-the-shelf tools either return too much or too little, and the part in the middle, the part that actually answers the question, is left to whoever reads the report. That part shouldn't be manual every time, and most of our research has been about making it not have to be.</p><p>The other thing we keep learning is that sitting near something is not the same as being it. Two people in the same building, two companies in the same registry filing, two names in the same old article. The system has to hold that distinction without flattening it, and that is mostly a software problem, not a data problem.</p><p>a match is a question; the work is what answers it, and most of that work is the system underneath, not the line at the top.</p><p>A name match is not the same as exposure. Most of the operational work in a sanctions programme is teaching the system to tell the difference between a subject who happens to share a name with a listed party, a subject who sits adjacent to one, and a subject who is one. Each of those calls for a different response, and confusing them costs relationships in one direction and misses risk in the other.</p><p>The broader takeaway is that a match, in any screening context, is a starting point rather than a conclusion. The interesting engineering is the layer above the match, where identity, ownership, and control get resolved to a confidence a human can act on.</p>]]></content:encoded>
      <source url="https://keremalbayrak.com/feed.xml">Kerem Albayrak</source>
    </item>
    <item>
      <title>What a false positive costs in private work</title>
      <link>https://keremalbayrak.com/writing/cost-of-false-positives</link>
      <guid isPermaLink="true">https://keremalbayrak.com/writing/cost-of-false-positives</guid>
      <pubDate>Sat, 19 Dec 2020 13:34:02 GMT</pubDate>
      <dc:creator>Kerem Albayrak</dc:creator>
      <dc:date>2020-12-19T13:34:02.000Z</dc:date>
      <category>Identity</category>
      <category>Kerem Albayrak</category>
      <category>Anieres</category>
      <description>In compliance it&apos;s paperwork. In private work it&apos;s a relationship that didn&apos;t happen.</description>
      <content:encoded><![CDATA[<p>A false positive is priced differently in different rooms. In a compliance workflow it costs paperwork. In private client work it costs a meeting that becomes awkward, a relationship that never quite recovers, and sometimes an introduction that never happens. Both are real costs. Adding them on the same line is one of the small conceptual errors that quietly shapes what this industry sells.</p><p>Private work has no such cushion. When a client decides not to invest, not to hire, not to take on a counterparty, on the basis of a finding we produced, the cost of a false positive is the relationship that did not happen, the deal that did not close, the colleague who learned about it years later from someone else. There is no one to apologize to and no procedural reset.</p><p>This shapes everything about how we score findings. We are conservative on positive findings and aggressive on the verification work behind them. A finding that would clear a screening bar is not necessarily a finding we will put in a reports. The threshold is higher because the consequence is heavier.</p><p>We also separate the finding from the recommendation. The finding is a statement about the world. The recommendation is what the client should do about it. Conflating the two encourages clients to act on uncertain findings as if they were certain, and gives us the false comfort of having shifted the decision to the analyst. The analyst is not the decision-maker; the client is.</p><p>We tell clients, when relevant, what acting on a finding that turns out wrong would cost. That cost is sometimes small and sometimes enormous. They are entitled to know it before they decide. Most of them, after hearing the number, ask us to do another pass of verification before they move. That extra verification pass is often decisive.</p>]]></content:encoded>
      <source url="https://keremalbayrak.com/feed.xml">Kerem Albayrak</source>
    </item>
    <item>
      <title>Cleaning a record without scrubbing the truth</title>
      <link>https://keremalbayrak.com/writing/cleaning-without-scrubbing</link>
      <guid isPermaLink="true">https://keremalbayrak.com/writing/cleaning-without-scrubbing</guid>
      <pubDate>Sat, 12 Sep 2020 11:11:48 GMT</pubDate>
      <dc:creator>Kerem Albayrak</dc:creator>
      <dc:date>2020-09-12T11:11:48.000Z</dc:date>
      <category>Exposure</category>
      <category>Kerem Albayrak</category>
      <category>Anieres</category>
      <description>There is a defensible version of reputation work and a sloppy one. The line is whether the underlying facts move.</description>
      <content:encoded><![CDATA[<p>There is a defensible version of reputation work and a sloppy one, and the line between them is embarrassingly simple. In the first, the underlying facts stay where they are, and the argument is about which parts of them deserve to sit at the top of a search result. In the second, someone is being paid to move the facts. The first is a legitimate profession. The second is fraud in a nicer font.</p><p>Correction is the easiest case; if a public registry has the wrong middle name on a person and a downstream bureau is propagating the error, that is a paperwork fix. It is routine and effective; most people do not realize how many of their downstream issues started as a single typo in one primary source.</p><p>Contextualization is harder; a press article from 2014 that describes an event accurately but in language that has not aged well is not wrong. Trying to remove it is both unlikely to succeed and corrosive to trust. The alternative is to make sure newer, accurate, well-sourced material exists on the same topic, written by people whose voices search engines respect. Search results respond to recency, authority, and depth. Old articles sink when newer ones rise.</p><p>Displacement, the last case, is the most misunderstood. It is not the same as deletion. It is the steady production of more truthful, more current, better-sourced material until the older material drops below the threshold most people see. The original record still exists; the reader who really wants to find it can. What changes is the default surface a casual reader encounters.</p><p>Offers to delete accurate public records are either fraudulent or destined to fail. The well-supported work is slower and harder to market. It is also the only approach with durable results.</p>]]></content:encoded>
      <source url="https://keremalbayrak.com/feed.xml">Kerem Albayrak</source>
    </item>
    <item>
      <title>When a public profile page becomes part of the data</title>
      <link>https://keremalbayrak.com/writing/wikipedia-as-dataset</link>
      <guid isPermaLink="true">https://keremalbayrak.com/writing/wikipedia-as-dataset</guid>
      <pubDate>Sat, 30 May 2020 14:46:49 GMT</pubDate>
      <dc:creator>Kerem Albayrak</dc:creator>
      <dc:date>2020-05-30T14:46:49.000Z</dc:date>
      <category>Reputation</category>
      <category>Kerem Albayrak</category>
      <category>Anieres</category>
      <description>Treating an encyclopedia article as a source confuses people. Treating its history as data is a different exercise.</description>
      <content:encoded><![CDATA[<p>The encyclopedia article about a public person is rarely worth quoting. The edit history behind it is a different object, and one of the more honest documents on the open internet. Who has fought to add what, who has repeatedly removed what, which accounts show up in a burst around a specific date, and how quickly the article settles after the burst passes. That is the source. The article itself is downstream.</p><p>The edit history is a different object. The edit history is a time series. Who edited the article, when, what they added, what they removed, how long the additions survived, whether the edits came from named accounts or anonymous ones, whether those addresses cluster to a region or a known public-relations firm. Each is a signal about who has cared enough about the person to spend time shaping the public record.</p><p>An article heavily edited from one address range, with controversial content repeatedly removed and reverted, is telling you something about pressure being applied. An article rewritten in a short window by an experienced editor who had not touched the person before is telling you something about a campaign. An article stable for a decade is also telling you something, usually that nobody cares enough to fight.</p><p>We pull the edit history when the person has a page worth analyzing. The analysis goes into the internal file, not the report. Clients rarely want to read about edit histories. But the history shapes how we read the rest of the public record, because it tells us where the public record has been actively maintained and where it has been left alone.</p><p>The same approach works on a handful of other surfaces with public edit histories. The principle stays the same; what you can see on a page is the finished argument. What you can see in the history is who showed up to argue.</p>]]></content:encoded>
      <source url="https://keremalbayrak.com/feed.xml">Kerem Albayrak</source>
    </item>
    <item>
      <title>The thin file problem with quiet, wealthy subjects</title>
      <link>https://keremalbayrak.com/writing/thin-file-problem</link>
      <guid isPermaLink="true">https://keremalbayrak.com/writing/thin-file-problem</guid>
      <pubDate>Sat, 15 Feb 2020 15:31:12 GMT</pubDate>
      <dc:creator>Kerem Albayrak</dc:creator>
      <dc:date>2020-02-15T15:31:12.000Z</dc:date>
      <category>Identity</category>
      <category>Kerem Albayrak</category>
      <category>Anieres</category>
      <description>Wealth doesn&apos;t generate paperwork. It generates the absence of paperwork in places paperwork is usually found.</description>
      <content:encoded><![CDATA[<p>Wealth beyond a certain point stops producing the kind of paperwork ordinary lives leave behind. Cards get held by advisors; addresses sit inside trusts; salaries are replaced by distributions that never trigger a public filing. The result is a thin file where a thick one is expected, and the thin file is easy to mistake for safety when it is actually the shape of a subject the standard workflow was never built to read.</p><p>The thin file is not an absence of information. It is a redistribution of it; a person who is thin in conventional sources is often thick in unconventional ones. Trust filings, art provenance, philanthropy disclosures, charity boards, property titles in countries they prefer, social registers, school and university alumni records. Each of these is a normal source for the population we look at, and a strange source for the general population.</p><p>The project design for a thin file is different. We do not run them through standard pipelines. The standard pipelines will return nothing and the report will look reassuring in a way that is misleading. We assemble the source list by hand before quoting and we make that list part of the contract. If a client wants to be reassured by a clean run through standard sources, we tell them that reassurance is cheap and meaningless.</p><p>The work is also slower because much of it ends up in human contact. People who know people; counterparties who finished business with the person and have nothing to lose by being candid. Former advisors; former staff; the data layer is supporting infrastructure for the interview layer, not a replacement for it.</p><p>Clients are usually quietly relieved when we frame it this way. The thin-file person is the one they are most worried about, and the standard product is the one least suited to the worry.</p>]]></content:encoded>
      <source url="https://keremalbayrak.com/feed.xml">Kerem Albayrak</source>
    </item>
    <item>
      <title>What timing reveals across borders</title>
      <link>https://keremalbayrak.com/writing/cross-jurisdictional-timing</link>
      <guid isPermaLink="true">https://keremalbayrak.com/writing/cross-jurisdictional-timing</guid>
      <pubDate>Sat, 09 Nov 2019 13:53:54 GMT</pubDate>
      <dc:creator>Kerem Albayrak</dc:creator>
      <dc:date>2019-11-09T13:53:54.000Z</dc:date>
      <category>Field notes</category>
      <category>Kerem Albayrak</category>
      <category>Anieres</category>
      <description>When two entities in two countries move in step, the cadence is the finding.</description>
      <content:encoded><![CDATA[<p>Two entities in two countries move in step. Neither move, on its own, would land in any report. The pair does, because coordinated timing across a border is one of the small handful of signals that survives translation between legal systems that otherwise cannot be usefully compared. It is a cheap read to run once the timeline exists; the expensive part is building the timeline in the first place.</p><p>We log cross-country events on a single timeline per person. The visualization is unimpressive; what it surfaces is not. A person's company in one country files a change of registered office on a Tuesday and an entity in another country files an officer change on the Wednesday, three times in eighteen months, across years that would otherwise look unrelated. That pace is not coincidence; the two entities are being run by people who talk to each other and act on the same calendar.</p><p>Timing also reveals advisors; advisors and corporate services firms have signature patterns. They file in batches; they reuse templates. They send their clients identical instructions on identical days. When two people who are publicly unconnected show the same filing pace in the same offshore country in the same month, they likely share an advisor, and that advisor is the connecting node.</p><p>We do not always need to know which advisor. Knowing that two people share one is sometimes enough to reframe a counterparty question. It moves a relationship from "they happen to be in the same industry" to "they are being run by the same set of hands."</p><p>Timing analysis is cheap once you have the timeline. The expensive part is building the timeline in the first place across registries with inconsistent date formats and uneven update frequencies. That work compounds; after the first hundred people, the engine has enough normalized history to run timing queries in seconds. The first hundred took a long time.</p><p>A single entity moves in one country and it is a filing. Two entities in two countries move in the same direction inside a short window and the pace itself becomes the finding. Timing is the field most cross-border tools underweight, because they are built to compare state at a moment rather than motion across a period.</p><p>Once you start reading timing as a signal in its own right, patterns show up that the structural view misses. A registered office change in one country a fortnight before a new director in another. A wind-up in one place inside the same quarter as an incorporation in an adjacent one. The individual actions are unremarkable. The synchronisation is the read.</p><p>The general lesson, useful outside the private-client context, is that coincidences in time are informative. Most systems treat two events as independent unless someone tells them otherwise. Watching for the interval, rather than the events, is a cheap habit that changes what you can see.</p>]]></content:encoded>
      <source url="https://keremalbayrak.com/feed.xml">Kerem Albayrak</source>
    </item>
    <item>
      <title>Starting somewhere other than the obvious source</title>
      <link>https://keremalbayrak.com/writing/obvious-source-is-wrong-source</link>
      <guid isPermaLink="true">https://keremalbayrak.com/writing/obvious-source-is-wrong-source</guid>
      <pubDate>Sat, 27 Jul 2019 17:24:06 GMT</pubDate>
      <dc:creator>Kerem Albayrak</dc:creator>
      <dc:date>2019-07-27T17:24:06.000Z</dc:date>
      <category>Wealth structuring</category>
      <category>Kerem Albayrak</category>
      <category>Anieres</category>
      <description>When everyone begins in the same place, everyone develops the same blind spots.</description>
      <content:encoded><![CDATA[<p>When everyone in a field starts a search in the same place, everyone develops the same blind spot. Subjects who care about how they read have been advised against the search nine out of ten researchers will run first. They have almost never been advised against the fifteenth one. That asymmetry is the whole reason it pays to open a file somewhere unfamiliar.</p><p>We make a habit of starting from a second source first. For a given person, we might begin with a regional commercial registry, a trade-press archive, a property-title search, a procurement award database, a charity register, a disputes index. Each will surface either nothing or a thread the standard source does not have.</p><p>The point is not that the second source is better. It is that the second source has been advised against less. A person who has groomed their primary footprint has often not thought about the fifteenth one.</p><p>This is also true at the country level. The obvious country to look in is the country of registration. The interesting country is often the one next door. Counterparty filings in a neighbouring market; screening lists from a regional body. public filings from a partner country whose rules have surfaced names that would otherwise be quiet.</p><p>We sequence projects so the obvious source is the second pass, not the first. The first pass is shaped by what we expect a person to have groomed. The second pass confirms what the groomed surface says. The order matters because once you have looked at the obvious source first, every other source feels like a confirmation rather than an independent read.</p>]]></content:encoded>
      <source url="https://keremalbayrak.com/feed.xml">Kerem Albayrak</source>
    </item>
    <item>
      <title>Ownership read as a graph, not a list</title>
      <link>https://keremalbayrak.com/writing/beneficial-ownership-as-a-graph</link>
      <guid isPermaLink="true">https://keremalbayrak.com/writing/beneficial-ownership-as-a-graph</guid>
      <pubDate>Sat, 16 Mar 2019 11:06:34 GMT</pubDate>
      <dc:creator>Kerem Albayrak</dc:creator>
      <dc:date>2019-03-16T11:06:34.000Z</dc:date>
      <category>Registries</category>
      <category>Kerem Albayrak</category>
      <category>Anieres</category>
      <description>Most ownership work stops at the first hop. The interesting shapes only show up at three.</description>
      <content:encoded><![CDATA[<p>Ownership is a list at the first hop and a graph at the third. Most reports stop at the second, which is why most reports read cleanly and answer the wrong question. The interesting shapes only surface once entities, officers, signatories, and service providers are on the same picture, connected by typed edges, and the picture is allowed to have cycles and dead ends.</p><p>We model the structure as a graph. Entities are nodes; ownerships are weighted directed edges. Officers, signatories, and service providers are typed nodes that connect across companies. The graph has loops, dead ends, cycles where two entities own each other through intermediaries, and clusters where five unrelated-looking structures share the same service-provider node.</p><p>Running this as a graph changes the questions you can ask. Shortest path between a person and a counterparty. All shared service providers across a set of structures. Officers who recur across otherwise disconnected entities. Countries that show up repeatedly as intermediate hops even though they are never named as parent or subsidiary.</p><p>The clusters are where the work lives. A graph with twenty entities and three shared service providers is one structure with paperwork. A graph with twenty entities and no shared service providers is twenty structures that happen to have one person in common, which is a different read.</p><p>None of this is exotic; the tooling has existed for years. The reason it does not get done is time. Building the graph is slow if you do it once. It is fast after you have built it and faster still after you have built fifty. The system we run is the accumulation of those fifty graphs and the patterns the analysts learned to recognize across them.</p>]]></content:encoded>
      <source url="https://keremalbayrak.com/feed.xml">Kerem Albayrak</source>
    </item>
    <item>
      <title>How we treat aggregators inside the workflow</title>
      <link>https://keremalbayrak.com/writing/where-we-stopped-trusting-aggregators</link>
      <guid isPermaLink="true">https://keremalbayrak.com/writing/where-we-stopped-trusting-aggregators</guid>
      <pubDate>Sat, 03 Nov 2018 09:29:07 GMT</pubDate>
      <dc:creator>Kerem Albayrak</dc:creator>
      <dc:date>2018-11-03T09:29:07.000Z</dc:date>
      <category>Payments</category>
      <category>Kerem Albayrak</category>
      <category>Anieres</category>
      <description>Useful for breadth. Dangerous for certainty. A starting point, never a finding.</description>
      <content:encoded><![CDATA[<p>Aggregators are useful for the same reason phone books were useful: they tell you where to look. They stop being useful the moment a reader treats a returned row as evidence of what is there. The aggregator's timestamp refers to its own pull, not the underlying record's reality, and the gap between the two is where every quietly wrong report in this industry actually lives.</p><p>The first shape is stale data presented as fresh. Aggregators rarely surface the age of each field. A company status flagged as active in the aggregator might be six months out of date because the upstream pull cycle for that country runs twice a year. A person's address might be ten years old. The aggregator's last-updated timestamp refers to its own pull, not the underlying record's reality.</p><p>The second shape is silent enrichment; some aggregators infer fields. They will fill in an industry classification, a beneficial owner, a parent entity, based on internal logic that is not surfaced and not traceable. A finding built on an inferred field is a finding built on the aggregator's opinion, which is fine if you know that, and a serious problem if you don't.</p><p>The third shape is identity collapse; aggregators love to merge records. They merge two companies they think are the same. They merge two people they think are the same. When the merge is wrong, the merged record carries fields from both, and the aggregator does not show its work.</p><p>We treat aggregator results as a map of where to look, not as evidence of what is there. Every finding that ends up in a reports is verified against the original source. The aggregator gets us to the door faster. It does not get to write the report.</p>]]></content:encoded>
      <source url="https://keremalbayrak.com/feed.xml">Kerem Albayrak</source>
    </item>
    <item>
      <title>What company registries hide on purpose</title>
      <link>https://keremalbayrak.com/writing/what-corporate-registries-hide</link>
      <guid isPermaLink="true">https://keremalbayrak.com/writing/what-corporate-registries-hide</guid>
      <pubDate>Sun, 24 Jun 2018 16:32:47 GMT</pubDate>
      <dc:creator>Kerem Albayrak</dc:creator>
      <dc:date>2018-06-24T16:32:47.000Z</dc:date>
      <category>Registries</category>
      <category>Kerem Albayrak</category>
      <category>Anieres</category>
      <description>Registries are not neutral. Each was built with a view of what should and shouldn&apos;t be visible.</description>
      <content:encoded><![CDATA[<p>Every registry is the surviving compromise of a domestic argument about what the public is allowed to see. Some publish residential addresses; most no longer do. Some publish beneficial ownership; some publish it in a form that makes finding it a small research project. Treating the set as one flat data layer is a category error, and it is the category error that produces most of the confidently wrong reports in this market.</p><p>Some registries publish residential addresses for directors; most do not, and the ones that used to have rolled them back. Some publish beneficial ownership; some publish it but make it hard to find; some require a paid login that throttles searching. Some let you search by director and find every company; some require a company number to find anything.</p><p>These design choices shape what a search can find. A person who looks clean on one country's registry might look clean only because that registry hides the field that would flag them. A person who looks busy in another might look busy only because that registry surfaces every nominee role a service company ever filed for them.</p><p>We keep an internal document, registry by registry, that records what each one suppresses by policy, what it requires to query, and what its known data-quality issues are. The document is boring and it is the most-used artifact we have. Every analyst checks it before quoting a finding from a new country. A quoted finding is implicitly a statement about coverage, and overstating coverage is the fastest way to ship a misleading report.</p><p>Registries are the foundation of corporate research. They are not the same as a global database of companies. Pretending they are gets people in trouble.</p>]]></content:encoded>
      <source url="https://keremalbayrak.com/feed.xml">Kerem Albayrak</source>
    </item>
    <item>
      <title>The long life of an old leaked password</title>
      <link>https://keremalbayrak.com/writing/half-life-of-a-leaked-credential</link>
      <guid isPermaLink="true">https://keremalbayrak.com/writing/half-life-of-a-leaked-credential</guid>
      <pubDate>Fri, 19 Jan 2018 16:03:41 GMT</pubDate>
      <dc:creator>Kerem Albayrak</dc:creator>
      <dc:date>2018-01-19T16:03:41.000Z</dc:date>
      <category>Aviation &amp; maritime</category>
      <category>Kerem Albayrak</category>
      <category>Anieres</category>
      <description>Old breaches are not old. They are still in circulation, still being matched against current logins.</description>
      <content:encoded><![CDATA[<p>Almost everyone is in a breach. That fact is boring and mostly not the point. The interesting question is whether the password used then still resembles the password used now, whether the email is still anchoring active services, and whether the recovery surface for those services still resolves to numbers and addresses the person currently controls. The breach itself has a news cycle. The credential outlives it by a decade.</p><p>What matters for a person is not whether they were in a breach. Almost everyone is. What matters is whether the password they used then resembles the password they use now, whether the email used then is still tied to active services, and whether the recovery surface for those services still resolves to numbers and addresses they currently control.</p><p>We do not test credentials; testing them would be unlawful and is not the work. What we do is map the surface: which emails, which phone numbers, which recovery handles, across which services, are still anchoring an identity. From the map we infer the cost of a rotation. For some people the cost is two hours and a password manager. For others, it is a months-long migration because their professional life is wired into addresses they have not controlled cleanly in years.</p><p>The second pattern is more common in older people who built their footprint when switching email providers was a chore and who have never cleaned it up. It is also common in people whose company email was used personally and whose company changed hands. Inherited inboxes are a surface few people audit.</p><p>We surface the map without prescribing fixes. Fixes are a separate projects, and rarely the one we are hired for. The map alone is often enough to move a client from "I know my passwords are fine" to "I need a week with somebody."</p>]]></content:encoded>
      <source url="https://keremalbayrak.com/feed.xml">Kerem Albayrak</source>
    </item>
    <item>
      <title>Identity work when two people share a name</title>
      <link>https://keremalbayrak.com/writing/identity-resolution-shared-name</link>
      <guid isPermaLink="true">https://keremalbayrak.com/writing/identity-resolution-shared-name</guid>
      <pubDate>Sat, 05 Aug 2017 16:18:53 GMT</pubDate>
      <dc:creator>Kerem Albayrak</dc:creator>
      <dc:date>2017-08-05T16:18:53.000Z</dc:date>
      <category>Identity</category>
      <category>Kerem Albayrak</category>
      <category>Anieres</category>
      <description>The hardest cases aren&apos;t the hidden ones. They&apos;re the ones that look like two people who happen to be the same, or one person who looks like two.</description>
      <content:encoded><![CDATA[<p>Two people sharing a name in the same city is the ordinary case, not the awkward exception. Add nicknames, transliterations between alphabets, married names never formally registered, and shortened forms used inconsistently, and a single human being can turn into three faint sketches across three sources. Person confusion is the most expensive failure mode in this work, and the reason is simple: a report that confidently attaches nine findings to the wrong person leaves the building once before it stops leaving at all.</p><p>Two people with the same name in the same city is the standard case, not the exception. Common names compound it; so do nicknames, transliterations between alphabets, married names not formally registered, and shortened forms used inconsistently across sources. A person can be one person in a registry, a slightly different person in a press article, and a third spelling in a court file.</p><p>We resolve by anchoring on the most stable fields available. Date of birth where we have it; national identifier where the project supports it. Address history with cross-checked overlap; roles that begin or end on the same date across different companies. Phone numbers across years; then we score the candidate set. Anything below a threshold either gets dropped with a note or escalated to direct verification.</p><p>The expensive lesson of the first quarter was that disambiguation cost is non-linear. Easy cases are cheap; hard cases are very expensive and the cost is mostly human review. We adjusted pricing to reflect this. Projects that look small on paper can carry weeks of resolution work if the person is a common name in a busy country, and we say so before contracting.</p><p>Clients are usually fine with the cost once it is explained. What they are not fine with is paying for a report that confidently attached findings to the wrong person and learning about it later. So that report does not leave the building.</p>]]></content:encoded>
      <source url="https://keremalbayrak.com/feed.xml">Kerem Albayrak</source>
    </item>
    <item>
      <title>Reading silence: what isn&apos;t in the file</title>
      <link>https://keremalbayrak.com/writing/reading-silence</link>
      <guid isPermaLink="true">https://keremalbayrak.com/writing/reading-silence</guid>
      <pubDate>Sat, 11 Feb 2017 09:01:44 GMT</pubDate>
      <dc:creator>Kerem Albayrak</dc:creator>
      <dc:date>2017-02-11T09:01:44.000Z</dc:date>
      <category>Payments</category>
      <category>Kerem Albayrak</category>
      <category>Anieres</category>
      <description>The absence of a record is a record. Most systems are trained to ignore it.</description>
      <content:encoded><![CDATA[<p>The absence of a record is a record. Every serious reader learns this eventually, and most of the industry still writes as if a search that returned nothing were the same fact as a subject who was nowhere. They are not the same fact. One is a statement about the world; the other is a statement about the search.</p><p>Absences carry information; a director who has held twelve companies in one country and has no presence at all in the personal records of the country they were born in is unusual. A person written about in trade press for six years with no professional profile anywhere is unusual. A counterparty named in three filings in one country and missing entirely from the neighbouring one where their stated business sits is unusual.</p><p>Unusual is not damning; it is a prompt. Often the prompt the system gives us is: ask a person. A writer who covered the industry, a former employee who left on neutral terms, a counterparty who has finished business with the person. Silence often resolves the moment you stop searching and start asking the kind of people who would remember.</p><p>We wrote the intake to demand reasons for absences. If a country search returns nothing, the analyst either justifies why nothing is the expected outcome or escalates the gap. The system rejects reports where significant absences sit without a written read. It slows the work, deliberately.</p><p>The clients who get the most out of this are the ones whose own footprint has long absences in it on purpose. They want to know whether the absences they are looking at in a counterparty are similarly intentional, similarly clean, or hiding the work.</p>]]></content:encoded>
      <source url="https://keremalbayrak.com/feed.xml">Kerem Albayrak</source>
    </item>
    <item>
      <title>The limits of the standard background check</title>
      <link>https://keremalbayrak.com/writing/what-background-checks-miss</link>
      <guid isPermaLink="true">https://keremalbayrak.com/writing/what-background-checks-miss</guid>
      <pubDate>Sat, 17 Sep 2016 13:24:11 GMT</pubDate>
      <dc:creator>Kerem Albayrak</dc:creator>
      <dc:date>2016-09-17T13:24:11.000Z</dc:date>
      <category>Identity</category>
      <category>Kerem Albayrak</category>
      <category>Anieres</category>
      <description>The standard product was built for a different question. It still gets sold to people whose question has moved on.</description>
      <content:encoded><![CDATA[<p>We were asked, on a private-client mandate, to explain why the vendor screen the client already paid for came back clean on a counterparty their own instincts told them not to touch. The vendor was answering an employer's question on a private-client file, and that mismatch is why the standard background check is a weak instrument for almost every reader who is not hiring.</p><p>It is a weak product for almost everyone else. A private clients take on a manager is not asking the same question. A private client buying into a venture is not asking the same question. A reputational team auditing a person before a board meeting is not asking the same question. All three are asking some version of: what would I find if I had to find something? What is the shape of the risk I am not aware of?</p><p>The standard check is poorly shaped for that. It looks at flags it knows about, in countries it has paid for. It will not surface a counterparty pattern. It will not notice a payment relationship that resolves to a third party. It will not see that a person's address sits inside a building registered to someone they once sued. It does not have the field of view, and was never built to.</p><p>The answer is not a bigger version of the same product. A bigger version of the wrong product is still the wrong product. The answer is to ask what the client is actually afraid of, in plain language, and build the instrument shaped to that fear. Sometimes the work overlaps with a normal check by ninety percent. Sometimes by ten; the price reflects the work, not the form.</p><p>Most friction on client calls traces to this mismatch. Buyers acquire a familiar product and receive an answer to a question they did not ask. One of the first things worth writing on this beat is a single page distinguishing the two. It belongs at the front of any brief, before quoting.</p>]]></content:encoded>
      <source url="https://keremalbayrak.com/feed.xml">Kerem Albayrak</source>
    </item>
    <item>
      <title>The gap between a record request and an exposure map</title>
      <link>https://keremalbayrak.com/writing/record-request-vs-exposure-map</link>
      <guid isPermaLink="true">https://keremalbayrak.com/writing/record-request-vs-exposure-map</guid>
      <pubDate>Tue, 08 Mar 2016 09:20:28 GMT</pubDate>
      <dc:creator>Kerem Albayrak</dc:creator>
      <dc:date>2016-03-08T09:20:28.000Z</dc:date>
      <category>Payments</category>
      <category>Kerem Albayrak</category>
      <category>Anieres</category>
      <description>Pulling files is procurement. Mapping exposure is analysis. Most of what gets sold is the first dressed up as the second.</description>
      <content:encoded><![CDATA[<p>A record request answers what is on file. An exposure map answers what someone with a reason could put together. The two get sold under the same word, priced the same way, and delivered in binders that look almost identical from the outside, and that is most of why the market for this kind of work is confused.</p><p>An exposure map is something else; it is a structured view of where a person is reachable, by whom, through which channel, with what cost. Reachable by a counterparty running a standard check. Reachable by a writer with the usual tools. Reachable by someone with stronger tools and a reason. Reachable by a state-level inquiry; these are four different surfaces, and a person can be invisible on one and over-exposed on another.</p><p>The two reports are not the same category. The record request answers what is on file. The exposure map answers what someone with intent could put together. The first is a snapshot; the second is a small model of the person who might come looking.</p><p>Most of what gets sold as enhanced research is the first thing in a longer document. Pages of returned rows, a summary at the front, a risk score generated by a tool nobody on either side has read. The work the client actually needs; what is reachable, by whom. Is not in the record.</p><p>We treat the two as different products with different inputs. Record pulls run as a procurement pipeline with quality checks and provenance. Exposure maps run as analysis with a defined adversary in mind. The first feeds the second; a record dump is not an exposure map. Telling clients which one they actually need is half of the first call.</p>]]></content:encoded>
      <source url="https://keremalbayrak.com/feed.xml">Kerem Albayrak</source>
    </item>
    <item>
      <title>The first monitor that ran unattended</title>
      <link>https://keremalbayrak.com/writing/building-the-first-monitor</link>
      <guid isPermaLink="true">https://keremalbayrak.com/writing/building-the-first-monitor</guid>
      <pubDate>Thu, 14 Jan 2016 15:45:46 GMT</pubDate>
      <dc:creator>Kerem Albayrak</dc:creator>
      <dc:date>2016-01-14T15:45:46.000Z</dc:date>
      <category>Monitoring</category>
      <category>Kerem Albayrak</category>
      <category>Anieres</category>
      <description>The move from re-running a query by hand to letting the system flag movement is the point where a workflow becomes a standing view.</description>
      <content:encoded><![CDATA[<p>The first standing report on this desk was a query re-run by hand every Monday morning for a family office; the day the query got skipped and the subject filed in a jurisdiction that was meant to be watched was the day the monitor got written. What shipped after that weekend is the shape a monitoring queue still runs in best: a scheduled read, a diff against last week, a short note only when something moved.</p><p>The first monitor was a shell script and a diff. Nothing clever; pull the same fields on a schedule, write them to disk, compare against last week, email a text file if anything changed. It ran for two weeks and was almost useless because almost everything changed. Timestamps changed; ordering changed; a search result reshuffled. The diff was noise.</p><p>The rewrite was the whole lesson; a monitor is not a change detector. It is a change filter; ninety percent of the code is deciding what does not count as movement. A record was reindexed; a source refreshed its cache. A field was re-cased; none of that is a signal about the person.</p><p>What remained, after filtering, was small enough to read. A new company appearing on a director's file. An address disappearing; a filing that had been open for years quietly closing. Two or three per person per month. That is the shape of a monitor that earns its place in the client's week.</p><p>The first version of any monitoring system is almost always overbuilt in the wrong direction. It watches too many things, alerts too aggressively, and buries the operator in outputs that all feel equally urgent. The rewrite that follows is mostly subtraction: fewer inputs, fewer alerts, better thresholds, quieter defaults.</p><p>The generalisable lesson is that a monitor's job is to change behaviour, not to demonstrate coverage. Any signal it produces that the reader learns to ignore is worse than no signal at all, because it teaches the reader to distrust the whole channel.</p>]]></content:encoded>
      <source url="https://keremalbayrak.com/feed.xml">Kerem Albayrak</source>
    </item>
    <item>
      <title>What cross-reference actually means</title>
      <link>https://keremalbayrak.com/writing/what-cross-reference-actually-means</link>
      <guid isPermaLink="true">https://keremalbayrak.com/writing/what-cross-reference-actually-means</guid>
      <pubDate>Sun, 22 Nov 2015 11:01:32 GMT</pubDate>
      <dc:creator>Kerem Albayrak</dc:creator>
      <dc:date>2015-11-22T11:01:32.000Z</dc:date>
      <category>Sanctions</category>
      <category>Kerem Albayrak</category>
      <category>Anieres</category>
      <description>An early note on why pulling more records rarely makes a profile sharper.</description>
      <content:encoded><![CDATA[<p>Cross-reference is one of those terms the industry has quietly emptied out. It gets used, most of the time, to mean pulling a second source after the first, then a third, then a fourth, and stapling the printouts to the back of a report. That is not cross-reference. It is procurement dressed as analysis, and it collapses the first time the sources are asked to disagree.</p><p>The common mistake is treating cross-reference as addition. Pulling a second source after the first is not cross-reference. It is duplication with a bigger invoice. Cross-reference is a comparison, and a comparison only matters if the two sides can disagree. Two sources that always say the same thing teach you nothing. Two sources that disagree on a date, a spelling, an address window, a gap in a role. That is where analysis begins.</p><p>We rewrote the intake so each source gets scored on its capacity to disagree with the others on a given field. Filings beat aggregators on dates; land records beat self-reported residency on address. Where we have it, payment activity beats both on presence. The system now refuses to weight a confirmation from two sources that draw from the same upstream. Many feeds share the same upstream; treating them as independent inflates confidence without adding information.</p><p>The second move was to log what each source did not say. A registry with no entry for a person is data. A bureau that returns nothing in a country we know the person operates in is data. We tagged these silences and gave them weight. A clean profile that is clean because nothing was looked at is not the same as a clean profile that is clean because everything was looked at and found nothing. The second is what clients require.</p><p>By the end of month one we had cut average source count per project by roughly a third and pushed answer time down. The reports also got shorter, Less paper, more confidence. </p>]]></content:encoded>
      <source url="https://keremalbayrak.com/feed.xml">Kerem Albayrak</source>
    </item>
  </channel>
</rss>