Whoah, everyone here who has a bank account - which I assume is pretty much everyone -- has gone through "standard KYC paperwork", and I've never been asked to send personal financial documents to an email inbox.

I've opened several bank accounts online and do online banking as well as brokerage and other accounts. Financial documents like this should be uploaded via secure portals and directly stored in encrypted databases with controlled access and network segmentation from the rest of the IT infrastructure.

I am editing this comment to say that I don't think what was being requested is malicious or unethical, but I hope you can understand why people would not feel comfortable doing this, even if they are fine with KYC processes in general.