When it comes to the fundamentals of banking compliance, nothing seems more basic than to Know Your Customer (KYC). The association between a bank and its client isn’t a “Love at First Sight”-style experiment—these are high-risk relationships that can include millions of dollars flowing in any given direction.
With Jeffrey Epstein, Deutsche Bank knew its customer. It knew his past prior to the opening of his account in August 2013: The controversy that surrounded his 2008 guilty plea to charges of soliciting underage prostitutes; the questions raised when his non-prosecution agreement with the Department of Justice was made public in 2009; and the fact he was registered as a Level 3 sex offender in New York, a class reserved for the worst of the worst. Deutsche knew all this so well that from the time Epstein was onboarded, the relationship was classified as “high risk.”
The saga between Deutsche Bank and Epstein doesn’t stem from a lack of knowledge, but rather a lack of concern, as evidenced by the details of a consent order the bank reached with the New York State Department of Financial Services on Tuesday. In settling the case, Deutsche Bank and two of its affiliates agreed to pay $150 million for “significant compliance failures” in connection to its relationship with Epstein and unrelated dealings with two other financial institutions.
The Epstein relationship is described at length and includes a stunning number of red flags the bank seemingly ignored, along with an occasional dash of costly human error. It paints the picture of a company that put profits over ethics, the same of which was said about Epstein’s former bank, JPMorgan Chase, by my late colleague Joe Mont following reports of its leadership ignoring warnings from compliance to cut ties with Epstein long before 2013.
In sum, a Deutsche Bank relationship manager who had been a member of the team servicing Epstein’s accounts at his former bank (presumably JPMorgan Chase) pitched to Deutsche Bank the monetary value of landing Epstein as a client. Epstein’s criminal history was discussed, including 17 out-of-court civil settlements related to his conduct in the 2007 conviction. Even still, an unnamed executive at Deutsche, the bank’s then-co-head of its Wealth Management Americas group, told the relationship manager that the Epstein relationship wouldn’t require a review by the regional reputational risk committee, per the head of AML compliance and then-general counsel for Deutsche Bank Americas. The then-GC was also the chair of the relevant reputational risk committee. From there, the relationship between Deutsche and Epstein began.
“Over the course of the relationship, Mr. Epstein, his related entities, and associates would eventually open and fund more than 40 accounts at the Bank,” the consent order states, adding that as early as November 2013 Epstein and his representatives began using the accounts to send wires to people who had been alleged to be coconspirators in his past criminal offenses. The bank was not always aware the recipients of the wire transfers were alleged coconspirators, the order states, though when compliance did flag the presence of a coconspirator as a beneficiary in the case of one account, nothing changed.
When the bank’s Anti-Financial Crime department escalated issues concerning Epstein and resurfaced allegations in 2014-15, the result ultimately was an in-person meeting between Deutsche Bank executives and Epstein in January 2015. There, Epstein assuaged those concerns to the satisfaction of Deutsche Bank, according to the order. Whatever was said is unclear: The minutes of the meeting were not recorded in line with Deutsche’s policies and procedures (go figure).
From there is where the details range from zany—conditions placed upon Epstein’s accounts not being communicated to all members of his relationship team and being “misinterpreted” by an AML officer responsible for informing the rest of the transaction monitoring team—to “oh, come on”—Epstein’s personal attorney withdrawing more than $800,000 in cash from the accounts over a four-year period and asking on multiple occasions during that time what the maximum amount of money he could withdraw was without triggering an alert. Compliance’s reaction to all this could be summed up in the following example: When an Epstein payment to the accounts of women with Eastern European surnames at a Russian bank was made “for a friend for tuition to school,” compliance appeared to accept the following explanation from a bank relationship manager without further question:
“Jeffrey has separate accounts to manage each of his properties. This is one of them. However, when making one-off transfers to people, he and his finance staff have the flexibility to use any account they like that is funded.”
Deutsche finally cut ties with Epstein shortly after a Miami Herald article published in November 2018 shed new light on the shadiness of the late financier’s 2008 plea deal. A relationship manager at Deutsche, however, was nice enough to draft reference letters to two other financial institutions, on the bank’s letterhead, indicating he was “unaware of any problems relating to the operation or use of [the] accounts.”
Ignorance is bliss.