Recently, my wife’s friend entered into self-isolation after her partner’s boss tested positive for COVID-19. Notwithstanding the obvious risks, she could have stayed quiet and met with my wife and potentially spread a lot of contamination. But she didn’t.

In 2012, a relationship banker joined Deutsche Bank in New York after leaving another bank. The banker brought a number of established relationships with him, including Jeffrey Epstein. Contamination takes many forms. At this time, in 2012, many media organizations were publishing articles referencing Epstein’s convictions and associated allegations. Notwithstanding this, the new relationship banker persuaded others in Deutsche Bank that Epstein presented good opportunities to make a lot of money and secure introductions to other wealthy individuals within Epstein’s social circles.

Thus, as some banks were closing doors and exiting their relationships with Epstein, Deutsche Bank saw a potentially lucrative opportunity, opened its doors, and welcomed Epstein in. Fast forward to 2020, and Deutsche Bank has agreed to pay a penalty of $150 million for multiple anti-money-laundering failures related, in part, to its relationship with Epstein. Moreover, many people are repulsed at the bank’s conduct, which appears to have further facilitated Epstein’s criminal behavior.

It is incumbent upon all compliance professionals to read these judgments; learn lessons; and, where necessary, adjust policies, controls, processes, and even terms of employment with staff.

In the event my wife’s friend subsequently tests positive for COVID-19, she will be asked to provide details of places she has been to, people she has spent time with, public transport she may have used, and much more information. This information will then be used to trace other people who may have been contaminated.

How does this relate to the Epstein/Deutsche Bank case? Often times, banks/firms seek to employ relationship bankers who engage with high-risk parties. This is particularly important when recruiting relationship managers within private banks, wealth management, and other businesses, which present higher levels of risk.

Essentially, there is a need to combine the processes of “know your employee (relationship banker)” and “know your customer.” Most importantly, relationship bankers need to demonstrate they know their customers. When a relationship banker seeks to introduce a prospective customer, he/she should be asked to confirm in writing whether he/she is aware of any allegations against, investigations undertaken upon, or convictions of a prospective customer. Many banks/firms use similar wording or questions, which extend to awareness or knowledge of any factors related to a prospective customer that may have a negative impact on the reputation of the bank/firm.

The value and effectiveness of such questionnaires is only realized when relationship bankers are disciplined or dismissed, should it be established they have knowingly or negligently misled the bank/firm and/or deliberately withheld negative, relevant, and important information regarding a customer or prospective customer. Furthermore, relationship bankers of high-risk customers should be required to provided periodic (annual) scheduled updates and declarations as to the status, reputation, and behavior of such customers.

Of course, this must be secured in written form and retained, such that relationship bankers can later be held accountable for any failings on their part. When relationship bankers seek to introduce prospective customers from their former employer, questions should be posed regarding the prior relationship. In other words, compliance officers should seek to test such relationships for potential contamination before opening the doors and allowing the prospective customer to enter into a relationship with the firm/bank.

More widely, in the event problems arise, such as those presented by Epstein, compliance professionals should apply a trace process in order to identify any other customers introduced to the bank/firm by the relationship banker and establish if these too carry some form of financial crime/reputational risk contamination.

It is likely compliance professionals at Deutsche Bank have assessed the Epstein case and applied changes to the systems and controls that are applied, not only to new high-risk customers, but also to new relationship bankers in order to ensure similar failures are not repeated.