McDevitt discusses her Compliance Week Epstein case study on WBAI FM in NYC

On Monday, Compliance Week’s data and research journalist Aly McDevitt joined Jenna Flanagan on WBAI Pacifica Radio’s We Decide: America at the Crossroads to discuss the key findings of her investigation, and why her scoop, well ahead of the latest coverage, offers not just an airing of the banks’ dirty laundry, but compliance- and culture-based insights into the hidden systems that enabled a predator to thrive.

Listen to the segment on Riverside. 

Transcript: 

Jenna Flanagan: You may remember the major New York Times exposé last week on the role of the bankers, like JP Morgan, in enabling Jeffrey Epstein’s crimes by failing to report as, required by law, $1 billion in his transactions. Now, as it turns out, Compliance Week’s Alyson McDevitt published her blockbuster, The Banks behind the Epstein Enterprise, all the way back in March of 2024. Alyson McDevitt joins us now. 

Alyson, thank you so much for joining us. 

Alyson McDevitt: Good morning. Thank you for having me today. 

JF: Absolutely. So I saw that you posted on LinkedIn that The New York Times’ September 8th reporting “validated” your big scoop from, again, March of 2024. First, tell us a little bit about the validation that came from The New York Times of work that you had already done. 

AM: Sure. The New York Times published their version of this same angle of the story a week ago, and it was validating in the sense that it resurfaced this story and gave credence to this earlier original reporting that I came out with about 18 months ago.  

JF: All right, then. So tell us a little bit about, for anyone who might have missed both stories, even though they were both very, very huge in my world, what it was that the banks have been accused of? What was basically the gist of the story?

AM: Sure. So let me tell you how I came upon it. And that’ll be an entry point into this. So I started looking at this back in the summer of 2023 because it was around that time that J.P. Morgan agreed to pay $290 million to settle a class action lawsuit brought by some of the Epstein survivors, and the suit alleged that the bank turned a blind eye to his sex trafficking operation despite clear signs of abuse, suspicious transactions, and payments made through accounts held at the bank. And some survivors were reportedly forced to open bank accounts under duress. And this came to my attention because it was reported as a news brief at Compliance Week. 

I had also seen the Netflix documentary, Dirty Money, which came out way back in 2020, and Compliance Week had also reported—and I remembered this—that Deutsche Bank had been fined $150 million that same year for its ties to him. So I was struck by the pattern there: two major global banks, both had multiple red flags, and yet no action was taken until years later. So that prompted a deeper question, which was: How did these failures in compliance persist? 

So my editor at the time gave me the green light to pursue the story, and I began reviewing the legal filings and the public enforcement documents and conducting interviews in the fall of 2023. And then my report came out in March 2024. 

JF: And how did the idea of writing about Epstein’s—well, you did sort of explain how the idea came about—but basically, what allowed … the wrongdoing at the banks to go on undetected for so long? Because that seemed to be what made the whole thing so shocking; that this was just going on, and a few people may have raised some red flags, but nobody saw the need to stop it. 

AM: Yeah, that’s a really good question. So, ultimately, what my investigation came up with is that it came down to a combination of systemic governance failures and then also willful neglect. 

At both banks, there were glaring and frequent anti-money laundering (AML) red flags—so that would be like exorbitant and frequent cash withdrawals or multiple accounts making repeated transfers to the same third party, or multiple individuals reporting similar info. So, for example, there were women who listed Epstein’s New York apartments as their home address, and that should have been something that JP. Morgan would have seen and hopefully noticed; or twenty victims that were trafficked by Epstein were paid through JP. Morgan accounts a multitude of times. These were all transaction monitoring issues that should have come up.

And compliance teams did see it—they raised their concerns—but those warnings were consistently overridden by senior leadership. So, that was one reason. It was both cultural and structural. In both cases, it was a corporate culture that prioritized profit over compliance. There were weak internal controls, and then in some cases, there were some senior executives who benefited from their relationships with Epstein. So ultimately, the decision to keep Epstein and retain him as a client, despite his known criminal history and his suspicious activity, were made at the top. 

JF: So it sounds like—I mean, those examples that you gave sound like they would have been some of the regulations that were being flouted, for lack of a better description. 

AM: Yeah, absolutely. Or even if they were raised by compliance staff, ultimately as they got raised up the chain, they were overridden. 

JF: Did your reporting reveal any indication as to what could be attributed for the blind eye to suspicious transactions? 

AM: Yeah, absolutely. Well, let’s see. 

JF: I understand it can be complicated. 

AM: Yeah, so my research came up with a couple different reasons, and I think the obvious one is the leadership override—so senior executives deciding to keep him as a client despite repeated warnings from compliance staff. 

My case study opens with the story of Deutsche Bank, [with] some senior executives going and knocking on his door to his Upper East Side mansion to question him about Virginia Giuffre’s allegations in 2015—if you’re familiar with that person. 

And they had this conversation in private, in his mansion, next to his pool, and that was counted as a due diligence meeting, even though no notes were taken at the meeting, and that meeting was the basis or the premise upon which the committee decided to keep him on. So there were things like that going on. That was a Deutsche Bank example. 

But … What I found out, just from speaking with anti-money laundering compliance professionals who’ve been working in this industry for decades, is that also there’s a breakdown in feedback loops. Banks have to file suspicious activity reports, when they believe that suspicious activity is occurring, and it’s called a SAR, and that SAR is filed, and it goes to FINCEN. But banks typically don’t receive any feedback from Fincen. So that creates a little bit of a disconnect, and it leaves institutions without a full understanding of whether the activity that they flagged is being investigated or prosecuted. So, in a little defense of the bank, there is that feedback loop. 

JF: And just very quickly, for anyone who might not be as well-versed, SAR and FINCEN stand for?

AM: FINCEN stands for the Financial Crimes Enforcement Network. It’s through the U.S. Treasury Department. SAR is just an abbreviation of “suspicious activity report”—highly confidential documents that banks file.

JF: It sounds like that banks should file, and that leads me to my next question. I believe that a lot of people at least have been raised to believe that rules are rules, that this is what they are, and this is why we follow them. However, is compliance something that’s perhaps a little bit more malleable the further up the economic chain that you go?

AM: I like that word malleable. I think that’s a really good question, and unfortunately, I’d have to agree with you: yes. Compliance is supposed to be a line of defense, but in practice, it is often malleable, as this case study points out, when it runs up against institutional power or profit incentives. So in these cases, there were interpersonal relationships and internal politics that likely played a role. J.P. Morgan’s former executive, Jess Staley, is a perfect example of that. He was always running interference, or he was backing Epstein, even as adverse media coverage exploded. 

Epstein was considered a high-value client, and his connections in finance and politics likely insulated him at the banks. 

There was also a deeper structural issue, though. If a bank’s leadership can routinely override compliance warnings without consequence, then the system’s not working as it’s supposed to be. And these were not isolated lapses. These were institutional failures. 

JF: Well, speaking of them being institutional failures, throughout your reporting, did you come across anything that might indicate that this was somehow isolated? Or is this a practice that has been dabbled in or full-on just engaged with for other big name or, more importantly, high-value clients? Because as you’re talking, what’s coming to mind is: does this fit with the way the banks failed to regulate things like the mortgage-backed securities? 

AM: 100%. I would call it a practice, just based on my own research. I was looking more closely at how compliance frameworks function and fail with other high-risk client cases. I think Epstein’s case was extreme but not unique. And I think, yeah, the broader question is: how many other Epsteins are out there and are shielded by some of the similar structural blind spots?  

My case study gets into a little bit about corporate versus individual accountability, and some of these senior leaders who benefited by being in close proximity to Epstein’s wrongdoing—financially benefited—they jumped ship from those banks before those banks paid penalties. So they kind of got away scot-free. And then the banks themselves, yes, there were enforcement actions and civil lawsuits, but the amounts that they paid were essentially negligible. 

JF: Interesting. So when it comes to compliance, because again, we’re not talking about laws per se—or are we talking about laws? Let’s even get that part clear. Like, are we talking about rules and regulations or enforceable laws? 

AM: That’s a great question. And I don’t know the best way to answer that one…yeah, I don’t have an answer to that one, actually. 

JF: Well, the point of that question is to then tee up what would be my follow-up, which is: What is the enforcement mechanism, if any? Because that also seems to be part of the problem here.  

AM: I did interview somebody that talked to me a little bit about civil versus criminal prosecution and just the different thresholds of proof that the bank, or the individuals at the bank, were willfully complicit in the crimes, and it’s a really high threshold to prosecute criminally, which is why these banks were hit with civil lawsuits, where they didn’t actually have to admit guilt. They just had to pay fines to settle the lawsuits. I don’t know if that answers your question exactly. 

JF: It kind of does. It tees up my next question, which is that: Is this standard practice now within the banks? Because I’m now wondering, have many of the banks ever really been held accountable for engaging, or do they usually get some sort of fine, a slap on the wrist, and then everybody goes back to business as usual?  

AM: That is how it appears to me, which is, I think, why reporting on these topics is so important. Because, yeah, it comes down to, “This is the cost of doing business with this high-risk client,” and it’s a literal cost-benefit analysis: How much money can this individual bring in? And my case study gets into some of the individuals that Epstein helped shepherd into the banks—other ultra wealthy clients that Epstein helped shepherd into the banks and ultimately, yeah, it’s worth it to these banks to take the dings—the little civil action lawsuits and enforcement actions in Deutsche Bank’s case—in order to have the connections that this person could bring as well as his own money. 

JF: So is there any way to get a sense of—I mean, you mentioned Deutsche Bank explicitly, and this is not the first time you’ve mentioned them. First of all, is there any sort of compliance mechanism for tracking some of these larger trusts that is one of the places where these funds are able to move through?

AM: Are you talking about the Butterfly Trust at Deutsche Bank? 

JF: As an example, yeah. And first, for people who might not know, what is the Butterfly Trust, and then does that even get tracked and monitored? 

AM: The Butterfly Trust is a trust that Epstein opened at Deutsche Bank. And I am certainly no expert in this area, but I spoke to people that were experts [who] told me that it’s a very complicated procedure when you open a trust at a bank. There’s a lot of due diligence that goes into what the trust is set up for, and who the beneficiaries are, et cetera. 

At Deutsche Bank, one of the things that came out is that a lot of wire transfers were sent to individuals who were either perceived to be high-risk—so women with Eastern European surnames—or [who] were alleged co-conspirators in his 2008 felony—named individuals, such as Ghislaine Maxwell, who’s now serving a 20-year prison sentence for her role in the operation. Wire transfers that were sent through this trust didn’t correlate with the official purpose of the trust. Transfers were made for “tuition,” “rent,” and “hotel expenses” that were not [in line with] the stated purpose of the trust.

JF: Is there any chance that the industry reconsiders what its regulations would be, or, as you mentioned earlier, “the cost of doing business”—[will the industry] sort of wait for the outrage to die down and literally just go back to doing what has always been done? I’m now starting to wonder, how far back does this go? Is this just how banking is done, period, and compliance is the new thing involved? 

AM: I think these are open-ended questions, and they’re really good ones, and I don’t know the answers to [them]. I know that these examples raise questions like: how do you ensure that when a trust is set up, that there’s a substance to that structure, making sure that there are no conflicts of interest between the parties? One of the individuals that I interviewed was telling me that, hopefully, with the explosion of A.I., we can now automate some of this transaction monitoring. Because at least with human trafficking indicators, the transactions tend to be small. Frequent but small. And so they often go undetected. With the use of AI to help, perhaps … transactions that would have gone under the radar [will] become more glaring and obvious. But of course, that doesn’t solve the cultural issue at the top. 

JF: Yeah, but still, though, we rarely hear stories of A.I. being used for good in journalism, so that, at least to me as a journalist, is inspiring. 

AM: Yeah, definitely. 

JF: Can you tell us a little bit about what your new project is on—without giving us the details of who else might not be in compliance—but what else are you working on? 

AM: Of course. Thank you for asking. My next case study is coming out next week, and it’s called Inside a Dark Pact, and I’m looking at—I won’t go into too much detail—but I’m looking at a French cement maker that got caught making payments and negotiating revenue-sharing agreements with ISIS and the ANF in Syria in order to keep their cement factory open in Syria for a period of two years. So I’m looking at some of the compliance failures that went into … the bribes that went undetected, and also because it goes all the way to the top—and it’s well-documented that it goes all the way to the former chief executive of the global organization, the chairman of the board—how culturally this was permitted and came to be. And what series of missteps occurred that led them to this unfortunate outcome.

JF: Interesting. Well, in addition to this next piece that you’re working on, which sounds fascinating, I’m now thinking that a lot of my listeners might also be interested in learning more about, “who is and who is not in compliance with what, and what does that look like?” So any chance you can give us a quick commercial for Compliance Week? 

AM: Sure. Compliance Week…is a cross-industry publication, looking at all areas of compliance. So in my case, I covered anti-money laundering compliance with Epstein. Now I’m looking at anti-bribery with this new case study. But, yeah, it’s a cross industry publication, and in addition to reporting on news briefs,—so, for example, the JP Morgan civil lawsuit that came out in 2023— we report on that news, but we also do deep dives, such as these case studies, that look in more depth at what causes these acts of non-compliance, so repeatedly, and lead to these catastrophic endings. 

JF: Ah, and do you also do offshore stories? 

AM: Yes. 

JF: I mean not just offshore like international, like the one that you mentioned, but offshore like when it comes to offshore banking, because we also know that is another way for money to move outside of the gaze of prying eyes. 

AM: Right! No, I don’t think I personally have covered that yet, so maybe I’ll have to do that next. 

JF: Oh, okay, well, listen, we’re always here to share good scoops from what we know. So, listen, Alyson, I want to thank you so much for joining us. Thank you for the work that you’re doing, and especially with publications like Compliance Week, which might not be as well known as The New York Times, but are still doing the work and getting those stories out there. So I highly recommend for people listening that if this is the type of content you’re interested in, to definitely look for Compliance Week. 

AM: Thank you so much, Jenna. I appreciate you having me on the show.