Deutsche Bank’s Many Epstein Failures
New York banking regulators hit Deutsche Bank with a $150 million penalty Tuesday for its business dealings with notorious sex trafficker Jeffrey Epstein, and painted a damning picture of compliance failures that went on for years at the bank while it reaped millions from such a lucrative customer.
The New York Department of Financial Services imposed the penalty, and its 38-page consent order against Deutsche Bank is not easy reading. The order shows how Esptein sailed through client onboarding at the bank in 2013 even though bank staffers had documented Epstein’s previous prison sentence for soliciting underage prostitutes; and how Deutsche Bank compliance and wealth management executives alike bumbled through years of poor monitoring of Epstein’s suspicious transactions.
We all know how Esptein’s personal tale ended: he died last August while in federal custody, awaiting trial on new charges of underage prostitution and sex trafficking. The official cause of death was determined to be suicide, but given Epstein’s many famous friends — including defense lawyer Alan Dershowitz, Prince Andrew, and President Trump — conspiracy theorists question that conclusion.
Whatever. This is about Deutsche Bank, and pervasive compliance program failures there. Linda Lacewell, head of the NY Department of Financial Services, pummeled the bank in a press release:
[Deutsche Bank] failed to properly monitor account activity conducted on behalf of the registered sex offender despite ample information that was publicly available concerning the circumstances surrounding Mr. Epstein’s earlier criminal misconduct… This substantive failure was compounded by a series of procedural failures, mistakes, and sloppiness in how the Bank managed and oversaw the Epstein accounts.
Even Deutsche Bank CEO Christian Sewing said in a statement: “Onboarding [Epstein] as a client in 2013 was a critical mistake and should never have happened.”
So what went wrong? Jeez, where to begin…
Negligence During Onboarding
The debacle began in 2013. Epstein was looking for a new bank, and a relationship manager at Deutsche Bank who had previously worked with Epstein suggested that Deutsche Bank try to land him as a client. Epstein was game, so the bank began onboarding him around April 2013.
A junior banker wrote a memo about Epstein’s background, which plainly stated that Epstein had served time for soliciting underage prostitutes and was involved in 17 legal settlements relating to his conviction.

Epstein
The relationship manager attached that memo to an email he sent to the heads of Deutsche Bank’s wealth management division. The email itself, however, talked up Epstein’s potential as a client: several hundred million dollars in “flow” with fee revenue of $2 million to $4 million annually. The relationship manager also proposed that all Epstein-related accounts be for “entities” affiliated with Epstein, “not personal accounts.”
What happened next is crucial, but fuzzy. The head of wealth management replied to the relationship manager that he had talked with the head of AML compliance for the Americas and the general counsel for the Americas, and both said Epstein could skip further review by the bank’s Americas Reputational Risk Committee. The general counsel was chair of that committee, by the way.
So Deutsche Bank had clear, documented evidence that Epstein was a pimp and a pervert; that evidence was passed along to senior executives; and they saw no need for further scrutiny of Epstein’s application.
At least, that’s what we’re supposed to believe — because, as the consent order put it, “The bank has represented to the Department that it has no other record of this communication.”
This was a significant thing. We have what looks, in hindsight, to be a terrible decision about onboarding a skeezy lowlife because he’d be a lucrative customer. Worse, we don’t know what else passed for initial onboarding of Epstein, because the bank has incomplete documentation of its decisions.
As the consent order said:
Despite the nature of Mr. Epstein’s prior criminal history, the initial onboarding of the first account was not reviewed by the bank’s regional reputational risk committee but was instead approved in what appears to have been an off-hand conversation reflected only in the Approval Email. That Approval Email was then relied upon, substantially without additional scrutiny, to open numerous other Epstein-related accounts.
All other mistakes Deutsche Bank made flowed from this original sin of weak scrutiny, and weak documentation of its decision-making for a known high-risk customer.
Poor Monitoring Over the Years
Deutsche Bank began doing business with Epstein in August 2013. The bank had flagged him as a high-risk customer, and even designated him an “Honorary PEP” given his many ties to influential political figures. That should have led to enhanced monitoring of Epstein’s transactions.
Well, no such enhanced monitoring happened. Within months, Epstein was sending wire transfers of $10,000 or more to alleged co-conspirators in his past crimes. In January 2014 he opened an account known as the Butterfly Trust, where the beneficiaries included his co-conspirators and “a number of women with Eastern European surnames.” Which should be a red flag when your client is a known sex trafficker.
Where was the due diligence, you ask? At one point, a compliance officer performing background checks on one Butterfly beneficiary did indeed ask what was going on. But Epstein’s relationship manager (the one who brought Epstein to Deutsche Bank) dismissed those concerns, saying the beneficiary “was accused as a co-conspirator in a case but was never brought to trial nor ever convicted.”
And then the relationship manager waved off the compliance officer’s inquiry by citing — wait for it — the approval email generated during initial onboarding.
Only much later did more senior compliance executives point out that the approval email wasn’t an approval of anything, but rather “a statement by a front office managing director about his conversation with them and their alleged opinion not to escalate.” By then, Epstein and his associates had sent 120 wire transfers, totaling $2.65 million, to Butterfly Trust beneficiaries or suspected foreign prostitutes.
Another debacle happened in early 2015. By then, fresh reports of Epstein’s misconduct had prompted compliance officers to insist that the bank’s Americas Reputational Risk Committee (the one that had never reviewed Epstein in the first place) take a look at Epstein’s activities.
To prepare for that review, Epstein’s relationship manager and Deutsche Bank’s head of wealth management met Epstein at his house and asked him about the latest allegations against him. The two bankers “appeared to be satisfied by Mr. Epstein’s response,” but again…
The bank has represented to the Department that it is not in possession of contemporaneous records reflecting the substance [the] meeting with Epstein and is not aware of any other steps taken at the time to investigate the veracity of the allegations beyond speaking with Mr. Epstein.
I don’t know what alarms me more: that the bank executives continued to do such a shabby job of monitoring Epstein; or that the bank’s compliance function and senior managers tolerated such poor documentation. Then again, you can’t have the former without the latter.
Top Everything Off With Miscommunication
By February 2015 the reputation risk committee did decide, apparently based on assurances from that meeting between Epstein and his bankers, to “continue business as usual with Jeffrey Esptein.” So said Deutsche Bank’s head of compliance for the Americas, in an email he circulated to other bank executives.
That email also listed three conditions for continuing to work with Epstein:
- Epstein could keep doing transactions without compliance pre-approval “provided that the business had determined these transactions do not involve any unusual and/or suspicious activity or are in a size that is unusually significant or novel in structure”
- Deutsche Bank executives could open accounts “where the activity has already been approved” by the wealth management division; and
- The bank would “need to monitor for any further developments in connection with the reputational risk of the client relationship and to review transactions/activity conducted in the accounts for any activity, size or structure as described in [the first condition].”
Except, the risk review committee circulated that email upward to senior bank executives, including Deutsche Bank’s CEO for the Americas — but not downward, to the team working with Epstein directly; so they kept on working with Epstein as usual.
Even worse, a more junior AML compliance officer misunderstood those three restrictions. He took “transactions [with] unusual and/or suspicious activity” to mean transactions that were suspicious compared to Epstein’s prior activity — which Deutsche Bank had already allowed to happen based on that flimflam approval email. So when Epstein kept wiring money to Russian “models,” nobody raised any new red flags, because the old red flags had been allowed to flap in the breeze for years.
So we have careless onboarding, poor recordkeeping, no serious attention paid to reputation risk, senior compliance officers not communicating policies to the correct people, and junior compliance officers misunderstanding those policies anyway.
And that’s how Epstein, a reprehensible man, got away with his crimes for years. Yeesh.