In 2013, JPMorgan Chase ended its long banking relationship with Jeffrey Epstein. Internal documents later disclosed in litigation showed compliance officers had flagged Epstein’s account activity for years before the bank finally acted. The closure should have been a warning to any institution that subsequently took him on. Deutsche Bank took him on anyway, and over the next five years built a relationship that ended in a $150 million fine from New York’s Department of Financial Services and a body of evidence about how compliance functions can fail even when red flags are unmistakable.
Onboarding a known risk
Deutsche Bank’s private wealth division accepted Epstein as a client in 2013, shortly after his exit from JPMorgan. By that point, Epstein had already pleaded guilty in 2008 to soliciting prostitution from a minor and had served a sentence under his Florida non-prosecution agreement. He was a registered sex offender and a publicly documented compliance liability. According to the DFS consent order, Deutsche Bank’s relationship managers documented Epstein’s history during onboarding and decided to accept him anyway, citing his potential to generate substantial revenue and referrals. The bank did impose enhanced monitoring. The monitoring then failed to function as monitoring.
The transactions that should have triggered alarms
Between 2013 and 2018, Deutsche Bank processed hundreds of transactions on Epstein’s behalf that, per the DFS findings, should have generated escalation under the bank’s own anti-money-laundering policies. These included payments to Russian models, Eastern European women, and named co-conspirators including Sarah Kellen and Lesley Groff; cash withdrawals totaling over $800,000 used for what staff described in internal communications as “tips” and “hotel expenses”; and transfers consistent with the financial fingerprint of a trafficking operation. Compliance staff repeatedly raised concerns. Senior bankers repeatedly cleared the activity or downgraded the alerts.
The 2020 settlement
In July 2020, the New York Department of Financial Services fined Deutsche Bank $150 million โ at the time, the largest fine ever imposed by DFS for compliance failures related to a single client relationship. The consent order documented “significant compliance failures” and required structural remediation in the bank’s anti-money-laundering controls. The fine, while large in absolute terms, was a tiny fraction of Deutsche Bank’s annual revenue and was largely shrugged off in the markets. The reputational damage and the civil litigation exposure that followed turned out to be more consequential than the regulatory fine itself.
The civil claims that followed
Survivors of Epstein’s trafficking subsequently filed suit against Deutsche Bank, alleging the bank had knowingly facilitated the operation. In 2023, Deutsche Bank settled a class action by Epstein survivors for $75 million without admitting liability. JPMorgan, which had ended the relationship in 2013, faced parallel civil litigation that settled for $290 million the same year. The settlements suggest the cost of facilitating Epstein’s banking ran into the high hundreds of millions across the institutions involved.
The bottom line
Compliance functions only work if escalations actually escalate. Deutsche Bank’s Epstein relationship is a case study in what happens when revenue managers can override compliance findings: years of red flags, hundreds of transactions, and a settlement that finally arrived after the human damage was done.
Leave a Reply