Chapter 3: Egregious failures: Customer due diligence and transaction monitoring

“Financial institutions can connect—or choke—human trafficking networks, and enforcement actions filed and injunctive relief obtained by attorneys general are essential to ensure that enterprises like Epstein’s cannot flourish in the future.” 

Government of the U.S. Virgin Islands v. JPMorgan Chase Bank N.A. (2022)

It is easy to condemn Deutsche Bank for willful negligence, if not complicity, in facilitating Jeffrey Epstein’s sex trafficking enterprise. Epstein was a felon and registered sex offender with a trail of outspoken victims by the time of onboarding in 2013. Indeed, the institution classified him as high risk, an admission of awareness in its own right. Thus, when the bank allegedly failed to prevent money laundering or other use of its services to facilitate Epstein’s criminal activities, there was little credible defense to be mad

It is harder to fault JPMorgan Chase for willful negligence—at least on the face of it. Epstein’s double life was ostensibly under wraps when JPMorgan onboarded him at the turn of the century.

Epstein began doing business with JPMorgan as early as 1998, according to the 2022 U.S. Virgin Islands’ (USVI) lawsuit against the bank, although a separate, class-action lawsuit brought by Jane Doe in 2022 sets the relevant timeline from 2000-13. In either case, Epstein skirted law enforcement and public scrutiny for a handful of years while a client at JPMorgan.

“Between 2000 and 2005, Epstein provided clients to JPMorgan and, in exchange, JPMorgan allowed Epstein to do as he pleased with his JPMorgan accounts. JPMorgan allowed Epstein to engage in structuring violations and other financial maneuvers required to maintain a criminal enterprise. The relationship continued without much of a question from outsiders,” alleged court documents from the Jane Doe case.

The earliest public allegation against Epstein, concerning solicitation of prostitution, surfaced in 2006. A blitz of other allegations of sexual offenses—more victims, more press reports, more lawsuits—followed in short order.

That year, Epstein was arrested. JPMorgan’s global corporate security division found “‘[s]everal newspaper articles … that detail[ed] the indictment of Jeffrey Epstein in Florida on felony charges of solicitation of underage prostitutes,’” at which point the bank decided to classify him as high risk, according to the USVI lawsuit. By 2008, Epstein pleaded guilty to two charges, including procurement of a minor to engage in prostitution, and received a sentence of 18 months’ incarceration. By 2009, Epstein’s non-prosecution agreement with the U.S. government became public, revealing allegations Epstein might have used interstate commerce to induce minors to engage in prostitution, engaged in illicit sexual conduct with minors, and trafficked minors.

Throughout this revelatory time period, Epstein remained a valued client of JPMorgan’s. Ongoing adverse media did attract the notice of risk management and anti-money laundering (AML) compliance staff, however.

In a 2010 internal email, the risk management division discussed new allegations against the convicted pedophile related to child trafficking, according to the USVI lawsuit. One employee wrote, “‘[A]re you still comfortable with this client who is now a registered sex offender.’”

The question did not receive a question mark; Epstein remained a client for three more years.

Why did the institution retain Epstein for more than a dozen years? How did the relationship persist despite glaring red flags of criminality?

The “why” is straightforward, boiling down to apparent greed.

“JPMorgan turned a blind eye to evidence of human trafficking over more than a decade because of Epstein’s own financial footprint and because of the deals and clients that Epstein brought and promised to bring to the bank,” the USVI lawsuit alleged.

The “how” is more complicated. It offers lessons in customer due diligence (CDD); ongoing account monitoring; and perhaps most saliently, the consequences of unchecked power at senior levels of an institution.

Money laundering and human trafficking indicators

Financial institutions (FIs) operating in the United States are required to have adequate, risk-based AML policies and systems in place under both the federal Bank Secrecy Act (BSA) and the “Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism” (USA PATRIOT) Act.

A BSA/AML compliance program must include, but is not limited to, maintaining a due diligence program; filing suspicious activity reports (SARs) when the institution detects suspicious behavior; filing currency transaction reports (CTRs) for transactions that exceed $10,000 in a 24-hour period; preventing structuring undertaken for the purpose of evading federal reporting requirements; and maintaining systems to prevent money laundering.

“A lot of perpetrators—sex traffickers—need to have bank accounts because they have to pay for their own expenses and the expenses of their victims. Sex trafficking is an ongoing job. It’s not just a one-and-done crime. They need to pay for food, clothing, or rent, things like that,” said Ola Tucker, an experienced compliance professional with a career focus on financial crime compliance and risk management. “So, oftentimes they do have bank accounts with financial institutions, and financial institutions are in a position to identify red flags and possibly identify that there’s sex trafficking going on—if they know what kind of signs to look for.”

Red flags, or indicators, can be categorized in terms of either behavior or financial transactions, Tucker explained. Behavioral indicators pertain to the appearance and conduct of the customer, while financial indicators focus on suspicious accounts activity.

Both the U.S. Treasury Department’s Financial Crimes Enforcement Network (FinCEN) and the intergovernmental Financial Action Task Force have published advisories and studies identifying long lists of tangible indicators of human trafficking, including in the area of sexual exploitation, as well as typologies of money laundering used to conceal the proceeds of such crimes.

Some of the key behavioral and financial indicators of human/sex trafficking are either starkly apparent, or presumptively so, in Epstein’s case. As seen below, certain details of Epstein’s account activity raise overlapping red flags. This list is by no means exhaustive and represents merely a sampling of issues that should have concerned bank staff.

Multiple accounts making repeated transfers to the same third party or multiple individuals reporting similar information (e.g., address, phone number, etc.)

JPMorgan: At least 20 victims trafficked and abused by Epstein were paid through JPMorgan accounts, a multitude of times, between 2003 and 2013, in excess of one million dollars collectively, according to the USVI lawsuit. Several of these women listed Epstein’s New York apartments as their home address.

Concentration of ‘risk’ nationalities among the opening of accounts

JPMorgan: During the time in which Epstein was a customer, women recruited into his enterprise with Eastern European backgrounds (and surnames) were sometimes required to marry other Epstein victims to maintain their immigration status. If these recruits were paid through JPMorgan accounts—financial information did reflect payments drawn from JPMorgan accounts of nearly $1.5 million to known recruiters, according to the USVI lawsuit—this information should have caught the bank’s attention.

Customer accounts which display unusual withdrawal patterns, such as lump sum withdrawals

JPMorgan: Epstein withdrew more than $775,000 in cash from JPMorgan accounts over a 10-year timeframe while a customer, according to the USVI lawsuit.

Deutsche Bank: Epstein’s attorney withdrew more than $800,000 on Epstein’s behalf from Deutsche Bank accounts over a four-year timeframe while a customer, according to a 2020 consent order the bank reached with the New York State Department of Financial Services (NYDFS).

In either case, Epstein’s exorbitant cash withdrawals were significant because he relied on mountains of cash to pay both hush money to his victims and finders’ fees to his recruits.

A customer avoids transactions that require identification documents or that trigger reporting requirements

Under federal regulations, banks must file CTRs to the Treasury when there are withdrawals in excess of $10,000 per day or when withdrawals are broken up to avoid CTR reporting, a criminal offense known as structuring.

Deutsche Bank: Epstein’s personal attorney had the authority to conduct transactions in Epstein’s accounts on his behalf. In a four-year timeframe, the attorney made a total of 97 withdrawals from Epstein’s accounts, roughly two to three times per month, all in the amount of $7,500 per withdrawal—the bank’s limit for third-party withdrawals, according to the NYDFS order. The attorney once asked bank personnel how often he could withdraw cash on Epstein’s behalf without triggering an alert—a question which, in and of itself, should have triggered an alert.

Relatively high or recurrent expenditure on items inconsistent with customer’s personal use or stated business activity, such as food, necessities, or accommodation for workers

Deutsche Bank: While Epstein held accounts at the bank, he used a trust account and various other accounts to send more than 120 wires totaling $2.65 million to beneficiaries of the trust, including some transfers to alleged co-conspirators or women with Eastern European surnames, for the stated purpose of covering “hotel expenses, tuition, and rent,” the NYDFS found.

JPMorgan: In 2022, a JPMorgan representative, Patrick McHugh, testified that Epstein transferred approximately $31 million to his former paramour, Ghislaine Maxwell, through JPMorgan accounts between 1999 and 2007, as noted in the Jane Doe lawsuit against the bank. The amount was believed to be payment for her role in Epstein’s sex trafficking venture. Maxwell is now serving a 20-year prison sentence for conspiring with Epstein to sexually abuse minors.

Media coverage of account holder’s activities relating to human trafficking in the sex trade and/or prostitution rings

An ocean of media coverage detailing Epstein’s depravity and disgrace is readily accessible on the internet. Press emerged in the mainstream as early as 2006 and proliferated in the ensuing years—both JPMorgan and Deutsche Bank were aware of it.

JPMorgan: A striking example is that Epstein paid more than $600,000 through JPMorgan accounts to a woman who—according to news reports contained in JPMorgan’s own due diligence reports —Epstein “purchased” at the age of 14, according to the USVI lawsuit (emphasis added).

Potential behavioral indicators of victims of human/sex trafficking

Deutsche Bank: In at least one known case cited in a class-action lawsuit against the bank, Epstein and his co-conspirators forced a Jane Doe to open an account at Deutsche Bank, which her team of lawyers argued made escape from Epstein’s organization more difficult.

This example raises a number of questions and potential red flags related to whether bank personnel were aware the victim opened the account under duress. Possible questions for bank personnel who handled Jane Doe’s account, and potential red flags raised, might include:

• Was a third party always present to speak on behalf of Jane Doe?
• Was Jane Doe an unqualified minor at the time the account was opened?
• Did Jane Doe ever show signs of poor hygiene, malnourishment, fatigue, bruising, or other signs of abuse?
• Did Jane Doe ever seem confused or provide scripted stories in response to questions?

Caveat about red flags

As damning as all these red flags are in succession, they are data points, not smoking guns. Encountered in isolation from one another—as might have at least initially been the case—each one represents a starting place to determine if a broader pattern exists within the customer relationship.

“No single transaction or red flag is an absolute clear indicator that there’s human trafficking or other criminal activity going on,” said Tucker. “Customer due diligence is such a key here. One red flag is not going to do it, but that could be the initial sign to look deeper and ask for more information.”

To identify broader patterns across a customer’s accounts activity, FIs must conduct reviews at the relationship level, not merely the account level.

“It’s not uncommon for traffickers to have multiple accounts. What may initially look benign in one account may stand out when you do a relationship-level review because it’s examined at a broader level,” said Tucker.

Given that Epstein had approximately 55 accounts with JPMorgan and more than 40 accounts with Deutsche Bank, a relationship-level review would no doubt shed light on the question: “How was he using the institution?” Tucker said.

Anything less than a comprehensive approach to a transaction monitoring system is insufficient in the eyes of former NYDFS Superintendent Maria Vullo.

“[Deutsche Bank] actually filed the CTRs, but was that sufficient? Maybe from a technical standpoint,” said Vullo, “but they know this client, and they’re seeing what FinCEN is not seeing with the filing of the CTRs or the SARs. They’re seeing that payments are going for ‘tuition and rent … for employees and friends.’ Even if it’s not human trafficking—which is what this was—why are you paying the tuition and rent of employees? That could be a tax issue, by the way. That’s also a potential problem—or at least suspicious activity.”

When to terminate

At what point should JPMorgan have terminated the Epstein relationship? After Epstein’s 2008 conviction on child prostitution charges? When Epstein’s co-conspirator Maxwell wanted to set up an account for her “‘personal recruitment consulting business’” referred to in the USVI lawsuit? Or when the bank filed multiple SARs related to Epstein’s accounts back in 2002, as cited in a Doe v. JPMorgan class certification?

And what about Deutsche Bank: Should the German bank have let him go after he transferred funds to alleged co-conspirators, according to the NYDFS consent order, three months after onboarding?

Karim Rajwani, an independent anti-financial crime consultant, said “absolutely not” to that last question.

“I’m the first one to say if banks are guilty, nail them,” Rajwani said. “But at the end of the day, you must have ‘reasonable grounds to suspect.’ Adverse media is an incredibly difficult thing to define and implement in financial institutions. And organizations like Deutsche Bank process trillions and trillions of dollars annually. If, let’s say, $3 million were missed, is that material? Are we looking for perfection?

“I haven’t seen the transactions that may have indicated connections to sex trafficking. … However, identifying sex trafficking has historically been extremely difficult because you are dealing with low-value and low-frequency transactions compared to other transactions.”

The timing of Deutsche Bank’s decision to terminate boiled down to reputational risk, Vullo maintained.

“Regulators don’t tell banks, ‘You can’t have certain customers,’ unless you know for sure that they’re a criminal. Then sometimes law enforcement gets involved in that. But in this circumstance, what the bank did initially in 2013, and then when they closed the account in 2018, was essentially base [the decision] upon reputational risk, which is basically in this circumstance: ‘If it gets out that this is a client of the bank, is our reputation going to be damaged?’” said Vullo.

“But the legal problem for the bank, as set forth in the [NYDFS] consent order, was that the bank’s anti-money laundering controls were inadequate and permitted the financing of human trafficking,” she added.

Rajwani pointed out it is not so simple for FIs to exit certain accounts and therefore customers, logistically. For example, Deutsche Bank opened accounts for Epstein’s “Butterfly Trust” in 2014.

“A trust is not like a normal bank account,” Rajwani said. “It’s a relationship with regulatory obligations on you as the trustee. It’s not something where you can say, ‘Hey, I’m going to end this trust.’ … In many cases, it can’t be done at all.

“There are major repercussions on the property, on the assets. There are tax consequences. … The bank can become liable for all of that. And remember, at the end of the day, you [the FI] only have ‘grounds to suspect’—the person has not been found guilty.

“Just like a trust can’t be exited very easily, it’s not so easy to open a trust account. An enormous amount of due diligence goes into opening a trust account. A lot is known about the client, the purpose of the trust, who the beneficiaries are … all of that is documented. So, the trust relationship goes through an enormous amount of due diligence because once they’re set up, they’re set up.”

Given the laborious and time-intensive process involved, it remains a wonder why certain beneficiaries of Epstein’s Butterfly Trust, alleged co-conspirators from his prior conviction, were approved.

“When the trust beneficiaries are employees or friends of the settler, there are several potential risks and concerns that might arise,” said AML technology expert Jeremy Swetenham of KYC360. “For example, lack of substance in the structure—why was it set up?—conflicts of interest between those parties, suspicious transactions, or even third-party risk.

“The fact that a number of beneficiaries were ‘high risk’ raises potential weaknesses in the enhanced due diligence that was carried out and the risk-based approvals process of approving those transactions and then monitoring of them, which goes back to the point that … the systems actually [weren’t] configured to take into consideration the nature of the parties.”

As for JPMorgan, the protracted decision to exit the Epstein relationship involved another factor beyond reputational risk and bank liability. His name was Jes Staley.

Staley

James “Jes” Staley was head of JPMorgan’s private bank when he befriended Epstein in 2000. He was promoted to chief executive of JPMorgan asset management the following year. While Epstein was a client of JPMorgan’s, the two men developed a close relationship.

“Staley was the key to making all of Epstein’s depraved dreams of sexual abuse and sex trafficking of countless young women possible,” alleged court documents from the Jane Doe case against the bank. “With his help, the number of victims of the Epstein sex trafficking operation began to grow on a vertical trajectory beginning in 2000.”

Staley used his clout within JPMorgan to make Epstein untouchable, according to Jane Doe’s team of attorneys. In return, Epstein recruited, or promised to recruit, other high-net-worth clients to the institution.

Epstein reportedly introduced Staley to Glenn Dubin, billionaire co-founder of Highbridge Capital Management, and helped arrange for JPMorgan to acquire the fund in 2004. Unsealed court documents from Epstein accuser Virginia Guiffre’s testimony against Ghislaine Maxwell in 2016 alleged Guiffre was trafficked to Dubin through the Epstein operation.

The general counsel of Glenn Dubin’s company, Dubin & Co., did not respond to a request for comment.

For years, Staley served as investigator and decision-maker with respect to Epstein’s accounts while basic due diligence measures were apparently being flouted.

For example, a 2012 internal memo from the bank identified questions for Epstein to answer related to the purpose and expected use of his accounts, yet the bank neither pursued nor received a response from Epstein, according to the USVI lawsuit.

In its investigation, the USVI government failed to find any evidence the institution probed the source of Epstein’s funds. Further, the bank “seemingly did no due diligence on the nature of the various business entities for which it held accounts for Epstein,” the government alleged.

JPMorgan agreed to pay $75 million to settle the lawsuit in September 2023.

“JPMorgan Chase believes this settlement is in the best interest of all parties, particularly for those who can benefit from efforts to combat human trafficking and for survivors who suffer unimaginable abuse at the hands of these criminals,” the bank stated at the time. “While the settlement does not involve admissions of liability, the firm deeply regrets any association with this man and would never have continued doing business with him if it believed he was using the bank in any way to commit his heinous crimes. The firm will continue to work with law enforcement to combat human trafficking and help to identify improper money movement into the global payments systems.”

The USVI government’s investigation also unearthed alarming details about the Epstein-Staley relationship.

Staley exchanged approximately 1,200 emails with Epstein from his JPMorgan email account between 2008 and 2012, according to the lawsuit. The emails not only illustrate a breach of conduct—they “even suggest that Staley may have been involved in Epstein’s sex-trafficking operation,” the lawsuit claimed. The men allegedly exchanged pictures of young women and referred to them euphemistically as Disney characters (“Snow White,” “Beauty and the Beast”) and types of wine.

“‘Don’t tell me,’” Staley allegedly quipped in one such email, referring to an attached photo of a young woman, “‘a French wine.’”

Staley visited Epstein while the convicted pedophile was incarcerated in Florida in 2008-09, according to the U.K. Financial Conduct Authority’s (FCA) separate case against Staley. He also appeared to visit Epstein’s private island in the U.S. Virgin Islands during that time, according to the USVI lawsuit, which cited the following email to Epstein:

“‘So when all hell breaks lo[o]se, and the world is crumbling, I will come here, and be at peace. Presently, I’m in the hot tub with a glass of white wine. This is an amazing place. Truly amazing. Next time, we’re here together. I owe you much. And I deeply appreciate our friendship. I have few so profound.’”

None of the emails exchanged between the men were flagged in connection with risk reviews of Epstein’s accounts, the USVI government found. Staley remained the Epstein relationship manager throughout his tenure at the institution. When executives on the board at JPMorgan recommended cutting ties with Epstein, Staley allegedly went to bat for him. The FI even tasked him with discussing the human trafficking allegations with Epstein.

“‘… Jes Staley discussed the topic [of human trafficking] with Jeffrey Epstein, who replied there was no truth to the allegations, no evidence, and was not expecting any problems.’”

JPMorgan January 2011 review of Epstein’s accounts, as cited in Government of the U.S. Virgin Islands v. JPMorgan Chase Bank N.A.

In 2013, several months after Staley left JPMorgan for another FI, a JPMorgan compliance officer terminated the Epstein relationship, the USVI lawsuit noted.

Staley went on to become chief executive officer of Barclays, but his fall from grace arrived in 2021. Following a U.K. regulatory probe into his relationship with the late Epstein, Staley stepped down from the position. In 2023, the FCA fined and banned Staley from holding a senior management or significant influence function in the financial services industry.

At the time, Staley’s legal representatives did not comment on the FCA’s decision. He appealed the regulator’s ruling to a tribunal.

Also in 2023, JPMorgan sued Staley for his Epstein ties. The bank did not disclose financial details of a settlement reached in September that year.

Staley’s lawyer, Kathleen Harris of Arnold & Porter, declined to comment on the allegations against Staley contained in the USVI lawsuit and the Jane Doe lawsuit.

Read on—Chapter 4: Investigations into misconduct: What banks can do