‘The Butterfly Trust’: How Deutsche Bank maintained Jeffrey Epstein as a client until he was arrested

When Deutsche Bank decided in December 2018 that it would no longer bank Jeffrey Epstein, the decision appeared to close a relationship that should never have survived its initial risk review. Yet recently released records show that the separation took almost seven months. Epstein and his associates continued to receive banking services, move money and arrange large cash withdrawals until his arrest in July 2019 finally prompted the bank to close the remaining accounts.

Among them was an account associated with the Butterfly Trust, one of dozens of Epstein-related accounts still visible within Deutsche Bank’s systems when news of the arrest reached senior employees. Its presence has become a symbol of a wider governance failure: a bank could identify a client as exceptionally risky, impose additional controls and ultimately decide to terminate him, yet still fail to turn those decisions into effective action.

The lesson is not simply that banks need more alerts or more sophisticated monitoring software. It is that controls become meaningless when employees do not understand them, escalation is inconsistent and commercial relationships are allowed to outlast the institution’s stated risk tolerance.

The Relationship Began With The Red Flags Already Visible

Deutsche Bank accepted Epstein as a client in 2013, after JPMorgan had ended its relationship with him. By then, Epstein’s criminal history was public. He had pleaded guilty in Florida in 2008 to offences involving an underage girl and had served a custodial sentence.

This was not a case in which a bank discovered damaging information years after onboarding an apparently unremarkable customer. The reputational and financial-crime risks were evident from the beginning.

The New York State Department of Financial Services later found that Deutsche Bank knew about Epstein’s history when it accepted him. The bank classified him as a high-risk client and applied enhanced monitoring. It also treated him as an honorary politically exposed person, reflecting his extensive connections with politicians, business leaders and other prominent figures.

Yet the relationship was not escalated before onboarding to the bank’s Americas Reputational Risk Committee, despite policies requiring such scrutiny for clients presenting potentially serious reputational concerns. The failure was therefore not an absence of information. It was an inability, or unwillingness, to convert known information into an appropriately cautious decision.

What The Butterfly Trust Does And Does Not Show

The Butterfly Trust appears in records relating to Epstein’s network of accounts and entities. When his arrest triggered an urgent internal effort to shut down the remaining relationship in July 2019, the trust account was among the accounts still recorded in Deutsche Bank’s systems, although it contained only a small residual balance.

The name invites questions because trusts can be used legitimately to hold and transfer assets, plan estates, support beneficiaries and separate legal ownership from beneficial interests. They can also create additional layers between an asset and the individuals who ultimately control or benefit from it.

However, the existence of a trust account does not mean the bank holding it is the trustee. A bank may act as custodian, deposit-taker or payment provider for a trust without assuming the fiduciary responsibilities of a corporate trustee.

That distinction matters. Deutsche Bank’s documented failures in the Epstein case concern its role as a financial institution serving Epstein and his related entities. The regulatory record does not establish that the bank administered the Butterfly Trust as trustee or exercised fiduciary control over its assets.

The stronger and more defensible question is therefore not whether Deutsche Bank breached a trustee duty attached to this particular structure. It is why its know-your-customer, anti-money-laundering and reputational-risk controls failed to manage a network of accounts belonging to a client whose risks were already recognised.

The Transactions That Should Have Prompted Greater Scrutiny

New York regulators found that Deutsche Bank processed hundreds of transactions involving millions of dollars that warranted closer examination in light of Epstein’s history.

These included payments to people publicly alleged to have assisted his abuse, more than $7 million in settlement payments, and over $6 million in payments to law firms that appeared to cover legal expenses for Epstein and people associated with him.

The bank also processed payments to Russian models, tuition fees for women, hotel and rent expenses, and transfers to numerous women with Eastern European surnames. None of these categories is inherently unlawful. In the context of Epstein’s known conduct and the public allegations surrounding the recruitment of young women, however, the patterns required more than routine processing.

Cash activity created another obvious risk. Regulators identified more than $800,000 in suspicious withdrawals over approximately four years. Epstein’s relationship team knew that he regularly requested substantial amounts of cash, yet the bank’s enquiries were limited and explanations were frequently accepted without sufficient challenge.

Effective transaction monitoring is not a search for individually prohibited payments. It requires the institution to compare activity with what is known about the client, the purpose of the accounts and the risks attached to the relationship. A payment that appears ordinary in isolation may become highly significant when viewed as part of a broader pattern.

Controls Existed, But They Did Not Travel Through The Bank

One of the most revealing findings was that Deutsche Bank had imposed conditions intended to reduce the risks associated with Epstein’s accounts. Those conditions were not effectively communicated to most members of the relationship team.

A compliance officer also misinterpreted parts of the instructions, resulting in little practical change to the way the accounts were monitored. Problematic transactions were rarely challenged and, when questions were raised, they were often resolved without a satisfactory explanation.

This exposes a recurring weakness in large financial institutions. Risk committees can produce conditions, classifications and formal decisions that appear robust on paper but fail at the point where employees interact with the client and process transactions.

A control is not effective because it appears in meeting minutes or an internal policy. The relevant staff must know that it exists, understand how to apply it and have clear authority to delay or reject activity that does not make sense.

There must also be evidence that somebody checks whether the conditions are working. Enhanced due diligence should mean more than reviewing the client more frequently while continuing to approve the same behaviour.

Why The Exit Took Seven Months

Deutsche Bank decided in December 2018 to terminate the Epstein relationship following renewed negative media coverage. Epstein was informed that the bank intended to close his accounts and was initially given until 28 February 2019 to move his assets.

The process continued well beyond that deadline.

Records reviewed by Reuters show that Epstein still held at least nine accounts at Deutsche Bank in early May 2019, with combined balances of approximately $1.8 million. In March, more than $30 million moved through an account belonging to Southern Trust Company, apparently as assets were transferred to another institution.

The bank continued to assist with transactions and cash requests during the wind-down. In April 2019, it arranged €50,000 in large-denomination notes before one of Epstein’s European trips. Employees also facilitated another €7,500 cash delivery to an aide and handled transfers connected with aviation and other expenses.

When another institution accepted Epstein’s funds, his Deutsche Bank relationship manager wrote that the bank was unaware of problems relating to the operation or use of the accounts. Such reassurance sits uneasily beside the internal decision that the relationship posed an unacceptable reputational risk.

The final closure came only after Epstein was arrested on 6 July 2019. Internal correspondence then treated the remaining accounts as urgent, with staff instructed to close them immediately. All accounts were reportedly shut by 9 July.

An orderly exit can take time, particularly when a wealthy client holds numerous accounts, investments and legal entities. But an exit process must be governed by the risk that produced the termination decision. It should not become an extended period of largely normal service.

Commercial Value Complicated The Risk Decision

Epstein was reportedly a lucrative private-banking client. Internal estimates placed the potential annual revenue from the relationship in the millions of dollars, while his banker later indicated that the accounts generated more than $1 million a year in fees and trading income.

This does not prove that individual employees deliberately ignored criminal activity in order to preserve revenue. It does illustrate the structural conflict at the heart of high-risk private banking.

Relationship managers are frequently rewarded for attracting assets, retaining profitable clients and expanding business. Compliance teams are responsible for restricting activity that creates legal or reputational exposure. Unless senior management resolves that conflict decisively, commercial momentum can turn risk controls into obstacles to be managed rather than boundaries to be respected.

The problem becomes more acute when the client is wealthy, well connected and able to take business elsewhere. An institution may convince itself that enhanced monitoring is preferable to termination because the account remains commercially valuable and no individual transaction supplies definitive proof of a crime.

That is precisely why risk appetite must be set above the level of the relationship manager. Some clients present a cumulative risk that cannot be made acceptable through additional forms and periodic reviews.

The Regulatory And Legal Consequences

In July 2020, the New York State Department of Financial Services imposed a $150 million penalty on Deutsche Bank for significant compliance failures involving Epstein and two separate correspondent-banking relationships.

The regulator found that Deutsche Bank had failed to monitor adequately clients it had itself classified as high risk. In Epstein’s case, it criticised both the substantive failure to identify and prevent suspicious transactions and the procedural failures surrounding oversight of the accounts.

Deutsche Bank later agreed to pay $75 million to settle a lawsuit brought on behalf of Epstein’s accusers. The settlement received final judicial approval in October 2023. The agreement resolved the claims without a trial and should not be described as a judicial finding that the bank knowingly participated in Epstein’s crimes.

Deutsche Bank has acknowledged that accepting Epstein as a client was an error and has expressed deep regret over the relationship. It has also said that it cooperated with regulators and strengthened its financial-crime controls.

The financial penalties were substantial, but the case’s greater significance lies in what it revealed about institutional responsibility. Banks do not need to commit the underlying crime to become part of the infrastructure through which money supporting harmful activity moves.

What Banks Should Learn

The first lesson is that adverse information must affect the onboarding decision, not merely the client’s risk score. Labelling someone high risk while proceeding with the relationship can create the appearance of caution without addressing the core question: whether the bank should accept the client at all.

The second is that accounts must be reviewed as a connected network. A wealthy client may operate through companies, trusts, foundations, family members and employees. Monitoring each account in isolation can conceal patterns that become visible only when the relationships are aggregated.

Third, suspicious behaviour should be assessed contextually. Cash withdrawals, tuition payments, legal expenses and payments to models are not automatically improper. When they resemble publicly reported aspects of the client’s past conduct, they warrant greater challenge.

Fourth, termination requires its own controls. A bank should specify which services remain available during the exit, establish a firm deadline, restrict unusual transactions and escalate any attempt to use the wind-down period for substantial transfers or cash withdrawals.

Finally, accountability cannot stop with compliance staff. Senior management, business leaders and relationship managers must share responsibility for decisions involving exceptionally risky clients. Compliance cannot function as a ceremonial veto that the commercial organisation quietly works around.

Technology Will Not Resolve A Governance Failure

Banks increasingly use artificial intelligence, network analysis and automated transaction monitoring to identify unusual activity. These tools can help connect related entities, detect behavioural changes and prioritise alerts.

They cannot decide how much reputational risk an institution should accept. Nor can they force employees to investigate a profitable client rigorously, communicate committee decisions or close accounts according to schedule.

Poorly calibrated systems may also generate large numbers of alerts without improving judgement. Employees under pressure to clear queues can become accustomed to explaining transactions away rather than asking whether the wider relationship still makes sense.

Technology is most effective when supported by accurate ownership information, clear escalation routes and a culture that rewards meaningful challenge. The Epstein case contained numerous signals. The failure was not simply that the bank lacked data, but that it did not respond adequately to what it already knew.

The Real Lesson Of The Butterfly Trust

The Butterfly Trust account is a striking detail, but it should not distract from the larger failure. Deutsche Bank did not merely overlook one obscure trust structure. It maintained a broad relationship with Epstein and related entities despite his known history, processed activity that should have received greater scrutiny and took months to complete an exit it had already decided was necessary.

The case demonstrates why high-risk wealth management cannot depend on formal classifications alone. Trusts, companies and private accounts may all be legitimate, but they require the institution to understand who controls them, why they exist and whether their transactions fit the known purpose of the relationship.

A bank’s responsibility is not to determine guilt. It is to decide whether it can understand and manage the risks of providing financial services to a particular client. Deutsche Bank had enough information to recognise those risks. Its failure was allowing the relationship to continue after recognition should have led to firmer action.