High-net-worth clients can be high-risk clients

Know-your-customer policies should apply equally to all banking clients. However, ultra wealthy clients sometimes escape proper scrutiny. Here, the author describes why banks might fail to conduct due diligence on ultra-high-net-worth clients and the high-stakes pitfalls of underestimating their risks. 

In 2023, a U.S. federal judge approved a $290 million settlement between JPMorgan Chase and nearly 200 women who’d accused the bank’s longtime client, financier Jeffrey Epstein, of sexually abusing them as teenagers. According to the women’s lawsuit, JPMorgan — the largest bank in the U.S. — ignored red flags that Epstein was engaged in sex trafficking throughout his 15-year relationship with the bank. JPMorgan continued to provide banking services to Epstein even after he’d pleaded guilty to soliciting a teenage girl for prostitution in 2008. Epstein became a JPMorgan client in 1998 and remained a client until 2013, when the bank severed its ties with him. By that time, he was a registered sex offender in two U.S. states — New York and Florida.

But Epstein was wealthy and well-connected. His firm managed assets for billionaires, and he counted royalty, world leaders, celebrities and business tycoons as friends. And even if Epstein no longer banked with JPMorgan, he easily sailed through Deutsche Bank's onboarding process in 2013. In 2023, the German financial institution agreed to a $75 million settlement with 100 of Epstein’s accusers who said the bank facilitated his sex-trafficking operations. According to The Guardian, Deutsche Bank accepted Epstein while there were 40 sexual assault claims against him. He remained a Deutsche Bank client until 2018.

Epstein, who died in a jail cell in 2019 while awaiting trial on sex trafficking charges, maintained banking relationships despite widespread public knowledge of his wrongdoing. New York state’s financial regulator fined Deutsche Bank $150 million over its relationship with him in 2020. Internal disclosures from JPMorgan revealed that key executives ignored warnings about Epstein because he was considered a valuable customer. Epstein’s accounts showed evidence of potential money laundering. In 2024, The New York Times reported that Bank of America waited years after the fact to file Suspicious Activity Reports (SAR) with financial regulators regarding payments to Epstein from its client, billionaire investor Leon Black. The payments, totaling $170 million, occurred between 2012 and 2017. Bank of America filed the SARs in 2020, nearly six months after Epstein’s death.

Epstein exemplifies how wealth and influence can improperly shield ultra-high-net-worth clients from proper due diligence. The significant revenue he’d generated over the years enabled him to escape the usual scrutiny of know-your-customer procedures and transaction monitoring alerts. Because of their continued relationships with Epstein, JPMorgan and Deutsche Bank faced consequences beyond reputational damage with costly litigation and regulatory fines. Prioritizing profitability and relationships over rigorous compliance has serious risks.

Know-your-customer procedures should be uniform for all banking clients. But in practice, ultra-high-net-worth (UHNW) private-banking clients — generally defined as clients with at least $1 million in liquid assets — often get treated by a different standard. This column explains why this happens and what institutions must do to stop underestimating the risk.

A different set of rules

Private-banking clients — those with substantial assets, also known as high-net-worth and ultra-high-net-worth clients — receive a host of financial services often unavailable to personal-banking clients like investment advice and tax- and estate-planning services. Driving these private-banking services are financial institution relationship managers who ensure that the onboarding process for high-net-worth clients goes as smoothly as possible. But the imperative for a seamless experience may come at the expense of proper due diligence and compliance checks on the part of bank employees.

As demonstrated by Epstein’s relationship with Deutsche Bank, private-banking clients may sail through the onboarding process because they’re already well known, have large accounts and belong to a powerful network. Many times, the information they provide to the bank about their source(s) of wealth is vague, such as “liquidity from a prior sale” or “family trust.” And, as the 15-year banking relationship between Epstein and JPMorgan demonstrates, sometimes a client’s longevity with a bank can be a substitute for a risk assessment. A longstanding client relationship can lull financial institutions into a false sense of security. The risk is often underestimated or rationalized.

Where scrutiny often fails

Ultra-high-net-worth clients often use trusts, holding companies and opaque offshore structures to protect their assets. These tools are perfectly legal, but they’re designed for privacy, making it difficult to determine sources or owners of assets.

Documentation is often dense or incomplete. In some cases, institutions don’t go beyond asking for information about the trustee or legal contact. With this limited or complicated information, it can be easy to gloss over any red flags. The more complex the setup of a client’s assets, the easier it is for something important to escape attention.

Wealthy clients with multiple homes and properties in different countries and accounts in offshore holdings present jurisdictional challenges. A trust held in a country with laws that might protect the client’s privacy from law enforcement investigations or compliance team reviews makes it harder for banks to thoroughly monitor potential clients for red flags. While one jurisdiction might demand extensive disclosures, another might offer minimal transparency, making cohesive oversight nearly impossible for institutions operating primarily from a single regulatory standpoint. Moreover, private-banking clients often employ professionals skilled in creating complex structures for their clients’ assets to shield them from scrutiny.

Moreover, those with prominent governmental positions, also known as politically exposed persons (PEPs), introduce an additional layer of complexity as their positions make them vulnerable to bribery and corruption. Institutions may fail to adequately differentiate legitimate connections from those posing significant regulatory risks, especially when there are substantial assets intertwined with complex trusts. This intensifies difficulties in tracking relationships across international borders, amplifying the risk that potentially fraudulent financial activities will go undetected until substantial damage occurs.

Pressure within financial institutions to retain clients and keep them happy may contribute to applying less scrutiny to wealthy clients. Bonuses and promotions for relationship management teams often depend on client retention and satisfaction. In contrast, compliance teams may receive limited recognition for enforcing onboarding standards or uncovering nuanced risks in long-standing accounts. As a result, compliance professionals are incentivized to expedite reviews to maintain harmony within the organization rather than engage in meticulous due diligence that could jeopardize valuable client relationships. This incentive structure rewards relationship managers for smooth client integration and places compliance teams at odds with revenue-producing colleagues. Over time, this dynamic can significantly erode the rigor of KYC practices, creating an environment in which probing further is not only unwelcome but actively discouraged by internal organizational norms.

Some financial institutions underinvest in compliance resources, which exacerbates existing vulnerabilities. While private-banking divisions generate significant revenue, compliance departments rarely see proportionate increases in staffing or technological capability. Budget constraints frequently force compliance teams to prioritize immediate regulatory requirements over in-depth, proactive analyses. Consequently, comprehensive assessments of intricate UHNW arrangements don’t occur, leaving critical gaps that internal audits and surface-level reviews may adequately fail to address.

Data fragmentation also contributes to the situation. Information about high-value clients often resides across separate systems or databases managed by different internal departments. Without unified technology platforms that aggregate this scattered information, compliance officers must manually piece together complex client profiles. This manual assembly is inefficient and error prone, increasing the likelihood of missing crucial indicators of financial misconduct or suspicious activity.

Compliance versus reality

In many cases, compliance teams don’t work directly with clients to spot possible problems. Compliance teams are often busy reviewing summaries of documents instead of the full breadth of information available. In some cases, compliance teams might not even know that they’re missing this information.

Transaction monitoring systems generally focus on reviewing wires and transfers, not private placements, illiquid assets or high-end collectibles. A large movement into a fund or a family office might not trigger the system.

And when assets move slowly through the system or are complex, there might not be anyone watching them closely. Even internal audit teams, generally tasked with being a second line of defense, may struggle to evaluate these risks properly. Without a clear framework for analyzing trust structures or alternative assets, they often default to reviewing surface-level documentation. This leads to reports that appear complete but lack substance.

Empowering employees to better evaluate banking clients

Wealthy banking clients, especially longstanding clients, shouldn’t escape scrutiny, and banking staff at all levels — advisers, compliance and frontline staff must all be part of that process.

Advisers and frontline staff need better training to spot answers from clients that might be too polished or vague. Compliance should be a part of the process early on instead of stepping in to review information after the fact.

Financial institution management should consider how it defines risk for its wealthiest clients. For example, a wealthy client who’s using a complex structure in an offshore jurisdiction isn’t necessarily engaged in wealthy activity, but this means that they aren’t a low-risk client. These accounts should be treated with the same scrutiny as any other high-risk profile.

Finally, institutions should build internal capabilities to conduct structure analyses. This means training staff to understand trusts, alternative investments and cross-border ownership frameworks. It means investing in tools that can model layered ownership and identify indirect control. And it means shifting from a rules-based approach to one that reflects actual financial behavior.

Enhancing compliance capabilities requires targeted investments in advanced analytical technologies and dedicated training of staff. Financial institutions should consider adopting tools that can map complex ownership structures and detect subtle transactional irregularities indicative of financial misconduct. Additionally, compliance training should emphasize critical thinking and the identification of sophisticated evasion tactics, equipping compliance professionals to recognize and effectively investigate nuanced threats that may accompany UHNW relationships.

Effective risk management regarding UHNW clients depends on financial institutions making fundamental changes in both mindset and operational approach. Treating high-value clients as inherently trustworthy overlooks the evolving sophistication of financial criminals. Financial institutions must embrace compliance as a central, strategic function. Only by embedding rigorous due diligence processes into core operational frameworks can firms genuinely mitigate the hidden risks posed by significant wealth and sophisticated financial structures.

Brett Erickson, CFE, CGSS, WMCP, is a financial crime and compliance strategist with experience in wealth management, trust oversight and institutional risk. Certifications also include CAMS, CAMS-RM, GRCP, GRCA, IRMP, and four ICA-Specialist Certifications in financial crimes. Erickson is also an advisory board member of Loyola University-Chicago Law School’s Center for Compliance Studies. Contact him at bretterickson@live.com.