INVESTIGATION LINE 2: DEUTSCHE BANK KYC BREACH TIMELINE
Forensic Analysis of the Southern Financial LLC / Jeffrey Epstein Know Your Customer (KYC) Compliance Failure
Investigator: Independent Forensic Researcher
Database: the primary document text database (1,808,915 redactions; 107,422 extracted entities; 39,588 reconstructed pages)
Date of Report: 2026-02-05
Classification: Investigative Working Document
EXECUTIVE SUMMARY
This investigation reconstructs the internal Deutsche Bank (DB) compliance timeline surrounding the Know Your Customer (KYC) breach for Southern Financial LLC (internal code: SOUTHFINANMD), an Epstein-controlled entity. Analysis of text extracted from OCR layers of DOJ production documents reveals that DB's AML/KYC compliance apparatus identified a KYC breach on or around April 16, 2018, triggering an escalation chain involving at least 10 named compliance personnel. Despite this formal breach identification, DB had been servicing the Epstein relationship since August 26, 2013 -- and critically, continued servicing the accounts for months after the breach was formally identified. The bank was not fined until July 2020 ($150M by NYDFS), more than two years after the internal breach discovery.
The evidence establishes that DB maintained the Epstein banking relationship for approximately five years (2013-2018) despite:
- An initial RDC (Reputational Due Diligence Check) alert on Jeffrey Epstein generated as early as May 29, 2013 -- before the Southern Financial account was even fully onboarded
- Multiple KYC case reviews that were escalated, reassigned, and delayed
- A formal KYC breach declaration in April 2018
- Continued account activity (including credit derivatives trading with notional values of USD 10mm+) throughout the breach period
METHODOLOGY
All findings derive from text extracted from document text layers in DOJ-produced PDF documents, cross-referenced with extracted entities and reconstructed page content. EFTA numbers serve as unique document identifiers. Confidence scores for OCR recovery are noted where relevant.
CHRONOLOGICAL TIMELINE
Phase 1: Account Opening and Initial Red Flags (2013)
May 29, 2013 -- First KYC/AML Alert Generated
- The DB AML/KYC system (PWMUS AMLKYC) generated an alert on May 29, 2013 at 11:43 AM, before the Southern Financial relationship was formally established. This was routed through the centralized AML/KYC mailbox:
[email protected] (EFTA01299281).
June-August 2013 -- RDC Alerts on Jeffrey Epstein
- EFTA01299294 (p.1):
06/12/2013 10 54 AM and b/29/201.3 11:43 AM Jeffrey Epstein RDC Alert Jeffrey Epstein
- EFTA01299231 (p.0):
09/03/2013 04:32 PM Richard DKahn rdc alert and 09/04/2013 11:09 AM
- Multiple Reputational Due Diligence Check (RDC) alerts were triggered for Jeffrey Epstein, with Richard Kahn (Epstein's attorney and account manager for Southern Financial) specifically flagged. These alerts were processed through the KYC system but did not prevent account opening.
August 26, 2013 -- Southern Financial Relationship Established
- EFTA01472405 (p.0):
00000483290 483290 0016000000piPnF Banker 8/26/2013 SOUTHERN FINANCIAL RELATIONSHIP Clie
- The Southern Financial relationship was formally created on August 26, 2013, with banker code 483290. The account was assigned to primary officer Jj Litchford and secondary officer Paul Morris (EFTA01359500).
- Relationship Management Code: 82289 -- this code is associated with all Epstein-related accounts at DB.
September 2013 -- Post-Opening RDC Alert
- EFTA01299231 (p.0):
09/03/2013 04:32 PM Richard DKahn rdc alert
- Within days of account opening, another RDC alert was generated specifically naming Richard D. Kahn, the manager/trustee of Southern Financial. This alert was acknowledged but did not trigger account closure.
Phase 2: Active Banking Relationship (2013-2017)
November 19, 2014 -- AMLKYC Review
- An AML/KYC review was conducted. The account was not flagged for closure.
January 2015 -- Credit Derivatives Trading Active
- EFTA01368602 (p.0): Full credit derivatives transaction details recovered from hidden text:
- Counterparty: SOUTHERN FINANCIAL LLC
- Reference: FEDERATIVE REPUBLIC OF BRAZIL (sovereign credit default swap)
- Notional: USD 10mm (ten million dollars)
- Effective date: 14-Jan-2015
- Maturity date: 20-Mar-2020
- Deal rate: 100, Spread: 205 bps
- Market Value: $491,941
- DS9 provides the complete email record for this trade: EFTA00654057 contains the full email header confirming Daniel Sabba as the sender, with subject line "Trade Recap - 01/13/2014 - DB Sells $10mm FEDERATIVE REPUBLIC OF BRAZIL 20-Mar-2020 CDS @ 205 with SOUTHERN FINANCIAL LLC (live)" -- executed through DB London Branch. Follow-up at EFTA00699505 shows active position management: "With Petrobras downgrade, this closed at 228 / 232 on Friday. When you entered, it was 201 / 205. This is a pnl of approximately $120k."
- This document reveals that DB was actively executing complex credit derivatives through an Epstein-controlled entity, with maturities extending to 2020, well beyond any reasonable compliance horizon.
January 20, 2015 -- Valuation Statement
- EFTA01364928 (p.0):
Valuation Statement for SOUTHERN FINANCIAL, LLC as at 20 Jan 2015 - Request
- Regular valuation statements were being generated for the Southern Financial portfolio (Request ID: 182298). Dozens of such statements were recovered spanning 2014-2016 (EFTA01454985 through EFTA01459426).
February 17, 2015 -- Southern Financial Relationship Documented
- EFTA01398741 (p.3):
SOUTHERN FINANCIAL RELATIONSHIP 2/17/2015
- The relationship was formally documented and reviewed.
March 31, 2015 -- Brokerage Active
- EFTA01475372 (p.0):
Additional Brokerage Southern Financial LLC 3/31/2015 75 Brokerage (Commissions) 7500
- Active brokerage commissions being generated.
Phase 3: KYC Escalation and Breach Discovery (2016-2018)
2016 -- Onboarding Escalation: ONB-1135648 / LKYCGB-160049
- EFTA01357153 (p.0): Key escalation email recovered with high confidence (0.99):
``
To: Zack Bunimovich, AMLUK Reviews, Jesse-J Cruz, James Gladwin,
Kareen Johnson, Daniel-A Klyashtorny, Nina Tona, [Xavi]er Avila,
Davide-A Sferrazza
Subject: RE: Escalation: ONB 1135648 / LKYCGB 160049 / Southern Financi[al]
`
- ONB-1135648 -- Onboarding case number
- LKYCGB-160049 -- London KYC Global Banking case number
- Personnel on this escalation chain:
- Zack Bunimovich -- KYC analyst
- Jesse-J Cruz -- KYC reviewer
- James Gladwin -- KYC reviewer
- Kareen Johnson -- Compliance
- Daniel-A Klyashtorny -- Compliance
- Nina Tona -- KYC/Compliance lead
- Xavier Avila -- Senior compliance
- Davide-A Sferrazza -- Compliance
- Martin Zeman -- KYC compliance
- Ian Salters -- AMLUK Reviews
- Simon Nall -- Compliance
- Devshiji Odedra -- Compliance
- Ricky-x P[atel] -- Compliance
- Nicholas Hislo[p] -- Compliance
- EFTA01363026 (p.0): ccount-Openin[g] [Escalat]ion: ONB-1135648 / LKYCGB-160049 / Southern Financial L[LC]
- This reveals the escalation was specifically about the account opening process, meaning the original onboarding was being questioned.
- EFTA01362904 (p.0): Second major escalation email with the same distribution list, confirming this was a multi-round escalation that was not quickly resolved.
Concurrent: Southern Financial KYC Documentation Requests
- Personnel: Liam Osullivan, Davide-A Sferrazza, Joshua Shoshan
- EFTA01362751 (p.0): [Alastair] Mackinlay, Anthony Lentini, [Souther]n Financial LLC - KYC and credit derivatives/convertible bonds
- This reveals that the KYC review extended to the credit derivatives and convertible bonds portfolio, meaning compliance was aware of the complex financial instruments being traded.
"KYC is not happening" -- Internal Admission
- A blunt internal admission that the KYC process had stalled or was being blocked.
Southern Financial "Reboot"
- After the stalled KYC process, there was an attempt to "reboot" the Southern Financial compliance review, suggesting the original process had failed.
Phase 4: The KYC Breach Declaration (April 2018)
April 16, 2018, 11:56 AM -- KYC Breach Formally Identified
- EFTA01363001 (p.0): 16, 2018, 11:56
with RE: KYC Breach_SOUTH[FINANMD]
- EFTA01363054 (p.0): 16, 2018, 11:56
with RE: KYC Breac[h]_SOUTHFINAN[MD]
- EFTA01406915 (p.0): r 16, 2018, 11:56
-- confirming "Apr 16, 2018, 11:56"
The breach was formally declared on April 16, 2018 at 11:56 AM via an email chain with the subject line:
`
KYC Breach_SOUTHFINANMD_Southe[rn] Financial, LLC_FFT Location [I]
`
FFT Location indicates this was flagged as a
Financial Fraud/Terrorism location-based compliance issue.
April 16, 2018 -- Initial Breach Email Chain
The full email subject, recovered from EFTA01362996 (confidence 0.99):
`
Cc: Joe Aglione, Ian Salters, Nina T[ona], [Pankaj-A C]hopra,
NCAOTC Derivatives, Alka Gopala
Subject: RE: KYC Breach_SOUTHFTNANMD_Southe[r]n Financial, LLC_FFT Loca[tion]
`
Personnel on the breach notification:
| Name | Role (Inferred) | EFTA Evidence |
| ------ | ---------------- | --------------- |
April 16, 2018, 5:44 PM -- Continued Breach Discussion
- Xavier Avila was actively engaged in the breach discussion on the same day.
April 16, 2018, 7:34 PM -- Evening Email Chain
- EFTA01358461 (p.0): 018.07:34
with Malhotra Staker M[athew N]E: KYC Breach SOUTH[FINANMD]
- EFTA01362961 (p.0): 018 07.34
-- confirming the breach discussion continued into the evening.
April 17, 2018, 2:53 AM -- Overnight Escalation
- The breach discussion continued through the night with a 2:53 AM email, suggesting international (London) compliance involvement was engaged.
April 17, 2018, 8:10 AM -- Morning Follow-Up
- Morning follow-up on the breach, with the full distribution list reconfirmed.
April 17, 2018, 9:44 AM -- Continued Discussion
- The breach chain continued with additional discussion.
Phase 5: Post-Breach -- Continued Account Servicing (April-December 2018)
Critical Finding: Trading and Account Activity Continued
Despite the formal KYC breach declaration on April 16, 2018, the following evidence demonstrates continued account servicing:
May-October 2018 -- Active Account Balances (RM CODE 82289):
- EFTA01415223 (05/16/18): Southern Financial LLC - D - $396,015.00
- EFTA01415265 (05/15/18): Southern Financial LLC - D - $396,015.00 + second entry $2,029,601.20
- EFTA01415119 (06/07/18): Southern Financial LLC - D - $396,015.00
- EFTA01381246 (06/21/18): Southern Financial LLC - D - $532,186.86
- EFTA01415125 (06/25/18): Southern Financial LLC - D - $426,615 + $532,186.86
- EFTA01415196 (07/20/18): Southern Financial LLC - D - $533,630.09
- EFTA01415140 (07/25/18): Southern Financial LLC - D - $376,315.00 + $533,630.09
- EFTA01381149 (08/17/18): Jeffrey Epstein - N - $1,243,515.74; Southern Financial LLC - D - $376,315.00
- EFTA01413971 (08/28/18): Southern Financial LLC - D - $1,376,315.00 + $534,440.04
- EFTA01427866 (10/18/18): Southern Financial LLC - D - $1,187,706.86
These are Large, Zero and Negative Balances reports generated under RM CODE 82289, confirming the accounts remained fully operational for at least six months after the breach declaration.
2018 Account Planning -- Business as Usual
- EFTA01386924 (p.0): 2018 Account Planning - 2018 Account Planning - Southern Financial v2.docx
- A formal 2018 account planning document was created for Southern Financial, indicating the bank was actively planning future business with the entity even as the KYC breach remained unresolved.
2018 Periodic Review
- EFTA01406280 (p.1): RE: 2018 Periodic Review of Accts Southern Financial
- Personnel: Liam Osullivan, Bradley Gillin, Stewart Oldfield, Mayur Rathod
- A periodic review of the Southern Financial accounts was conducted in 2018, involving senior relationship managers.
KYC Case Reviews Continued to Stall
- EFTA01378580 (p.0): Assistance Required in solving [i]n KYC Case$10194682S [I]
(interest score: 67.64 -- highest of all KYC-related reconstructed pages)
- KYC Case #0165178 (EFTA01363167): Please attach to kyc case 0165178
-- manual document attachment requests indicate a chaotic paper trail.
KYC Rejection
- A KYC case was formally rejected, but this did not result in immediate account closure.
- Confirmation that KYC cases were being rejected but the relationship continued.
September 2018 -- Trade Activity Continues
- EFTA01369327/01369328 (p.0): Trade details prepared on 09/12/2018
- Trading activity continued through September 2018.
REASSIGN NEEDED -- Compliance Shuffling
- EFTA01408641 (multiple pages): REASSIGN NEEDEDFW: SOUTHERN FINANCIAL LLC - ONB-1010155
- ONB-1010155 -- A second onboarding case number for Southern Financial, different from ONB-1135648
- The "REASSIGN NEEDED" designation across 21 pages of email chain indicates the compliance case was being shuffled between personnel, a classic marker of institutional avoidance.
Phase 6: Account Closure (Late 2018 - Early 2019)
December 2018 -- Accounts Begin Closing
- EFTA01413997 (p.2): 12/12/2018
-- date reference in account activity
- EFTA01432198 (RM CODE 82289, 01/14/19): Last known balance report shows Southern Financial LLC still active with balance of $0.00 alongside other Epstein entities (Gratitude America $2,232,836.20; Zorro Management $255,511.05; The Haze Trust $8,789,938.49; Butterfly Trust $357,146.85)
February 2019 -- Final Wind-Down
- EFTA01432142 (02/06/19): Southern Financial LLC - D - $2,924,080.14
- This extraordinarily large balance in February 2019 suggests a final settlement or position unwind.
CIB Offboard List
- Evidence that the client was eventually placed on the Corporate & Investment Banking offboard list.
Phase 7: Regulatory Action (2020)
- On July 7, 2020, the New York State Department of Financial Services (NYDFS) imposed a $150 million fine on Deutsche Bank for, among other failures, its relationship with Jeffrey Epstein. The Consent Order documented that DB had failed to properly monitor the Epstein relationship and had processed hundreds of millions of dollars in suspicious transactions.
KEY PERSONNEL ANALYSIS
The Breach Email Chain (April 16-17, 2018)
| Person | Appearances | Role Evidence | First Appearance |
| -------- | ------------ | --------------- | ----------------- |
| Shawn Staker | 16+ entries | CC'd on all breach emails, consistent presence | EFTA01358461 |
| Xavier Avila | 30+ entries | Primary recipient in later chain; also on original escalation ONB-1135648 | EFTA01353544 |
| Mathew Negus | 25+ entries | CC'd on breach; involved in SF [I] (Southern Financial) thread extensively | EFTA01356960 |
| Joe Aglione | 5 entries | CC'd on breach notification; NCAOTC connection | EFTA01358461 |
| Nina Tona | 35+ entries | Central compliance figure; on both escalation and breach chains | EFTA01355937 |
| Martin Zeman | 25+ entries | CC'd on breach; KCP Bible action plan; extensive SF involvement | EFTA01356961 |
| Alka Gopala | 8 entries | NCAOTC Derivatives representative on breach chain | EFTA01358382 |
| Alastair Mackinlay | 20+ entries | Senior oversight; on SF [I] thread; Southern Financial LLC ONB-1010155 | EFTA01356940 |
Supporting Personnel
| Ian Salters | AMLUK Reviews; on both escalation and breach chains |
| Zack Bunimovich | KYC analyst; led original ONB-1135648 escalation |
| James Gladwin | KYC reviewer on escalation |
| Kareen Johnson | Compliance; on escalation chain |
| Liam Osullivan | Relationship management; Southern Financial KYC Docs |
| Joshua Shoshan | KYC documentation collection |
| Davide-A Sferrazza | Compliance; on both escalation and breach |
| Rita Shteynberg | Compliance; SF [I] thread |
| Anthony Lentini | Compliance; KYC and credit derivatives review |
| Zbynek Kozelsky | Southern Financial case handler (026161) |
| Stewart Oldfield | Senior relationship manager; 2018 Periodic Review |
| Bradley Gillin | Relationship management; Daily Deposit Reports |
| Mayur Rathod | KYC reviewer; the person whose KYC review was "rejected" |
| Vaishali-P Mehta | Southern Financial Relationship assessment |
| Bella Klein | Epstein's personal accountant; processed transactions through DB |
| Richard Kahn | Epstein's attorney; manager of Southern Financial LLC |
DOCUMENT INVENTORY: KYC BREACH CHAIN
Core KYC Breach Emails (Subject: "KYC Breach_SOUTHFINANMD_Southern Financial, LLC_FFT Location")
| EFTA Number | Pages | Key Content | Date Evidence |
| ------------- | ------- | ------------- | --------------- |
| EFTA01356960 | 0 | To: Mathew Ne[gus]... Subject: RE: KYC Breach | 2015 0R 10 (corrupted) |
| EFTA01356961 | 0 | RE: KYC Breach, Martin Zeman, Alka G[opala] | 16 2018 11 56 |
| EFTA01358382 | 0 | Malhotra, Ma[thew] Stake[r] RE: KYC Breach SOUTHFI[NANMD] | 2018. 07: 4[PM] |
| EFTA01358461 | 0 | Malhotra Staker M[athew] E: KYC Breach SOUTH | 018.07:34 |
| EFTA01362961 | 0 | Full subject: KYC Breach SOUTHFINA[NMD]... FFT Location | 018 07.34 |
| EFTA01362996 | 0 | Most complete header: Joe Aglione, Ian Salters, Nina Tona, Chopra, NCAOTC Derivatives, Alka Gopala | -- |
| EFTA01363001 | 0 | Jimmy-H Xu, Mathew Ne[gus], J[oe] A[g]li[one] | 16, 2018, 11:56 |
| EFTA01363002 | 0 | ash Malhotra... RE: KYC Breach_SOUTH[FINANMD] | -- |
| EFTA01363048 | 0 | Xavier Avila, Mathew Negus, Joe Aglione, Nina Ton[a] | 2 53 54 AM |
| EFTA01363052 | 0 | To: Mathew Ne[gus]... Cc: Joe Aglione Subject: RE; KYC Breach | -- |
| EFTA01363054 | 0 | NCA[OTC], Alka Gopala... KYC Breac[h]_SOUTHFINAN[MD] | 16, 2018, 11:56 |
| EFTA01399702 | 0-9 | 9-page email chain: Akash Malhotra, Shawn Staker, Pankaj-A Chopra | 7, 2018, 09:44 |
| EFTA01401922 | 0-1 | Xavier Avila, Shawn Staker; +1 917 8541256 (phone) | -- |
| EFTA01406842 | 0-1 | To: Akash Malhotra Cc: Shawn Staker... RE: KYC Breach_SOUT[HFINANMD] | -- |
| EFTA01406845 | 0-4 | Full chain with Negus, Pankaj-A Chopra, Zeman | pr 17, 2018, 2:53 AM |
| EFTA01406857 | 0-6 | To: Xavier Avila Cc: Sha[w]n Staker; Pankaj-A [Chopra]; Gopala; Nina Tona; Martin Zeman | -- |
| EFTA01406871 | 0-7 | Most complete chain: All personnel, NCAOTC Derivatives | 17, 2018, 08:10 |
| EFTA01406881 | 0-6 | To: Akash Malhotra Cc: Shawn Staker... Pankaj-A Chopr[a]; Nina Tona; Mathew Negus | -- |
| EFTA01406915 | 0-3 | From: Akash Malhotra (confirmed sender), r 16, 2018, 11:56 | Apr 16, 2018 |
| EFTA01406948 | 0-4 | To: Akash Malhotra Cc: Shawn Staker... Mathew [Negus]... Pankaj-A Chopr[a] | -- |
Escalation Chain Documents (ONB-1135648 / LKYCGB-160049)
| ------------- | ------------- |
| EFTA01357150-01357168 | Original escalation chain, multiple pages |
ANALYTICAL CONCLUSIONS
The evidence shows a pattern of incremental awareness:
- May 2013: First AML/KYC alert generated
- June-September 2013: Multiple RDC alerts on Jeffrey Epstein and Richard Kahn
- 2016: Formal escalation of ONB-1135648 / LKYCGB-160049 involving 15+ compliance personnel
- April 16, 2018: Formal KYC breach declared
The gap between the 2016 escalation and the 2018 formal breach declaration represents approximately two years of institutional delay. The internal admission that "kyc is not happening" (EFTA01362456) and the "Southern Financial reboot" (EFTA01369369) confirm that the compliance process was stalled and restarted, rather than acted upon.
2. DB Continued Servicing Accounts After Breach Identification
The financial records under RM CODE 82289 demonstrate uninterrupted account activity from April 2018 through at least January 2019:
- Monthly balance reports continued without interruption
- Southern Financial maintained balances ranging from $289,515 to $2,924,080
- The Haze Trust (another Epstein entity) maintained balances exceeding $49 million
- Trading activity (credit derivatives, trade details) continued through at least September 2018
- A 2018 Account Planning document was created, indicating forward-looking business development
This represents a minimum 8-9 month period of continued banking services after the KYC breach was formally declared.
3. The Compliance Apparatus Was Structurally Overwhelmed
The evidence reveals:
- At least 3 separate KYC case numbers (01946825, 01977698, 01977695) were open simultaneously
- 2 separate onboarding case numbers (ONB-1135648, ONB-1010155) existed for the same entity
- Multiple REASSIGN NEEDED flags across 21 pages indicate case shuffling
- The "GM KCP Bible - Action Plan" email thread (10+ documents) suggests compliance was creating procedural documentation rather than taking action
- The "KYC Priority List" (EFTA01358471) indicates Southern Financial was one of many problematic accounts being triaged rather than resolved
4. NCAOTC Derivatives Involvement Indicates Revenue Motivation
The presence of NCAOTC Derivatives (Non-Cleared/OTC Derivatives) personnel (Alka Gopala, Pankaj-A Chopra) on the breach notification chain indicates that the KYC breach had implications for revenue-generating derivatives trading. The Brazil sovereign CDS with USD 10mm notional (EFTA01368602) demonstrates that Southern Financial was not merely a deposit account but an active derivatives counterparty generating significant fees and market exposure.
5. The Timeline Demonstrates Systemic Failure, Not Isolated Error
| First AML/KYC alert | May 29, 2013 | -- |
| Account opened | August 26, 2013 | 89 days after first alert |
| RDC alert on Richard Kahn | September 3, 2013 | 8 days after opening |
| First known escalation (ONB-1135648) | ~2016 | ~3 years of unreviewed activity |
| "KYC is not happening" admission | ~2016-2017 | -- |
| "Southern Financial reboot" | ~2017 | Process restart after failure |
| Formal KYC breach declared | April 16, 2018 | ~5 years after account opening |
| Last known active balance | February 6, 2019 | ~10 months after breach |
| DB fined by NYDFS | July 7, 2020 | ~27 months after breach |
6. Failure by Design or Negligence?
The evidence supports a conclusion of systemic institutional negligence with elements of willful blindness, rather than a deliberate conspiracy to enable Epstein. Specifically:
Indicators of negligence:
- The sheer number of compliance personnel involved (25+) demonstrates that the system was aware of the problems
- Multiple escalation chains, case numbers, and reassignments indicate bureaucratic dysfunction rather than suppression
- The "KYC is not happening" and "reboot" references suggest frustration within compliance ranks
Indicators of willful blindness:
- The account was opened despite pre-existing RDC alerts
- Compliance escalations were repeatedly delayed, reassigned, and restarted over a period of years
- The KYC breach declaration did not trigger immediate account suspension or closure
- Revenue-generating derivatives trading continued after the breach
- A 2018 Account Planning document was created, indicating the business side was planning to grow the relationship even as compliance had declared a breach
- The "SF [I]" coded references (60+ documents) across compliance discussions suggest the Southern Financial issue was a well-known, ongoing concern that became normalized within the institution
Overall Assessment: Deutsche Bank's compliance apparatus functioned as a
friction mechanism rather than a
gatekeeping mechanism. It generated documentation, escalation chains, and case numbers sufficient to create an appearance of oversight, while the revenue-generating business operations continued unimpeded. The 25+ compliance personnel involved were individually performing their procedural duties, but the system was designed to process compliance as a bureaucratic workflow rather than a binary pass/fail gate. The result was that a convicted sex offender maintained an active, complex banking relationship including derivatives trading for approximately five years, during which time the compliance function generated hundreds of pages of documentation without achieving the fundamental goal of the KYC regime: to actually know and appropriately manage the risk of the customer.
APPENDIX A: Key Email Addresses Recovered
APPENDIX B: Epstein Entity Account Balances at DB (RM CODE 82289)
From EFTA01381246 (06/21/18) -- representative snapshot:
| Jeffrey Epstein | N | $1,224,163.61 |
| Darren K. Indyke PLLC | D | $243,363.55 |
| HBRK Associates, Inc | D | $211,289.05 |
| Southern Trust Company, Inc. | M | -- |
| Butterfly Trust | M | $733,701.04 |
| Gratitude America, Ltd | M | $323,223.15 |
| Darren K. Indyke PLLC - [Trust] | M | $267,972.25 |
| The Haze Trust | D | $49,460,098.13 |
| Southern Financial LLC | D | $532,186.86 |
| Southern Trust Company, Inc. | D | $102,625.90 |
Total visible balances across Epstein entities: >$53 million (as of a single date in mid-2018)
APPENDIX C: EFTA Document Range Summary
| EFTA Range | Document Type | Count |
| ------------ | -------------- | ------- |
| EFTA01298802-01299318 | Early RDC alerts and KYC system alerts | ~10 |
| EFTA01355649-01356961 | KYC HR Remediation, Escalation Reports, initial breach | ~30 |
| EFTA01357132-01358461 | Escalation ONB-1135648/LKYCGB-160049, breach chain | ~25 |
| EFTA01362456-01364103 | "KYC not happening", breach chain, KYC Docs, case files | ~60 |
| EFTA01378580-01388746 | KYC case reviews, 2018 HR KYCs, rejections | ~40 |
| EFTA01399055-01402000 | KYC Tracker, breach continuation, SF [I] thread | ~50 |
| EFTA01406280-01409736 | Periodic Review, REASSIGN NEEDED, final breach chain | ~40 |
| EFTA01454985-01477330 | Valuation statements, relationship records | ~50 |
Total KYC breach-related documents identified: ~375+ unique EFTA numbers
APPENDIX D: DS9/DS11 REVISIT FINDINGS (2026-02-12)
DS9 full-text search reveals substantial new evidence supplementing the DS10-based analysis above. The following corrections and additions apply:
Correction 1: Derivatives Termination Timeline
DS9 reveals (EFTA00169436) that the ISDA Master Agreement and GMRA contracts for Southern Financial LLC (PLM 640310/739190) and Southern Trust Company Inc (PLM 640330/752070) were being terminated in November 2016 -- approximately 17 months before the April 2018 KYC breach. The derivatives book was wound down before the KYC breach, while deposit accounts and other activity continued.
Correction 2: Revenue Estimate
The civil complaint against Deutsche Bank (EFTA00161958, 163 pages) states that "Deutsche Bank estimated that it would earn between $2,000,000 to $4,000,000 annually" from the Epstein relationship.
Correction 3: Total Assets Under Management
The original report estimated ~$53M based on single-date balance snapshots. DS9 provides (EFTA00165748) the total figure: $220,000,000 in "Total Assets within Bank" for the "Southern Financial Relationship" as of April 8, 2014. An internal email (EFTA00128826) states: "Jeffrey Epstein is worth roughly $[1]B and currently has about $230MM here at the bank and we are expecting at least another $100MM from him within the next few months... he is a very important client."
Addition 1: FBI Witness Interviews
- EFTA00128765 (15 pages): FBI FD-302 interview of Amanda Kirby (8/10/2021), Paul Morris's relationship coordinator. Kirby "felt uncomfortable from day one of EPSTEIN being onboarded as a client," described Morris as "insecure and a back-handed manipulator," confirmed KYC for Epstein was "high risk" and that she identified a trust beneficiary as a co-conspirator but the account was opened anyway.
- EFTA00128968 (5 pages): FBI FD-302 interview of Cherie Quigley (10/10/2019), AML monitoring officer using the PRIME system. Quigley admitted: "Looking back, maybe a SAR should have been filed on EPSTEIN."
Addition 2: Paul Morris -- Prince Andrew Dismissal
EFTA00128837: Morris email to Troy Williams (Jan 5, 2015): "Troy the stories about Prince Andrew have been popping up in the press for years. I will post the team if there is anything that has changed." Morris was actively dismissing reputational risk concerns.
Addition 3: 13.7 Million Ruble Wire to Moscow
EFTA00128809: Wire memo from Darren Indyke to Amanda Kirby instructing a wire of 13,700,000 rubles to AO Raiffeisenbank, Moscow, Russia from an Epstein account. "Please call Bella Klein if you have any questions."
Addition 4: Key New Personnel
| Armen Brash | EFTA00128804 | KYC compliance -- discussed escalation with Patrick Harris |
| Monifa Crawford, JD | EFTA00128810 | AML Compliance Officer, DB Securities Inc., Jacksonville FL |
| Cherie Quigley | EFTA00128968 | AML monitoring, PRIME system operator |
| Troy-D Williams | EFTA00128837 | DB compliance, flagged Prince Andrew press to Morris |
| Roddy Moore | EFTA00169436 | Business Risk Management, derivatives termination |
Addition 5: NYDFS Consent Order
EFTA00151495 (37 pages): The complete $150M NYDFS Consent Order, signed by Linda A. Lacewell (Superintendent) and DB Global Head of Litigation Joe Salama. DB agreed not to claim a tax deduction on the penalty and to provide "Full and Complete Cooperation."
Addition 6: Civil RICO Allegations
EFTA00161958 (163 pages): Civil complaint names Charles Packard, Patrick Harris, Paul Morris, and Jan Ford as participants in an "association-in-fact" enterprise that facilitated Epstein's sex trafficking. "Packard and Morris did not make any contemporaneous record of their meeting with Epstein. The reason they did not make a record of Epstein's denials was that any such record would have been utterly implausible."
This report was generated through forensic analysis of text extracted from document text layers of DOJ production documents in the Epstein files. All findings are based on extracted text and should be verified against original source documents where available. DATA QUALITY NOTE: A data quality audit confirmed ~98% of 'bad_overlay' records are OCR noise from degraded scans. Text searches remain valid for identifying document content.