The Context
On 19 December 2025, the US Department of Justice released thousands of documents related to Jeffrey Epstein. This followed a separate release of 20,000 pages from his estate by the House Oversight Committee in November. This is not a historical footnote. It is a live, rolling disclosure of a criminal enterprise’s network. The strategic angle is the exposure of institutional complicity—the law firms, financial institutions, and corporate entities that knowingly or negligently enabled the operation. For a New Zealand Director, the risk isn’t proximity to Epstein; it’s the structural parallel of what happens when powerful networks are protected.
The Risk
Your personal liability stems from a failure to inquire. Under the Companies Act 1993, a director’s duty to act in good faith and in the best interests of the company (s 131) includes a duty to prevent the company from being used as a vehicle for, or an accessory to, unlawful conduct. If your company’s services (legal, financial, logistical) are leveraged by a client engaged in serious criminal activity, and you turned a blind eye, you have breached your duty. The Privacy Act 2020 is also a trap: mishandling or failing to report a data breach involving such sensitive client information could trigger penalties of up to $10,000 for an individual. The reputational contagion is terminal. Association, however tangential, with a network of this nature destroys stakeholder trust and market value overnight. You will be judged not for what you did, but for what you chose not to see.
The Control
Governance is the act of asking uncomfortable questions before they are asked of you in a Select Committee or courtroom. This is not about compliance checklists; it is about moral and strategic due diligence on the networks your organisation enables.
Which of our top-tier clients or partners has undergone enhanced due diligence in the last 24 months specifically for integrity risks beyond basic financial crime?
What is our formal, board-approved protocol for when a senior employee or major client is publicly named in a scandal involving serious criminal allegations?
Do our whistleblower policies explicitly protect and provide a clear pathway for reporting concerns about client conduct, not just internal employee misconduct?