WIXLIB

Chartwell Personnel AnnouncementsChartwell Conducts Leadership TrainingOn the Gettysburg BattlefieldEight future leaders from Chartwell took to the field by horseback and footfor the company’s annual leadership development training at the GettysburgCivil War battlefield. The two-day program was led by Colonel Tom Vossler,a 30-year veteran of the U.S. Army, and joined by a former Superintendentof Gettysburg National Military Park, John Latschar. The training followeda U.S. Army “staff ride” format of experiential learning, which draws on allparticipants to critically analyze situations and decisions on the battlefield.The group translated what it learned into how we can become better leadersfor our business and our customers. We explored issues such as decisionmaking under duress or fogs of war; taking self-initiative and risks; communicating vision and intentions; coordinatingefforts; managing supply chains; showing good character; and other themes.Chartwell Travels To Japan For Immersion TrainingIn Kaizen Continuous Improvement PracticesChartwell is constantly making efforts to improve the quality and efficiencyof the company as a whole, and to empower its employees to improve ourwork environment. For this purpose, seven Chartwell employees from seniormanagement, consulting and operations traveled to Japan for nine days in late Julyto be immersed in Kaizen continuous improvement training. When not in full-daysimulation exercises and workshops, our team toured Toyota, Yanmar and othermanufacturing facilities to learn from the world’s best implementers of the Kaizentotal quality control business philosophy. Kaizen experts, including the formergeneral manager of Toyota’s most successful production facility, led our training.Going forward, we have adopted the principles of Kaizen as an integral part ofour corporate ethos to be able to provide sustained excellence to our customers,partners and employees. We have scheduled a series of planning sessions andKaizen trainings for the year ahead, including a follow-up immersion in Japan, andhired both a Kaizen manager and systems automation architect out of First Data.CHARTWELL NAMED FINALIST AND WINNERChartwell Has Been Named The Winner Of CorporateLivewire’s Fintech Excellence Awards For Excellence InRegulatory Compliance & Risk ManagementThe Corporate LiveWire Awards is aninternational awards program recognizingstandout companies within the FinTechsector. These awards take an in-depthlook at the growing FinTech sector tocelebrate and reward companies that demonstrate industry leading innovationand excellence. Chartwell was selected as a winner for serving as a unique enablerfor payments organizations seeking to enter the American market and navigate itsregulatory hall of mirrors.CHARTWELL COMPASS AUGUST 2015 ICBA5The 2015 Healthiest Company AwardsChartwell has beennamed a finalist forSmartCEO’s HealthiestCompany Awards.Selected from apool of nearly 50nominees, Chartwell is one of five finalists in the 1-49employees category. The Healthiest Company Awardsprogram honors companies that have demonstrated acommitment to their employee populations throughhealth and wellness programs.CHARTWELLCOMPLIANCE.COM

Does YourComplianceProgramContain theEssential FiveElements?By Kris Welch, CRCM, CAMSThe five elements are: Leadership Risk Assessment Standards and Controls Training and Communications OversightLeadershipThis point means more than the “Toneat-the-Top; a successful complianceprogram must be built on a solid foundation of ethics that are fully and openly endorsed by the company’s seniormanagement. Management’s commitment to compliance should be unambiguous, visible and active. Even moreimportant than support or the righttone, compliance standards requirecompanies to have a high-rankingcompliance officer with the authorityand resources to manage the programon a day-to-day basis. The complianceofficer must also have unrestricted access and a direct reporting line to thoseresponsible for the corporate conduct,including the board of directors.Valuable questions regarding theleadership of a compliance programare: How is board oversight implemented? Does the company have anethics or audit committee reporting tothe full board? What is the role of theChief Compliance Officer? What is therole of the company’s General Counsel?How do the legal and compliance departments interact? Does the ChiefCompliance Officer have “real power”?The Board of Directors equally, has akey role to fulfill. The Board must ensure compliance policies, systems andprocedures are in place. The board isalso responsible for providing the resources needed to effectively implement the compliance program. Additionally, the Board should monitor theimplementation and effectiveness ofthe compliance program by: Being actively involved; Attending Board meetings; Reviewing, considering andevaluating the informationprovided; Inquiring further when presentedwith potential issues or questionablecircumstances; As soon as the Board is aware, itshould act on potential complianceissues; and Regularly receiving complianceCHARTWELL COMPASS AUGUST 2015 ICBAbriefings and trainings6Risk AssessmentThe implementation of an effectivecompliance program is more than simply following a set of compliance regulations or providing effective training.Compliance issues touch many areasof the company and you need to know:not only what your highest risks are,but where to focus your efforts to mitigate them and move forward. A riskassessment is designed to provide a bigpicture of your overall compliance obligations and then identify the areas ofhigh risk in order to prioritize and allocate your resources to the appropriateareas first.What are some of the areas whereyou need to assess your risks? Products and services; Customers and entities; Geographic Locations; Business Opportunities andPartnerships; and Transaction RiskIn addition to an initial risk assessment used to either: (1) develop yourcompliance program, or (2) help youidentify high risks and prioritize theirCHARTWELLCOMPLIANCE.COM

It is important to pay attention towhat employees say during training.This is because training can alert you topotential problems based on the typesof questions employees ask and theirlevel of receptiveness to certain concepts.Oversightremediation, risk assessments shouldbe a regular, systemic part of the compliance efforts rather than an occasional ad hoc effort exercised when convenient or after a crisis has occurred. It isrecommended the risk assessments beprepared close to the same time eachyear or prior to when new products orservices are introduced. Annual riskassessments act as a strong preventivemeasure if they are performed beforesomething goes wrong and help youavoid a “wait and see” approach.Standards and ControlsGenerally, every company has threelevels of standards and controls: (1)Code of Conduct – a must have for eachcompany expressing its ethical principles. However, a Code of Conduct isnot enough. (2) Standards and Policies–policies in place that build upon thefoundation of the Code of Conduct andarticulate Code-based policies, whichshould cover such issues as bribery,corruption, and accounting practices.(3) Procedures – enabling applied procedures to confirm the policies are implemented, followed and enforced. Thepurpose of establishing effective standards and controls is to demonstratethat your compliance program is morethan words on a piece of paper.Training and CommunicationAn important pillar of a strong compliance program is properly trainingcompany officers, employees and thirdparties on relevant laws, regulations,corporate policies and prohibited conduct. There are several key elements totraining. First, you need to train the rightpeople. You must prioritize which audience to educate by starting your trainingprogram in higher risk areas and focusing on directors, officers and sales employees. Second, for high-risk industriesit is recommended to provide in-personannual training for employees and thirdparties. Enforcement officials have madeit clear, the most effective training ispresented in-person, regularly and frequently. Another benefit of in-persontraining is the immediate feedback fromthe audience, which would be much lesslikely to occur during a webinar or otherremote training. Lastly, during in-person training, employees are more likelyto make casual mention of a potentialrisky practice, giving the company theopportunity to address the situation before it becomes a larger problem.Even after all the important ethicalmessages from management have beencommunicated to the appropriate audiences, and essential standards and controls are in place, the key question is:are your employees following the company’s compliance program?Monitoring is a commitment to ongoing assessment of compliance programs, detecting issues in real time andthen reacting quickly to remediate thefindings. Reviewing is a more limitedprocess that targets a specific businesscomponent, region or market sector during a particular time period inorder to uncover and/or evaluate certain risks.Finally, what are your remediationefforts? Your company should remediate problems quickly. A key conceptbehind the oversight element of compliance is that if a company is policing itself on compliance-related issues,the regulators will not have to do it forthem. Remediation, then, is an important component of oversight. It is notenough to just gather information andidentify compliance problems throughmonitoring and reviews. To fulfill thisessential element of a compliance program, you also have to respond and fixthe problems.By following the “Five Essentials Elements” approach, your company canvirtually meet any legal requirementyou come up against by doing businessanywhere in the world.Kris Welch, CRCM, CAMS, is a long time banker and financial services consultant with over 25 years experience in regulatorycompliance, risk assessments, financial institution branch management, and real estate appraisal. As a former Bank Secrecy Act/Audit Project Leader with Wells Fargo, Kris has established, coordinated and maintained effective financial institutioncompliance and reporting programs. Please contact Kris at KrisWelch@chartwellcompliance.com.CHARTWELL COMPASS AUGUST 2015 ICBA7CHARTWELLCOMPLIANCE.COM

Speaking & Sponsoring EngagementsChartwell Compliance Sponsors Money2020OCTOBER 25-28, 2015, LAS VEGASChartwell Compliance’s Daniel Weiss, Rob Ayers, Elaine Burks and Iman Boussaada will beattending the fourth annual Money2020 conference in Las Vegas.Daniel will be speaking as a panelist on Sunday, October 26th, 2015 at 3:10pm in a session entitled:“State Money Transmitter Licensing Laws: Are They Killing Payments Industry Innovation?”Chartwell will also be sponsoring the event for the third year in a row and distributing a specialedition of the company’s widely read publication Compass; Chartwell will be joining 10,000anticipated attendees from 3,000 companies and 75 countries.Money2020 brings together the worldwide community of innovators who are disrupting the way inwhich consumers and businesses manage, spend and borrow money, and explores the macro trendsthat form the underlying common thread of innovation, such as the mobile Internet, platformconnectivity and interoperability, and consumer empowerment. FOR MORE INFORMATION PLEASE VISIT MONEY2020.Chartwell Compliance To Sponsor Money 2020 EuropeAPRIL 4-7, 2016, COPENHAGENChartwell Compliance’s Daniel Weiss, Rob Ayers, Elaine Burks and Iman Boussaada will beattending Money 2020 Europe along with approximately 2,000 anticipated attendees. A specialedition of the widely read publication, Compass will also be distributed to attendees. FOR MORE INFORMATION PLEASE VISIT: MONEY2020 EUROPE.CHARTWELL COMPASS AUGUST 2015 ICBA8CHARTWELLCOMPLIANCE.COM

Business Model for a Terrorist OrganizationBy Dennis M. Lormelflow of funds in and out of their organizations, financial institutions are on thefront line for detecting terrorist financing. Taking a step back and adopting aproactive mindset, financial institutionanti-money laundering (AML) compliance departments should compile alist of known terrorist organizations,especially groups who could be usingthat financial institution to facilitatethe movement of funds. The list shouldbe prioritized by the level of threat thegroup presents to national security andthe potential risk the institution has facilitating transactional activity for theterrorist group. To the extent practicable, financial institutions should thenbuild a generalized organizational business model for terrorist groups. Thisexercise would result in identifying redflags for financial institutions to focuson to monitor for terrorist financing.The business model should containfive components:Mission statementOverviewIt has been said many times that thelifeblood of a terrorist organization isfinance. If we liken a terrorist organization to a corporation, business planning would be an essential ingredientfor obtaining support and measuringsuccess. In one sense, a terrorist organization is a business. In that vein, whoare the potential stakeholders? Jihadist stakeholders would include: Groupmembers, wealthy donors, businessfronts and/or facilitators, recruits, likeminded jihadist organizations, financial institutions, etc.A successful business would have abusiness plan. In order to succeed, abusiness must have adequate fundingto sustain its operations. Since a jihadist organization, as a business, musthave the ability to raise, move, store andspend money, it must have access to theformal and/or informal financial system. Therefore, establishing a customerrelationship with financial institutionsis critically important. From a business perspective, financial institutionsshould look at terrorist organizationsand terrorist operatives as possiblecustomers. As part of the due diligenceprocess, it would be prudent for financial institutions to obtain the businessplan of their professional clients.As a global society, we are at a pointin time where the threat of terrorism isconstant. Consequently, because of thedemand that jihadist groups sustain theCHARTWELL COMPASS AUGUST 2015 ICBA9What is the mission of the jihadistgroup? Is it to establish a caliphate; doesit want to operate as a transnational, regional, or national organization; whereis the group’s base of operations; whatis its organizational structure; and whatare its sources of funds?Desired infrastructureTo accomplish its mission a terrorist organization must build an infrastructure to support its operations. Ifit wants to establish a state like Hizballah or Hamas, does it require a militarywing, a political wing, and/or a socialwing? If it wants to be like the IslamicState of Iraq and the Levant (ISIL) andform a caliphate, does it require fundsfor governance and funds to support itsfighters?Funding requirementsIn order to build the desired infrastructure and establish its capacity, aterrorist organization must identifyCHARTWELLCOMPLIANCE.COM

“The jihadists’ plan is to firstestablish an emirate that they canrule under jihadist principles, andthen, use that state as a launchingpad for further conquests [.]”STRATFOR INTELLIGENCE REPORTits funding requirements. How muchmoney will it take to support the infrastructure? How steady will the flow offunds have to be to sustain operations?The jihadist group must have the abilityto raise, move, store and access moneyas needed.Funding sourcesOnce the funding requirements areidentified, the terrorist organizationmust develop funding sources. Themore robust and diverse the fundingsources, the more likely operations willbe sustained and the group will succeed. The source of funds would likelybe derived from licit and illicit frontsand must be sufficient to support infrastructure and capacity.Funding mechanismsThe bases of operations for most jihadist groups are in countries or regions ofgreat instability. Many of these locationshave cash based economies. Numerousgroups have established global fundingstreams. Therefore, terrorist organizations rely on both the formal and informal financial systems to move funds inand out. These funding streams wouldbe designed to avoid detection.The Goals of JihadistsIt’s important to understand the goalsof jihadist groups. Their mission statements will be built upon their goals. According to a Stratfor intelligence reportentitled Gauging the Jihadist Movement,Part 1: The Goals of the Jihadists, datedDecember 19, 2013, “The jihadists’ planis to first establish an emirate that theycan rule under jihadist principles, andthen, use that state as a launching padfor further conquests, creating a largeempire they refer to as the caliphate.Many jihadist ideologues believe thatthe caliphate should be a transnationalentity that includes all Muslim lands,stretching from Spain in the west to thePhilippines in the east. The caliphatewould then be extended globally, bringing the entire world into submission.”In reality, jihadist groups have differing philosophies. Some strive to betransnational and share the above goals.Some are more nationalistic in philosophy. Although some may aspire to betransnational, they are limited becausetheir business model cannot build thecapacity required to reach transnationalgoals.Although al-Qaeda and ISIL are nowCHARTWELL COMPASS AUGUST 2015 ICBA10bitter rivals, at one time, when ISIL wasal-Qaeda in Iraq (AQI), the two groupswere closely aligned. According to theabove referenced Stratfor report, in aletter released in 2005, by the UnitedStates (U.S.) government, al-Qaeda’sleader Ayman al-Zawahiri sent a letterto former AQI leader Abu Musab alZarqawi. He wrote: “It has always beenmy belief that the victory of Islam willnever take place until a Muslim state isestablished in the manner of the prophet in the heart of the Islamic world.” TheStratfor report went on to note al-Zawahiri stating that “the first step in sucha plan was to expel the Americans fromIraq. The second stage was to establishan emirate and expand it into a largercal

Chartwell Compliance Iman Boussaada 14 Points to Ponder 16 Representative Engagements 18 Compliance Beacon Q&A 19 About Chartwell Compliance Editorial Staff Iman Boussaada, Managing Editor imanboussaada@chartwellcompliance.com Daniel A. Weiss, CEO danielweiss@chartwellcompliance.com Chartwell Compliance provides a one-stop shop