A Framework for?OFAC Compliance Commitments

《美國海外資產(chǎn)控制辦公室(OFAC)合規(guī)承諾框架》

The U.S. Department of the Treasury'sOffice of Foreign Assets Control (OFAC) administers and enforces U.S. economicand trade sanctions programs against targeted foreign governments individuals,groups, and entities in accordance with national security and foreign policygoals and objectives.

美國財(cái)政部下屬的海外資產(chǎn)控制辦公室（OFAC）根據(jù)國家安全和外交政策負(fù)責(zé)管理和執(zhí)行針對外國政府個(gè)人、團(tuán)體和實(shí)體的美國經(jīng)濟(jì)和貿(mào)易制裁方案。

OFAC strongly encouragesorganizations subject to U.S. jurisdiction, as well as foreign entities thatconduct business in or with the United States. U.S. persons, or usingU.S.-origin goods or services, to employ a risk-based approach to sanctionscompliance by developing, implementing, and routinely updating a sanctions complianceprogram (SCP). While each risk-based SCP will vary depending on a variety offactors-including the company's size and sophistication, products and services,customers and counterparties, and geographic locations-each program should bepredicated on and incorporate at least five essential components of compliance:

(1) management commitment:

(2) riskassessment:

(3) internal controls:

(4) testing and auditing;and

(5) training.

OFAC大力鼓勵(lì)受美國司法管轄的企業(yè)以及在美國或與美國人開展業(yè)務(wù)的外國實(shí)體或使用美國原產(chǎn)產(chǎn)品或服務(wù)的外國實(shí)體，設(shè)立、實(shí)施并定期更新其制裁合規(guī)方案（SCP）岗钩，采用一個(gè)基于風(fēng)險(xiǎn)的方法達(dá)到制裁合規(guī)。雖然每個(gè)基于風(fēng)險(xiǎn)的SCP會(huì)根據(jù)各種因素（包括公司規(guī)模和復(fù)雜程度、產(chǎn)品和服務(wù)购对、客戶和交易對手以及地理位置）的不同而有所差異，但每個(gè)方案都應(yīng)包含至少以下五個(gè)必要合規(guī)要素：

（1）管理層承諾陶因；

（2）風(fēng)險(xiǎn)評估骡苞；

（3）內(nèi)部控制；

（4）測試及審計(jì)；

（5）培訓(xùn)解幽。

If after conductingan investigation and determining that a civil monetary penalty("CMP")is the appropriate administrative action in response to an apparent violation,the Office of Compliance and Enforcement (OCE) will determine which of thefollowing or other elements should be incorporated into the subject person'sSCP as part of any accompanying settlement agreement, as appropriate. As in allenforcement cases, OFAC will evaluate a subject person's SCP in a mannerconsistent with the Economic Sanctions Enforcement Guidelines(the"Guidelines")

如果經(jīng)調(diào)查后認(rèn)定針對一個(gè)明顯違規(guī)行為應(yīng)該采取的適當(dāng)行政行為是民事金錢處罰贴见，合規(guī)及執(zhí)法辦公室（OCE）可以酌情確定將以下哪些要素或其他要素作為隨附和解協(xié)議的一部分納入到被處罰人的SCP。與所有執(zhí)法案件一樣躲株，OFAC將根據(jù)《經(jīng)濟(jì)制裁執(zhí)行指南》（“指南”）對被處罰人的SCP進(jìn)行評估片部。

When applying the Guidelines

to a given factual situation, OFAC will consider favorably subject persons that

had effective SCPs at the time of an apparent violation. For example, under

General Factor E (compliance program), OFAC may consider the existence, nature,

and adequacy of an SCP. and when appropriate, may mitigate a CMP on that basis.在將OFAC在將指南適用于特定事實(shí)情況時(shí)，會(huì)把被處罰人在明顯違規(guī)行為發(fā)生時(shí)所擁有的有效SCP作為一個(gè)有力因素進(jìn)行考慮霜定。例如档悠，在通用因素E（合規(guī)方案）下，OFAC可以對SCP的存在望浩、性質(zhì)及充分性進(jìn)行考慮辖所。適當(dāng)時(shí)，可以基于這個(gè)因素減輕民事經(jīng)濟(jì)處罰磨德。

Subject persons that have implemented

effective SCPs that are predicated on the five essential components of

compliance may also benefit from further mitigation of a CMP pursuant to

General Factor F (remedial response) when the SCP results in remedial steps being

taken.

對于實(shí)施了基于五個(gè)基本合規(guī)要素的有效SCP的被處罰人缘回，在根據(jù)SCP采取補(bǔ)救措施時(shí)，也可以利用通用因素F（補(bǔ)救措施）來進(jìn)一步減少其民事經(jīng)濟(jì)處罰典挑。

Finally, OFAC may, in appropriate cases,

consider the existence of an effective SCP at the time of an apparent violation

as a factor in its analysis as to whether a case is deemed

"egregious."

最后酥宴，在適當(dāng)情況下，OFAC可以在發(fā)生明顯違規(guī)行為時(shí)考慮將“是否存在一個(gè)有效的SCP”作為分析案件是否“惡劣”的一個(gè)因素搔弄。

This document is intendedto provide organizations with a framework for the five essential components ofa risk-based SCP, and contains an appendix outlining several of the root causesthat have led to apparent violations of the sanctions programs that OFACadministers. OFAC recommends all organizations subject to U.S. jurisdictionreview the settlements published by OFAC to reassess and enhance theirrespective SCPs, when and as appropriate.

本文件旨在為企業(yè)提供一個(gè)基于風(fēng)險(xiǎn)的SCP中五個(gè)基本組成部分的框架幅虑。本文件還包含了一個(gè)附錄，概述了導(dǎo)致明顯違反OFAC制裁方案的一些根本原因顾犹。OFAC建議所有受美國司法管轄的企業(yè)對其公布的和解案例進(jìn)行審查倒庵，以便在適當(dāng)?shù)臅r(shí)候重新評估并改善各自的SCP。

MANAGEMENT COMMITMENT

管理層承諾

Senior Management'scommitment to, and support of, an organization's risk-based SCP is one of the mostimportant factors in determining its success. This support is essential in ensuringthe SCP receives adequate resources and is fully integrated into the organization'sdaily operations, and also helps legitimize the program, empower its personnel,and foster a culture of compliance throughout the organization.

高級管理層對企業(yè)基于風(fēng)險(xiǎn)的SCP的承諾及支持是決定該SCP成功與否的最重要因素之一炫刷。這種支持對于確保SCP獲得足夠的資源并完全融入企業(yè)的日常運(yùn)營中是至關(guān)重要的擎宝，同時(shí)也有助于使合規(guī)方案合法化，賦予SCP人員權(quán)力浑玛，并培養(yǎng)整個(gè)企業(yè)內(nèi)的合規(guī)文化绍申。

General Aspects of an SCP: Senior

Management Commitment

SCP通用因素：高級管理層承諾

Senior management commitment to supporting

an organization's SCP is a critical factor in determining the success of the

SCP. Effective management support includes the provision of adequate resources

to the compliance unit(s) and support for compliance personnel's authority

within an organization. The term "senior management" may differ among

various organizations, but typically the term should include senior leadership,

executives, and/or the board of directors.

高級管理層對企業(yè)SCP的承諾支持是確定SCP成功的一個(gè)重要因素。有效的管理層支持包括為合規(guī)部門提供足夠資源顾彰，并支持合規(guī)人員在企業(yè)內(nèi)的權(quán)限极阅。“高級管理層”一詞在不同企業(yè)中的指代可能有所不同涨享，但通常該術(shù)語應(yīng)包括高級領(lǐng)導(dǎo)層筋搏、高級管理人員和/或董事會(huì)。

1.Senior management has reviewed and

approved the organization's SCP.

1.?高級管理層審查并批準(zhǔn)了該企業(yè)的SCP厕隧。

2.Senior management ensures that its compliance

unit(s) is/are delegated sufficient authority and autonomy to deploy its

policies and procedures in a manner that effectively controls the

organization's OFAC risk. As part of this effort, senior management ensures the

existence of direct reporting lines between the SCP function and senior

management, including routine and periodic meetings between these two elements

of the organization.

2.高級管理層確保其合規(guī)部門獲得了足夠的權(quán)力和自主權(quán)奔脐，在部署政策和程序時(shí)俄周，可以有效控制企業(yè)的OFAC風(fēng)險(xiǎn)。作為這項(xiàng)工作的一部分髓迎，高級管理層應(yīng)確保在SCP職能部門與高級管理層之間存在一個(gè)直接報(bào)告線峦朗，包括這兩個(gè)部門之間的例行會(huì)議與定期會(huì)議。

3.Senior management has taken, and will

continue to take, steps to ensure that the organization's compliance unit(s)

receive adequate resources-including in the form of human capital, expertise,

information technology, and other resources, as appropriate-that are relative

to the organization's breadth of operations, target and secondary markets, and

other factors affecting its overall risk profile.

3.高級管理層已采取并將繼續(xù)采取措施排龄，確保企業(yè)的合規(guī)部門獲得足夠資源-包括與企業(yè)的運(yùn)營范圍波势、目標(biāo)和二級市場相匹配的人力資本、專業(yè)知識涣雕、信息技術(shù)和其他資源艰亮，以及影響其整體風(fēng)險(xiǎn)狀況的其他因素。

These efforts could generally be measured

by the following criteria:

這些努力通痴豕可以通過以下標(biāo)準(zhǔn)來進(jìn)行衡量：

A. The organization has appointed a dedicated OFAC sanctions

compliance officer1;

A.?該企業(yè)已任命了專門的OFAC制裁合規(guī)官；

1?This may bethe same person serving in other senior compliance positions, e.g., the BankSecrecy Act Officer or an Export Control Officer, as many institutions,depending on size and complexity, designate a single person to oversee allareas of financial crimes or export control compliance.

可以是承擔(dān)其他高級合規(guī)職位的同一人員疗韵，例如銀行保密法官員或出口管制官員兑障，因?yàn)樵S多機(jī)構(gòu)按照規(guī)模和復(fù)雜程度，指定一個(gè)人來監(jiān)督所有金融犯罪或出口管制領(lǐng)域合規(guī)性蕉汪。

B. The quality and experience of the

personnel dedicated to the SCP, including: (1) the technical knowledge and expertise

of these personnel with respect to OFAC's regulations, processes, and actions:

(ii) the ability of these personnel to understand complex financial and

commercial activities, apply their knowledge of OFAC to these items, and

identify OFAC-related issues, risks, and prohibited activities: and(ii) the

efforts to ensure that personnel dedicated to the SCP have sufficient experience

and an appropriate position

B.專門負(fù)責(zé)SCP的人員應(yīng)具備以下品質(zhì)與經(jīng)驗(yàn)流译，包括：（1）這些人員在OFAC法規(guī)、程序和行動(dòng)方面的技術(shù)知識和專業(yè)知識者疤；（2）這些人員有理解復(fù)雜金融及商業(yè)活動(dòng)的能力福澡、將OFAC相關(guān)知識應(yīng)用于這些項(xiàng)目的能力以及確定OFAC相關(guān)問題、風(fēng)險(xiǎn)及被禁止活動(dòng)的能力驹马；以及（3）作出確保SCP人員在企業(yè)內(nèi)有足夠經(jīng)驗(yàn)和適當(dāng)職位且作為企業(yè)成功的組成部分的努力革砸；以及

C. Sufficient controlfunctions exist that support the organization's SCP-including but not limitedto information technology software and systems-that adequately address theorganization's OFAC-risk assessment and levels

C.存在足夠可以支持企業(yè)SCP、充分解決企業(yè)OFAC風(fēng)險(xiǎn)評估及水平的控制功能-包括但不限于信息技術(shù)軟件和系統(tǒng)糯累。

4. Senior management

promotes a "culture of compliance" throughout the organization.

4.?高級管理層在整個(gè)企業(yè)內(nèi)推廣“合規(guī)文化”算利。

These efforts couldgenerally be measured by the following criteria:

這些努力通常可以通過以下標(biāo)準(zhǔn)來衡量：

A. The ability of personnel to reportsanctions related misconduct by the organization or its personnel to seniormanagement without fear of reprisal.

A.?員工有能力向高級管理層匯報(bào)由企業(yè)或員工實(shí)施的制裁相關(guān)不當(dāng)行為泳姐，而不必?fù)?dān)心遭到報(bào)復(fù)效拭。

B. Seniormanagement messages and takes actions that discourage misconduct and prohibitedactivities, and highlight the potential repercussions of non-compliance with OFACsanctions; and

B.高級管理層傳遞遏制不當(dāng)行為及被禁止活動(dòng)的信息并采取行動(dòng)，強(qiáng)調(diào)不遵守OFAC制裁的潛在影響胖秒；

C. The ability of theSCP to have oversight over the actions of the entire organization, includingbut not limited to senior management, for the purposes of compliance with OFACsanctions.

C. SCP擁有為實(shí)現(xiàn)OFAC制裁合規(guī)性目的而監(jiān)督整個(gè)企業(yè)（包括但不限于高級管理層）行動(dòng)的能力缎患。

5. Seniormanagement demonstrates recognition of the seriousness of apparent violationsof the laws and regulations administered by OFAC, or malfunctions deficiencies,or failures by the organization and its personnel to comply with the SCP'spolicies and procedures, and implements necessary measures to reduce theoccurrence of apparent violations in the future. Such measures should addressthe root causes of past apparent violations and represent systemic solutionswhenever possible.

5.高級管理層表明已經(jīng)認(rèn)識到了明顯違反OFAC法規(guī)的行為或工作疏忽缺陷或企業(yè)及員工未能遵守SCP政策和程序的行為，會(huì)采取必要措施減少將來明顯違規(guī)行為的發(fā)生阎肝。這些措施應(yīng)解決過去明顯違法行為的根本原因挤渔，并盡可能作為能夠代表系統(tǒng)性的解決方案。

RISK ASSESSMENT

風(fēng)險(xiǎn)評估

Risks in sanctions complianceare potential threats or vulnerabilities that, ignored or not properly handled,can lead to violations of OFAC's regulations and negatively affect anorganization's reputation and business. OFAC recommends that organizations takea risk-based approach when designing or updating an SCP. One of the central tenetsof this approach is for organizations to conduct a routine, and if appropriateongoing ""risk assessment" for the purposes of identifyingpotential OFAC issues they are likely to encounter. As described in detailbelow. the results of a risk assessment are integral in informing the SCP'spolicies, procedures, internal controls, and training in order to mitigate suchrisks

制裁合規(guī)風(fēng)險(xiǎn)是指被忽視的或處理不當(dāng)?shù)臐撛谕{或漏洞盗痒，可能會(huì)導(dǎo)致違反OFAC規(guī)定蚂蕴，并對企業(yè)的聲譽(yù)和業(yè)務(wù)造成負(fù)面影響低散。OFAC建議企業(yè)在設(shè)計(jì)或更新SCP時(shí)采取基于風(fēng)險(xiǎn)的方法。這種方法的核心原則之一是企業(yè)進(jìn)行慣常的骡楼、（如果合適的話）持續(xù)的“風(fēng)險(xiǎn)評估”熔号，用于識別可能遇到的潛在OFAC問題。如下文詳述鸟整，風(fēng)險(xiǎn)評估結(jié)果是了解減輕風(fēng)險(xiǎn)的SCP政策引镊、程序、內(nèi)部控制和培訓(xùn)的必要條件篮条。

While there is no "one-size-fitsall "risk assessment, the exercise should generally consist of a holisticreview of the organization from top-to-bottom and assess its touchpoints to theoutside world. This process allows the organization to identify potential areasin which it may, directly or indirectly, engage with OFAC-prohibited persons,parties, countries, or regions. For example an organization's SCP may conductan assessment of the following:

雖然沒有一個(gè)“一刀切”的風(fēng)險(xiǎn)評估方法弟头，但一般應(yīng)包括從上到下對企業(yè)進(jìn)行全面審查，以及對其與外界接觸點(diǎn)進(jìn)行評估涉茧。該程序允許企業(yè)識別可能直接或間接與被OFAC禁止的人員赴恨、當(dāng)事人、國家或地區(qū)進(jìn)行互動(dòng)的潛在區(qū)域伴栓。例如伦连，企業(yè)的SCP可以對以下內(nèi)容進(jìn)行評估：

(i) customers, supplychain intermediaries, and counter-parties; (ii) the products and services itoffers, including how and where such items fit into other financial orcommercial products, services, networks, or systems; and (iii) he geographic locationsof the organization, as well as its customers, supply chain, intermediaries, andcounter-parties. Risk assessments and sanctions-related due diligence is alsoimportant during mergers and acquisitions, particularly in scenarios involvingnon-U.S companies or corporations.

（i）客戶、供應(yīng)鏈钳垮、中間人及相對方惑淳；（ii）提供的產(chǎn)品和服務(wù)，包括此類項(xiàng)目如何以及在何處適用于其他金融或商業(yè)產(chǎn)品饺窿、服務(wù)歧焦、網(wǎng)絡(luò)或系統(tǒng)；（iii）企業(yè)及其客戶肚医、供應(yīng)鏈绢馍、中間人及相對方的地理位置。在兼并和收購過程中忍宋，特別是在涉及非美國公司的情況下痕貌，風(fēng)險(xiǎn)評估及制裁相關(guān)盡職調(diào)查也是非常重要的。

General Aspects of

an SCP: Conducting a Sanctions Risk Assessment

SCP通用要素：開展制裁風(fēng)險(xiǎn)評估

A fundamental elementof a sound SCP is the assessment of specific clients, products, services andgeographic locations in order to determine potential OFAC sanctions risk. Thepurpose of a risk assessment is to identify inherent risks in order to informrisk-based decisions and controls.

一個(gè)健全的SCP的基本要素是對特定客戶糠排、產(chǎn)品舵稠、服務(wù)及地理位置進(jìn)行評估，以確定出潛在的OFAC制裁風(fēng)險(xiǎn)入宦。風(fēng)險(xiǎn)評估的目的是識別出固有風(fēng)險(xiǎn)哺徊，以便為基于風(fēng)險(xiǎn)的決策和控制提供信息。

The Annex to AppendixA to 31 C.F.R. Part 501, OFAC's Economic Sanctions Enforcement Guidelines,provides an OFAC Risk Matrix that may be used by financial institutions or otherentities to evaluate their compliance programs:

本文件附件是《聯(lián)邦管理?xiàng)l例》第31編第501部分的附錄A-《OFAC經(jīng)濟(jì)制裁執(zhí)行指南》乾闰，該指南提供了一個(gè)OFAC風(fēng)險(xiǎn)矩陣落追，可供金融機(jī)構(gòu)或其他實(shí)體用于合規(guī)方案的評估：

I. The organization

conducts or will conduct, an OFAC risk assessment in a manner and with a

frequency, that adequately accounts for the potential risks. Such risks could

be posed by its clients and customers, products, services, supply chain intermediaries,

counter-parties, transactions, and geographic locations, depending, on the

nature of the organization. As appropriate, the risk assessment will be updated

to account for the root causes of any apparent violations or systemic

deficiencies identified by the organization during the routine course of

business.

1.企業(yè)按照充分考慮潛在風(fēng)險(xiǎn)的方式和頻率進(jìn)行或?qū)⑦M(jìn)行OFAC風(fēng)險(xiǎn)評估。這些風(fēng)險(xiǎn)可能由客戶涯肩、產(chǎn)品轿钠、服務(wù)巢钓、供應(yīng)鏈、中間人疗垛、交易對手症汹、交易和地理位置導(dǎo)致，具體取決于企業(yè)性質(zhì)贷腕。在適當(dāng)情況下背镇，應(yīng)更新風(fēng)險(xiǎn)評估，解釋企業(yè)在日常業(yè)務(wù)過程中發(fā)現(xiàn)的任何明顯違規(guī)行為或缺陷的根本原因泽裳。

A. In assessing itsOFAC risk, organizations should leverage existing information to inform the process.In turn, the risk assessment will generally inform the extent of the duediligence efforts at various points in a relationship or in a transaction. Thismay include:

A.在評估OFAC風(fēng)險(xiǎn)時(shí)瞒斩，企業(yè)應(yīng)利用現(xiàn)有信息了解這個(gè)程序。反過來涮总，風(fēng)險(xiǎn)評估通常也會(huì)說明在一種關(guān)系或一筆交易中的以下各個(gè)點(diǎn)進(jìn)行盡職調(diào)查工作的程度：

1. On-boarding: Theorganization develops a sanctions risk rating for customers, customer groups,or account relationships, as appropriate, by leveraging information provided bythe customer (for example, through a Know Your Customer or Customer Due Diligenceprocess) and independent research conducted by the organization at the initiationof the customer relationship.

1.新客戶關(guān)系建立：企業(yè)開始與客戶建立關(guān)系時(shí)胸囱，利用客戶提供的信息（例如，通過了解您的客戶或客戶盡職調(diào)查流程）以及企業(yè)自己的獨(dú)立研究瀑梗，對客戶旺矾、客戶群或客戶關(guān)系制定制裁風(fēng)險(xiǎn)評級。

This information willguide the timing and scope of future due diligence efforts. Important elementsto consider in determining the sanctions risk rating can be found in OFAC'srisk matrices

該信息將指導(dǎo)未來盡職調(diào)查工作的時(shí)間和范圍夺克。可以在OFAC提供的風(fēng)險(xiǎn)矩陣中找到確定制裁風(fēng)險(xiǎn)評級時(shí)所需要考慮的重要因素嚎朽。

2. Mergers and Acquisitions(M&A): As noted above, proper risk assessments should include and encompassa variety of factors and data points for each organization. One of themultitude of areas organizations should include in their risk assessments-which,in recent years, appears to have presented, numerous challenges with respect toOFAC sanctions-are mergers and acquisitions. Compliance functions should alsobe integrated into the merger, acquisition, and integration process. Whether inan advisory capacity or as a anticipant, the organization engages inappropriate due diligence to ensure that sanctions-related issues areidentified, escalated to the relevant senior levels, addressed prior to theconclusion of any transaction, and incorporated into the organization's riskassessment process. After an M&A transaction is completed, theorganization's Audit and Testing function will be critical to identifying anyadditional sanctions-related issues.

2.并購：如上所述铺纽，適當(dāng)?shù)娘L(fēng)險(xiǎn)評估內(nèi)容應(yīng)涵蓋每個(gè)企業(yè)的各種因素和數(shù)據(jù)點(diǎn)。企業(yè)在其風(fēng)險(xiǎn)評估中應(yīng)納入的許多領(lǐng)域中的一個(gè)是-兼并和收購哟忍，這也是近年來似乎已經(jīng)顯現(xiàn)出OFAC制裁眾多挑戰(zhàn)的領(lǐng)域狡门。合規(guī)職能也應(yīng)納入合并、收購和整合的過程锅很。無論是作為顧問還是參與者其馏，企業(yè)都應(yīng)該進(jìn)行適當(dāng)?shù)谋M職調(diào)查，確保識別出制裁相關(guān)問題爆安，上報(bào)到相關(guān)高級級別叛复，在任何交易結(jié)束之前對這些問題進(jìn)行解決并納入企業(yè)的風(fēng)險(xiǎn)評估流程。在并購交易完成后扔仓，企業(yè)的審計(jì)和測試職能對于確定任何與制裁相關(guān)的其他問題是至關(guān)重要的褐奥。

II. The organization

has developed a methodology to identify, analyze, and address the particular

risks it identifies. As appropriate, the risk assessment will be updated to

account for the conduct and root causes of any apparent violations or systemic

deficiencies identified by the organization during the routine course of

business, for example, through a testing or audit function.

企業(yè)已開發(fā)出發(fā)現(xiàn)、分析和解決所識別出的特定風(fēng)險(xiǎn)的方法翘簇。在適當(dāng)情況下撬码，例如，通過測試或?qū)徲?jì)功能對風(fēng)險(xiǎn)評估進(jìn)行更新版保，說明企業(yè)在日常業(yè)務(wù)過程中發(fā)現(xiàn)的任何明顯違規(guī)行為或系統(tǒng)缺陷及其產(chǎn)生的根本原因呜笑。

INTERNAL CONTROLS

內(nèi)部控制

An effective SCP shouldinclude internal controls, including policies and procedures, in order toidentify, interdict, escalate, report (as appropriate), and keep records pertainingto activity that may be prohibited by the regulations and laws administered byOFAC. The purpose of internal controls is to outline clear expectations, defineprocedures and processes pertaining to OFAC compliance(including reporting andescalation chains), and minimize the risks identified by the organization'srisk assessments. Policies and procedures should be enforced, weaknesses shouldbe identified (including through root cause analysis of any compliancebreaches) and remediated and internal and/or external audits and assessments ofthe program should be conducted on a periodic basis.

一個(gè)有效的SCP應(yīng)涵蓋內(nèi)部控制內(nèi)容夫否，包括識別、攔截叫胁、上報(bào)凰慈、報(bào)告（視情況而定）及保存與OFAC法規(guī)、法律可能被禁止活動(dòng)有關(guān)記錄的政策和程序曹抬。內(nèi)部控制的目的是概述明確期望溉瓶、對OFAC合規(guī)相關(guān)的程序和流程（包括報(bào)告和上報(bào)鏈）進(jìn)行定義，并最大限度地降低企業(yè)風(fēng)險(xiǎn)評估所識別出的風(fēng)險(xiǎn)谤民。應(yīng)有效執(zhí)行政策和程序堰酿，（包括通過對任何違規(guī)行為根本原因進(jìn)行分析）對弱點(diǎn)進(jìn)行識別和補(bǔ)救，定期對方案進(jìn)行內(nèi)部和/或外部審計(jì)和評估张足。

Given the dynamic natureof U.S. economic and trade sanctions, a successful and effective SCP should becapable of adjusting rapidly to changes published by OFAC. These include thefollowing: (i) updates to OFAC's List of Specially Designated Nationals andBlocked Persons(the "SDN List"), the Sectoral Sanctions IdentificationList ("SSI List"), and other sanctions-related lists:(ii new.amended, or updated sanctions programs or prohibitions imposed on targetedforeign countries, governments, regions, or persons, through the enactment ofnew legislation, the issuance of new Executive orders, regulations, orpublished OFAC guidance or other OFAC actions: and (iii) the issuance ofgeneral licenses.

鑒于美國經(jīng)濟(jì)和貿(mào)易制裁政策不斷變化触创，一個(gè)成功有效的SCP應(yīng)能夠迅速適應(yīng)OFAC政策的發(fā)展，OFAC政策包括：（i）對OFAC特別指定國民和被封鎖人員名單（“SDN清單”）为牍、部門制裁識別清單（“SSI清單”）和其他制裁相關(guān)清單的更新哼绑；（ii）通過頒布新立法、新行政指令碉咆、法規(guī)或公布OFAC指南或其他OFAC行動(dòng)對目標(biāo)外國抖韩、政府、地區(qū)或個(gè)人實(shí)施新的疫铜、經(jīng)修訂的或更新的制裁方案或禁令茂浮；以及（iii）頒發(fā)一般許可證。

General Aspects of an SCP: Internal

Controls

SCP通用：內(nèi)部控制

Effective OFAC complianceprograms generally include internal controls, including policies and procedures,in order to identify, interdict, escalate, report (as appropriate),and keeprecords pertaining to activity that is prohibited by the sanctions programs administeredby OFAC. The purpose of internal controls is to outline clear expectations,define procedures and processes pertaining to OFAC compliance, and minimize therisks identified by an entity's OFAC risk assessments. Policies and proceduresshould be enforced, and weaknesses should be identified(including through rootcause analysis of any compliance breaches) and remediated in order to preventactivity that might violate the sanctions programs administered by OFAC.

有效的OFAC合規(guī)方案通常涵蓋內(nèi)部控制壳咕，包括識別席揽、攔截、上報(bào)谓厘、報(bào)告（視情況而定）及保存OFAC制裁方案下被禁止活動(dòng)有關(guān)記錄的政策和程序幌羞。內(nèi)部控制的目的是概述一個(gè)明確的期望，對OFAC合規(guī)相關(guān)的程序和流程進(jìn)行定義竟稳，并最大限度地降低實(shí)體經(jīng)過OFAC風(fēng)險(xiǎn)評估所識別出的風(fēng)險(xiǎn)属桦。大力執(zhí)行政策和程序，并（包括通過對任何合規(guī)違規(guī)行為的根本原因進(jìn)行分析）識別缺陷并進(jìn)行補(bǔ)救住练，防止可能違反OFAC制裁方案的活動(dòng)發(fā)生地啰。

I The organization has designed and

implemented written policies and procedures outlining the SCP. These policies

and procedures are relevant to the organization. Capture the organization's day-to-day operations and

procedures, are easy to follow，and designed to prevent employees from engaging in misconduct.

1.該企業(yè)設(shè)計(jì)并實(shí)施了概述SCP的書面政策和程序讲逛。這些政策和程序應(yīng)與企業(yè)相適應(yīng)亏吝，融入企業(yè)的日常操作和程序中，易遵循盏混，并可以防止員工從事不當(dāng)行為蔚鸥。

別出的風(fēng)險(xiǎn)惜论。大力執(zhí)行政策和程序，并（包括通過對任何合規(guī)違規(guī)行為的根本原因進(jìn)行分析）識別缺陷并進(jìn)行補(bǔ)救止喷，防止可能違反OFAC制裁方案的活動(dòng)發(fā)生馆类。

II The organization

has implemented internal controls that adequately address the results of its

OFAC risk assessment and profile. These internal controls should enable the

organization to clearly and effectively identify. interdict, escalate. and

report to appropriate personnel within the organization transactions and

activity that may be prohibited by OFAC. To the extent information technology

solutions factor into the organization's internal controls, the organization

has selected and calibrated the solutions in a manner that is appropriate to

address the organization's risk profile and compliance needs, and the

organization routinely tests the solutions to ensure effectiveness.

企業(yè)實(shí)施了充分解決OFAC風(fēng)險(xiǎn)評估結(jié)果及概況的內(nèi)部控制。這些內(nèi)部控制應(yīng)使企業(yè)清楚有效地識別弹谁、攔截乾巧、上報(bào)，并向企業(yè)內(nèi)相關(guān)人員報(bào)告可能被OFAC禁止的交易和活動(dòng)预愤。在某種程度上沟于，信息技術(shù)解決方案會(huì)影響到企業(yè)的內(nèi)部控制，企業(yè)應(yīng)選擇適合解決其風(fēng)險(xiǎn)狀況和合規(guī)性需求的方式植康、對解決方案進(jìn)行校準(zhǔn)旷太，定期測試解決方案以確保方案的有效性。

III The organization

enforces the policies and procedures it implements as part of its OFAC compliance

internal controls through internal and/or external audits.

企業(yè)通過內(nèi)部和/或外部審計(jì)執(zhí)行其所實(shí)施的政策和程序销睁，作為OFAC合規(guī)內(nèi)部控制的一部分供璧。

V. The organization

ensures that its OFAC-related recordkeeping policies and procedures adequately

account for its requirements pursuant to the sanctions programs administered by

OFAC.

企業(yè)確保其OFAC相關(guān)記錄保存政策和程序充分考慮了其在OFAC制裁方案下的要求。

VI. The organization has clearly communicated

the SCP's policies and procedures to all relevant staff, including personnel

within the SCP program, as well as relevant gatekeepers and business units

operating in high-risk areas (e-g., customer acquisition, payments, sales, etc.)

and to external parties performing SCP responsibilities on behalf of the

organization.

企業(yè)已明確將SCP政策和程序傳達(dá)給所有相關(guān)人員冻记，包括SCP方案內(nèi)人員睡毒、高風(fēng)險(xiǎn)領(lǐng)域運(yùn)營的相關(guān)把關(guān)者和業(yè)務(wù)部門（例如，客戶獲取冗栗、支付吕嘀、銷售等部門）以及代表企業(yè)履行SCP職責(zé)的外部各方。

VII. The organization

has appointed personnel for integrating the SCP's policies and procedures into

the daily operations of the company or corporation. This process includes

consultations with relevant business units, and confirms the organization's

employees understand the policies and procedures.

企業(yè)指定了將SCP政策和程序融入到公司日常運(yùn)營中是人員贞瞒。融入程序包括與相關(guān)業(yè)務(wù)部門進(jìn)行協(xié)商，確保企業(yè)員工了解SCP政策和程序趁曼。

TESTING AND AUDITING

測試及審計(jì)

Audits assess the effectivenessof current processes and check for inconsistencies between these and day-to-dayoperations. A comprehensive and objective testing or audit function within anSCP ensures that an organization identifies program weaknesses anddeficiencies, and it is the organization's responsibility to enhance itsprogram, including all program-related software, systems, and other technology,to remediate any identified compliance gaps. Such enhancements might includeupdating, improving, or recalibrating SCP elements to account fora changingrisk assessment or sanctions environment. Testing and auditing can be conductedon a specific element of an SCP or at the enterprise-wide level.

審計(jì)可以對當(dāng)前程序的有效性進(jìn)行評估军浆，并檢查這些程序與日常運(yùn)營之間的不一致性。對SCP全面挡闰、客觀的測試或?qū)徲?jì)功能可以確保企業(yè)識別出物品的缺陷。企業(yè)有責(zé)任加強(qiáng)其合規(guī)方案，包括所有與方案相關(guān)的軟件涛目、系統(tǒng)和其他技術(shù)现恼，修復(fù)任何已識別出的合規(guī)差距。此類加強(qiáng)功能可能包括更新奢驯、改進(jìn)或重新校準(zhǔn)SCP元素申钩，以應(yīng)對不斷變化的風(fēng)險(xiǎn)評估或制裁環(huán)境”窀螅可以對SCP的特定元素或在整個(gè)公司范圍內(nèi)進(jìn)行測試和審計(jì)撒遣。

General Aspects of

an SCP: Testing and Auditing.

SCP通用要素：測試和審計(jì)邮偎。

comprehensive, independent,and objective testing or audit function within an SCP ensures at entities areaware of where and how their programs are performing and should be updated,enhanced, or recalibrated to account for a changing risk assessment or sanctionsenvironment, as appropriate. Testing or audit, whether conducted on a specificelement of a compliance program or at the enterprise-wide level, are importanttools to ensure the program is working as designed and identify weaknesses anddeficiencies within a compliance program.

SCP內(nèi)的全面、獨(dú)立及客觀的測試或?qū)徲?jì)功能可確保實(shí)體了解其合規(guī)方案的執(zhí)行地點(diǎn)和方式义黎，以酌情對測試或?qū)徲?jì)功能進(jìn)行更新禾进、增強(qiáng)或重新校準(zhǔn)，應(yīng)對不斷變化的風(fēng)險(xiǎn)評估或制裁環(huán)境廉涕。無論是針對合規(guī)方案的特定要素進(jìn)行測試或?qū)徲?jì)泻云，還是在企業(yè)范圍內(nèi)進(jìn)行測試或?qū)徲?jì)，都是確保方案能夠按設(shè)計(jì)目的進(jìn)行運(yùn)作狐蜕，是識別合規(guī)方案中弱點(diǎn)和缺陷的重要工具宠纯。

1. The organization

commits to ensuring that the testing or audit function is accountable to senior

management, is independent of the audited activities and functions, and has

sufficient authority, skills, expertise, resources, and authority within the

organization.

企業(yè)承諾確保測試或?qū)徲?jì)職能對高級管理層負(fù)責(zé)，獨(dú)立于被審計(jì)的活動(dòng)和職能馏鹤，并在企業(yè)內(nèi)擁有足夠的權(quán)力征椒、技能、專業(yè)知識湃累、資源和權(quán)限勃救。

II. The organization

commits to ensuring that it employs testing or audit procedures appropriate to

the level and sophistication of its SCP and that this function, whether deployed

internally or by an external party, reflects a comprehensive and objective assessment

of the organization's OFAC-related risk assessment and internal controls.

企業(yè)承諾確保采用適合其SCP級別和復(fù)雜程度的測試或?qū)徲?jì)程序，且無論是由內(nèi)部還是由外部部門開展測試或?qū)徲?jì)活動(dòng)治力，都反映了對該企業(yè)OFAC相關(guān)風(fēng)險(xiǎn)評估及內(nèi)部控制的全面客觀評估蒙秒。

III. The organization

ensures that, upon learning of a confirmed negative testing result or audit

finding pertaining to its SCP, it will take immediate and effective action, to

the extent possible, to identify and implement compensating controls until the

root cause of the weakness can be determined and remediated.

企業(yè)確保在獲悉了確認(rèn)的負(fù)面測試結(jié)果或與其SCP有關(guān)的審核結(jié)果后，會(huì)盡可能立即采取有效措施宵统，識別并實(shí)施補(bǔ)償控制措施晕讲，直至確定出弱點(diǎn)的根本原因并進(jìn)行補(bǔ)救。

TRAINING

培訓(xùn)

An effective training program is anintegral component of a successful SCP. The training program should be providedto all appropriate employees and personnel on aperiodic basis (and at aminimum, annually) and generally should accomplish the following:

?(i) provide job-specific knowledge basedon need; (ii) communicate the sanctions compliance responsibilities for eachemployee; and (iii) hold employees accountable for sanctions compliancetraining through assessments.

有效的培訓(xùn)方案是一個(gè)成功的SCP的組成部分马澈。應(yīng)向所有適當(dāng)?shù)膯T工和人員定期（至少每年一次）提供培訓(xùn)瓢省，并通常應(yīng)包含以下工作：（i）根據(jù)需要提供工作專業(yè)知識；（ii）向每位員工傳達(dá)制裁合規(guī)方面的責(zé)任痊班；（iii）通過評估勤婚，使員工對制裁合規(guī)培訓(xùn)負(fù)責(zé)。

General Aspects of an SCP: Training

SCP通用要素：培訓(xùn)

An adequatetraining program, tailored to an entity's risk profile and all appropriateemployees and stakeholders. is critical to the success of an SCP.

根據(jù)實(shí)體風(fēng)險(xiǎn)狀況及所有適當(dāng)員工和利益相關(guān)者提供量身定制的適當(dāng)培訓(xùn)方案對SCP的成功是至關(guān)重要的涤伐。

1. The organization

commits to ensuring that its OFAC-related training program provides adequate

information and instruction to employees and, as appropriate, stakeholders (for

example, clients, suppliers, business partners, and counterparties)in order to

support the organization's OFAC compliance efforts. Such training should be

further tailored to high-risk employees within the organization.

企業(yè)承諾確保馒胆，為支持企業(yè)的OFAC合規(guī)工作，其OFAC相關(guān)培訓(xùn)方案應(yīng)向員工及適當(dāng)?shù)睦嫦嚓P(guān)者（例如凝果，客戶祝迂、供應(yīng)商、業(yè)務(wù)合作伙伴和交易對手）提供充分的信息和指導(dǎo)器净。此類培訓(xùn)應(yīng)進(jìn)一步針對企業(yè)內(nèi)的高風(fēng)險(xiǎn)員工開展型雳。

II. The organization

commits to provide OFAC-related training with a scope that is appropriate for

the products and services it offers; the customers, clients, and partner

relationships it maintains; and the geographic regions in which it operates.

企業(yè)承諾提供與其產(chǎn)品和服務(wù)、維護(hù)的客戶、合作伙伴關(guān)系及其經(jīng)營所在地理區(qū)域相當(dāng)?shù)?b>OFAC相關(guān)培訓(xùn)四啰。

III. The organization

commits to providing OFAC-related training with a frequency that is appropriate

based on its OFAC risk assessment and risk profile.

企業(yè)承諾根據(jù)其OFAC風(fēng)險(xiǎn)評估和風(fēng)險(xiǎn)概況宁玫，提供適當(dāng)?shù)?b>OFAC相關(guān)培訓(xùn)。

VI. The organization

commits to ensuring that, upon learning of a confirmed negative testing result

or audit finding, or other deficiency pertaining to its SCP, it will take

immediate and effective action to provide training to or other corrective

action with respect to relevant personnel.

企業(yè)承諾在得知確認(rèn)的負(fù)面測試結(jié)果或與其SCP有關(guān)的審核結(jié)果或其他缺陷后柑晒，將立即采取有效措施欧瘪，為相關(guān)人員提供培訓(xùn)或采取其他糾正措施。

Root Causes of OFAC

Sanctions Compliance Program Breakdowns or Deficiencies Based on Assessment of

Prior OFAC Administrative Actions

根據(jù)對OFAC先前行政行為的評估匙赞，確定出的OFAC制裁合規(guī)方案故障或缺陷產(chǎn)生的根本原因

Since its publication of the Economic

Sanctions Enforcement Guidelines31 C.F.R. part 501,App. A (the

"Guidelines"), OFAC has finalized numerous public enforcement actions

in which it identified deficiencies or weaknesses within the subject person's

SCP. These items, which are provided in a non-exhaustive list below, are

provided to alert persons subject to U.S. jurisdiction, including entities that

conduct business in or with the United States, U.S. persons, or U.S.-origin

goods or services, about several specific root causes associated with apparent

violations of the regulations it administers in order to assist them in

designing, updating, and amending their respective SCP.

自公布《聯(lián)邦管理?xiàng)l例》第31編第501部分附件A-《經(jīng)濟(jì)制裁執(zhí)法指南》（“指南”）以來佛掖，在OFAC已完成的許多公共執(zhí)法行動(dòng)中確定出被處罰人的SCP存在缺陷或弱點(diǎn)，下面列出了一個(gè)非詳盡的清單涌庭，用于提醒受美國管轄的人員芥被，包括在美國、與美國或美國人開展業(yè)務(wù)坐榆、使用美國原產(chǎn)商品或服務(wù)拴魄，明顯違反OFAC法規(guī)行為相關(guān)若干具體的根本原因，以協(xié)助企業(yè)設(shè)計(jì)席镀、更新和修訂他們各自的SCP匹中。

I. Lack of a Formal OFAC SCP

未設(shè)立正式的OFAC SCP

OFAC regulations donot require a formal SCP: however. OFAC encourages organizations subject toU.S. jurisdiction (including but not limited to those entities that conductbusiness in, with, or through the United States or involving U.S.-origin goods,services. or technology)and particularly those that engage in international tradeor transactions or possess any clients or counter-parties located outside ofthe United States, to adopt a formal SCP. OFAC has finalized numerous civil monetarypenalties since publicizing the Guidelines in which the subject person's lackof an SCP was one of the root causes of the sanctions violations identifiedduring the course of the investigation. In addition, OFAC frequently identifiedthis element as an aggravating factor in its analysis of the General Factorsassociated with such administrative actions.

OFAC法規(guī)沒有強(qiáng)制要求企業(yè)設(shè)立正式的SCP，但是OFAC鼓勵(lì)受美國司法管轄的企業(yè)（包括但不限于在美國境內(nèi)豪诲、通過美國或與美國開展業(yè)務(wù)或涉及美國原產(chǎn)商品顶捷、服務(wù)或技術(shù)的實(shí)體），特別是那些從事國際貿(mào)易或交易的企業(yè)或擁有位于美國境外客戶或相對方的企業(yè)設(shè)立正式的SCP屎篱。自公布《指南》以來服赎，在很多OFAC已經(jīng)完成的對被處罰人進(jìn)行的民事罰款處罰中，都是由于在調(diào)查過程中發(fā)現(xiàn)違反制裁規(guī)定的根本原因之一是沒有設(shè)立SCP交播。此外重虑，OFAC經(jīng)常將這個(gè)要素作為此類行政行為相關(guān)一般因素分析的加重因素。

II. Misinterpreting, or Failing to

Understand the Applicability of, OFAC's Regulations

對OFAC規(guī)則適用性的誤讀或不理解

Numerous organizationshave committed sanctions violations by misinterpreting OFAC's regulations,particularly in instances in which the subject person determined thetransaction, dealing, or activity at issue was either not prohibited or did notapply to their organization or operations. For example, several organizations havefailed to appreciate or consider (or, in some instances, actively disregarded)the fact that OFAC sanctions applied to their organization based on theirstatus as a U.S. person, a U.S.-owned or controlled subsidiary (in the Cuba andIran programs), or dealings in or with U.S. persons, the U.S. financial system,or U.S.-origin goods and technology.

許多企業(yè)由于誤解了OFAC規(guī)定從而違反了制裁規(guī)定秦士，特別是嚎尤，被處罰人員認(rèn)定其交易或爭議活動(dòng)未被禁止或OFAC規(guī)定不適用于他們企業(yè)或運(yùn)營。例如伍宦，一些企業(yè)未能理解、考慮（或在某些情況下乏梁，積極忽視）OFAC制裁會(huì)由于他們作為美國人次洼、美國擁有或控制的子公司（在古巴和伊朗項(xiàng)目中）、在美國或與美國人開展交易遇骑、涉及美國金融系統(tǒng)或美國原產(chǎn)貨物和技術(shù)的交易這些因素適用于他們企業(yè)卖毁。

With respect tothis specific root cause, OFAC's administrative actions have typically identified,additional aggravating factors, such as reckless conduct, the presence of numerouswarning signs that the activity at issue was likely prohibited, awareness bythe organization's management of the conduct at issue, and the size andsophistication of the subject person.

關(guān)于這個(gè)特定的根本原因，在OFAC的行政行為中通常已經(jīng)確定出了其他加重因素，例如魯莽行為亥啦、存在大量表明有關(guān)活動(dòng)可能被禁止的警告標(biāo)志炭剪、企業(yè)管理層有關(guān)行為的認(rèn)識以及被處罰人的規(guī)模和復(fù)雜程度。

III. Facilitating Transactions by Non-U.S.

Persons (Including Through or By Overseas Subsidiaries or Affiliates).

（包括通過海外子公司或關(guān)聯(lián)公司）促進(jìn)非美國人的交易

Multiple organizationssubject to U.S. jurisdiction--specifically those with foreign-based.

Operations and subsidiarieslocated outside of the United States-have engaged in transactions or activitythat violated OFAC's regulations by referring business opportunities to,approving or signing off on transactions conducted by, or otherwisefacilitating dealings between their organization's non-U.S. locations and OFAC-sanctionedcountries, regions, or persons. In many instances, the root cause of theseviolations stems from a misinterpretation or misunderstanding of OFAC'sregulations. Companies and corporations with integrated operations, particularlythose involving or requiring participation by their U.S.-based headquarters,locations, or personnel, should ensure any activities they engage in (i.e.,approvals, contracts, procurement, etc.) are compliant with OFAC's regulations.

受美國管轄的多個(gè)企業(yè)-特別是總部位于外國的企業(yè)翔脱、位于美國境外的運(yùn)營和子公司由于對其企業(yè)的非美國地點(diǎn)與OFAC制裁國家奴拦、地區(qū)或個(gè)人開展交易引用商業(yè)機(jī)會(huì)、批準(zhǔn)或簽署或以其他方式為此類交易提供便利届吁，從事違反了OFAC規(guī)定的交易或活動(dòng)错妖。在許多情況下，這些違規(guī)行為的根本原因在于對OFAC法規(guī)的誤解或誤讀疚沐。具有多個(gè)運(yùn)營地點(diǎn)的公司暂氯，尤其是涉及或要求總部、其他運(yùn)營地點(diǎn)或人員參與的公司應(yīng)確保其參與的任何活動(dòng)（即批準(zhǔn)亮蛔、合同痴施、采購等）符合OFAC的規(guī)定。

IV Exporting or Re-exporting

U.S.-origin Goods, Technology, or Services to OFAC-

Sanctioned Persons

or Countries

向OFAC制裁的人或國家出口或再出口美國原產(chǎn)貨物究流、技術(shù)或服務(wù)

V Utilizing the U.S.

Financial System, or Processing Payments to or through U,S.

Financial Institutions,

for Commercial Transactions Involving OFAC-Sanctioned Persons or Countries

利用美國金融系統(tǒng)處理或通過美國金融機(jī)構(gòu)處理涉及OFAC制裁人或國家的商業(yè)交易

Many non-U.S. personshave engaged in violations of OFAC's regulations by processing financialtransactions (almost all of which have been denominated in U.S. Dollars) to orthrough U.S. financial institutions that pertain to commercial activityinvolving an OFAC-sanctioned country, region, or person. Although no organizationssubject to U.S. jurisdiction may be involved in the underlying transaction--suchas the shipment of goods from a third-country to an OFAC-sanctioned country-theinclusion of a U.S. financial institution in any payments associated with thesetransactions often results in a prohibited activity (e.g., the exportation orre-exportation of

services from the UnitedStates to a comprehensively sanctioned country, or dealing in blocked propertyin the United States). OFAC has generally focused its enforcement investigationson persons who have engaged in willful or reckless conduct, attempted toconceal their activity (e.g., by stripping or manipulating payment messages, ormaking false representations to their non-U.S. or U.S. financial institution),engaged in a pattern or practice of conduct for several months or years,ignored or failed to consider numerous warning signs that the conduct wasprohibited, involved actual knowledge or involvement by the organization's management,caused significant harm to U.S. sanctions program objectives, and were large orsophisticated organizations.

許多非美國人為美國金融機(jī)構(gòu)或通過美國金融機(jī)構(gòu)處理涉及OFAC制裁國家辣吃、地區(qū)或個(gè)人商業(yè)活動(dòng)的金融交易（幾乎全部以美元計(jì)價(jià)）而違反了OFAC規(guī)定。雖然受美國管轄的企業(yè)可能沒有參與相關(guān)交易活動(dòng)-例如將貨物從第三國運(yùn)輸?shù)絆FAC制裁的國家–但是將美國金融機(jī)構(gòu)引入這些交易相關(guān)的任何付款通常會(huì)導(dǎo)致被禁止的活動(dòng)發(fā)生（例如梯嗽，將服務(wù)從美國出口或再出口到一個(gè)受到全面制裁的國家齿尽，或者處理在美國被封鎖的財(cái)產(chǎn)）。OFAC在其執(zhí)法調(diào)查中一般重點(diǎn)查看以下人員：從事故意或魯莽行為灯节、試圖隱瞞其活動(dòng)（例如通過剝離或操縱支付信息或?qū)Ψ敲绹蛎绹鹑跈C(jī)構(gòu)作出虛假陳述）循头、從事違規(guī)行為達(dá)幾個(gè)月或幾年（慣性行為）、忽視或未對許多表明被禁止行為的警告信號進(jìn)行考慮炎疆、涉及企業(yè)管理層的實(shí)際明知或參與卡骂、對美國制裁方案目標(biāo)造成重大損害、大型或復(fù)雜企業(yè)形入。

VI. Sanctions Screening Software or Filter

Faults

制裁篩選軟件或過濾器故障

Many organizations conduct screening of

their customers, supply chain, intermediaries, counter-parties, commercial and

financial documents, and transactions in order to identify OFAC-prohibited

locations, parties. or dealings. At times organizations have failed to update

their sanctions screening software to incorporate updates to the SDN List or

SSI List, failed to include pertinent identifiers such as SWIFT Business

Identifier Codes for designated, blocked or sanctioned financial institutions. or

did not account for alternative spellings of prohibited countries or parties-particularly

in instances in which the organization is domiciled or conducts business in

geographies that frequently utilize such alternative spellings (i.e., Habana

instead of Havana, Kuba instead of Cuba, Soudan instead of Sudan, etc.).

許多企業(yè)對其客戶全跨、供應(yīng)鏈、中間人亿遂、相對方的商業(yè)和財(cái)務(wù)文件浓若、交易進(jìn)行篩選，以識別OFAC所禁止的地點(diǎn)蛇数、各方當(dāng)事人或交易挪钓。有時(shí)，企業(yè)未能更新其制裁篩選軟件從而未納入更新后的SDN清單或SSI清單耳舅，或未能包括相關(guān)標(biāo)識符碌上，例如被指定、封鎖、或被制裁的金融機(jī)構(gòu)的SWIFT業(yè)務(wù)標(biāo)識符代碼馏予，或（特別是在企業(yè)所在地或在經(jīng)常使用這種替代拼寫的地理區(qū)域開展業(yè)務(wù)的情況下）天梧，沒有說明被禁止國家和當(dāng)事方的替代拼寫，（即Habana替代哈瓦那（Havana）霞丧，Kuba替代古巴（Cuba）呢岗，Soudan替代蘇丹（Sudan）等）。

VII. Improper Due Diligence on

Customers/Clients (e.g., Ownership, Business Dealings, etc.)

對客戶（例如蚯妇，所有權(quán)敷燎、業(yè)務(wù)往來等）的不當(dāng)盡職調(diào)查

One of the fundamental components of an

effective OFAC risk assessment and SCP is conducting due diligence on an

organization's customers, supply chain, intermediaries, and counter-parties.

Various administrative actions taken by OFAC involved improper or incomplete

due diligence by a company or corporation on its customers, such as their

ownership, geographic location(s),counter-parties, and transactions, as well as

their knowledge and awareness of OFAC sanctions.

一個(gè)有效OFAC風(fēng)險(xiǎn)評估，即SCP的基本組成部分之一是對企業(yè)的客戶箩言、供應(yīng)鏈硬贯、中間人和交易對方進(jìn)行盡職調(diào)查。很多情況下陨收，OFAC采取行政措施的起因是公司對其客戶的盡職調(diào)查不當(dāng)或不完整饭豹。盡職調(diào)查的內(nèi)容應(yīng)涉及例如，所有權(quán)务漩、地理位置拄衰、交易對手、交易以及對OFAC制裁的了解和認(rèn)識饵骨。

VIII. De-Centralized Compliance Functions and Inconsistent

Application of an SCP

非集中的合規(guī)職能&SCP適用的不一致性

While each organization should design,

develop, and implement its risk-based SCP based on its own characteristics, several

organizations subject to U.S. jurisdiction have committed apparent violations

due to a de-centralized SCP. often with personnel and decision-makers scattered

in various offices or business units. In particular, violations have resulted

from this arrangement due to an improper interpretation and application of

OFAC's regulations, the lack of a formal escalation process to review high-risk

or potential OFAC customers or transactions, an inefficient or incapable oversight

and audit function, or miscommunications regarding the organization's

sanctions-related policies and procedures.

雖然每個(gè)企業(yè)都應(yīng)根據(jù)自己的特點(diǎn)設(shè)計(jì)翘悉、開發(fā)和實(shí)施基于風(fēng)險(xiǎn)的SCP，但受美國管轄的企業(yè)通常因分散的SCP（人員和決策者分散在各個(gè)辦公室或業(yè)務(wù)部門）導(dǎo)致了明顯違規(guī)行為的發(fā)生居触。特別是妖混，由于對OFAC法規(guī)的解釋和適用不當(dāng)，缺少對高風(fēng)險(xiǎn)或潛在的OFAC客戶或交易進(jìn)行審查的正式上報(bào)程序轮洋、監(jiān)督和審計(jì)職能低效或不起作用制市、企業(yè)制裁有關(guān)政策和程序溝通不暢，導(dǎo)致了違規(guī)行為的發(fā)生弊予。

IX. Utilizing Non-Standard Payment or

Commercial Practices

非標(biāo)準(zhǔn)的付款或商業(yè)慣例

Organizations subject to U.S. jurisdiction

are in the best position to determine whether a particular dealing,

transaction, or activity is proposed or processed in a manner that is consistent

with industry norms and practices. In many instances, organizations attempting

to evade or circumvent OFAC sanctions or conceal their activity will implement

non-traditional business methods in order to complete their transactions.

受美國管轄的企業(yè)最容易確定出將進(jìn)行或處理的特定交易或活動(dòng)是否符合行業(yè)規(guī)范和慣例祥楣。在許多情況下，試圖逃避或規(guī)避OFAC制裁或隱瞞其活動(dòng)的企業(yè)為完成其交易往往會(huì)采用不同尋常的商業(yè)方法汉柒。

X. Individual Liability

個(gè)人責(zé)任

In several instances,individual employees-particularly in supervisory, managerial, or executive-levelpositions-have played integral roles in causing or facilitating violations ofthe regulations administered by OFAC. Specifically OFAC has identifiedscenarios involving U.S.-owned or controlled entities operating outside of theUnited States, in which supervisory, managerial or executive employees of theentities conducted or facilitated dealings or transactions with OFAC-sanctionedpersons, regions, or countries, notwithstanding the fact that the U.S. entityhad a fulsome sanctions compliance program in place. In some of these cases,the employees of the foreign entities also made efforts to obfuscate andconceal their activities from others within the corporate organization,including compliance personnel, as well as from regulators or law enforcement.In such circumstances, OFAC will consider using its enforcement authorities notonly against the violating entities, but against the individuals as well.

在一些案例中误褪，個(gè)別員工-特別是監(jiān)督、管理或行政級職位的員工在導(dǎo)致或促進(jìn)違反OFAC法規(guī)方面發(fā)揮了不可或缺的作用碾褂。特別是兽间，OFAC已確定出，在涉及美國境外運(yùn)營的美國擁有或控制實(shí)體的情況下斋扰，盡管美國實(shí)體已實(shí)施了充分到位的制裁合規(guī)方案，但實(shí)體的監(jiān)督、管理或執(zhí)行人員與被OFAC制裁的人員传货、地區(qū)或國家開展交易或促成交易屎鳍。在其中一些案例中，外國實(shí)體的員工也故意向公司企業(yè)內(nèi)其他人问裕，包括合規(guī)人員以及監(jiān)管機(jī)構(gòu)或執(zhí)法部門混淆和隱瞞這些活動(dòng)逮壁。在這種情況下，OFAC將考慮不僅針對違規(guī)實(shí)體進(jìn)行執(zhí)法粮宛，還會(huì)針對個(gè)人進(jìn)行執(zhí)法窥淆。