第十四期 二零二三年八月

摘要

• 2023年7月26日，美国商务部产业安全局（Bureau of Industry and Security, BIS）、财政部海外资产管控办公室（Office of Foreign Assets Control, OFAC）以及司法部国家安全处（National Security Division, NSD）等三部门联合发布合规通告，对企业出口管制和经济制裁等国家安全相关潜在违规事项的主动自我披露（Voluntary Self-Disclosure, VSD）做出总结说明。据该通告解释，主动自我披露可以大大减轻对应违规行为的民事或刑事责任，同时十分有助于相关国家安全机构应对美国国家安全面临的威胁。
• 在该通告中，分别概述了BIS、OFAC和NSD对主动自我披露的相关要求和鼓励政策，包括如何认定主动自我披露、企业当事方须要如何配合执法机构、成功主动自我披露如何减轻违规后果等。在BIS关于主动自我披露的政策说明中，还提到了企业就第三方潜在违规进行主动披露的相关规定及鼓励措施。其中，三部门的主动自我披露政策均高度重视企业内部合规制度是否切实发挥作用，是否能对自身潜在违规事项及时作出反应并进行纠错。

背景

近年来，国家安全考量在美国制定内外政策时的比重日益上升，出口管制和经济制裁被作为维护其国家安全的重要政策工具。为落实已出台的多项出口管制和经济制裁措施，近期美国政府机构的关注重点放在了促进企业合规与加强执法监管上面。通览该合规通告，美国政府认为，通过遵守出口管制、经济制裁和其他国家安全有关法规，企业在维护美国国家安全当中占有关键角色。美国政府需要获得企业的配合，才能有效防止美国先进技术和物项、金融系统被美国的“对手”利用，保护美国国家安全。基于此，美国BIS、OFAC和NSD都进一步更新了关于主动自我披露的相关政策，来鼓励企业主动合规，便于政府机构监管和执法，从而促进美国出口管制和经济制裁政策的有效落实。

BIS关于出口管制违规的主动披露政策构成了《出口管理条例》（Export Administration Regulations, EAR）的一部分。在具体执行层面，BIS引入了“双轨制”方法，即将企业主动自我披露的潜在违规事项按照严重程度分为两类：轻微违规事项将快速处理，一般不会有实质性的执法行动和处罚措施；对于较严重的违规事项，将安排专人进行跟进深入调查。企业对已发现潜在违规事项的“故意不披露”，将成为BIS执法过程中的从重处罚因素。BIS此举意在鼓励企业主动披露违规事项的同时，集中政府资源处理更严重的违规行为。同时，企业对第三方违规行为的主动披露或举报，将成为BIS处理企业违规事项时的从轻处罚因素，即使两起违规事件并无关联。

OFAC关于经济制裁违规的主动披露政策，主要是将企业的主动披露行为纳入确定处罚措施的考虑当中。成功的主动自我披露将成为从轻处罚因素，最高可以将适用的罚金额度减少50%。同时，OFAC牵头的 “金融犯罪执法行动组” 也鼓励对其他第三方的金融制裁违规事项进行举报，举报人有可能获得现金奖励。

NSD是美国司法部内设的专司出口管制、经济制裁等国家安全领域违法案件的机构，其最新的主动披露政策聚焦于上述领域的刑事违规事项，与BIS或OFAC略有不同。NSD作为专门的法律部门，对主动自我披露的要求比BIS和OFAC更加详细，对成功主动自我披露的认定标准更加严格。企业在向NSD主动披露自身的潜在刑事违规事项，并完全合作、及时正确采取补救措施，且没有其他从重处罚因素的情形下，可能获得不起诉协议并且无需缴纳罚款。

毕马威观察

从该合规通告以及上述三个政府机构的其他文件当中，可以确定美国政府在出口管制和经济制裁领域的企业合规问题的立场，即企业是实现国家安全政策目标的关键角色，鼓励企业配合政府机构主动合规，对于有意隐瞒自身违规事项的企业从重予以处罚。我们建议可能涉及美国监管的企业，在有关合规问题上应该采取更加主动的立场，来应对美国政府机构的监管趋势。

BIS、OFAC和NSD在评估企业主动自我披露时，都着重强调了企业内部合规制度的有效性，以及企业在发现潜在违规事项之后的处理与纠错情况。企业按照相关监管机构的要求建立完善的内部合规制度，并切实执行，妥善保存相关记录，在企业发生违规事项时，可以有助于向监管机构展示企业自身合规工作的良好开展，并争取对企业最优的处理结果。

在主动自我披露的程序和实操层面，不同政府部门的具体要求略有不同。企业如发现潜在违规事项，应首先确定对应的主管机构，并按照对应的程序性要求准备相关材料，并按照规定的时间提交主动披露材料。应注意的是，如果涉及多个主管政府机构，向其中一个政府机构的主动披露，并不一定会被另外的政府机构认定为主动披露。并且，主动披露应该得到企业管理层的明确授权，方可被认为是企业主动做出的披露行为。

另外，在华企业考虑有关主动披露时，应该同时注意遵守中国的有关法律法规。数据和隐私安全相关法律要求，在华企业对外提供信息，尤其是对外国政府机构，应遵守有关数据出境的相关规定；反外国制裁相关法律，对在华企业在某些外国制裁措施下的行为做出了限制；新近修订的反间谍法律法规，则从国家安全的角度，对企业向境外提供信息的行为提出了新的合规要求。此外，中国商务部等部门还要求企业接受外国政府调查前，应事先报有关部门并获得批准。

如您对上述内容有任何疑问，欢迎与毕马威的相关税务专家联系并进行深入讨论。

U.S. BIS, OFAC and DOJ jointly issue a compliance note on voluntary self-disclosure | China Tax Alert

Issue 14, August 2023

IssIssue 14, August 2023ue 14, August 2023

Summary

• A Compliance Note was released on July 26, 2023, by the U.S. Department of Commerce's Bureau of Industry and Security (BIS), the Department of Treasury’s Office of Foreign Assets Control (OFAC), and the Department of Justice’s National Security Division (NSD). The Note summarizes the process of voluntary self-disclosure (VSD) by companies for potential violations relating to export controls and sanctions that may affect national security. It emphasizes that VSD can reduce administrative or criminal liability for violations and also helps the relevant national security agencies respond to threats to U.S. national security.
• The Note provides information on the guidelines and benefits of VSD for companies under BIS, OFAC and NSD. It explains how VSD can be considered qualified, the importance of cooperation with enforcement authorities and how it can help mitigate the consequences of a breach. BIS policy on VSD also covers the requirements and incentives for companies to report potential violations by third parties. The VSD policies of all three agencies emphasize the effectiveness of a company's Internal Compliance Program (ICP) in addressing and resolving any potential breaches in a prompt manner.

Background

In recent years, the U.S. government has increasingly prioritized national security in domestic and foreign policy. Export controls and sanctions have been implemented to protect national security, with a particular emphasis on promoting corporate compliance and enforcement. The Compliance Note emphasizes companies' critical role in maintaining national security by complying with export controls, sanctions, and other national security-related laws. The U.S. government relies on cooperation from companies to prevent adversaries' use of U.S. technologies and financial systems and safeguard national security. As a result, BIS, OFAC, and NSD have updated their VSD policies to encourage proactive compliance and facilitate regulation and enforcement by government agencies. This promotes the effective implementation of U.S. export controls and sanctions policies.

The Export Administration Regulations (EAR) include BIS's policy on VSD for export control violations. BIS has adopted a "dual-track" approach at the enforcement level, where potential breaches voluntarily disclosed by companies are categorized based on their severity. Minor infringements are dealt with promptly and generally without significant enforcement action or penalties, while more severe breaches are investigated by specially assigned personnel. BIS's enforcement process is designed to encourage businesses to voluntarily disclose violations, while prioritizing government resources on more serious breaches. Deliberate non-disclosure of potential breaches will be considered an aggravating factor. A company's voluntary disclosure or a third party's report of a breach will be regarded as a mitigating factor in BIS's treatment of a company's breach, even if the two violations are unrelated.

When it comes to penalties for violating sanctions, OFAC's VSD Policy takes into account voluntary disclosures as a mitigating factor. If disclosure is qualified, it can lower the liability by as much as 50%. Additionally, FinCEN, which OFAC heads, encourages third parties to report economic sanctions violations and may offer cash rewards to whistle-blowers.

The NSD, a branch of the US Department of Justice that handles national security violations such as export controls and economic sanctions, has recently updated a VSD policy focusing on criminal violations in these areas. This policy differs slightly from that of BIS or OFAC. As a specialized legal agency, NSD has more detailed VSD requirements than BIS and OFAC, with stricter criteria for determining a qualified VSD. Companies that voluntarily disclose their potential criminal offenses to NSD, cooperate fully, take correct and timely remedial action, and have no other aggravating factors, may be able to obtain a non-prosecution agreement and pay no fines.

KPMG observations

The Note and statements from three agencies clarify the US government's stance on corporate compliance regarding export controls and economic sanctions. Companies are crucial in achieving national security policy goals and are urged to cooperate with government agencies in proactive compliance. Intentionally concealing violations will result in severe punishment. Companies that may be impacted by US regulation should adopt a proactive approach to compliance issues in response to regulatory trends by US government agencies.

BIS, OFAC, and NSD stress the importance of a company's ICP and its response to potential breaches when assessing its VSD. To show regulators that a company has carried out its compliance duties well and to help seek the best possible outcome in the event of a breach, it is crucial to establish and implement a comprehensive ICP that meets the requirements set by the relevant regulatory bodies. Maintaining accurate records is also essential.

In the process of VSD, different government agencies have unique requirements at both the practical and procedural levels. If a company suspects a violation, it must first identify the appropriate authority and prepare the necessary materials per the relevant procedures. The company must then submit these materials within the specified timeframe. It's worth noting that if multiple competent authorities are involved, a VSD to one authority does not guarantee acceptance by the other authorities. Furthermore, for a VSD to be considered voluntary disclosure by the company, it must be explicitly authorized by the management.

Chinese companies considering VSD must ensure compliance with relevant Chinese laws and regulations. Data and privacy security laws require companies in China to abide by applicable outbound data regulations when providing information overseas, particularly to foreign government agencies. Anti-foreign sanctions and blocking laws also impose restrictions on the activities of companies in China under certain foreign sanctions. Meanwhile, newly revised anti-espionage laws and regulations mandate new national security compliance requirements on companies that provide information overseas. Additionally, China's Ministry of Commerce and other authorities require companies to report to and obtain prior approval before accepting investigations by foreign governments.

If you have any questions about the above contents, please contact the relevant tax experts of KPMG and have an in-depth discussion.

本文内容仅供一般参考用，并非针对任何个人或团体的个别或特定情况而提供。虽然我们已致力提供准确和及时的资料，但我们不能保证这些资料在阁下收取时或日后仍然准确。任何人士不应在没有详细考虑相关的情况及获取适当的专业意见下依据所载内容行事。本文所有提供的内容均不应被视为正式的审计、会计或法律建议。

©2023毕马威华振会计师事务所(特殊普通合伙)、毕马威企业咨询(中国)有限公司及毕马威会计师事务所，均是与英国私营担保有限公司— 毕马威国际有限公司(“毕马威国际”)相关联。毕马威国际及其关联实体不提供任何客户服务。各成员所均为各自独立的法律主体，其对自身描述亦是如此。毕马威华振会计师事务所(特殊普通合伙) — 中国合伙制会计师事务所；毕马威企业咨询 (中国) 有限公司 — 中国有限责任公司；毕马威会计师事务所 — 香港合伙制事务所。版权所有，不得转载。毕马威的名称和标识均属于毕马威国际的商标或注册商标。