Port of Houston Authority OFFICE OF FOREIGN ASSETS CONTROL COMPLIANCE POLICY I. Purpose This Office of Foreign Assets Control Compliance Policy (the OFAC Compliance Policy ) establishes requirements for compliance with the applicable provisions of the laws and regulations governing the Port of Houston Authority ( Port Authority ) as administered by the Department of Treasury Office of Foreign Asset Control ( OFAC ). II. OFAC Overview A. OFAC administers and enforces economic and trade sanctions based on U.S. foreign policy and national security goals against targeted foreign countries and regimes, terrorists, international narcotics traffickers, those engaged in activities related to the proliferation of weapons of mass destruction, and other threats to the national security, foreign policy or economy of the United States. B. In enforcing these sanctions, OFAC acts to prevent prohibited transactions, which are described by OFAC as trade or financial transactions and other dealings in which U.S. persons may not engage unless authorized by OFAC or expressly exempted by statute. C. As part of its enforcement efforts, OFAC publishes lists of targeted countries, as well as lists of individuals and companies owned or controlled by, or acting for or on behalf of, targeted countries. It also lists individuals, groups, and entities, such as terrorists and narcotics traffickers designated under programs that are not country-specific. Collectively, such individuals and companies are called Specially Designated Nationals or SDNs. Their assets are blocked and U.S. persons are generally prohibited from dealing with them. D. OFAC has the authority to grant exemptions to prohibitions on such transactions, either by issuing a general license for certain categories of transactions, or by specific licenses issued on a case-by-case basis. OFAC administers and enforces economic sanctions programs against countries, businesses or groups of individuals, using the blocking of assets and trade restrictions to accomplish foreign policy and national security goals. III. Policy A. Policy Statement. It is the policy of the Port Authority to comply with applicable laws, regulations, and orders regarding doing business with foreign countries or foreign nationals ( OFAC Regulations ). B. Application. 1. This OFAC Compliance Policy applies to all Port Authority
Page 2 commissioners, officers, and employees ( Commissioners and Employees ), with respect to their activities on behalf of the Port Authority. 2. This OFAC Compliance Policy also applies to business partners, including any agents, contractors, vendors, consultants, or any other third-party representatives that may act on behalf of, or otherwise provide goods, services, or other items of value to, the Port Authority ( Business Partners ). 3. All Commissioners and Employees and Business Partners of the Port Authority should understand and adhere to the requirements of the OFAC Regulations. C. Implementation of OFAC Regulations Compliance. The Port Authority shall not enter into agreements or contracts, including Memoranda of Friendship Trade Agreements with countries, including their ports and other governmental authorities within such countries, which are prohibited as prescribed by OFAC Regulations or are on the OFAC list of countries subject to sanction programs. D. Duty to Report. Any Commissioner or Employee who believes any conduct contrary to this OFAC Compliance Policy has occurred or may occur shall immediately bring such matter to the attention of the Compliance Officer (as defined below), directly or by making use of the Compliance Inbox (compliance@poha.com), or report such matter as provided by the Port Authority s Misconduct Reporting Policy. party. 1. The report may be made anonymously in the discretion of the reporting 2. Once a person has made a report, he or she has a continuing obligation to update the report as new information comes into his/her possession. 3. Under no circumstances shall the reporting of any such information or possible impropriety made in good faith serve as a basis for any retaliatory actions to be taken against any person making the report. E. Standards and Procedures. 1. The Port Authority should establish implementing standards and procedures to check Port Authority contracts, agreements, memoranda of understanding, and other business transactions subject to OFAC Regulations for OFAC Regulations compliance. 2. Such standards and procedures shall include:
Page 3 a. Screening for prohibited transactions as prescribed by OFAC Regulations. b. Monitoring applicable transactions to detect those that involve any entity or person subject to OFAC. c. Checks of OFAC s targeted country list and SDN list and review of specific prohibitions applicable to such countries and nationals on an ongoing basis. d. Checks of names in the Port Authority s vendor database, as periodically updated, and as data is released by OFAC. e. Prompt reporting of violations. 3. If a name is determined to be a true match with a name on OFAC s SDN list, the Port Authority should take appropriate action to block or reject, if applicable, the transaction, freeze and block accounts for the matched name, and file the appropriate report with OFAC. The Port Authority shall report any transaction that has been blocked or rejected to OFAC within ten business days. 4. The OFAC Compliance Officer shall periodically conduct audits to ensure OFAC compliance. 5. The OFAC Compliance Officer shall conduct an annual audit of OFAC compliance and shall prepare and submit an annual report to OFAC of any and all property blocked as of December 31 of such year by March 31 of the following year. 6. All applicable records for OFAC compliance, violations, and audit work papers shall be retained according to OFAC guidelines (currently 5 years). All reports and records of blocked or rejected transactions shall be kept for five years. IV. Designation of Compliance Officials A. Compliance Officer. The Chief Audit Executive of the Port Authority shall act as the Compliance Officer under the Port Authority s OFAC Compliance Policy. 1. The Compliance Officer shall be responsible for ensuring that the Port Authority is in full compliance with OFAC Regulations. 2. The Compliance Officer shall obtain the OFAC list and subscribe to receive
Page 4 automatic email notification whenever there is a new OFAC bulletin or arrange to obtain them by other means. The Compliance Officer shall distribute this information to the appropriate personnel and brief executive staff as necessary regarding the same. 3. The Compliance Officer shall have such other duties as are set forth in this OFAC Compliance Policy and any standards and procedures as may be adopted hereunder. 4. In the event that such person is unable to fulfill such duties, the Audit Committee of the Port Commission should designate on a temporary or permanent basis a substitute Compliance Officer. B. Compliance Counsel. The Port Authority s General Counsel shall act as the Compliance Counsel under the Port Authority s OFAC Compliance Policy. 1. The General Counsel and his/her designee(s) shall assist the OFAC Compliance Officer in rendering legal advice and otherwise giving counsel with respect to the OFAC Compliance Policy and such standards and procedures as may be adopted hereunder. 2. In the event that such person is unable to fulfill such duties, the Audit Committee of the Port Commission should designate on a temporary or permanent basis a substitute Compliance Counsel. V. Support of this OFAC Compliance Policy A. Assessment of Risk. The Port Authority shall conduct an Assessment of Risk with respect to its OFAC Compliance Policy at least biennially, and shall review this OFAC Compliance Policy and make such revisions and adjustments to this OFAC Compliance Policy as required by applicable law or otherwise deemed prudent in light of the updated Assessment of Risk. Attached as Exhibit A is the initial Assessment of Risk under this OFAC Compliance Policy. B. Responsibility for Assuring Compliance with this OFAC Compliance Policy. 1. The Compliance Officer should assure that Commissioners and Employees are aware of this OFAC Compliance Policy and appropriately trained to comply with it, and, with the Compliance Counsel, address questions and issues raised with respect to this OFAC Compliance Policy and compliance with its requirements. 2. All Port Authority personnel with foreign business management
Page 5 responsibility shall be responsible for assuring the compliance with the requirements of this OFAC Compliance Policy by Employees and Business Partners over whom they have supervisory responsibility. 3. The Port Authority s Audit Committee should periodically assess the manner in which Senior Personnel are discharging such responsibility, and the Port Authority s Senior Personnel shall periodically assess the manner in which subordinate members of Port Authority management are similarly discharging such responsibility. C. Compliance Training. 1. To promote this OFAC Compliance Policy, the Port Authority requires that all business division and department heads with foreign business management responsibility (collectively, Senior Personnel ') should undergo periodic compliance training when and as determined by the Compliance Officer. 2. Senior Personnel shall identify to the Compliance Officer those employees who should be considered for training and ensure that such persons receive compliance training upon hiring and at appropriate intervals thereafter. 3. The Port Authority should provide appropriate educational and training programs and resources to assist with that training. D. Certifications. All Senior Personnel will be required to complete and sign, on not less than a biennial basis, a certification that he or she understands this OFAC Compliance Policy, fully acknowledges his/her commitment to comply with same and identify any deviations from the OFAC Compliance Policy on the part of others, and confirms his/her compliance with this OFAC Compliance Policy and such standards and procedures established hereunder. E. Reporting to the Audit Committee. The Compliance Officer and Compliance Counsel may provide regular reports on this OFAC Compliance Policy, its implementation, and activities subject to its requirements, to the Audit Committee, and shall do so at its request. F. Questions. Any questions regarding this OFAC Compliance Policy should be raised with the Compliance Officer or the Compliance Counsel. If they are unavailable, questions should be referred to the Executive Director. The Compliance Inbox for e-mail questions is compliance@poha.com.
Page 6 VI. Policy Owner; Interpretation A. Policy Ownership and Interpretation Responsibility. As the Compliance Officer, the Port Authority s Chief Audit Executive is the owner of this OFAC Compliance Policy, and is responsible for its implementation and the contact for its interpretation. The Compliance Officer shall be assisted in matters of interpretation by the Compliance Counsel. B. Interpretation. The restrictions, requirements, and prohibitions of this OFAC Compliance Policy should be interpreted in the broadest possible manner to promote the best interests of the Port Authority, and the requirements of Title 31 USC (Money and Finance), 31 CFR Part 500 (Foreign Asset Control Regulations), and other national security laws, as they may be amended from time to time. VII. Adoption This OFAC Compliance Policy was adopted by the Port Commission on February 25, 2014, as evidenced by Minute No. 2014-0225-39. Policy Owner: Managing Director Internal Audit Policy Version: 1.0
EXHIBIT A Initial Assessment of Risk A. The Port Authority engages in numerous contracts and business transactions each year. The majority of them are with domestic firms and domestic individuals, although a number of the companies and their officials with which the Port Authority does business are domiciled in foreign countries. The risk of OFAC Regulations violations with the domestic firms and individuals may be smaller than with international organizations and individuals. However, in OFAC s list of SDNs sorted by country, there are many SDNs listed under the United States as well as under foreign countries. B. The Port Authority s principal international transactions are summarized as follows: 1. Operations and Trade Development a. International carriers, cargo owners, tenants, and other port facility users of the Port Authority s terminals and facilities pay fees according to the Port Authority s tariffs, and rents, and/or other contractual amounts b. Shippers may choose or influence the choice of Port Authority terminals c. Business development trips and receptions are conducted abroad d. Port Authority independent contractor representatives in foreign countries promote and develop business for the Port Authority s facilities and terminals e. Vendors located in foreign countries provide sales materials, booths, etc. required for trade conventions f. Non-binding goodwill agreements with foreign ports memorialize engagement in mutual trade development opportunities 2. Operations and Procurement purchase foreign-made goods and services (e.g. cranes) Of the foregoing, the two major risk areas are: (a) the choices made by shippers and carriers to use Port Authority facilities, and (b) the purchase of cranes from foreign manufacturers. C. The Port Authority should comply with its OFAC Compliance Policy and applicable OFAC Regulations through pro-active review of its contracts and other business transactions against the lists of countries and SDNs provided by OFAC.