管理体系及政策细则
Compliance Management System and Policy Details
Code of Conduct Anti-Corruption and Anti-Bribery Compliance Policy 1.明确禁止任何形式的贿赂行为,包括但不限于在国际贸易中对海外公职人员或商业伙伴的行贿、受贿及索贿。 Explicitly prohibit any form of bribery, including but not limited to bribing foreign public officials or business partners in international trade, as well as passive bribery and solicitation. 2.禁止直接或间接向任何政府官员、客户、供应商、代理商等输送不正当利益,以获取或保留业务。 Prohibit directly or indirectly offering improper benefits to any government official, customer, supplier, or agent to obtain or retain business. 3.禁止员工收受来自第三方(尤其是商业合作伙伴)的现金、有价证券、奢侈品等任何形式的不正当利益。 Prohibit employees from accepting any form of improper benefits, such as cash, securities, or luxury goods, from third parties, especially business partners. 4.禁止通过第三方(如代理商、顾问、物流商、关联公司)间接实施贿赂或回扣行为,规避政策约束。 Prohibit using third parties (e.g., agents, consultants, logistics providers, affiliated companies) to indirectly engage in bribery or kickbacks to circumvent policy constraints. 5.明确区分合法商务招待与违规贿赂的界限,确保所有商务支出均基于真实、合理的业务目的。 Clearly distinguish between legitimate business hospitality and illegal bribery, ensuring all business expenditures are based on genuine and reasonable business purposes. 6.对所有拟合作的境外代理商、关键供应商及其他第三方进行反腐败合规尽职调查,评估其风险等级。 Conduct anti-corruption compliance due diligence on all potential overseas agents, key suppliers, and other third parties to assess their risk level. 7.严禁设立或使用未登记的账户或资金用于任何未经批准的支出,确保所有财务往来公开透明。 Strictly prohibit the establishment or use of unrecorded accounts or funds for any unauthorized expenditure, ensuring all financial transactions are open and transparent. 8.禁止以“佣金”“服务费”“咨询费”等名义支付或收受与正常商业服务不符的款项。 Prohibit making or receiving payments under the guise of "commissions," "service fees," or "consultancy fees" that are inconsistent with legitimate commercial services. 9.所有涉及海外业务的招待、礼品赠送及慈善捐赠等活动,必须遵守当地法律并履行公司内部审批程序。 All hospitality, gift-giving, and charitable donations related to overseas business must comply with local laws and follow internal company approval procedures. 10.明确腐败行为的具体界定,包括现金贿赂、提供或收受不当利益、帮助洗钱等各类形式。 Clearly define corrupt practices, including cash bribes, offering or accepting improper benefits, facilitating money laundering, and other forms. 11.建立畅通的腐败行为举报机制,确保举报渠道(如专线、邮箱)对内外各方开放,并严格保护举报人。 Establish accessible reporting mechanisms for corrupt practices, ensuring channels (e.g., hotline, email) are open to internal and external parties, with strict whistleblower protection. 12.对收到的腐败举报线索,由独立部门或人员进行及时、公正的调查,不得包庇或拖延。 Ensure timely and impartial investigation of reported corruption leads by independent departments or personnel, without cover-up or delay. 13.明确腐败行为的处罚措施,包括解除劳动合同、列入商业伙伴黑名单、追究经济损失及移交司法机关。 Clearly define penalties for corrupt practices, including termination of employment, blacklisting of business partners, recovery of economic losses, and referral to judicial authorities. 14.定期对全体员工及高风险第三方合作伙伴进行反腐败政策与国际贸易合规要求的培训。 Conduct regular training on anti-corruption policies and international trade compliance requirements for all employees and high-risk third-party partners. 15.定期评估海外业务及关键环节的反腐败风险,制定并实施相应的风险防控措施。 Regularly assess anti-corruption risks in overseas business and key areas, formulating and implementing corresponding risk prevention and control measures. 16.禁止员工利用职务之便,要求或暗示海外合作伙伴为其个人或亲友提供任何形式的不当利益。 Prohibit employees from using their positions to demand or imply that overseas partners provide any form of improper benefits for themselves, family, or friends. 17.在与境外代理商、供应商签订合作协议时,必须包含反腐败条款,明确其合规义务及违约责任。 Include anti-corruption clauses in cooperation agreements with overseas agents and suppliers, clearly defining their compliance obligations and liability for breach. 18.对经查实涉及腐败行为的第三方合作伙伴,立即采取暂停或终止合作等措施,并保留追究其法律责任的权利。 Immediately suspend or terminate cooperation with third-party partners confirmed to be involved in corrupt practices, and reserve the right to pursue legal action. 19.妥善保存所有反腐败相关的审批文件、尽职调查报告、培训记录及调查档案,以备客户或审计方查阅。 Properly maintain all anti-corruption related approval documents, due diligence reports, training records, and investigation files for customer or audit review. 20.公司管理层应率先垂范,遵守反腐败政策,并对所辖业务领域的合规管理承担领导责任。 Company management shall lead by example in adhering to the anti-corruption policy and take leadership responsibility for compliance management within their respective business areas. 三、礼品与招待合规政策 Gifts and Hospitality Compliance Policy 1.明确规范在国内外商务活动中,向或从客户、供应商及其他商业伙伴提供或收受礼品及招待的标准。 Clearly define standards for giving or receiving gifts and hospitality to or from customers, suppliers, and other business partners in domestic and international business activities. 2.设定可接受礼品的合理价值上限,任何超过此限的礼品原则上不得提供或收受。 Establish a reasonable monetary limit for acceptable gifts; In principle, gifts exceeding this limit shall not be given or accepted. 3.严禁提供或收受现金、现金等价物(如购物卡、代金券)、贵金属、奢侈品等贵重物品。 Strictly prohibit giving or accepting cash, cash equivalents (e.g., gift cards, vouchers), precious metals, luxury goods, or other valuable items. 4.商务宴请应基于合理的业务交流目的,频率和规格应适度,严禁奢华浪费或与业务无关的娱乐活动。 Business meals should be for reasonable business discussion purposes, with appropriate frequency and standards. Extravagant or business-unrelated entertainment is strictly prohibited. 5.禁止安排或接受可能影响公正决策的娱乐招待,如高档会所、私人派对、旅游度假等。 Prohibit arranging or accepting entertainment that could influence impartial decision-making, such as visits to高档 clubs, private parties, or leisure travel. 6.在与政府官员或国有企业人员的交往中,须严格遵守当地法律法规,礼品与招待规定更为严格,原则上应避免。 Interactions with government officials or state-owned enterprise representatives must strictly comply with local laws and regulations, with even more stringent rules on gifts and hospitality; such practices should be avoided in principle. 7.所有礼品与招待的支出必须真实发生、与业务相关,并保留完整的凭证(如发票、记录)。 All expenditures on gifts and hospitality must be genuine, business-related, and supported by complete documentation (e.g., invoices, records). 8.礼品与招待活动需履行内部申请与备案程序,特别是涉及海外业务或超过一定金额时,需提前审批。 Gifts and hospitality activities require internal application and filing procedures, especially those involving overseas business or exceeding a certain value, necessitating prior approval. 9.严禁假借节日问候、商务馈赠、慈善捐赠等名义,变相进行贿赂或输送不正当利益。 Strictly prohibit using holidays, business courtesies, charitable donations, or other occasions as a pretext for bribery or improper benefit transfers. 10.可接受的礼品一般为带有公司标识的小型宣传品、办公用品或价值较低的纪念品,且符合当地文化习俗。 Acceptable gifts are generally small promotional items with the company logo, office supplies, or low-value souvenirs that also respect local cultural customs. 11.员工在商务活动中收到的礼品,若超过规定价值或不宜个人持有,应及时向合规部门申报并按规定处理。 Employees receiving gifts during business activities that exceed the stipulated value or are inappropriate for personal retention must promptly report to the compliance department and follow prescribed procedures. 12.禁止邀请或参与可能影响商业决策的、由第三方支付费用的休闲娱乐活动。 Prohibit inviting or participating in leisure activities paid for by third parties that could influence business decisions. 13.国际差旅中的招待安排应遵循经济节约原则,严禁超标准安排交通、住宿及餐饮。 Hospitality arrangements during international travel should follow principles of economy and frugality, strictly prohibiting excessive standards for transportation, accommodation, and meals. 14.严禁向第三方提供或接受与业务无关的服务类招待,如私人健身、美容、健康体检等。 Strictly prohibit providing or accepting business-unrelated service-based hospitality, such as personal fitness, beauty treatments, or health check-ups. 15.明确礼品与招待的审批权限,根据金额和涉及方(如是否为政府官员)设定不同层级的审批流程。 Clearly define approval authority for gifts and hospitality, establishing tiered approval processes based on value and the involved parties (e.g., whether they are government officials). 16.禁止利用礼品与招待对客户、供应商施加不当影响,或作为获取不公平竞争优势的手段。 Prohibit using gifts and hospitality to unduly influence customers or suppliers or as a means to gain unfair competitive advantages. 17.对于超出常规标准或特殊情况的礼品与招待,需提供充分理由并获得更高层级批准,否则视为违规。 Gifts and hospitality exceeding regular standards or under special circumstances require adequate justification and approval from higher management; otherwise, they are considered violations. 18.合规部门或内部审计应定期抽查礼品与招待费用,审查其合规性及审批程序的完整性。 The compliance department or internal audit should periodically sample gifts and hospitality expenses to review their compliance and the completeness of approval procedures. 19.明确违规提供或收受礼品与招待的纪律处分,包括警告、罚款、降级乃至解除劳动合同。 Clearly define disciplinary actions for violations related to giving or accepting gifts and hospitality, including warnings, fines, demotion, or termination of employment. 20.通过培训及沟通,确保所有员工及关键第三方清晰理解并遵守礼品与招待政策,避免因文化差异导致的误解。 Ensure all employees and key third parties clearly understand and adhere to the gifts and hospitality policy through training and communication, avoiding misunderstandings due to cultural differences. 四、利益冲突合规政策 Conflicts of Interest Compliance Policy 1.明确界定利益冲突,指员工个人利益可能与其对公司承担的职责发生冲突,从而影响其公正决策的情形。 Clearly define a conflict of interest as a situation where an employee's personal interests may conflict with their duties to the company, potentially influencing their impartial decision-making. 2.员工须主动申报个人及近亲属在与公司有或拟有业务往来的实体中任职、投资或拥有重大利益的情况。 Employees must proactively disclose any employment, investment, or material interest held by themselves or immediate family members in entities that do or seek to do business with the company. Prohibit employees from using their position to divert business opportunities or gain benefits for themselves, family, friends, or any third party that conflicts with the company's interests. Prohibit employees from holding concurrent positions in any external entity related to the company's business (especially suppliers, customers, competitors) that could compromise their objectivity. 5.禁止员工未经授权使用公司的资源(包括时间、信息、设备、品牌)从事与公司无关的个人或第三方活动。 Prohibit employees from using company resources (including time, information, equipment, brand) for personal or third-party activities unrelated to the company without authorization. 6.明确关联交易的定义,即公司与员工或其关联方之间进行的交易,必须遵循公平、公正、透明的原则。 Define related-party transactions as transactions between the company and an employee or their related parties, which must adhere to principles of fairness, impartiality, and transparency. 7.涉及与员工亲属或关联方合作的事项,该员工必须主动申请回避,不得参与评估、谈判、审批等决策环节。 In matters involving cooperation with an employee's relatives or related parties, the employee must recuse themselves and not participate in decision-making processes like evaluation, negotiation, or approval. 8.禁止员工利用职务影响力,引导公司业务决策(如采购、外包)向与其存在私人关系的个人或实体倾斜。 Prohibit employees from using their influence to steer company business decisions (e.g., procurement, outsourcing) towards individuals or entities with whom they have a personal relationship. 9.员工的个人投资行为不得与公司业务产生冲突,尤其应避免投资于公司的供应商、客户或直接竞争对手。 Employees' personal investments must not conflict with the company's business, particularly avoiding investments in the company's suppliers, customers, or direct competitors. 10.明确要求员工在入职、岗位变动或出现潜在利益冲突情形时,及时完成利益冲突申报。 Clearly require employees to complete conflict of interest disclosures upon hiring, job changes, or when potential conflicts arise. 11.建立利益冲突申报信息的管理台账,由合规部门负责登记、审核、跟踪及存档。 Establish a registry for conflict of interest disclosures, managed by the compliance department responsible for recording, reviewing, tracking, and archiving. 12.对于已识别确认的利益冲突,制定具体的处理方案,如要求员工剥离相关利益、调离岗位或终止相关业务。 Develop specific resolution plans for identified conflicts of interest, such as requiring divestiture of related interests, job reassignment, or termination of relevant business. 13.禁止员工以任何方式干预或影响其近亲属所在实体的业务合作决策,即使其本人已回避。 Prohibit employees from interfering in or influencing business decisions involving entities employing their immediate family members, even if they have formally recused themselves. 14.管理层人员须以身作则,主动申报自身及亲属的利益冲突情况,并接受更高层级的监督与审查。 Management personnel must lead by example, proactively disclosing their own and their family members' conflicts of interest, and are subject to higher-level oversight and review. 15.明确未申报、隐瞒或虚假申报利益冲突行为的处罚规定,视情节轻重给予纪律处分直至解除劳动合同。 Clearly define penalties for failure to disclose, concealment, or false disclosure of conflicts of interest, ranging from disciplinary action to termination of employment based on severity. 16.定期(如年度)或在关键岗位变动时,组织员工进行利益冲突排查,更新申报信息。 Organize periodic (e.g., annual) conflict of interest reviews for employees, especially during key position changes, to update disclosure information. 17.定期开展利益冲突管理培训,通过案例分析提升员工识别与主动申报利益冲突的意识和能力。 Conduct regular training on conflict of interest management, using case studies to enhance employees' awareness and ability to identify and proactively disclose conflicts. 18.禁止员工与公司竞争对手建立任何可能影响其工作忠诚度和公正性的合作关系。 Prohibit employees from establishing any cooperative relationship with the company's competitors that could compromise their loyalty and impartiality. 19.利益冲突处理全过程应留存书面记录,包括申报表、处理决定、签署文件等,确保可追溯。 Maintain written records throughout the conflict of interest handling process, including disclosure forms, resolution decisions, and signed documents, ensuring traceability. 20.根据公司业务发展、市场变化及法律法规更新,定期评估并完善利益冲突的界定标准与管理措施。 Regularly evaluate and refine the definition of conflicts of interest and management measures based on company business development, market changes, and updates to laws and regulations. 五、举报政策与道德热线 Whistleblower Policy and Ethics Hotline 1.设立并公布以下便捷、保密的举报渠道,供员工及外部相关方报告可疑不当行为或合规问题: 电子邮箱:wb@bichengpcb.com 举报热线:+86 755 27374946 书面信函:深圳市碧澄电子科技有限公司 合规委员会 收 邮寄地址:中国广东省深圳市宝安区福永街道兴益路世源中心1716 邮编:518103 Establish and publicize the following convenient and confidential reporting channels for employees and external stakeholders to report suspected misconduct or compliance concerns: Email: wb@bichengpcb.com Hotline: +86 755 27374946 Written correspondence: Compliance Committee, Shenzhen Bicheng Electronics Technology Co., Ltd. Mailing Address: 1716 Shiyuan Zhongxin, Xingyi Road, Fuyong, Bao'an District, Shenzhen City, Guangdong Province, China 518103 2.举报渠道对全体员工、客户、供应商及其他所有利益相关方开放,无任何身份限制。 Reporting channels are open to all employees, customers, suppliers, and other stakeholders without any restrictions on identity. 3.明确举报受理范围,涵盖所有涉嫌违反公司商业行为准则、反腐败政策及其他合规要求的行为。 Clearly define the scope of reports accepted, covering all suspected violations of the company's Code of Conduct, Anti-Corruption Policy, and other compliance requirements. 4.严格保密举报人身份信息及其提供的所有材料,严禁向任何无关人员泄露。 Strictly protect the confidentiality of whistleblowers' identities and all materials they provide, prohibiting disclosure to any unauthorized personnel. 5.明确规定,公司严厉禁止任何人对善意举报的举报人进行任何形式的打击报复,包括但不限于解雇、降职、调岗、骚扰或歧视。 Explicitly state that the company strictly prohibits any form of retaliation against whistleblowers acting in good faith, including but not limited to termination, demotion, transfer, harassment, or discrimination. 6.对任何实施打击报复行为的个人或部门,公司将依法依规进行严肃处理,追究其责任。 The company will strictly handle any individual or department found to have engaged in retaliation according to regulations and hold them accountable. 7.明确举报受理的时限要求,接收举报后应在规定时间内确认受理,并告知举报人后续流程(如适用,匿名举报除外)。 Clearly define the timeframe for acknowledging receipt of a report, confirming receipt within a specified period and informing the whistleblower of subsequent procedures (where applicable, excluding anonymous reports). 8.建立举报登记台账,对所有收到的举报线索进行分类、编号、登记,确保信息完整可追溯。 Establish a report registration log to categorize, number, and record all received leads, ensuring complete and traceable information. 9.明确举报调查的标准流程,包括由独立人员或部门负责、线索核实、证据收集、相关方访谈等环节。 Clearly define the standard process for investigating reports, including assignment to independent personnel or departments, lead verification, evidence collection, and interviews with relevant parties. 10.确保调查过程客观、公正、独立,调查人员应不受被举报方或其他任何部门的不当干预。 Ensure the investigation process is objective, impartial, and independent, with investigators free from undue interference by the accused party or any other department. 11.设定合理的调查期限,力求在保证调查质量的前提下,尽快完成调查并形成结论。 Set reasonable timelines for investigations, striving to complete them and reach conclusions promptly while ensuring quality. 12.在保护商业秘密和个人隐私的前提下,向举报人(若能联系且不涉及匿名)适当反馈调查进展及最终处理结果。 Provide appropriate feedback on investigation progress and final outcomes to whistleblowers (where contactable and not anonymous), while protecting trade secrets and personal privacy. 13.明确界定不予受理的举报情形,如缺乏事实依据的恶意举报、诬告陷害、重复无效举报等,并告知理由(若可联系)。 Clearly define circumstances where reports will not be accepted, such as malicious reports lacking factual basis, false accusations, or repetitive invalid reports, and provide reasons (if contactable). 14.对恶意举报、诬告陷害他人,造成不良影响或损害的行为,将追究举报人相应责任。 Hold individuals accountable for malicious reporting or false accusations that cause adverse effects or harm to others. 15.举报相关档案,包括登记信息、调查记录、证据材料、处理决定等,应妥善保存,保存期限符合法规要求。 Properly maintain all report-related files, including registration information, investigation records, evidence, and resolution decisions, for retention periods compliant with legal requirements. 16.允许并接受匿名举报,但为便于有效调查,鼓励举报人提供足够具体、可核实的线索和信息。 Allow and accept anonymous reports, but encourage whistleblowers to provide sufficiently specific and verifiable leads and information to facilitate effective investigation. 17.定期对收到的举报信息进行统计分析,识别高发风险领域和流程漏洞,为优化内控提供依据。 Periodically conduct statistical analysis of received reports to identify high-risk areas and process gaps, providing a basis for improving internal controls. 18.明确举报管理工作的责任部门及具体责任人,确保举报渠道畅通、处理流程规范、信息保密到位。 Clearly designate the responsible department and specific individuals for managing reports, ensuring accessible channels,规范 processing, and adequate information confidentiality. 19.通过员工手册、公司网站、供应商协议等多种途径,向所有员工及商业伙伴宣传举报政策,告知举报渠道及保护措施。 Publicize the whistleblower policy, reporting channels, and protection measures to all employees and business partners through various means such as employee handbooks, the company website, and supplier agreements. 20.定期评估举报机制的有效性,收集反馈,并根据实际运行情况及外部环境变化,持续优化举报流程。 Regularly evaluate the effectiveness of the reporting mechanism, gather feedback, and continuously improve reporting procedures based on operational experience and changes in the external environment. 六、出口管制与制裁合规政策 Export Control and Sanctions Compliance Policy 1.严格遵守中国及所有业务所在国关于出口管制、经济制裁和海关管理的法律法规。 Strictly comply with the export control, economic sanctions, and customs laws and regulations of China and all countries where we conduct business. 2.建立并执行最终用户和最终用途核查机制,确保产品、技术或服务不被用于或转移到受制裁的国家、实体或个人。 Establish and implement end-user and end-use verification mechanisms to ensure products, technologies, or services are not used for or diverted to sanctioned countries, entities, or individuals. 3.在接收海外订单或与海外客户合作前,对客户及其相关方进行受制裁/受限实体清单筛查。 Screen customers and their related parties against sanctioned/restricted party lists before accepting overseas orders or cooperating with overseas customers. 4.严禁与被列入各类制裁名单(如联合国、中国、美国OFAC等名单)的个人或实体进行任何形式的交易。 Strictly prohibit any form of transaction with individuals or entities listed on various sanctions lists (e.g., UN, China, US OFAC lists). 5.对涉及受管制物项(产品、技术、软件)的出口业务,依法申请并取得必要的出口许可证或授权。 For exports involving controlled items (products, technology, software), apply for and obtain necessary export licenses or authorizations as required by law. 6.加强对产品分类归类的管理,准确识别产品是否受出口管制及适用的管制编码。 Strengthen management of product classification to accurately identify whether products are subject to export controls and the applicable control classification numbers. 7.在与境外代理商、分销商合作时,通过合同条款明确其遵守出口管制与制裁规定的义务,并对违规行为承担责任。 When cooperating with overseas agents or distributors, include clauses in contracts specifying their obligation to comply with export control and sanctions regulations and assume responsibility for violations. 8.对涉及受管制物项的订单、运输单据、报关文件等进行严格审核,确保信息真实、准确、完整。 Strictly review orders, shipping documents, and customs declarations involving controlled items to ensure information is true, accurate, and complete. 9.密切关注国际出口管制和制裁政策的动态变化,及时调整公司内部政策和业务流程。 Closely monitor changes in international export control and sanctions policies and promptly adjust internal company policies and business processes. 10.对员工,特别是销售、采购、物流、关务等岗位,进行出口管制与制裁合规培训。 Provide export control and sanctions compliance training to employees, especially those in sales, procurement, logistics, and customs affairs. 11.在识别出潜在的高风险交易(如涉及敏感物项、高风险目的地或异常交易模式)时,启动加强尽职调查程序。 Initiate enhanced due diligence procedures when identifying potentially high-risk transactions (e.g., involving sensitive items, high-risk destinations, or unusual transaction patterns). 12.禁止任何旨在规避或违反出口管制与制裁法律的行为,包括但不限于错误申报、拆分订单、隐瞒最终用途。 Prohibit any actions aimed at circumventing or violating export control and sanctions laws, including but not limited to misclassification, split shipments, or concealment of end-use. 13.确保所有出口业务相关的单证,如商业发票、装箱单、原产地证书、最终用户说明等,准确无误且符合要求。 Ensure all documentation related to export transactions, such as commercial invoices, packing lists, certificates of origin, and end-user statements, is accurate and meets requirements. 14.对涉及敏感技术或软件的技术输出(如技术支援、培训)实施严格控制,必要时履行相关审批或许可程序。 Implement strict controls on the transfer of sensitive technologies or software (e.g., technical support, training), and fulfill relevant approval or licensing procedures when necessary. 15.建立内部流程,确保所有出口产品都经过合规性审查,特别是发往高风险国家或地区的产品。 Establish internal processes to ensure all export products undergo compliance review, especially those destined for high-risk countries or regions. 16.将出口管制与制裁合规要求纳入供应商和合作伙伴的评估与选择标准中。 Incorporate export control and sanctions compliance requirements into the evaluation and selection criteria for suppliers and partners. 17.对涉及出口管制的业务流程进行定期的内部审计,检查合规控制措施的有效性。 Conduct regular internal audits of business processes involving export controls to verify the effectiveness of compliance controls. 18.保留所有与出口管制相关的文件记录,包括许可证申请、客户筛查记录、订单文件等,以备监管机构检查。 Retain all records related to export controls, including license applications, customer screening records, and order documents, for inspection by regulatory authorities. 19.一旦发现涉嫌违反出口管制规定的行为,立即启动内部调查,并根据情况采取补救措施并考虑向相关部门主动报告。 Upon discovering potential violations of export control regulations, immediately initiate an internal investigation, take remedial actions as appropriate, and consider voluntary disclosure to relevant authorities. 20.管理层承诺持续投入资源,确保出口管制合规体系的有效运行,并根据国际形势和法规变化进行优化。 Management commits to continuously investing resources to ensure the effective operation of the export control compliance system and to optimize it in response to international developments and regulatory changes. 七、数据隐私与信息安全合规政策 Data Privacy and Information Security Compliance Policy 1.严格遵守业务所在国关于数据隐私和个人信息保护的法律法规,如欧盟GDPR、中国个人信息保护法等。 Strictly comply with data privacy and personal information protection laws and regulations in the countries where we operate, such as the EU GDPR and China's Personal Information Protection Law. 2.在收集、使用、处理客户、员工及合作伙伴的个人信息前,明确告知收集目的、使用范围,并依法获得同意。 Before collecting, using, or processing personal information of customers, employees, and partners, clearly inform them of the purpose and scope of collection and obtain consent as required by law. 3.严禁非法获取、出售、泄露或以任何不当方式使用个人信息及公司商业秘密、技术数据。 Strictly prohibit illegal acquisition, sale, disclosure, or any improper use of personal information and company trade secrets or technical data. 4.对持有的个人信息进行分类管理,区分一般信息与敏感信息,对敏感信息实施更严格的保护措施。 Classify personal information held, distinguishing between general and sensitive information, and implement stricter protection measures for sensitive information. 5.建立完善的数据存储管理制度,确保个人信息及核心业务数据存储安全,防止未经授权的访问、篡改或丢失。 Establish robust data storage management systems to ensure the secure storage of personal information and core business data, preventing unauthorized access, alteration, or loss. 6.严格管控数据访问权限,遵循最小权限原则,仅授予员工完成本职工作所必需的数据访问权限。 Strictly control data access rights, adhering to the principle of least privilege, granting employees only the access necessary to perform their job duties. 7.未经信息主体同意或法律允许,严禁向任何第三方披露、转让或共享个人信息。 Strictly prohibit disclosing, transferring, or sharing personal information with any third party without the consent of the data subject or as permitted by law. 8.加强商业秘密、专有技术、客户清单、供应链信息等核心商业资产的保密管理,与相关员工签订保密协议。 Strengthen confidentiality management of core business assets such as trade secrets, proprietary technology, customer lists, and supply chain information, requiring relevant employees to sign confidentiality agreements. 9.定期对全体员工进行数据隐私与信息安全意识培训,提高员工的风险防范能力。 Conduct regular data privacy and information security awareness training for all employees to enhance their risk prevention capabilities. 10.规范办公电脑、服务器、移动设备及可移动存储介质的使用,强制要求密码保护、加密及安全配置。 Standardize the use of office computers, servers, mobile devices, and removable storage media, mandating password protection, encryption, and security configurations. 11.建立用户账号生命周期管理机制,包括账号创建、权限变更、定期复核及离职账号的及时注销。 Establish user account lifecycle management mechanisms, including account creation, permission changes, periodic reviews, and timely deactivation of accounts for departing employees. 12.定期对公司信息系统进行安全检测、漏洞扫描和渗透测试,及时修复发现的安全隐患。 Regularly conduct security assessments, vulnerability scans, and penetration tests on company information systems, promptly remediating identified security risks. 13.建立关键数据定期备份与恢复演练机制,确保在发生数据丢失或系统故障时能够有效恢复。 Establish mechanisms for regular backups of critical data and recovery drills to ensure effective recovery in case of data loss or system failure. 14.制定数据安全事件应急响应预案,明确事件上报、分析、处置、沟通及事后改进的流程。 Develop an incident response plan for data security events, outlining procedures for reporting, analysis, containment, communication, and post-incident improvement. 15.规范数据跨境传输行为,在向境外传输个人信息或重要数据前,依法进行安全评估并履行必要审批程序。 Regulate cross-border data transfers, conducting security assessments and fulfilling necessary approval procedures as required by law before transferring personal information or important data overseas. 16.严禁员工私自通过非公司授权的渠道(如个人邮箱、云存储)存储、传输或分享公司敏感数据。 Strictly prohibit employees from storing, transmitting, or sharing company sensitive data through unauthorized channels (e.g., personal email, cloud storage). 17.在与第三方供应商、服务商签订合同时,明确数据保护责任,要求其签署数据保密协议并采取足够的安全措施。 When contracting with third-party suppliers and service providers, clearly define data protection responsibilities, require them to sign confidentiality agreements, and mandate adequate security measures. 18.定期开展信息安全内部检查或审计,评估数据保护措施的有效性,排查潜在风险点。 Conduct periodic internal information security checks or audits to assess the effectiveness of data protection measures and identify potential risks. 19.明确信息安全违规行为的处罚措施,对因违规导致数据泄露或安全事故的个人追究责任。 Clearly define penalties for information security violations, holding individuals accountable for data breaches or security incidents caused by their non-compliance. 20.根据法律法规更新及业务发展需求,定期评估并修订数据隐私与信息安全政策,确保持续合规。 Regularly evaluate and revise data privacy and information security policies based on legal updates and business needs to ensure ongoing compliance. 八、合规培训体系 Compliance Training Program 1.建立新员工入职合规强制培训制度,未完成并通过培训考核者,不得办理正式入职手续。 Establish a mandatory compliance training system for new employees; those who do not complete and pass the training assessment are not eligible for formal onboarding. 2.新员工入职培训内容必须包含公司核心合规政策,如商业行为准则、反腐败政策、信息安全及出口管制基础。 New employee orientation training must include core company compliance policies such as the Code of Conduct, Anti-Corruption Policy, Information Security, and basics of Export Controls. 3.为管理层及关键岗位人员(如海外销售、采购、财务)提供专项合规培训,明确其管理责任与岗位特定风险。 Provide specialized compliance training for management and personnel in key roles (e.g., overseas sales, procurement, finance), clarifying their management responsibilities and role-specific risks. 4.每年至少组织一次覆盖全体员工的年度合规培训,重点强化反腐败、反贿赂及商业道德准则。 Organize annual compliance training for all employees at least once a year, focusing on reinforcing anti-corruption, anti-bribery, and business ethics standards. 5.针对礼品招待、利益冲突等日常业务中易发风险的领域,开展案例式、实操性的专题培训。 Conduct case-based, practical training on areas prone to risks in daily operations, such as gifts and hospitality, and conflicts of interest. 6.为核心风险岗位(如销售代表、采购专员、项目经理)设计并实施定制化合规培训课程,强化风险防控能力。 Design and implement customized compliance training courses for core risk positions (e.g., sales representatives, procurement specialists, project managers) to strengthen their risk prevention capabilities. 7.通过线上平台、邮件推送或签订合规承诺书等方式,向关键供应商、代理商等传递公司的合规要求。 Communicate company compliance requirements to key suppliers, agents, and other partners through online platforms, email distributions, or by obtaining signed compliance commitments. 8.组织反洗钱、反欺诈、出口管制等专项合规培训,提升员工识别和应对相关风险的能力。 Organize specialized training on anti-money laundering, anti-fraud, export controls, etc., to enhance employees' ability to identify and respond to related risks. 9.开展数据隐私与信息安全专项培训,确保处理个人数据和接触敏感信息的员工熟练掌握操作规范。 Conduct specialized training on data privacy and information security to ensure employees handling personal data or accessing sensitive information are proficient in operational norms. 10.采用线上学习平台、线下课堂、研讨会、知识竞赛等多种形式,提高培训的覆盖面和参与度。 Utilize various formats such as online learning platforms, classroom sessions, seminars, and knowledge contests to improve training coverage and engagement. 11.建立严格的培训签到制度,确保所有参训人员实际到场并完成学习任务。 Implement a strict training attendance system to ensure all participants are physically present and complete learning tasks. 12.设置培训后考核环节,考核不合格者需重新参加培训,直至考核通过。 Include post-training assessments; those who fail must retake the training until they pass. 13.妥善保存所有培训记录,包括培训通知、签到表、课件、考核成绩及培训总结,确保可追溯。 Properly maintain all training records, including training notices, attendance sheets, course materials, assessment scores, and training summaries, ensuring traceability. 14.定期整理内外部典型合规案例,开展警示教育,用真实案例强化员工的合规意识。 Periodically compile typical internal and external compliance cases for warning education, using real examples to reinforce employee compliance awareness. 15.根据法律法规更新、公司政策修订及业务发展变化,及时更新培训内容,确保其时效性。 Timely update training content based on legal updates, company policy revisions, and business development changes to ensure relevance. 16.视情况邀请外部律师、合规专家或行业顾问,为员工提供前沿、专业的合规知识培训。 As appropriate, invite external lawyers, compliance experts, or industry consultants to provide cutting-edge, professional compliance knowledge training to employees. 17.建立培训效果评估机制,通过问卷调查、课后访谈、行为观察等方式收集反馈,持续优化培训方案。 Establish a training effectiveness evaluation mechanism, collecting feedback through surveys, post-training interviews, and behavioral observations to continuously improve training programs. 18.为晋升至新管理岗位的员工提供岗前合规培训,明确其新岗位的合规领导责任。 Provide pre-appointment compliance training for employees promoted to new management positions, clarifying their compliance leadership responsibilities in the new role. 19.鼓励开展合规主题的文化建设活动,如合规承诺签署仪式、合规之星评选等,营造良好合规氛围。 Encourage cultural activities with compliance themes, such as compliance pledge signing ceremonies or "Compliance Star" awards, to foster a positive compliance atmosphere. 20.每年底制定下一年度的合规培训计划,明确培训目标、内容、对象、时间及资源安排。 Develop an annual compliance training plan at the end of each year, outlining training objectives, content, target audience, schedule, and resource allocation. 九、内控与审计机制 Internal Control and Audit Mechanism 1.建立并持续优化覆盖销售、采购、财务、物流等关键业务流程的内控制度。 Establish and continuously optimize internal control systems covering key business processes such as sales, procurement, finance, and logistics. 2.规范费用报销、资金支付流程,明确审批权限与标准,杜绝虚假报销和违规支付。 Standardize expense reimbursement and payment processes, clearly defining approval authority and criteria to eliminate false claims and irregular payments. 3.建立采购管理内控流程,涵盖供应商准入、招标比价、合同签订、验收付款等环节,防范采购风险。 Establish internal control procedures for procurement management, covering supplier onboarding, bidding and price comparison, contract signing, acceptance, and payment to mitigate procurement risks. 4.规范合同管理流程,明确合同的起草、审核、签署、履行跟踪及归档要求,确保合同合规。 Standardize contract management processes, defining requirements for drafting, review, signing, performance tracking, and archiving to ensure contract compliance. 5.建立资金支付分级审批机制,根据支付金额、性质及风险等级,设置不同的审批层级。 Establish a tiered approval mechanism for fund payments, setting different approval levels based on payment amount, nature, and risk level. 6.定期组织各业务部门开展内部控制自我评估,识别流程中的薄弱环节与潜在风险。 Regularly organize business departments to conduct internal control self-assessments, identifying weaknesses and potential risks in processes. 7.制定年度内部审计计划,依据风险评估结果确定审计重点、范围和时间安排。 Develop an annual internal audit plan, determining audit priorities, scope, and schedule based on risk assessment results. 8.开展专项审计,针对高风险领域(如海外销售佣金、大额采购、反腐败)进行深入检查。 Conduct special audits for in-depth review of high-risk areas such as overseas sales commissions, large procurements, and anti-corruption. 9.建立风险识别与评估机制,定期系统性地识别、分析公司面临的各类合规与运营风险。 Establish a risk identification and assessment mechanism to systematically identify and analyze various compliance and operational risks faced by the company regularly. 10.对审计、自查或风险评估中发现的问题,向责任部门下发整改通知,明确整改要求与完成时限。 Issue rectification notices to responsible departments for issues identified in audits, self-assessments, or risk evaluations, specifying requirements and completion deadlines. 11.建立问题整改跟踪闭环机制,由内审或合规部门追踪整改进度,验证整改效果,确保问题彻底解决。 Establish a closed-loop mechanism for tracking rectification, with internal audit or compliance departments monitoring progress, verifying effectiveness, and ensuring issues are thoroughly resolved. 12.将关键合规指标纳入相关部门及岗位的绩效考核体系,与薪酬、晋升等挂钩。 Incorporate key compliance indicators into the performance appraisal system for relevant departments and positions, linking them to compensation and promotion. 13.明确内控建设与内部审计工作的责任部门,配备充足资源,确保其独立性和权威性。 Clearly designate responsible departments for internal control development and internal audit work, providing adequate resources to ensure their independence and authority. 14.妥善保存内控流程文件、审计报告、工作底稿、整改资料等,确保档案完整、可追溯。 Properly maintain internal control process documents, audit reports, work papers, rectification records, and other relevant files to ensure completeness and traceability. 15.定期对内控体系的整体设计及运行有效性进行评估,并根据评估结果进行优化完善。 Periodically evaluate the overall design and operational effectiveness of the internal control system, making improvements based on assessment results. 16.配合外部审计机构、客户或其委托的第三方进行的合规审计或尽职调查,按要求提供信息。 Cooperate with external auditors, customers, or their authorized third parties during compliance audits or due diligence, providing information as required. 17.明确因内控缺陷导致违规事件的问责机制,追究相关管理人员及直接责任人的责任。 Clearly define the accountability mechanism for compliance incidents caused by internal control deficiencies, holding relevant managers and directly responsible individuals accountable. 18.加强对海外子公司、分支机构的内控管理与审计监督,确保集团整体合规标准一致。 Strengthen internal control management and audit supervision over overseas subsidiaries and branches to ensure consistent group-wide compliance standards. 19.定期对关键岗位员工进行内控流程培训,确保其理解并正确执行相关控制要求。 Provide regular training on internal control processes to employees in key positions, ensuring they understand and correctly execute relevant control requirements. 20.定期向公司管理层及董事会(若有)汇报内控与审计工作情况,及时报告重大风险及整改情况。 Regularly report on internal control and audit work to company management and the Board of Directors (if applicable), promptly reporting significant risks and rectification status. 十、第三方尽职调查合规政策 Third-Party Due Diligence Compliance Policy 1.建立并执行统一的第三方尽职调查管理制度,明确适用范围、调查标准及审批流程。 Establish and implement a unified third-party due diligence management system, defining the scope of application, investigation criteria, and approval procedures. 2.在与代理商、分销商、关键供应商、咨询服务商等建立合作关系前,必须完成尽职调查。 Complete due diligence before establishing cooperative relationships with agents, distributors, key suppliers, consultants, and other service providers. 3.核查第三方的主体资格,包括营业执照、经营范围、资质证书的有效性及合法性。 Verify the legal status of third parties, including the validity and legality of their business licenses, scope of business, and qualification certificates. 4.穿透核查第三方的股权结构及实际控制人信息,识别是否存在潜在的利益冲突或敏感关联方。 Conduct look-through checks on the ownership structure and beneficial owners of third parties to identify potential conflicts of interest or sensitive related parties. 5.评估第三方的经营与财务状况,通过公开渠道或商业信用报告,了解其经营稳定性及财务风险。 Assess the operational and financial status of third parties through public channels or commercial credit reports to understand their business stability and financial risks. 6.核查第三方的合规记录,检索其是否存在行政处罚、诉讼、仲裁、失信被执行人等负面信息。 Check the compliance records of third parties, searching for any negative information such as administrative penalties, lawsuits, arbitrations, or being listed as a judgment debtor. 7.重点评估第三方在反腐败、反贿赂方面的风险,了解其是否建立相关内控制度及有无违规历史。 Focus on assessing third-party risks related to anti-corruption and anti-bribery, determining whether they have established relevant internal controls and any history of violations. 8.根据合作内容,评估第三方的信息安全与数据保护能力,确保其能妥善处理可能接触到的公司及客户信息。 Assess the information security and data protection capabilities of third parties based on the合作内容, ensuring they can properly handle any company or customer information they may access. 9.对涉及高风险国家或地区、政府项目、大额交易或敏感领域的第三方,实施加强尽职调查。 Conduct enhanced due diligence on third parties involving high-risk countries or regions, government projects, large transactions, or sensitive areas. 10.建立第三方尽职调查档案,妥善保存调查报告、支持性文件及审批记录,确保可追溯。 Establish due diligence files for each third party, properly maintaining investigation reports, supporting documents, and approval records to ensure traceability. 11.在与第三方签订的合作协议中,明确嵌入合规条款,要求其承诺遵守反腐败、出口管制、数据保护等规定。 Incorporate clear compliance clauses into cooperation agreements with third parties, requiring them to commit to complying with anti-corruption, export control, data protection, and other regulations. 12.对于尽调中发现存在重大风险或不合规记录的第三方,原则上禁止合作。 In principle, prohibit cooperation with third parties found to have significant risks or records of non-compliance during due diligence. 13.建立第三方合作期间的持续监控机制,定期或在发生重大事件时,对合作方进行重新评估。 Establish a continuous monitoring mechanism for third parties during the合作 period, conducting periodic reassessments or upon occurrence of significant events. 14.将第三方的合规表现纳入年度评估,作为是否续约或扩大合作范围的重要依据。 Incorporate third-party compliance performance into annual evaluations as a key factor for contract renewal or expanding the scope of cooperation. 15.对合作中向第三方支付的佣金、服务费等费用进行合理性审查,确保其符合商业惯例且真实发生。 Review the reasonableness of commissions, service fees, and other payments made to third parties during cooperation, ensuring they conform to business practices and are genuinely incurred. 16.明确第三方尽职调查的责任部门及人员,确保调查工作专业、客观、规范地开展。 Clearly designate the responsible department and personnel for third-party due diligence, ensuring investigations are conducted professionally, objectively, and in a standardized manner. 17.对尽职调查中识别出的风险,制定相应的风险缓释措施,如加强合同约束、要求提供合规承诺、限制合作范围等。 Develop corresponding risk mitigation measures for risks identified during due diligence, such as strengthening contract clauses, requiring compliance commitments, or limiting the scope of cooperation. 18.对参与第三方尽调及管理的员工进行相关培训,提升其识别风险、评估合规性的能力。 Provide training to employees involved in third-party due diligence and management to enhance their ability to identify risks and assess compliance. 19.根据法律法规变化及公司业务发展,定期更新第三方尽职调查的标准、流程及工具。 Regularly update third-party due diligence standards, processes, and tools based on changes in laws and regulations and company business development. 20.对经查实存在严重违规行为的第三方合作伙伴,根据合同约定采取暂停合作、终止合作、列入黑名单等措施。 Take actions such as suspending or terminating cooperation and blacklisting third-party partners confirmed to have engaged in serious violations, in accordance with contract terms. 深圳市碧澄电子科技有限公司 Shenzhen Bicheng Electronics Technology Co., Ltd. 本文件详细阐述了公司的合规管理体系及相关政策细则,旨在向合作伙伴全面展示我们对商业诚信与合规经营的坚定承诺。 This document details the company's compliance management system and related policies, aiming to comprehensively demonstrate to our partners our firm commitment to business integrity and compliant operations.
1.秉持诚信、公正、透明的核心价值观,贯穿于所有国内外业务活动及客户往来。
Uphold the core values of integrity, fairness, and transparency in all domestic and international business activities and customer interactions.
2.严格遵守中国及所有出口目的地的适用法律法规、国际贸易规则及行业标准。
Strictly comply with applicable laws, regulations, international trade rules, and industry standards in China and all export destinations.
3.坚守公平竞争原则,在全球市场中反对任何形式的不正当竞争、垄断及排他性行为。
Adhere to fair competition principles, opposing any form of unfair competition, monopolistic practices, or exclusionary conduct in the global market.
4.员工须恪守职业道德,不得利用职务之便谋取私利或从事任何损害公司声誉及客户利益的行为。
Employees must uphold professional ethics and shall not use their positions for personal gain or engage in any conduct that damages the company's reputation or customer interests.
5.禁止任何形式的欺诈、虚假陈述或隐瞒重要信息,确保所有业务文件、报告及与客户的沟通真实准确。
Prohibit any form of fraud, misrepresentation, or concealment of material information, ensuring all business documents, reports, and communications with customers are truthful and accurate.
6.严禁向客户、供应商、代理商或其他商业伙伴输送、索取或收受任何形式的不正当利益。
Strictly prohibit offering, soliciting, or accepting any form of improper benefits to or from customers, suppliers, agents, or other business partners.
7.尊重每一位员工,营造无歧视、无骚扰的国际化工作环境,禁止基于任何个人特征的歧视行为。
Respect every employee and foster an international work environment free from discrimination and harassment, prohibiting discrimination based on any personal characteristic.
8.保护公司及客户的知识产权、商业秘密及专有技术,严禁未经授权使用或披露。
Protect the intellectual property rights, trade secrets, and proprietary technologies of the company and its customers; strictly prohibit unauthorized use or disclosure.
9.规范与客户、供应商及公众的信息披露,确保对外发布的信息真实、准确、完整。
Standardize information disclosure to customers, suppliers, and the public, ensuring all external communications are truthful, accurate, and complete.
10.员工须主动识别并及时向合规部门申报任何潜在的利益冲突,特别是在涉及海外业务或合作方时。
Employees must proactively identify and promptly report any potential conflicts of interest to the compliance department, especially when involving overseas business or partners.
11.严禁挪用公司资金、侵占公司或客户财产,或未经授权处置公司资产。
Strictly prohibit embezzlement of company funds, misappropriation of company or customer property, or unauthorized disposal of company assets.
12.严格遵守保密规定,不得泄露公司商业秘密、客户信息、供应链细节及内部敏感数据。
Strictly adhere to confidentiality regulations; do not disclose company trade secrets, customer information, supply chain details, or internal sensitive data.
13.规范面向海外客户的宣传材料与沟通内容,禁止虚假或夸大宣传,确保信息准确无误。
Standardize marketing materials and communications directed at overseas customers, prohibiting false or exaggerated claims to ensure accuracy.
14.员工须保持廉洁自律,在与客户及合作伙伴的商务往来中,不得收受或提供可能影响公正决策的馈赠。
Employees must maintain integrity and self-discipline in business dealings with customers and partners, and shall not accept or offer gifts that could influence impartial decision-making.
15. 积极配合公司内部合规检查、审计,以及应客户要求进行的合规审核或监管部门的调查。
Actively cooperate with internal compliance reviews, audits, compliance assessments requested by customers, and investigations by regulatory authorities.
16.禁止员工从事与公司业务存在竞争关系的兼职或个人商业活动,尤其是在公司服务的目标市场内。
Prohibit employees from engaging in part-time jobs or personal business activities that compete with the company's business, especially within the company's target markets.
17.尊重客户及供应商的合法权益,秉持诚信、共赢的原则建立和维护长期稳定的合作关系。
Respect the legitimate rights and interests of customers and suppliers, building and maintaining long-term, stable cooperative relationships based on integrity and mutual benefit.
18.明确界定各类违规行为,并规定相应的纪律处分、经济赔偿及可能的法律追责。
Clearly define various types of violations and stipulate corresponding disciplinary actions, financial compensation, and potential legal liabilities.
19.鼓励员工践行商业道德,主动提醒并举报发现的违规行为,共同维护健康的商业环境。
Encourage employees to practice business ethics, proactively report identified violations, and collectively maintain a healthy business environment.
20.定期开展商业行为准则及相关出口管制要求的培训,确保所有员工理解并遵守。
Conduct regular training on the Code of Conduct and related export control requirements to ensure all employees understand and comply.
二、反腐败反贿赂合规政策
Home