Sanctions & Export Controls Policy

1

Scope & Purpose

This Policy applies to all officers, directors, managers, members, employees, independent contractors, consultants, agents, representatives, creators, brand partners, vendors, and any third party acting on behalf of or for the benefit of Orno (collectively, “Covered Persons”), in every jurisdiction worldwide. This Policy governs all transactions, dealings, activities, and services—whether involving the export, re-export, transfer, provision, receipt, or facilitation of goods, software, technology, services, funds, or economic resources—that may implicate applicable sanctions, embargo, or export-control regimes.

The purpose of this Policy is to ensure that Orno does not, directly or indirectly, engage in any transaction, dealing, or activity that would violate applicable sanctions or export-control laws, and to establish procedures for identifying, assessing, and mitigating sanctions and export-control risks inherent in Orno’s business operations, creator network, brand partnerships, and supply chain.

2

Regulatory Authority

Controlling Authorities

U.S. Treasury – OFAC: Office of Foreign Assets Control, 31 C.F.R. Chapter V (Parts 500–599); International Emergency Economic Powers Act (IEEPA), 50 U.S.C. §§ 1701–1707; Trading with the Enemy Act (TWEA), 50 U.S.C. App. §§ 1–44.
U.S. Commerce – BIS: Bureau of Industry and Security; Export Administration Regulations (EAR), 15 C.F.R. Parts 730–774; Export Control Reform Act of 2018 (ECRA), 50 U.S.C. §§ 4801–4861.
U.S. State – DDTC: Directorate of Defense Trade Controls; International Traffic in Arms Regulations (ITAR), 22 C.F.R. Parts 120–130.
United Nations: UN Security Council Sanctions Committees; mandatory resolutions binding on all Member States pursuant to Chapter VII of the UN Charter.
European Union: Council Regulations implementing restrictive measures (e.g., Regulation (EU) 833/2014 as amended concerning Russia); EU Dual-Use Regulation (EU) 2021/821.
United Kingdom: Office of Financial Sanctions Implementation (OFSI); Sanctions and Anti-Money Laundering Act 2018 (SAMLA); UK Export Control Act 2002 and Strategic Export Control Lists.
Canada: Special Economic Measures Act (SEMA), S.C. 1992, c. 17; United Nations Act, R.S.C. 1985, c. U-2; Export and Import Permits Act, R.S.C. 1985, c. E-19.

The foregoing enumeration is illustrative and non-exhaustive. Covered Persons shall comply with all applicable sanctions, embargo, export-control, and anti-boycott laws of every jurisdiction with which they have a nexus, including laws with extraterritorial application.

3

Defined Terms

“Sanctioned Country”

means any country, territory, or region that is the target of comprehensive sanctions administered by OFAC, the EU, OFSI, or the UN Security Council, prohibiting substantially all transactions with persons located in or organized under the laws of such jurisdiction.

“Sanctioned Person”

means any individual or entity designated on a sanctions or restricted-party list, including but not limited to the OFAC Specially Designated Nationals and Blocked Persons List (SDN List), the Sectoral Sanctions Identifications List (SSI List), the EU Consolidated Sanctions List, the UK Sanctions List, or any entity 50% or more owned (individually or in the aggregate) by one or more such designated persons.

“SDN List”

means the Specially Designated Nationals and Blocked Persons List maintained by OFAC, including all sub-lists and supplements thereto (SDN, SSI, FSE, NS-MBS, and similar designations).

“Export”

means any shipment, transfer, transmission, or disclosure (including oral, visual, or electronic disclosure) of items, software, technology, technical data, or services from one country to another, or to a foreign national within the same country (a “Deemed Export”).

“Re-export”

means any shipment, transfer, or transmission of items, software, or technology subject to the EAR from one foreign country to another foreign country, including in-country transfers to a new end user within the same country.

“EAR99”

means items subject to the EAR that are not classified under a specific Export Control Classification Number (ECCN) on the Commerce Control List (CCL), and which generally may be exported, re-exported, or transferred without a license to most destinations, end users, and end uses, subject to certain prohibitions.

“ECCN”

means an Export Control Classification Number, an alphanumeric designation on the Commerce Control List (Supplement No. 1 to Part 774 of the EAR) that identifies the level of export controls applicable to a particular item based on its technical characteristics, capabilities, and reasons for control.

4

Currently-Embargoed Jurisdictions

As of the effective date of this Policy, the following jurisdictions are subject to comprehensive U.S. economic sanctions administered by OFAC, prohibiting substantially all transactions with persons located in, organized under the laws of, or ordinarily resident in such jurisdictions. Orno shall not, directly or indirectly, provide services to, receive services from, or engage in any transaction with any person located in or nexused to the following:

Comprehensively Sanctioned Jurisdictions

Cuba — 31 C.F.R. Part 515 (Cuban Assets Control Regulations)
Iran — 31 C.F.R. Part 560 (Iranian Transactions and Sanctions Regulations)
North Korea (DPRK) — 31 C.F.R. Part 510 (North Korea Sanctions Regulations)
Syria — 31 C.F.R. Part 542 (Syrian Sanctions Regulations); Executive Order 13894
Crimea Region of Ukraine — Executive Order 13685; 31 C.F.R. Part 589
Donetsk People’s Republic (DNR) & Luhansk People’s Republic (LNR) — Executive Order 14065

Sectoral & Targeted Sanctions Programs

Russia — Executive Orders 13660, 13661, 13662, 13685, 14024, 14066, 14068, 14071; 31 C.F.R. Part 587 (Russian Harmful Foreign Activities Sanctions Regulations); extensive sectoral sanctions targeting financial services, energy, defense, and technology sectors.
Belarus — Executive Order 14038; 31 C.F.R. Part 548 (Belarus Sanctions Regulations); extensive targeted sanctions on state-owned enterprises and key sectors.

Dynamic Nature of Sanctions

SANCTIONS PROGRAMS ARE SUBJECT TO FREQUENT MODIFICATION BY EXECUTIVE ORDER, OFAC DIRECTIVE, AND REGULATORY AMENDMENT. THE ABOVE LIST IS CURRENT AS OF THE EFFECTIVE DATE BUT MAY NOT REFLECT SUBSEQUENT DESIGNATIONS, DE-LISTINGS, OR PROGRAM MODIFICATIONS. COVERED PERSONS MUST CONSULT THE OFAC WEBSITE AND COMPLIANCE OFFICER BEFORE ENGAGING IN ANY TRANSACTION WITH A POTENTIAL SANCTIONS NEXUS.

5

Restricted Party Screening

Prior to onboarding any creator, brand partner, vendor, contractor, or other counterparty, and periodically thereafter (at intervals not exceeding thirty (30) days for active relationships), Orno shall screen such parties against all applicable restricted-party lists, including without limitation:

Mandatory Screening Lists

OFAC SDN List — Specially Designated Nationals and Blocked Persons (including SDN, SSI, FSE, and all sub-lists)
BIS Entity List — 15 C.F.R. Part 744, Supplement No. 4 (entities subject to specific license requirements)
BIS Denied Persons List (DPL) — Persons denied export privileges
BIS Unverified List (UVL) — 15 C.F.R. Part 744, Supplement No. 6
BIS Military End-User List (MEU) — 15 C.F.R. Part 744, Supplement No. 7
DDTC Debarred Parties — ITAR-debarred persons
EU Consolidated Sanctions List — Financial sanctions targets of EU restrictive measures
UK Sanctions List (OFSI) — Consolidated list of financial sanctions targets
UN Security Council Consolidated List
Canada Consolidated Autonomous Sanctions List

Any potential match—whether exact, partial, or fuzzy—shall trigger an immediate hold on the transaction or onboarding and escalation to the Compliance Officer for adjudication. No transaction shall proceed until the potential match has been conclusively resolved as a false positive or, in the case of a confirmed match, appropriate governmental authorization (specific license) has been obtained.

6

Prohibited Transactions

No Covered Person shall, directly or indirectly, through any intermediary, affiliate, or agent:

Engage in any transaction, dealing, or activity with, in, or involving any Sanctioned Country, Sanctioned Person, or property in which a Sanctioned Person has an interest;
Export, re-export, or transfer any item, software, technology, or service subject to the EAR or ITAR to any prohibited destination, end user, or end use without the required license or applicable exception;
Provide, facilitate, or broker any service—including payment processing, platform access, content distribution, sponsorship fulfillment, or logistics coordination—that benefits a Sanctioned Person or Sanctioned Country;
Evade, avoid, or attempt to circumvent any applicable sanctions, embargo, or export-control prohibition, including through the use of shell companies, front organizations, nominee accounts, cryptocurrency, or any other obfuscation mechanism;
Cause or conspire to cause any other person—including financial institutions, payment processors, logistics providers, or platform operators—to violate applicable sanctions or export controls;
Engage in conduct that would constitute “facilitation” within the meaning of OFAC’s facilitation prohibition (31 C.F.R. § 560.208 and analogous provisions), including approval, financing, guarantee, or provision of services to transactions that a U.S. person could not directly perform; or
Participate in any unsanctioned boycott of a country friendly to the United States in violation of the anti-boycott provisions of the EAR (15 C.F.R. Part 760) or the Internal Revenue Code (§ 999).

7

The Fifty-Percent Rule

Pursuant to OFAC’s revised guidance on entities owned by persons whose property and interests in property are blocked (the “50 Percent Rule”), any entity that is owned, directly or indirectly, fifty percent (50%) or more in the aggregate by one or more Sanctioned Persons (SDN-listed individuals or entities) is itself treated as blocked, regardless of whether such entity is independently listed on the SDN List. This rule applies on a cumulative basis—if two SDN-listed persons each own 25% of an entity, the entity is treated as blocked.

Covered Persons shall not engage in any transaction with any entity that they know or have reason to know is 50% or more owned by one or more Sanctioned Persons. Orno’s screening procedures shall incorporate beneficial-ownership analysis to the extent commercially practicable, and shall escalate any entity where ownership by sanctioned persons appears to approach or exceed the 50% threshold.

The 50 Percent Rule is applied vertically (down ownership chains) but, under current OFAC guidance, is not applied horizontally (entities at the same level owned by the same blocked person are not aggregated to block each other). Covered Persons shall consult with the Compliance Officer regarding complex corporate structures where the application of the 50 Percent Rule is ambiguous.

8

End-Use & End-User Restrictions

Notwithstanding the classification of any item as EAR99 or otherwise exempt from license requirements, no Covered Person shall export, re-export, or transfer any item, software, technology, or service where such person knows, has reason to know, or is informed by BIS that the item will be used in, or diverted to, any of the following prohibited end uses:

The design, development, production, stockpiling, or use of nuclear, chemical, or biological weapons, or missiles capable of delivering such weapons (15 C.F.R. § 744.2–744.4);
Military end uses in countries subject to U.S. arms embargoes (15 C.F.R. § 744.21) or military-intelligence end uses (15 C.F.R. § 744.22);
Support for terrorism, drug trafficking, or transnational organized crime;
Activities that would result in a violation of human rights, including surveillance, censorship, or population tracking in jurisdictions with documented patterns of human-rights abuse; or
Any end use prohibited by the specific license conditions, license exceptions, or restrictive trade practices of any applicable jurisdiction.

Covered Persons shall conduct end-use and end-user due diligence proportionate to the nature of the transaction, the classification of the item, and the corruption and diversion risk associated with the destination. Where doubt exists regarding permissible end use, the transaction shall be halted and referred to the Compliance Officer.

9

Deemed Exports

Under the EAR’s Deemed Export Rule (15 C.F.R. § 734.13), any release of controlled technology or source code to a foreign national within the United States is “deemed” to be an export to that person’s country or countries of nationality. Similarly, a “deemed re-export” occurs when controlled technology or source code is released to a foreign national of a third country in a second country. These rules apply regardless of the physical location of the disclosure—the controlling factor is the nationality of the recipient, not their geographic location.

Orno personnel involved in technology development, software engineering, or platform architecture shall be aware that sharing controlled technical data, source code, encryption algorithms, or proprietary technology with foreign-national colleagues or contractors may constitute a deemed export requiring a license or license determination. Prior to disclosing any technology that may be controlled under an ECCN to a foreign national, Personnel shall consult with the Compliance Officer to determine applicable licensing requirements.

For clarity, publicly available technology, published information, fundamental research, and educational information as defined in the EAR (§ 734.7–734.11) are generally excluded from deemed-export controls. However, Covered Persons shall not rely on these exclusions without affirmative confirmation from the Compliance Officer.

10

Red Flags & Escalation

Covered Persons shall be alert to, and shall immediately escalate to the Compliance Officer, any transaction exhibiting one or more of the following “red flags” indicative of potential sanctions evasion, export-control violation, or illicit diversion (derived from BIS’s “Know Your Customer” guidance and OFAC advisories):

Indicative Red Flags

The counterparty is reluctant to provide information about the end use, end users, or ultimate destination of goods or services;
The counterparty declines normal installation, training, or maintenance services;
The transaction involves an unusual payment route (e.g., payment from a third country unrelated to the transaction, use of shell companies, cryptocurrency, or informal value-transfer systems);
The counterparty’s stated business is inconsistent with the items or services ordered;
The delivery address is a known mail-forwarding facility, free-trade zone, or trans-shipment hub for sanctioned jurisdictions;
The counterparty has connections to military, intelligence, or government entities in sanctioned or embargoed jurisdictions;
The counterparty is located in or ships to a jurisdiction immediately bordering a comprehensively sanctioned country;
The counterparty requests that no export markings, end-user certificates, or compliance documentation be included;
The transaction exceeds in quantity or value what would be expected for the stated end use; or
Any public information (media reports, government alerts, industry advisories) suggests the counterparty may be engaged in proliferation, sanctions evasion, or diversion.

The presence of one or more red flags does not automatically render a transaction impermissible but does require documented escalation, enhanced due diligence, and affirmative clearance from the Compliance Officer before proceeding. Failure to escalate known red flags shall be treated as a disciplinary matter.

11

Licenses & Exceptions

Where a proposed transaction requires a specific license from OFAC, BIS, DDTC, or other competent authority, no Covered Person shall proceed with such transaction until the applicable license has been obtained, its conditions fully understood, and compliance confirmed by the Compliance Officer. General licenses, license exceptions (e.g., EAR License Exceptions TMP, TSR, ENC, GOV), and OFAC General Licenses shall be invoked only after affirmative determination by the Compliance Officer that all conditions and limitations thereof are satisfied.

Applications for specific licenses shall be prepared and submitted exclusively by or under the direction of the Compliance Officer. No Covered Person shall submit representations to OFAC, BIS, or any other governmental authority regarding Orno’s sanctions or export-control compliance without prior review and approval by the Compliance Officer and external trade-compliance counsel.

In all cases, reliance on a license exception or general license shall be documented contemporaneously, including identification of the specific exception invoked, the factual basis for eligibility, and any conditions or limitations applicable thereto. Such documentation shall be retained for a period of not less than five (5) years from the date of the transaction in accordance with EAR recordkeeping requirements (15 C.F.R. § 762.2).

12

Voluntary Self-Disclosure

It is Orno’s policy to make timely and complete voluntary self-disclosures (“VSDs”) to OFAC, BIS, and/or other competent authorities upon discovery of any apparent violation of applicable sanctions or export-control laws. Voluntary self-disclosure is a significant mitigating factor in OFAC’s penalty calculations pursuant to the Economic Sanctions Enforcement Guidelines (Appendix A to 31 C.F.R. Part 501) and in BIS enforcement decisions.

Upon identification of a potential violation, the Compliance Officer shall (a) immediately preserve all relevant records and communications; (b) initiate an internal investigation with the assistance of external counsel as warranted; (c) assess whether the apparent violation meets the threshold for voluntary self-disclosure; (d) prepare and submit the initial notification to the relevant agency within sixty (60) days of discovery, or sooner if circumstances require; and (e) provide a complete narrative filing within one hundred eighty (180) days, or as otherwise directed by the agency.

All Personnel have an affirmative obligation to report potential violations to the Compliance Officer immediately upon discovery. Delay in internal reporting that materially impairs Orno’s ability to make a timely voluntary self-disclosure may itself constitute grounds for disciplinary action.

13

Enforcement & Penalties

Criminal & Civil Penalty Exposure

IEEPA CIVIL PENALTIES: UP TO THE GREATER OF $358,190 PER VIOLATION (ANNUALLY ADJUSTED FOR INFLATION) OR TWICE THE AMOUNT OF THE UNDERLYING TRANSACTION. IEEPA CRIMINAL PENALTIES: UP TO $1,000,000 PER WILLFUL VIOLATION AND/OR IMPRISONMENT OF UP TO TWENTY (20) YEARS (50 U.S.C. § 1705). EAR CIVIL PENALTIES: UP TO $364,992 PER VIOLATION OR TWICE THE VALUE OF THE TRANSACTION. EAR CRIMINAL PENALTIES: UP TO $1,000,000 AND/OR TEN (10) YEARS’ IMPRISONMENT PER WILLFUL VIOLATION (50 U.S.C. § 4819). ADDITIONAL CONSEQUENCES INCLUDE DENIAL OF EXPORT PRIVILEGES, DEBARMENT, EXCLUSION FROM FEDERAL PROCUREMENT, AND REPUTATIONAL HARM.

Internal disciplinary action for violations of this Policy shall follow the same framework set forth in Section 14 of the Anti-Bribery & Anti-Corruption Policy, and may include immediate termination, forfeiture of compensation, and referral to law enforcement. The Compliance Officer, in consultation with legal counsel, shall determine whether external reporting (voluntary self-disclosure) is warranted in connection with any internal violation.

Orno reserves the right to terminate, without liability, any creator agreement, brand partnership, vendor contract, or other commercial arrangement where the counterparty becomes the subject of sanctions designation, is found to be located in an embargoed jurisdiction, or otherwise presents an unacceptable sanctions-compliance risk. Such termination shall not give rise to any claim for damages, compensation, or other relief by the terminated party.

14

Compliance Contact

All questions, screening requests, red-flag escalations, license applications, and reports of potential violations concerning this Policy shall be directed to:

Orno LLC

Office of Trade Compliance

555 Winderley Place
Maitland, FL 32751
United States of America
Email: compliance@orno.io
Legal: legal@orno.io

This Policy is effective as of the date first written above and shall remain in effect until expressly rescinded, superseded, or amended by the Chief Compliance Officer. By continuing to perform services for, on behalf of, or in connection with Orno LLC, each Covered Person acknowledges receipt of, consents to, and is bound by every term of this Policy.