Transcript Worldtrade Management Services June 2001 Training Session

National Conference
on SAFE TRADE &
AEO
“CTPAT Six Years on:
A Review of the
Private Sector”
May 13, 2008
Craig J. Pinkerton, Director
– PricewaterhouseCoopers
Level of Security Prior to 9/11
 The level of security for importers, carriers, truckers, etc.
was determined primarily on:
– the value and nature of imported merchandise
– the level of theft and shrinkage discovered along the
supply chain
– whether the product was considered sensitive by the
government (e.g., tobacco; pharmaceutical drugs)
– whether the product could pose a threat to the public
(e.g., firearms; chemicals; hazardous materials)
2
Threats to the Supply Chain
Changed the Security Landscape
 9/11 introduced tighter security into the logistics process
 The flow of goods from the manufacturer to the end user is
now viewed as needing protection, not just the product
 People crossing borders into the U.S. are being monitored to
minimize or eliminate the threat of danger
 No longer is it only value or dangers intrinsic to imported
product, but the logistics function itself is being viewed as a
security issue
 The conclusion that danger could accompany products
throughout the supply chain caused a major refocus on
security
3
Development of Security Initiatives
Container Security
Initiative
10+2 Security
Filing
WCO
Customs-Trade
Partnership Against
Terrorism (C-TPAT)
FAST (Free and
Secure Trade)
ISO (International
Organization for
Standardization)
AEO (Authorized
Economic Operator)
Canadian PIP (Partners
in Protection)
SAFE
Framework
4
What are Customs’ Expectations?
 Through this initiative, Customs is asking companies to
ensure the integrity of their security practices and
communicate their security guidelines to their business
partners within the supply chain (i.e., “increased vigilance”)
 The primary goals of C-TPAT include:
 Increasing security measures, practices and procedures
throughout all sectors of the international supply chain
 Protecting the public from terrorist activities
 Ensuring the flow of legitimate trade
 Providing Customs with a means of looking into a
company’s supply chain security profile
5
WCO Standards Mirror C-TPAT
 Business-Customs Cooperation
 Conveyance/Container Security
 ISO Security Seals Required
 Physical Access Security
 Personnel Security
 Procedural Security
 Information Systems Security
 Employee Security Training
 Continuous Improvement Process
 Risk Assessment
6
Evolution of C-TPAT
 Launched in November 2001, with only seven major importers
 C-TPAT currently has more than 10,000 partners, which include
United States importers, customs brokers, terminal operators,
carriers, truckers and some foreign manufacturers
 Initially, voluntary participation and jointly developed security
criteria and implementation procedures were the guiding principles
 As the program grew, so did the need for more clearly-defined
security criteria to establish the minimum, baseline security
expectations for membership
 In 2005, minimum-security criteria for importers was implemented
and companies were required to meet the new criteria within
certain timelines
7
C-TPAT Benefits
Beyond the essential security benefits, Customs offers the
following benefits to C-TPAT members:
 A reduced number of inspections (reduced border times)
 Priority processing for Customs inspections (Front of the
Line processing for inspections when possible)
 Assignment of a C-TPAT Supply Chain Security Specialist
who will work with the company to validate and enhance
security throughout the company’s international supply
chain
 An emphasis on self-policing, not Customs verifications
8
C-TPAT Benefits
 Eligible to attend C-TPAT supply chain security training
seminars
 Access to other C-TPAT members via the Status Verification
Interface
 Certified C-TPAT importers are eligible for access to the
FAST lanes on the Canadian and Mexican borders
 Mitigating factor in cases of fines and penalties
 Demonstrates good corporate citizenship to Customs
9
Security Costs versus Benefits
There have been several logistics studies published since 9/11
that detail the costs and benefits associated with the C-TPAT
program, such as:

Stanford Supply Chain Study - October 2003

MIT Supply Chain Study - May 2005

Stanford Innovation in Supply Chain Security - July 2006

University of Virginia Cost Benefit Survey - August 2007
10
Benefits from Investment in SAFE
Trade
 Fewer Customs Inspections (50%)
 Reduction in Excess Inventory (14%)
 Improved on-time delivery (12%)
 Reduction in Theft/Loss/Pilferage (38%)
 Access to Shipping Data (50%)
 Timely Shipping Data (30%)
 Less Customer Attrition (26%)
 Increase of New Customers (20%)
(Source: Stanford University Study, July 2006)
11
Benefits from Investment in SAFE
Trade
 The primary motivation for importers to join C-TPAT is to
reduce the risk of supply chain disruptions due to a
terrorist attack
 Four out of every ten members did not have a formal
supply chain security plan prior to joining the program
 C-TPAT moved thousands of companies to give closer
scrutiny to the security of the goods they handle and
review the supply chain to ensure that their overseas
suppliers have implemented sound security practices
 Greater Supply Chain integrity (stronger seal controls)
 Stronger brand equity
12
Benefits from Investment in SAFE
Trade
 The vast majority (81.3 percent) of members indicated that
their ability to assess and manage supply chain risk had
been strengthened as a result of joining C-TPAT
 C-TPAT certification requires that companies meet an
extensive checklist of verifiable conditions. Nevertheless,
minimum security criteria were generally viewed as very
easy or somewhat easy to implement across the various
sectors
 More than half (56.8 percent) of the members indicated that
C-TPAT benefits either outweighed the costs or were about
the same
(Source: University of Virginia Study 2007)
13
Costs from Investment in SAFE Trade
 Typical implementation costs (listed from highest to lowest):
– Improving or implementing physical security costs (doors,
windows, electronic access, cameras, fences, gates,
lighting, etc.)
– Salaries and expenses of personnel
– Improving IT systems and databases
– Improving cargo security
– Improving or implementing in-house education, training,
and awareness
– Improving personnel security procedures
14
Example of Security Procedures to
be reviewed
 Physical Access Controls
 Employees, Visitors and Deliveries – identification and badge
process is key; and removing unauthorized individuals
 Personnel Security
 Pre-employment verification, background checks, and
termination procedures for prospective and current
employees
 Procedural Security
 Documentation processing, shipping and receiving, and
cargo discrepancies
 Container and Trailer Security
 Seal integrity, inspection and storage
15
Example of Security Procedures to
be reviewed
 Physical Security
 Fencing, guardhouses, parking, locking devices, key
controls, lighting, alarms, and video cameras
 Information Technology Security
 IT security procedures, password protection, system
accountability (firewall, virus protection, monitoring service)
 Security training and threat awareness
 Focus on what types of training offered to employees and
whether supply chain security training (C-TPAT specific)
given
16
Business Partner Requirements
 Importers must have written, verifiable processes for the selection
of business partners including manufacturers, product suppliers,
and vendors
 They should also have documentation substantiating that partners
throughout their supply chain are meeting C-TPAT security
standards - or equivalent supply chain security program criteria
 e.g., supply chain assessment questionnaire, on-site audit
report, written confirmation, etc.
 Where a company outsources or contracts elements of its supply
chain, such as a foreign facility, warehouse, or conveyance, it
must work with these business partners to ensure that pertinent
security measures are in place and adhered to
17
Business Partner Requirements
 Companies now leverage their business relationships and
ensure that business partners develop security processes
and procedures consistent with the C-TPAT criteria
 Build C-TPAT/security language directly into contract
 Narrowing universe of business partners
 Periodic reviews of business partner’s processes and
facilities should be conducted based on risk
18
Business Partner – Example of Risk
 Foreign inland freight carrier - may be the weakest link in
the supply chain
 In certain countries, local trucking companies must be
used. Additional processes may need to be set up to deal
with risk
19
Common Security Shortfalls
 Cargo seals not used by foreign inland carriers and policy
not documented
 Less than full truck load
 Air shipments
 No C-TPAT security-based training provided to employees,
especially those with cargo handling responsibilities
(warehouse, shipping, receiving, etc.)
 Procedures at foreign facility are commonly “patched”
together from various departments, rarely mention C-TPAT
related policies and procedures, and usually consist of
random screen shots and dusty binders
20
Common Security Shortfalls
 Employees inconsistent in displaying badges, especially in
cargo handling areas
 C-TPAT web portal not updated to reflect changes in
company’s program
 From security standpoint, other weak areas noted included:
 Mail room deliveries
 Use of temporary agencies for labor
 No one actually monitoring video cameras (or, for
example, 32 cameras all feeding into a 13” monitor)
 Collecting badges and terminating access when
employees leave company
21
Common Security Shortfalls
 Responses received from foreign vendor during
questionnaire process do not match reality. Examples:
 “fence around perimeter” vs. fence rusted and fell down in
1998
 “pan and zoom cameras throughout facility” vs. inoperable
cameras dangling from wires
 “truck drivers sign in/out” vs. drivers waved on through
because same drivers every day
 Customs not asked for identification upon arrival
(Note: A company is not required to implement all best
practices, however, CBP may ask why certain procedures
cannot be implemented)
22
Benchmarking - Best Practices from
Industry
 Security measures:
 Exceed the C-TPAT Security Criteria
 Incorporate management support
 Have written policies and procedures that govern their use
 Employ a system of checks and balances
 C-TPAT is an on-going program!
 Companies continually update their supply chain security
program (e.g., new factories, business partners)
 Periodic assessment is part of corporate manual
 Verify procedures to ensure they are being followed and
make modifications as necessary
 Ownership at each entity level responsible for maintenance
23
Benchmarking - Best Practices from
Industry
 Since C-TPAT is a Customs program, it is typically managed
by a company’s global customs compliance group along with
legal oversight
 C-TPAT “Champion” provides oversight
 Importer has sound compliance program in place
 Opportunity to provide additional on-site training
 Ability to tie into other security initiatives (e.g., 10+2
requirement)
 Senior Management Support and Buy-in
 An absolute must
 Lack of support at top levels - failure is imminent!
24
Benchmarking - Best Practices from
Industry
 Do not assume business partners will not be visited –
especially foreign business partners. Example:
 Tier 3 U.S.-based customs broker in Philippines is visited
an average of two times per month by CBP SCSS
 As a result of numerous visits, virtually every best
practice has been implemented (clearly evident)
 GPS on all trucks to monitor real-time movements
 Security personnel accompany shipment from factory
to airport (customs bonded facility)
 High security seals and padlocks utilized
 Comprehensive policies and procedures
25
Recommended Workplan for
Security Program
 Review global supply chain to verify your business partners,
such as foreign manufacturers, carriers and brokers
 Conduct analysis based on volume and risk
 Identify which business partners are already in the C-TPAT
program or other supply chain program such as AEO, and
which partners have already participated in a supply chain
documentation process or have undergone an on-site audit
 Determine best application strategy
26
Recommended Workplan for
Security Program
 Conduct domestic reviews at headquarters and distribution
facilities
 Conduct comprehensive self-assessment of supply chain
security (based on the C-TPAT/AEO security guidelines)
 Document current supply chain security procedures
 Develop and implement a program to enhance security
throughout the supply chain in accordance with guidelines
 Communicate supply chain security guidelines to other
partners in supply chain
27
How has C-TPAT evolved?
 Already in progress:
 Detailed verifications of applications
 Revalidations of certified companies
 Tighter container seal control
 Tighter documentation control
 New security criteria - importers now seeking to join the
C-TPAT program will need to meet or exceed the new
security criteria before they will be certified
28
How has C-TPAT evolved?
 Companies beginning to implement:
 Smart containers and tracking systems
 Extensive screening (initial & ongoing) of personnel.
This includes both foreign and domestic locations
 Security/C-TPAT requirements for their entire supplier
base and logistics providers
 Security audit as part of normal periodic audit of
foreign entities
 Best Practices to obtain Tier 3 status
– As of March 2008, only 243 Tier 3 companies
29
Moving Forward: 2008 and Beyond
 The SAFE Port ACT signed in 2007 has codified C-TPAT
and CSI and calls for mandatory use of ISO 17712
compliant seals on all containers by October 2008
 Canadian PIP program members will gain reciprocity
status with C-TPAT program members
 TSA will announce air cargo security guidelines deferring
to many C-TPAT guidelines
 WCO will expand the AEO program in the European
Union, Asia and Latin America
 Greater use of electronics in cargo protection
30
Moving Forward: 2008 and Beyond
 More frequent reviews of company’s security procedures
and policies (even after validation/revalidation)
 C-TPAT members continue conducting audits of foreign
vendors regardless of whether in another program
 C-TPAT members are conditioning contractual business
relationships with their service providers and vendors
based on C-TPAT participation and/or adherence to CTPAT security guidelines
 Mutual Recognition and Reciprocity with other countries
 Global buy-in to security
 Additional X-ray screening and data mining
31
Moving Forward: 2008 and Beyond
 Congress pressuring Customs to implement 100%
container screening. Customs potentially trying to
counter with C-TPAT program and cargo screening
software
 Customs reducing timeline for validations from 3 years
to 1 year, and revalidating each company every 3 years
instead of the specified 4-year schedule
 Third-party validations: Customs currently accepts only
in China. Other AEO programs may allow selected third
parties to conduct validations in any country
32
CONTACTS
Craig J. Pinkerton – PricewaterhouseCoopers
Los Angeles
Tel: (213) 256-6037
Email: [email protected]
Dennis Caronan – PricewaterhouseCoopers
Manila
Tel: 632 845 2728, Ext. 2118
Email: [email protected]
John S. Kwak – PricewaterhouseCoopers
Hong Kong
Tel: (852) 2289 3331
Email: [email protected]