NCBFAA Government Affairs Conference CBP ’ s Security Programs – Reviewing the Present and Looking to the Future A Sea Carrier ’ s Perspective Andy Lumley September 24, 2007

Fundamentals Sea Carrier Initiative 1989 Voluntary participation Collaborative interaction and compliance of all supply chain parties Take It Personally approach

Fundamentals C S I – Container Security Initiative C – TPAT Security Filing (10+2)

C S I Identify high risk containers Prescreen and evaluate containers before loaded to a vessel- do not load compliance Use technology to prescreen containers effectively and efficiently so as not to slow down the movement of goods in trade Development of “ smart ” and secure containers Seeks reciprocity with other customs authorities 52 ports world wide are CSI operational

C-TPAT Security Criteria Sea Carriers Business Partner Requirements –Includes customers, operating partners, service providers –Security procedures for legitimacy and risk assessment Container Security –Container inspection –Container seals –Container storage

C-TPAT Security Criteria Sea Carriers Physical Access Controls –Boarding and disembarking of vessels –ISPS – International Ship and Port Security Code –MTSA – Maritime Transportation Security Act –Employees –Visitors/vendors/service providers –Challenging and removing unauthorized persons Personnel Security – on land and at sea –Pre-employment verification –Background check –Termination procedures –Crewman control –Deserter/absconder risk and notification

C-TPAT Security Criteria Sea Carriers Procedural Security –Passenger and crew –Bill of lading and manifest procedures –Baplie EDI file for vessel stowage – 10+2 linkage –Cargo exception alert Security Awareness Training Physical security –Fencing, gates, parking, building structure, locking devices and key control, lighting, alarm systems and video surveillance

C-TPAT Security Criteria Sea Carriers Validation Process –Domestic (local office and facility) –Vessel (one in port) –Foreign (vessel and facility) –3 year re-validation (2008 for OOCL) –Status Verification Interface (SVI) number and C- TPAT certificate are posted on Security site

OOCL Security Policy Recognition of corporate security responsibilities as an owner and/or operator of vessels, facilities and provider of supply chain services Ensure security measures are undertaken to protect the interest of customer, company, and staffs (shore and sea) Participate and support government, carrier and industry initiatives Commitment to strictly comply with IMO, SOLAS, ISPS and USCG codes Dedicated to continuous improvement of security measures, and related training and enforcement

Conveyance Security Vessels –Implemented International Ship and Port Facility Security Code (ISPS) requirements –All OOCL Vessels and Grand Alliance partner vessels are ISPS certified, with ship security plans in place –Exception reporting guidelines and clear line of authority –Training programs designed for crew providing clear information regarding any security risks, related to cargo procedures, internal and external conspiracies –Ongoing review and monitoring the effectiveness of the plan

Conveyance Security Containers –All loaded containers must be received with seals intact from shipper. Exceptions (missing or tampered seal) must be reported by facility operators to OOCL Regional Security Coordinator. Ongoing exceptions are addressed with accountable party within supply chain –Visual inspection of empty containers at all depots and terminals upon in-gate

Conveyance Security New Customers –All new shippers must be contacted by Sales to insure a valid place of business prior to confirmation of booking –All new importers must be contacted by Sales to insure valid place of business prior to delivery of cargo –Suspicious activities must be reported to local authorities and OOCL Security Organization

Access Controls Office –All visitors must register and show valid picture ID Vessel –Ship Security Plan Terminal –North American Terminal Facilities C-TPAT/ISPS Compliant –Grand Alliance Fareast/Europe Facilities ISPS Compliant Information –Internally controlled via password –Externally controlled via registration and password

Manifests OOCL strictly complies with 24 hour advance manifest requirements for USA & Canada & Mexico cargo OOCL is an AMS & AES participating ocean carrier Manifest discrepancies are reported electronically to U S Customs and Border Protection. Verbal communication supplementation as required. OOCL monitors all developing requirements for U S Customs and Coast Guard, and actively participates in CESAC and other government/industry forums to remain aware of best practices and pending legal requirements

Personnel Where legally permissible background checks are to be performed Employee history is to be verified by hiring manager A personal interview is required of the candidate by the hiring manager USA employee hiring requires criminal record search Any illegal activities (other than fixed penalty traffic offenses) are to be reported by the employee to Human Resources within 2 days Any employee who conducts himself/herself in an unsatisfactory manner shall be subject to disciplinary action, including summary dismissal in case of serious misconduct, in accordance with local law.

Education & Training Shipboard staff is covered under the Ship Security Plan All OOCL employees have completed an in-house developed security awareness training course including an exam, with a passing score required. The security awareness training emphasizes the legal requirements under which we operate, as well as company policies and reporting procedures of potential security incident. All new hires are required to take and pass the security awareness training Periodic updates on regulatory and security issues are provided to management distribution throughout the company.

10 Plus 2 Initiative by CBP (Security Filing) Security Filing (SF): CBP proposal to require an additional set of data elements 24 hours prior to vessel loading. Goes beyond the current 14 advance manifest filing information items Definitions of the importer data elements –Manufacturer name and address –Seller name and address –Container Stuffing location –Consolidator name and address –Buyer name and address –Ship to name and address –Importer of record number –Consignee number –Country of origin of the goods –Commodity harmonized Tariff Schedule number (6 digit)

10 Plus 2 Initiative by CBP (Security Filing) CBP requires sea (ocean) carriers to provide two additional data sets –Vessel Stow Plan –Container Status Messages Responsible Parties –10 cargo related items – Importer –2 activity related items – Sea (Ocean) carrier via EDI Target date of implementation –Not yet determined

Future Outlook 100% inspection debate Radiation portal monitoring for all USA port handled imports by end 2007 Extension to overseas load ports Overseas countries advance manifesting USA export advance manifesting TWIC implementation C-TPAT terminal and port criteria Electronic seal Container security device