Is it Time to Join C-TPAT? May 22, 2006 Copyright © 2006 Jonathan M. Fee All Rights Reserved

Overview Several thousand importers now participate, as well as brokers, carriers, consolidators, intermediaries, terminals, and, most recently, selected foreign manufacturers (mostly North American and some selected others) New security criteria were effective March 25, 2005, establishing minimum security requirements for continuing participation Participation in the C-TPAT Security Link Portal will be mandatory effective July 1, 2006 for importers and road, rail, ocean, and air carriers We continue to advise that there is no downside (no penalty or liquidated damages for default), and that the right reason for participation is that for many companies it is the “right thing to do” to help in the country’s fight against terrorism – but watch out for pending legislation

New Security Criteria A new participant will not be certified unless it submits with its application a security profile containing the new criteria Existing participants were allowed to adopt the new criteria in three phases, the deadlines for which have passed

New Security Criteria Business partner requirements – security procedures, point of origin security, participation in foreign security programs, and other criteria (e.g., financial security) Container security – must use seals of PAS ISO standards for high security seals Container inspection – checking seals and secure storage Physical access security – employees, visitors, deliveries, unauthorized persons Personnel security – verification, background checks, termination procedures

New Security Criteria Procedural security – document processing, manifest procedures, shipping and receiving, cargo discrepancies Security training and threat awareness Physical security – fencing, gates and gate houses, parking prohibited in cargo areas, building structure, locking devices and key controls, lighting, alarm systems and video surveillance Information technology security – password protection and accountability

New Standards for Carriers Effective March 13, 2006, the new Highway Carrier Minimum Security Criteria for U.S./Canada and U.S./Mexico Highway Carriers becomes effective Effective March 1, 2006, the new Sea Carrier Minimum Security Criteria for C-TPAT members becomes effective Existing highway carrier participants will be allowed to implement in stages – 60, 90, and 180 days from March 13 But sea carriers only get 90 days from March 1 to implement all criteria

Comments on Criteria No one expected these new requirements when they first signed up for the program, or the additional expense of adopting them CBP claims, in an FAQ, that the cost of implementation will be offset by savings yielded by reduced inspections of cargo The criteria raise the threshold of expense and effort for new entrants

C-TPAT Validations Purpose is to ensure that security measures in the participant’s security profile are implemented and followed Should occur within three years after becoming a member Conducted by “Supply Chain Security Specialists” If a company is found unsatisfactory, its “benefits” may be suspended until it adopts corrective measures

“Best Practices Catalog” Published in January 2006 Identified in the course of validations “Best practices:” Exceed C-TPAT criteria Incorporate management support Are written Use checks and balances Ensure continuity They are offered as suggestions; they are flexible and non-exclusive

Examples of Best Practices “The Company’s factory certification program has an established rating scale to assess the level of adherence to the Company’s security policies and procedures. Only those manufacturers who receive a passing score are permitted to do business with the Company”

Examples of Best Practices “Freight forwarder requires that the U.S. Importer of Record introduce all new shippers and will not do business with unknown entities” “Highway carrier uses several low cost, commercially available laser measuring devices to detect false walls, compartments, and hidden contraband” “Loaded and empty containers are stored door to door and are sealed to prevent unauthorized access

Examples of Best Practices “Before hiring an employee, the Company conducts an in-depth criminal and background investigations for a ten- year period” “Prospective employees are administered a series of psychological examinations to determine their propensity toward corruption or illegal activities” “Factory periodically rotates shipping, receiving, and inventory management personnel in order to prevent collusion”

Tier System In May 2005 CBP adopted a tier system within C- TPAT under which participants are designated as having Tier 1, 2, or 3 status Tier 1 covers any certified participant, Tier 2 and 3 are only available after validation Tier 1 participants enjoy “meaningful” lower risk scores under CBP’s Automated Targeting System (ATS), plus eligibility for ISA and FAST

Tier System Tier 2 participants are those found to meet the minimum security guidelines in a validation Tier 2 entitles the company to “twice the level of risk score reductions,” whatever that means Tier 3 participants are those found to exceed minimum guidelines with “best practices: Tier 3 participants get the “most significant risk score reductions” and would participate in the “green lane,” whenever that happens

The Alleged “Green Lane” This was touted at 2004 Customs Symposium as a benefit to expect soon Why isn’t the benefit, reduced inspection, more apparent? There are other factors that will continue to affect the probability of inspection -Nature and source of cargo -Importer’s experience -“Ordinary” customs compliance (e.g., classification, value, use of FTAs and other reduced duty programs) Should more inspection be punishment for nonparticipation? According to CBP, the Green Lane will not be adopted until “effective container security technology is available

Legislation The House passed the Security and Accountability for Every (SAFE) Port Act by on May 4 A similar bill was approved by the Senate Homeland Security and Governmental Affairs Committee, called the Greenlane Maritime Cargo Security Act The full House rejected amendments that would have required electronic container seals, removed lower ATS scores for C-TPAT participation, and required 100 percent inspection of all US-bound containers at foreign ports

Safe Port Act and C-TPAT Would limit participation to company’s with a “demonstrated history of international commerce” Codifies criteria similar to those already required by existing C-TPAT Codifies tier system and approval (committee report says initial review should be “more than a paperwork review” and that Tier 1 status “should not greatly impact” inspections)

SAFE Port Act and C-TPAT Tier 2 status would require validation (as is now the case) but would also require on-site checks at foreign locations Tier 3 would be available (as is now the case) to companies exceeding minimum standards, but CBP would be required to consult with advisory committees to determine what the benefits should be CBP “shall consider” lower bonds, priority over Tiers 1 and 2 in exams, reduced inspections, lower ATS scores, and streamlined billing of duties

Third Party Validations The strangest part of the SAFE Ports Act is that it would require participants to contract at their expense with independent third party entities for the conduct of validations This reflects the fact that CBP does not have the personnel, resources, or funding to conduct validations by itself – especially in foreign countries This will be a boon to some private concerns, and will add a significant expense to C-TPAT participation

SAFE Port Act “Penalties” For knowingly submitting false information, a participant can be banned from participation in C-TPAT for 5 years

Some Rumors You had better sign up now, because CBP will soon close participation to new applicants -Impossible; this contradicts security goals You might as well sign up, because CBP will soon make participation mandatory -So? If they make it mandatory, I’ll sign up -Also, would that be wise? -As a practical matter, it’s already mandatory for some [My favorite] Participation actually exposes your company to increased inspections -This was in a speech by a CBP port director

“Benefits” of Participation A reduced number of inspections and border wait times -This is not apparent A C-TPAT supply chain specialist to serve as the CP liaison for validations, security issues, procedural updates, communications and training -Forty SCSs for 10,000 participants? Access to C-TPAT members through the Status Verification Interface (SVI) -But participants can elect confidentiality Self-policing and self-monitoring of security activities -Then what are validations?

“Benefits” of Participation In ACS, C-TPAT importers receive reduced selection rate for Compliance Measurement Examinations and exclusion from certain trade-related local and national criteria -This is not apparent C-TPAT importers receive targeting benefits by receiving a “credit” via the CBP targeting system -This benefit is neither explained nor apparent C-TPAT importers are eligible for access to the FAST lanes on the Canadian and Mexican borders -This will be a true benefit if truckers participate C-TPAT importers are eligible for the ISA program and have been given priority access to participate in ACE -ISA is of questionable benefit, and participation has been removed as a condition of access to ACE

“Benefits” of Participation C-TPAT highway carriers, on the Canadian and Mexican borders, benefit from their access to expedited processing at FAST lanes, and are eligible for more favorable relief from penalties -This is not a benefit for importers C-TPAT Mexican manufacturers benefit from their access to the expedited processing at FAST lanes -This is not a benefit for importers, either All C-TPAT companies are eligible to attend CBP sponsored C-TPAT supply chain security training seminars -Do I need to go to seminars if I don’t participate in the first place?

Focused Assessment Overview Importer Self Assessment They’re supposed to remove you from “the audit pool” But CBP reviews you before it approves your application – sounds like an audit to me You have to report all your errors through the course of the year Worse still, you certify every year that you have been compliant Sounds to me like you never get out of the audit pool

Downsides of Participation Participation requires a continuing investment in time and money -Purchases of equipment and services, and enhancement of facilities -Development of written procedures -Additional management responsibilities in the areas of human resources, security, auditing/reviewing, and compliance Because they have existing staff for these kinds of functions, larger companies have an easier time with C- TPAT than smaller companies Intrusiveness – participants attain a higher level of visibility before a government agency that has enforcement powers in areas of compliance that are unrelated to security and anti-terrorism; there is no “immunity” for violations in these other areas that CBP personnel happen to notice along the way

So Should I Participate? There is no right or wrong decision The non-participant should expect some increased inspection activity, but only to the extent of a factor that can be offset by other factors Potential participants should study the time and cost necessary to participate long before sending in the Agreement Consider CBP’s suggestion – employ C-TPAT guidelines in security practices even without [or before applying for] official participation in C- TPAT

The Best Reason to Participate C-TPAT does not offer compelling incentive either to participate or not to participate; none of the previously discussed advantages or disadvantages is so overwhelming to make the decision clear The best reason to participate could be because management has simply decided that it is the “right thing to do” as a matter of patriotism or civic responsibility