June 30, 2005
CBP Adopts New Tiered Benefits Approach
For C-TPAT Participants
Recently, U.S. Customs and Border Protection (CBP) Commissioner Robert Bonner gave testimony on CBP's Customs-Trade Partnership Against Terrorism (C-TPAT) and Container Security Initiative (CSI) programs at a hearing of the Senate Committee on Homeland Security and Governmental Affairs' Permanent Subcommittee on Investigations on May 26, 2005. A copy of this speech can be accessed by going to:
In his speech, Commissioner Robert Bonner stated that CBP has initiated a new, tiered system of C-TPAT benefits; based on the level of security, validation results, and use of C-TPAT best practices.
According to the Commissioner, Tier I consists of those companies that have submitted their security plans, committed to meeting C-TPAT minimal security criteria, had those plans approved by CBP supply chain security specialists, and, based upon vetting, have had no history of significant compliance or law enforcement problems. Tier I companies will receive the benefit of a point reduction in the Automated Targeting Scoring (ATS) system, in addition to other benefits previously afforded to a certified C-TPAT member.
Bonner explained to the Subcommittee that ATS is used by the National Targeting Center and field targeting units in the United States and overseas. It is the system through which CBP processes advance manifest information to detect anomalies and "red flags," and determine which cargo is "high risk," and, therefore, should be scrutinized at the port of entry, or in some cases, overseas. ATS works, Bonner said, by analyzing electronic data related to individual shipments prior to arrival, and ranks them in order of risk based on the application of algorithms and rules. The scores are divided into thresholds associated with further action by CBP, such as document review and inspection.
Tier II consists of validated C-TPAT companies. Tier II companies would get further ATS reduction in their score, and even fewer inspections.
Tier III is CBP's vision for the highest level of C-TPAT. Tier III would consist of those fully certified, validated C-TPAT partners who exceed the minimum standards, and who have adopted C-TPAT best practices; for example, those that use C-TPAT container security devices such as the Smart Box. Certified, validated C-TPAT importers using C-TPAT best security practices will be subject to relatively infrequent random inspections.
According to Bonner, CBP's goal is a more secure supply chain that includes point of origin security and security at point of stuffing, ensured by C-TPAT validated partners who control their supply chain and assure point of origin security, who use a smart container, or see that their foreign vendors do, and who ship their goods through a CSI port to the United States.
Bonner concluded by explaining that, among the added benefits for validated C-TPAT partners, when a shipment does need to go to secondary, either for a random inspection or due to other agency requirements, the shipments of C-TPAT members will move to the front of the inspection line.
C-TPAT Validations And Enrollment Sector Focus
Bonner said that as of May 17, 2005, CBP has assessed and accepted the security profiles of 5,013 companies, and that more than 4,200 companies are in various stages of the application and review process. CBP has completed 591 validations (about 12 % of all certified partners), with an additional 2,079 validations underway (40%), or in the process of being completed.
Shifting Focus For Validations
After three years, it became evident that not all C-TPAT enrollment sectors exhibit the same risk to the international supply chain, nor do they possess the same ability to strengthen their supply chains throughout all components of their international supply chains. As an example, Bonner said that U.S.-based customs brokers have minimal ability to ensure sufficient supply chain security at the foreign place of stuffing, whereas U.S.-based importers exert strong business influence over a foreign manufacturer or supplier. Accordingly, Bonner noted "the enrollment sectors with the greatest ability to leverage their corporate strength and demand more security enhancements from foreign entities are the importers, and to a lesser extent, the carriers." "Importers also receive the greatest benefits in terms of reduced inspections.Therefore, C-TPAT validations are most effective when focused on these two enrollment sectors."
Phase I Minimum Security Requirements Now In Effect
On March 25, 2005, CBP published new minimum-security criteria to help solidify membership expectations and more clearly define and establish a baseline level of security measures. CBP provided a gradual, three-part phase-in program for implementation of the security measures for importers who are already a member of the C-TPAT program.
Under the phase-in process, all C-TPAT participants should now have prepared and in effect procedures that address the following three security criteria:
- Container Security (seals, inspections, storage).
- Physical Security (fencing, lighting, parking, building structure, locking devices and key controls, lighting, alarm systems, video surveillance cameras).
- Physical Access Controls (employees, visitors, deliveries, challenging and removing unauthorized persons).
To protect the integrity of the shipment, importers must ensure that all business partners, beginning at the point of origin, develop security processes and procedures consistent with the C-TPAT security criteria. Periodic reviews of processes and facilities of the business partners based on risk should be conducted by the CTPAT importer to ensure that business partners maintain the security standards required.
A. Container Security
Under the new guidelines, CTPAT participants must have procedures in place that ensure that container integrity is maintained to protect against the introduction of unauthorized material and/or persons. According to CBP, these procedures must begin at the point of stuffing, and ensure that each container has been properly inspected prior to loading, properly sealed, and then properly stored prior to being loaded aboard their vessels.
Container Inspection: Procedures must be in place to verify the physical integrity of the container structure prior to stuffing, to include the reliability of the locking mechanisms of the doors. A seven-point inspection process is recommended for all containers, which must include inspection of:
- Front wall
- Left side
- Right side
- Inside/outside doors
Container Seals: A high security seal must be affixed to all loaded containers bound for the U.S. All seals must meet or exceed the current PAS ISO 17712 standards. C-TPAT importers must ensure that all foreign entities responsible for loading containers have written procedures that stipulate how:
- Seals are to be controlled and affixed to loaded containers
- To recognize and report compromised seals and/or containers to U.S. Customs and Border Protection or the appropriate foreign authority.
C-TPAT importers must ensure that foreign entities have these procedures and then conduct a periodic audit or verification based on risk to ensure that these procedures are effectively carried out.
C-TPAT importers must document what happens to containers following loading, and ensure that the shipper, container freight carrier, and carrier store loaded containers in a secure area prior to loading on board the vessel to prevent unauthorized access and/or manipulation. C-TPAT importers must then verify that all parties in the cargo transport process have secure storage areas and procedures for reporting and neutralizing unauthorized entry into containers or container storage areas.
B. Physical Access Controls
CTPAT importers should now have physical access controls in place to prevent unauthorized entry to facilities; maintain control of employees and visitors; and protect company assets. According to Customs, access controls must include procedures for positive identification of all employees, visitors, and vendors at all points of entry.
An employee identification system must be in place for positive identification and access control purposes. Employees should only be given access to those secure areas needed for the performance of their duties. Company management or security personnel must adequately control the issuance and removal of employee, visitor and vendor identification badges. Procedures for the issuance, removal and changing of access devices (e.g. , keys, key cards, etc.) must be documented.
Visitors must present photo identification for documentation purposes upon arrival. All visitors should be escorted and visibly display temporary identification.
Deliveries (including mail)
Proper vendor ID and/or photo identification must be presented for documentation purposes upon arrival by all vendors. Arriving packages and mail should be periodically screened before being disseminated.
Challenging and Removing Unauthorized Persons
Procedures must be in place to identify, challenge and address unauthorized/ unidentified persons.
Cargo handling and storage facilities in domestic and foreign locations must have physical barriers and deterrents that guard against unauthorized access. Importers are expected to incorporate the following C-TPAT physical security criteria and verify that their foreign suppliers and logistics partners throughout the supply chains have the following, as applicable:
Perimeter fencing should enclose the areas around cargo handling and storage facilities. Interior fencing within a cargo handling structure should be used to segregate domestic, international, high value, and hazardous cargo. All fencing must be regularly inspected for integrity and damage.
Gates and Gate Houses
Gates through which vehicles and/or personnel enter or exit must be manned and/or monitored. The number of gates should be kept to the minimum necessary for proper access and safety.
Private passenger vehicles should be prohibited from parking in or adjacent to cargo handling and storage areas.
Buildings must be constructed of materials that resist unlawful entry. The integrity of structures must be maintained by periodic inspection and repair.
Locking Devices and Key Controls
All external and internal windows, gates and fences must be secured with locking devices. Management or security personnel must control the issuance of all locks and keys.
Adequate lighting must be provided inside and outside the facility, including the following areas: entrances and exits, cargo handling and storage areas, fence lines and parking areas.
Alarms Systems &
Video Surveillance Cameras
Alarm systems and video surveillance cameras should be utilized to monitor premises and prevent unauthorized access to cargo handling and storage areas.
Importers must require business partners to demonstrate that they are meeting C-TPAT security criteria via:
- Written/electronic confirmation (e.g., contractual obligations; via a letter from a senior officer attesting to compliance);
- A written statement from the business partner demonstrating their compliance with C-TPAT security criteria; or
- By providing a completed importer security questionnaire.
All non-C-TPAT eligible business partners (e.g., foreign vendors and foreign cargo transportation providers) must be subject to verification of compliance with C-TPAT security criteria by the importer, based upon a documented risk assessment process.
Phase 2 - Internal Supply Chain Management Practices:
Phase II criteria include
- Personnel Security (pre-employment verifications, background checks, personnel termination procedures);
- Procedural Security (documentation processing, manifest procedures, shipping and receiving, cargo discrepancies);
- Information Technology Security (password protection, accountability), and
- Security and Threat Awareness Training.
Phase II criteria must be implemented by existing C-TPAT member importers no later than August 25, 2005.
Please contact us for additional information regarding the new C-TPAT minimum-security requirements, or for assistance in conducting a C-TPAT review for conformity with the new C-TPAT minimum-security requirements.
If you have any questions on any of the issues raised in this newsletter, please contact George R. Tuttle at email@example.com (415-288-0425), or Stephen Spraitzar at firstname.lastname@example.org (415-288-0427).
George R. Tuttle and Stephen Spraitzar are attorneys with the Law Offices of George R. Tuttle in San Francisco. The information in this article is general in nature, and is not intended to constitute legal advice or to create an attorney-client relationship with respect to any event or occurrence, and may not be considered as such.
© 2005 by Tuttle Law Offices.
rights reserved. Information has been obtained from sources believed
to be reliable. However, because of the possibility of human or
mechanical error by our offices or by others, we do not guarantee
the accuracy, adequacy, or completeness of any information and are
not responsible for any errors, omissions, or for the results obtained
from the use of such information.