National Conference on SAFE TRADE

1
National Conference on SAFE TRADE AEO CTPAT
Six Years on A Review of the Private Sector

• May 13, 2008
• Craig J. Pinkerton, Director PricewaterhouseCoop
  ers

2
Level of Security Prior to 9/11

• The level of security for importers, carriers,
  truckers, etc. was determined primarily on
• the value and nature of imported merchandise
• the level of theft and shrinkage discovered along
  the supply chain
• whether the product was considered sensitive by
  the government (e.g., tobacco pharmaceutical
  drugs)
• whether the product could pose a threat to the
  public (e.g., firearms chemicals hazardous
  materials)

2
3
Threats to the Supply Chain Changed the Security
Landscape

• 9/11 introduced tighter security into the
  logistics process
• The flow of goods from the manufacturer to the
  end user is now viewed as needing protection, not
  just the product
• People crossing borders into the U.S. are being
  monitored to minimize or eliminate the threat of
  danger
• No longer is it only value or dangers intrinsic
  to imported product, but the logistics function
  itself is being viewed as a security issue
• The conclusion that danger could accompany
  products throughout the supply chain caused a
  major refocus on security

3
4
Development of Security Initiatives
ISO (International Organization
for Standardization)
Container Security Initiative
WCO
Customs-Trade Partnership Against Terrorism
(C-TPAT)
AEO (Authorized Economic Operator)
102 Security Filing
FAST (Free and Secure Trade)
Canadian PIP (Partners in Protection)
SAFE Framework
4
5
What are Customs Expectations?

• Through this initiative, Customs is asking
  companies to ensure the integrity of their
  security practices and communicate their security
  guidelines to their business partners within the
  supply chain (i.e., increased vigilance)
• The primary goals of C-TPAT include
• Increasing security measures, practices and
  procedures throughout all sectors of the
  international supply chain
• Protecting the public from terrorist activities
• Ensuring the flow of legitimate trade
• Providing Customs with a means of looking into a
  companys supply chain security profile

5
6
WCO Standards Mirror C-TPAT

• Business-Customs Cooperation
• Conveyance/Container Security
• ISO Security Seals Required
• Physical Access Security
• Personnel Security
• Procedural Security
• Information Systems Security
• Employee Security Training
• Continuous Improvement Process
• Risk Assessment

6
7
Evolution of C-TPAT

• Launched in November 2001, with only seven major
  importers
• C-TPAT currently has more than 10,000 partners,
  which include United States importers, customs
  brokers, terminal operators, carriers, truckers
  and some foreign manufacturers
• Initially, voluntary participation and jointly
  developed security criteria and implementation
  procedures were the guiding principles
• As the program grew, so did the need for more
  clearly-defined security criteria to establish
  the minimum, baseline security expectations for
  membership
• In 2005, minimum-security criteria for importers
  was implemented and companies were required to
  meet the new criteria within certain timelines

7
8
C-TPAT Benefits

• Beyond the essential security benefits, Customs
  offers the following benefits to C-TPAT members
• A reduced number of inspections (reduced border
  times)
• Priority processing for Customs inspections
  (Front of the Line processing for inspections
  when possible)
• Assignment of a C-TPAT Supply Chain Security
  Specialist who will work with the company to
  validate and enhance security throughout the
  companys international supply chain
• An emphasis on self-policing, not Customs
  verifications

8
9
C-TPAT Benefits

• Eligible to attend C-TPAT supply chain security
  training seminars
• Access to other C-TPAT members via the Status
  Verification Interface
• Certified C-TPAT importers are eligible for
  access to the FAST lanes on the Canadian and
  Mexican borders
• Mitigating factor in cases of fines and penalties
• Demonstrates good corporate citizenship to
  Customs

9
10
Security Costs versus Benefits

• There have been several logistics studies
  published since 9/11 that detail the costs and
  benefits associated with the C-TPAT program, such
  as
• Stanford Supply Chain Study - October 2003
• MIT Supply Chain Study - May 2005
• Stanford Innovation in Supply Chain Security -
  July 2006
• University of Virginia Cost Benefit Survey -
  August 2007

10
11
Benefits from Investment in SAFE Trade

• Fewer Customs Inspections (50)
• Reduction in Excess Inventory (14)
• Improved on-time delivery (12)
• Reduction in Theft/Loss/Pilferage (38)
• Access to Shipping Data (50)
• Timely Shipping Data (30)
• Less Customer Attrition (26)
• Increase of New Customers (20)
• (Source Stanford University Study, July 2006)

11
12
Benefits from Investment in SAFE Trade

• The primary motivation for importers to join
  C-TPAT is to reduce the risk of supply chain
  disruptions due to a terrorist attack
• Four out of every ten members did not have a
  formal supply chain security plan prior to
  joining the program
• C-TPAT moved thousands of companies to give
  closer scrutiny to the security of the goods they
  handle and review the supply chain to ensure that
  their overseas suppliers have implemented sound
  security practices
• Greater Supply Chain integrity (stronger seal
  controls)
• Stronger brand equity

12
13
Benefits from Investment in SAFE Trade

• The vast majority (81.3 percent) of members
  indicated that their ability to assess and manage
  supply chain risk had been strengthened as a
  result of joining C-TPAT
• C-TPAT certification requires that companies meet
  an extensive checklist of verifiable conditions.
  Nevertheless, minimum security criteria were
  generally viewed as very easy or somewhat easy to
  implement across the various sectors
• More than half (56.8 percent) of the members
  indicated that C-TPAT benefits either outweighed
  the costs or were about the same
• (Source University of Virginia Study 2007)

13
14
Costs from Investment in SAFE Trade

• Typical implementation costs (listed from highest
  to lowest)
• Improving or implementing physical security costs
  (doors, windows, electronic access, cameras,
  fences, gates, lighting, etc.)
• Salaries and expenses of personnel
• Improving IT systems and databases
• Improving cargo security
• Improving or implementing in-house education,
  training, and awareness
• Improving personnel security procedures

14
15
Example of Security Procedures to be reviewed

• Physical Access Controls
• Employees, Visitors and Deliveries
  identification and badge process is key and
  removing unauthorized individuals
• Personnel Security
• Pre-employment verification, background checks,
  and termination procedures for prospective and
  current employees
• Procedural Security
• Documentation processing, shipping and receiving,
  and cargo discrepancies
• Container and Trailer Security
• Seal integrity, inspection and storage

15
16
Example of Security Procedures to be reviewed

• Physical Security
• Fencing, guardhouses, parking, locking devices,
  key controls, lighting, alarms, and video cameras
• Information Technology Security
• IT security procedures, password protection,
  system accountability (firewall, virus
  protection, monitoring service)
• Security training and threat awareness
• Focus on what types of training offered to
  employees and whether supply chain security
  training (C-TPAT specific) given

16
17
Business Partner Requirements

• Importers must have written, verifiable processes
  for the selection of business partners including
  manufacturers, product suppliers, and vendors
• They should also have documentation
  substantiating that partners throughout their
  supply chain are meeting C-TPAT security
  standards - or equivalent supply chain security
  program criteria
• e.g., supply chain assessment questionnaire,
  on-site audit report, written confirmation, etc.
• Where a company outsources or contracts elements
  of its supply chain, such as a foreign facility,
  warehouse, or conveyance, it must work with these
  business partners to ensure that pertinent
  security measures are in place and adhered to

17
18
Business Partner Requirements

• Companies now leverage their business
  relationships and ensure that business partners
  develop security processes and procedures
  consistent with the C-TPAT criteria
• Build C-TPAT/security language directly into
  contract
• Narrowing universe of business partners
• Periodic reviews of business partners processes
  and facilities should be conducted based on risk

18
19
Business Partner Example of Risk

• Foreign inland freight carrier - may be the
  weakest link in the supply chain
• In certain countries, local trucking companies
  must be used. Additional processes may need to
  be set up to deal with risk

19
20
Common Security Shortfalls

• Cargo seals not used by foreign inland carriers
  and policy not documented
• Less than full truck load
• Air shipments
• No C-TPAT security-based training provided to
  employees, especially those with cargo handling
  responsibilities (warehouse, shipping, receiving,
  etc.)
• Procedures at foreign facility are commonly
  patched together from various departments,
  rarely mention C-TPAT related policies and
  procedures, and usually consist of random screen
  shots and dusty binders

20
21
Common Security Shortfalls

• Employees inconsistent in displaying badges,
  especially in cargo handling areas
• C-TPAT web portal not updated to reflect changes
  in companys program
• From security standpoint, other weak areas noted
  included
• Mail room deliveries
• Use of temporary agencies for labor
• No one actually monitoring video cameras (or, for
  example, 32 cameras all feeding into a 13
  monitor)
• Collecting badges and terminating access when
  employees leave company

21
22
Common Security Shortfalls

• Responses received from foreign vendor during
  questionnaire process do not match reality.
  Examples
• fence around perimeter vs. fence rusted and
  fell down in 1998
• pan and zoom cameras throughout facility vs.
  inoperable cameras dangling from wires
• truck drivers sign in/out vs. drivers waved on
  through because same drivers every day
• Customs not asked for identification upon arrival
• (Note A company is not required to implement
  all best practices, however, CBP may ask why
  certain procedures cannot be implemented)

22
23
Benchmarking - Best Practices from Industry

• Security measures
• Exceed the C-TPAT Security Criteria
• Incorporate management support
• Have written policies and procedures that govern
  their use
• Employ a system of checks and balances
• C-TPAT is an on-going program!
• Companies continually update their supply chain
  security program (e.g., new factories, business
  partners)
• Periodic assessment is part of corporate manual
• Verify procedures to ensure they are being
  followed and make modifications as necessary
• Ownership at each entity level responsible for
  maintenance

23
24
Benchmarking - Best Practices from Industry

• Since C-TPAT is a Customs program, it is
  typically managed by a companys global customs
  compliance group along with legal oversight
• C-TPAT Champion provides oversight
• Importer has sound compliance program in place
• Opportunity to provide additional on-site
  training
• Ability to tie into other security initiatives
  (e.g., 102 requirement)
• Senior Management Support and Buy-in
• An absolute must
• Lack of support at top levels - failure is
  imminent!

24
25
Benchmarking - Best Practices from Industry

• Do not assume business partners will not be
  visited especially foreign business partners.
  Example
• Tier 3 U.S.-based customs broker in Philippines
  is visited an average of two times per month by
  CBP SCSS
• As a result of numerous visits, virtually every
  best practice has been implemented (clearly
  evident)
• GPS on all trucks to monitor real-time movements
• Security personnel accompany shipment from
  factory to airport (customs bonded facility)
• High security seals and padlocks utilized
• Comprehensive policies and procedures

25
26
Recommended Workplan for Security Program

• Review global supply chain to verify your
  business partners, such as foreign manufacturers,
  carriers and brokers
• Conduct analysis based on volume and risk
• Identify which business partners are already in
  the C-TPAT program or other supply chain program
  such as AEO, and which partners have already
  participated in a supply chain documentation
  process or have undergone an on-site audit
• Determine best application strategy

26
27
Recommended Workplan for Security Program

• Conduct domestic reviews at headquarters and
  distribution facilities
• Conduct comprehensive self-assessment of supply
  chain security (based on the C-TPAT/AEO security
  guidelines)
• Document current supply chain security procedures
  
• Develop and implement a program to enhance
  security throughout the supply chain in
  accordance with guidelines
• Communicate supply chain security guidelines to
  other partners in supply chain

27
28
How has C-TPAT evolved?

• Already in progress
• Detailed verifications of applications
• Revalidations of certified companies
• Tighter container seal control
• Tighter documentation control
• New security criteria - importers now seeking to
  join the C-TPAT program will need to meet or
  exceed the new security criteria before they will
  be certified

28
29
How has C-TPAT evolved?

• Companies beginning to implement
• Smart containers and tracking systems
• Extensive screening (initial ongoing) of
  personnel. This includes both foreign and
  domestic locations
• Security/C-TPAT requirements for their entire
  supplier base and logistics providers
• Security audit as part of normal periodic audit
  of foreign entities
• Best Practices to obtain Tier 3 status
• As of March 2008, only 243 Tier 3 companies

29
30
Moving Forward 2008 and Beyond

• The SAFE Port ACT signed in 2007 has codified
  C-TPAT and CSI and calls for mandatory use of ISO
  17712 compliant seals on all containers by
  October 2008
• Canadian PIP program members will gain
  reciprocity status with C-TPAT program members
• TSA will announce air cargo security guidelines
  deferring to many C-TPAT guidelines
• WCO will expand the AEO program in the European
  Union, Asia and Latin America
• Greater use of electronics in cargo protection

30
31
Moving Forward 2008 and Beyond

• More frequent reviews of companys security
  procedures and policies (even after
  validation/revalidation)
• C-TPAT members continue conducting audits of
  foreign vendors regardless of whether in another
  program
• C-TPAT members are conditioning contractual
  business relationships with their service
  providers and vendors based on C-TPAT
  participation and/or adherence to C-TPAT security
  guidelines
• Mutual Recognition and Reciprocity with other
  countries
• Global buy-in to security
• Additional X-ray screening and data mining

31
32
Moving Forward 2008 and Beyond

• Congress pressuring Customs to implement 100
  container screening. Customs potentially trying
  to counter with C-TPAT program and cargo
  screening software
• Customs reducing timeline for validations from 3
  years to 1 year, and revalidating each company
  every 3 years instead of the specified 4-year
  schedule
• Third-party validations Customs currently
  accepts only in China. Other AEO programs may
  allow selected third parties to conduct
  validations in any country

32
33

CONTACTS Craig J. Pinkerton PricewaterhouseCoop
ersLos Angeles Tel (213) 256-6037Email
craig.j.pinkerton_at_us.pwc.com Dennis Caronan
PricewaterhouseCoopers Manila Tel 632 845 2728,
Ext. 2118 Email dennis.anthony.p.caronan_at_ph.pwc.c
om John S. Kwak PricewaterhouseCoopers Hong
Kong Tel (852) 2289 3331 Email
john.sh.kwak_at_hk.pwc.com