In the aftermath of September 11, U.S. Customs and Border Protection (CBP) responded quickly by initiating a joint government-private sector partnership called the Customs-Trade Partnership Against Terrorism (C-TPAT). As is well-known, C-TPAT is a program designed to enlist the international trade community in securing the supply chains through which foreign goods reach U.S. shores from terrorists and their weapons. C-TPAT has left an indelible mark as international traders around the world are now familiar with it and it has become an integral part of the Department of Homeland Security's mission. While the program is not without critics, it is no small accomplishment that it has grown in membership from a few to over 9,000 and contributed to a profound awareness that supply chain security is an essential element of a company's overall compliance program.
Like other voluntary programs, C-TPAT continues to evolve as it responds to the needs of its stakeholders and critics. The purpose of this article is to provide an overview of three significant developments this year in C-TPAT and to discuss some of the future consequences that might result. First, on March 11, the Government Accounting Office (GAO) issued a report to Congress that criticized the C-TPAT program, particularly with respect to the sufficiency of CBP's process for conferring benefits and for evaluating the effectiveness of members' supply chain security programs (i.e., "validations"). Second, on March 25, CBP announced a new set of stringent "minimum criteria" that prospective and current importer members now must meet. Finally, on April 21, the commissioner of CBP announced that benefits of C-TPAT will likely be based on a "tiered" system that depends, in part, on whether a member's supply chain has been "validated" by CBP and gone beyond the "minimum criteria." As part of their security compliance programs, members, applicants and future members should monitor these developments closely, as they are harbingers of possible future changes in the program.
Background On C-TPAT
Under C-TPAT, international traders (e.g., importers, carriers and, in some cases, foreign manufacturers) submit for CBP review a written profile tracing supply chain security measures for the movement of goods into the United States, from the overseas plant to the point of distribution in the United States, including all points in between (e.g., international transportation and ancillary services along the way). CBP then evaluates the application to ensure that it meets the minimum criteria for an applicant's business (e.g., importer).
Once CBP accepts a participant, CBP makes available to C-TPAT members certain benefits, such as reduced security inspections and delays at the border. Since the rollout of C-TPAT in 2001, it is the lure of reduced security inspections and delays (in addition to the incentive to be a good corporate citizen) that has been the primary motivating force behind enrollment. After acceptance, the C-TPAT member is subject to a C-TPAT "validation," which is a mini-audit of the member's supply chain security conducted by CBP supply chain security specialists.
GAO Criticism Of C-TPAT
In its recent report, the GAO was critical of several aspects of the C-TPAT program.1 The report concluded that C-TPAT validations are not sufficiently rigorous to enable CBP to verify that members' supply chain security programs are reliable. For example, the GAO found that validations are not conducted with a quantifiable objective, scope and methodology. In addition, the GAO found that CBP specialists lacked written guidelines, resulting in potential inconsistencies in validation methods.
Moreover, the GAO raised concerns that CBP has abandoned its original goal of validating all members within three years. The GAO also noted that CBP provides benefits under the program before conducting a validation and that CBP "has not come up with an alternative goal for the number or percentage of members that should be validated."2 CBP has responded to this criticism by claiming that it is already taking steps to address the issues raised in the report. The report has attracted considerable attention both within the trade community and among policy-makers concerned with supply chain security.
New "Minimum Security Criteria" And "Tiered Benefits"
Current and new importer applicants must meet new criteria to be eligible to participate in C-TPAT, and existing members must comply with each phase within a corresponding timeline to avoid suspension.
- Phase 1, "Hardening the Supply Chain," involves measures to control access to cargo through secure shipping containers and requires compliance with a new set of mandatory steps to secure shipping containers, including reliable locking mechanisms, a seven-point inspection process and security seal procedures. Existing importer members had 60 days from the March 25 date to address the elements of this phase.
- Phase 2, "Internal Supply Chain Management Practices," involves internal procedures to enhance procedural security (such as adequate pre-employment verifications), accurate cargo documentation and IT controls for information. Existing importer members have 120 days from March 25 to comply.
- Phase 3, "Business Partner Requirements," relates to the most controversial of the new security elements, which is that an importer "must have written and verifiable processes for the selection of business partners, including manufacturers, product suppliers and vendors." If an importer's business partner is itself eligible for C-TPAT certification, the importer would only have to obtain appropriate documentation to substantiate that status (generally, a C-TPAT certificate). For the remaining business partners, however, importers must document and substantiate that business partners are meeting C-TPAT or equivalent security criteria of a foreign Customs agency. In addition, based on their assessment of risk among the business partners, importers are also expected to conduct a review of their business partners' security procedures. Existing importer members have 180 days from March 25 to comply.
Another development is that the manner in which C-TPAT confers benefits will likely soon change to a concept of "tiered benefits." In an April 21 speech, CBP Commissioner Bonner summarized the tiered benefits approach.3 As he envisions it, under the revised March 25 standards, there will be three tiers of C-TPAT members and corresponding benefits: (1) certified C-TPAT members would receive a reduction in CBP's Automated Target System scoring, leading to reduced security inspections, (2) certified C-TPAT members that have undergone successful "validations," including a successful review of foreign business partner components in the supply chain, would receive further reductions in security inspections, and (3) for those C-TPAT members that successfully undergo a "validation," those members will be eligible for "Green Lane" treatment, provided they use CBP validated carriers, use "smart box containers" (i.e., equipped with anti-tamper technology), and export from foreign ports where CBP officers are stationed to perform pre-shipment inspections (under a program called the "Container Security Initiative"). CBP Commissioner Bonner has indicated that importers meeting the Green Lane requirements would receive essentially security-inspection-free clearance.
Implications And The Road Ahead For The Trade Community
The GAO report and CBP's announcements have several implications for the trade community, including the following:
(1) Greater Burden on Members and Applicants: The new criteria, along with the GAO and congressional scrutiny, make clear that CBP will demand more of companies in the application process and prior to conferring benefits. These demands require written procedures to ensure that overseas suppliers and others comply with C-TPAT criteria. In essence, without explicitly requiring it, CBP expects applicants to condition business relationships on whether the business partner meets C-TPAT security criteria. In addition, members and applicants should also track the implementation of container security requirements. While the new criteria require mandatory procedures, there is no doubt that more requirements will follow. For example, the Department of Homeland Security will propose new regulations on container security seals in the near future, and Congress is also considering legislation to mandate additional container security requirements.
(2) Increased Validations: With the outside scrutiny, CBP is likely to increase its emphasis on validations. Indeed, since the GAO report, CBP has reportedly sent more than 2,000 letters to C-TPAT members to inform them that validations of those members are "in progress." The increased focus on validation places a greater onus on members as well as new applicants to verify the reliability of their C-TPAT applications. In exchange for the strengthening of the validation process, the trade community would likely benefit from more transparency so that members understand what is expected during a validation and which standards govern the CBP specialists conducting the validation.
(3) Changes in Validation Process: One of the core criticisms is that C-TPAT is unreliable because it results in the provision of benefits without a validation of the importer's supply chain security. Congress is likely to focus on this issue and pressure CBP to rationalize the validation process to guard against the prospect of a false sense of confidence in a supply chain. Ultimately, this may result in a process that requires a "validation" prior to acceptance and the conferral of benefits. CBP appears to have already responded in part by tying the concept of "tiered benefits" closely to validation.
It is clear that CBP does not have the resources to validate each applicant in a timely manner. This is why there has been discussion in Congress and among Homeland Security experts about outsourcing the validation function to private companies. This in turn raises a number of questions, including what the standards would be that govern private parties who conduct validations and what the standards for such validations might be. Moreover, legislators and others may advocate that CBP conduct validations using a more standardized set of objectives, scope and methodology rather than a process in which these elements are developed on a case-specific basis. Such a model may take away the ability of importers and other participants to take an active role in setting the parameters of the validation. On the other hand, potential benefits could flow from such a mode, such as greater transparency in how a validation will be conducted.
(4) Potential Uncertainties: From CBP's perspective, the new criteria promote the goals of grater clarity and a "baseline" level of security. However, from the point of view of a manager considering whether to allocate resources for the program, the introduction of the new criteria, particularly the "business partner" criteria, may make it difficult to assess the costs. For example, it is not clear what the standards for enforcing the "business partner" criteria are and what the consequence would be of a deviation or failure to meet one of these criteria. If CBP were to suspend or withdraw membership, a company may be in a worse position than if it had never enrolled.
In addition, importers and other potential C-TPAT members should be aware of the possibility that the U.S. government's efforts to promote the adoption of cargo and supply chain security on a multilateral basis may potentially affect C-TPAT obligations. In particular, the U.S. has promoted the adoption of C-TPAT-like standards with corresponding customs authorities, as well as through the World Customs Organisation (WCO), an independent intergovernmental organization representing approximately 165 governments. The WCO recently released the final draft Framework on Standards to Secure and Facilitate Global Trade, expected to be approved by the WCO Council in meetings to be held in late June. The Framework incorporates provisions to establish international standards for supply chain security. The adoption of more consistent security standards in other countries might have beneficial effects for those U.S. companies participating in C-TPAT. For example, C-TPAT's criteria for business partners already incorporate the principle that an importer can substantiate a business partner's security measures by presenting documentation that the partner meets similar criteria "administered by a foreign Customs administration." Similarly, for multinational corporations that operate in other countries that offer C-TPAT-type programs, the adoption of standardized guidelines and reciprocity principles might eliminate the need to validate supply chain security in multiple jurisdictions.
The greatest uncertainty is, without a doubt, whether the administration or Congress, or both, will see fit to regulate or legislate C-TPAT requirements. While rendering the voluntary program, a legal regime runs counter to the notion of a partnership, and while laws will result in additional cost for companies, the recent scrutiny from Congress and others suggests that a legal regime may be on the horizon. It is essential, therefore, to monitor legislative and regulatory developments related to the program.
C-TPAT continues to evolve using an incentive-based partnership model that raises both opportunities and potential pitfalls for the trade community. As the recent announcement by Commissioner Bonner signals, CBP is expected to release a draft proposal for implementation of the tiered benefit system in the near future. The promise of "Green Lane" treatment is certain to maintain interest in the program, despite the ambiguities inherent in the newly announced "minimum criteria." Ultimately, C-TPAT is a vitally important work in progress. Commissioner Bonner has stated that "from the very beginning, C-TPAT was intended to be a dynamic program, not a static one." In part, this is a function of the fact that the program must maintain its effectiveness in the context of an evolving terrorist threat as well as avoid unduly impeding legitimate trade. What is clear is that CBP will continue to engage the trade in implementing and developing the program. To navigate the changing landscape, member and prospective member companies should monitor developments closely.
1Cargo Security: Partnership Program Grants Importers Reduced Scrutiny with Limited Assurance of Improved Security, GAO-05-404, March 11, 2005 (hereinafter "GAO Report").
2See GAO Report at p. 5.
3 R emarks by Commissioner Robert C. Bonner, Supply Chain Security in New Business Environment, available at http://www.customs.gov/xp/cgov/ newsroom/ commissioner/speeches_statements/apr21_2005_miami .xml.
Published July 1, 2005.