I just attended the 2017 CTPAT conference in Detroit. After 2 days of CTPAT’ing, here a list of my top 10 takeaways including the changes I see coming to the CTPAT program.
- There is a new name. Notice the – is officially gone, no more C-TPAT (despite all of us conditioned to using the -, it is no more. CTPAT it is.
- There is a new slogan – CTPAT “Your Supply Chains Strongest Link”.
- There is a new woman at the helm. Elizabeth Schmelzinger is the Director of CTPAT.
The biggest take away is ….
- The biggest take away is that the “minimum security criteria” (MSC) will be updated, modernized, and phased in as early as 2018. At the beginning focus was on anything that “was going to blow or glow,” now, many updates must be made. Now, we can expect updates and changes to:
- Cyber security (something that keeps me up at night),
- prevention of money laundering,
- an even greater emphasis on policies and procedures & senior management buy-in (with the crowd begging for more information from CBP on the cost-benefit of the program),
- agriculture security,
- seals (CBP saw seals on ebay – and doesn’t want this to ever happen again),
- best practices,
- terrorism finance,
- personnel security (a highlight was that internal conspiracies make up 99% of the post incident analysis CBP receives),
- business partner requirements (with a greater emphasis on selecting/screening partners, a focus on identity theft) were all discussed as either needing to be added or updated.
- As an aside, transportation/conveyance/procedural and physical security are NOT likely to be updated.
- Also – there was a promise to work to avoid duplication (I VERY much hope this will be true)!
- As an aside passenger operations are changing as well with a focus on biometrics. Scary and cool at the same time. Some airports are in the pilot phase. Meaning, no passport, no ID, just stand and take a photo and its linked to government databases and your boarding pass to identify you. What exactly is shared (hopefully only your photos) is not known to me, but, is taking us into the future.
- The trusted trader program is currently on phase 2 (which runs until 2018). 56 companies applied, 9 were accepted, and 7 participated. Supply chain security (CTPAT) + trade compliance (ISA) = Trusted Trader. CBP is hoping to roll out Trusted Trade in phases in 2019.
- Best practices were discussed, and the 5 components that go into them (Verifiable evidence, Documented process, Senior management buy-in, Systems and checks, Innovation business). CBP advised that this is scalable and for the small and medium size businesses, “If you’re sophisticated enough to organize an international transaction – then you can incorporate best practices” (if you want to join CTPAT).
- We can expect Portal 2.0 to be more user friendly. Aa whole new IT crew is working on it. Note the 3 password questions are gone, you can now easily reset your password. In the future you’ll also be able to use chrome and the internet browser of your choice. For now, stick to explorer (for Portal 2.0 anyways!). SVI numbers are officially obsolete, now you can send a status email to non SVI partners (under the SVI field). It will look like:
U.S. Customs and Border Protection (CBP) Customs-Trade Partnership Against Terrorism (C-TPAT) confirms that X CORPORATION (Business Type:ImporterExporter), Security Model Name: X CORPORATION – Importer is a Partner in the C-TPAT program at the certified or above status as of 08/31/2017. This email does not guarantee the status of the partner after this date, nor guarantee the partner remains a part of the program.
- CBP won’t require a specific technology, but, will validate that you are actually using the technology you have.
- Some suggestions provided:
- Monitor ACE reports (advise your SCSS of any filings that are NOT yours)
- For a 5 step risk assessment (if you have multiple countries and parties you work with, start with your top 5)
- In your Threat Assessment CBP wants you to find a newer focus on agricultural threats
- Ensure you have annual training for employees. In your training, don’t forget to include IT, Janitorial, Security, and Part timers.
- Test your employees at the end of the trainings, ensure you keep the tests and a training log, and send training log to HR.
- Suggestion for training:
- At validations, CBP wants to see processes in use by employees beyond the training (i.e., CBP shouldn’t be first to sign into your book for visitors)
- Utilize the MindMap
Want help making sense of CTPAT? We’re here to help, contact us today at email@example.com, or 305-456-3830.