The Customs Trade Partnership Against Terrorism is a voluntary public/private initiative that builds cooperative relationships to strengthen and improve overall international supply chain and U.S. border security. CTPAT is widely recognized as one of the most effective means of providing the highest level of cargo security through close cooperation with international supply chain businesses such as importers, carriers, consolidators, licensed customs brokers, and manufacturers.
At CBP’s CTPAT Conference held on June 25-26, 2019, CBP announced the New Minimum Security Criteria to CTPAT and much more to over 1,600 attendees (the largest conference to date!) – lucky for you, Diaz Trade Law was present and recapped the highlights below:
State of the Program
- Manual Garza was named as the new Director of the CTPAT program! Congratulations! Former Director Elizabeth (Liz) Schmelzinger has retired leaving the program in the #PathForward (this year’s conference theme), her biggest initiative was the development of the new MSC’s. Mazal Tov to Liz on her retirement!
- There are 11,500 members in CTPAT as of 2019
- CTPAT members maintain a 97.3% compliance rate
- Reasons for high compliance rate include: companies that are engaged with program & performing their annual security assessment.
- .53% is the average inspection rate of a CTPAT member versus for non-members nearly 2%.
- Failure to conduct an annual assessment will cause reason for removal/suspension.
- 96 companies were suspended
- 120 removed from program
- 53% of the total value of cargo imported into the United States is through CTPAT
- 12 Mutual Recognition Agreements (MRA) in place
- More Funding for CTPAT Portal – new portal will launch in November 2019.
- The Security Profile will be updated to include new criteria starting November 2019. Current profiles that have not been submitted for review and validation will not be deleted.
- New MSC’s Compliance date: Members must be compliant by January 1, 2020.
New Minimum Security Criteria (MSC)
- It’s been 17 years since the new criteria was added to the program! While there have been updates to CTPAT since the program was established in 2001, the new MSCs are based on reflections of lessons learned and increase of different types of terrorism. According to Carlos E. Ochoa, Branch Chief CTPAT HQ, the reality is that when CTPAT was established the United States was concerned with Al-Quaeda but now The United States is facing ISIS, huge migration waves from Europe and North Africa as well as from South America – new security threats require new security criteria with a great emphasis on business partnership.
- The inclusion of the three new security criteria categories have left CTPAT members scrambling to figure out what MUST be done to meet the new criteria and what other actions SHOULD they also consider to ensure they remain validated CTPAT members. Here are new MSC categories and CBP’s recommendations for compliance:
1) SECURITY VISION AND RESPONSIBILITY /VISION DE SEGURIDAD Y RESPONSABILIDAD
– Grouped under the focus area of Corporate Security, this MSC encompasses Corporate Responsibility. To that end, upper level management is required to promote a security vision by integrating security throughout the organization and establish an audit process to identify vulnerabilities.
– Additionally, CTPAT members must have more than one CTPAT point of contact that has the credentials to access the CTPAT portal and is knowledgeable about CTPAT and trained on CTPAT compliance. A 2013 portal audit resulted in the removal of 114 members for mainly lack of response to simple administrative tasks; the new requirement of multiple points of contacts is in efforts to minimize the lack of response.
– Best Practices straight from CBP:
➢ During Day 1 of the Conference, Thomas Overacker, CBP’s Executive Director of Cargo and Conveyance Security, Office of Field Operations, noted that “corporate responsibility is an essential MSC” regardless of the size of the business, they must “implement on a daily basis; anything less than that is not enough.”
➢ Similarly, during his Keynote address, John P. Wagner, CBP’s Executive Deputy Assistant Commissioner, Office of Field Operations, recommended that organizations “challenge themselves and identify vulnerabilities; think – what can you do to combat the problem? How can my role in the bigger business help fill those gaps?”
➢ Keynote Luncheon Speaker, Kevin Harriger, CBP’s Executive Director, Agriculture Programs and Trade Liaison, Office of Field Operations, recommended companies to “develop and implement a culture that is security related where the details are scaleable for your specific company needs.” He provided the following three core fundamentals to creating a security-based culture: 1. Corporate commitment; 2. Representation from relevant staff members all across the table; and 3. Implement an awareness campaign.
➢ During Day 2, Carlos E. Ochoa, Branch Chief CTPAT HQ presented the workshop on MSCs (in English and Spanish). He explained that “what really matters is how security is implemented and enforced – it’s a daily task…People don’t do what u expect, people do what you inspect.”
➢ A workshop on Security breaches presented by Raymond Monzon, Supervisory Supply Chain Security Specialist, illustrated the benefit of training employees across the table on security: in one case, a low-level employee who was trained to identify security breaches, identified that the outside of a package on a shipment looked unusual, ultimate the employee reported it and prevented explosives concealed in ink cartridges from being boarded on a flight destined to the United States. Further investigations confirmed the explosive were intended to detonate while aboard the flight.
➢ Recommendation: Draft a Statement of Support of the CTPAT program and publish it on your webpage, hang it in principle areas of the company, include it in the product packaging – this is implementing the culture related to security.
– Group under the focus area of Corporate Security, this MSC encompasses the role of 21st century technology. To that end, organizations are required to have written cybersecurity policies and procedures, implement protection of IT systems with software and hardware, control remote access, and ensure a two-factor system is used to access personal devices.
– Best Practices straight from CBP:
➢ During Day 2, Carlos E. Ochoa, Branch Chief CTPAT HQ, presented the workshop on MSCs (in English and Spanish) and encouraged organizations to take a common-sense approach to implementing cybersecurity:
▪ Passwords must: two factor authentication and password
▪ A 2017 IBM study, reported that 1.5 million cyber-attacks occur per day that’s 3 attacks per minute!
▪ 91% of all cybercrimes start with an email. That’s why training for staff on cybersecurity is now a must.
▪ Ensure business partners also comply with requirements.
▪ Assumption that targets of attacks are larger organizations, but the more vulnerable the company the more likelihood of a cyberattack.
▪ A Verizon 2018 data breach investigation report provided that 58% of targets were small businesses because they are easier to penetrate.
▪ The Netflix Compromise attack was done by hacker scanning an entire supply chain to identify the weakest business partner and attack through the weakest link.
➢ Resources: Cyber security compliance resource from the United States Chamber of Commerce; should be used as a guide as you implement the cyber security policy – 1) Identify, 2) Protect, 3) detect, 4)Respond, and 5) Recover data
3) AGRICULTURAL SECURITY
– Group under the focus area of Transport Security, this MSC encompasses an international issue being combated by the majority of country – prevention of foreign pests from entering the destination country. To that end, organizations are required to protect their supply chain from contaminants and pests and ensure the proper use of wood packaging materials.
– Best Practices straight from CBP:
➢ During Day 1, Keynote Luncheon Speaker, Kevin Harriger, CBP’s Executive Director, Agriculture Programs and Trade Liaison, Office of Field Operations, recommended companies to:
▪ Take a common-sense approach that fits in what it already being done by the organization but include the perspective to look for pests in addition to contraband. Conduct inspections in the same manner.
➢ During a panel discussion entitled, Addressing Security Risk from the CBP Point of View, John Sagle, Director, Agriculture Safeguarding Agriculture Programs and Trade Liaison, Office of Field Operations, CBP recommended organizations to be proactive and engage with CBP by communicating with their liaison based on an open door policy and encouraged members to create a culture that included agriculture as we all benefit – the cost in pest threats is economically devastating in addition to being life threating to livestock and the environment.
➢ During Day 2, Carlos E. Ochoa, Branch Chief CTPAT HQ presented the workshop on MSCs (in English and Spanish) where he highlighted that a swine outbreak would be a 60 billion cost to the United States to defend against it. He gave example of one case where tiles from Italy were bringing pests – these tiles ultimate were reexported to be treated in the country of origin; proving that pests are not only in agriculture products!
▪ 328 pests are found daily
➢ CBP adopted IMO’s definition of pest contamination, which includes the standard imposed for inspection to identify pest in conveyances as based on a VISUAL inspection – in and outside the container and trailer.
➢ Tips to address pest risk – do what’s least costly but effective to remove pests or seeds or snails.
➢ Wood Packing Material (WPM) – WPM is an international issue – Now organizations must develop and implement WPM training.
▪ Most egregious violations is non- stamped wood
▪ CBP’s Wood Packing Training Program (tip: Use this to develop your required WPM SOP).
Other noteworthy highlights:
– NEW eligibility requirement – no evidence of financial debt to CBP!
– Forced Labor recommendation for importers and foreign manufacturers
– Training tools and all presentations will be available on the CTPAT portal
- Look out for materials in Spanish and French!
For assistance with CTPAT compliance and to further understand what are the “musts” and “shoulds” of the new MSC, contact our Customs and International Trade Law attorneys at 305-456-3830 or email email@example.com.