state of the programmiamiworldtrademonth.com/sites/default/files... · ctpat program: background...
TRANSCRIPT
Presenter’s Name June 17, 2003 2
CTPAT Program: Background
CTPAT is a supply chain security and trade compliance program that aims to secure the flow of goods bound for the United States through a voluntary partnership with the international trade community.
Government-private sector partnership emerging from the 9/11 terrorist attacks; Launched in November 2001 with seven major importers.
First worldwide supply chain security program, and currently 54.1% of all U.S. imports (by value) are CTPAT Certified.
Government-business program that builds cooperative relationships based on shared responsibility (prevention vs. interdiction).
Requires businesses to ensure the integrity of their security practices and verify the security guidelines of their business partners within the supply chain.
CBP Processes:
67,337 truck, rail, and sea containers
$6.3 billion worth of imported goods
CBP Seizes:
7,910 pounds of drugs (3,588kg)
$289,609 in undeclared or illicit currency
$3.8 million worth of products with Intellectual
Property Rights violations
CBP Patrols
329 ports of entry—official entry or crossing points
CTPAT is part of a layered law enforcement strategy
Trade Security
National Targeting
Center
24 Hour Trade Act
Intelligence
Container Security Initiative
NII TechnologyAutomated TargetingSystem
CTPAT
Impetus for Creation Piece of the Puzzle
WCO SAFE Framework CBP Cargo Responsibilities
Four Principles:
1. Advanced Electronic Information
2. Employ a Risk Management Approach to Address Security Threats
3. Use of Non-Intrusive Technology for the Inspection of Cargo
4. Benefits for Safe Traders – Authorized Economic Operator
Two Pillars:
Customs to Customs (Mutual Recognition)
Customs to Private Sector (AEO Programs / CTPAT)
Presenter’s Name June 17, 2003
CTPAT Program: Key Statistics and Members
CTPAT’s membership is cross cutting across a range of entity groups, which strengthens the security of international supply chains and the U.S. Border, and increases trade compliance.
11,400+ Certified Members
Over 30,000 validations conducted
54% of all imports (by value) into the US are CTPAT certified
Validation site visits conducted in 109 countries
300+ Importer Self Assessment (ISA) trade compliance program members
11 Mutual Recognition Arrangements (MRAs)
MSC Entity GroupsThe 11,000+ members comprise of companies across 12 entity groups from throughout the global supply chain.
CTPAT members must meet the Minimum Security Criteria (MSC), which are layered, cross-departmental security procedures and standards.
80 Sea Carriers
60 Marine Port Authority & Terminal
Operators
430 Mexican Long Haul Carriers
1,680Foreign
Manufacturers
10 Rail Carriers
110 Third Party Logistics Providers
(3PLs)
40 Air Carriers
1,980 Highway Carriers
4,150Importers
350Exporters
870Consolidators
850 U.S. Customs Brokers
Presenter’s Name June 17, 2003 4
CTPAT Program: Trusted Trader Strategy
The Trusted Trader Strategy outlines how industry can partner with CBP through the CTPAT program in both CTPAT Security and CTPAT Trade Compliance with increasing benefits for all parties.
in CTPAT
risk importers and
Increasing
benefits for
CBP and
traders
CTPAT, Trade Compliance, PGAs
and MRA and AEOs
Trusted traders receive facilitated
benefits globally
CTPAT, Trade Compliance and PGAs
Trusted traders receive benefits at
CTPAT
Traders are members ofCBP’s voluntary supply
chain security programSecurity
Partnership
GlobalReach
CTPAT, Trade Compliance
Traders are ISA compliant and meet CTPAT security requirementsCompliance
Non-participant
But consistently low
exporters
partner government agencies
Moves toward whole of government approach to supply chain security via PGA engagement
Integrates the CTPAT and ISA programs into a consolidated program that includes both supply chain security and trade compliance-AEO standard
Supports a scalable program, integrated with PGAs and aligned with leading AEO programs
Presenter’s Name June 17, 2003 5
CTPAT Trade Compliance: Trusted Trader Strategy
CTPAT developed a Trusted Trader Framework Strategy with the COAC to acknowledge the significant commitment of partnership between the U.S. government and trade, in global trade compliance and security.
Demonstrates highest level of commitment between the trade and regulatory government partners to security, compliance, and partnership within the global supply chain
Develops a program that is scalable, attainable for all size traders, and provides trading benefits and incentives
Reduced number of CBP examinations
Front of line inspections
Shorter wait times at the border
Assignment of a Supply Chain Security Specialist (SCSS) to the company
Access to FAST Lanes at land borders
CTPAT web-based Portal system and a library of training materials
Eligibility for other U.S. Government pilot programs
CTPAT security membership provides a baseline of engagement
Trusted Trader Pilot Program is working to transform the Importer Self Assessment (ISA) Program into the new Trade Compliance Program to provide importers and exporters an integrated partnership program for security and compliance
Framework Overview
Benefits & Incentives
Objectives and Pilot
Presenter’s Name June 17, 2003 6
CTPAT Trade Compliance: Trusted Trader Strategy
CTPAT is implementing the Trusted Trader Strategy to integrate ISA into the CTPAT program, and evolve its focus to cover both security and trade compliance.
Work with pilot participants to identify and document 30+ benefits in an interactive catalog, prioritize the development of 8 benefits, and measure the impact on participating importers.
Evaluate Benefits &
Requirements
Prepare for integration of ISA program into CTPAT Trade Compliance, and inform, train, and prep internal and external stakeholders for phased roll-out.
Prepare for Transition
Advance efforts with PGAs to promote a whole of government approach to supply chain security and trade compliance.
Partner with PGAs
Initiative Objectives & Outcomes
Prioritize and evaluate impact of incentives with pilot participants
Operationalize program and transition 330+ ISA members to Trade Compliance portion of CTPAT
CTPAT Trade Compliance Portal
Phased Rollout: Beg. October 2018
Phase I: June 2014 – June 2016
Validated pilot incentives for inclusion in initial offering
7 Pilot Participants:
Worked closely with pilot participants to test additional incentives and benefits and engaged with PGAs
Phase II: June 2016 – September 2018
ISA is a voluntary approach to trade compliance where CBP partners allow their eligible importers to assume the responsibility of managing their own compliance through self-assessment
There are currently 300+ members who utilize ISA
Comprises
25%of US Import Value
Pilot TimelineISA
Presenter’s Name June 17, 2003 7
CTPAT Security: Application Process
CTPAT has established a rigorous application process for vetting candidates to the program in order to ensure security and compliance measures are met and followed.
Long-Term
Expectations
Applicants must apply online via the CTPAT web portal
Eligibility requirements must be met before applicant’s company information is inputted
Each applicant must complete a security profile
Companies are assigned to a CTPAT field office for initial vetting, company review and security profile certification
CTPAT has to either approve or reject within 90 days
If the security profile is approved, CTPAT must conduct on on-site validation within one year
CTPAT must ensure applicant complies with the program’s security criteria
Utilize verification process to develop a strong working relationship with the applicant
Eligibility Certification Validation Verification
Validation of reported supply chain security and alignment to guidelines
Performed within 1 year from certification for all CTPAT participants
Every 1-2 years continue to review forms, sign-in sheets and checklists
Failure to show procedures are being followed can jeopardize future re-validation
Expect to see improved procedures the longer participants are a member
More stringent on requirements than original validation
Re-validation occurs every 3-4 years A re-verification report will be written and
participants have 90 days to respond by updating their actions in the web portal
Participants are required to assess the level of risk business partners bring into the supply chain, which can be based on the recommended Five Step Risk Assessment Process
Periodic
Re-Validation
Initial Validation
Process
CTPAT Validations & Verification
CTPAT Application Process
Presenter’s Name June 17, 2003 8
CTPAT Security: Top Security Issues and Benefits
CTPAT defines the supply chain as beginning at point of origin – manufacturer, supplier, vendor – and ending at point of distribution. The MSC throughout the supply chain can be grouped by the following buckets:
This map above demonstrates potential locations where cargo could be compromised and also shows potential validation sites.
Risk assessment of international supply chain Practice vs. policy Screening business partners (customers,
vendors/suppliers, and service providers) Follow-up on CTPAT status with business partners Employee training/awareness in supply chain security Audit/self policing, checks & balance systems Reporting system to notify company officers, CBP, and
other law enforcement agencies of anomalies (escalation matrix)
Cargo inspection/monitoring methods Periodic background checks Role of company CTPAT representatives
Reduced customs inspections Established point of contact in CBP (SCSSs) through
dedicated internet Portal access Use of Free and Secure Trade (FAST) Access to CBP/CTPAT training seminars and best
practices catalog Front of the line treatment for exams Business continuity considerations Access to other CTPAT members through internal
web portal system Penalty mitigation assistance
Top Security Issues CTPAT Benefits
Corporate Security
TransportationSecurity
People & Physical Security
Risk Assessment Procedural Security Personnel Security
Business PartnerConveyance and IIT
Security Physical Access
Controls
Cybersecurity Agricultural Security Physical Security
Security Vision and Responsibility
Seal SecuritySecurity Training and
Threat Awareness
Presenter’s Name June 17, 2003 9
CTPAT Security: Best Practices Framework
The framework used by CTPAT to demonstrate a best practice focuses on five components which, when used together, create a systematic approach to implementing best practices.
Senior Management Support
Inspires innovation and continuous improvement, and provides adequate resources
Innovative Business, Process,
& Technology
Increases automation, adaptability,
and efficiency
Documented Process
Ensures consistency and continuity via
written policies
Systems of Checks, Balances,and Accountability
Supports reliability via recurring tests and
internal/external audits
Evidence of Implementation
Verifies security via SCSS
observation and documentation
Best Practices Framework
Presenter’s Name June 17, 2003 10
CTPAT Security: Strengthening the MSC
CTPAT’s first major revision of the MSC since the program’s inception modernized and strengthened requirements in order to more effectively combat evolving supply chain security threats.
1 Changing Trade Landscape
As trade volume and complexity has increased dramatically since CTPAT’s inception over 15 years ago, threats against the global supply chain have continually evolved.
2 Terrorism and Criminal Activity
The targeting of global supply chains and an increase in terrorism activity underscores the need for CTPAT members to take increased measures to secure their supply chains.
4 Legal Mandate
The SAFE Port Act 2006 mandates that the MSC be reviewed “at least once a year” to update requirements as necessary in partnership with the trade community.
3 Reauthorization Bill
H.R. 3551, the CTPAT Reauthorization bill currently in Congress, will bring increased attention to the program and requires more frequent revisions of the MSC with full public transparency.
Presenter’s Name June 17, 2003 11
CTPAT Security: MSC Refinement and Restructure
Following multiple webinars, in-person reviews, and collaboration with the working groups, CTPAT has strengthened the MSC to enhance understanding and organization of the requirements.
Established 3 focus areas, inclusive of three new criteria categories focused on Cybersecurity, Security Vision and Responsibility, and Agricultural Security
Clarified language to explicitly organize requirements into "Must" and "Should“ delineations (i.e. hard vs. soft) requirements across applicable entity groups based on risk
New Focus Areas
and Criteria
Categories
Must vs. Should
Requirements
Mitigation of
Modern Threats
Provided guidance regarding how to combat Terrorism Financing and Money Laundering, addressing a major threat in supply chain security
The process to update the MSC laid the groundwork for the modernization of requirements in order to combat today’s threats in supply chain security
Presenter’s Name June 17, 2003 12
CTPAT Security: MSC Revision Summary
The following focus areas and criteria categories represent a holistic overview of the revised MSC requirements.
Focus Areas Criteria Categories Description
Corporate Security
Security Vision and Responsibility (New)
Promote a security vision, integrate security throughout the organization, establish an audit process, importance and role of the CTPAT POC
Risk Assessment Complete a comprehensive risk assessment based on a recognized methodology and in line with the MSC.
Business Partner Requirements
Select, screen, and monitor business partner compliance with MSC, to include trade based money laundering
Cybersecurity (New)Written cyber security policies and procedures; protection of IT systems with software and hardware; remote access; personal devices
TransportationSecurity
Conveyance and IIT Security
Conduct thorough inspections for both security and visible agricultural contamination; driver verification; tracking of conveyances; random searches;
Seal SecurityHigh security seal policy; containers not suitable for sealing; mandated use of the VVTT seal verification process; management audits of seals
Procedural SecurityDocument processes relevant to transportation, handling, and storage of cargo.
Agricultural Security (New)
Introduces requirements that protect the supply chain from contaminants and pests and the proper use of wood packaging materials.
People & Physical Security
Physical Access ControlsOutlines requirements to prevent, detect, or deter unauthorized personnel from gaining access to facilities. Expands on the use of security technology.
Physical SecurityRequire the positive identification of all employees, visitors, and vendors at all points of entry.
Personnel SecurityComplete screening, pre-employment verification, background checks, and comply with U.S. immigration laws.
Security Training, Threat, and Awareness
Requires training on security for all employees; specialized training for employees in sensitive positions; determine if training provided was effective
Presenter’s Name June 17, 2003 13
CTPAT Security: Implementation Timeline
Based on guidance from the Trade and COAC, CTPAT is proposing the MSC to be implemented under a phased approach throughout FY 2019.
Phase 1 Phase 2 Phase 3 Phase 4
1. Cybersecurity4. Security Training, Threat,
and Awareness7. Security, Vision, and
Responsibility10. Agricultural Security
2. Conveyance and IIT Security
5. Business Partner Requirements
8. Physical Security 12. Personnel Security
3. Seal Security 6. Risk Assessment 9. Physical Access Security 13. Procedural Security
Notional Phased Implementation By Criteria Category
The notional phased implementation timeline for criteria categories was determined via an assessment of security impact and level of effort with the six industry working groups.
Security ImpactSecurity impact was assessed for each criteria category by requirement as a function of its ability to address vulnerabilities in the supply chain and to complement existing legislative requirements or regulations.
Level of EffortLevel of effort was assessed for each criteria category by requirement as a measure of the cost, time, and reasonableness of compliance for CTPAT members.
Level
of
Eff
ort
Low
Med
ium
Hig
h
Security Impact
Low Medium High
13
2
98
4
7
4
106
12
11
12
13 5
Prioritization Methodology
Factors Considered for Prioritization
Size of bubble indicates number of requirements by criteria category
Presenter’s Name June 17, 2003
Global Reach: MRAs and SAFE Framework Pillars
CTPAT’s partnerships with international trade communities and authorities strengthens its role as an integral part of securing the global supply chain.
Commitment to MRAs link various international industry partnership programs together creating a unified and sustainable end-to-end security posture that facilitates safe and efficient global trade.
Support of organizations such as the World Customs Organization (WCO), the Asia-Pacific Economic Cooperation (APEC), and private sector organizations working to improve the security and integrity requirements of their membership.
International Strategy
Mexico
Canada
European Union
Japan
Jordan
New Zealand
South KoreaIsrael
Dominican Republic
Taiwan
Singapore
11 Mutual Recognition
Arrangements:
Presenter’s Name June 17, 2003 15
Global Reach: MRA Process
There are pre-requisites and a standardized process for implementing MRAs, which require time and effort to achieve but offer the benefit of stronger international security.
MRA Process
The Foreign Customs Administration must meet all four pre-requisites. The FCA must have:
Mutual recognition (MR) means the security requirements/standards of the industry partnership program, as well as its verification procedures, are the same or compatible with those of the potential MR partner.
Mutual recognition is a long term goal
Customs, AEO Programs, and the Trade Community must realize the time, effort and resources that goes into achieving MR.
MRAs MRA Pre-Requisites
A methodology in place to review and validate members
A security component integrated in the strategy
An operational program in place
A Customs Mutual Assistance Agreement (CMAA) in place with the U.S.
Signing of a joint work
plan
Side-by-side comparison of
program requirements
Validation on
observations
in both countries
Negotiation of the MRA
text
Formal signing of the MRA
Execution Maintenance
Presenter’s Name June 17, 2003 16
CTPAT Security and Trade Compliance: Roadmap
CTPAT SECURITY:
CTPAT Trade Compliance:*Importers only
Synthesize proposed MSC and work with industry to assess impact
Review and refine MSC with COAC and industry working groups
Implement program benefits with pilot participants and measure performance
Begin multi-year phased implementation of MSC
2019201820172014
2016
TODAY
2017 2018 20192016
Publish FRN and launch Trusted Trader pilot
Solidify and test incentives in Pilot Phase II
Launch CTPAT Trade Compliance and transition ISA members on a phased basis
Integrated CTPAT Security & Compliance
program
Enhance Portal, quantify cost and benefits, and prepare for implementation
Advance Trade Compliance portion of Portal, work with PGAs on Mutual Recognition, and prepare for implementation