Recap of 2019 CTPAT Conference
The Customs Trade Partnership Against Terrorism or (CTPAT) is a layer in the U.S. Customs and Boarder Protection’s (CBP) multi-layered cargo enforcement strategy. Through this program the CBP works with trade community to improve overall international supply chain and U.S. border security. CTPAT is widely recognized as one of the most effective means of providing the highest level of cargo security through close cooperation with international supply chain businesses such as importers, carriers, consolidators, licensed customs brokers, and manufacturers.
At CBP’s CTPAT Conference held on June 25-26, 2019, CBP announced the New Minimum Security Criteria to CTPAT and much more to over 1,600 attendees (the largest conference to date!)
The Minimum Security Criteria (MSC), which should be implemented by 1/1/2020 will include the 3 new requirements for validation in 2020. The MSC noted what “must” vs. what “should” be done, leaving many CTPAT members scrambling to clarify between the two to ensure they remain validated CTPAT members.
Breakdown of the new MSC:
New Security Criteria Categories:
The CTPAT program must be supported by company leadership. Security Profile and Questionnaire must indicate there is a culture of supply chain safety and that security starts with management engagement at the highest levels.
Be vigilant in having a back up (or two) to the CTPAT POC (Point of Contact) and SME (Subject Matter Expert). Many organizations (46% of all CTPAT membership removals) were suspended due to not responding to the validation report. 27% of the removals we organizations who failed to complete the self assessment or security profile. If your CTPAT administrator leaves the position, leaves the company, retires etc. make sure they have a trained and knowledgeable backfill for the CTPAT program
Companies must adhere to common industry standards to protect data and IT devices against cyber threats. Average cost per data breach is $7.35M. Most cybercrimes start through email. Security Profile and Questionnaire must indicate use of IT standards like virus protection software, firewalls, and education to prevent breaches.
60% of small businesses are unable to sustain operations for 6 months after a cyberattack. Risks include companies with lower tier suppliers and vendors with access to IT systems, 3rdparty providers with virtual access to IT systems and compromised software and hardware.
Security Profile and Questionnaire must indicate attempt to mitigate the introduction of pests and contaminants into the US via all modes of cargo movement. Agriculture is one of the largest business sectors for those involved in CTPAT.
328 pests are found daily. CBP adopted IMO’s definition of pest contamination, which includes the standard imposed for inspection to identify pest in conveyances as based on a VISUAL inspection – in and outside the container and trailer.
Wood Packing Material (WPM) – WPM is an international issue – Now organizations must develop and implement WPM training.
Most egregious violations is non- stamped wood
The vision for the future of the CTPAT program will center around documented processes, evidence, security questionnaires, and innovation. These will be within a system of checks and balances with mandated corporate leadership involvement through the new MSC requirements. The CTPAT team will focus on the reality of the operation during validations, compared to what is submitted for the original approval. SCSS reviews will be concentrating on processes and procedures matching the submitted documentation. Looking for daily reminders.
CTPAT field personnel performed about 2200 validations in 2018, border inspections of containers for non-CTPAT shippers averaged about 2% and for CTPAT certified entities, inspection rates were about .5%. The benefits of CTPAT certification of lower inspection rates
Industry representatives from Ford Motor Company, Boeing, and KCSR (Kansas City Southern Railroad) discussed the need for people, process and technology to implement an effective supply chain security program. All advised against relying too heavily on one aspect to mitigate every potential risk. There was also some discussion of emergency and crisis protocol and contingency. Are supply chains prepared to quickly recover from a security breach, natural disaster or terror attack? Do you have a disaster recovery plan? All panelists agreed that the question of “Why is supply chain security so important to our organization?” be understood and acted upon by corporate leadership.
Forced labor in manufacturing and State Department restricted areas is a growing area of concern. Estimates of 152 million child laborers and 25 million adults and children in forced labor provide an ethical and economic challenge to our values and businesses. The US is taking action to enforce laws against labor violators and protect the exploited. Emphasis placed on making sure origination is known of all components included in commodity and its sourcing. Discussions on going of how to include into CTPAT compliance.
Other noteworthy highlights:
New CTPAT eligibility requirement: Going forward, at initial application of at the time of annual renewal, you won’t be granted CTPAT approval if you owe CBP fines, penalties, etc.
Use the CTPAT portal for updates, glossary of terms, training updates and as a general resource. Feedback is needed from the CTPAT “partners” for success of the program.
Forced labor recommendations for importers and foreign manufacturers
For assistance with CTPAT compliance and to further understand what are the “musts” and “shoulds” of the new MSC, please contact our Customs and Trade team here.