Thursday, May 29, 2008

The C-TPAT Flaws: Truly Serious, or Just Overblown?

(HS Today — Anthony L. Kimery)

And can they exacerbate the problem of misdeclared cargo

The media frenzy over the new Government Accountability Office (GAO) audit which found gaps in Customs and Border Protection’s (CPB) Customs-Trade Partnership Against Terrorism (C-TPAT) program which terrorists theoretically could exploit to smuggle weapons of mass destruction in cargo containers came as no surprise to anyone who has been following this program.

In 2005 - and earlier, in 2003 - GAO had already identified similar problems with C-TPAT.

The flaws in C-TPAT identified by GAO also, authorities say, can have a direct bearing on the on-going problem of misdeclared and mislabeled cargo, a serious security issue HSToday first disclosed in its January 2007 cover story investigation, “Dangerous Cargo.”

Under the C-TPAT initiative, importers, port authorities and air, sea and land Imagecarriers are granted reduced scrutiny of their cargo in exchange for submitting a security plan that meets CPB’s minimum security standards and allows CPB officials to verify that these security measures are actually in place and are being adhered to.

The whole purpose of C-TPAT is to improve the security of the international supply chain. But it is a cooperative program between CBP and members of the international trade community in which private companies agree to improve the security of their supply chains in return for a reduced likelihood that their containers will be inspected. C-TPAT membership is open to US- and foreign-based companies whose goods are shipped to the United States via air, rail, ocean and truck carriers.

A C-TPAT Tier III certification, for example – which is given to a limited number of companies – is supposed to mean businesses have comprehensive programs in place to secure their facilities and supply chain from terrorists, smuggling, and narcotics.

CBP granted Tier III status to 17 companies in 2007. There are approximately 6,000 importing companies in the US. As of January, CBP had performed more than 6,900 total C-TPAT validations since 2003.

“In order to maintain our Tier III benefits, we must continue to maintain and improve our supply chain security practices,” explained Kathleen Neal, director of trade compliance for A. O. Smith, which earlier this month received Tier III certification.

As GAO explained in its 2005 report, “Homeland Security: Key Cargo Security Programs Can Be Improved,” “in return for committing to making improvements to the security of their shipments, C-TPAT members receive a range of benefits that may change the risk characterization of their shipments, thereby reducing the probability of extensive inspection.”

But “before providing benefits,” GAO explained, “CBP reviews the self-reported information contained in applicants’ membership agreements and security profiles. Also, CBP assesses the compliance history of importers before granting them benefits.”

“However,” GAO determined, “CBP grants benefits before members undergo the validation process, which is CBP’s method to verify that their security measures are reliable, accurate, and effective.”

From the beginning, this approach has been a bone of contention for security experts.

Furthermore, GAO reported, “although CBP’s goal was to validate members within three years, to date it has validated 11 percent of them. Further, the validation process is not rigorous, as the objectives, scope and methodology of validations are jointly agreed upon with the member, and CBP has no written guidelines to indicate what scope of effort is adequate for the validation. Also, although CBP has recently moved to a risk-based approach to selecting members for validation, it has not determined the number and types of validations that are needed to manage security risks or the CBP staff required to complete them.

“Further,” GAO found, “CBP has not developed a comprehensive set of performance measures for the program, and key program decisions are not always documented and programmatic information is not updated regularly or accurately.”

GAO identified specific measures CBP could take to improve record-keeping and validation of the security practices of US importers.

CBP generally concurred with GAO’s findings and recommendations and outlined the corrective actions it was taking to respond to the deficiencies GAO identified. Moreover, a port security bill passed by Congress also was supposed to strengthen the C-TPAT program, although authorities expressed reservations at the time about whether the efforts would effectively address the problems GAO outlined. Read the complete article.