risk analysis and management - first step to …...trade e –session: 09h00 –09h50 risk analysis...

TradeE– Session:09h00– 09h50

Riskanalysisandmanagement

FirststeptoanAEOcertification

Jointfacilitators

MarkIsaacson,ActingDirector,Buffalo,NYCTPATFieldOffice,CBP

JuanitaMaree,ManagementCommittee,SouthAfricanAssociationofFreightForwarders(SAAFF)



Program

a. Slidepresentation: MarkIsaacson. (Governmentview)b. Q&Ac. Slidepresentation:JuanitaMaree(PrivateSector/Businessview)d. Q&Ae. Howdoweworkjointlyonthisjourney: MarkIsaacsonf. Q&Ag. Summary,conclusion&whatdidwelearnfromthisTrackE- session

GovernmentPerspective



Risk Assessment Tools

Presenter’s Name June 17, 2003


5

Presentation Overview§Background

§Five Step Risk Assessment Process

§Mapping Cargo/Data Flow

§Supply Chain Threats

§Vulnerability Assessments

§Final Thoughts

§Questions & Answers



6

Background§Risk Assessment and the Minimum Security Criteria

§CTPAT 5 Step Risk Assessment Process Guide – 2010

§CTPAT’s Five Step Risk Assessment – 2013

§CTPAT Website

§CTPAT Partner Library



7

Five Step Risk Assessment Process§Mapping Cargo/Data Flow

§Threat Assessment

§Vulnerability Assessment

§Action Plan

§Documenting the Procedure



8

Mapping Cargo/Data Flow



9

Mapping Cargo/Data Flow§ Identify all business partners involved, whether directly

or indirectly contracted

§ Services provided

§ Physical addresses

§ Identify modes of transportation

§Determine nodes (country of origin, transit points, etc.)

§Establish acceptable transit times

§ Identify locations where cargo may rest and the duration



10

Supply Chain Threats§Terrorism

§Narcotics smuggling

§Human smuggling / trafficking

§Hijacking / theft

§Cyber Crime

§Political / social unrest

§Natural disasters

§Agricultural threats



11

Threats – Modified Door Equipment



12




13




14

Threats - Counterfeit Seals



15

Threats – GPS/Cell Phone Jammers



16

Threats – Identity TheftAcquisition of sensitive information

§Company name / Business Entity Identifier (BEI)

§Bond

§Supply chain business partners

§Shipping documents

§Typical commodities and quantities

§Cargo flow



17

Threats – Identity TheftMitigating the Threat

§Safeguarding company information

§Secure disposal of trade sensitive information

§Monitor ACE reports

§ Predefined and user customized available

§ Review activity

§ Identify and report suspicious transactions



18

Threats – Cyber Crimes§Malware

§Phishing

§Employees

§Third-Party Service Providers

United States Computer Emergency Readiness Team (US-Cert) – www.us-cert.gov

§ Current activity

§ Alerts and tips

§ Weekly bulletins



19

Threats – Natural Disasters



20

Mitigating Threats§Understand the threats to your supply chain based on

business model and cargo flow

§Be aware of current events that may impact your supply chain

§Establish relationships and communicate with supply chain business partners

§Participate in industry groups

§Provide ongoing security and threat awareness training

§Conduct regular audits of security procedures



21

Vulnerability AssessmentsAssessments of internal and business partner security measures to identify gaps and weaknesses

§ Internal / External audits of security procedures

§Business partner screening

§Security questionnaires

§Site visits

§CTPAT / AEO status verification



22

Common Gaps and Vulnerabilities§Security procedures are not documented

§Employees not trained properly on established procedures

§Established procedures not being followed

§Absence of checks and balances

§Lack of internal audits/testing

§Lack of continuity plan



23

Common Gaps and Vulnerabilities§Lack of effective tracking and monitoring

§Anomalies are not investigated

§Sub-contracting controls

§Poor physical access controls

§Not actively engaging with supply chain business partners

§Lack of upper management support



24

Final Thoughts§Conduct regular risk assessments

§ Identify the business partners and cargo flow for each of your supply chains

§Know the potential threats within your supply chains

§Regularly identify gaps and vulnerabilities, both internally and with business partners

§Establish corrective action plans to address vulnerabilities

§Upper management support is critical



25

Questions?

Mark IsaacsonActing Director Buffalo, New York Field OfficePhone: 716-5656-3202Email: [email protected]

PrivateSectorPerspective


FirststeptoachieveanAEOcertification

RiskindicatorsintheSupplyChain

Takeortolerate Treat Transfer Terminate

Accepttherisk Takeactiontoreducerisk Passresponsibility End/donot

proceed

AEO

Government’sapproachtoEnd-to-EndSupplyChainrisk

1 3 42

WCOInstruments,GuidelinesandDeploymentsfortheanalysisofRiskManagementinEnd-to-EndSupplyChain

Isthereabalance?

ProfWiddowson

MovementfromTransactionalbaserisktoEntitybaserisk

AEO

CountriesarenowrequiredtoimplementaprogramwithintheWTOTradeFacilitationAgreement

1980’s

“PioneeringTrustedTradercomplianceprograms”

• ProvidingefficiencyforCustomsandbenefits/simplificationsforbusiness

• LedbySweden(Stairway),NetherlandsandCanada

• Enabledbyelectronicsystems

• SupportedbyAudit

• 1990’scommonadoptionofriskmanagementapproach

• “Accreditation”includedinWCOKyotoConvention

2001-2005

“EmergenceofSafetyandSecurityprograms”

• Triggeredby9/112001:terrorattackonNewYork

• Nov2001:USCBPinitiateCustoms-TradePartnershipAgainstTerrorism(C-TPAT),forUSAimporterstosecuretheirsupplychain

• Focusswitchestosecuringexportsprocesses

• 2005:WCOIntroduceAEOwithinSAFEFramework

• EuropeanschemesincorporateSecurity

2007-2018

“AEOHarmonisationandglobaluptake”

• AEOMutualrecognition:ledbyUSA:EU,Japan,NZ,Korea,China,Singapore

• Expansionofbenefitslinkedtocomplianceandsecuritystatuses,perroleplayer

• ManyCustomsinitiateanAEOProgram,supportedbyWCOcapacitybuilding

• 2013:WTOBalipackageTFA,makesAEOscompulsory

• 2015:WCOSAFEexpandstoincludeallborderagencies

AEOCustomstobusinesspartnershipprogramshavedevelopedover40years

• Simpleweightofeachcriteria

• Multi-criteriaanalysis• Randomselection

Traditionalapproach: Currentapproach:

Differentindicators

RelationshipoftheextendedSupplyChain

Singleriskassessmentindicator=Strategiesfordecisionmakers

Targethighriskshipments

Intelligentriskassessmentmethod

TradefacilitationCustomsControl

AEO

HowdoesAEOlinkintoanIntelligentRiskAssessmentmethodology

Achievingsuchabalancecanprovidesignificantflow-onbenefitsfornationaleconomies(TrendandRoberts,2010)andtheissueoftradefacilitation

JuanitaMaree(2017),adoptedfromWiddowson,2005,2007,2011,incorporatingAEO/AO;businesspartnershipsSAFEPillarII

a

c

b

d

HowdowenavigateactivitiesthattriggeraRiskinthemovementofgoods

Forexample:FCLImportandtheRelationshipLinkage

ACountry’sProgram

SupplyChain

Security

ComplianceBenefits

LinksintheAuthorised EconomicOperator

1

3

2

TraderBenefit/CustomsAdministrationBenefit

MRA

Growthincrease,improvetheeaseofdoingbusiness

Questionnaire

• Selling|BuyingCycle

• Relatedparties

• HSmaintenance

• System

• Solvency

• Managementteam&

expertise

1

Customsadministration,conductaudit:- Physicalwalkthrough

- Process,activities,reports

3 Identifygap

4 Complianceimprovementplan

5 Conductfinalaudit

6 Testknowledgeoftrader

7 Awardstatus

8 Maintenanceplan2

GenericAEOprogramfromaBusinessviewpoint

• Risk Profile identify risks vs. AEO Customs risk framework

• Customs identifies tests to mitigate each risk (from AEO policies)

• Customs identifies further information required & sample(s) required from client to test controls

Customs Audit Plan • Tests to be done• Job admin plan (who,

when, where, why, how?)

• Confirm Team logistics & admin

• Engage client

Execute Customs verifications

• Use audit policy & AEO checklists

• Audit report• Communicate results

to client

• Initiate any AEO Improvements required

• Customs consolidates all tests & outcomes

• Checks client has passed test of competence

• Submits case to certification body

• Decide on AEO certification

• Award Status & risk profiles

• AEO benefits• Monitor status

Risk Audit Planning Audit AEO Certification

• Client performs self assessment & risk assessment

• Client submits other information required

Identify list of relevant risks to

test vs. AEO criteria

AmorescientificviewtoverifyAEOcriteriaforaccreditation

• Greenlaneselectivity• Choiceofinterventionlocationwherepossible,dependingoninspectionprocess• Reduceddataanddocumentation• AccesstoCustomssimplifications• Priorityprocessingandservice• Customerrelationshipmanager

• ensuretimely,resolutionbyCustoms• Accesstospecialistresourcesforcomplexissuese.g.Tariff,valuation&originrulings• CounselonCustomsmatters

• Lowersuretyrequirement• Paymentandaccountbasedbenefits• MutualRecognitionofAEOstatuswithleadingtradingpartners(seamlessflowofcargo)• GovernmentAgencybenefits

AwiderangeofAEObenefitstoBusiness,Privatesector

39

Accreditation/Entityassuranceaudits

ProactiveClientEngagement

RemoveMandatoryChecks

Simplifications

Inspection

Complianceaudits(customsregimes)

REGISTRATION DECLARATION ASSESSMENT INSPECTION AUDIT

AEO

Res

ourc

e D

istr

ibut

ion

Value-Adding Activities

Automatedprocessingthroughintegratedriskassessment

Entity-basedperformanceaudits(Systemsandprocesses)

Typi

cal C

usto

ms

Res

ourc

e D

istr

ibut

ion

AEObenefittoCustomsAdministrationandlawenforcementagencies

keyshiftfrombeinga‘GateKeeper’toamodern‘RiskManager’

PillarIII

PillarI

PillarII

EngagementscriticalinyourCountry

End-to-Endview

• Traceabilityofcargoinsideacontainer

• ReportonstockkeepingunitLevel

FullPictureoftheSupplyChain3rd PartyReporting

RegulatoryEnvironment

Processes

Technology

FULLVISIBILITY

HowdoweCo-operateonthisjourney?



Summary,conclusion&lessonslearned

Riskanalysisandmanagement-


TradeE– Session:09h00– 09h50



Jointfacilitators

MarkIsaacson,ActingDirector,Buffalo,NYCTPATFieldOffice,CBP

JuanitaMaree,ManagementCommittee,SouthAfricanAssociationofFreightForwarders(SAAFF)

risk analysis and management - first step to …...trade e –session: 09h00 –09h50 risk analysis...

Documents