risk analysis and management - first step to …...trade e –session: 09h00 –09h50 risk analysis...

TradeE– Session:09h00– 09h50

Riskanalysisandmanagement

FirststeptoanAEOcertification

Jointfacilitators

MarkIsaacson,ActingDirector,Buffalo,NYCTPATFieldOffice,CBP

JuanitaMaree,ManagementCommittee,SouthAfricanAssociationofFreightForwarders(SAAFF)

Riskanalysisandmanagement

FirststeptoanAEOcertification

Program

a. Slidepresentation: MarkIsaacson. (Governmentview)b. Q&Ac. Slidepresentation:JuanitaMaree(PrivateSector/Businessview)d. Q&Ae. Howdoweworkjointlyonthisjourney: MarkIsaacsonf. Q&Ag. Summary,conclusion&whatdidwelearnfromthisTrackE- session

GovernmentPerspective

Riskanalysisandmanagement

FirststeptoanAEOcertification

Risk Assessment Tools

Presenter’s Name June 17, 2003

Risk Assessment Tools

5

Presentation Overview§Background

§Five Step Risk Assessment Process

§Mapping Cargo/Data Flow

§Supply Chain Threats

§Vulnerability Assessments

§Final Thoughts

§Questions & Answers

Presenter’s Name June 17, 2003

Risk Assessment Tools

6

Background§Risk Assessment and the Minimum Security Criteria

§CTPAT 5 Step Risk Assessment Process Guide – 2010

§CTPAT’s Five Step Risk Assessment – 2013

§CTPAT Website

§CTPAT Partner Library

Presenter’s Name June 17, 2003

Risk Assessment Tools

7

Five Step Risk Assessment Process§Mapping Cargo/Data Flow

§Threat Assessment

§Vulnerability Assessment

§Action Plan

§Documenting the Procedure

Presenter’s Name June 17, 2003

Risk Assessment Tools

8

Mapping Cargo/Data Flow

Presenter’s Name June 17, 2003

Risk Assessment Tools

9

Mapping Cargo/Data Flow§ Identify all business partners involved, whether directly

or indirectly contracted

§ Services provided

§ Physical addresses

§ Identify modes of transportation

§Determine nodes (country of origin, transit points, etc.)

§Establish acceptable transit times

§ Identify locations where cargo may rest and the duration

Presenter’s Name June 17, 2003

Risk Assessment Tools

10

Supply Chain Threats§Terrorism

§Narcotics smuggling

§Human smuggling / trafficking

§Hijacking / theft

§Cyber Crime

§Political / social unrest

§Natural disasters

§Agricultural threats

Presenter’s Name June 17, 2003

Risk Assessment Tools

11

Threats – Modified Door Equipment

Presenter’s Name June 17, 2003

Risk Assessment Tools

12

Threats – Modified Door Equipment

Presenter’s Name June 17, 2003

Risk Assessment Tools

13

Threats – Modified Door Equipment

Presenter’s Name June 17, 2003

Risk Assessment Tools

14

Threats - Counterfeit Seals

Presenter’s Name June 17, 2003

Risk Assessment Tools

15

Threats – GPS/Cell Phone Jammers

Presenter’s Name June 17, 2003

Risk Assessment Tools

16

Threats – Identity TheftAcquisition of sensitive information

§Company name / Business Entity Identifier (BEI)

§Bond

§Supply chain business partners

§Shipping documents

§Typical commodities and quantities

§Cargo flow

Presenter’s Name June 17, 2003

Risk Assessment Tools

17

Threats – Identity TheftMitigating the Threat

§Safeguarding company information

§Secure disposal of trade sensitive information

§Monitor ACE reports

§ Predefined and user customized available

§ Review activity

§ Identify and report suspicious transactions

Presenter’s Name June 17, 2003

Risk Assessment Tools

18

Threats – Cyber Crimes§Malware

§Phishing

§Employees

§Third-Party Service Providers

United States Computer Emergency Readiness Team (US-Cert) – www.us-cert.gov

§ Current activity

§ Alerts and tips

§ Weekly bulletins

Presenter’s Name June 17, 2003

Risk Assessment Tools

19

Threats – Natural Disasters

Presenter’s Name June 17, 2003

Risk Assessment Tools

20

Mitigating Threats§Understand the threats to your supply chain based on

business model and cargo flow

§Be aware of current events that may impact your supply chain

§Establish relationships and communicate with supply chain business partners

§Participate in industry groups

§Provide ongoing security and threat awareness training

§Conduct regular audits of security procedures

Presenter’s Name June 17, 2003

Risk Assessment Tools

21

Vulnerability AssessmentsAssessments of internal and business partner security measures to identify gaps and weaknesses

§ Internal / External audits of security procedures

§Business partner screening

§Security questionnaires

§Site visits

§CTPAT / AEO status verification

Presenter’s Name June 17, 2003

Risk Assessment Tools

22

Common Gaps and Vulnerabilities§Security procedures are not documented

§Employees not trained properly on established procedures

§Established procedures not being followed

§Absence of checks and balances

§Lack of internal audits/testing

§Lack of continuity plan

Presenter’s Name June 17, 2003

Risk Assessment Tools

23

Common Gaps and Vulnerabilities§Lack of effective tracking and monitoring

§Anomalies are not investigated

§Sub-contracting controls

§Poor physical access controls

§Not actively engaging with supply chain business partners

§Lack of upper management support

Presenter’s Name June 17, 2003

Risk Assessment Tools

24

Final Thoughts§Conduct regular risk assessments

§ Identify the business partners and cargo flow for each of your supply chains

§Know the potential threats within your supply chains

§Regularly identify gaps and vulnerabilities, both internally and with business partners

§Establish corrective action plans to address vulnerabilities

§Upper management support is critical

Presenter’s Name June 17, 2003

Risk Assessment Tools

25

Questions?

Mark IsaacsonActing Director Buffalo, New York Field OfficePhone: 716-5656-3202Email: mark.isaacson@dhs.gov

PrivateSectorPerspective

Riskanalysisandmanagement

FirststeptoachieveanAEOcertification

RiskindicatorsintheSupplyChain

Takeortolerate Treat Transfer Terminate

Accepttherisk Takeactiontoreducerisk Passresponsibility End/donot

proceed

AEO

Government’sapproachtoEnd-to-EndSupplyChainrisk

1 3 42

WCOInstruments,GuidelinesandDeploymentsfortheanalysisofRiskManagementinEnd-to-EndSupplyChain

Isthereabalance?

ProfWiddowson

MovementfromTransactionalbaserisktoEntitybaserisk

AEO

CountriesarenowrequiredtoimplementaprogramwithintheWTOTradeFacilitationAgreement

1980’s

“PioneeringTrustedTradercomplianceprograms”

• ProvidingefficiencyforCustomsandbenefits/simplificationsforbusiness

• LedbySweden(Stairway),NetherlandsandCanada

• Enabledbyelectronicsystems

• SupportedbyAudit

• 1990’scommonadoptionofriskmanagementapproach

• “Accreditation”includedinWCOKyotoConvention

2001-2005

“EmergenceofSafetyandSecurityprograms”

• Triggeredby9/112001:terrorattackonNewYork

• Nov2001:USCBPinitiateCustoms-TradePartnershipAgainstTerrorism(C-TPAT),forUSAimporterstosecuretheirsupplychain

• Focusswitchestosecuringexportsprocesses

• 2005:WCOIntroduceAEOwithinSAFEFramework

• EuropeanschemesincorporateSecurity

2007-2018

“AEOHarmonisationandglobaluptake”

• AEOMutualrecognition:ledbyUSA:EU,Japan,NZ,Korea,China,Singapore

• Expansionofbenefitslinkedtocomplianceandsecuritystatuses,perroleplayer

• ManyCustomsinitiateanAEOProgram,supportedbyWCOcapacitybuilding

• 2013:WTOBalipackageTFA,makesAEOscompulsory

• 2015:WCOSAFEexpandstoincludeallborderagencies

AEOCustomstobusinesspartnershipprogramshavedevelopedover40years

• Simpleweightofeachcriteria

• Multi-criteriaanalysis• Randomselection

Traditionalapproach: Currentapproach:

Differentindicators

RelationshipoftheextendedSupplyChain

Singleriskassessmentindicator=Strategiesfordecisionmakers

Targethighriskshipments

Intelligentriskassessmentmethod

TradefacilitationCustomsControl

AEO

HowdoesAEOlinkintoanIntelligentRiskAssessmentmethodology

Achievingsuchabalancecanprovidesignificantflow-onbenefitsfornationaleconomies(TrendandRoberts,2010)andtheissueoftradefacilitation

JuanitaMaree(2017),adoptedfromWiddowson,2005,2007,2011,incorporatingAEO/AO;businesspartnershipsSAFEPillarII

a

c

b

d

HowdowenavigateactivitiesthattriggeraRiskinthemovementofgoods

Forexample:FCLImportandtheRelationshipLinkage

ACountry’sProgram

SupplyChain

Security

ComplianceBenefits

LinksintheAuthorised EconomicOperator

1

3

2

TraderBenefit/CustomsAdministrationBenefit

MRA

Growthincrease,improvetheeaseofdoingbusiness

Questionnaire

• Selling|BuyingCycle

• Relatedparties

• HSmaintenance

• System

• Solvency

• Managementteam&

expertise

1

Customsadministration,conductaudit:- Physicalwalkthrough

- Process,activities,reports

3 Identifygap

4 Complianceimprovementplan

5 Conductfinalaudit

6 Testknowledgeoftrader

7 Awardstatus

8 Maintenanceplan2

GenericAEOprogramfromaBusinessviewpoint

• Risk Profile identify risks vs. AEO Customs risk framework

• Customs identifies tests to mitigate each risk (from AEO policies)

• Customs identifies further information required & sample(s) required from client to test controls

Customs Audit Plan • Tests to be done• Job admin plan (who,

when, where, why, how?)

• Confirm Team logistics & admin

• Engage client

Execute Customs verifications

• Use audit policy & AEO checklists

• Audit report• Communicate results

to client

• Initiate any AEO Improvements required

• Customs consolidates all tests & outcomes

• Checks client has passed test of competence

• Submits case to certification body

• Decide on AEO certification

• Award Status & risk profiles

• AEO benefits• Monitor status

Risk Audit Planning Audit AEO Certification

• Client performs self assessment & risk assessment

• Client submits other information required

Identify list of relevant risks to

test vs. AEO criteria

AmorescientificviewtoverifyAEOcriteriaforaccreditation

• Greenlaneselectivity• Choiceofinterventionlocationwherepossible,dependingoninspectionprocess• Reduceddataanddocumentation• AccesstoCustomssimplifications• Priorityprocessingandservice• Customerrelationshipmanager

• ensuretimely,resolutionbyCustoms• Accesstospecialistresourcesforcomplexissuese.g.Tariff,valuation&originrulings• CounselonCustomsmatters

• Lowersuretyrequirement• Paymentandaccountbasedbenefits• MutualRecognitionofAEOstatuswithleadingtradingpartners(seamlessflowofcargo)• GovernmentAgencybenefits

AwiderangeofAEObenefitstoBusiness,Privatesector

39

Accreditation/Entityassuranceaudits

ProactiveClientEngagement

RemoveMandatoryChecks

Simplifications

Inspection

Complianceaudits(customsregimes)

REGISTRATION DECLARATION ASSESSMENT INSPECTION AUDIT

AEO

Res

ourc

e D

istr

ibut

ion

Value-Adding Activities

Automatedprocessingthroughintegratedriskassessment

Entity-basedperformanceaudits(Systemsandprocesses)

Typi

cal C

usto

ms

Res

ourc

e D

istr

ibut

ion

AEObenefittoCustomsAdministrationandlawenforcementagencies

keyshiftfrombeinga‘GateKeeper’toamodern‘RiskManager’

PillarIII

PillarI

PillarII

EngagementscriticalinyourCountry

End-to-Endview

• Traceabilityofcargoinsideacontainer

• ReportonstockkeepingunitLevel

FullPictureoftheSupplyChain3rd PartyReporting

RegulatoryEnvironment

Processes

Technology

FULLVISIBILITY

HowdoweCo-operateonthisjourney?

Riskanalysisandmanagement

FirststeptoanAEOcertification

Summary,conclusion&lessonslearned

Riskanalysisandmanagement-

FirststeptoachieveanAEOcertification

TradeE– Session:09h00– 09h50

Riskanalysisandmanagement

FirststeptoachieveanAEOcertification

Jointfacilitators

MarkIsaacson,ActingDirector,Buffalo,NYCTPATFieldOffice,CBP

JuanitaMaree,ManagementCommittee,SouthAfricanAssociationofFreightForwarders(SAAFF)