CTPAT 15 Years Later

It has been 15 years since the CTPAT program was launched. Where is the CTPAT program today?

1) PRESSURE TO JOIN-There is greater pressure for the supplier to join the CTPAT program, as a pre-condition for doing business, by many CTPAT companies, some of which are importers and/or exporters, and especially the big retailers. No company wants to be associated with a supplier, regardless of the size, who experienced a security breach within their supply chain. The CTPAT member wants the domestic supply vendor, who either provides them services or goods, to join the CTPAT program, if eligible or if not, to meet the minimum requirements. The CTPAT member wants to reduce the risk level (no tampering or sabotage) which in turn will have a positive effect on the flow of goods to arrive on time to the store shelves or an assembly line. This is particularly important if the company operates on a 1) Just-In-Time (“JIT”) basis, where the company tries to increase efficiency and decrease waste by receiving goods only as they are needed in the production process, thereby reducing inventory costs) or 2) Vertical Integration, where the company relies on its company owned foreign suppliers to produce their own raw/semi-finished or finished materials. In this scenario, the company has no alternative for their foreign made materials. The CTPAT status demonstrates that the CTPAT member operates a well-organized and managed company that focuses on detail and streamlines their supply chain for both minimization of risk and costs. Since CBP is increasing the number of countries that it has mutual recognition (“MR”) with, we are seeing more foreign participants requiring their international trade partners to participate in their own country’s supply chain security program. Cargo inspection is minimal when their entire supply chain is certified in MR supply chain programs, resulting in quicker processing time of their cargo and availability of their product in the market.

Recently Norman Jaspan Associates, Inc. (“NJA”) received an e-mail from a potential client that stated the following: I recently received your contact information from my freight forwarder, who advised me that you helped them become CTPAT certified. I am a current vendor of Macy’s (MMG) and they require us to be a CTPAT member. What is required? They continued by stating the MMG made the request a year ago. After MMG learned that their vendor was still not a member, they told them that they were risking losing all current orders, if they did not join.

2) BENEFITS-Reduce the number of inspections and audits of the cargo coming into the U.S. which results in a) reduced inspection fees b) reduced custom fees and c) reduced cargo fees. In addition, CBP will place a CTPAT member in a preferential status when the CTPAT member is working with customs officials on conventional custom’s issues of origin matters and focus assessments. Additional benefits for CTPAT members include being the first companies to receive their product when the port reopens after a terrorist attack triggers a closure. Furthermore, by being a CTPAT member, the importer can protect its reputation and profits of his company by avoiding any bad press resulting from a future terrorist disaster. CBP will work with you to investigate the weak link in the supply chain if you are a member (in contrast to CBP imposing high fines for weak links when you are not a member).

I received several referrals from a customs broker, who specializes in the produce business. His customers, who had been importing produce from foreign suppliers that they had been purchasing from for many years (and in some cases the foreign supplier was a family member), were now experiencing cargo inspections. Given the length of the inspection, the product was no longer saleable, unlike other items, where there is at least secondary market. In some cases depending on the type of inspection that the container goes through, the cargo may be contaminated/destroyed and must be disposed of. The customer lost the customer and the product. When the produce customer chose to join the CTPAT program as their only recourse, they notified their customs official of their action. The customs official told the produce customer to keep him abreast of their progress in becoming a member and that it would make a significant difference on future shipments.

3) INSURANCE POLICY- 1) Freight Forwarder-Mitigate fines attributed to AMS penalty. Result: Reduce fine by 50% and in some cases, the elimination of the whole fine. When a fine is going to be mitigated  which is attributed to duties, liquidated damages, penalties, etc. the CBP officer will contact the CTPAT member’s assigned supply chain security specialist (“SCSS”) to confirm that the member is in good standing with their CTPAT SCSS. The SCSS is the closest contact that the importer physically has to CBP.

In the course of a few weeks, four freight forwarders had received $10,000 (2x $5,000.00-per penalty) in penalties, which were all attributed to violations incurred three years prior. When they provided CBP with the CTPAT account number (since the conventional 32 character SVI number does not exist), the penalties were either significantly reduced or eliminated. In another example, where the penalties were in excess of $50,000 where the shipping agent used the         CTPAT’s member AMS portal and SCAC Code without the CTPAT member’s knowledge and permission and did not file the cargo declarations 24 hours in advance, CBP reduced the penalties from $5,000.00 to $500 per penalty because the CTPAT member was Tier 2 in good standing.

ISF/10+2 (Importer Security Filing)-CTPAT members (Tier 2 & 3) can reduce the penalty phase by up to 50%.On July 2013, CBP instituted full enforcement of the penalty guidelines which resulted in liquidated damages. On June 2016, CBP began issuing penalties against importers at the Port level, without needing to pass the request up to their headquarters for permission. In addition, there is no longer a “three strikes” approach to penalties, so if you have your first late ISF filing, they can penalize you right away. A number of customs brokers across the U.S.A. have seen ISF penalties being issued on the West Coast and now on the East Coast.

4) 12-PORTAL 2.0 UPDATE: This update was originally scheduled to be deployed on August, 2013. Due to technical difficulties, it was not deployed until May 30, 2015 and has been revised several times along with other glitches that have frustrated both the CTPAT member and the SCSS. The new CTPAT 2.0 portal consists of the following:

Enhancement to the account management tool.
Merge several accounts, which can result in one validation, every three to four years, instead of multiple validations during that period.
Elimination of the old 32 character SVI (Status Verification Interface) number, where you had to know the SVI number in order to monitor the CTPAT partner. Now you only have to enter the first three letters of the member’s name as registered with CTPAT.
The new profile consists of 50+ to 70+ new questions, depending on the category in which you have applied. In addition, one must upload up to date documents, which meets today’s CTPAT requirements in the respective security profile section.

Many companies have not responded to the new Security Profile Portal 2.0 update because they do not know how to  answer the new questions or the employee who initially uploaded Portal 1.0 is no longer with the company or associated with a different department. Regardless, the SCSS, looks at the Anniversary Date, which is listed on the CTPAT Account page. If the Anniversary date is prior to the date that you are viewing the portal, the Security Profile Status will read “Annual Review Overdue”. If the SCSS has accepted the response to the update, then the Security Profile Status will read “Approved” in contrast to “Rejected”, which means the SCSS did not accept it.

NJA works with CTPAT members by providing the following services:

Verify existing Business Entity Information
Verify existing information in the portal, based on the member’s present supply chain and work with them in creating a response to the new security profile.
Create documentation (forms, checklists, procedures) and questionnaires, which upon being completed are uploaded in the respective security profile sections. Even though some of the documentation may have been updated within the last two years, the SCSS states that it must be updated to reflect today’s requirements.

Anniversary Date after Security Profile Portal 2.0 has been updated.-After the security profile has been updated, you have to conduct  a review of your existing profile no later than one day prior to the Anniversary date. Within 90 days of the anniversary date, a small box will appear under each of the sections in the security profile. You check the boxes if the material in that section is still up to date based upon your supply chain and the present CTPAT requirements. It is up to the discretion of the SCSS, to determine if your response, based on when you last submitted it as well as the uploaded documentation, meets the minimum requirements on the date you submitted it.

A CTPAT member upon reviewing his CTPAT Accounts page noted that he was within the 90 day period prior to his Anniversary date to conduct his annual review.  He was now conducting the annual review 10 months after he had completed the Portal 2.0 update. The member checked each of the boxes because everything remained the same in his supply chain.

The SCSS rejected 40% of the sections in the security profile because they wanted the documentation brought up to date based upon the date that he was conducting the review and not the date that he performed his initial Portal Update 2.0.

5) VALIDATION –In the majority of the cases, the initial validation will be performed only after a foreign site has been selected for a visit by a SCSS. If no foreign site is selected, the initial validation will not be performed. The validation consists of the SCSS visiting the CTPAT member’s office and/or warehouse, which could be their own or a third party warehouse. In addition, they will visit the 1) foreign vendor 2) trucking company 3) consolidation facility, if applicable and the 4) port that the container is leaving from, if it has already not been visited. If any of the four entities were previously visited on behalf of the CTPAT member scheduled for the validation or on behalf of another CTPAT member and they were not able to meet the minimum security requirements, then the SCSS can elect to visit the foreign facility(s) again. Also if the visit took place more than 2-3 years prior, it may generate another visit.

The questions that NJA is most frequently asked is: How do I prepare for the domestic visit and what do I tell my foreign facility? Do I have to prepare the foreign supplier if a) my Quality Control personnel and/or Salesman visit the facility once a year to review new designs, quality control and pricing, b) the factory was visited by a third party service (“TPS”) who performed a social compliance audit and/ or a CTPAT style visit and scored well on their report and/or received a certificate. We have found that during the TPS visit, the foreign facility produces documents, which the TPS representative checks off on their chart as having been viewed. They do not question them on their understanding or if it is being implemented.  The other difference between a TPS and a CBP CTPAT audit performed by the SCSS is the way that it is scored. The CBP CTPAT audit is scored using a weighted value and the TPS review is scored on an equal percentage basis. When you rescore a TPS audit based on the weighted CTPAT score, the result may be a failing score for the foreign entity.

Unfortunately, it is not so simple. Even if the TPS identifies a problem, they do not provide solutions. One of our clients, whose foreign vendors had undergone both CBP CTPAT audits and TPS reviews, stated that most foreign vendors should be able to pass a TPS review with minimal preparation. However, you cannot rely on the foreign supplier to be prepared for a CBP/CTPAT Audit, even if they had a visit by a TPS. The following story will demonstrate this, even if the majority of a consolidation facility’s customers are CTPAT members. A hat supplier located in Vietnam shipped their product to a foreign consolidator in Vietnam, which was selected by a USA freight forwarder. NJA prepared the foreign supplier by visiting them twice and being present for the validation. Prior to going overseas, NJA contacted the freight forwarder, who in this case used another CTPAT freight forwarder, who was responsible for selecting the stuffing facility. The second freight forwarder stated that the consolidation facility had two third party audits performed on behalf of well-known retailers and the majority of the other USA freight forwarders that used the consolidation facility in Vietnam were CTPAT members themselves. Based on that, the decision was made by the client that we did not have to prepare the foreign consolidation facility for the validation. The foreign supplier was well prepared for the CBP/CTPAT audit; however the consolidation facility did not fare as well. The consolidation facility did not have any written procedures nor conducted a 7 point inspection which met the CTPAT minimum requirements. However the office issued 7 Point Inspection forms completed by the main office which had the name of the supervisor on it. When the validation took place which lasted two days, the factory scored a 100% and the consolidation facility 25%. The CTPAT member was suspended from the program. In addition, one of the hat company’s other USA customers, who was also a CTPAT member had their status in jeopardy because they used the same consolidation facility.

For a domestic visit, the CTPAT members MUST have the following:

Written procedures, checklists, forms and completed questionnaires.
Knowledge of what the document means and why the CTPAT member is performing the procedure that is described in the document. For example: At a validation, the member was asked by the SCSS, how long do you keep the used seals and why do you conduct a 7 point inspection. For the first question, you could state that you read about it. For the second question, you have to know the reason.
Testing the system. How do you verify that the procedure is being implemented correctly? As an example, the SCSS recommended that the President of a company test whether his staff was really conducting a 7 point inspection, even though the form was completed. The President placed a card in the back of the container which stated, if you find this card, you are entitled to a free gift certificate to Starbucks. Nobody came to the office to collect the gift certificate. When the President met with the crew that allegedly did the inspection, he showed them the card. The following day he had a line of people outside of his office waiting to collect their gift certificate.

6) Revalidation-At this point the majority of the Revalidations are based on the foreign supplier and their business partners being able to demonstrate that they could meet the minimum security requirements. Typically this is written up in the validation report by the SCSS as follows: A visit was made to Name of CTPAT Member’s foreign supplier, located in insert city/name of country.  By phone or domestic site visit -The CBP revalidation team reviewed the importer’s security procedures and systems in place.  The group worked together to review and discuss the overall supply chain security program for Name of CTPAT member, including their interaction with business partners and review the company’s efforts to correct any gaps noted in the original validation report”.

If the foreign supplier and their business partners have not been visited by a SCSS on behalf of another CTPAT member within the past 2-3 years (timing up to the discretion of the SCSS) or a recent visit resulted in recommendations and actions required, then the foreign site will be visited. Likewise if the foreign site did well during their last visit and the timing of the visit was recent, then the SCSS will select another foreign site for the visit.

Regardless of whether the CTPAT member is undergoing a validation or a revalidation, they must be thoroughly prepared, even if they have already sent you written procedures.  The written procedures must still be verified by an onsite visit. NJA will perform the following services for a foreign validation:

Work with the foreign supplier and their business partners by phone and e-mail prior to the onsite visit.
Communicate with CTPAT’s USA’s freight forwarder to obtain information as well as verify the information relayed by the foreign entities. You do not want any surprises at the validation. In most cases, CBP will audit the supply chain based upon the information that the freight forwarder and the CTPAT member have filed with customs (for ex: ISF, AMS, etc.).
Visit the foreign entity(s), conduct an audit, review existing procedures to see if they are legitimate (do not belong to another company) and are being adhered to. Create written procedures, checklists, forms and questionnaires. Prepare a TO DO LIST. Please note that if English is not the native language, the SCSS will expect to see the documents both in the native language and in English for their review.
Upon return to the USA, work with the foreign entity(s) in making sure that the documents are completed and being implemented.
Revisit the foreign entity(s) in advance of the site visit by CTPAT. Make sure everything has been implemented and conduct a mock validation in order to determine if they know the answers to the questions as well as what documentation supports the answer and why and what the documentation is used for.

The SCSS appreciates the fact that the foreign entity(s) take the CTPAT program very seriously with advance preparation. An unprepared foreign entity will not only score poorly on a validation and run the risk of being suspended from the program, but it could also affect the cost to their supply chain. For example, a CTPAT member contacted NJA after they had been suspended from the program because they were not prepared for the visit to the factory and the consolidation facility, which was operated by the port. They scored so poorly on the consolidation visit that they were forced to use a consolidation facility which was located outside of the port which cost more money.

NJA has traveled extensively throughout the world (see full list) preparing foreign entities which can include the foreign factories, consolidators, trucking companies, agent and the port. Some of the countries where we have spent a significant amount of time in include: India (Delhi, Haryana, Noida, Panipat, Lucknow, Mumbai, Boisar, Maharashtra, Bengaluru, Chennai.  Some of the industries included-Textiles, Chemicals, Food Processing, Pharmaceuticals, Fabric-largest companies in the world, Rugs, Books, Garment), China (Footwear, Garments, Bicycles & Accessories, Electronics, Housewares, Food Processing, Textiles, Silicone, Apparel, Fabric) , Hong Kong, Thailand, Israel, Italy, Turkey and Brazil.

The greatest challenge is be able to determine, in a short period of time what the foreign entity actually has in place in contrast to what they claim. In some cases they put on a “Dog & Pony Show” in order not to embarrass themselves.

Prior to arriving at a foreign entity, they will frequently try to demonstrate how well prepared they are stating or showing me the following:

I never had a problem with a USA customer and thus I must be doing everything correctly.
I did well on a third party audit and here is my certificate.
Somebody gave me written procedures so I am prepared. As an example, a company in the garment business gave me a set of procedures to review while on site which he received from another company that NJA had prepared 8 months prior.
I am doing everything to the letter of the law in my country so I must be prepared. As an example, a company in El Salvador had a guard service, which carried firearms and operated on a 24 hour shift, with two 1 hour breaks. In addition, the guard who monitored the CCTV operated on a 12 hour shift. Even though it was legal in their country, this fact scenario would have resulted in an Action and/or Recommendation by CBP.
Viewed the CTPAT program on line.
Have procedures in place which are being implemented correctly. As an example, in Thailand, the employees are issued an ID badge because they have in excess of 50 employees. In addition, they are a big fan of Hello Kitty. The ID badge which had the company name, picture, employee name, etc. was covered by the Hello Kitty stickers. Furthermore when the employees entered the facility on their motorcycle, they are wearing a face covering in order to keep the fumes away from them. Upon entering, the employee would show the guard their ID badge but the guard would not ask them to remove their face covering in order to verify the picture against the face.