May 13, 2008
Craig J. Pinkerton, Director
– PricewaterhouseCoopers

 The level of security for importers, carriers, truckers, etc. was determined primarily on:
– the value and nature of imported merchandise
– the level of theft and shrinkage discovered along the supply chain
– whether the product was considered sensitive by the government (e.g., tobacco; pharmaceutical drugs)
– whether the product could pose a threat to the public
(e.g., firearms; chemicals; hazardous materials)
2

 9/11 introduced tighter security into the logistics process
 The flow of goods from the manufacturer to the end user is now viewed as needing protection, not just the product
 People crossing borders into the U.S. are being monitored to minimize or eliminate the threat of danger
 No longer is it only value or dangers intrinsic to imported product, but the logistics function itself is being viewed as a security issue
 The conclusion that danger could accompany products throughout the supply chain caused a major refocus on security
3

Container Security
Initiative
10+2 Security
Filing
WCO
Customs-Trade
Partnership Against
Terrorism (C-TPAT)
ISO (International
Organization for
Standardization)
AEO (Authorized
Economic Operator)
FAST (Free and
Secure Trade)
SAFE
Framework
Canadian PIP (Partners in Protection)
4

 Through this initiative, Customs is asking companies to ensure the integrity of their security practices and communicate their security guidelines to their business partners within the supply chain (i.e., “increased vigilance”)
 The primary goals of C-TPAT include:
 Increasing security measures, practices and procedures throughout all sectors of the international supply chain
 Protecting the public from terrorist activities
 Ensuring the flow of legitimate trade
 Providing Customs with a means of looking into a company’s supply chain security profile
5

 Business-Customs Cooperation
 Conveyance/Container Security
 ISO Security Seals Required
 Physical Access Security
 Personnel Security
 Procedural Security
 Information Systems Security
 Employee Security Training
 Continuous Improvement Process
 Risk Assessment
6

 Launched in November 2001, with only seven major importers
 C-TPAT currently has more than 10,000 partners, which include
United States importers, customs brokers, terminal operators, carriers, truckers and some foreign manufacturers
 Initially, voluntary participation and jointly developed security criteria and implementation procedures were the guiding principles
 As the program grew, so did the need for more clearly-defined security criteria to establish the minimum, baseline security expectations for membership
 In 2005, minimum-security criteria for importers was implemented and companies were required to meet the new criteria within certain timelines
7

Beyond the essential security benefits, Customs offers the following benefits to C-TPAT members:
 A reduced number of inspections (reduced border times)
 Priority processing for Customs inspections (Front of the
Line processing for inspections when possible)
 Assignment of a C-TPAT Supply Chain Security Specialist who will work with the company to validate and enhance security throughout the company’s international supply chain
 An emphasis on self-policing, not Customs verifications
8

 Eligible to attend C-TPAT supply chain security training seminars
 Access to other C-TPAT members via the Status Verification
Interface
 Certified C-TPAT importers are eligible for access to the
FAST lanes on the Canadian and Mexican borders
 Mitigating factor in cases of fines and penalties
 Demonstrates good corporate citizenship to Customs
9

There have been several logistics studies published since 9/11 that detail the costs and benefits associated with the C-TPAT program, such as:
 Stanford Supply Chain Study - October 2003
 MIT Supply Chain Study - May 2005
 Stanford Innovation in Supply Chain Security - July 2006
 University of Virginia Cost Benefit Survey - August 2007
10

 Fewer Customs Inspections (50%)
 Reduction in Excess Inventory (14%)
 Improved on-time delivery (12%)
 Reduction in Theft/Loss/Pilferage (38%)
 Access to Shipping Data (50%)
 Timely Shipping Data (30%)
 Less Customer Attrition (26%)
 Increase of New Customers (20%)
(Source: Stanford University Study, July 2006)
11

 The primary motivation for importers to join C-TPAT is to reduce the risk of supply chain disruptions due to a terrorist attack
 Four out of every ten members did not have a formal supply chain security plan prior to joining the program
 C-TPAT moved thousands of companies to give closer scrutiny to the security of the goods they handle and review the supply chain to ensure that their overseas suppliers have implemented sound security practices
 Greater Supply Chain integrity (stronger seal controls)
 Stronger brand equity
12

 The vast majority (81.3 percent) of members indicated that their ability to assess and manage supply chain risk had been strengthened as a result of joining C-TPAT
 C-TPAT certification requires that companies meet an extensive checklist of verifiable conditions. Nevertheless, minimum security criteria were generally viewed as very easy or somewhat easy to implement across the various sectors
 More than half (56.8 percent) of the members indicated that
C-TPAT benefits either outweighed the costs or were about the same
(Source: University of Virginia Study 2007)
13

 Typical implementation costs (listed from highest to lowest):
– Improving or implementing physical security costs (doors, windows, electronic access, cameras, fences, gates, lighting, etc.)
– Salaries and expenses of personnel
– Improving IT systems and databases
– Improving cargo security
– Improving or implementing in-house education, training, and awareness
– Improving personnel security procedures
14

 Physical Access Controls
 Employees, Visitors and Deliveries – identification and badge process is key; and removing unauthorized individuals
 Personnel Security
 Pre-employment verification, background checks, and termination procedures for prospective and current employees
 Procedural Security
 Documentation processing, shipping and receiving, and cargo discrepancies
 Container and Trailer Security
 Seal integrity, inspection and storage
15

 Physical Security
 Fencing, guardhouses, parking, locking devices, key controls, lighting, alarms, and video cameras
 Information Technology Security
 IT security procedures, password protection, system accountability (firewall, virus protection, monitoring service)
 Security training and threat awareness
 Focus on what types of training offered to employees and whether supply chain security training (C-TPAT specific) given
16

 Importers must have written, verifiable processes for the selection of business partners including manufacturers, product suppliers, and vendors
 They should also have documentation substantiating that partners throughout their supply chain are meeting C-TPAT security standards - or equivalent supply chain security program criteria
 e.g., supply chain assessment questionnaire, on-site audit report, written confirmation, etc.
 Where a company outsources or contracts elements of its supply chain, such as a foreign facility, warehouse, or conveyance, it must work with these business partners to ensure that pertinent security measures are in place and adhered to
17

 Companies now leverage their business relationships and ensure that business partners develop security processes and procedures consistent with the C-TPAT criteria
 Build C-TPAT/security language directly into contract
 Narrowing universe of business partners
 Periodic reviews of business partner’s processes and facilities should be conducted based on risk
18

 Foreign inland freight carrier - may be the weakest link in the supply chain
 In certain countries, local trucking companies must be used. Additional processes may need to be set up to deal with risk
19

 Cargo seals not used by foreign inland carriers and policy not documented
 Less than full truck load
 Air shipments
 No C-TPAT security-based training provided to employees, especially those with cargo handling responsibilities
(warehouse, shipping, receiving, etc.)
 Procedures at foreign facility are commonly “patched” together from various departments, rarely mention C-TPAT related policies and procedures, and usually consist of random screen shots and dusty binders
20

 Employees inconsistent in displaying badges, especially in cargo handling areas
 C-TPAT web portal not updated to reflect changes in company’s program
 From security standpoint, other weak areas noted included:
 Mail room deliveries
 Use of temporary agencies for labor
 No one actually monitoring video cameras (or, for example, 32 cameras all feeding into a 13” monitor)
 Collecting badges and terminating access when employees leave company
21

 Responses received from foreign vendor during questionnaire process do not match reality. Examples:
 “fence around perimeter” vs. fence rusted and fell down in
1998
 “pan and zoom cameras throughout facility” vs. inoperable cameras dangling from wires
 “truck drivers sign in/out” vs. drivers waved on through because same drivers every day
 Customs not asked for identification upon arrival
(Note: A company is not required to implement all best practices, however, CBP may ask why certain procedures cannot be implemented)
22

 Security measures:
 Exceed the C-TPAT Security Criteria
 Incorporate management support
 Have written policies and procedures that govern their use
 Employ a system of checks and balances
 C-TPAT is an on-going program!
 Companies continually update their supply chain security program (e.g., new factories, business partners)
 Periodic assessment is part of corporate manual
 Verify procedures to ensure they are being followed and make modifications as necessary
 Ownership at each entity level responsible for maintenance
23

 Since C-TPAT is a Customs program, it is typically managed by a company’s global customs compliance group along with legal oversight
 CTPAT “Champion” provides oversight
 Importer has sound compliance program in place
 Opportunity to provide additional on-site training
 Ability to tie into other security initiatives (e.g., 10+2 requirement)
 Senior Management Support and Buy-in
 An absolute must
 Lack of support at top levels - failure is imminent!
24

 Do not assume business partners will not be visited – especially foreign business partners. Example:
 Tier 3 U.S.-based customs broker in Philippines is visited an average of two times per month by CBP SCSS
 As a result of numerous visits, virtually every best practice has been implemented (clearly evident)
 GPS on all trucks to monitor real-time movements
 Security personnel accompany shipment from factory to airport (customs bonded facility)
 High security seals and padlocks utilized
 Comprehensive policies and procedures
25

 Review global supply chain to verify your business partners, such as foreign manufacturers, carriers and brokers
 Conduct analysis based on volume and risk
 Identify which business partners are already in the C-TPAT program or other supply chain program such as AEO, and which partners have already participated in a supply chain documentation process or have undergone an on-site audit
 Determine best application strategy
26

 Conduct domestic reviews at headquarters and distribution facilities
 Conduct comprehensive self-assessment of supply chain security (based on the C-TPAT/AEO security guidelines)
 Document current supply chain security procedures
 Develop and implement a program to enhance security throughout the supply chain in accordance with guidelines
 Communicate supply chain security guidelines to other partners in supply chain
27

 Already in progress:
 Detailed verifications of applications
 Revalidations of certified companies
 Tighter container seal control
 Tighter documentation control
 New security criteria - importers now seeking to join the
C-TPAT program will need to meet or exceed the new security criteria before they will be certified
28

 Companies beginning to implement:
 Smart containers and tracking systems
 Extensive screening (initial & ongoing) of personnel.
This includes both foreign and domestic locations
 Security/C-TPAT requirements for their entire supplier base and logistics providers
 Security audit as part of normal periodic audit of foreign entities
 Best Practices to obtain Tier 3 status
– As of March 2008, only 243 Tier 3 companies
29

 The SAFE Port ACT signed in 2007 has codified C-TPAT and CSI and calls for mandatory use of ISO 17712 compliant seals on all containers by October 2008
 Canadian PIP program members will gain reciprocity status with C-TPAT program members
 TSA will announce air cargo security guidelines deferring to many C-TPAT guidelines
 WCO will expand the AEO program in the European
Union, Asia and Latin America
 Greater use of electronics in cargo protection
30

 More frequent reviews of company’s security procedures and policies (even after validation/revalidation)
 C-TPAT members continue conducting audits of foreign vendors regardless of whether in another program
 C-TPAT members are conditioning contractual business relationships with their service providers and vendors based on C-TPAT participation and/or adherence to C-
TPAT security guidelines
 Mutual Recognition and Reciprocity with other countries
 Global buy-in to security
 Additional X-ray screening and data mining
31

 Congress pressuring Customs to implement 100% container screening. Customs potentially trying to counter with C-TPAT program and cargo screening software
 Customs reducing timeline for validations from 3 years to 1 year, and revalidating each company every 3 years instead of the specified 4-year schedule
 Third-party validations: Customs currently accepts only in China. Other AEO programs may allow selected third parties to conduct validations in any country
32

CONTACTS
Craig J. Pinkerton – PricewaterhouseCoopers
Los Angeles
Tel: (213) 256-6037
Email: craig.j.pinkerton@us.pwc.com
Dennis Caronan – PricewaterhouseCoopers
Manila
Tel: 632 845 2728, Ext. 2118
Email: dennis.anthony.p.caronan@ph.pwc.com
John S. Kwak – PricewaterhouseCoopers
Hong Kong
Tel: (852) 2289 3331
Email: john.sh.kwak@hk.pwc.com