COSO. Enterprise Risk Management — Integrated Framework – Executive Summary. Committee of Sponsoring Organizations of the Treadway Commission. September 2004. (CORE1106)

/0 Comments/in , , , , , , , , , /by

Summary: The Committee of Sponsoring Organizations of the Treadway Commission, COSO, defines Enterprise Risk Management, ERM, as a process, effected by an entity’s board of directors, management and other personnel, applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risk to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives. The entity objectives are set forth in following four categories: (i) Strategic – high-level goals, aligned with and supporting its mission; (ii) Operations – effective and efficient use of its resources; (iii) Reporting – reliability of reporting; and (iv) Compliance – compliance with applicable laws and regulations. According to COSO, ERM enables management to effectively deal with uncertainty and associated risk and opportunity, enhancing the capacity to build value. Within the context of FP7-CORE project – and, supply chain security management in general – ERM can be seen as a useful approach particularly when it comes to aligning security risk appetite and strategy; to enhancing security risk response decisions; and to reducing security related operational surprises and losses. Some other ERM aspects such as seizing opportunities (“positive risks”) may not apply in supply chain security management context. One more interesting note, which could also be applied for supply chain security: everyone in an entity has some responsibility for ERM. This executive summary document is available for download at: http://www.coso.org/documents/coso_erm_executivesummary.pdf

[s2If is_user_logged_in()]

Full review:

Background: The first version of the “Internal Control – Integrated Framework” was issued by the Committee of Sponsoring Organizations of the Treadway Commission, COSO, in early 1990s, to help businesses and other entities assess and enhance their internal control systems. The change of the millennium saw heightened concern and focus on risk management, and it became clear that a need exists for a robust framework to effectively identify, assess, and manage risk. In 2001, COSO initiated a project, and engaged PricewaterhouseCoopers, to develop a framework that would be readily usable by managements to evaluate and improve their organizations’ enterprise risk management.

According to COSO (p.1), Enterprise Risk Management, ERM, encompasses:

  • Aligning risk appetite and strategy – Management considers the entity’s risk appetite in evaluating strategic alternatives, setting related objectives, and developing mechanisms to manage related risks.
  • Enhancing risk response decisions –Enterprise risk management provides the rigor to identify and select among alternative risk responses – risk avoidance, reduction, sharing, and acceptance.
  • Reducing operational surprises and losses – Entities gain enhanced capability to identify potential events and establish responses, reducing surprises and associated costs or losses.
  • Identifying and managing multiple and cross-enterprise risks – Every enterprise faces a myriad of risks affecting different parts of the organization, and enterprise risk management facilitates effective response to the interrelated impacts, and integrated responses to multiple risks.
  • Seizing opportunities – By considering a full range of potential events, management is positioned to identify and proactively realize opportunities.
  • Improving deployment of capital – Obtaining robust risk information allows management to effectively assess overall capital needs and enhance capital allocation.

COSO (pp.3-4) states that ERM consists of eight interrelated components, derived from the way management runs an enterprise and are integrated with the management process:

  • Internal Environment – The internal environment encompasses the tone of an organization, and sets the basis for how risk is viewed and addressed by an entity’s people, including risk management philosophy and risk appetite, integrity and ethical values, and the environment in which they operate.
  • Objective Setting – Objectives must exist before management can identify potential events affecting their achievement. Enterprise risk management ensures that management has in place a process to set objectives and that the chosen objectives support and align with the entity’s mission and are consistent with its risk appetite.
  • Event Identification – Internal and external events affecting achievement of an entity’s objectives must be identified, distinguishing between risks and opportunities. Opportunities are channeled back to management’s strategy or objective-setting processes.
  • Risk Assessment – Risks are analyzed, considering likelihood and impact, as a basis for determining how they should be managed. Risks are assessed on an inherent and a residual basis.
  • Risk Response – Management selects risk responses – avoiding, accepting, reducing, or sharing risk – developing a set of actions to align risks with the entity’s risk tolerances and risk appetite.
  • Control Activities – Policies and procedures are established and implemented to help ensure the risk responses are effectively carried out.
  • Information and Communication – Relevant information is identified, captured, and communicated in a form and timeframe that enable people to carry out their responsibilities. Effective communication also occurs in a broader sense, flowing down, across, and up the entity.
  • Monitoring – The entirety of enterprise risk management is monitored and modifications made as necessary. Monitoring is accomplished through ongoing management activities, separate evaluations, or both.

Lastly, as potential readers / users of this report, COSO suggests following: Board of Directors; Senior Management; Managers and other personnel; Regulators; Professional Organizations; and Educators.

CORE1106

[/s2If]

C-TPAT Program Benefits Reference Guide, 2014 (CORE1032)

/0 Comments/in , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , /by

Summary: This guidebook outlines the key elements and benefits of the Customs-Trade Partnership Against Terrorism (C-TPAT) program that is designed to secure global supply chains and to improve United States border security. Document is available at: https://www.cbp.gov/sites/default/files/documents/C-TPAT%20Program%20Benefits%20Guide.pdf (link tested on 3 March 2016)

[s2If is_user_logged_in()]

Full review: C-TPAT partners receive a wide range of benefits listed below:

  • C-TPAT Partners are examined at a considerably lower rate than non-C-TPAT Partners.
  • C-TPAT certified/validated highway carrier Partners are granted expedited border crossing privileges. C-TPAT Partners at many Canada/Mexico land border ports of entry have access to Free and Secure Trade (FAST) Lanes.
  • Some categories of C-TPAT importer Partners are exempt from stratified exams.
  • C-TPAT shipments subject to examination are moved ahead of any non-C-TPAT shipments, to the extent possible.
  • In the event of a significant disruption/delay in cargo processing operations, actions are taken to maintain communication and coordination with C-TPAT Partners for business resumption.
  • C-TPAT Partners’ trade compliance issues are given priority over those issues related to non-C-TPAT Partners.
  • Each C-TPAT Partner is assigned a Supply Chain Security Specialist (SCSS) who coordinates between the C-TPAT Partner and the US Customs and Border Protection agency (CBP). The Specialist also assists the Partner with supply chain security issues.
  • Partners have access to the C-TPAT’s automated Portal system, to communicate with CBP and exchange program related information in a secure manner.
  • C-TPAT Partners are eligible to attend C-TPAT events like the annual Conference and other training seminars organized by the program.
  • C-TPAT importer Partners are eligible to participate in the Importer Self-Assessment (ISA) Program.
  • The Penalty Mitigation benefit is granted to sea carriers for late submission of data required under the Importer Security Filing requirements.
  • C-TPAT members are eligible to participate in other U.S. Government pilot programs, such as the Food and Drug Administration’s Secure Supply Chain program.

In addition, some benefits are associated with Mutual Recognition Arrangements (MRAs) when two customs authorities formally acknowledge the security requirements or standards of one program, as being equivalent to the other program. Some of the resulting benefits to the trade community are illustrated below:

  • C-TPAT importer Partners that also conduct export operations and Partners of the foreign Customs Administration programs (manufacturers and exporters of record) are granted a reduction in their overall cargo risk score, implying fewer examinations at export and import ports.
  • A C-TPAT validation for an overseas partner is not required if an MRA is in place because CBP recognizes the status of the Partner in the foreign partnership program.
  • Companies covered by MRAs need only to comply with a common set of security requirements, avoiding the hassle of following multiple sets of requirements from one partnership program to another.
  • MRAs lead to more transparency in international commerce. Mutual exchange of information between these partners facilitates trade across Mutual Recognition Partner nations.

CORE1032

[/s2If]

C-TPAT Best Practices Catalog Addendum, 2009 (CORE1031)

/0 Comments/in , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , /by

Summary: This addendum document lists cargo security best practices with focus on prevention of weapons of mass effect, terrorists, and/or contraband from infiltrating into the international supply chain. Each best practice is linked to a specific business entity, such as a Manufacturing Company, a Highway Carrier, an Importer or a Foreign Consolidator but these may apply to other business types as well. The document is available at: https://www.cbp.gov/sites/default/files/documents/ctpat_bpa_2009_0.pdf (link tested on 3 March 2016)

[s2If is_user_logged_in()]

Full review: The best practices are outlined as follows:

Risk assessment: Programs are in place to enable the identification of the most vulnerable supply chain areas, to grade suppliers supply chain security criteria. Specific processes have been developed to manage the supplier’s products, software and services and internal monitoring systems to enhance the safety and security procedures.

Business partner requirements: Several security measures have been taken by entities. These include conducting supply chain security audits to ensure compliance of non-C-TPAT business partners; carrying out security audits of a foreign manufacturer; making security self-assessments, conducting onsite inspections to ensure freight security; shipping cargo only through accredited ports and steamship lines; monitoring compliance of manufacturing facilities; screening procurements to identify ineligible status of suppliers, and performing audits of business partners.

Conveyance/Container/Trailer Security: Examples of such security practices are: integrating special security features in the GPS (global positioning system); using laser beams to protect trailers; using colour codes for matching consignments; installing infrared sensors in docks to prevent unauthorized access; using special codes to identify correct shipments; documenting all seal changes for shipments in transit; ensuring delivery by authorized Company drivers; sealing containers; operating through C-TPAT carriers; using only “seaworthy” containers; installing in-transit temperature data sensors to ensure product quality; enclosing container storage area; conducting non-intrusive inspection prior to loading a vessel; establishing specific inspection points; using multiple security devices on each container; using automated container yards; instructing foreign suppliers to provide inspection checklists; using dock locking arms for container storage; installing motion sensors in a trailer; operating through contracted highway carriers and security services; documenting a seal destruction policy, and so forth.

Physical Access Controls: Some practices by Importers include establishing multiple security stations within the building; using metal detectors for employees; installing an electronic swipe card/ lock box systems for access control for sensitive documents; conducting electronic scanning of visitors’ drivers licenses; utilizing a third-party software system to manage key inventory; and providing panic buttons for company employees.

Physical Security: Several innovative solutions have been designed to ensure physical security, such as electronically closing gates and activating tire puncturing devices to prevent vehicle exits; using an electronic security information reporting system, installing invisible electronic fences; installing laser sensors; setting up optical light beams to detect intruders; fitting double locks on doors; Installing infrared sensors on fences; using body alarm functions for emergencies; appointing patrolling guards, using multiple glass meeting rooms; using multiple interior infrared security alarm beams to detect unauthorized access; and installing security guard view towers.

Personnel Security: An Importer requires business partners to provide a monthly master list of employees and immediately notify when their employees are hired or terminated, in order to ensure that only authorized business partner’s employees enter the manufacturing facilities.

Security Training/Threat Awareness/Outreach: Business entities have invested in a wide range of training programs. One such initiative is the four-tier C-TPAT training targeted for management and supervisors, shipping and receiving personnel, internal personnel dealing with contractors and hourly staff. Other businesses use different approaches, like establishing an online training portal;; offering general security training and of site-specific training for security guards; issuing security advisories; making regular security awareness assessments; establishing a situation matrix chart to address possible incidents; establishing a direct communication channel between the president of the company and employees; putting in place a toll free hotline for company personnel; conducting security drills and exercises; establishing a web-based security awareness training; documenting security incidents in a central database; and establishing a global communication system to contact all employees and contractors remotely.

Procedural Security: Instances of this type of security measures include a bio-thermal intrusion alarm system; a global SAP network to generate all written orders for import and export; automatic screening procedures of purchase orders for restricted parties; lock boxes for sensitive documentation; an automated loading module called the Automatic Truck Loading System (ATLS); a container seal number as the shipment tracking (invoice/bill of lading) number, and so forth.

Information Technology (IT) Security: Such security practices include a biometric fingerprint door lock; a remote data backup center; a retina scanning system for access to the computer system; requiring supervisory approval to copy data; use of electronic password protected purchase orders; establishing a daily “e-test” for employees to access computers, and so forth.

CORE1031

[/s2If]

CEN Supply Chain Security — Good Practice Guide for Small and Medium Sized Operators, 2012 (CORE1030)

/0 Comments/in , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , /by

Summary: This is a guidance document for small and medium sized enterprises, SMEs. on how to apply a supply chain security approach to their operations in order to mitigate the risk of criminal activities. It gives an overview of the main crime types occurring in the supply chain along with some countermeasures, as well as the supply chain security initiatives, and the compliance requirements thereof. The document is available for purchase e.g. at:   http://shop.bsigroup.com/ProductDetail/?pid=000000000030258778  (link tested on 3 March 2016)

[s2If is_user_logged_in()]

Full review: The recommended supply chain strategy rests on a six-step approach. The first step is to define a context for the supply chain, crime prevention and security management activities taking into consideration the security sensitiveness, the geography and transport modes, and the main stakeholders involved in the supply chain operation. The second step is to make a threat and vulnerability analysis with regard to terrorist and other criminal threats in the supply chain. The main criteria included are the gaps existing in enhanced security, the high-risk crime types, and the potential consequences of crime occurrences. The third step covers the regulatory framework, the major aspects being the regulations and programs required for successful business operations, expectations of customers and suppliers, requirements laid down by insurance providers, and relevant government authorities. The fourth step refers to an overall security plan, taking into account the physical security, data security, human resources security (including selection, training, and exit procedures), business partner security (including selection, and auditing), and process control and monitoring of deviations. The fifth step involves implementing into practice concrete security measures, investment in technologies, procurement of services, in-house solutions and so forth. The final step is to monitor and measure the security performance and take appropriate corrective actions.

Five supply chain crime types have been elucidated in this guide. These include:  Property theft (cargo theft, intellectual property breaches); targeted damage (terrorism, sabotage); cross-border duty and tax fraud; illegitimate transporting, exporting and/or importing (smuggling of prohibited and restricted goods, people smuggling); and crime facilitation (document forgery, bogus companies, cybercrime). For each crime type, the main focus should be on the issue (main features and typical sectors/products involved), scope of the problem and actions to mitigate risks.

This guidebook has chosen eight security initiatives for illustration purposes. It explains the context of each initiative, whom it is meant for, and some basic requirements and the implications. These are as follows:

  • Import Control System (ICS) in the EU (a systems tool meant for the lodging and processing of Entry Summary Declarations, and for the exchange of messages across national customs agencies, economic operators and the European Commission).
  • Export Control System (ECS) in the EU (introduces EU procedures to computerize and control indirect exports and to implement the EU safety and security regulations);
  • Maritime Security Legislation, International Ship and Port Facility Security (ISPS) Code in the EU (International regulations to ensure the security of maritime transportation are being issued by the International Maritime Organization, IMO, in the International Ship and Port Facility Security Code);
  • Aviation Security Legislation, Air Cargo Supply Chains in the EU (three categories of aviation security legislation exist in the EU- Framework regulation, supplementing regulations, and implementing regulations-all targeted towards civil aviation security).
  • European Union Authorized Economic Operator, EU AEO (operators involved in international trade of goods certified as complying with WCO or equivalent supply chain security standards);
  • Regulated agent, Known consignor and Account consignor in the EU (Specific “trusted trader” status existing in the European air cargo supply chains);
  • ISO 28000 Series of Standards on Supply Chain Security Management Systems (address potential security issues at all stages of the supply process, e.g. terrorism, fraud and piracy);
  • Transported Asset Protection Association (TAPA) in Europe (fighting cargo crime using real-time intelligence and the latest preventative measures).

CORE1030

[/s2If]

Supply chain security education materials

/0 Comments/in , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , /by

Blog-29.02.16FP7-CORE is the European flagship research and development project in supply chain security and trade facilitation, running from May 2014 to April 2018. In today´s CBRA Blog we focus on education and training material development – Work package 19, Task 19.1 – in the CORE-project.

The CORE Task 19.1 – Education and training materials development – has an impressive set of partners: INTERPOL, World Customs Organization (WCO), European Shippers Council (ESC), European association for forwarding, transport, logistics and customs services (CLECAT), International Road Union (IRU), and Technical University of Delft (TU Delft) as the established big players; ourselves Cross-border Research Association (CBRA) as the Task leader (and an enthusiastic lecturing body in supply chain security and trade facilitation); as well as the BMT Group, as the Work package 19 leader. We first started interaction with the entire Task 19.1 team during summer 2014, when the CORE-project had just been kicked off, and everything was still in it´s infancy.

Today, at the end of February 2016 – near two years into the project – we are about to launch the full scale production of the CORE education and training materials. We vision content to be produced in three parallel categories: CORE Flagship Handbook (CFH); Partner-specific materials; and Other education content. Content which is considered to be near-final can be published on-the-fly for example at CBRA´s web-portal, www.cross-border.org , where a new section is planned for the “CORE Education” (like the “CORE Observatory” which has been live since last autumn). Having just over two years left with the CORE-project, we are right on schedule to start the full production of education and training materials!

CORE Flagship Handbook (CFH) will be the main joint outcome of Task 19.1, thus we welcome INTERPOL, WCO, ESC, CLECAT, IRU, TU Delft and BMT to work closely with us in the production, review and piloting of the Handbook. In our current plans the Flagship Handbook has the following four sections, each section having multiple chapters (typically between two and six chapters per section):

  1. Introduction to CORE innovation agenda; including explaining key CORE themes and concepts; and frameworks and models.
  2. CORE outcomes, findings and results – written primarily in the context of the 16 CORE-Demonstrations.
  3. Interpretation of CORE results per key stakeholder group: customs, police, cargo owners, logistics sector, security sector and academics
  4. Future research and development roadmap – focusing on gaps and shortcomings; critical assessment on what works and what doesn’t by the end of CORE-project.

Partner specific materials typically fall into two sub-categories. First one is generic, introductory materials which would be of relevance to 1-2 stakeholder groups – for example Supply chain management 101 for police officers. Such materials can quite easily be developed within Task 19.1, using CORE supply chains and trade lanes as examples. At the same time, such basic education material would not be of relevance for supply chain companies, thus it should not be published in the CORE Flagship Handbook, CFH. Second sub-category is on detailed technical content, which again would be relevant to 1-2 stakeholder groups. An example could be technical review on risk management tools for the logistics sector.

Other education material may consist of the following content buckets, listed in a rough “simple to more complex” -order: Factsheets; Quizzes; Basic case studies; Comprehensive case studies; Videos and animations; Serious games, and so forth. It is still early days to decide what makes sense to develop – and for what we have adequate resources, skills and budgets. Maybe we will start with some simple factsheets, quizzes and basic case studies – this is still to be discussed among Task 19.1 partners.

Finally, the plans regarding the CORE Education web-portal are still in a preliminary stage. We could have a simple dropdown menu at www.cross-border.org , for example with the following selection options: Introductory materials; Technical sections; and Factsheets & quizzes. In the last category we could share first outcomes of Task 19.1 work. Here, just like in all other aspects of CORE Task 19.1, we welcome ideas and feedback from the Task 19.1 team, and from the whole CORE Consortium – and even beyond, from any interested stakeholders and potential future users of CORE Education materials!

In Lausanne on 29.2.2016 – CBRA Blog by Juha Hintsa

SUPPLY CHAIN SECURITY – U.S. Customs and Border Protection Has Enhanced Its Partnership with Import Trade Sectors, but Challenges Remain in Verifying Security Practices, GAO, April 2008 (CORE1011)

/0 Comments/in , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , /by

Summary: The GAO report discusses the progress the Customs and Border Protection (CPB), a component agency of the US Department of Homeland Security (DHS), has made since 2015 with its flagship business-private supply chain security program Customs-Trade Partnership Against Terrorism (C-TPAT). The report focuses on three main areas of the C-TPAT’s management and governance: (1) awarding benefits for the C-TPAT compliant companies, (2) validating the member companies’ security compliance and (3) addressing CBP’s staffing challenges that the increasing popularity of the C-TPAT program brings. The report recommends CPB to improve its C-TPAT validation processes and instruments and to establish performance criteria for assessing the program’s impact on supply chain security and trade facilitation. The C-TPAT program and this GAO report contain useful information for the CORE’s demonstrations that import goods into the US. Also the CORE’s risk cluster can learn about opportunities and challenges a voluntary, risk-based supply chain security entails. The report is available at http://www.gao.gov/assets/280/274773.pdf.

[s2If is_user_logged_in()]

Full review: This report contains information that is particularly useful for two CORE demonstrators that cover US imports. The first WP9 demonstration is about shipping automobile parts from the EU to the US via the port of Bremerhaven. In this demo, the General Motors (GM) is the importer. Because GM holds a C-TPAT certificate, most of the information this report offers about the status and challenges of the C-TPAT program must be of interest for the company and for its CORE demonstration. The same applies to the WP14 demonstration “FALACUS” that is about importing ceramic tiles from Italy to the US via the Port of La Spezia. The demonstration has to deal with the C-TPAT program, and therefore the demo partners’ might benefit from studying this GAO report. In addition to the demonstrations, this report might support the work of the CORE’s risk cluster because the document discusses in detail challenges and possibilities of a voluntary, risk-based supply chain security program, which builds on business-government collaboration.

Cross-references:

Supply Chain Security: Examinations of High-Risk Cargo at Foreign Seaports Have Increased, but Improved Data Collection and Performance Measures Are Needed. GAO-08-187. Washington, D.C.: January 25, 2008.

Maritime Security: The SAFE Port Act and Efforts to Secure Our Nation’s Seaports. GAO-08-86T. Washington, D.C.: October 4, 2007.

Maritime Security: Observations on Selected Aspects of the SAFE Port Act. GAO-07-754T. Washington, D.C.: April 26, 2007.

Combating Nuclear Smuggling: Additional Actions Needed to Ensure Adequate Testing of Next Generation Radiation Detection Equipment. GAO-07-1247T. Washington, D.C.: September 18, 2007.

Cargo Container Inspections: Preliminary Observations on the Status of Efforts to Improve the Automated Targeting System. GAO-06-591T. Washington, D.C.: March 30, 2006.

Additional keywords: Border security, customs-trade partnership against terrorism (C-TPAT), supply chain security, counter-terrorism

CORE1011

[/s2If]

SUPPLY CHAIN SECURITY – CBP Works with International Entities to Promote Global Customs Security Standards and Initiatives, but Challenges Remain, GAO, August 2008 (CORE1009)

/0 Comments/in , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , /by

Summary: This report discusses how the US Customs and Border Protection (CBP) has (1) contributed to international supply chain security standards and (2) promoted mutual recognition in the customs security area and (3) how the agency expects to implement the 100% scanning requirement of the containerized US-bound maritime cargo. The report provides a detailed outlook on the US customs supply chain security scheme, and it highlights challenges and problems that the US government faces in promoting its supply chain security strategy internationally. The development and the implementation of the World Customs Organization’s (WCO) SAFE Framework of Standards, a suite of best practices on customs security, is a central theme throughout this GAO report. Because of its broad scope, the customs-related supply chain security, this document contains information that is likely to be useful for all CORE work packages, and especially for those that involve customs administrations. The report is available at http://www.gao.gov/assets/280/279730.pdf.

[s2If is_user_logged_in()]

Full review: This document provides a detailed outlook on customs-centric supply chain security from the US government’s perspective. This unique view on the customs security is going to be useful for the CORE’s early work packages that seek to describe the state-of-the-art of the global supply chain security. The information is also useful for the CORE demonstrations, in which customs administrations are involved. In particular, the demonstrations (WP9 and WP14) that are about US-bound trade and logistics benefit from the detailed description of the customs security initiatives that the US government has introduced since the 9/11 tragedy.

Cross-references:

  • Supply Chain Security: Challenges to Scanning 100 Percent of U.S.-Bound Cargo Containers. GAO-08-533T. Washington, D.C.: June 12, 2008.
  • Supply Chain Security: Examinations of High-Risk Cargo at Foreign Seaports Have Increased, but Improved Data Collection and Performance Measures Are Needed. GAO-08-187. Washington, D.C.: January 25, 2008.
  • Maritime Security: The SAFE Port Act: Status and Implementation One Year Later. GAO-08-126T. Washington, D.C.: October 30, 2007.
  • Maritime Security: One Year Later: A Progress Report on the SAFE Port Act. GAO-08-171T. Washington, D.C.: October 16, 2007.
  • Maritime Security: The SAFE Port Act and Efforts to Secure Our Nation’s Seaports. GAO-08-86T. Washington, D.C.: October 4, 2007.
  • Combating Nuclear Smuggling: Additional Actions Needed to Ensure Adequate Testing of Next Generation Radiation Detection Equipment. GAO-07-1247T. Washington, D.C.: September 18, 2007.
  • Maritime Security: Observations on Selected Aspects of the SAFE Port Act. GAO-07-754T. April 26, 2007.
  • Customs Revenue: Customs and Border Protection Needs to Improve Workforce Planning and Accountability. GAO-07-529. Washington, D.C.: April 12, 2007.
  • Cargo Container Inspections: Preliminary Observations on the Status of Efforts to Improve the Automated Targeting System. GAO-06-591T. Washington, D.C.: March 30, 2006.
  • Combating Nuclear Smuggling: Efforts to Deploy Radiation Detection Equipment in the United States and in Other Countries. GAO-05-840T. Washington, D.C.: June 21, 2005.
  • Container Security: A Flexible Staffing Model and Minimum Equipment Requirements Would Improve Overseas Targeting and Inspection Efforts. GAO-05-557. Washington, D.C.: April 26, 2005.

Additional keywords: Mutual recognition, regulatory harmonization, 100% scanning legislation, SAFE framework of standards, World Customs Organizations, Authorized Economic Operators (AEO) programs, Customs-Trade Partnership against Terrorism

CORE1009

[/s2If]

Border Agency Cooperation, Part 3 of 3

/0 Comments/in , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , /by

The last blog in our three-part series on Border Agency Cooperation introduces a conceptual framework capturing the essential dimensions of Border Agency Coordination: three levels of collaboration, four areas of integration and four objects for sharing. We hope that the framework helps the customs and other border agency communities to see all levels of Border Agency Cooperation (BAC) so that they can move from isolated coexistence towards more active cooperation at the borders. Higher levels of cooperation are likely to translate into higher levels of trade facilitation, control over cross-border cargo flows and resource efficiency, simultaneously. Compared with the previous BAC Blog Part 2, this BAC Blog Part 3 intends to present a comprehensive framework surrounding BAC ambitions, plans, implementations and monitoring activities – while the previous BAC Bloc 2 focused purely on a set of 15 key BAC actions, grouped according to the main beneficiary groups. This final BAC Blog has been written by Dr. Toni Männistö of CBRA.

Let’s start by first presenting the BAC diagram: Conceptual framework on Border Agency Cooperation (source: Männistö, T., and Hintsa J., 2015; inspired by Polner, 2011 and by Institute of Policy Studies, 2008)

blog-200516-1

Levels of cooperation

Intra-agency cooperation is about aligning goals and work within one organization, either horizontally between departments or vertically between headquarters and local branches, in particular border-crossing offices / stations. Ways to foster horizontal intra-agency cooperation include development of intranet networks, cross-training, inter-departmental rotation of staff, and establishment of joint task forces that tackle multifaceted challenges like transnational terrorism. Ideally, the vertical cooperation would be bi-directional: headquarters would define priorities and objectives and then communicate them to local branches. The branches would, reciprocally, send back status reports and suggest improvements to the general policies. Solving intra-agency cooperation lays a basis for broader cooperation: it’s hard for any organization to cooperate efficiently with external stakeholders if it struggles with internal problems. The logical first step in coordinated border management is therefore breaking departmental silos and building a culture of cooperation within boundaries of one organization.

Inter-agency cooperation, at the operational level, concerns relationships among a broad range of border agencies that play a role in controlling cross-border trade and travel. In many countries, primary agencies present at the borders include customs, border guards, immigration authorities and transport security agencies. However, also police organizations, health authorities, and phytosanitary and veterinary controllers, among others, take part in border management. According to a recent study, typical areas of customs- border guard inter-agency cooperation can include strategic planning, communication and information exchange, coordination of workflow of border crossing points, risk analysis, criminal investigations, joint operations, control outside border control points, mobile units, contingency/emergency, infrastructure and equipment sharing, and training and human resource management (CSD, 2011). Governmental inter-agency cooperation occurs between border control agencies and ministries and policy making bodies that are responsible for oversight and financing of border management activities.

International cooperation may take place locally at both sides of a border. One Stop Border Posts, OSBPs – border crossings managed jointly by two neighboring countries – are prime examples of such cooperation. One Stop Border Posts can involve various forms of collaboration: harmonization of documentation, shared maintenance of the infrastructure, joint or mutually recognized controls, exchange of data and information and common investments in infrastructure and so forth. Operational arrangements between the Norwegian, Finnish and Swedish customs illustrate advanced international cross-border cooperation that save time and money of border control authorities and trading companies. The cooperation builds on division of labor, where the national border authorities of each country are allowed to provide services and exercise legal powers of their home country and neighboring countries. For instance, when goods are exported from Norway, all paperwork related to both exports and imports may be attended by either Swedish, Finnish or Norwegian customs office (Norwegian Customs, 2011). At the political level, this requires international cooperation between authorities and policy makers in two or more countries. Operational cooperation (e.g., mutual recognition of controls or regional Single Window), often bringing tangible trade facilitation benefits, usually follows from political, supranational decisions (e.g., the WCO’s Revised Kyoto Convention and SAFE Framework of Standards).

Areas of integration

Technical integration often entails improving connectivity and interoperability of information and communication technology systems within and across organizations. Single Window solutions are typical outcomes of technical cooperation as they enable automatic exchange of electronic trade information among border control agencies. The UN Centre for Trade Facilitation and Electronic Business, UN/CEFACT, is an important international organization helping to build connectivity across countries and between business and governmental stakeholders. UN/CEFACT, for instance, develops and maintains globally recognized standards for EDI messages.

Operational integration is largely about coordination of inspection and auditing activities among border control agencies. Benefits of synchronized activities are evident: organizing necessary controls at one place and at the same time reduces delays and administrative burden that trading companies and travelers face at borders. A simple and powerful example of operational integration is coordination of opening hours and days of customs offices at the both sides of a border. Operational integration also covers provision of mutual administrative assistance, joint criminal investigations and prosecution, and sharing of customs intelligence and other information.

Legislative integration seeks to remove legal barriers and ambiguities that prevent border control agencies from exchanging information, sharing responsibilities or otherwise deepening their cooperation. Essentially, most forms of Border Agency Coordination require some degree of legislative harmonization and political commitment. For example, Article 8 of the WTO/TFA to the WTO Members requires that national authorities and agencies responsible for border controls and dealing with the importation, exportation and transit of goods must cooperate with one another and coordinate their activities in order to facilitate trade.

Institutional integration is about restructuring roles and responsibilities of border controls agencies. An example of a major restructuring is the annexing of US border control agencies – including the US Customs and Border Protection, Transportation Security Administration and Coast Guard – into the Department of Homeland Security, DHS, a body that took over the key governmental functions involved in the US non-military counter-terrorism efforts in the aftermaths of the September 11th, 2001, terrorist attacks.

Objects of sharing

Sharing of information – data, knowledge and intelligence – reduce duplicate work (e.g., sharing of audit findings), enable operational coordination (e.g., synchronized border controls) and facilitate development of common agenda for future border agency coordination. At the global level, the WCO’s Customs Enforcement Network CEN is an example of a trusted communication system for exchanging information and intelligence, especially seizure records, between customs officials worldwide. Another WCO initiative, the Globally Networked Customs, analyzes potential to further “rationalize, harmonize and standardize the secure and efficient exchange of information between WCO Members” (WCO 2015).

Resource sharing involves multi-agency joint investments in equipment, facilities, IT systems, databases, expertise and other common resources. The joint investment activities are likely to result in higher resource utilization and bulk purchasing discounts. For example, national and regional Single Window solutions are often outcomes of joint development and investment activities of various government agencies.

Sharing of work is mostly about rationalization of overlapping border control activities, controls and formalities. If two border control agencies, for instance, agree to recognize each other’s controls, there is no need to control the same goods more than once. Combining forces to investigate and prosecute crime also often help border control agencies to use their limited resources more efficiently.

Sharing of responsibilities is about coordinating and streamlining administrative and control tasks among border control agencies. Norway, again, sets a good example of sharing the responsibilities. The Norwegian customs represents all other border control agencies – except the veterinary office – at the frontier. Customs officers are responsible for routine border formalities, and they summon representatives of other border control agencies as and when the officers need assistance. Internationally, the Norwegian customs cooperates closely with Swedish and Finnish border control authorities at the Northern Scandinavian border posts. Bilateral agreements between its neighbors allow Norwegian customs officers authority to perform most customs checks and formalities for and on behalf of their Swedish and Finnish colleagues. The coordination decreases border-crossing times and lowers administrative costs for trading companies and the border control agencies in the three countries.

This concludes now our three-part series on Border Agency Cooperation. In Part 1, we shared an illustrative worst case example on how complex, slow and expensive a cross-border supply chain execution comes when no cooperation takes place between relevant government agencies, neither nationally nor internationally. In Part 2, we presented a conceptual BAC model with 15 key actions to improve the degree of cooperation in a given country or region – for the direct benefit of supply chain companies, or government agencies, or both. And in this Part 3, we finally presented our comprehensive BAC framework, which hopefully helps government policy makers and border agencies to design, implement and monitor their future BAC programs and initiatives in an effective and transparent manner. Toni Männistö and Juha Hintsa.

Bibliography:

Center for the Study of Democracy (CSD), 2011. “Better Management of EU Borders through Cooperation”, Study to Identify Best Practices on the Cooperation Between Border Guards and Customs Administrations Working at the External Borders of the EU.

Institute of Policy Studies 2008, Better connected services for Kiwis: a discussion document for managers and front-line staff on better joining up the horizontal and vertical, Institute of Policy Studies, Wellington, NZ.

Männistö, T., and Hintsa J., “Theory of Border Agency Cooperation”, CBRA working paper 2015, Lausanne, Switzerland.

Norwegian Customs, 2011. Case Study on Border Agency Cooperation Submitted by Norway for the November Symposium.

Polner, M. (2011). Coordinated border management: from theory to practice. World Customs Journal, 5(2), 49-61.

United Nations Conference on Trade and Development (UNCTAD), 2011 Border Agency Coordination”, UNCTAD Trust Fund for Trade Facilitation Negotiations Technical Note No. 14.

Mr. Mike Ellis, INTERPOL, on illicit trade and counterfeiting

/0 Comments/in , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , /by

Today’s CBRA Interview is with Mr. Mike Ellis who is the Assistant Director of Illicit Trade and Anti-counterfeit Sub-crime Directorate at INTERPOL, Lyon, France.

Hi Mike, can you first tell a bit who are you and what you do?

I am the Assistant Director for Police Services at INTERPOL, based in Lyon France.  INTERPOL is the world’s largest international police organization. Our role is to assist law enforcement agencies in our 190 member countries to combat all forms of transnational crime. We work to help police across the world meet the growing challenges of crime in the 21st century by providing a high-tech infrastructure of technical and operational support. Our services include targeted training, expert investigative support, specialized databases and secure police communications channels. I am responsible for the coordination of all activities related to illicit trade, smuggling of illicit goods and counterfeiting for the organization and police forces within our 190 member countries.  I lead a team of expert officers who are engaged in training, capacity building, and operational support who operate along with my analytical support who manage risk awareness and intelligence handling.

interview111

From your perspective, how bad is the current situation with counterfeit and other illicit trade in global supply chains? Can one for example see links between illicit trade and transnational organized crime groups; or, even terrorist organizations?

For many years the clear link has been established between the trafficking of illicit goods and transnational organized crime. Criminal organizations are attracted by the lucrative profits involved in trading counterfeit or fake goods, or in trading legitimate goods through illicit channels. The criminals involved manufacture and trade illicit goods on a regional and increasingly global scale.  It is well documented that they use the profits to fund other criminal activities such as drug trafficking and people smuggling, and for investment into funding subversive political groups.  Selling fake or counterfeit products is one aspect of illicit trade, as is selling genuine goods on the black market to avoid paying taxes. By avoiding regulatory controls, the criminals behind these activities peddle dangerous and illicit goods with a complete disregard for the health and safety of consumers. The phenomenon has grown to an unprecedented level, posing tremendous risks to society and the global economy. Counterfeiting harms businesses which produce and sell legitimate products, governments lose tax revenue from products manufactured or sold on the black market, and consumers are at risk from substandard products.

By the way, we met first time about one year ago in Lyon at an INTERPOL workshop linked to FP7-Project CORE. One of the main objectives of CORE-project is to develop leading edge education and training materials on supply chain security – for the benefit of law enforcement agencies, supply chain practitioners, and academics alike. Can you share your views about law enforcement – academia – industry cooperation in education material development, as well as in the broader field of supply chain security management?

One of our principle functions is capacity building and training.  At INTERPOL we recognize that capacity building brings with it raised identification of the impact of illicit cross-border trade and counterfeiting and all our new operations, or established operations in new regions, are preceded by a capacity building workshop.  The public domain is represented by police, customs, border control officials, and prosecutors, as well as representatives from various regulatory bodies including trading standards.  In addition, INTERPOL TIGC, the Trafficking in Illicit Goods and Counterfeiting program which I am heading, has developed a Mentoring Program which aims to increase cross-border, cross-industry law enforcement operational interventions by: strengthening capacity to deal with all types of cross-border trafficking in illicit and counterfeit products. We have also developed an online International Intellectual Property Crime Investigator’s College and have built already a robust network of over 10.000 law enforcement officers, and partner stakeholders with specialist knowledge and skillset.  This online training course provides specialist knowledge on transnational organized crime.  It is aimed at all law enforcement officials, regulatory authorities and private sector investigators who are committed in the fight against illicit trade and intellectual property crime.   We aim to provide crime professionals with specialist awareness and learning on the subject of transnational organized intellectual property, IP, crime, and illicit trade, by delivery of leading-edge training that meets international standards and allows crime investigators from any discipline to quickly identify other certified investigators.  Through this learning platform we also facilitate cooperation between the public and private sectors in the fight against IP crime, and ensure all public and private sector crime investigators have a common understanding of the problems facing them, while being aware of each other’s competencies and roles.  We seek to promote knowledge on what intervention strategies and tactics work, in order that all stakeholders are better able to work together in partnership in enforcement operations.

Thank you Mike for this highly interesting interview. It complements well our previous interviews on similar themes – with non-law enforcement experts including Mr. David Hamon and Mr. Tony Barone. CBRA and the whole FP7-CORE consortium, around 70 partners in total, wishes to continue the great cooperation in research and education material development with INTERPOL, throughout the CORE-project, until April 2018 – and beyond!  Juha.

 

TRANSPORTATION SECURITY – Action Needed to Strengthen TSA’s Security Threat Assessment Process, GAO, 2013 (CORE1015)

/0 Comments/in , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , /by

Summary: The GAO report is about measuring the performance of the Adjudication Centre that is a department within the Transportation Security Administration (TSA) responsible for administering background checks for people who need access to secure facilities unescorted. The centre issues the access credentials based on a through vetting of the applicant’s criminal history, immigration status, and connections to terrorist groups, among other checks. The report argues that the Adjunction Centre could improve the efficiency of the background checks – the individual security threat assessment – by improving its performance measurement system through better data and indicators. Although this GAO report focuses on a rather narrow topic, management of the background checking process, the report’s insights could benefit the CORE’s risk management cluster and those demonstrations that deal with access control matters. The report is available at: http://gao.gov/assets/660/656051.pdf

[s2If is_user_logged_in()]

Full review: This GAO document is closely related to the work the CORE’s risk cluster. The report describes problems the TSA’s Adjudication Centre faces when it manages the background checking process of the US-based transportation worker identification credentials (TWIC), hazardous materials endorsements (HME) and Aviation Worker (AV) authorization programs. Moreover, since access control is a central security solution in nearly all CORE demonstrators, the demonstrations might benefit from tips and guidance this report offers. At the final stages of the project, this GAO report might prove a useful document when the project consortium produces training materials on how to manage access control systems and how to administer background checks.

Cross-references:

  • Port Risk Management: Additional Federal Guidance Would Aid Ports in Disaster Planning and Recovery. GAO-07-412. Washington, D.C.: March 28, 2007.
  • Critical Infrastructure Protection: An Implementation Strategy Could Advance DHS’s Coordination of Resilience Efforts across Ports and Other Infrastructure. GAO-13-11. Washington, D.C.: October 25, 2012.

CORE1015

Additional keywords: Terrorism, background checks

[/s2If]