CASSANDRA compendium. Private sector perspectives on risk management (Ch. 5) and crime prevention and security management in supply chains (Ch. 6)

Summary: Chapters 5 & 6 of the CASSANDRA compendium provide a general overview on supply chain security risk management from the private sector perspective. Explaining the essentials of supply chain risk management, Chapter 5 introduces commonly used risk management models and tools (e.g., risk matrices and risk registers), discusses various classifications of supply chain risks, and elaborates current trends of risks and risk management in the supply chain context. Chapter 6 focuses on specific challenges of supply chain security risks – the risks that arise from intentional, man-made criminal activities such as terrorism, theft, trafficking, and sabotage. The chapter explains a few early classifications of supply chain security risks (e.g., motive-based typology and taxonomies based on private sector perspectives). Following the classifications of security risks, the chapter puts forth a few models for managing security risks in the supply chain context (e.g., the 8-layer model for supply chain security management). The chapter concludes with a detailed case study on security management of an international security company and a comparison of supply chain security management and the total quality management (TQM) management philosophy. The CASSANDRA compendium is available for download: www.cassandra-project.eu. Review by Toni Männistö (CBRA)

[s2If is_user_logged_in()]

Full review: Previous observatory entries have already shown the relevance of the CASSANDRA compendium to the community of supply chain management professionals. The compendium’s chapters 5 & 6 give a brief summary of risk management and security risk management in the context of international supply chains. The contents of the chapters are relevant and useful for people involved in FP7 CORE project, especially for those involved in work packages 3 (Multi-method Threat and Vulnerability Analysis Suite) and 4 (SC Situational Awareness Tools & Maps).

Chapter 5 elaborates a set of common supply chain risk management tools. The model of Waters (2007) summarises rather obvious three steps of the risk management process: identifying risks, analysing risks and responding to risks. The model proposes, for example, that managers can identify supply chain risks through analysis of past events, collection of opinions, and through operational analysis. The model also calls for managerial attention to prerequisites of successful risk management – mutual trust, cooperation and information exchange among relevant stakeholders involved in supply chain management – and highlights importance of continuous monitoring and controlling the risk management process. The chapter concludes with the four classic approaches to risk management: risk avoidance, risk reduction, risk transfer (e.g., insurance and contractual agreements), and acceptance. The classifications of supply chain risks include typologies focusing on risk sources (natural hazards operational failure and terrorism), risk consequences (e.g., risk to operations, risk to reputation and risk to profits), and objects of vulnerability (e.g., information, materials, personnel and financial flows).

The chapter on crime prevention and security management (Ch. 6) in supply chains provides a concise summary on supply chain security management from the private sector perspective. The chapter starts by describing some early classifications of supply chain security risks. A motive-based taxonomy classifies such risks into the three categories: economic crime (profit as motive), other crime types (ideological, emotional and other reasons as motive) and facilitating crime that covers activities that do not bring direct crime benefits but help committing other rewarding crime crimes later on. (e.g., document fraud, bribery and use of intimidation). The chapter’s next section elaborates ways to mitigate security risks in the global supply chains, highlighting the key ideas of the so-called 8-layer model for supply chain security management (the model incorporates multiple aspects of risk assessment, hands-on design and planning, implementation of a variety of technologies, procedures, and incentives as well as preparation for dealing with the consequences of supply chain crime). The chapter provides also a case study with an international tobacco company that runs high security risk supply chain operations. The section also contrasts, rather interestingly, principles of security management against the fundaments of the total quality management (TQM) management philosophy. The chapter continues with a brief review of regulations (e.g., EU customs security and aviation security regulations) and standards on supply chain security management (World Customs Organization’s SAFE framework of standards, and industry standards of the Transported Asset Protection Association).

Reference

Hintsa, J. and Uronen, K. (Eds.) (2012), “Common assessment and analysis of risk in global supply chains “, Compendium of FP7-project CASSANDRA, Chapters 5 & 6

CORE2007

[/s2If]

Governmental actors in supply chains & Governmental procedures, compliance and risk management – CASSANDRA Compendium Chapters 4 & 7, 2012 (CORE2007c)

Summary: The fourth and seventh chapters of the CASSANDRA compendium elaborate on the roles of government agencies in international logistics and supply chain security (SCS). A broad range of government actors – customs, police agencies, border guards and many others – play a crucial role in enforcing and facilitating cross-border traffic through the global supply chains. These government agencies are critical stakeholders to be involved in the development, design and implementation of the two central CASSANRA concepts: the end-to-end data pipeline and the risk-based approach to cargo inspections and company audits. The CASSANDRA compendium highlights that there are important differences in the national laws and regulations, even within the European Union, that complicate international government collaboration. The differences in the legal framework and organisational cultures must be taken into account when designing new SCS solutions in the CASSANDRA and other projects. The CASSANDRA compendium is available for download: www.cassandra-project.eu. Review by Toni Männistö (CBRA)

[s2If is_user_logged_in()]

Full review: The CASSANDRA compendium describes how the role of government agencies in the cross-border supply chain operations is changing. The trading community and high-level policy-makers are strongly advocating trade facilitation, to make international commerce faster, more cost-efficient and less cumbersome. To address the demand for trade facilitation, many border control agencies are adopting risk-based approaches for controlling cross-border trade and travel. They exploit information increasingly to identify and target high-risk cross-border movements while facilitating low-risk traffic. To further lowering administrative hurdles to the cross-border trade, many government agencies are eliminating duplicative and redundant reporting requirements and building modern ICT systems to enable fast and reliable digital exchange of data and information.

Many law enforcement agencies are also facing budget cuts and increasing work loads, which forces them to look for new ways to increase productivity. Increased collaboration among border control agencies has been proposed as a solution for boosting productivity. The efforts towards further coordinated border management (CBM) are clearly manifested as joint-border control posts, regional single window systems (an online interface enabling trading companies, customs and other border control agencies to exchange trade-related information) and mutual recognition agreements (MRA) that harmonize customs and security related regulatory requirements across jurisdictions.

Reference: Hintsa, J. and Uronen, K. (Eds.) (2012), “Common assessment and analysis of risk in global supply chains “, Compendium of FP7-project CASSANDRA, Chapters 4 & 7

 

CORE2007

[/s2If]

Supply Chain Security: Survey on Law Enforcement Agencies’ Training Needs, 2015 (CORE1112)

Summary: In a recent study, a joint CBRA-INTERPOL research team investigates what kind of training material would help law enforcement agencies to fight crime in the context of global supply chains. The team conducted a pilot survey at the LE TrainNet Meeting (Networking Meeting of the Law Enforcement training institutions) which took place in Baku, Azerbaijan, 28- 29 April 2015. Findings of the pilot survey will be used to launch a large EU-wide survey on law enforcement agencies’ training needs regarding supply chain security. The survey findings also guide production of new training and educational material that the FP7 CORE is currently producing. The reviewed document is available for download here: https://hicl.org. Review by Toni Männistö (CBRA)

[s2If is_user_logged_in()]

Full review: The article concludes that law enforcement agencies generally recognise supply chain security training as a worthwhile investment for their organisations. In partuclar, the law enforcement agencies call for new supply chain related training material especially regarding narcotics and drug precursor trafficking, corruption financial crimes and tax evasion, trafficking in human beings, trafficking in counterfeit goods, terrorism and cybercrime. They advocate increasing use of modern training techniques and tools, such as e-learning, case-based teaching, and role-playing exercises.

Other findings show that law enforcement agencies consider it very useful to develop new training and educational material that would help them to enable and encourage multi-agency collaboration, for example data sharing between police agencies and customs.  The survey respondents also expressed their interest in new training material that would focus on human factors of transnational crime (e.g., motives and underlying social dynamics) and intelligence-led policing.

It is important to notice that only 16 people responded to the Baku pilot survey. The response rate was 23.2%, given there were 69 delegates registered for the LEA TrainNet meeting. The relatively low number of respondents and the relatively low response rate indicate that there is a definite need for a larger EU-wide follow-up survey.

Reference: Hintsa, J., Ahokas, J., Gallagher, R., and Männistö, T., (2015), ”Supply Chain Security: Survey on Law Enforcement Agencies’ Training Needs”, Proceedings of the Hamburg International Conference of Logistics (HICL), September 24-25, 2015, Hamburg.

 

CORE1112

[/s2If]

Interview with Dr. Vittoria Luda di Cortemiglia

CBRA Interview with Dr. Vittoria Luda di Cortemiglia, Program Coordinator with the Emerging Crimes Unit at the United Nations Interregional Crime and Justice Research Institute, UNICRI, Torino, Italy.

Hi Vittoria, and thanks for joining a CBRA Interview – can you first tell a bit who are you and what you do?

I am the Programme Coordinator of the UNICRI Emerging Crimes Unit. Since joined the U.N. in 2001, I have been in charge of the coordination of a number of applied-research programmes in the field of illicit trafficking and emerging crimes, including environmental crimes, cybercrimes, counterfeiting, and organized crime in general.  I am UNICRI Focal Point for Strategic Approach to International Chemicals Management, SAICM, as well as UNICRI Focal Point within the UN Inter-Agency Coordination Group on Human Trafficking, ICAT.

Can you explain us bit more about UNICRI, including the governance model and the research areas?

UNICRI is a United Nations entity created by the Economic and Social Council of the United Nations, ECOSOC, in 1967 to assist Intergovernmental, Governmental and Non-Governmental Organizations in formulating and implementing improved policies in the field of criminal justice. The Institute is part of the United Nations Crime Prevention and Criminal Justice Program, which report annually through the UN Commission on Crime Prevention and Criminal Justice, CCPCJ, to the ECOSOC.

UNICRI is involved in research projects and capacity building activities in a broad number of areas, ranging from environmental crimes; human trafficking; trafficking in goods and products – including precious metals, pesticides, counterfeiting as well as chemicals, biological, radiological and nuclear risks; terrorism and foreign fighters; hate crimes and hate speech; cyber-security; urban security; violence against women; and, maritime piracy.

UNICRI, CBRA and other partners have just finished a 2-year FP7-project called CWIT, focusing on identifying and quantifying criminal and non-compliance problems and proposing solutions against illicit trade and logistics in electronic waste materials. What was the biggest thing you learned during the project, and which of our recommendations you find as most important when moving to the future?

The CWIT project has been a great experience from a personal as well as professional point of view, as gave me the possibility to work side by side with a number of wonderful professionals from the WEEE industry, enforcement agencies, international organisations, lawyers, academia and consultants specialised in supply chain security.

The objectives of the project were quite ambitious, as CWIT aimed at identifying the policy, regulatory, procedural and technical gaps as observed in today’s business environment, and at suggesting tangible improvements. The CWIT team produced set of recommendations to support the European Commission, law enforcement authorities and industry practitioners in countering the illegal trade of WEEE in and from Europe.

With regards to the recommendations which I consider particularly important are the ones related to the necessity of establishing robust and uniform legal framework and relevant implementation. As mentioned in the final CWIT report, without a clear and comprehensive legislative base, enforcers and prosecutors are powerless to address illegal WEEE flows. At the very minimum, a clear and global definition of what constitutes WEEE is the basis for improving detection, inspection, and enforcement and sentencing rates related to illegal WEEE trade.

In parallel, harmonisation and enhancement of penalty system is needed to increase the effectiveness of the existing legal framework.  In fact, penalties for the illegal trade in e-waste vary greatly in terms of monetary fines and prison durations. Today, the participation in WEEE illegal activities does not appear risky to offenders due to the low probability of being prosecuted and sentenced. Even when successfully prosecuted, penalties foreseen in legislation and penalties applied in court decisions are typically very low. For these reasons, it is important to also enhance prosecuting and sentencing, so that WEEE trade and environmental crimes in general are not considered a low- priority/low sentenced area.

UNICRI kindly invited CBRA to Torino last October to join a 2-day workshop on “Illicit Pesticides, Organized Crime and Supply Chain Integrity”. Can you elaborate on this emerging supply chain crime area, including about the estimated size and the negative socio-economic consequences of the problem?

Illicit pesticides cover a wide variety of products, including obsolete pesticides, unauthorized imports, counterfeit or fake pesticides; re- or up-labelled pesticides and refilled containers. Estimates of the illicit pesticides penetration of the legal market range from 10 to 25% – both in the EU and at international level-, representing several billion annually (USD 6-10 billion at global level and USD 1.1 billion at European level).

Besides the evident risks for human safety and health and environmental risks, illicit pesticides also pose serious threats to the economies and security. The agricultural market is extremely important for a large number of countries and companies and might be jeopardize by the introduction of illicit pesticides which can deeply affect the local and national economies. The economic losses have multiple sources and victims and long-term consequences, in particular possible loss of harvest/crop, soil and water contamination affecting the cultivable lands, decrease in innovation, reputation challenges with a decrease of exports, etc. The penetration of the pesticides market by criminal actors, including organised crime groups attracted by high profits and low risk of detection, prosecution and sentencing is another worrying trend.

Do you foresee opportunities for future research projects in the field of illicit pesticides?

Many national and international actors are becoming more and more aware of the threats posed by illicit pesticides to the legal supply chain. The attention and awareness of the problem is increasing at international level. In particular, the World Customs Organisation and the Organisation for Economic Co-operation and Development are becoming increasingly active in the field and it would be interesting to establish joint actions so as to raise awareness, capacities and response to secure the legal supply chain of such products. Indeed, through this research, we realised that the issue of illicit pesticide is neither well acknowledged nor well-documented. Our study is one of the first detailing the mechanisms and trends in the trafficking of illicit pesticides, the involvement of criminal actors, networks and organised crime groups and related criminal activities, as well as identifying the risks for the supply chain and pesticide markets.

UNICRI is very interested in continue working with partners, including CBRA, on this issue. The report details a number of initiatives which UNICRI stands ready to launch supporting countries in addressing the challenges of illicit pesticides, in particular research, raising stakeholders’ awareness, training and technical assistance programmes, supporting in capacity building activities and reinforcing national and international cooperation.

Thanks Vittoria for this interview – and we are of course more than willing to join a project-team on this highly important illicit pesticides trade and supply chains -topic

FP7-CORE Education – Two new diagrams

Today’s CBRA Blog presents two new diagrams which have been recently designed and developed in the context of FP7-CORE Education and training work (Work package 19.1). The information visualized in the diagram is based on CBRA’s supply chain security research work since year 2001, particularly from the past 5-6 years.

Some background information on the first diagram of crime types in global supply chains has been presented before for example in CBRA’s Blog of 13 October 2014 – Crime taxonomies from Athens. In the center of this diagram we list the crime types – including document fraud and cybercrime – which in the supply chain criminal context are performed in order to succeed with the actual economic or ideological crime, e.g. cargo theft or terrorism.

The left area of the circle lists four examples of crime types, which typically are of primary concern for supply chain companies: cargo theft, sabotage, parallel trade and product specification fraud. With such crime types it is commonly up to the companies to prevent, to detect and to react – of course, law enforcement agencies can be called for any time there is reasonable suspicion of such activities (and naturally in certain cases the government agencies may even be the first ones to detect and react, e.g. in case of armed robberies and truck hijackings).

The right area of the circle deals with supply chain incidents where the authorities typically focus on prevention, detection and reaction: fraud in indirect border taxes; trafficking / violations in cross-border restrictions and prohibitions; human trafficking; and exploitation of illicit labor. From supply chain perspective one can characterize them as “a priori non-disruptive illegal activities – only if / after authorities detect the violations, the supply chain is disrupted and the involved supply chain companies can get in trouble”.

Lastly, on the bottom area of the circle, we list four supply chain crime areas where the prevention typically is in strong interest of both supply chain companies and governmental agencies – and, the detection and (instant) reaction varies on case-by-case basis: counterfeiting, sales channel violations, sea piracy and terrorism. Counterfeiting hits revenues on both sides of the equation, and, with many products can also be health damaging or even lethal. Not having proper sales licenses, and/or selling to unauthorized buyers – for example cigarettes and alcohol, dual use and strategic goods etc. – can again harm both the involved companies and the society as a whole. And of course, sea pirates hijacking cargo ships; bombs exploding and bringing planes down; and terrorists attacking critical supply chain infrastructures, all are in the best interest of both companies and government agencies to prevent, to detect, and to react – in the fastest and most effective possible manner.

blog10.03.161

The second new educational diagram below depicts the negative socio-economic impact areas – six in total – caused by twelve typical smuggling and trafficking activities. The data behind it has been presented before e.g. in CBRA’s Blog of 14 January 2015 – Socio-economic damages. Inside the square we present the six societal impact areas – the larger the area, the more links there are between the trafficking activities and the negative impacts. As an example of a “big area”, seven different types of trafficking typically lead into increasing market place distortions and/or unfair competition. In the other extreme, only trafficking in stolen cultural products leads to losses in cultural heritage.

blog10.03.162

That’s all for the CBRA Blog today – please let us know if you see this type of visualization as beneficial when teaching and learning about the big picture of supply chain security!  Thanks, Juha Hintsa ( email: cbra@cross-border.org )

CEN Supply Chain Security — Good Practice Guide for Small and Medium Sized Operators, 2012 (CORE1030)

Summary: This is a guidance document for small and medium sized enterprises, SMEs. on how to apply a supply chain security approach to their operations in order to mitigate the risk of criminal activities. It gives an overview of the main crime types occurring in the supply chain along with some countermeasures, as well as the supply chain security initiatives, and the compliance requirements thereof. The document is available for purchase e.g. at:   http://shop.bsigroup.com/ProductDetail/?pid=000000000030258778  (link tested on 3 March 2016)

[s2If is_user_logged_in()]

Full review: The recommended supply chain strategy rests on a six-step approach. The first step is to define a context for the supply chain, crime prevention and security management activities taking into consideration the security sensitiveness, the geography and transport modes, and the main stakeholders involved in the supply chain operation. The second step is to make a threat and vulnerability analysis with regard to terrorist and other criminal threats in the supply chain. The main criteria included are the gaps existing in enhanced security, the high-risk crime types, and the potential consequences of crime occurrences. The third step covers the regulatory framework, the major aspects being the regulations and programs required for successful business operations, expectations of customers and suppliers, requirements laid down by insurance providers, and relevant government authorities. The fourth step refers to an overall security plan, taking into account the physical security, data security, human resources security (including selection, training, and exit procedures), business partner security (including selection, and auditing), and process control and monitoring of deviations. The fifth step involves implementing into practice concrete security measures, investment in technologies, procurement of services, in-house solutions and so forth. The final step is to monitor and measure the security performance and take appropriate corrective actions.

Five supply chain crime types have been elucidated in this guide. These include:  Property theft (cargo theft, intellectual property breaches); targeted damage (terrorism, sabotage); cross-border duty and tax fraud; illegitimate transporting, exporting and/or importing (smuggling of prohibited and restricted goods, people smuggling); and crime facilitation (document forgery, bogus companies, cybercrime). For each crime type, the main focus should be on the issue (main features and typical sectors/products involved), scope of the problem and actions to mitigate risks.

This guidebook has chosen eight security initiatives for illustration purposes. It explains the context of each initiative, whom it is meant for, and some basic requirements and the implications. These are as follows:

  • Import Control System (ICS) in the EU (a systems tool meant for the lodging and processing of Entry Summary Declarations, and for the exchange of messages across national customs agencies, economic operators and the European Commission).
  • Export Control System (ECS) in the EU (introduces EU procedures to computerize and control indirect exports and to implement the EU safety and security regulations);
  • Maritime Security Legislation, International Ship and Port Facility Security (ISPS) Code in the EU (International regulations to ensure the security of maritime transportation are being issued by the International Maritime Organization, IMO, in the International Ship and Port Facility Security Code);
  • Aviation Security Legislation, Air Cargo Supply Chains in the EU (three categories of aviation security legislation exist in the EU- Framework regulation, supplementing regulations, and implementing regulations-all targeted towards civil aviation security).
  • European Union Authorized Economic Operator, EU AEO (operators involved in international trade of goods certified as complying with WCO or equivalent supply chain security standards);
  • Regulated agent, Known consignor and Account consignor in the EU (Specific “trusted trader” status existing in the European air cargo supply chains);
  • ISO 28000 Series of Standards on Supply Chain Security Management Systems (address potential security issues at all stages of the supply process, e.g. terrorism, fraud and piracy);
  • Transported Asset Protection Association (TAPA) in Europe (fighting cargo crime using real-time intelligence and the latest preventative measures).

CORE1030

[/s2If]

TRANSPORTATION SECURITY – Action Needed to Strengthen TSA’s Security Threat Assessment Process, GAO, 2013 (CORE1015)

Summary: The GAO report is about measuring the performance of the Adjudication Centre that is a department within the Transportation Security Administration (TSA) responsible for administering background checks for people who need access to secure facilities unescorted. The centre issues the access credentials based on a through vetting of the applicant’s criminal history, immigration status, and connections to terrorist groups, among other checks. The report argues that the Adjunction Centre could improve the efficiency of the background checks – the individual security threat assessment – by improving its performance measurement system through better data and indicators. Although this GAO report focuses on a rather narrow topic, management of the background checking process, the report’s insights could benefit the CORE’s risk management cluster and those demonstrations that deal with access control matters. The report is available at: http://gao.gov/assets/660/656051.pdf

[s2If is_user_logged_in()]

Full review: This GAO document is closely related to the work the CORE’s risk cluster. The report describes problems the TSA’s Adjudication Centre faces when it manages the background checking process of the US-based transportation worker identification credentials (TWIC), hazardous materials endorsements (HME) and Aviation Worker (AV) authorization programs. Moreover, since access control is a central security solution in nearly all CORE demonstrators, the demonstrations might benefit from tips and guidance this report offers. At the final stages of the project, this GAO report might prove a useful document when the project consortium produces training materials on how to manage access control systems and how to administer background checks.

Cross-references:

  • Port Risk Management: Additional Federal Guidance Would Aid Ports in Disaster Planning and Recovery. GAO-07-412. Washington, D.C.: March 28, 2007.
  • Critical Infrastructure Protection: An Implementation Strategy Could Advance DHS’s Coordination of Resilience Efforts across Ports and Other Infrastructure. GAO-13-11. Washington, D.C.: October 25, 2012.

CORE1015

Additional keywords: Terrorism, background checks

[/s2If]