COMMENTARY AVOIDING TROUBLE IN A C-TPAT VALIDATION By Ronald Jaspan MEMBERS OF THE Customs-Trade Partnership Against Terrorism beware: Validation or revalidation requirements have changed signifi cantly since you were initially or last certified in the voluntary program. Many companies, saying they were prepared for that initial or at least most recent validation, are surprised to be receiving “Actions Required/Recommendations” notices from Customs. Worse, some have been suspended from the program because they weren’t able to demonstrate to their U.S. Customs Supply Chain Security Specialist, known as an SCSS, that their company is meeting minimum security requirements. C-TPAT members might ask, “What are all these written procedures? How do we monitor the supply chain business partner’s Status Verifi cation Interface number (or SVI, the number Customs issues a company when it becomes a C-TPAT member)? What is an internal/external audit, a threat awareness program, the five-step risk assessment or annual security profile review? These questions and requirements were not posed during my last visit.” The problem for many C-TPAT members is linked squarely to the 2008-09 recession. Workers were laid off in droves or, at best, hiring was suspended. Members of a company’s original C-TPAT validation team now may hold multiple positions or are no longer employed at the company. The diminution in manpower directly impacts a company’s ability to maintain the C-TPAT program since initial certification or a validation/revalidation visit by the SCSS. The SCSS requires C-TPAT members to create written procedures adhering to the adage of “here today, gone tomorrow or sooner.” The C-TPAT member should assume the same written procedures might not be implemented by the same employee every day or even every hour. The C-TPAT member’s objective is to score as close to 100 percent as possible during the validation visit. Any “Recommendations and/ or Actions Required” notices the C-TPAT member receives as a result of the validation/revalidation phase will become the starting point by the SCSS at the next validation. Customs through the SAFE Port Act mandates that a C-TPAT participant undergo a validation by an SCSS within one year of becoming C-TPAT-certified. That validation will consist of the SCSS visiting the company’s domestic office and warehouse (importer’s or third-party warehouse) and one foreign shipper, where cargo is manufactured or distributed, and a consolidation facility, if required. The foreign trucking company will be visited directly or be required to be present at the foreign shipper or foreign consolidator meeting. The validated C-TPAT member will undergo a revalidation visit within three years of the last validation or sooner based on cause or incident. The SCSS will contact the C-TPAT member and advise of the various possible methods of revalidation: Visit the domestic facility and/or, another company facility, conduct a conference call or send out a questionnaire to determine if the company is meeting the minimum security requirements. For the foreign segment, the SCSS will visit a foreign shipper and consolidator, if required, plus the respective trucker. It’s important that the foreign shipper, consolidator and trucker be prepared for the C-TPAT validation/ revalidation visit. If the above parties aren’t able to demonstrate to the C-TPAT member’s SCSS that they are meeting the minimum security requirements, the C-TPAT member may be suspended from the program, even if it demonstrated compliance on the domestic side. In preparing for the validation phase, consider the following tips: ¦ Create a supply chain flow chart to determine your company’s exposure to risk, starting with the shipper (foreign) and ending with the importer of record and the domestic consignee, regardless of who is responsible for contracting the business supply chain partner. ¦ Review your security profile to ensure it’s compliant with Customs’ current requirements. (The requirements may have changed and/or become more stringent since the security profile was initially submitted.) ¦ Review, update and create written procedures to implement correct requirements within your company. ¦ Verify the security survey questionnaires have been sent and completed by the supply chain business partner and, in particular, by the companies that will be reviewed/audited by the SCSS during the validation phase. ¦ Thoroughly review the security survey questionnaires to ascertain if the supply chain business partner is meeting the minimum security requirements and if the written procedures exist and are being implemented. If not, communicate with your partner and develop written procedures. Thorough preparation for a validation visit by a SCSS is a requirement, and not optional, to maintain C-TPAT membership and to continue to receive the benefits that were the driving force behind joining the program. JOC Ronald Jaspan is president of Norman Jaspan Associates, a New York-based management consulting firm. Contact him at ronald@normanjaspanassociates.com. 50 THE JOURNAL OF COMMERCE www.joc.com MAY 9.2011