The Customs Trade Partnership Against Terrorism (“CTPAT”) program is a voluntary and incentive-based program that has been an integral part of U.S. Customs and Border Protection’s (“CBP”) cargo enforcement strategy to combat terrorism, illegal contraband, and other threats in the international supply chain since 9/11. The program is successful in bridging the gap between private sector businesses and the federal government in the collaborative effort to improve border security. To-date, the program has over 11,500 program participants that represent the entire spectrum of the global supply chain.

Background

Twelve categories of business entities are eligible for membership in the CTPAT program: U.S. Exporters, U.S. Importers, Mexican and Canadian Manufacturers, Mexican Long Haul Highway Carriers, Air Carriers, Rail Carriers, Sea Carriers, U.S. Highway Carriers, Third Party Logistics Providers, Consolidators, U.S. Marine Port Authority & Terminal Operators, and U.S. Customs Brokers.

CTPAT membership is not as easy as merely signing-up. Each applicant must ensure their supply chain security practices meet certain minimum security criteria (“MSC”) established by CBP. The MSC operate as a fundamental set of building blocks to help members of the CTPAT program develop security practices that will aid them in establishing an overarching supply chain security program designed to mitigate threats to a member’s global supply chain. Each eligible entity has MSC requirements specific to their industry.

In return for meeting the MSC and maintaining compliance, CTPAT members receive various benefits (categorized into trade, compliance, and security/trade benefits). These include reduced cargo examinations and shorter wait times at border crossings.

The program has continually evolved as CBP and the trade industry have identified new threats. Recent developments in technology have led CBP to develop new security criteria to address cybersecurity threats specifically. The changes to the MSC are illustrated in a booklet series; one booklet for each of the 12 types of eligible entities.

Updates to the Minimum Security Criteria

The updated MSC is segmented into three main categories; Corporate Security, Transportation Security, and People and Physical Security. Within each of those main categories there are twelve subcategories where requirements are further broken down. The most notable change to the MSC are the new subcategories for Cybersecurity, Agricultural Security, and Security Vision and Responsibility. The CBP recommends that CTPAT members implement the new MSC requirements in a phased approach.

The below table illustrates the categories, subcategories, and phased implementation approach, as outlined by the CBP:

All CTPAT members are expected to comply with the new MSC requirements by 2020. CBP notes that while validations to ensure compliance under the updated MSC will commence in early 2020, most members will not undergo a validation that year because they are on a four-year validation cycle.

Lessons Learned

It is important for current CTPAT members or those seeking CTPAT membership to review and take immediate action in complying with the updated MSC requirements to ensure continued participation in the program, as well as to make sure the benefits afforded under program are not stripped. Moreover, from a best practice perspective, maintaining an adequate and reasonable security program not only helps you with the CTPAT, but is also just good business practice. Adequate security measures can help a business operate more efficiently while preventing security incidents and business loss, building trust with your customers or clients, and complying with other regulatory frameworks that may apply to your business.