At the 2020 AIAG Virtual Customs Town Hall on November 4^th, Manuel A. Garza, Jr., director, CTPAT U.S. Customs & Border Protection, will provide an insider look on the first major update to the Minimum Security Criteria (MSC) in the CTPAT program’s history.

The talk will be broadcast at 1:45 pm EST via the Customs Town Hall virtual platform, and will include the latest information on forced labor, agriculture, cybersecurity, security vision and responsibility, and the future of the CTPAT validation process.

Garza directs a team of nearly 180 employees in six field offices to conduct Supply Chain Security validations throughout the globe. He is responsible for the management of nearly 11,600 CTPAT participants as well as for the policy of the program and its enforcement activities. With the ongoing COVID-19 pandemic, Garza led his team to develop alternatives to the physical on-site validation process. In July 2020, CTPAT conducted its first virtual validation.

In this exclusive interview with AIAG Supply Chain eNews, Garza explains CBP’s comprehensive new approach to supply chain security.

AIAG: What are the objectives in rolling out the new Minimum Security Criteria from CBP under the CTPAT program? What is the purpose and incentive behind the updates?

Garza: Updating the program’s Minimum Security Criteria was a three-year collaborative effort that CTPAT undertook with the trade community at large. The Working Group created under the umbrella of the COAC was comprised of individuals representing the equities and interests of the entire supply chain spectrum — companies in CTPAT (including importers and exporters), trade associations and organizations, and supply chain security experts. 

CBP’s aim is to approach supply chain security more comprehensively. To that end, CTPAT incorporated requirements or recommendations related to cybersecurity, the protection against agricultural contaminants and pests, the prevention of money laundering and terrorism financing, and the expansion of security technology. The MSC maintains flexibility and a risk-based approach, while redefining the global standard for government-led supply chain security programs. 

The present global trade environment faces new and evolving threats and challenges that the Program needed to address. The MSC update also reflects industry’s valuable input, and responds to key factors such as legal mandates, a need to reflect on CBP’s mission, and the changing trade landscape. Since CTPAT’s inception, trade volume and complexity have increased exponentially. U.S. imports, for example, grew 88 percent from 2002 to 2016. Simultaneously, the role of technology has increasingly impacted the supply chain. The risk of data breaches and cyberattacks is more prevalent, creating the need for comprehensive cybersecurity.  

The new MSC reflect the knowledge accumulated by CTPAT after having an operational program in place for nearly 18 years. Many lessons have been learned and several vulnerabilities to the supply chain have been identified after having conducted thousands of validations around the world. The new MSC also reflect the knowledge and expertise of the trade community itself.

For example, the global supply chain continues to be targeted by terrorists and criminal organizations, underscoring the need for CTPAT members to take increased measures to secure their supply chains. The update to the MSC aims to close gaps in the supply chain given today’s threat environment. Cyberattacks have increased dramatically in the past few years, affecting all types and sizes of businesses. Fictitious pickups are another example of a modality that has increased since the program was first envisioned. 

AIAG: With the global community still conducting business virtually due to the pandemic, are there any changes coming in the scheduled validations for all importers?

Garza: Understanding the impact of this global pandemic, CTPAT has explored alternate approaches to the onsite validation and has tested a virtual validation process to determine its effectiveness and applicability for its low-risk, trusted CTPAT partners. This innovative approach to the validation process builds on our existing partnership and current benefits, reduces public-private sector costs associated with the traditional site visit, and leverages available technology to provide an alternative to traditional methods of supply chain verification.  

While CTPAT has developed a virtual validation approach, the program recognizes the criticality of the onsite visit, values the opportunity to meet and exchange best practices with its partners, and views the onsite visit as our intended path forward when the global community is once again in full swing. As a result, CTPAT has discussed the possibility of deferring some of the scheduled validations to ensure that the program is better positioned to collaborate with its partners in the examination and strengthening of the international supply chain.      

AIAG: What CTPAT best practices are you emphasizing right now?

Garza: As part of the MSC update, CTPAT worked with the private sector to develop the Best Practices Framework. In fact, the Framework was tested and validated in 2018 by Members of the MSC Working Group.

Previously, members exceeded the MSC by complying with specific lists of best practices that CBP published. This led to CTPAT members using the catalogue to pick up best practices without demonstrating that they were in fact meeting any particular set of standards — a framework. 

The Program and the trade determined that a best practices framework created a more agile and effective process, since a framework — as opposed to a prescriptive list — allows companies to identify or build specific and unique best practices. For CTPAT purposes, a best practice must meet all five of the following requirements, all of which are subject to verification:

1. Senior management support; 
2. The use of innovative technology, a process or procedure; 
3. Documented process; 
4. Verifiable evidence; and 
5. A regular system of checks, balances, and accountability.

AIAG: Can you break down the new components of the updated MSC, such as cybersecurity and agriculture? Would you be receptive to an AIAG-sponsored CTPAT workshop?

Garza: Yes, we would be glad to participate in an AIAG-sponsored workshop.

CTPAT categorized the new criteria into three focus areas: Corporate Security, Transportation Security, and People and Physical Security. Within these focus areas, there are 12 criteria categories that apply across the supply chain to each entity group eligible for CTPAT membership. There are three new criteria categories: (1) Security Vision and Responsibility, (2) Cybersecurity, and (3) Agricultural Security. (Editor’s note: Below is the new MSC structure, with the new criteria categories in red.)

AIAG: Any other recommendations you would like to make regarding CTPAT?

Garza: The program has developed a good amount of resources such as PowerPoint presentations, white papers, and CTPAT Alerts and Bulletins that members can use. These resources can be found in the CTPAT Portal (Public Documents / Public Library section). Take advantage of these resources. A few recommendations:

• Code of Conduct. Whether or not you are in CTPAT, AIAG members should have a Code of Conduct in place. This is a key part of creating a culture of security within each organization, no matter how big or small it may be.
• Role of Upper Management. Understand the critical role that upper management plays (CEOs, owners, supply chain security directors, etc.) in making sure that your security program is in fact working well. Leaders need to lead by example, demonstrating security internally within their organization and demanding security from their partners and peers.
• Forced Labor. CBP has taken a stronger enforcement posture to prevent and penalize the importation of goods into the United States using forced labor. Merchandise found to be in violation is subject to exclusion through withhold release orders and/or seizure by CBP and includes the possible criminal investigation of the importer.
• CTPAT’s Trade Compliance Program. The inclusion of forced labor will solidify the expectations and outline the rules of engagement to ensure that members are being held to a higher standard when it comes to identifying and reporting forced labor within their supply chains.