U.S. Customs and Border Protection is currently circulating within the trade community draft modifications to the minimum security criteria associated with the Customs Trade Partnership Against Terrorism. CBP is gathering input on the proposed changes through the end of October and plans to implement the final updated MSC under a phased approach throughout fiscal year 2019.

CBP states that this is the first major revision of the MSC since the inception of CTPAT and is designed to modernize and strengthen requirements to more effectively combat evolving supply chain security threats such as the exponential increase in the volume and complexity of trade, the heightened risk of data breaches and cyberattacks, and the continued targeting of global supply chains by terrorists and criminal organizations. Generally the changes include establishing three focus areas and three new criteria categories, explicitly delineating requirements as “must” or “should” based on risk, and providing guidance on how to combat terrorism financing and money laundering.

An overview of the updated MSC is provided in the following chart.

Focus area MSC categories Description
Corporate security Security vision and responsibility (new) Promote a security vision, integrate security throughout the organization, establish an audit process, importance and role of the CTPAT point of contact
Risk assessment Complete a comprehensive risk assessment based on a recognized methodology and in line with the MSC
Business partner requirements Select, screen, and monitor business partner compliance with MSC, including trade-based money laundering
Cybersecurity (new) Written cybersecurity policies and procedures, protection of IT systems with software and hardware, remote access, personal devices
Transportation security Conveyance and IIT security Conduct thorough inspections for both security and visible agricultural contamination, driver verification, tracking of conveyances, random searches
Seal security High security seal policy, containers not suitable for sealing, mandated use of the VVTT seal verification process, management audit of seals
Procedural security Document processes relevant to transportation, handling and storage of cargo
Agricultural security (new) Requirements that protect the supply chain from contaminants and pests and the proper use of wood packaging materials
People and physical security Physical access controls Requirements to prevent, detect, or deter unauthorized personnel from gaining access to facilities; expands on the use of security technology
Physical security Positive identification of all employees, visitors, and vendors at all points of entry
Personnel security Complete screening, pre-employment verification, background checks, and comply with U.S. immigration laws
Security training, threat, and awareness Training on security for all employees, specialized training for employees in sensitive positions, determine if training was effective

CBP has begun informing affected entities of the proposed changes through webinars, weekly workshops at its field offices, and workbooks that outline the updates each type of entity will need to implement. CBP will evaluate feedback received and make any necessary changes to the proposed MSC, which will then be finalized and implemented in the following four phases. In a document submitted to its Commercial Customs Operations Advisory Committee CBP indicated that CTPAT members will not be expected to adhere to the new standards until early 2020.

Phase 1: cybersecurity, conveyance and IIT security, seal security

Phase 2: security training, threat, and awareness; business partner requirements; risk assessment

Phase 3: security vision and responsibility, physical security, physical access controls

Phase 4: agricultural security, personnel security, procedural security

© [2018], Sandler, Travis & Rosenberg, P.A. Originally published in the [09/20/2018] issue of the Sandler, Travis & Rosenberg Trade Report. Reprinted by permission.