Give Now

We must close the loophole that allows law enforcement to buy our personal data without a warrant.

Policy Letter

POGO Concerned With Self-Policing Import Programs

Sent by Facsimile

Chairman Joseph I. Lieberman

Committee on Homeland Security & Governmental Affairs

340 Dirksen Senate Office Building

Washington, D.C. 20510

Fax: (202) 228-3792

Ranking Member Susan M. Collins

Committee on Homeland Security & Governmental Affairs

350 Dirksen Senate Office Building

Washington, D.C. 20510

Fax: (202) 224-9603

Chairman Max Baucus

Committee On Finance

219 Dirksen Senate Office Building

Washington, D.C. 20510

Fax: (202) 228-0554

Ranking Member Charles E. Grassley

Committee On Finance

219 Dirksen Senate Office Building

Washington, D.C. 20510

Fax: (202) 228-0554

Chairman Bennie G. Thompson

Committee on Homeland Security

176 Ford House Office Building

Washington, DC 20515

Fax: (202) 226-4499

Ranking Member Peter T. King

Committee on Homeland Security

H2-117 Ford House Office Building

Washington, DC 20515

Fax: (202) 226-3399

Chairman Edolphus Towns

Committee On Oversight and Government Reform

2157 Rayburn House Office Building

Washington, D.C. 20515

Fax: (202) 225-4784

Ranking Member Darrell Issa

Committee On Oversight and Government Reform

B350A Rayburn House Office Building

Washington, D.C. 20515

Fax: (202) 225-3974

Dear Member of Congress:

The Project On Government Oversight (POGO) is an independent nonprofit that investigates and exposes corruption and other misconduct in order to achieve a more effective, accountable, open, and ethical federal government. In our efforts to further this mission, we want to bring to your attention two troubling self-policing programs—the Customs-Trade Partnership Against Terrorism (C-TPAT) and Importer Self-Assessment (ISA) programs—administered by U.S. Customs and Border Protection (CBP) within the Department of Homeland Security (DHS). Inherent in this sort of self-regulation is a reduction of federal oversight of imported goods coming into the country. POGO believes that self-regulation programs, by their very nature, are unsound because they are not objective or reliable, and that they are ripe for abuse, placing U.S. citizens in jeopardy.

The first program, C-TPAT,1 is a voluntary partnership between the government and the private sector created after 9/11 as part of CBP's efforts to ensure the security of imports. C-TPAT existed first solely as a CBP policy and then was outlined in more detail by Congress in 2006 following the passage of the SAFE Port Act.2 Under that legislation, a C-TPAT company is certified by CBP to monitor its own supply chain security, and in exchange receives a number of benefits from CBP, including priority cargo searches and a reduction in cargo examinations.3

The second program, the ISA program,4 further allows importers to evaluate their own compliance with trade laws.5 According to CBP's own literature, "ISA keeps the company in the driver's seat."6 One DHS official stated that "[p]erhaps one of ISA's greatest rewards is that it offers far more business certainty. Without potential audits or other forms of government oversight, importers can focus on improving their core business and the efficiency of their own processes."7

CBP has stated that "ISA and C-TPAT are both based on the principles of public-private partnership and importer self-governance."8 As of the FY 2009 mid-year report, C-TPAT and ISA program participants accounted for 33% of all imports into the U.S. and approximately $454 billion in revenue, which is about 50% of all import value.9 That means that one-half of the goods imported into the U.S. fall under the umbrella of C-TPAT and its self-assessment requirements. A business's self-policing responsibilities include communicating and verifying the security guidelines of the company's business partners within the supply chain to CBP. CBP maintains that this arrangement allows for a more secure and expedient supply chain, a reduction in border delay times due to cutting down on CBP inspections, and as a result CBP staff can attend to non-C-TPAT certified importers.10

Is this arrangement, however, causing a risk to security and revenue protection? POGO has been contacted by one insider who believes that the ISA program is too accommodating, providing the trade industry with too much control.

Heightened security concerns involving U.S. ports recently arose after DHS Secretary Janet Napolitano announced that CBP won't meet the 2012 deadline for radiation scanning of all imported containers coming into the country.11 The scanning delay was claimed to be caused by limited technology, the economy, and diplomatic concerns. Others, however, are not so worried about the scanning delay. The Heritage Foundation has expressed concerns that the 100% requirement will slow down supply chains, thereby eliminating crucial benefits offered under the C-TPAT program.12

CBP seems to be in the vulnerable position of giving the import industry anything that it wants. The agency continues to push for growth in its C-TPAT and ISA membership despite an unproven record of success. POGO is unconvinced that a dearth of media reports about import violations or CPB safety and compliance data provided by the importers themselves, is cause to celebrate the safety of U.S. supply chains or compliance with trade laws.

Analysis of Shortcomings in CBP's Self-Policing Programs

While federal officials claim that C-TPAT and ISA are saving taxpayers money by reducing the resources necessary to monitor and regulate imports, POGO is concerned that these programs may in fact be endangering national security, losing import revenue, allowing the importation of defective or harmful goods, and resulting in companies circumventing import laws and regulations. Specifically, POGO has received insider information that importers non-compliant with trade laws and regulations have been approved and are applying for the C-TPAT and ISA programs.

There have been additional insider claims that ISA applicants are not tested to verify that the promised compliance controls have been implemented and are effective. This lack of ISA validation is similar to C-TPAT's lackluster validation process. According to a 2005 study by the Government Accountability Office,13 only one in ten C-TPAT companies was actually validated. In other words, at that time, nine in ten member companies were receiving benefits from the C-TPAT program without actually demonstrating that they deserved them. In addition, according to the same GAO study,14 the validation process was itself incomplete, not even covering the full range of security requirements. As the situation currently stands, C-TPAT offers a false sense of security—the status of security throughout much of the international supply chain is unknown because of the large gaps in CBP knowledge and oversight.

It must also be noted that a number of the known C-TPAT companies have committed serious trade violations in the past, yet have been granted membership into C-TPAT and ISA, without testing to verify their problems have been corrected.15 In fact, ISA reviews do not qualify as audits because of this lack of testing. A number of these "trusted companies" even appear in POGO's Federal Contractor Misconduct Database (FCMD) for violations of laws and regulations, showing that these companies cannot necessarily be trusted to follow the rules on their own, even when they are being monitored properly by outside regulators.16

The importance of CBP's ability to effectively secure our ports should not be taken lightly. In 2002, Booz Allen Hamilton conducted a study to examine the consequences of a terrorist attack on the supply chain. As a result of a hypothetical attack, it was projected that two major ports would close immediately, and that nine major U.S. ports would close in total. As a result, the ports would amass a projected three-month container backlog and an estimated $58 billion dollar loss would register to the U.S. economy.17

The adequacy of the self-policing programs was questioned recently in a congressional hearing. In early December, Senator Mark Pryor (D-AR) asked DHS Secretary Napolitano the following question: "There's been some news reports recently that have been critical of the Border Patrols [C-TPAT] Program, and the gist of these news reports is that some Mexican gun and drug smugglers are actually using this program because it allows the trucks to get through the border quicker and I guess with less security. Are you aware of that? Are you aware of those news reports?" Secretary Napolitano replied that she was "not aware of those news reports."18

Despite questions about the C-TPAT and ISA self-policing programs, CBP seems even more willing to acquiesce to the demands of importers and other regulated companies. Two additional pilot programs—the Importer Self-Assessment Product Safety (ISA-PS)19 and the Broker Self-Assessment (BSA)20 programs—have been established by CBP to provide importers and brokers with even more control over goods being imported into the U.S.

POGO has additional concerns about the ISA-PS pilot program to be run in conjunction with the Consumer Product Safety Commission (CPSC). It would allow select ISA importers to regulate their own product safety.21 Under the ISA-PS program a company will be able to determine its own imports' compliance with customs law and with federal product safety requirements.22 The degree of independence an importer would have if this pilot program becomes standard is unprecedented, making it nearly impossible (unless the public is harmed or a whistleblower comes forward) for CBP and the CPSC to learn about unsafe goods imported by ISA-PS companies, if those companies do not voluntarily disclose such information. With more control placed in the hands of importers, POGO is concerned about the government's ability to protect the public from harmful or deadly products, for example, as noted by Senator Bill Nelson (D-FL), defective drywall.23 Post-import inquiries regarding defective drywall 24 and lead paint toy recalls 25 show that dangerous goods are already getting into the country. CBP and CPSC might want to shift their focus to preventing harmful or deadly products from reaching the consumer marketplace. Just a quick review by POGO found that since 2005 there have been approximately 80 CPSC press releases about lead paint toy recalls involving U.S. importers and manufacturers in foreign counties.26 Unfortunately, POGO isn't able to determine how many of those companies participate in CBP's ISA-PS program.

In April 2009, CBP started the BSA pilot program.27 Under that program, CBP will essentially allow participating customs brokers (companies in business to assist in the import and export of goods)28 to self-regulate in an effort to ensure a high level of broker compliance with CBP laws and regulations.29 Another intended result is to "facilitate legitimate trade so that CBP can focus on higher-risk trade enforcement issues."30 Although a worthy cause, this program appears to be another example of providing accommodations to the import industry.

POGO is also concerned that, according to statements by Acting CBP Commissioner Jayson Ahern as recently as April 1, 2009,31 CBP is even moving towards "mutual recognition" agreements with other nations that would recognize and reward the stated security efforts of foreign traders that aren't C-TPAT members. This program would further lessen the government's knowledge and control of goods coming into the U.S.

It is easy to conclude that all of these programs are, in part, the result of limited resources to monitor the hundreds of billions of dollars of goods that enter the U.S. each year. However, the risk inherent with that strategy becomes a financial, security, and safety issue. For more information on C-TPAT, ISA, ISA-PS, and BSA, please see the attached Overview of Customs and Border Protection's Self-Policing Import Programs.

Access to Information

POGO attempted to examine the C-TPAT and ISA programs by requesting records pursuant to the Freedom of Information Act, requesting company names, audits, and records of compliance.32 DHS denied both the request and administrative appeal citing, among other exemptions, national security risks. POGO's appeal, however, focused on information pertaining to both programs that was publicly available, including the names of many C-TPAT and ISA members.33 CBP responded stating: "Even though CBP inadvertently released some names of the companies that are members of the Importer-Self Assessment Program (ISA)… in the printed edition of CBP Today… any references to the ISA member companies were subsequently removed from the electronic version of the CBP newsletter. Accordingly, CBP considers the information to remain protected and exempt from disclosure."

Despite that claim, POGO has identified additional companies involved in both the C-TPAT and ISA programs, using simple searches of federal and company websites, including the American Petroleum Institute, BP America, Broadcom Corp., Cost Plus, Daimler, Delphi, Estee Lauder Co., Euromarket, FedEx, Ford, General Motors, Hasbro, Samuel Shapiro & Company, Inc., Sara Lee, Target Corporation, Tektronix, Tiffany, and VisteonMotorola.34 CBP also provided testimonials from a number of companies, including Pfizer Global Manufacturing, Canadian National Railway, Trust International Corp, PepsiCo International, Confab Laboratories, AO Smith Corp., and Wet Seal/Arden B, in an attempt to increase its membership.35 CBP also provided the University of Virginia with the names of more than 1,700 C-TPAT companies in order to assess their satisfaction with the program,36 further demonstrating CBP's lack of control over membership information. If the names of program participants are indeed non-public information, someone should inform CBP officials and participants.

From significant problems with validating the security policies of C-TPAT membership companies and the trade compliance practices of ISA applicants to inconsistency and confusion about membership secrecy, CBP has demonstrated a number of significant and worrisome weaknesses in creating and implementing these self-policing programs. The vast potential for abuse, security, compliance and safety breaches, and revenue losses caused by the C-TPAT, ISA, ISA-PS, and BSA programs demands greater accountability and openness on the part of the government.

Recommendations

We strongly recommend that Congress investigate the C-TPAT, ISA, ISA-PS, and BSA self-policing security, compliance, and safety programs. Close scrutiny should be paid to all audit reports submitted both before and after the company's entrance into those programs.

Congress should also consider restructuring the programs and adding some security and compliance safeguards—including periodic routine audits to ensure that compliance and safety laws are being followed, appropriate import revenues are being collected, and supply chains are not being jeopardized. Additionally, performing periodic audits of randomly selected C-TPAT and ISA importers would create a deterrent for those not complying with laws, regulations, and program requirements. There should also be clear criteria for revoking membership in C-TPAT and ISA if results from these audits and other reviews are not satisfactory. These steps should be taken after first examining CBP auditing procedures to ensure they are effective and that they emphasize protection of revenue and the public.

Reforms that should also be considered by Congress and U.S. Customs & Border Protection are to:

Enforce all current laws, regulations, and policies. Currently, the true security of the international supply chain is unknown—we have a large number of rules in place, yet these rules are not being enforced.

  • Freeze the membership levels of C-TPAT and ISA immediately. The number of participants is now in the thousands and the programs are expanding much too quickly for the agency to accurately and reliably assess the security and compliance profiles of program applicants and current member companies.
  • Improve the reliability of CBP's validation processes (especially in terms of the accuracy of its admissibility reviews) by ensuring that its reviews comply with audit standards and by bringing in highly qualified third-party auditors, or both. Companies should not be admitted to C-TPAT, ISA, or any other self-policing program until they are audited and found to be fully compliant with all security, compliance, and safety laws and regulations.
  • Expand the audit process (once CBP has enhanced the quality of its individual reviews) to include a larger number of companies at all tier levels, so the agency can both sample a much larger number of companies and assess firsthand whether or not granting more benefits actually results in improved security and trade compliance.
  • Promote a specific mindset regarding CBP's tiered system: the more benefits a company receives, the more stringent its security and compliance requirements (and, more importantly, its security and compliance validations) must be. The benefits given to companies should be a reward for proven and verified security and compliance improvements, not advantages given simply based on promises that these companies will comply with all laws and regulations. Verified compliance should come first, and benefits should come second.
  • Conduct oversight of the ISA-PS and BSA pilots prior to their graduation to permanent programs. Congress and CBP should have more information about their respective benefits and risks prior to their expansion, or the initiation of other pilot programs.
  • Determine whether membership information is protected information, provide ample reasoning for that decision, and then apply this decision consistently in all cases. As the situation currently stands, CBP claims that membership information is protected from public disclosure, yet participant information is on numerous public websites.

The potential for abuse of those programs, both by would-be terrorists and by the importers themselves, is too great to ignore. Additionally, taxpayers need assurances that imported goods, revenue, and public safety are not at risk—assurances that CBP cannot currently provide.

Thank you for your time and consideration. If you have any questions or need any further information, please contact me by phone at (202) 347-1122 or by email at [email protected].

Sincerely,

Scott H. Amey

General Counsel

Cc: Secretary Janet Napolitano

Department of Homeland Security

U.S. Department of Homeland Security

Washington, DC 20528

Fax: (202) 282-8401

The Honorable Richard L. Skinner

Department of Homeland Security

Office of Inspector General

245 Murray Drive, SW, Bldg 410

Washington, D.C. 20538

Fax: (202) 254-4285

Acting Commissioner Jayson P. Ahern

Customs and Border Protection

1300 Pennsylvania Avenue, N.W.

Washington, D.C. 20229

Fax: (202) 344-1380

_______________________________________

1 U.S. Customs and Border Protection, C-TPAT Overview, December 13, 2007. (Downloaded December 10, 2009)

2 Public Law 109–347, Secs. 211-223, "Security and Accountability For Every Port Act" or "SAFE Port Act," October 13, 2006. (Downloaded December 10, 2009)

3 Government Accountability Office, Supply Chain Security: Feasibility and Cost-Benefit Analysis Would Assist DHS and Congress in Assessing and Implementing the Requirement to Scan 100 Percent of U.S. Bound Containers (GAO-10-12), October 2, 2009, pp. 9, 13, 42. (Downloaded December 10, 2009)

4 Federal Register, "Customs Service – Importer Self-Assessment Program," Vol. 67, No. 116, June 17, 2002, p. 41298. (Downloaded December 10, 2009)

5 On or about December 7, 2009, the Department of Homeland Security, Office of Inspector General, initiated an audit of CBP's Importer Self Assessment Program.

6 U.S. Customs and Border Protection, "Companies sign on to importer self-assessment program, join C-TPAT," Customs and Border Protection Today, September, 2003, p. 1. (Hereinafter CBP Today). (Downloaded December 10, 2009)

7 CBP Today, p. 1.

8 U.S. Customs and Border Protection, Letter from Daniel Baldwin, Assistant Commissioner, Office of International Trade, to Timothy E. Strinden, April 9, 2009, p. 1.

9 U.S. Customs and Border Protection, Import Trade Trends: FY 2009 Mid-Year Report, May 2009, p. 32. (Downloaded December 10, 2009)

10 U.S. Customs and Border Protection, Securing the Global Supply Chain: Customs-Trade Partnership Against Terrorism (C-TPAT) Strategic Plan, November 2004, p. 2.

11 Testimony of Department of Homeland Security Secretary Janet Napolitano before the Senate Commerce, Science, and Transportation Committee, Transportation Security Challenges Post-9/11, December 2, 2009. (Downloaded December 10, 2009)

12 The Heritage Foundation, Jena Baker McNeill, Disaster of 100 Percent Maritime Cargo Scanning Not Lost on Napolitano, February 12, 2009.

(Downloaded December 10, 2009)

13 Government Accountability Office, Cargo Security: Partnership Program Grants Importers Reduced Scrutiny with Limited Assurance of Improved Security (GAO-05-404), p. 4. (Hereinafter GAO Cargo Security). (Downloaded December 10, 2009)

14 GAO Cargo Security, p. 4.

15 Even a cursory web search can provide one with a wide number of trade violations by C-TPAT members. As examples, FedEx illegally exported U.S. equipment to a restricted entity, General Motors had an unauthorized export of technical data violation, and both General Motors and Motorola were found in violation of arms control regulations.

http://www.ecustoms.com/vc/penalties.cfm (Downloaded December 10, 2009)

http://www.contractormisconduct.org/index.cfm/1,73,222,html?CaseID=897 (Downloaded December 10, 2009)

http://www.pmddtc.state.gov/compliance/consent_agreements/GeneralMotorsCorp.htm (Downloaded December 10, 2009)

http://www.pmddtc.state.gov/compliance/consent_agreements/MotorolaCorp.htm (Downloaded December 10, 2009)

16 POGO Federal Contractor Misconduct Database (FCMD). The FCMD lists instances of misconduct among the government's top contractors, including FedEx, (#43), BP (#60), Daimler (#98), and General Motors (#99).

17 Booz Allen Hamilton, Mark Gerencser, Jim Wienberg, and Don Vincent, Port Security War Games: Implications for U.S. Supply Chains, 2002, p. 3. (Downloaded December 10, 2009)

18 Testimony of Department of Homeland Security Secretary Janet Napolitano before the Senate Commerce, Science, and Transportation Committee, Transportation Security Challenges Post-9/11, December 2, 2009. (Hereinafter Napolitano Testimony).

(Downloaded December 10, 2009)

19 Federal Register, "Department of Homeland Security: U.S. Customs and Border Protection: Importer Self-Assessment Product Safety Pilot," Vol. 73, No. 210, October 29, 2008, p. 64356. (Hereinafter ISA-PS Fed. Reg.). (Downloaded December 10, 2009)

20 Federal Register, "Department of Homeland Security: U.S. Customs and Border Protection: Broker Self-Assessment Outreach Pilot," Vol. 74, No. 79, April 27, 2009, p. 19103. (Hereinafter BSA Pilot Fed. Reg.). (Downloaded December 10, 2009)

21 ISA-PS Fed. Reg., 64356.

22 U.S. Customs and Border Protection, CBP/CPSC to Partner with Importers on Product Safety Pilot, October 29, 2008. (Downloaded December 10, 2009)

23 Senator Bill Nelson letter to President Obama, April 7, 2009, p. 1. (Downloaded December 10, 2009)

24 U.S. Consumer Product Safety Commission, Press Statement on Corrosion in Homes and Connections to Chinese Drywall, November 23, 2009, p. 1. (Downloaded December 10, 2009)

25 U.S. Consumer Product Safety Commission, American Greetings Corp. Recalls Sport Balls Due to Violation of Lead Paint Standard, Release # 09-267, July 9, 2009. (Downloaded December 10, 2009); See also U.S. Product Safety Commission, Recalls and Product Safety News, no date provided. (Downloaded December 10, 2009)

26 U.S. Consumer Product Safety Commission, Toy Hazard Recalls, no date provided. (Downloaded December 10, 2009)

27 BSA Pilot Fed. Reg., p. 19103.

28 U.S. Customs and Border Protection, Becoming a Customs Broker, no date provided. (Downloaded December 10, 2009)

29 U.S. Customs and Border Protection, CBP Selects Broker Self-Assessment Pilot Participants, July 29, 2009, p. 1. (Hereinafter BSA Participants). (Downloaded December 10, 2009)

30 BSA Pilot Fed. Reg., p. 19103.

31 Statement of Jayson P. Ahern, Acting Commissioner, U.S. Customs and Border Protection Before the Committee on Appropriations, Subcommittee on Homeland Security, April 1, 2009. (Downloaded December 10, 2009)

32 POGO submitted a FOIA request to U.S. Customs and Border Protection on January 24, 2004. We received a denial almost two years later on January 12, 2006. POGO filed a prompt appeal on January 24, 2006, citing public disclosure of some of the information that POGO requested. DHS responded on October 24, 2008, providing a final denial of POGO's request.

33 CBP Today, p. 1.

34 Remarks of U.S. Customs and Border Protection Commissioner Robert C. Bonner, C-TPAT Announcement, Detroit, Michigan, April 16, 2002. (Downloaded December 10, 2009) U.S. Customs and Border Protection, Importer Transitions from Focused Assessment to the Voluntary Importer Self-Assessment Program, March 23, 2005. (Downloaded December 10, 2009);

Other listings were found on company websites: http://fedex.com/ca_english/international/customsservices/fastprogram.html (Downloaded December 10, 2009), http://www.broadcom.com/company/c-tpat.php (Downloaded December 10, 2009), http://fedex.com/us/customersupport/ftn/faq/isa.html (Downloaded December 10, 2009), http://www.shapiro.com/html/ctpat.html (Downloaded December 10, 2009)

35 U.S. Customs and Border Protection, C-TPAT: A Guide To Program Benefits, no date provided, p. 4. (Hereinafter C-TPAT Guide). (Downloaded December 10, 2009)

36 C-TPAT Guide, p. 3.