Cruise through Customs

Merchants that want to move imports through the supply chain more quickly while improving the security of their loads are looking to the U.S. Customs’ Trade Partnership Against Terrorism (C-TPAT) for help.

The voluntary C-TPAT program was formed as a large public-private partnership between Customs and Border Protection (CBP) and a handful of retailers and manufacturers, including Target, Sara Lee, General Motors Corp., and Motorola, to prevent terrorism against the U.S. through imports and transportation. Now most of the major retailers and importers are involved, and many small and midsize businesses are in the process of getting certified as well. All told, more than 12,000 companies are currently somewhere in the C-TPAT certification process.

In fact, says Al Thompson, vice president of global supply chain policy for the Arlington, VA-based trade group Retail Industry Leaders Association, “most carriers aren’t going to work with brokers and others that aren’t C-TPAT participants.”

What’s more, C-TPAT certification can help lower an importer’s risk rating at the ports. After the Sept. 11 terror attacks, CBP expanded its Automated Targeting System (ATS), which rates loads coming into the U.S. as a low, medium, or high risk, 24 hours before the shipment arrives. The scores are based on information CBP has in its Automated Manifest System, an extensive database of information that every shipper is required to submit.

Importing companies that obtain C-TPAT certification and validation receive lower risk scores, and that typically speeds up the approval process for their imported loads, as loads with higher scores receive more scrutiny and inspections.

And by ensuring the security of merchants’ supply chain, C-TPAT participation — which entails improving the physical security of their containers and the systems with which they track those who have access to the containers — helps reduce cargo theft. “That is why retailers very early on wanted to participate,” says Erik Autor, vice president/international trade counsel for the National Retail Federation.


The certification process starts with companies’ self-assessing their supply chain to see where they — and their business partners — can take steps to improve their supply chain security. The self-assessment and improvement measures are based on C-TPAT security criteria (available at in several areas, including business partner requirements, procedural security, physical security, personnel security, education and training, access controls, manifest procedures, information security, and conveyance security.

For example, participating importers must ensure that their containers are sealed with a “high security” seal so that unauthorized materials and even people cannot get into the containers. To ensure that employees are not tampering with containers, importers have to conduct background checks on certain employees. They must also provide training programs for employees, to make them aware of the threats posed by terrorists, how to recognize internal conspiracies, and the methods of reporting potentially threatening situations.

A company then submits its security plan to CBP, which reviews it and runs the business against all federal law-enforcement databases. Companies applying for certification must prove that not only are they implementing all the appropriate security measures but that all their suppliers and carriers are doing so as well.

There are three tiers of participation in C-TPAT. At the first level, CBP simply approves the application for certification. Companies that receive this certification typically obtain a reduced risk score, which results in fewer security inspections at ports and fewer Customs compliance inspections.

At the second level, CBP visits the companies. Assuming that Customs validates the companies’ systems, “they would get even further ATS reduction in their scoring, and even fewer inspections,” says former CBP commissioner Robert Bonner.

The third level consists of companies that not only are certified and validated but that exceed the minimum standards. With this highest level, companies get an even higher reduction in their automated targeting score, says Thompson, and are provided with the so-called green lane through Customs, with no inspections for security. “They will be subjected to only relatively infrequent random inspections,” Bonner says.


When Plano, TX-based general merchant J.C. Penney Corp., which obtained certification in 2002, started the application process, it formed a committee of representatives from distribution, fulfillment, and other relevant departments, says Sandra Fallgatter, the company’s private-brand compliance manager.

After Penney executives looked at all the company’s internal security measures, they worked with their business partners to ensure that their methods of securing containers and other security procedures met the company’s requirements. “We focused on the factory security process, then container security and the container loading process. We worked closer with our vendors and our partner factories,” Fallgatter says.

The company continues working with those business partners on a regular basis. In addition, the retailer’s quality-compliance executives visit factories and “verify that they have good security processes,” Fallgatter says.

The committee that assessed the security of Penney’s supply chain leading up to certification still meets on a regular basis. As Customs updates its guidelines for C-TPAT, the committee writes new policies for the company. It also holds training sessions throughout the year.

“We spend a lot of effort to educate and train [employees]. Everyone in the company has to be aware of the program,” Fallgatter says.

Like Penney, Home Depot has an internal committee that oversees C-TPAT compliance and travels globally to audit factories and train its suppliers and sourcing offices on C-TPAT, says Ben Cook, senior manager of global trade services at the Atlanta-based retailer. Home Depot has been certified since 2003 and obtained validation in 2005.

Since receiving C-TPAT certification last year,, a Salt Lake City-based online discounter, has realized a significant improvement in loads that had previously been delayed at ports. “We have about 80% fewer searches now,” says the company’s director of transportation James Floyd. “Before, we were getting quite a few searches, especially on shipments from South America.”

Another positive byproduct of the certification process was that Overstock, its vendors, and its freight forwarder developed a standard operating procedure for security that all parties must comply with. Overall, says Floyd, the certification process has helped and its vendors become more “security conscious.”


The nation’s largest merchants were the first to receive C-TPAT certification, and in fact some smaller merchants probably have no need to participate. “When you get into the realm of smaller and medium-size retailers, those usually operate through third parties and Customs providers,” says the National Retail Federation’s Autor. “Retailers who don’t carry their own branded merchandise and retailers who are not direct importers would probably not be participating in the program.” They may want to ensure that their third-party shippers and suppliers are certified, however.

Even so, Fallgatter says that C-TPAT participation is not as difficult as small and midsize merchants may think. “There are certain things even the smaller importers can do within their processes to try to achieve that level of control and security. You don’t necessarily have to spend a lot of money,” she says. “Anybody can draft some procedures on container inspection, based on what Customs is helping you with, and send those out to the factories or vendors you deal with.”

You don’t have to pay any fees to obtain certification, and the merchants contacted said they did not put money into new technology and procedures. The biggest investment is likely to be in staff time developing processes and procedures and submitting documentation to prove to CBP that you are improving your supply chain security. “Be ready to spend a lot of time and effort to get you to where you want to be,” Fallgatter cautions.

Some companies do hire supply chain consultants to help obtain certification. The consulting firm that Overstock hired, for instance, helped the e-tailer evaluate its own security processes and conducted fact-checks on some vendors to ensure they were really in compliance, Floyd says.

Working with a consultant can cost $16,000-$20,000, Floyd says. But the payoff in getting shipments through the ports faster and not having to pay for storage for those loads is worth the expense of hiring the consultant, he adds.

And as Home Depot’s Cook points out, “Perhaps small firms can look at C-TPAT as a process improvement that will better fine-tune their supply chain, and not just as an expense.”

Christine Blank is an Orlando, FL-based freelance editor and writer whose work has been published in The New York Times and Supermarket News, among other publications.

Tips for sailing through the C-TPAT process

  • Assign one person in your company responsibility for overseeing your C-TPAT program before applying. And be sure that you have support from management. “You have to get an executive sponsor,” says James Floyd, director of transportation for online discounter “If you don’t, it’s just not going to happen.”

  • “It’s not enough to show Customs what your supply chain is; you need to show what you did to improve the security,” says Sandra Fallgatter, private-brand compliance manager for Plano, TX-based cataloger/retailer J.C. Penney Corp. Demonstrate how the business has improved its physical access controls, container security, and other processes to “improve the flow of the merchandise and secure the merchandise,” she says.

  • Submit the C-TPAT application via the Customs Website ( Customs no longer accepts hard copies of the application.

  • Be patient. Even though companies typically receive certification within two months of applying, they still have to have a follow-up visit from Customs to “validate” that the company is doing what it said it would do on the application. The validation visits — to the applying company and to its vendors and partners — may not happen until 6-18 months after certification. At the validation visits, Customs supply chain specialists discuss the executive summary submitted for certification as well as what additional plans the company has for continuing to improve security of its supply chain.

  • Keep up with C-TPAT after certification. Requirements and criteria continually change. “You have to be committed to the program,” Fallgatter says. “It’s not just filling out an application and you’re done with it.”

  • Take advantage of education and training provided by Customs. The agency holds C-TPAT seminars once a year, with information on the program and ways to improve a company’s security processes. Also, the Customs Website includes best-practice guidelines and updates on the program. This month Customs is scheduled to add a dedicated C-TPAT Security Link Portal. This will allow qualifying C-TPAT participants to receive updates on C-TPAT as well as cargo security alerts; it will also enable them to communicate directly with their designated supply chain security specialists at Customs.

  • If you’ve visited the Customs Website but still have questions, call the Customs office in Washington directly (202-354-1000 or 877-CBP-5511). “They want to get more brokers and people involved,” Fallgatter says.