5 steps to trade compliance
U.S. Customs and Border Protection’s best-practices guidelines show the way to a successful trade-compliance program. Here’s how to apply them in your company.
By Misty Rutter -- Logistics Management, 11/1/2006
Operating in the international marketplace has become a risky business. Heightened security measures and stepped-up government enforcement since 9/11 have made compliance with international-trade regulations more challenging. Increased penalties for corporations and individuals, along with management accountability under the Sarbanes-Oxley rules, are making many corporate executives take notice of trade-compliance issues.
The task of the corporate compliance officer is to navigate this treacherous terrain and build a sound structure within which a company can effectively conduct business. U.S. Customs and Border Protection (CBP) has published “The Five Components of Effective Internal Controls,” a set of recommendations that provide the building blocks for this structure. Here’s how importers and exporters can use that framework to develop strong compliance programs.
1 Environmental controls
Management commitment is the cornerstone of any compliance program. The tone set by company executives carries throughout the organization. If a corporate culture of compliance exists, then internal controls are less likely to be viewed as a nuisance or something to be circumnavigated. The first step toward creating this environment is to have a corporate policy issued by the chief executive. This policy should communicate management support for the compliance organization; an insistence on ethical and lawful transaction of business; and intolerance for willful disregard of regulatory requirements.
Part of creating a culture of compliance is the visibility and stature of the company’s compliance group. The compliance officer should have access to the executive level; he or she should also be empowered to interact with other departments and to stop a transaction or activity that could lead to a violation. At many of the companies I’ve worked with, the compliance function reports to the legal organization. This can provide the necessary visibility to the executive level and elevate the stature of the compliance function. The key is to ensure that compliance does not report to an area where there could be a conflict of interest, such as sales or customer service.
2 Risk Assessment
A risk is anything that could hinder a company from achieving success and attaining corporate objectives. The job of a compliance officer is to identify areas where the company could potentially fall afoul of government regulations and to develop methods for managing those risks.
Conducting an internal assessment of your current compliance program is a great way to start. Evaluate each area of compliance to determine if it is effective, documented, consistent, and—perhaps most importantly—current. Many companies I have assisted in conducting assessments had compliance manuals. However, some of those manuals had been created years earlier and had never been updated. That was a mistake: Neither the regulations nor the business environment are static, so a compliance program needs to evolve along with them. To make sure that happens, monitor the Federal Register for changes to the regulations. Update your procedures and communicate those changes to affected departments.
You should also be wary of factors that increase the risk of non-compliance. Developments such as staff turnover (there could be a loss of expertise and familiarity with requirements), rapid growth (mistakes increase when people are busy or overstressed), and major business changes (new product lines, mergers and acquisitions, and new sales areas or supply sources can affect compliance) must be managed.
Successor liability is an area where many companies get into trouble. If you don’t have a good due-diligence process for evaluating potential acquisitions before the deal is done, you could wind up inheriting a messy enforcement case. The acquisition of even a small business could throw you into a whole new regulatory arena. One of my clients, for example, had a good compliance program in place for its U.S. Department of Commerce export controls. But when the company acquired a new specialty-materials business, it suddenly found itself under International Traffic in Arms Regulations (ITAR) controls and had to revamp its program to include this new area.
3 Internal Controls
Establishing internal controls is quite simply a matter of creating policies, procedures, and organizational structures that will minimize risk to your company. Procedures should be effective but not overly burdensome. Document what you do, and do what you document—but don’t get unnecessarily tangled up in red tape. (ISO 9000 process standards, by the way, lend themselves nicely to documenting trade-compliance programs.)
Compliance procedures can be either preventive (such as requiring supervisory approval for certain activities) or detective (such as periodic reviews of import entries or export declarations). All procedures should be kept up-to-date to reflect any regulatory or business-process changes.
You should also develop control requirements for your suppliers and other supply chain partners. Work with your procurement department to require suppliers to provide information about their products’ classification, country of origin, and eligibility for duty-preference programs. Develop scope-of-work documents for service providers such as freight forwarders and customs brokers. Work with your legal department on terms and conditions for distributor or partner agreements to ensure that trade-compliance requirements are spelled out.
Outsourcing trade compliance to service providers is a growing trend. But it is important to remember that it is ultimately the importer or exporter of record who is liable for any violations.
Likewise, more and more companies are automating their trade-compliance function. I am a big fan of automation: Global traders cannot possibly manage compliance matters successfully with manual processes alone. Yet even the most sophisticated software does not eliminate the need for human intervention. That’s because there are many nuances in the regulations that require analysis and interpretation. In other words, an automated solution should not be seen as a replacement for a talented and dedicated compliance group; rather, it should be an effective tool for that group to use.
A good example is a practice adopted by some of my clients, who have implemented software solutions that block certain types of transactions. A member of the compliance group then evaluates those transactions and match them electronically with the appropriate Department of Commerce or Department of State export license or license exception (for example, a Low-Value Shipment exception or a CIV Civilian End-Use exception).
Record keeping is a key element of internal controls. Federal regulations require that certain documentation related to imports and exports be maintained and be accessible for a minimum period of time, typically five years. Make sure you have a documented record-retention schedule. And remember, too, that these requirements may also apply to records from other departments, such as finance, procurement, order management, and shipping/receiving. Work with affected departments to ensure that they adhere to the same record-retention standards.
4 Information and Communication
In a nutshell: Train, train, and then train some more. The higher the level of awareness within your organization, the more effectively you can maintain a compliant environment. Establish a training program with a recurrent training schedule. Some of my clients provide general awareness training on trade compliance to all new employees globally. This might seem like overkill, but it is important to ensure that all members of functional areas that affect trade compliance understand their responsibilities.
As noted earlier, things change. Test both your systems and your data to ensure accuracy. Bad data can lead to bad decisions or inadvertent violations. Keep training materials updated and inform affected departments when regulations are amended. Sending out a compliance newsletter or creating and maintaining an electronic bulletin board for compliance-related notices has worked well for some of my clients.
I also recommend partnering with government agencies. U.S. Customs and Border Protection programs, such as the Customs-Trade Partnership Against Terrorism (C-TPAT), Importer Self-Assessment (ISA), and the Automated Commercial Environment (ACE), can provide many benefits for participants, including faster transit times and avoidance of compliance audits. Attend government-sponsored sessions to stay current and to develop a dialogue with officials. Don’t be afraid of being “on their radar screen”—they really are there to help.
5 Monitoring
An internal audit program is essential to any successful trade-compliance program. Once you’ve established internal controls, those controls need to be checked for effectiveness. Create an audit template and schedule. Develop a corrective action plan you can apply when discrepancies are found, and then check that the plan has been put into action. It’s also a good idea to set up an anonymous reporting mechanism, such as a hotline, so employees can escalate potential compliance problems.
These five fundamental components provide the basic building materials of a solid, effective trade-compliance program. With this strong foundation, your program will protect you—and your company—from the considerable risks associated with non-compliance.
View All On-Demand Webcasts
