The Cross-Border Research Association Interviews Chris Thibedeau on Risk Management Methodologies and IT Systems

Dr. Juha Hintsa from the Cross-Border Research Association in Lausanne in Switzerland, recently interviewed Chris Thibedeau, VP of Customs, Regulatory and Law Enforcement Solutions with GreenLine Systems.  Dr. Hintsa was conducting a study in Thailand on the implementation of international standards on supply chain security (see some presentation slides by Dr. Hintsa at:  ).  The following is an excerpt:

Question 1) Mr. Thibedeau of GreenLine Systems, how do you see the current global situation on Customs administrations implementing risk management methodologies and IT-systems?

Answer:  As our firm works for several global customs administrations by providing risk management solutions, we have some insight into this landscape.  We have found there is a direct correlation between GDP and how a nation looks at risk.  While these are general statements, I have recognized that higher tier GDP nations have more of a security focus and invest in IT systems to assess the risk associated with the movement of goods, people, and conveyances across sovereign borders.  Lower tier GDP nations have almost a complete focus on the risk of “evaded revenue” for goods crossing their borders and seek controls to try and recoup this lost revenue.  This is largely due to the fact that many of these nations do not have income tax capabilities for their citizens and corporate entities in order to fund the government to operate.  Taxes collected at the border for importations are the primary source of these funds and therefore the government places a priority on recouping lost or evaded revenue on its customs services.  As a byproduct, many of the border controls are based on risk adverse practices (i.e. 100% physical inspection) vs. using the principles of risk management to focus resources appropriately.  Only when a country accepts and endorses risk management as their principle for border management due they seek out solution like we offer to identify high risk commercial shipments and facilitate pre-approved and or low risk trade.   

The WCO Safe Framework, the WCO Risk Management Compendium, the InterAmerican Development Bank’s KCP for Risk Management of Cargo and Passengers, and other internationally accepted frameworks endorse and promote the use of risk management systems.  As a result, many firms now promote an offering in some aspect as a marketing tool, whether their IT component provides a true risk based approach to selectivity or not.  I have seen that many systems in use today by developing nations approach all transactions (whether cargo reports or importer declarations) with the same degree of intensity.  In addition, they often require arduous manual interventions by customs officers resulting in reduced agility and operational bottlenecks.  In my view, many of the current systems promote “risk adverse” controls vs. “risk based” controls yet these systems are often marketed as “risk management” modules.  We believe there are better methodologies (with a handful of appropriate systems available as commercial off the shelf software) that use a transactional targeting approach based on identifying indicators for multiple threats whether security, narcotics, or revenue based.

In my view, successful risk management programs and associated IT systems have the following common characteristics:

  • Supported organizationally from top to bottom
  • Authorized by appropriate legal authority
  • Based on clearly identified threats
  • Identify the risk category(ies) of each threat
  • Use a rigorous and well-defined process to determine the probability and impact of each threat
  • Rank risks according to importance
  • Explicitly determine which risk management response will be applied to each threat based on a cost/benefit analysis
  • Determine what resources already exist to counter threats and how to best leverage them
  • Focus resources on the most significant risks
  • Managed by a standing risk management group that either continuously or at defined intervals re-evaluates the risk management program.
  • Communicated clearly to the private sector and public what is required of them
  • The tangible benefits for establishing low risk status
  • Supported in regular meetings with trading partner countries to share intelligence and approaches
  • Supported through inter-agency communication and information sharing
  • Implemented using computerized risk management systems to increase processing capacity and help drive objective determinations that can be supplemented by field observations and which improve their targeting determinations by implementing advanced statistical means and link and pattern analyses
  • Rigorously baseline their targeted inspections and their field initiated inspections against a program of random inspections
  • Consistently capture and analyze their findings
  • Maintain systems of separation of duties and audits in human processes and technical systems to assure quality in implementing the program
  • Invested in human resources through training
  • Engaged in constant improvement through programs implemented in conjunction with international funding sources to continually improve the economic climate for investment

Question 2) Mr. Thibedeau, do you see more activities on company-level risk assessment, or on shipment-level risk assessment?

Answer: As a former practitioner (being an ex-customs officer) I have witnessed better results using shipment level risk assessment vs. company level risk assessment.  Criminals will “tap” legitimate companies to present shipments carrying smuggled goods as legitimate.  I have seen instances of AEO certified companies being targeted by drug cartels to import narcotics into a country.  Secondly, company level risk assessment does not provide “domain visibility or situational awareness”.  The data associated with transactional targeting can provide customs with an ability to virtualize their border and track the movement of goods as imports, in transit, or export movements.  Cargo reports, bills of lading, importer declarations, container status messages, conveyance reports, importer security filings, and bayplans/stowplans are some examples of data that can be used to achieve better situational awareness.  Company level corporate accounts for traders do not provide this ability.

I have worked closely in both approaches. They offer value when they work together and complement each other by providing customs with an ability to measure “trust and credibility” of any shipment crossing the border using a framework of “transparency” (can I see it?), “character” (how do I feel about it?), and logic (does it make sense?)

As an example, the data transactions noted above solve “transparency” issues.  As one example, many cargo reports use a commodity description of “freight of all kinds”, or “general merchandise”.  Additional shipment level data can provide HTS Codes, and detailed commodity descriptions to assess risk.  From a “character” perspective, how should you feel about a company who has “trusted trader” or AEO status vs a company who has had previous enforcement against them or is a first time report.  From a “logic” perspective, does it make sense to ship auto parts in a refrigerated container or a dry van? Obviously a refrigerated container would not make sense.  The point is -both company level risk assessment and shipment level risk assessment offer the most value together.  If separated as one or the other, shipment level offers more value to a customs service.

Question 3) Mr. Thibedeau, what are the future trends in customs risk management, based on your views?

Answer:  I believe many customs administrations will seek to operate more seamlessly with the supply chain by seeking and regulating data “as is and where is”.  While the WCO data model endorses the acquisition of cargo reports and importer declarations, additional “situational awareness” is desired in order to virtualize the border for customs services using IT systems.  Some customs administrations have already started regulating additional supply chain data including container status messages, importer security filings, bayplans, stowplans, conveyance reports, and Automated Identification System (AIS) data, to augment current views of a customs operational picture with track and trace capabilities.  Anomalous behavior can be quickly identified and dealt with according to the risk presented at any moment.  While there are some systems in place to assist in the risk management for cargo and conveyances, I believe the next big movement will be towards passenger profiling systems or passenger targeting systems for people moving across borders on aircraft, cruise ships, and ferries.  We’re very close to our own solution here and hope to offer insight and solutions for our customs and border customers.