U.S. Customs and Border Protection Issues New Security Criteria for the Customs-Trade Partnership Against Terrorism (C-TPAT)

International Alert

U.S. Customs and Border Protection (CBP) recently issued new security criteria for the Customs-Trade Partnership Against Terrorism (C-TPAT). While the program is still voluntary, the changes take a step towards making the program less a “partnership” and more a regulatory regime.

C-TPAT: Background

CBP developed C-TPAT in the wake of September 11th as a joint initiative with industry to improve cargo and port security without unduly burdening commerce. CBP initiated the program as a partnership because it did not (and still does not) have legal authority to impose the specific security requirements upon U.S. importers or the vendors, suppliers or service providers that make up their international supply chains. As originally developed, an importer submitted its cargo security procedures to CBP, and CBP considered them in relation to the specific risks posed by the importer in determining whether the security procedures were appropriate. Additionally, CBP required an importer to perform a comprehensive review of its supply chain and, at a minimum, to communicate C-TPAT standards to its suppliers or service providers (such as carriers) with a request that they participate in the program. In return, CBP provided benefits such as reduced border inspections and access to other preferential programs such as the Free and Secure Trade (FAST) border lanes and the Importer Self-Assessment program.

Revisions to C-TPAT: New Minimum Standards Established

The C-TPAT program has been under criticism from members of Congress and others who have argued that the program provides importers with little guidance and has failed to adequately enhance the nation’s security. For example, a recent General Accounting Office (GAO) study included negative findings that the program lacked uniform and clear standards and did not cover foreign suppliers the missing link in the supply chain.

To address these concerns and criticisms, CBP has made significant revisions to C-TPAT. Now, CBP will no longer merely provide suggestions as to the basic security criteria for each C-TPAT applicant (although the new criteria purport to allow for “flexibility and customization” to a limited extent). Instead, it has established minimum criteria that an importer must adopt to receive C-TPAT benefits. The most noteworthy new requirement is that an importer “must work with its business partners to ensure that pertinent security measures are in place and are adhered to throughout [its] supply chain.” Previously, CBP had focused upon “Tier 1” suppliers and had required less extensive steps such as communicating security standards to its suppliers. CBP has now established certain minimum requirements, including:

  • written and verifiable processes for the selection of business partners based on an analysis of the risk they pose;
  • prescribed container seals and procedures to maintain the integrity of the seals;
  • procedures to prevent unauthorized access to supply chain facilities;
  • information technology (IT) security controls;
  • prospective and current employee screening procedures; and
  • other procedures for identifying and evaluating discrepancies in shipping documents.

Phase-In of New Requirements for Current C-TPAT Partners

While the new security criteria apply for any new requests to participate in C-TPAT, they do not immediately apply to those importers already participating. Moreover, an importer that has already submitted a C-TPAT security profile to enroll in the program will not need to resubmit its profile if CBP has accepted it. Instead, CBP will phase in the new requirements for these importers i.e., the existing C-TPAT members. Within 60 days (by May 24, 2005), existing members must comply with the new standards concerning container security, physical security, and physical access controls. Within 120 days (by July 23, 2005), existing members must comply with the requirements concerning personnel security, procedural security, and IT security. Within 180 days (by September 21, 2005), existing members must comply with the requirements concerning business partners’ security programs.


The new criteria mark a significant change in the C-TPAT program, and importers both existing C-TPAT members and non-participants should assess how to comply with these new obligations. CBP recognizes that it has raised the standards for most, if not all, importers, and has promised to increase the benefits of C-TPAT participation. Most significantly, CBP has pledged to create additional “green” lanes at the border that permit expedited entry for C-TPAT participants’ shipments. And even without such tangible benefits from CBP, there are obviously very good reasons to enhance a company’s supply chain security and to leverage that investment by C-TPAT participation. Nevertheless, each member or applicant importer will need to analyze how best to apply CBP’s new criteria to its own supply chain.

Related Files
Related Links

The information contained in this newsletter is not intended as legal advice or as an opinion on specific facts. This information is not intended to create, and receipt of it does not constitute, a lawyer-client relationship. For more information about these issues, please contact the author(s) of this newsletter or your existing Miller & Chevalier lawyer contact. The invitation to contact the firm and its lawyers is not to be construed as a solicitation for legal work. Any new lawyer-client relationship will be confirmed in writing.

This newsletter is protected by copyright laws and treaties. You may make a single copy for personal use. You may make copies for others, but not for commercial purposes. If you give a copy to anyone else, it must be in its original, unmodified form, and must include all attributions of authorship, copyright notices and republication notices. Except as described above, it is unlawful to copy, republish, redistribute, and/or alter this newsletter without prior written consent of the copyright holder.