U. S. Customs: “Change is Coming”

I spent the better part of last week at Customs and Border Protection’s (CBP) first Trade Facilitation & Cargo Security Summit in sunny Anaheim, CA. This gathering merged what previously had been two distinct events – the CBP Trade Symposium and the CTPAT Conference – into one. In years past, these programs represented one of the best opportunities to hear firsthand what was top of mind with CBP leadership. This year’s summit, despite the restructuring and rebranding, did not disappoint. The following paragraphs recap the main takeaways associated with each major topic on the summit agenda:

21st Century Customs Framework (21CCF)

The 21CCF is a public-private partnership that aims to modernize customs regulations and practices in a way that will create a regulatory and procedural baseline for the next 30 years. The use of technology (blockchain, biometrics, AI, ERP, etc.) and data analytics that were not available at the time of the last major overhaul of customs regulations and practices (i.e., the Customs Modernization Act of 1993) is at the heart of this initiative. The government/industry 21CCF Taskforce is, in this connection, working to eliminate redundancies and inconsistencies in customs regulations and statutes; harmonize elements, standards, and data points across platforms and agencies; streamline and digitize processes so that they better align with modern business practices (for example, e-commerce and the explosion of small packages with de minimis values being sent by non-traditional parties) and the huge increase in trade volume the U.S. has experienced over the past 30 years (i.e., going from $600 billion in 1993 to in excess of $6.7 trillion in 2022); and ensuring that pending legislation (for example, the Cassidy customs modernization bill) strikes a better balance between enforcement and facilitation. The increased visibility and transparency to be had from the implementation of these measures will, per the taskforce, produce tangible compliance, efficiency, and security benefits for both the government and the trade.

Uyghur Forced Labor Protection Act (UFLPA)

With the “consumptive demand” exception repealed from Section 307 of the Tariff Act of 1930, CBP has been ramping up its enforcement of forced labor violations in the supply chain. This focus was, in a not so subtle way, underscored by the near-omnipresent nature on the summit agenda of the recently enacted UFLPA. Key UFLPA insights imparted by CBP panelists include:

  • UFLPA Entity List: The composition of the UFLPA Entity List is “dynamic and evolving.” It is by no means comprehensive, and the agency “definitely expects to add entities” and “make adjustments on the fly.” A forthcoming Federal Register notice will set forth guidance on how to secure the removal of a company from the UFLPA Entity List.
  • High-Priority Sectors: CBP’s UFLPA panelists indicated that the agency will likely expand the act’s focus to include articles beyond apparel, cotton, tomatoes, and silica-based products. Commodities that may end up coming within the scope of the UFLPA going forward include those used in the production of lithium-ion batteries, stainless steel products, pharmaceuticals, jewelry, and electronics.
  • Enforcement: While acknowledging the short-term need to stand up more officers, the CBP officials overseeing the UFLPA’s implementation characterized their enforcement posture as “rigorous”, and related that this is something they “take seriously.” Recidivist behavior, the same officials noted, would provide grounds for escalating a detention to a seizure.
  • Best Practices: The key to standing a chance of overcoming a UFLPA detention (or worse) involves conducting thorough due diligence and supply chain mapping in advance of an import transaction … and before a problem arises. Importers who fail to do this will, even allowing for the possibility of an extension of the 30-day period provided for under CBP’s detention regulation, in CBP’s view, not have time to gather the information needed to rebut the act’s rebuttable presumption or demonstrate that goods are otherwise outside the scope of the UFLPA. This assessment is, in my view, spot on.

Green Trade Strategy (GTS)

In line with the Biden Administration’s determination to combat climate change, CBP used the summit to promote its new “Green Trade Strategy.” The agency’s championing of this cause makes sense in light of two data points: (i) global supply chains account for as much as 80% of the world’s total carbon emissions and (ii) environmental crime generates between $85 million and $265 million per year in ill-gotten proceeds.

CBP’s Green Trade Strategy has two major prongs. The first involves climate change and will prioritize measures designed to facilitate the greening of trade by, for example, using data analytics to manage the risks that give rise to delays, expediting clearances, expanding FAST Lane capabilities, and incentivizing the purchase/use of EVs. The second entails the stepping up of enforcement activities with respect to environmental crimes committed in violation of the USMCA, Softwood Lumber Agreement, Lacey Act, CITES, and Endangered Species Act. The ongoing implementation of this strategy requires U.S. importers to be extra vigilant when it comes to meeting the certification and other documentary requirements associated with the entry of goods coming within the scope of these agreements, acts, and conventions.

Customs-Trade Partnership Against Terrorism (CTPAT) Supply Chain Security

It was interesting to learn that membership in the CTPAT Supply Chain Security program dropped during (and, per CBP, because of) the pandemic. That said, program membership has, also per CBP, bounced back up by 400-500 companies and is now holding stable at about 11,000 members. The country’s improving long-term Covid prospects, considered in conjunction with the benefits that attach to CTPAT certification/validation (reduced risk matrix score, front-of-the-line treatment, AQUA/FAST Lane access, lower demurrage/warehouse costs, penalty mitigation, UFLPA priority, etc.), leads CBP to project further program growth in the years to come.

The issue of CTPAT validations is a subject that received particular attention at the summit. Having become, on account of travel restrictions triggered by the pandemic, accustomed to conducting validations via virtual means (CBP has conducted more than 2,500 virtual validations to date), the agency notified the trade of its intention to continue the practice  for low-risk importers. This practice would not, CBP made a further point of emphasizing, apply to importers undergoing initial post-certification validations.

Finally, CBP used the summit to announce the signing of a Mutual Recognition Arrangement (MRA) with Uruguay. This action expands the agency’s network of MRAs to 15. It also announced the signing of a Joint Work Plan (JWP) with Guatemala and Colombia. The JWP lays out a path towards the realization of an MRA involving the Authorized Economic Operator (AEO) programs overseen by the customs administrations of the parties to the plan.

CTPAT Trade Compliance

CBP continues to work toward the goal of transforming the CTPAT into a full-blown AEO program (with both supply chain security and trade compliance components). To this end, CBP announced, after a long period of inaction, its intention to reopen the CTPAT Trade Compliance program to new applicants. In anticipation of the CTPAT Trade Compliance program’s re-launch on 1 August 2022, CBP has beefed up program staffing resources (with 5-6 new hires) and overhauled its handbook and core questionnaire (available July 2022). A supplement to the program’s handbook focusing on forced labor is, moreover, scheduled to be released in September 2022. Companies which participate in both the CTPAT Supply Chain Security (Tier 3 validation) and CTPAT Trade Compliance programs will eventually, per CBP, be recognized as “Trusted Traders.” This will represent the “gold standard” when it comes to cargo security and trade compliance.


The world of cybersecurity (and cyberespionage) is busier, more complex, and more dangerous than ever. Per data cited by CBP, the U.S. is targeted with cyberattacks twice as often as any other country. U.S.-focused cyberattacks are up 47% over the past five years. Malicious cyberactivity involves approximately 90 million events a day (resulting in over 2 billion events per month). Ransomware attacks have increased by 1,885% during approximately the same period. And there doesn’t appear to be any end in sight to the cyberaggression.

The number of attacks specifically directed at the trade and supply chain space tracks the figures provided above. Bad actors, frequently state-sponsored (for example, China), will attempt to compromise or disrupt the operations of manufacturers, logistics companies, importers, banks, and even government agencies by engaging in phishing/spear phishing campaigns (potentially involving digital communications and/or social engineering tools), fraudulent transactions, theft (IPR, trade secrets, credentials, etc.), or extortion. The trade can avoid these kinds of costly outcomes by implementing sound risk management strategies and adhering to current best cybersecurity practices. Examples of such strategies and practices include routinely monitoring the threat landscape, using multifactor authentication, encrypting data transmissions, performing timely updates and patches, and implementing a zero trust security framework. As is so often the case in customs and trade practice, an ounce of prevention is worth a pound of cure.

It is clear from the foregoing that CBP has stayed busy these last couple of years. It is also clear that, as one CBP panelist put it, “change is coming.” As the issues flagged in this blog post indicate, the scope of this change is broad. Make sure you understand the what, where, when, why, and how underpinning this change – with an eye to being in a position to harness the beneficial aspects of these compliance, enforcement, and facilitation dynamics.