Pioneer: Tilbury was the first multipurpose port in the UK to receive full AEO status . Credit: Forth Ports
MVC’s Miles Varten explains why AEO status can complement ISPS regulations in ports
Ports around the world adhere to a number of international security regimes primarily driven by bodies such as the World Customs Organization, International Maritime Organization and International Organization for Standardization. Where some of the controls and initiatives are mandatory, others are voluntary.
Ports adhering to the mandatory International Ship and Port Facility Security Code (ISPS) might likely ask why they should also consider Authorised Economic Operator (AEO) status, which is voluntary. With certification criteria overlaps, additional compliance cost and further self-regulation requirements, what is the benefit?
Having worked with a number of international ports, we have an in-depth understanding of the differences between the two standards. Where ISPS focus on physical security of vessels and controlled areas within ports, AEO provides a more holistic approach to supply chain security. The main additional areas of focus require ports to adopt robust security controls for business partners, personnel security and information technology security. In addition, AEO provides a framework that fully encompasses customs compliance requirements. The aim of AEO, as part of the WCO SAFE framework of standards, is to provide a platform for ports to enter into partnership with the sovereign Customs authority.
While the quoted benefits of AEO status in Europe, as highlighted by the European Union, include easier admittance to customs simplifications, fewer physical controls and priority treatment, in most cases these are benefits which do not apply directly to ports. The one benefit which does apply, albeit only to ports holding any Customs authorisations, is reductions in the mandatory Customs Comprehensive Guarantee which is required when the Union Customs Code transitional period ends in 2019. AEO-C (Customs Simplification) in the EU provides waivers or reductions to this figure.
From experience, we have found the benefits to ports fall under more indirect benefits.
Firstly, AEO aims to establish secure trade lanes with all parties involved in the movement of goods adhering to AEO criteria. Traders such as importers and exporters who obtain AEO status for their own reasons therefore move goods exclusively through ports, carriers and clearing agents who hold AEO themselves. Ports we have worked with have cited this as one of their primary reasons for obtaining AEO.
Secondly, with an increase in ports which have been subject to cyber attacks, AEO provides a comprehensive approach to managing this risk effectively. It also reassures all parties moving goods through these ports, that the manifest information and stacking position of shipments are thoroughly protected from such attacks. With the correct application and explanation, insurance premiums are likely to be beneficially affected after successfully achieving AEO.
This takes us on to our third point – the insider threat. These create substantial exposure to ports, as large numbers of employees and contractors are employed. The revelation that one of the Brussels airport attackers was a former employee further highlighted this very real threat. Again, AEO security criteria addresses this risk with a focus on personnel security measures.
The good news is that, although some of the physical criteria overlaps with ISPS, the AEO auditors are mandated to take this into consideration; so, the focus of the audit will be to confirm existing ISPS measures which are already place, and then focus on the additional aspects AEO requires, rather than duplicating documentation and auditing processes.
Port applications in practice
While ISPS only covers controlled areas within ports, AEO covers the entire site. We have found that this has caused some issues in practice, with AEO assessors often insisting on expensive security infrastructure such as fencing to be extended to cover the entire site. This may or may not be commercially viable for the port in question.
Another challenging area involves the control of visitors and contractors to AEO standards. While some measures will be in place for ISPS, AEO often requires a more thorough approach. Fortunately, the use of technology such as finger print recognition systems can now be used to address these risks. An increasing number of ports are installing such systems when issuing access passes to prevent fraudulent applications.
We recommend ports assess whether AEO is commercially viable and practical, but with a broader view of the potential benefits of holding the status, which may include decreasing IT security threats, insider threats and increasing control over trade and business partners.
The AEO application process takes several months of preparation and involves the whole operation to some extent, so should not be undertaken lightly. A dedicated project manager and team will be crucial for success, which often includes outside expertise.
We believe AEO not only compliments ISPS, but also provides an opportunity for ports to better manage aspects of security which are not traditionally covered within the scope of ISPS. It is an internationally recognised quality mark and indicates to all stakeholders a commitment not only to security but also to international trade facilitation.
Indeed, a number of major ports and port groups have already identified AEO and ISO28000 (Supply Chain Security Management) as essential in order to prove their commercial and security credentials.
Miles Varten is managing director of Miles Varten Consultancy, a risk management consultancy specialising in assisting companies to achieve AEO status.
Source: PortStrategy, 03 October 2017