RegulatorySecurity Track Scope Included Understand existing supply chain

Regulatory/Security Track Scope Included: - Understand existing supply chain security programs; track proposed changes - Track emerging supply chain security programs (AEO, other) - Monitor legislation/ policies related to supply chain security - Monitor other regulatory initiatives (beyond supply chain security) - Track supply chain security best practices - Monitor open source intelligence reports; identify supply chain security risks - Contingency planning/continued operations in post-incident scenarios - Monitor latest technological solutions to supply chain security concerns - Monitor international regulations and policies impacting supply chain security Excluded: - Import/export compliance regulations or policies - Security/reliability risks to supply chains from non-human sources

SCRLC Regulatory/Security Track October 2007 Agenda: § 9/11 Commission Act: Cargo Security Impacts - Ely Kahn (20 Min) § “US Department of Homeland Security Strategy to Enhance International Supply Chain Security”-Ken Konigsmark (5 min) § Update: US Customs and Border Protection Committees - Ken Konigsmark – (15 Min) § EC's AEO (Authorized Economic Operator) program - John Novotny/Ken Konigsmark (5 Min) § C-TPAT Cost/Benefit Survey results – Ken Konigsmark § Track scope: SCRLC evaluation of future policy options? Partner with COAC and/or Council on Competitiveness? (5 min)

Why Important to SCRLC Members? § Increased scanning of air/ocean freight required by law: § Who will pay? § Who will do the scanning? § Will it create increased time for shipments? § What will “private sector preparedness” require of industry?

9 -11 Commission Act § Requires “a system to screen 100% of cargo transported on passenger aircraft” within 3 years § In five years, permits ocean containers to enter the US either only if the container is: § (1) scanned with equipment that can scan for radiation; and § (2) secured with a seal using technology to detect and identify container breaches § US Department of Homeland Security (DHS) must implement a program to enhance private sector preparedness for acts of terrorism and other emergencies through use of voluntary consensus standards: § develop guidance and identify best practices to assist action by the private sector in identifying hazards, assessing risks and impacts

Certified Shipper Program Overview October 2007

Air Cargo Landscape • Current US Air Cargo Supply Chain Millions of Known Shippers Regulated by TSA ~3, 900 Indirect Air Carriers (IACs) ~ 300 Air Carriers (235 Passenger & 65 All-Cargo) ~ 450 Airports • TSA utilizes a multi-layered risk-based approach to air cargo security: – Entities and people handling and transporting cargo onto passenger planes are vetted to ensure they meet TSA security standards – Screen cargo using approved screening methods and technologies – Target cargo shipments for risk-based and random secondary screening – Assess regulated entity compliance with security requirements • President Bush approved the “ 9/11 Bill” (H. R. 1 – Improving America’s Security Act of 2007) on August 3, 2007 which mandates: – 50% of passenger aircraft cargo must be screened not later than 18 months after date of enactment – 100% of passenger aircraft cargo must be screened not later than 3 years after date of enactment • To achieve these mandates, TSA will allow only two categories of cargo on passenger aircraft cargo – Known Shipper Cargo: 100% will be screened by regulated parties or TSA before being transported on a passenger aircraft – Certified Shipper Cargo: 100% will be screened at the point of preparation for carriage by entities who meet stringent TSA security requirements – All passenger aircraft cargo will be subjected to secondary risk-based and random screening by regulated parties or TSA 6 September 2007

Certified Shipper Program • The Certified Shipper Program provides a mechanism by which TSA will allow shippers who meet stringent security requirements to screen cargo at the point of preparation for carriage, and allow recognition of that screening by entities in the supply chain. – The program is a key component of achieving 100% screening by August 2010 while still allowing for the flow of commerce. • Certified Shippers must: – Adhere to increased security standards. § The Certified Shipper Program establishes the integrity of individual shipper facilities and shipments through standards including Known Shipper requirements, physical access controls, personnel security, procedural security, physical cargo security, IT security, and training & security awareness – Share responsibility for supply chain security. § Stringent chain of custody measures must be followed by Shippers, IACs, and ACs. § All Certified Shipper cargo will also be subjected to risk-based and random secondary screening by IACs, and TSA. – Permit onsite standards validations. § Third party validator organizations or TSA perform on-going onsite, facility-based validations to ensure adherence to security standards. 7 September 2007

Certified Shipper Program Components Transactional Standards Entity Standards Chain of custody processes used to identify unauthorized access to cargo Stringent security requirements for Certified Shippers Technology Systems and processes developed to facilitate the identification and management of Certified Shippers Certified Shipper Program 3 rd Party Validator Training Communication to help relevant parties understand implement Certified Shipper Program standards and processes Perform onsite validations of applicants and pass along to TSA for Certified Shipper decision 8 September 2007

Future Air Cargo Supply Chain Risk Assessment & Screening **Screening Ensure Chain of Custody IAC United States Air Cargo Distribution by Weight* Known Shipper AC 100% Screened **Screening All-Cargo Passenger Aircraft Ensure Chain of Custody Certified Shipper AC 100% Screened IAC **Screening **Physical Screening Methods: electronic, manual, and canine * Sources: - BTS (Air Carrier Statistics Database – Form 41 Traffic) - CRS Report for Congress – Air Cargo Security, 9/11/03 - DHS Air Cargo Security Requirements – NPRM 2004 9 September 2007

Timeline to Achieve 100% Screening • Congressional mandate to achieve 100% screening of cargo in 3 years TSA 100% Screening of Passenger Air Cargo 3 -Year Outlook Elevated Risk Cargo – 100% screened by TSA, IACs, and ACs Certified Shipper – 100% Screening by Shipper Methods of Approved Screening: physical search, electronic, and K 9 X% Sept 2007 • Screening Cargo Volume Known Shipper – Screened by IACs and Air Carriers 50% Jan 2008 Feb 2009 100% Aug 2010 Achieving 100% Screening – Elevated Risk Cargo: 100% screening by TSA – Known Shipper Cargo: 100% screening by IACs and/or Air Carriers – Certified Shipper Cargo: 100% screening by shippers at point of preparation for carriage – All Cargo: Subject to risk-based and random secondary screening 10 September 2007

TSA Air Cargo Strategy 11 September 2007

SCRLC Regulatory/Security Track October 2007 Agenda: § 9/11 Commission Act: Cargo Security Impacts - Ely Kahn (20 Min) § “US Department of Homeland Security Strategy to Enhance International Supply Chain Security”-Ken Konigsmark (5 min) § Update: CBP COAC Committees - Ken Konigsmark – (15 Min) § EC's AEO (Authorized Economic Operator) program - John Novotny/Ken Konigsmark (5 Min) § C-TPAT Cost/Benefit Survey results – Ken Konigsmark § Track scope: SCRLC evaluation of future policy options? Partner with COAC and/or Council on Competitiveness? (5 min)

Why Important to SCRLC Members? § New strategy outlines framework/goals for securing international supply chains § Is not just US government but includes industry and other nations as well § Risk assessments factored in § Post-incident resumption of trade planned for

“Department of Homeland Security Strategy to Enhance International Supply Chain Security” § SAFE Port Act mandated a DHS strategic plan to enhance the security of the international supply chain, including protocols for resumption of trade following a transportation disruption § Focuses on sea cargo (95% of cargo tonnage entering U. S. ) § 130 page document: http: //www. dhs. gov/xlibrary/assets/plcyinternationalsupplychainsecuritystrategy. pdf

Problem Definition § “International cargo supply chain security is a global issue that cannot be successfully achieved unilaterally. From a US perspective the most effective supply chain security measures are those that involve assessing risks and identifying threats presented by cargo shipments before they reach the United States. For international containerized cargo, this is most effective if it is conducted before a container is loaded onto a vessel destined for the US. § Yet this is only half of the necessary calculus. The global supply chain is bidirectional, requiring domestic efforts to ensure the integrity of both inbound and outbound cargo. Such an effective cargo security strategy requires a multi-layered, unified approach that must be international in scope. ”

Risk Assessment § Threat Risk = Likelihood x Vulnerability x Consequence § The likelihood of an incident (manmade or natural) combined with the strength or weakness of the target and what would happen as a result of the incident represents the risk the threat poses. § Each program implemented within this DHS Strategy has an appropriate risk management model used for targeting the activity to the highest risks within its area of impact in order to drive down the associated probability, vulnerability, or consequence.

US Government Accounting Office (GAO) Risk Management Framework

Strategic Goals § GOAL 1: ENHANCE THE SAFETY AND SECURITY OF THE INTERNATIONAL CARGO SUPPLY CHAIN. § GOAL 2: FACILITATE GLOBAL COMMERCE WITHIN THE ENHANCED SECURITY FRAMEWORK. § GOAL 3: PROVIDE FOR THE RAPID RESUMPTION OF TRADE FOLLOWING AN INCIDENT WHICH DISRUPTS THE SUPPLY CHAIN Approach: § Using end-to-end programs and initiatives, work with trading partners from cargo origin through final destination to foster global security. § Second, target programs and initiatives toward natural security control points in the supply chain, such as ports of origination, transshipment, or entry in order to provide layers of detection and intervention. § Third, target programs and initiatives at conveyance modalities, such as vessels or containers, in order to increase the security of cargo while moving between cargo nodes.

15 Strategic Objectives (for later review) § SO-1: Provide for end-to-end supply chain security by building trusted relationships and assisting trading partners and the trade community with enhancing their security systems. § SO-2: Provide incentives and benefits for supply chain partners who enhance their supply chain security, while recognizing that some benefits (e. g. , increased security resulting in reduced cargo loss and/or reduced costs of doing business) are trade-driven issues. § SO-3: Advance security by promoting the development and implementation of international standards. § SO-4: Increase the availability and use of appropriate data in order to maintain complete awareness of the supply chain activities and target Department resources to the highest risk movements. § SO-5: Utilize provide WMD detection systems at ports of origin and entry, in order to provide for a defense in depth, layered system. 5 § SO-6: Expedite movement of low-risk shipments through the supply chain, while maintaining a level of detection such that even low-risk shipments are screened for high-consequence threats (e. g. , WMD detection via RPMs). 5 § SO-7: Provide clear communications with the trade community and our international trading partners in order to facilitate recovery efforts. § SO-8: Ensure that data gathered during normal operations is also sufficient to allow for the management of resumption activities following a supply chain disruption. § SO-9: Promote technological development of detection systems which increase the probability of detection, decrease “false positive” detections, and expedite processing times in order to promote rapid trade movement. 5 § SO-10: Leverage key nodes in the supply chain to provide for specific scanning, screening, and inspections activities in order to detect and deter illicit use of the supply chain. 5 § SO-11: Develop systems which automate and expedite the use of Department resources. 5 § SO-12: Provide, or support development of, a robust cargo security system that will withstand a supply chain disruption, and rapidly resume pre-incident or near pre-incident status. § SO-13: Provide for a flexible, standardized response mechanism which includes processes to facilitate trade resumption in short and long term recovery operations. § SO-14: Promote development of modal-specific technologies and systems to ensure security of cargo while in transit. § SO-15: Leverage agreements with foreign partners to facilitate investigative activities related to the detection of illicit material in the supply chain.

Post-Incident Trade Resumption “The United States’ response to a terrorist incident will not be an automatic shutdown of the nation’s ports. Instead, a prudent and measured response will be taken based on an assessment of the specific incident. The response to an incident must not unreasonably hinder the free flow of goods, while simultaneously reducing risk to an acceptable level”.

SCRLC Regulatory/Security Track October 2007 Agenda: § 9/11 Commission Act: Cargo Security Impacts - Ely Kahn (20 Min) § "DHS Strategy to Enhance International Supply Chain Security”Ken Konigsmark (5 min) § CBP COAC Committees - Ken Konigsmark – (15 Min) § EC's AEO (Authorized Economic Operator) program - John Novotny/Ken Konigsmark (5 Min) § C-TPAT Cost/Benefit Survey results – Ken Konigsmark § Track scope: SCRLC evaluation of future policy options? Partner with COAC and/or Council on Competitiveness? (5 min)

Why Important to SCRLC Members? § Helps us understand the future direction of US Customs and Border Protection § Helps industry understand how we may be impacted § Shows how various initiatives tie together into a comprehensive program

Commercial Operations Advisory Committee* *Special Interdepartmental Committee on the Commercial Operations of US Customs & Border Protection Public Meeting Aug. 16, 2007

COAC Members • Earl Agron – APL • Anthony Barone - Pfizer • Sam Banks – Sandler & Travis • Adrienne Braumiller – Braumiller & Schultz • William Cook – Chrysler • Jevon Jamieson – ABF • Chris Koch – World Freight System Shipping Council • Barry O’Brien - Hasbro • Bruce Leeds – Boeing • Geoff Powell – CH Powell • Alison Reichstein – Hewlett-Packard • Bethann Rooney – Ports of NY/NJ • Peggy Rutledge – Green. Line Systems • Lisa Schimmelpfenning – Wal-Mart • Leigh Schmid – Limited

Highlights • Customs Trade Partnership Against Terrorism – – – Developing 3 PL criteria Revisiting Tier 3 benefits issue Exporters as CTPAT eligible parties? Advance Trade Data Elements recommendations CBP/Trade supply chain assessment subcommittee • Department of Homeland Security issues – Incident recovery plan still needs work – GTX (Global Trade Exchange) DHS may be developing RFQ and getting funding

Highlights (cont. ) • Customs and Border Protection Office of International Trade: – Working to increase “paperless” clearances and on conditional release as an Importer Self Assessment benefit • President’s Import Safety Working Group – COAC to participate in working group – Forming new subcommittee on intellectual property rights (IPR) enforcement

Advance Trade Data Project Status & Roadmap Overview

Supply Chain Road Map Today, CBP receives trade data via Manifest and Entry Filings – while essential for basic risk management and trade facilitation, a significant amount of additional information can be gathered at other phases of supply chain operations. Advanced Shipment Booking Notice & Confirmation & Purchase Order Routing Drayage Detail & Vessel Load Conveyance and Container Location & Terminal Receipt Plan Intermodal Interchange Status Feeder Truck Status Proof of Delivery US Bound 24 -Hour Manifest Entry Documentation New sources of data can be used to enhance and strengthen the effectiveness of CBP selectivity and targeting efforts

Supply Chain Risk Management Controls Are Tailored To Different Supply Chain Layers

The Interest Factors drive the scoring of data associated with layers identified in the risk management framework and mapped in the supply chain models. § Country Risk § § § Location Transparency Shipper Location Intermediate Storage Port of Load Transshipment Location § Trusted Shipper § § § Shipper Transparency Shipper Location DNB Identity Match DNB In-business Match DNB Financial Stress § Trusted Consignee § § Importer Transparency Score DNB Identity Match DNB In-business Match DNB Financial Stress § Origin Determination § Masked Transshipment § En-route Compromise § Document Chain § True Commodity Description § Document Consistency

Example of Enhanced Visibility and Control Through Earlier Transmission of ATD Used for Cargo Verification Purchase Order/ Booking Terminal Vessel Load Advanced Confirmation Receipt & Plan Shipment & Routing Drayage Detail Notice Conveyance and Container Location & Intermodal Interchange Status Truck Status Proof of Delivery Feeder - 45 days 850 - PO 45+ Days Seller Loc + X New Data Elements -40 856 - ASN 40+ Days Carrier Routing + X New Data Elements -30 -20 301–Bkng 315–Cntr Status 20+ Days Gate-Out Gate-In Events X New Data Elements 30+ Days Carrier NVOCC Loc X New Data Elements -15 322–Term Ops 15+ Days Equip Dtl Serial Nr Events X New Data Elements -7 BAPLIE – Stow Pln 3 -7+ Days U. S. Bound -1 0 24 Hour Manifest Vessel Cntr # Seal # Loc Inclusion in Trade Act 2006 May Delay Receipt of ATD for Functions Performed Upstream of 24 Hour Manifest +15 +20 +25 days Entry Documentation Trade Act 2006 Can Accelerate Provision of Entry data 8

Shared Services Group Advance Data Elements • Required by SAFE Port Act • COAC given consultative role • Basic concept: Importers responsible for submitting an additional 10 data elements minimum of 24 hours prior to loading • Applies to ocean freight only • Carriers will transmit an additional 2 elements Copyright © 2004 Boeing. All rights reserved.

Shared Services Group Proposed New Advance Data Elements For maritime cargo destined to remain in the U. S. data elements below will must be transmitted 24 hours prior to loading Ten (10) data elements were selected because of their probative value and their ready availability in current logistics processes: • Manufacturer name and address • Seller name and address • Container stuffing location • Consolidator name and address • Buyer name and address • Ship to name and address • Importer of record number • Consignee number • Country of origin of the goods • Commodity Harmonized Tariff Schedule number (6 digit) CBP will require ocean carriers to provide two additional data sets: • Vessel Stow Plan • Container Status Messages Copyright © 2004 Boeing. All rights reserved.

COAC Subcommittee Project CBP Supply Chain Assessment 34

Background Shared Services Group • “CBP (US Customs and Border Protection) is not expert in fully understanding all the intricacies and mechanics of how the international supply chain operates. ” • “CBP will solicit a small team of supply chain experts from the international business community, partner that team with a CBP executive who will be augmented with appropriate staff and have access broadly within CBP, and charter the team to examine and analyze how CBP might enhance its critical role in the supply chain. The goal would be to benefit both CBP and industry – CBP may learn new approaches to operating, monitoring, and controlling their supply chain issues, and the business community may better define to CBP how to deliver tangible benefits in return for industries’ investments in enhanced security protocols while preserving their needs for cost, speed, and reliability. ”

Committee Purpose • Knowledge transfer of supply chain process between industry experts and CBP • Explore if there are mutual benefits to more robust government-industry automated data exchange

Goals • Explore sources and timing of supply chain information that Trade provides to CBP for risk assessment. • What can CBP provide to industry to help industry’s supply chain become more efficient? • Optimizing compliant trader benefits as a result of enhancing automated data exchange

Scope of Committee • In-scope: • Data elements (who sends what where and when and at what point is each data element relevant) • What data elements can CBP & Industry provide • Identify buckets of activity in supply chain. (including custodian of freight at origin) • How can we automate promised benefits to compliant traders? • What other benefits can new automation and data exchange bring to highly compliant traders?

Summary of SAFE Port Act Major Provisions 1. Pilot International Container Scanning in foreign seaports (Secure Freight Initiative, SFI) 2. Require Additional Advance Shipment Data prior to export to US 3. Promote international standards for: – international container security strategy – cargo security devices – non-intrusive imaging and radiation systems 4. Formally authorizes C-TPAT 39

Secure Freight Initiative (SFI) • CBP has the lead for SFI which will combine: - International Container Security (ICS) pilots - Advance cargo data (called “security filing” or “ 10+2”) - Advance Trade Data Initiative (ATDI) - “Global Exchange” of data between governments and supply chain industry (GTX) 40

International Container Scanning • CBP to establish an International Container Scanning (ICS) Pilot by October 13, 2007 and must: • Scan 100% of containers destined to US • Electronically transmit images and data to local CSI officers and to CBP in US • Resolve every radiation alarm • Electronically transmit advance trade data to CBP (ATS) • Electronically store data for retrieval and analysis • Conduct container exams upon request 41

CBP’s Plans for International Container Scanning • ICS goal: combine data from cargo scanning systems with automated risk analysis of advance cargo information • Six Locations designated vs. three required: - Pakistan - Korea - Honduras - Singapore - United Kingdom - Oman • Timeline: January – December 2007 • ICS = 100% container scans with advance data, CBP targeting alerts shared with local authorities and US CBP officers, “load” or “do not load” message to carrier 42

ATDI • Advance Trade Data Initiative (ATDI) is the current CBP automation test bed to collect trade information from industry • 70 voluntary participants from variety of companies - importers, ports, freight forwarders, brokers, carriers, and network technology firms • ATDI now is accepting participants for proving the 10+2 data will work 43

CBP’s Intervention in Supply Chain – Advance Cargo Data • Based on screening of advance manifest data from vessel carriers, CBP issues “Do Not Load” messages to carriers for shipments that are deemed high risk and require inspection or additional technology screening by foreign customs – No CBP interface or notice to marine terminal operators that actually control lading and container movements to foreign customs – No CBP notice to shippers/importers who need to know status of shipment movements 44

Customs-Trade Partnership Against Terrorism Authorized Economic Operator (AEO) (C-TPAT) – CBP established C-TPAT program in return for reduced customs exams and “expedited” customs treatment upon arrival in US – This is meant to give CBP “end-to-end” visibility in the security practices of companies in the supply chain – Many businesses are skeptical of the reality of C-TPAT benefits; can’t measure reduced exams nor “expedited” treatment – This “industry security” program is expanding internationally with the WCO SAFE Framework, and with mutual recognition of NZ, Jordan, and possibly Canada and the EU. 45

Resumption of Trade • CBP developing a strategic plan for “resumption of trade” in the event of a security incident in the international supply chain • Canada CBSA and CBP conducting joint practice exercises • International businesses want better coordination and information on potential problems in a trade lane or in the event an incident disrupts a port or trade lane. • CBP’s priorities for “preferential treatment” will be for: • • 46 validated CTPAT participation use of a CSI port NII and radiation scans container security devices, e-seals, more advance information)

SCRLC Regulatory/Security Track October 2007 Agenda: § 9/11 Commission Act: Cargo Security Impacts - Ely Kahn (20 Min) § "DHS Strategy to Enhance International Supply Chain Security”-Ken Konigsmark (5 min) § Update: CBP COAC Committees - Ken Konigsmark – (15 Min) § EC's AEO (Authorized Economic Operator) program - John Novotny/Ken Konigsmark (5 Min) § C-TPAT Cost/Benefit Survey results – Ken Konigsmark § Track scope: SCRLC evaluation of future policy options? Partner with COAC and/or Council on Competitiveness? (5 min)

Why Important to SCRLC Members? § Explains what the EU AEO program is, how it operates, and how it may impact industry § Demonstrates another example of implementation of increased cargo security requirements

Authorized Economic Operator (AEO) Provided by John Novotny

AGENDA What is AEO? Who does it apply to? When does it go into effect? Three types of certification What does it take to obtain certification? Benefits of AEO What if Companies do not apply for AEO status?

What is AEO? The European Union (EU) seeks to implement supply chain security by developing a certification for European Traders • Authorized Economic Operator (AEO) Similar to the US C-TPAT program but focuses on a larger scope beyond security initiatives AEO signifies that traders and their supply chain partners operate in a customs controlled, financially responsible and physically secure manner

Who does it apply to? AEO = an assessment and certification initiative launched by the EU Commission and implemented by member state customs authorities. A Company applies in each member state that it operates. It extends customs authorizations to the financial and security areas of corporate global supply chains. It applies to Companies and their supply chain partners. Only open to countries who are members of the EU; each country is at varying stages of implementation.

When does it go into effect? Going live in January 2008 Applications being accepted in July 2007

Three types of certification Customs Simplification: A company will have to comply with the requirements regarding financial and customs reliability, this authority will not extend into Security Facilitation requirements. Security Facilitation: A company will have to comply with the requirements regarding security of facilities and transportation of cargo. "Full" AEO — Security Facilitation and Customs Simplifications: This is a combination of the above two, and highlights certified Corporations as "Preferred Trader" status in the eyes of customs and governments

What does it take to obtain certification? Customs will conduct an audit of a company based on the type of AEO certification being pursued. This audit occurs before certification (unlike the C-TPAT process which occurs as a validation process after acceptance). The assessments are very in depth.

What does it take to obtain certification? Assessments address the following areas of a corporation: Company Information: Organizational Characteristics, Internal Organization, Volume of Business, Statistics on Customs Matters Compliance Records and History: Intelligence Information Accounting and Logical system: Audit Trails, Accounting Systems, Internal Control Systems, Flow of Goods, Customs Routines, Backup, Recovery and Archival, Procedures, Information Security, Systems, Information security, Documentation Financial Solvency / Insolvency Safety and Security covering: Entry and Access to Premises, Physical Security, Cargo Units, Logistical Processes, Non Fiscal Requirements, Incoming Goods, Storage of Goods, Production of Goods, Loading of Goods, Security Requirements on Foreign Suppliers, Personnel Security, External Services

Benefits of AEO Generates measures to expedite cargo release, reduce transit time, and lower storage costs Provides access to information of value to AEO participants Access to special measures during periods of trade disruption or elevated threat level First consideration for participation in any new cargo processing programs

What if Companies do not apply for AEO European traders believe that the costs of AEO will be greater than financial benefits. A "best-in-class" trading operation would probably seek AEO certification. Those organizations that do not seek AEO will not be negatively impacted or penalized by Customs. May have a negative impact on AEO Companies supply chain or a customer's vendor selection process.

US/New Zealand Mutual Recognition: “Joint Customs deal sets precedent “ Shared Services Group • The signing of a joint trade security agreement between the United States and New Zealand has been described by Ralph Basham, commissioner of United States Customs and Border Protection, as a major step toward implementing the Customs-to-business pillar of the World Customs Organization’s SAFE Framework of Standards. It is the first such arrangement since the adoption of the international framework in June 2005 and is seen as a precedent that is likely to lead to a series of further agreements being signed. • The US-NZ arrangement provides for closer co-operation and coordination between CBP’s Customs-Trade Partnership Against Terrorism (known as C-TPAT) program and New Zealand Customs’ Secure Export Scheme (SES). • Once the two countries have established the compatibility of the membership levels of their supply chain programs, each is then expected to treat members of the other country’s program in a manner comparable to that of its own members.

SCRLC Regulatory/Security Track October 2007 Agenda: § 9/11 Commission Act: Cargo Security Impacts - Ely Kahn (20 Min) § "DHS Strategy to Enhance International Supply Chain Security”-Ken Konigsmark (5 min) § Update: CBP COAC Committees - Ken Konigsmark – (15 Min) § EC's AEO (Authorized Economic Operator) program - John Novotny/Ken Konigsmark (5 Min) § C-TPAT Cost/Benefit Survey results – Ken Konigsmark § Track scope: SCRLC evaluation of future policy options? Partner with COAC and/or Council on Competitiveness? (5 min)

Why Important to SCRLC Members? § Illustrates feedback from industry on C-TPAT program § Identifies costs/benefits to industry from such programs

BOEING PROPRIETARY Shared Services Group Supply Chain Security U. S. Customs and Border Protection’s C-TPAT Costs and Benefits Survey Data provided by Center for Survey Research and Center for Public Service, Univ. of Virginia – Aug. 2007 BOEING is a trademark of Boeing Management Company. Copyright © 2007 Boeing. All rights reserved. BOEING PROPRIETARY

BOEING PROPRIETARY C-TPAT Costs and Benefits Study Shared Services Group | Supplier Management | Supply Chain Security § On Sept. 7, 2007, CBP released results of an Internet C-TPAT Costs Benefits Survey Analysis conducted by The Center of Survey Research Univ. of Virginia § 1, 756 partners completed survey (54% importers, 20% carriers, 18% service providers, 7% foreign manufacturers) § Partners evaluated the C-TPAT program (benefits, costs, motivation, impact) Copyright © 2007 Boeing. All rights reserved. BOEING PROPRIETARY

BOEING PROPRIETARY Estimates or Annual Expenditures Shared Services Group | Supplier Management | Supply Chain Security § Rough estimates for supply chain security costs § Importers § Before joining C-TPAT -$35, 006 § 2005 - $66, 353 (estimate) § 2006 - $77, 997 (projected) § 2007 - 69, 905 (projected) § Non-Importers § Before joining C-TPAT -$57, 406 § 2005 - $69, 474 (estimate) § 2006 - $61, 964 (projected) § 2007 - $100, 025 (projected) § “Maintaining the use of security personnel” and “salaries and experiences of personnel” were the highest costs. Copyright © 2007 Boeing. All rights reserved. BOEING PROPRIETARY

BOEING PROPRIETARY Importer’s Results Shared Services Group | Supplier Management | Supply Chain Security § Intangible Benefits- enhanced security within supply chain, better running supply chain, and sense of doing things right § Tangible Benefits § 35% reported C-TPAT membership decreased their number of inspections. § Of these importers, inspections decreased by 51% § 24% indicated an increase in ability to predict lead time, but 60. 9% believed their ability to track orders stayed stagnant § 80% believed in the importance of having a supply chain security specialist on staff to validate and enhance security and “self-policing and self-monitoring” of security activities Copyright © 2007 Boeing. All rights reserved. BOEING PROPRIETARY

BOEING PROPRIETARY Non Importer’s Results Shared Services Group | Supplier Management | Supply Chain Security § Results show that most are members for reasons associated with intangible benefits § Improved brand image, peace of mind, more efficient business processes, heightened awareness of physical security § Tangible Benefits § 68 % believed their number of customers stayed the same § Of the 17% that had an increase in customers, their customer base was increased by 35% § 62% of service providers joined C-TPAT due to business partner requirements Copyright © 2007 Boeing. All rights reserved. BOEING PROPRIETARY

BOEING PROPRIETARY Overall Results Shared Services Group | Supplier Management | Supply Chain Security § Almost 32% reported that costs of being a C-TPAT benefits outweighed costs, 24% reported a break-even point, 16% reported too early to tell § 91% stated that they had not considered leaving program § 81% agreed that their business’ ability to assess and manage supply risk has been strengthened Copyright © 2007 Boeing. All rights reserved. BOEING PROPRIETARY

SCRLC Regulatory/Security Track October 2007 Agenda: § 9/11 Commission Act: Cargo Security Impacts - Ely Kahn (20 Min) § “US Department of Homeland Security Strategy to Enhance International Supply Chain Security”-Ken Konigsmark (5 min) § Update: US Customs and Border Protection Committees - Ken Konigsmark – (15 Min) § EC's AEO (Authorized Economic Operator) program - John Novotny/Ken Konigsmark (5 Min) § C-TPAT Cost/Benefit Survey results – Ken Konigsmark § Track scope: SCRLC evaluation of future policy options? Partner with COAC? (5 min)

Regulatory/Security Track Scope Included: - Understand existing supply chain security programs; track proposed changes - Track emerging supply chain security programs (AEO, other) - Monitor legislation/ policies related to supply chain security - Monitor other regulatory initiatives (beyond supply chain security) - Track supply chain security best practices - Monitor open source intelligence reports; identify supply chain security risks - Contingency planning/continued operations in post-incident scenarios - Monitor latest technological solutions to supply chain security concerns - Monitor international regulations and policies impacting supply chain security Excluded: - Import/export compliance regulations or policies - - Security/reliability risks to supply chains from non-human sources