Audit of Sufferance Warehouse Security
Internal Audit Report

December 2007

Table of Contents

• Executive Summary
• Introduction
• Audit Objective and Scope
• Audit Approach
• Context
• Findings, Recommendations and Management Action Plans
  • CBSA Sufferance Warehouse Security Control Framework
    • National Monitoring and Risk Assessment Capacity
    • The Regional Application of Monitoring and Risk Assessment Security Controls
  • Warehouse Operator Security Responsibilities and Compliance with Authorities
    • Record Keeping, Release and Acquittal Requirements
    • Security of Overdue Imports
    • Physical Security
    • Security Procedures
• Appendix A - Forms and Acronyms
• Appendix B - Lines of Enquiry and Criteria

Executive Summary

Background

The Canada Border Services Agency (CBSA) Audit Committee approved an audit of warehouse security on June 21, 2006. This audit forms part of the CBSA Risk-Based Multi-Year Internal Audit Plan addressing security.

Goods arriving in Canada can be released by the CBSA at the port of entry or moved to a licensed facility pending CBSA release. Sufferance warehouses are privately owned and operated facilities licensed by the CBSA and are established for the landing, storage, safekeeping, transfer, examination, delivery and forwarding of imported goods before they are released by the Agency.

Objective and Scope

The objective of this audit was to assess the adequacy and effectiveness of warehouse security controls, including physical, financial, procedural, monitoring and risk assessment security controls. The audit focused on the security of imports stored in sufferance warehouses.

In the context of this audit, warehouse security controls refer to the requirements, processes or procedures that are intended to secure or enhance the security or safeguard of goods pending CBSA lawful release, which in turn secures revenues and enables contraband interdiction. The sum of all warehouse security controls, coupled with the people assigned to implement these controls, comprise the security control framework.

The audit fieldwork was conducted between November 2006 and February 2007 in 12 CBSA offices in the Atlantic, Northern Ontario, Greater Toronto Area, Niagara–Fort Erie and Prairie regions, and in the sufferance warehouses under their control. A total of 40 sufferance warehouses were selected and visited.

Audit Opinion

The audit found that a security control framework for the management of the sufferance warehouse program is in place; however, the application of this program by the Agency is not fully compliant with authorities or consistent across the regions. The audit found that warehouse operators were in compliance with record keeping, release and acquittal requirements.

Opportunities exist to enhance the security control framework to include a national monitoring and risk assessment capacity, and to create a national client outreach strategy to promote warehouse operator compliance. As well, cargo tracing, warehouse compliance audits, warehouse risk assessment and monitoring, and the control of financial securities should be improved, and sufferance warehouse policies and procedures should be reviewed and updated. Further, the warehouse operator deficiencies identified in this audit should be corrected, including poor access control, lower-than-baseline physical security and failure to process overdue imports within regulated timelines.

1.0 Introduction

The Canada Border Services Agency (CBSA) Audit Committee approved an audit of warehouse security on June 21, 2006. This audit forms part of the CBSA Risk-Based Multi-Year Internal Audit Plan addressing security.

Goods imported into Canada, also referred to as imports, cargo or freight, may be released at ports of entry or temporarily stored in a warehouse pending release or lawful removal. There are five categories of warehouses: sufferance, bonded, frontier examining and Queen’s warehouses, and duty-free shops, each operating under different requirements. Sufferance and bonded warehouses and duty-free shops are licensed by the CBSA to private operators. Queen’s and frontier examining warehouses are operated by the CBSA. Frontier examining warehouses are located at ports of entry for unreleased imports and Queen’s warehouses are for the extended storage of unclaimed, abandoned, detained and seized goods.

2.0 Audit Objective and Scope

The objective of this audit was to assess the adequacy and effectiveness of warehouse security controls. The audit focused on the security of warehoused imports. In the context of this audit, warehouse security controls refer to the requirements, processes or procedures that are intended to secure or enhance the security or safeguard of goods pending CBSA lawful release, which in turn secures revenues and enables contraband interdiction. The sum of all warehouse security controls, coupled with the people assigned to implement these controls, comprise the security control framework.

The audit included security control testing with the objective of forming an overall opinion on the adequacy and effectiveness of the security control framework.

The security controls tested include the following:

• physical barrier security controls such as physical and perimeter security;
• procedural security controls such as access control, storage in licensed areas, security procedures, record keeping, release and acquittal requirements, and import storage time limits including the signalling of overdue unreleased imports to the CBSA;
• the control of posted financial securities such as the Customs Bond, Form D120; and
• CBSA monitoring and risk assessment security controls, including profile maintenance, the monitoring of financial securities, automated ACROSS (Accelerated Commercial Release Operations Support System) controls, warehouse compliance audits and warehouse risk assessments. 

The audit scope was limited to sufferance warehouses because this program area was assessed as being the highest risk due to high cargo volumes with minimal documentation requirements. There are approximately 1,200 sufferance warehouses in Canada located at the land border, marine ports, airports, rail yards and inland. The audit scope was further limited to the highest-risk general merchandise sufferance warehouses receiving dutiable/taxable goods and operated by airline companies, harbour commissions, marine companies, cargo handlers, consolidators, de-consolidators, bonded freight forwarders, customs brokers, highway carriers and companies receiving goods from multiple highway carriers. There are 733 of these facilities and they receive cargo from all modes of transportation: highway, air, marine and rail.

A total of 12 CBSA offices in the Atlantic, Northern Ontario, Greater Toronto Area, Niagara–Fort Erie and Prairie regions along with 40 sufferance warehouse companies were selected and visited. The audit fieldwork was conducted between November 2006 and February 2007.

3.0 Audit Approach

This audit was conducted in accordance with the Treasury Board of Canada Secretariat’s Policy on Internal Audit.

The methodology used to conduct this audit included the following:

• interviews with management and staff at Headquarters (HQ); a review of related legislation, regulations and statistics; the analysis of policies, procedures and guidelines; the identification and documentation of warehouse security controls and the security control framework; and the development of regional audit procedures to test warehouse security controls;
• sufferance warehouse selection by stratified random sampling techniques using audit software to select 40 warehouse operators;
• security control testing through interviews with warehouse operators, a warehouse documentation review, walkthroughs to observe physical security and warehouse processes, the examination of warehouse records and the sampling of cargo control numbers for tracing to acquittal to measure release and acquittal compliance; and
• the testing of monitoring, risk assessment and corrective security controls through interviews with management and staff at local CBSA offices and the review of warehouse profiles, financial securities, compliance audits, risk assessments and ACROSS cargo monitoring controls.

4.0 Context

The sufferance warehouse program is governed under the authority of the Customs Act;the Customs Sufferance Warehouse Regulations; the Imported Goods Records Regulations; the Storage of Goods Regulations;Memorandum D4-1-4, Customs Sufferance Warehouses;and other regulations, policies and guidelines.

Sufferance warehouses are privately owned and operated facilities licensed by the CBSA under section 24 of the Customs Act, and are established for the landing, storage, safekeeping, transfer, examination, delivery and forwarding of imported goods before they are released by the CBSA. The CBSA has free access to all sufferance warehouses to open and inspect any package containing unreleased imports.

Unreleased imports are moved to a warehouse under CBSA documentary control using Form A8A, Cargo Control Document,[   1  ] or an approved equivalent. Each cargo control document is assigned a unique number that is used to track, monitor and release the imports. Most releases are transmitted electronically to warehouses via the Release Notification System (RNS), a subsystem of ACROSS. The remainder are released using manual CBSA release stamps.

Operators are required to submit an application for a licence to operate a sufferance warehouse, along with a site plan, a financial security bond and an annual licence fee. Approved application documentation, the financial security and licence fee proof of payment are kept on file.

To protect revenues and prevent the release of contraband, operators must comply with authorities and safeguard unreleased imports in a secure environment under the control of the CBSA.[   2  ] Operators must enforce CBSA release and acquittal requirements for importers, ensure that unreleased imports are lawfully released by the CBSA and keep documentary records to prove that lawful release was obtained. Operators are liable for duties and taxes on the goods they receive unless they can prove that the goods were destroyed, exported or authorized for release by the CBSA.

Operator failure to comply with authorities may result in the issuance of penalties under the Administrative Monetary Penalty System (AMPS) and the recovery of duty and tax by billing or using the operator’s financial security. Repeated failure to comply may result in licence revocation. 

The Admissibility Branch is responsible for the development, update and interpretation of and guidance on sufferance warehouse policy. The Comptrollership Branch provides guidance on physical security and the Operations Branch delivers the sufferance warehouse program regionally in CBSA offices.

The role of CBSA offices is to maintain a profile (file) of each warehouse under their jurisdiction, collect annual warehouse fees, remove or destroy unreleased overdue imports,[  3   ] and periodically conduct warehouse compliance audits and risk assessments in accordance with policy. CBSA offices monitor and trace unreleased overdue imports using the overdue cargo work list in ACROSS. Regional and local management monitor cargo tracing activity through the Monitor Overdue Work Item Report (MOWIR), an ACROSS monitoring report.

5.0 Findings, Recommendations and Management Action Plans

5.1 CBSA Sufferance Warehouse Security Control Framework

The audit found that a security control framework for the management of the sufferance warehouse program is in place. The security control framework was effective in achieving its objective, the lawful release of imports, which in turn secures revenues and enables contraband interdiction. It ensured warehouse operator compliance with record keeping, release and acquittal requirements.

The security control framework is adequately designed and includes preventive, detective and corrective security controls. See Figure 1.

• Preventive security controls include laws, regulations, policies, procedures and guidelines covering warehouse operator responsibilities including security requirements, import storage time limits, warehouse record keeping requirements and access control. Preventive security controls also include CBSA licensing procedures, financial security submission and release processes, both manual and automated, such as the RNS, a subsystem of ACROSS.
• Detective security controls include warehouse operator record keeping, and procedures conducted by CBSA employees such as compliance audits, risk assessments, warehouse profile maintenance, cargo tracing, actioning the MOWIR and financial securities monitoring.
• When a warehouse operator fails to comply with authorities, this results in the application of corrective security controls such as AMPS, the use of the financial security, the billing of duty and tax and/or licence revocation.

The management of the security control framework is adequate, with security control application executed by CBSA personnel and warehouse operators.

• HQ policy officers develop policy, provide expert interpretation and guidance, and control national financial securities.
• Regional program services officers coordinate warehouse licensing, maintain warehouse profiles and control local financial securities.
• Warehouse operators provide a physically secure environment for the safe storage of goods, enforce release and acquittal requirements for importers, and keep documentary proof of lawful release.
• Border services officers conduct sufferance warehouse compliance audits and risk assessments. When non-compliance is noted, they issue AMPS penalties.
• Clerical personnel action overdue cargo lists, trace outstanding cargo control numbers and issue bills for outstanding duties and taxes.
• Management provides oversight and guidance to CBSA personnel and warehouse operators.

During the audit, the following control issues, identified in sections 5.1.1 and 5.1.2, were noted:

• lack of a national monitoring and risk assessment capacity (a detective control), including a national client outreach strategy (a preventive control), to promote warehouse operator compliance; and
• the incomplete application of existing detective security controls, including warehouse compliance audits, warehouse risk assessments, the control of financial securities and automated ACROSS monitoring controls.

However, through audit tests it was determined that these issues did not compromise the lawful release of imports.

5.1.1 National Monitoring and Risk Assessment Capacity

The Treasury Board of Canada Secretariat’s Policy on Active Monitoring (2001) states that each department must actively monitor management practices and controls within the department using a risk-based approach. Departments must develop and maintain an ability to detect significant risks as well as potential and actual control failures, and take timely and effective action to address deficiencies.

The audit noted that the sufferance warehouse security control framework did not have a national monitoring and risk assessment capacity specific to the sufferance warehouse program. Monitoring and risk assessment activities were limited to the regions, and consisted of profile maintenance, fill out the Sufferance Warehouse Report (Form K151) and the Risk Rating Analysis – Customs Sufferance Warehouse (Form K152) and including them in the warehouse profile. However, there was no analysis at the national level of these activities to strengthen the security control framework.

Although quantitative statistics were available on the penalties issued, there was no qualitative information relating to the sufferance warehouse program indicating national compliance trends or security deficiencies. The audit noted that the results of compliance audits and risk assessments were not communicated from the regions to HQ, nor were they collated to identify trends. Also, there was no national client outreach strategy in place to promote warehouse operator compliance and correct deficiencies. These control weaknesses did not compromise the lawful release of imports as noted in section 5.2.1.

Recommendations:

1. The Operations Branch should develop a national monitoring and risk assessment capacity for the sufferance warehouse program.

Management Action Plan	Completion Date
The Process Monitoring Framework (PMF) will be updated, where necessary, to ensure that regional sufferance warehouse program monitoring and risk assessment results are being reported to HQ.	Fall 2008

2. The Operations Branch, in consultation with the Admissibility Branch, should develop a national educational client outreach compliance management strategy for the sufferance warehouse industry.

Management Action Plan	Completion Date
The Operations and Admissibility branches will collaborate in the drafting of a communications package on sufferance warehouse policies and procedures. The package will educate and assist border services officers and warehouse operators and owners on sufferance warehouse program compliance obligations.	Fall 2008

5.1.2 The Regional Application of Monitoring and Risk Assessment Security Controls

Profile Maintenance and Licensing

CBSA policy requires CBSA offices to create and maintain a profile[  5   ] for each warehouse under their responsibility. The profiles are used to collate warehouse information, monitor warehouse security and track enforcement history. Periodic monitoring is to be conducted to ensure that the profiles are kept[  6   ] by the CBSA office.

Sufferance warehouse profiles were reviewed as part of the audit, and it was found that the maintenance of the profiles was proactive and adequate. The responsibility for the control and maintenance of warehouse profiles had been assigned to specific program services officers. Files were actively kept and included site plans, licences, financial security or proof thereof, correspondence and other relevant warehouse information, both current and historical.

Operators must store unreleased imports in a safe and secure environment that is in a designated CBSA-licensed area.[   7  ] All sufferance warehouse buildings were licensed, and proof of this was kept on file. The outside storage, even if temporary, of unreleased imports in locked trailers, marine containers or rail cars must be within a CBSA-licensed exterior storage area. It was noted that 5 (of 17) exterior storage areas used for imports were not licensed, and local CBSA offices were not aware of these situations. Unlicensed storage areas increase physical security risks for imported goods.

Compliance Audit and Risk Assessment

CBSA policy requires that periodic audits be conducted on each warehouse and the results be kept in the warehouse profile.[   8  ] Border services officers are mandated to visit sufferance warehouses under their jurisdiction to conduct compliance audits and risk assessments. The results of the compliance audits must be recorded on Form K151, and risk ratings must be recorded on Form K152.

An internal CBSA publication, Sufferance and Frontier Warehouse Audit, 1995, detailed the warehouse monitoring, compliance audit and risk assessment cycle. It requires that an audit be completed at least once per year, based on the results of the previous risk assessment of high, medium or low. However, CBSA offices were not aware of this publication. Memorandum D4-1-4, Customs Sufferance Warehouses, was available; however, it had not been updated since 1990 and did not contain details on the risk assessment and audit cycle. 

The results of compliance audits (Form K151), risk assessments (Form K152) and licensing requirements were available in warehouse profiles. Completed K151 and K152 forms were examined and counted as part of the audit, and there were regional disparities in the consistent application of policy and procedure. One region was conducting K151 compliance audits and K152 risk assessments annually, while four regions were not. Overall, the audit found that the frequency of audits and risk ratings was not consistent with policy and procedure. Less than one quarter of the sufferance warehouses included in this audit had been audited and risk-assessed in 2006.

CBSA offices were aware that compliance audits and risk assessments were to be conducted at least once a year, but only one office had established a cycle to meet this target and knew that the cycle for a compliance audit should be based on the previous risk assessment. CBSA offices did not consider warehouse compliance audits and risk assessments to be a high priority. While periodic audits and risk assessments could promote the compliance of warehouse operators with authorities, perhaps the Agency needs to re visit the audit cycle based on an overall risk assessment. 

The Monitoring of Financial Securities

Sufferance warehouse operators must submit financial security to the CBSA before being licensed[   9  ]to accept unreleased imports. The financial security is held by the CBSA to ensure that duties and taxes are paid and it must be a Customs Bond, Form D120, issued by an approved surety company, a Government of Canada transferable bond, cash or a certified cheque. Bonds are physically kept in the warehouse profile, whereas cash and cheques are deposited at the bank with proof of the deposit included in the profile. D120 bonds are similar to an insurance policy—the sufferance warehouse operator pays an annual premium to the surety company each year to keep the bond valid.

Physical control of financial securities is partially decentralized from the HQ Admissibility Branch to the regions of the Operations Branch. Financial securities covering multiple locations in more than one region are held at HQ. All other financial securities are held in the regions and districts of the Operations Branch.

Financial securities for the 40 warehouses were reviewed as part of this audit. Proof of valid financial security was kept for each warehouse, and surety companies were CBSA-approved. The most common financial security submitted was the Customs Bond, Form D120, which was completed, signed and sealed by the surety company. The original was kept on the CBSA warehouse file.

The audit noted that the original signed and sealed bonds were missing in two profiles; however, there were bond riders (amendments) on file for each warehouse, indicating that the bond had been issued before licensing.

The audit found that there was no periodic monitoring to ensure that financial securities were still valid and on file. The regions believed that periodic monitoring was not necessary as bonds are continuous. However, surety companies could cancel continuous D120 Customs Bonds if yearly insurance premiums are not paid. Without periodic monitoring to check security validity, there is a risk that the bonds on file become no longer valid.

The audit also noted that there is no up-to-date national financial security data bank that lists all sufferance warehouse financial securities, the security type, the bond number, the expiry date, the surety company and the CBSA office where the original is held. ACROSS provides a list of warehouses but it does not include information on the financial security. The timely accessibility of this information is important if difficulties arise with a warehouse operator.

Automated ACROSS Monitoring Controls

The automated control of imports is provided by ACROSS. The overdue cargo work list is a key automated control that monitors the proper acquittal of imported goods and enables the detection of non-compliance patterns. Unacquitted cargo control numbers show up on the list after 40 days. A portion of these numbers is acquitted by administrative or system acquittals, and the remaining numbers are traced to an acquittal.

The documentation provided indicated that overdue cargo lists with large volumes are approached on a risk-management basis that vary from region to region but have the same central concepts: the list is reviewed regularly and analyzed to identify trends or anomalies, and a workable sample is selected for tracing. Shipments not selected for tracing or analysis are administratively acquitted to ensure that a current and workable list is maintained. If tracing reveals that an import was unlawfully released without CBSA approval, a penalty can be issued, accompanied by a K23 invoice for duties and taxes.

ACROSS automatically generates the MOWIR, which monitors work items, including the overdue cargo list, and is supposed to be actioned by management. As cargo control numbers drop off overdue cargo work lists (after 365 days), they are printed out on the MOWIR. Cargo control numbers should not drop off overdue cargo lists because they should be acquitted within the year.

A total of 12 overdue cargo lists were reviewed for the CBSA offices visited. Due to other priorities, 4 offices had overdue cargo work lists with an excessive number of outstanding items. Examples of the MOWIR were requested in each office. The reports were copied and the work items were checked in ACROSS to verify whether they had been completed. Most items on the reports were overdue cargo control numbers that had not been acquitted. The audit noted that the MOWIR was not being actioned and managers were not aware of or familiar with this report. Failure to trace overdue cargo control numbers could result in increased non-compliance and loss of duties and taxes on imports unlawfully removed or released without CBSA approval.

Recommendations:

3. The Operations Branch should enhance the application of monitoring and risk assessment security controls, including tracing cargo, actioning monitoring reports and conducting compliance audits and risk assessments, and should enforce the requirement to license exterior storage areas.

Management Action Plan

Completion Date

The Operations Branch will review the current policies and procedures relating to regional monitoring and risk assessment security controls to determine if updates are required. In addition, the Process Monitoring Framework (PMF) will be updated, where necessary, to ensure that monitoring and risk assessment security controls and sufferance warehouse licensing requirements are enforced and reported to HQ.

Fall 2008

4. The Operations Branch, in conjunction with the Admissibility and Comptrollership branches, should enhance the control and monitoring of sufferance warehouse financial securities.

Management Action Plan

Completion Date

The Operations and Admissibility branches will work co-operatively with the Comptrollership Branch to review and ensure that current policies and procedures pertaining to sufferance warehouse financial securities are appropriate and enhanced where required. In addition, the Operations Branch will update the Process Monitoring Framework (PMF), where necessary, to assist in the enhancement of the control and monitoring of sufferance warehouse financial securities.

Fall 2008

5. The Admissibility Branch should revisit, update and communicate policies and procedures related to the sufferance warehouse program, including details on how to determine the audit and risk assessment cycle.

Management Action Plan	Completion Date
The Admissibility Branch is currently in the process of updating and restructuring Memorandum D4-1-4, Customs Sufferance Warehouses, to ensure that procedures remain relevant to business practices and that details on how to determine the audit and risk assessment cycle are included.	Summer 2008

5.2 Warehouse Operator Security Responsibilities and Compliance with Authorities

5.2.1 Record Keeping, Release and Acquittal Requirements

Operators must keep records that contain information concerning the receipt and removal of goods for six years[   10 ] so that detailed audits of the records can be performed. Records are a key detective control enabling the CBSA to detect failure to comply with authorities. The audit noted that warehouses were in compliance with record keeping requirements. Records were kept at the warehouses, were readily available and provided an adequate audit trail so that the disposition and acquittal of imports could be tracked and determined. The audit noted that sufferance warehouse operators demonstrated a high level of willingness to comply with requirements and considered themselves partners with the CBSA regarding the import process.

The documentation on all unreleased imports (open files) held by operators at the time of the audit were reviewed. Warehouse operators were able to present a sample of unreleased imports; the few imports not found in the warehouse had been released and proof of this was provided.

Closed records (released imports) containing the cargo control documents and proof of release or acquittal were examined through two windows: paper records and electronic records. A sample was selected and each was traced to an acceptable proof of acquittal (release, export, transfer in bond or other CBSA-approved acquittal) held by the warehouse operator. Therefore, the results of these audit tests revealed that warehouse operators enforced CBSA release and acquittal requirements relating to importers and complied with authorities dictating the conditions under which goods may be lawfully removed from the warehouse.

It is inevitable that imports will occasionally be removed from warehouses without a CBSA- approved release due to human error or intervention. Each year, the CBSA detects and penalizes unlawful removals from sufferance warehouses, but the rate of this is low. Consistent with these low-error rate levels, the results of this audit demonstrated that there is no widespread systemic problem with unreleased imports being unlawfully removed from sufferance warehouses without a CBSA-approved release. Regardless, the CBSA should remain vigilant for the inevitable exceptions to the rule and should continue to support a security control framework aimed at reducing the likelihood of unapproved releases. 

5.2.2 Security of Overdue Imports

It is the responsibility of warehouse operators to signal unreleased overdue imports to the CBSA on the first business day following the end of the import storage time limit.[  11   ]

Import storage time limits are the following:

• 40 days for general goods;
• 21 days for spirits;
• 14 days for tobacco, firearms, prohibited or restricted weapons, prohibited ammunition, prohibited devices and substances or items subject to the Atomic Energy Control Act or the Atomic Energy Control Regulations; and
• 4 days for perishables.

Once overdue imports are signalled to the CBSA, they are documented on Form E44, Customs Notice - Unclaimed Goods. Goods remain on Form E44 for 30 days, after which they are forfeited and can be disposed of. 

Cargo control documents for overdue imports were reviewed for each audited warehouse. A total of 17 warehouses had overdue imports. All were selected and matched with the goods on hand. The number of overdue imports was compared with the total number of unreleased imports sitting in each warehouse. The proportion was 15 to 1; of every 15 unreleased imports sitting in each warehouse, 1 was overdue.

Warehouse operators were not familiar with import storage time limits and nearly one third stated that they did not signal overdue unreleased imports to the CBSA. One quarter of CBSA offices stated that their operations were not able to document goods on Form E44 within five business days of being notified by the warehouse operator. More than half of the imports documented on Form E44 were over the 30-day time limit.

The inability to administratively secure overdue goods by documenting them on Form E44 and to remove them as forfeited once the E44 time limit expires can result in a loss of revenue from saleable goods and can aggravate warehouse capacity pressures.

Recommendation:

6. The Operations Branch should review the timeliness and effectiveness of the overdue import process to identify areas for improvement, including a reduction in the processing times for the destruction or removal of unreleased overdue imports from the warehouses. 

Management Action Plan	Completion Date
The Operations Branch, in consultation with other branches, will review the current processes and procedures relating to the security of overdue imports. If necessary, the Operations Branch will ensure that a communications package providing updates is distributed to the regions.	Fall 2008

5.2.3 Physical Security

A physical security inspection checklist was developed for the audit based on two CBSA publications detailing physical security guidelines applying to sufferance warehouses: Minimum Security Requirements and Guidelines for Bonded and Sufferance Warehouses and Perimeter Security – Your First Line of Defence. These guidelines were developed over the years by the CBSA. The inspection indicated that warehouse operators were compliant with three quarters of the criteria stated in the guidelines.

The audit found that all of the 37 warehouse facilities including buildings were deficient in at least one physical security criteria. The audit noted, however, that these deficiencies were mitigated because warehouse buildings were equipped with motion detection alarms, security cameras, guards or guard patrols, or they were 24/7 operations with employees always on-site.

A total of 17 warehouses stored unreleased imports outside in an exterior storage area; 16 were assessed for security and the audit found that 15 were deficient in at least 1 security criteria. As well, 4 exterior storage areas had broken down fencing or no fencing.

Interviews with warehouse operators indicated that they were not familiar with the physical security guidelines. Interviews with local CBSA offices indicated that they were not informed as to what the guidelines were. Physical security deficiencies increase the risk of unauthorized persons being able to access the storage area, and imports could be lost or stolen.

Recommendation:  

7. The Operations Branch, in conjunction with the Comptrollership Branch, should ensure that CBSA offices have and enforce the physical security guidelines that apply to sufferance warehouses.

Management Action Plan

Completion Date

The Operations Branch will collaborate with the Comptrollership Branch and others to review the current policies and procedures pertaining to physical warehouse security, as well as the responsibilities of warehouse operators for developing and maintaining procedures and ensuring their adherence to these procedures. The regions and warehouse operators will be provided with an information package clarifying their respective responsibilities. The regions will be requested to follow-up annually with all warehouse operators to ensure that their physical security procedures are available for review, and that security deficiencies are identified and addressed within a reasonable time period.

Fall 2008

5.2.4 Security Procedures

Sufferance warehouse operators are required to have procedures to maintain security in, restrict access to and prevent unauthorized persons from entering the licensed area.[  12  ] Warehouse operators were asked to provide written security procedures for perusal. The audit noted that warehouse operators were not aware of the requirement to have security procedures. More specifically:

• 10 operators stated that they had no security procedures;
• 12 operators stated that their security procedures were oral only;
• 3 operators stated that they had written security procedures but were unable to provide them for perusal; and 
• 15 operators provided written security procedures.

Observation of access control was conducted during the physical security inspection of the warehouses. Access control to warehouse buildings was adequate for all operators; either doors were locked or employees were present. Access to six exterior storage areas was not well controlled, meaning that anyone could enter the area without being observed or hindered by a closed gate or adequate fencing.  

The audit noted that failure to license exterior storage areas was related to poor access control and inadequate fencing. A total of 17 operators were using exterior storage areas, 12 were licensed by the CBSA and 5 were not. Of the 12 licensed exterior storage areas, 2 had poor access control; the gate was left open with no attending employee but the fencing was adequate. Of the 5 unlicensed exterior storage areas, 4 had no access control and the fencing was non-existent or broken down.

Operators with poor or no access control were not aware that they should control access. A lack of formal security procedures or access control increases the risk that unauthorized persons could access the storage area and imports could be lost or stolen.

Recommendation:

8. The Operations Branch should ensure that sufferance warehouse operators have security procedures to control access to their premises, including both buildings and exterior storage areas.

Management Action Plan

Completion Date

The Operations Branch, in consultation with other branches, will review current policies and procedures concerning the control of access to sufferance warehouses and the monitoring of compliance with security procedures. The regions and warehouse operators will be provided with an information package clarifying their respective responsibilities with respect to controlling access to their premises, including buildings and exterior storage areas. As well, the regions will be requested to follow-up annually with all warehouse operators to ensure that the physical security procedures are available for review and that deficiencies are identified and addressed in a reasonable time period.

Fall 2008

Appendix A - Forms and Acronyms

CBSA Forms

A8A  Cargo Control Document

tracks the release and movement of cargo from import to release

E44  Customs Notice – Unclaimed Goods

notifies the importer that unclaimed goods have exceeded storage time limits

D120   Customs Bond

financial security for CBSA-licensed activities. Kept on file by the CBSA.

K23  Invoice

a bill for an amount owing

K151   Sufferance Warehouse Report

contains the results of sufferance warehouse compliance audits

K152   Risk Rating Analysis – Customs Sufferance Warehouses

rates sufferance warehouses as high, medium or low risk

CBSA Acronyms

AMPS - Administrative Monetary Penalty System

a non-compliance penalty system

ACROSS – Accelerated Commercial Release Operations Support System

a commercial cargo, release and targeting computer system that monitors, tracks and releases cargo

RNS – Release Notification System, a subsystem of ACROSS

electronically sends release notification to brokers, importers and warehouses 

Appendix B - Lines of Enquiry and Criteria

Compliance with Authorities

• Determine if sufficient controls are in place to ensure the physical security of warehouse facilities.
• Determine if warehouse operators have procedures in place that restrict access to licensed areas to authorized personnel only.
• Determine if warehouse operators keep cargo and acquittal records secured, and if these records are available to the CBSA upon request. 
• Determine if warehouse operators maintain open and closed files as required.
• Determine if warehouse operators obtain CBSA release or acquittal before goods are removed from the warehouse.
• Determine if warehouse operators signal overdue imports to the CBSA when import storage time limits expire and if overdue imports are destroyed or removed from the warehouse when E44 time limits expire.

Monitoring

• Determine if the responsible CBSA office maintains a profile or file as required, keeps financial securities on file, traces overdue cargo (ACROSS), conducts warehouse compliance audits (Form K151) on a cyclical basis and maintains K151 forms on file.
• Determine if the results of K151 and K152 forms (risk-rating analyses) are analyzed for non-compliance trends and if corrective action is taken when applicable. 

Risk Management

• Determine if the responsible CBSA office conducts warehouse risk-rating analyses (Form K152) and if K152 forms are kept on file.