There are five key steps: (i) Obtain senior management commitment and sufficient budget; (ii) conduct a risk analysis; (iii) create policies and procedures that are proportional; (iv) disseminate and educate; and (v) monitor, test and reset.

1. Senior Management Commitment and Sufficient Budget

The two most critical elements of any compliance program is a clear statement from senior management of their commitment to compliance and adequate funding for the program. Without both, the program will likely fail.

Senior management’s must commit to compliance as an important company policy that will be enforced. That commitment should be in writing and come from the CEO, Chairman of the Board or the full Board. It should also set out the consequences of any failure to abide by the policy. The document should nominate responsible officials (by title rather than name) and provide those individuals with sufficient authority to implement the policy. Senior management’s commitment should clearly set out to whom the compliance policy applies and the consequences for non-compliance.

No declaration of a commitment to compliant behaviour for a particular policy will be effective without adequate funding and there must be a budget allocation to support the compliance program and ensure its implementation.

2. Conducting a Risk Analysis

Understanding what needs to be done to ensure compliance means understanding the applicable rules (laws, regulations, and government policies) that your company must comply with as well as the myriad ways in which the applicable rules can be broken within the company’s operational environment. Putting those elements together involves knowledge of the applicable rules as well as a good understanding of the company’s business and operational practices. So a profitable risk analysis will involve discussions between those who know the company’s operations and those who understand the rules and regulations the company must respect.

The objective is to develop a risk-matrix that provides an understanding of the potential for violations and the potential damage that specific violation might cause. That will allow the company to focus its efforts on issues that are likely to cause the most damage. The risk matrix permits the company to understand where it faces the greatest risk (i.e. retroactive assessments for improper claims of origin, under-declared value, or tariff classification errors) and to focus its compliance efforts of real risk that could cause significant damage.

3. Policies and Procedures that are Proportional

A compliance policy is a set or internal rules, policies and procedures that ensure a company’s compliance and reduces the risk of non-compliance. The form of the policy is unimportant, it can be a stand alone Compliance Manual, or a collection of Standard Operating Procedures or Best Practices. What’s important is that those affected by the policy know what they are required to do. It must be available and understandable to all employees who are bound by the policy. That may require translating the policy into languages other than English.

Compliance policies are not limited to the company’s internal operations. Often, they will include provisions that affect the company’s relationships with its suppliers, for example, by requiring suppliers to provide classification information and to guarantee the accuracy of that information.

Human nature being what it is, policies that are more burdensome than is necessary have a greater likelihood of being ignored. The most effective policies are those that are proportional to an identifiable risk, and that can be readily implemented.

4. Disseminate and Educate

Compliance policies must be effectively communicated to everyone who is affected by the policy. For example, where transfer prices are used as a basis for the declaration of customs value, a policy respecting customs declarations would affect not only the import group, but all those involved in the determination of transfer prices. Often, the tax group within a company will make retroactive adjustments to transfer prices to hit a particular profit target. If those retroactive adjustments are not communicated to the import group, all of the declarations of customs value in the prior year will be wrong. Similarly, a policy on origin certification under a free trade agreement affects those involved in procuring raw materials for production because changing the country source for a particular input can affect the eligibility of the finished product for preferential tariff treatment.

It’s not enough to simply draft a compliance policy. Ensuring compliance is an ongoing process that involves publicising both the policies themselves and the corporation’s support of such policies, as well as regular training for staff on how the policies work on a day-to-day basis. A compliance training module can be easily inserted into the regular staff training. It is also useful to provide a mechanism for employees to seek guidance from a compliance expert within the firm on specific questions that may arise.

5. Monitor, Test and Reset

Putting a compliance policy into place isn’t enough. The company should conduct regular audits to ensure that its policies are being respected and are having their intended effect. Those audits will help spot weakness and will assist the company refine its policy as it moves forward. The mechanisms and approaches vary depending on each company’s circumstances, but regular sampling of customs entry declarations will go a long way to avoid the risk of large retroactive assessments

Where necessary, the company should adjust its policies and tell its employees what it has done.

Conclusion

Sounds like heavy lifting, that’s true. But it’s true in the same way as going for an annual health check-up is heavy lifting. Consider of the alternative. The CBSA can re-assess the duties and taxes on imports for a four year retroactive period, and the amounts claimed in additional duties, taxes, interest and penalties are often staggering.

You can choose to live with the risk or do something about it. Most customs risks can be avoided by implementing a robust compliance policy. Risk management is not difficult, but it requires a commitment to think about the customs risks and implement measures that reduce those risks. Pretty simple, no?

********************

Published January 8, 2022

By Peter Kirby

Building an Effective Customs Compliance Program

Categorised as Compliance Program, Managing Risk